*** empty log message ***

author: Werner Koch <wk@gnupg.org> 1998-01-14 13:34:05 +0100
committer: Werner Koch <wk@gnupg.org> 1998-01-14 13:34:05 +0100
commit: 1ce26aa6d6daa264bffab4d09c33b9c40b4e3a91 (patch)
tree: 2feab968c9b8b7ab1f04ddd9345be369c8f8490c
parent: *** empty log message *** (diff)
download: gnupg2-1ce26aa6d6daa264bffab4d09c33b9c40b4e3a91.tar.xz
gnupg2-1ce26aa6d6daa264bffab4d09c33b9c40b4e3a91.zip
3 files changed, 127 insertions, 35 deletions
diff --git a/Makefile.in b/Makefile.in
index ff5231486..b25badfe5 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -45,8 +45,8 @@ CONFIG_HEADER_IN = config.h.in
 mkinstalldirs = $(top_srcdir)/scripts/mkinstalldirs
 CONFIG_HEADER = ./config.h
 DIST_COMMON = README AUTHORS COPYING ChangeLog INSTALL Makefile.am \
-Makefile.in NEWS README TODO acconfig.h config.h.in configure \
-configure.in stamp-h.in
+Makefile.in NEWS README TODO acconfig.h config.h.in configure.in \
+stamp-h.in
 
 
 PACKAGE = @PACKAGE@
diff --git a/doc/DETAILS b/doc/DETAILS
index 81aff2912..d5d1abe09 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -85,7 +85,7 @@ Record type 3:	(cache record)
      1 byte   value 3
      1 byte   reserved
      1 u32    Local-Id.
-     8 bytes  keyid of the primary key
+     8 bytes  keyid of the primary key (needed?)
      1 byte   cache-is-valid the following stuff is only
 	      valid if this is set.
      1 byte   reserved
@@ -107,3 +107,26 @@ Record type 3:	(cache record)
 		4 = fully trusted
 		5 = ultimately trusted (have secret key too).
 
+Record type 4  (sigrec)
+-------------
+    Used to keep track of valid key signatures. Self-signatures are not
+    stored.
+
+     1 byte   value 4
+     1 byte   reserved
+     1 u32    Local-Id of owners (pubkey record)
+     1 u32    chain: next sigrec of this owner or 0 to indicate the
+	      last sigrec.
+     6 times
+	1 u32  Local_id of signators pubkey record
+	1 byte reserved
+
+Record type 5  (next-sigrec)
+-------------
+    This is the same as record type 4 but the record type is 5 and the
+    local-id is only used to verify the internal db structure. You can
+    not search for such a record; access is done based on the chain field
+    in segrec or netx-sigrec.  This is, so that we can handle sigrecords
+    more easier - there is no need to handle multiple sigrecs when searching
+    for such a record.
+
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 1dfaaa570..092e98f61 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -37,6 +37,7 @@
 
 
 #define TRUST_RECORD_LEN 40
+#define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5)
 
 struct trust_record {
     byte rectype;
@@ -62,10 +63,11 @@ struct trust_record {
 	    byte reserved;
 	    byte fingerprint[20];
 	    byte ownertrust;
+	    /* fixme: indicate a flag to */
 	} pubkey;
 	struct {	    /* cache record */
-	    u32 local_id;
-	    u32 keyid[2];
+	    u32 owner;
+	    u32 keyid[2];	/* needed?? */
 	    byte valid;
 	    byte reserved;
 	    byte blockhash[20];
@@ -74,6 +76,14 @@ struct trust_record {
 	    byte n_fully;
 	    byte trustlevel;
 	} cache;
+	struct {
+	    u32 owner;	/* local_id of record owner (pubkey record) */
+	    u32 chain;	/* offset of next record or NULL for last one */
+	    struct {
+		u32  local_id; /* of pubkey record of signator (0=unused) */
+		byte flag;     /* reserved */
+	    } sig[SIGS_PER_RECORD];
+	} sigrec;
     } r;
 };
 typedef struct trust_record TRUSTREC;
@@ -201,7 +211,7 @@ read_record( u32 recnum, TRUSTREC *rec )
 {
     byte buf[TRUST_RECORD_LEN], *p;
     int rc = 0;
-    int n;
+    int n, i;
 
