📄 pgprngpub.c
字号:
pgpAssert(0);
return 0;
#else
union RingObject *key;
pgpAssert(OBJISNAME(name));
pgpAssert(pgpIsRingSetMember(set, name));
(void)set;
key = name->g.up;
pgpAssert (OBJISTOPKEY(key));
/*
* Force returned value if key is revoked or axiomatic.
* Allow expired keys to stay valid, so users can know what their status
* was before they expired.
*/
if (key->k.trust & PGP_KEYTRUSTF_REVOKED)
return 0;
if (key->k.trust & PGP_KEYTRUSTF_BUCKSTOP)
return PGP_TRUST_INFINITE;
if (!(name->g.flags & (RINGOBJF_TRUST)))
ringMntValidateName (set, name);
return ringTrustToIntern (name->n.validity);
#endif
}
PGPUInt16
ringNameConfidence(RingSet const *set, union RingObject *name)
{
#if PGPTRUSTMODEL==0
(void)set;
(void)name;
pgpAssert(0);
return 0;
#else
pgpAssert(OBJISNAME(name));
pgpAssert(pgpIsRingSetMember(set, name));
(void)set;
return ringTrustToIntern (name->n.confidence);
#endif
}
int
ringNameConfidenceUndefined(RingSet const *set, union RingObject *name)
{
#if PGPTRUSTMODEL==0
(void)set;
(void)name;
pgpAssert(0);
return 0;
#else
pgpAssert(OBJISNAME(name));
pgpAssert(pgpIsRingSetMember(set, name));
(void)set;
return (name->n.confidence == PGP_NEWTRUST_UNDEFINED);
#endif
}
void
ringNameSetConfidence(RingSet const *set, union RingObject *name,
PGPUInt16 confidence)
{
#if PGPTRUSTMODEL==0
(void)set;
(void)name;
(void)confidence;
pgpAssert(0);
#else
pgpAssert(OBJISNAME(name));
pgpAssert(pgpIsRingSetMember(set, name));
confidence = (PGPUInt16) ringTrustToExtern (confidence);
if (name->n.confidence != confidence) {
name->n.confidence = (PGPByte) confidence;
name->g.flags |= RINGOBJF_TRUSTCHANGED;
ringPoolMarkTrustChanged (set->pool, &name->g.mask);
}
name->g.flags |= RINGOBJF_TRUST;
#endif
}
int
ringSigError(RingSet const *set, union RingObject *sig)
{
PGPByte const *p;
PGPSize len;
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
if (!(sig->g.flags & SIGF_ERROR))
return 0;
p = (PGPByte const *)ringFetchObject(set, sig, &len);
if (!p)
return ringSetError(set)->error;
return ringSigParse(p, len, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
}
union RingObject *
ringSigMaker(RingSet const *sset, union RingObject *sig,
RingSet const *kset)
{
(void)sset; /* Avoid warning */
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(sset, sig));
sig = sig->s.by;
pgpAssert(OBJISKEY(sig)); /* "sig" is now a key! */
if (!pgpIsRingSetMember(kset, sig))
return NULL;
ringObjectHold(sig);
return sig;
}
void
ringSigID8(RingSet const *set, union RingObject const *sig,
PGPByte *pkalg, PGPKeyID *keyID)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
sig = sig->s.by;
pgpAssert(OBJISKEY(sig));
if (pkalg) {
*pkalg = sig->k.pkalg;
if ((*pkalg | 1) == 3)
*pkalg = 1; /* ViaCrypt */
}
if ( keyID )
{
pgpNewKeyIDFromRawData( sig->k.keyID, 8, keyID );
}
}
PGPByte
ringSigTrust(RingSet const *set, union RingObject *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
if (ringSigError (set, sig))
return PGP_SIGTRUST_INVALID;
if (sig->s.by == NULL)
return PGP_SIGTRUST_NOKEY;
if (!(sig->s.trust & PGP_SIGTRUSTF_TRIED))
return PGP_SIGTRUST_UNTRIED;
if (!(sig->s.trust & PGP_SIGTRUSTF_CHECKED))
return PGP_SIGTRUST_BAD;
if (!(sig->g.flags & (RINGOBJF_TRUST))) {
ringMntValidateKey (set, sig->s.by);
return sig->s.by->k.trust & kPGPKeyTrust_Mask;
}
else
return sig->s.trust & kPGPKeyTrust_Mask;
}
int
ringSigChecked(RingSet const *set, union RingObject const *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
return sig->s.trust & PGP_SIGTRUSTF_CHECKED;
}
int
ringSigTried(RingSet const *set, union RingObject const *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
return sig->s.trust & PGP_SIGTRUSTF_TRIED;
}
int
ringSigExportable(RingSet const *set, union RingObject const *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
return SIGISEXPORTABLE(&sig->s);
}
PGPByte
ringSigTrustLevel(RingSet const *set, union RingObject const *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
return sig->s.trustLevel;
}
PGPByte
