diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-04-26 16:03:46 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-05-04 09:56:12 +0200 |
commit | 7b2b3a13cc2d9b043f37b2e7ba0f147c08de8fad (patch) | |
tree | d8d1d51c1b71b81089ae3233738c3ab35592e44e | |
parent | 4459c7859c286ab54fa3a9901c8a17591b04c516 (diff) | |
download | guix-7b2b3a13cc2d9b043f37b2e7ba0f147c08de8fad.tar.gz |
openpgp: Store the issuer key id and fingerprint in <openpgp-signature>.
* guix/openpgp.scm (<openpgp-signature>)[issuer, issuer-fingerprint]: New fields. (openpgp-signature-issuer, openpgp-signature-issuer-fingerprint): Remove. (verify-openpgp-signature): Use 'openpgp-signature-issuer-key-id'. (get-signature): Initialize 'issuer' and 'issuer-fingerprint'. * tests/openpgp.scm ("get-openpgp-detached-signature/ascii"): Adjust accordingly.
-rw-r--r-- | guix/openpgp.scm | 28 | ||||
-rw-r--r-- | tests/openpgp.scm | 2 |
2 files changed, 11 insertions, 19 deletions
diff --git a/guix/openpgp.scm b/guix/openpgp.scm index 77a75373df..3b11998c11 100644 --- a/guix/openpgp.scm +++ b/guix/openpgp.scm @@ -32,7 +32,7 @@ port-ascii-armored? openpgp-signature? - openpgp-signature-issuer + openpgp-signature-issuer-key-id openpgp-signature-issuer-fingerprint openpgp-signature-public-key-algorithm openpgp-signature-hash-algorithm @@ -469,7 +469,7 @@ hexadecimal format for fingerprints." (define-record-type <openpgp-signature> (make-openpgp-signature version type pk-algorithm hash-algorithm hashl16 append-data hashed-subpackets unhashed-subpackets - value) + value issuer issuer-fingerprint) openpgp-signature? (version openpgp-signature-version) (type openpgp-signature-type) @@ -479,19 +479,9 @@ hexadecimal format for fingerprints." (append-data openpgp-signature-append-data) ;append to data when hashing (hashed-subpackets openpgp-signature-hashed-subpackets) (unhashed-subpackets openpgp-signature-unhashed-subpackets) - (value openpgp-signature-value)) - -(define (openpgp-signature-issuer sig) - (cond ((assq 'issuer (openpgp-signature-unhashed-subpackets sig)) => cdr) - ;; XXX: is the issuer always in the unhashed subpackets? - (else #f))) - -(define (openpgp-signature-issuer-fingerprint sig) - "When it's available, return the fingerprint, a bytevector, or the issuer of -SIG. Otherwise, return #f." - (or (assoc-ref (openpgp-signature-hashed-subpackets sig) 'issuer-fingerprint) - (assoc-ref (openpgp-signature-unhashed-subpackets sig) - 'issuer-fingerprint))) + (value openpgp-signature-value) + (issuer openpgp-signature-issuer-key-id) ;integer | #f + (issuer-fingerprint openpgp-signature-issuer-fingerprint)) ;bytevector | #f (define (openpgp-signature-creation-time sig) (cond ((assq 'signature-ctime (openpgp-signature-hashed-subpackets sig)) @@ -573,7 +563,7 @@ the issuer's OpenPGP public key extracted from KEYRING." ;; TODO: Support SIGNATURE-TEXT. (if (= (openpgp-signature-type sig) SIGNATURE-BINARY) - (let* ((issuer (openpgp-signature-issuer sig)) + (let* ((issuer (openpgp-signature-issuer-key-id sig)) (key-data (lookup-key-by-id keyring issuer))) ;; Find the primary key or subkey that made the signature. (let ((key (find (lambda (k) @@ -651,7 +641,8 @@ FINGERPRINT, a bytevector." (list (cons 'signature-ctime ctime)) ;; Unhashed subpackets (list (cons 'issuer keyid)) - value)))) + value + keyid #f)))) ((4) (let*-values (((type pkalg halg) (get-integers p u8 u8 u8)) ((hashed-subpackets) @@ -697,7 +688,8 @@ FINGERPRINT, a bytevector." append-data hashed-subpackets unhashed-subpackets - value))))) + value + issuer-key-id issuer))))) (else (print "Unsupported signature version: " version) 'unsupported-signature-version)))) diff --git a/tests/openpgp.scm b/tests/openpgp.scm index 20d65171fd..1709167859 100644 --- a/tests/openpgp.scm +++ b/tests/openpgp.scm @@ -179,7 +179,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0= (map (lambda (str) (let ((signature (get-openpgp-detached-signature/ascii (open-input-string str)))) - (list (openpgp-signature-issuer signature) + (list (openpgp-signature-issuer-key-id signature) (openpgp-signature-issuer-fingerprint signature) (openpgp-signature-public-key-algorithm signature) (openpgp-signature-hash-algorithm signature)))) |