     if( db_fd == -1 )
 	open_db();
@@ -284,6 +294,15 @@ read_record( u32 recnum, TRUSTREC *rec )
 	rec->r.cache.n_fully = *p++;
 	rec->r.cache.trustlevel = *p++;
 	break;
+      case 4:
+      case 5:
+	rec->r.sigrec.owner   = buftou32(p); p += 4;
+	rec->r.sigrec.chain   = buftou32(p); p += 4;
+	for(i=0; i < SIGS_PER_RECORD; i++ ) {
+	    rec->r.sigrec.sig[i].local_id = buftou32(p); p += 4;
+	    rec->r.sigrec.sig[i].flag = *p++;
+	}
+	break;
       default:
 	log_error("%s: invalid record type %d at recnum %lu\n",
 					db_name, rec->rectype, (ulong)recnum );
@@ -303,7 +322,7 @@ write_record( u32 recnum, TRUSTREC *rec )
 {
     byte buf[TRUST_RECORD_LEN], *p;
     int rc = 0;
-    int n;
+    int i, n;
 
     if( db_fd == -1 )
 	open_db();
@@ -342,6 +361,15 @@ write_record( u32 recnum, TRUSTREC *rec )
 	*p++ = rec->r.cache.n_fully;
 	*p++ = rec->r.cache.trustlevel;
 	break;
+      case 4:
+      case 5:
+	u32tobuf(p, rec->r.sigrec.owner); p += 4;
+	u32tobuf(p, rec->r.sigrec.chain); p += 4;
+	for(i=0; i < SIGS_PER_RECORD; i++ ) {
+	    u32tobuf(p, rec->r.sigrec.sig[i].local_id); p += 4;
+	    *p++ = rec->r.sigrec.sig[i].flag;
+	}
+	break;
       default:
 	log_bug(NULL);
     }
@@ -375,11 +403,11 @@ new_local_id()
 }
 
 /****************
- * Scan the trustdb for a record of type RECTYPE which maches PKC
+ * Scan the trustdb for a record of type RECTYPE which matches PKC
  * The local_id is set to the correct value
  */
 static int
-scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
+scan_record_by_pkc( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
 {
     u32 recnum;
     u32 keyid[2];
@@ -391,7 +419,7 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
     assert( rectype == 2 || rectype == 3 );
 
     if( DBG_TRUST )
-	log_debug("trustdb: scan_record\n");
+	log_debug("trustdb: scan_record_by_pkc\n");
     keyid_from_pkc( pkc, keyid );
     fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
     assert( fingerlen == 20 || fingerlen == 16 );
@@ -421,12 +449,57 @@ scan_record( PKT_public_cert *pkc, TRUSTREC *rec, int rectype )
     }
     no_io_dbg = 0;
     if( DBG_TRUST )
-	log_debug("trustdb: scan_record: eof or error\n");
+	log_debug("trustdb: scan_record_by_pkc: %s\n", rc==-1?"eof": g10_errstr(rc));
     if( rc != -1 )
-	log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) );
+	log_error("%s: scan_record_by_pkc failed: %s\n",db_name, g10_errstr(rc) );
     return rc;
 }
 
+/****************
+ * scan the DB for a record of type RECTYPE which can be localized
+ * with LOCAL_ID
+ */
+static int
+scan_record( u32 local_id, TRUSTREC *rec, int rectype, u32 *r_recnum )
+{
+    u32 recnum;
+    u32 keyid[2];
+    int dbg = DBG_TRUST;
+    int rc;
+
+    assert( rectype == 3 || rectype == 4 );
+
+    if( DBG_TRUST )
+	log_debug("trustdb: scan_record type %d local_id %lu\n",
+						rectype, (ulong)local_id);
+    no_io_dbg = 1;
+    for(recnum=1; !(rc=read_record( recnum, rec)); recnum++ ) {
+	if( rec->rectype != rectype )
+	    continue;
+	if( rec->rectype == 34 ) {
+	    if( rec->r.cache.owner == local_id ) { /* found */
+		*r_recnum = recnum;
+		no_io_dbg = 0;
+		return 0;
+	    }
+	}
+	else if( rec->rectype == 4 ) {
+	    if( rec->r.sigrec.owner == local_id ) { /* found */
+		*r_recnum = recnum;
+		no_io_dbg = 0;
+		return 0;
+	    }
+	}
+	else
+	    log_bug("not yet implemented\n");
+    }
+    no_io_dbg = 0;
+    if( DBG_TRUST )
+	log_debug("trustdb: scan_record: %s\n", rc==-1?"eof": g10_errstr(rc));
+    if( rc != -1 )
+	log_error("%s: scan_record failed: %s\n",db_name, g10_errstr(rc) );
+    return rc;
+}
 