ringSigTrustValue(RingSet const *set, union RingObject const *sig)
{
PGPByte trustValue;
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
trustValue = sig->s.trustValue;
#if PGPTRUSTMODEL==0
trustValue = ringTrustExternToOld(set->pool, trustValue);
#endif
return sig->s.trustValue;
}
/* Call ringSigTrust to get sig status, then call this function if
sig is good and the confidence is required. */
PGPUInt16
ringSigConfidence(RingSet const *set, union RingObject *sig)
{
#if PGPTRUSTMODEL==0
(void)set;
(void)sig;
pgpAssert(0);
return 0;
#else
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
if (sig->s.by != NULL) {
if (pgpIsRingSetMember(set, sig->s.by)) {
if (sig->s.by->k.trust & PGP_KEYTRUSTF_REVOKED)
return 0;
else
return ringKeyCalcTrust (set, sig->s.by);
}
else
return 0;
}
else
return 0;
#endif
}
int
ringSigType(RingSet const *set, union RingObject const *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
return sig->s.type;
}
PGPUInt32
ringSigTimestamp(RingSet const *set, union RingObject const *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
return sig->s.tstamp;
}
PGPUInt32
ringSigExpiration(RingSet const *set, union RingObject const *sig)
{
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
(void)set;
if (sig->s.tstamp == 0 || sig->s.sigvalidity == 0)
return 0; /* valid indefinitely */
else
return sig->s.tstamp + sig->s.sigvalidity;
}
/*
* True if sig is a self-sig.
*/
PGPBoolean
ringSigIsSelfSig(RingSet const *set, RingObject const *sig)
{
RingObject const *parent;
(void)set;
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
/* Find top-level key */
parent = sig;
while (!OBJISTOPKEY(parent))
parent = parent->g.up;
/* No good if not signed by top-level key (selfsig) */
if (sig->s.by != parent)
return FALSE;
/* All OK */
return TRUE;
}
/*
* True if sig is an X509 sig.
*/
PGPBoolean
ringSigIsX509(RingSet const *set, RingObject const *sig)
{
(void)set;
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
return SIGISX509(&sig->s) != 0;
}
PGPByte *
ringSigX509Certificate(RingSet const *set, RingObject *sig, PGPSize *len)
{
PGPByte *ptr;
pgpAssert(OBJISSIG(sig));
pgpAssert(pgpIsRingSetMember(set, sig));
pgpAssert(IsntNull(len));
*len = 0;
if (!SIGISX509 (&sig->s))
return NULL;
ptr = (PGPByte *)ringFetchObject(set, sig, len);
if (IsNull( ptr ) )
return NULL;
ptr = (PGPByte *)ringSigFindNAISubSubpacket(ptr, SIGSUBSUB_X509, 0, len,
NULL, NULL, NULL, NULL);
if( IsntNull( ptr ) ) {
/* Skip type, version bytes */
pgpAssert (ptr[0] == SIGSUBSUB_X509);
ptr += 3;
*len -= 3;
}
return ptr;
}
int
ringCRLChecked(RingSet const *set, union RingObject const *crl)
{
pgpAssert(OBJISCRL(crl));
pgpAssert(pgpIsRingSetMember(set, crl));
(void)set;
return crl->r.trust & PGP_SIGTRUSTF_CHECKED;
}
int
ringCRLTried(RingSet const *set, union RingObject const *crl)
{
pgpAssert(OBJISCRL(crl));
pgpAssert(pgpIsRingSetMember(set, crl));
(void)set;
return crl->r.trust & PGP_SIGTRUSTF_TRIED;
}
PGPUInt32
ringCRLCreation(RingSet const *set, union RingObject const *crl)
{
pgpAssert(OBJISCRL(crl));
pgpAssert(pgpIsRingSetMember(set, crl));
(void)set;
return crl->r.tstamp;
}
PGPUInt32
ringCRLExpiration(RingSet const *set, union RingObject const *crl)
{
pgpAssert(OBJISCRL(crl));
pgpAssert(pgpIsRingSetMember(set, crl));
(void)set;
return crl->r.tstampnext;
}
/* True if the key has a CRL */
PGPBoolean
ringKeyHasCRL(RingSet const *set, RingObject *key)
{
RingIterator *iter;
union RingObject *obj;
PGPInt32 level;
if (!set)
return FALSE;
iter = ringIterCreate(set);
if (!iter)
return FALSE; /* How to distinguish from no luck? */
ringIterSeekTo (iter, key);
level = ringIterCurrentLevel(iter);
while (ringIterNextObject(iter, level+1) > 0) {
obj = ringIterCurrentObject(iter, level+1);
pgpAssert(obj);
if (!OBJISCRL(obj))
continue;
/* Don't count unverifiable CRLs */
if (!ringCRLChecked(set, obj))
continue;
ringIterDestroy(iter);
return TRUE;
}
ringIterDestroy(iter);
return FALSE;
}
/* Return nth CRL of key, along with a count of all CRLs if requested.
