1361
1403
chk_self_sigs( const char *fname, KBNODE keyblock,
1362
1404
PKT_public_key *pk, u32 *keyid, int *non_self )
1364
KBNODE n,knode=NULL;
1367
u32 bsdate=0,rsdate=0;
1368
KBNODE bsnode=NULL,rsnode=NULL;
1373
for( n=keyblock; (n = find_next_kbnode(n, 0)); ) {
1374
if(n->pkt->pkttype==PKT_PUBLIC_SUBKEY)
1406
KBNODE n, knode = NULL;
1409
u32 bsdate=0,rsdate=0;
1410
KBNODE bsnode = NULL, rsnode = NULL;
1415
for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1417
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1383
else if( n->pkt->pkttype != PKT_SIGNATURE )
1385
sig = n->pkt->pkt.signature;
1386
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
1388
/* This just caches the sigs for later use. That way we
1389
import a fully-cached key which speeds things up. */
1390
if(!opt.no_sig_cache)
1391
check_key_signature(keyblock,n,NULL);
1393
if( IS_UID_SIG(sig) || IS_UID_REV(sig) )
1395
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
1398
log_error( _("key %s: no user ID for signature\n"),
1400
return -1; /* the complete keyblock is invalid */
1403
/* If it hasn't been marked valid yet, keep trying */
1404
if(!(unode->flag&1)) {
1405
rc = check_key_signature( keyblock, n, NULL);
1410
char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
1411
strlen(unode->pkt->pkt.user_id->name),0);
1412
log_info( rc == G10ERR_PUBKEY_ALGO ?
1413
_("key %s: unsupported public key "
1414
"algorithm on user ID \"%s\"\n"):
1415
_("key %s: invalid self-signature "
1416
"on user ID \"%s\"\n"),
1422
unode->flag |= 1; /* mark that signature checked */
1425
else if( sig->sig_class == 0x18 ) {
1426
/* Note that this works based solely on the timestamps
1427
like the rest of gpg. If the standard gets
1428
revocation targets, this may need to be revised. */
1433
log_info( _("key %s: no subkey for key binding\n"),
1435
n->flag |= 4; /* delete this */
1439
rc = check_key_signature( keyblock, n, NULL);
1443
log_info(rc == G10ERR_PUBKEY_ALGO ?
1444
_("key %s: unsupported public key"
1446
_("key %s: invalid subkey binding\n"),
1452
/* It's valid, so is it newer? */
1453
if(sig->timestamp>=bsdate) {
1454
knode->flag |= 1; /* the subkey is valid */
1457
bsnode->flag|=4; /* Delete the last binding
1458
sig since this one is
1461
log_info(_("key %s: removed multiple subkey"
1462
" binding\n"),keystr(keyid));
1466
bsdate=sig->timestamp;
1469
n->flag|=4; /* older */
1473
else if( sig->sig_class == 0x28 ) {
1474
/* We don't actually mark the subkey as revoked right
1475
now, so just check that the revocation sig is the
1476
most recent valid one. Note that we don't care if
1477
the binding sig is newer than the revocation sig.
1478
See the comment in getkey.c:merge_selfsigs_subkey for
1483
log_info( _("key %s: no subkey for key revocation\n"),
1485
n->flag |= 4; /* delete this */
1489
rc = check_key_signature( keyblock, n, NULL);
1493
log_info(rc == G10ERR_PUBKEY_ALGO ?
1494
_("key %s: unsupported public"
1495
" key algorithm\n"):
1496
_("key %s: invalid subkey revocation\n"),
1502
/* It's valid, so is it newer? */
1503
if(sig->timestamp>=rsdate)
1507
rsnode->flag|=4; /* Delete the last revocation
1508
sig since this one is
1511
log_info(_("key %s: removed multiple subkey"
1512
" revocation\n"),keystr(keyid));
1516
rsdate=sig->timestamp;
1519
n->flag|=4; /* older */
1427
if ( n->pkt->pkttype != PKT_SIGNATURE )
1430
sig = n->pkt->pkt.signature;
1431
if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
1437
/* This just caches the sigs for later use. That way we
1438
import a fully-cached key which speeds things up. */
1439
if (!opt.no_sig_cache)
1440
check_key_signature (keyblock, n, NULL);
1442
if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
1444
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
1447
log_error( _("key %s: no user ID for signature\n"),
1449
return -1; /* The complete keyblock is invalid. */
1452
/* If it hasn't been marked valid yet, keep trying. */
1453
if (!(unode->flag&1))
1455
rc = check_key_signature (keyblock, n, NULL);
1460
char *p = utf8_to_native
1461
(unode->pkt->pkt.user_id->name,
1462
strlen (unode->pkt->pkt.user_id->name),0);
1463
log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?
1464
_("key %s: unsupported public key "
1465
"algorithm on user ID \"%s\"\n"):
1466
_("key %s: invalid self-signature "
1467
"on user ID \"%s\"\n"),
1473
unode->flag |= 1; /* Mark that signature checked. */
1476
else if (IS_KEY_SIG (sig))
1478
rc = check_key_signature (keyblock, n, NULL);
1482
log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?
1483
_("key %s: unsupported public key algorithm\n"):
1484
_("key %s: invalid direct key signature\n"),
1489
else if ( IS_SUBKEY_SIG (sig) )
1491
/* Note that this works based solely on the timestamps like
1492
the rest of gpg. If the standard gets revocation
1493
targets, this may need to be revised. */
1498
log_info (_("key %s: no subkey for key binding\n"),
1500
n->flag |= 4; /* delete this */
1504
rc = check_key_signature (keyblock, n, NULL);
1508
log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?
1509
_("key %s: unsupported public key"
1511
_("key %s: invalid subkey binding\n"),
1517
/* It's valid, so is it newer? */
1518
if (sig->timestamp >= bsdate)
1520
knode->flag |= 1; /* The subkey is valid. */
1523
/* Delete the last binding sig since this
1527
log_info (_("key %s: removed multiple subkey"
1528
" binding\n"),keystr(keyid));
1532
bsdate = sig->timestamp;
1535
n->flag |= 4; /* older */
1539
else if ( IS_SUBKEY_REV (sig) )
1541
/* We don't actually mark the subkey as revoked right now,
1542
so just check that the revocation sig is the most recent
1543
valid one. Note that we don't care if the binding sig is
1544
newer than the revocation sig. See the comment in
1545
getkey.c:merge_selfsigs_subkey for more. */
1549
log_info (_("key %s: no subkey for key revocation\n"),
1551
n->flag |= 4; /* delete this */
1555
rc = check_key_signature (keyblock, n, NULL);
1559
log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?
1560
_("key %s: unsupported public"
1561
" key algorithm\n"):
1562
_("key %s: invalid subkey revocation\n"),
1568
/* It's valid, so is it newer? */
1569
if (sig->timestamp >= rsdate)
1573
/* Delete the last revocation sig since
1574
this one is newer. */
1577
log_info (_("key %s: removed multiple subkey"
1578
" revocation\n"),keystr(keyid));
1582
rsdate = sig->timestamp;
1585
n->flag |= 4; /* older */
1531
1594
/****************