 
 
@@ -537,6 +610,18 @@ check_sigs( KBNODE keyblock )
 
 
 /****************
+ * If we do not have sigrecs for the given key, build them and write them
+ * to the trustdb
+ */
+static int
+build_sigrecs( KBNODE keyblock )
+{
+}
+
+
+
+
+/****************
  * Recursive check the signatures.
  */
 static int
@@ -564,19 +649,12 @@ walk( KBNODE keyblock, int levels )
 
 /****************
  *
- *
- *
- *
- *
- *
- *
- *
- *
- *
  */
 static int
 check_trust()
 {
+    /* check the ca
+
 }
 
 
@@ -637,7 +715,7 @@ check_trustdb( int level )
  *	found:
  *	    Do we have a valid cache record for it?
  *		yes: return trustlevel from cache
- *		no:  make a cache record
+ *		no:  make a cache record and all the other stuff
  *	not found:
  *	    Return with a trustlevel, saying that we do not have
  *	    a trust record for it. The caller may use insert_trust_record()
@@ -666,8 +744,8 @@ check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
 	}
     }
     else { /* no local_id: scan the trustdb */
-	if( (rc=scan_record( pkc, &rec, 2 )) && rc != -1 ) {
-	    log_error("check_pkc_trust: scan_record(2) failed: %s\n",
+	if( (rc=scan_record_by_pkc( pkc, &rec, 2 )) && rc != -1 ) {
+	    log_error("check_pkc_trust: scan_record_by_pkc(2) failed: %s\n",
 							    g10_errstr(rc));
 	    return G10ERR_TRUSTDB;
 	}
@@ -679,6 +757,8 @@ check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
     }
     /* fixme: do some additional checks on the pubkey record */
 
+    /* see wether we have a cache record */
+
 
   leave:
     if( opt.verbose )
@@ -751,23 +831,12 @@ update_trust_record( PKT_public_cert *pkc, int new_trust )
     }
     /* check keyid, fingerprint etc ? */
 
-    recnum = new_local_id();
-    /* build record */
-    memset( &rec, 0, sizeof rec );
-    rec.rectype = 2; /* the pubkey record */
-    rec.r.pubkey.local_id = recnum;
-    rec.r.pubkey.keyid[0] = keyid[0];
-    rec.r.pubkey.keyid[1] = keyid[1];
-    rec.r.pubkey.algo = pkc->pubkey_algo;
-    memcpy(rec.r.pubkey.fingerprint, fingerprint, fingerlen );
     rec.r.pubkey.ownertrust = 0;
     if( write_record( recnum, &rec ) ) {
 	log_error("insert_trust_record: write failed\n");
 	return G10ERR_TRUSTDB;
     }
 
-    pkc->local_id = recnum;
-
     return 0;
 }
author	Werner Koch <wk@gnupg.org>	1998-01-14 13:34:05 +0100
committer	Werner Koch <wk@gnupg.org>	1998-01-14 13:34:05 +0100
commit	1ce26aa6d6daa264bffab4d09c33b9c40b4e3a91 (patch)
tree	2feab968c9b8b7ab1f04ddd9345be369c8f8490c
parent	* empty log message * (diff)
download	gnupg2-1ce26aa6d6daa264bffab4d09c33b9c40b4e3a91.tar.xz gnupg2-1ce26aa6d6daa264bffab4d09c33b9c40b4e3a91.zip