* Doesn't count superceded CRLs.
* Call this the first time with n=0 and &crlcount, and later times with
* crlcount holding NULL.
*/
RingObject *
ringKeyNthCRL(RingSet const *set, RingObject *key, PGPUInt32 n,
PGPUInt32 *crlcount)
{
RingIterator *iter;
RingObject *obj;
RingObject *nthcrl = NULL;
PGPUInt32 count = 0;
PGPInt32 level;
if( IsntNull( crlcount ) )
*crlcount = 0;
if (!set)
return NULL;
iter = ringIterCreate(set);
if (!iter)
return NULL; /* How to distinguish from no luck? */
ringIterSeekTo (iter, key);
level = ringIterCurrentLevel(iter);
while (ringIterNextObject(iter, level+1) > 0) {
obj = ringIterCurrentObject(iter, level+1);
pgpAssert(obj);
if (!OBJISCRL(obj))
continue;
if (!ringCRLChecked(set, obj))
continue;
if (!ringCRLIsCurrent(set, obj, 0))
continue;
if (count++ == n) {
nthcrl = obj;
if (IsNull( crlcount ))
break;
}
}
ringIterDestroy(iter);
if( IsntNull( crlcount ) )
*crlcount = count;
return nthcrl;
}
/*
* Find the earliest non-replaced CRL issued by a key.
* If expiration is true, use expiration dates, else creation dates.
*/
union RingObject *
ringKeyEarliestCRL(RingSet const *set, RingObject *key, PGPBoolean expiration)
{
RingObject *crl;
RingObject *bestcrl = NULL;
PGPUInt32 crltime;
PGPUInt32 besttime = (PGPUInt32)-1L;
PGPUInt32 n = 0;
PGPUInt32 crlcount = 0;
do {
crl = ringKeyNthCRL(set, key, n, (n?NULL:&crlcount));
if( IsNull( crl ) )
break;
if( expiration )
crltime = ringCRLExpiration( set, crl );
else
crltime = ringCRLCreation( set, crl );
if (crltime < besttime) {
besttime = crltime;
bestcrl = crl;
}
} while (n++ < crlcount);
return bestcrl;
}
/*
* See whether there is a more recent CRL for this key with the same
* dist. point.
* If tstamp is nonzero, also checks for expiration of CRL.
*/
PGPBoolean
ringCRLIsCurrent (RingSet const *set, RingObject *crl, PGPUInt32 tstamp)
{
RingIterator *iter;
union RingObject *obj;
PGPUInt32 crlcreation, crlexpiration;
PGPUInt32 objcreation;
PGPInt32 level;
PGPByte const *tmpdpoint;
PGPByte *dpoint = NULL;
PGPByte const *dpoint2;
PGPSize dpointlen;
PGPSize dpoint2len;
PGPContextRef context;
pgpAssert (IsntNull(set));
pgpAssert (OBJISCRL(crl));
pgpAssert (pgpIsRingSetMember(set, crl));
context = ringPoolContext( ringSetPool(set) );
crlcreation = ringCRLCreation(set, crl);
crlexpiration = ringCRLExpiration(set, crl);
if (tstamp != 0) {
if (crlexpiration < tstamp)
return FALSE;
}
iter = ringIterCreate(set);
if (!iter)
return TRUE; /* How to distinguish from no luck? */
if( CRLHASDPOINT( &crl->r ) ) {
/* Read dpoint data structure */
tmpdpoint = ringCRLDistributionPoint( set, crl, &dpointlen );
dpoint = pgpContextMemAlloc( context, dpointlen, 0 );
pgpCopyMemory( tmpdpoint, dpoint, dpointlen );
if( IsNull( dpoint ) ) {
ringIterDestroy( iter );
return TRUE;
}
}
/* Find key above CRL */
ringIterSeekTo (iter, crl);
level = ringIterCurrentLevel(iter);
pgpAssert (level > 1);
obj = ringIterCurrentObject(iter, level-1);
pgpAssert (OBJISKEY(obj));
while (ringIterNextObject(iter, level) > 0) {
obj = ringIterCurrentObject(iter, level);
pgpAssert(obj);
if (obj == crl)
continue;
if (!OBJISCRL(obj))
continue;
if (!ringCRLChecked(set, obj))
continue;
if (CRLHASDPOINT(&obj->r) != CRLHASDPOINT(&crl->r))
continu⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -