summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-04-26 16:03:46 +0200
committerLudovic Courtès <ludo@gnu.org>2020-05-04 09:56:12 +0200
commit7b2b3a13cc2d9b043f37b2e7ba0f147c08de8fad (patch)
treed8d1d51c1b71b81089ae3233738c3ab35592e44e
parent4459c7859c286ab54fa3a9901c8a17591b04c516 (diff)
downloadguix-7b2b3a13cc2d9b043f37b2e7ba0f147c08de8fad.tar.gz
openpgp: Store the issuer key id and fingerprint in <openpgp-signature>.
* guix/openpgp.scm (<openpgp-signature>)[issuer, issuer-fingerprint]:
New fields.
(openpgp-signature-issuer, openpgp-signature-issuer-fingerprint): Remove.
(verify-openpgp-signature): Use 'openpgp-signature-issuer-key-id'.
(get-signature): Initialize 'issuer' and 'issuer-fingerprint'.
* tests/openpgp.scm ("get-openpgp-detached-signature/ascii"): Adjust
accordingly.
-rw-r--r--guix/openpgp.scm28
-rw-r--r--tests/openpgp.scm2
2 files changed, 11 insertions, 19 deletions
diff --git a/guix/openpgp.scm b/guix/openpgp.scm
index 77a75373df..3b11998c11 100644
--- a/guix/openpgp.scm
+++ b/guix/openpgp.scm
@@ -32,7 +32,7 @@
             port-ascii-armored?
 
             openpgp-signature?
-            openpgp-signature-issuer
+            openpgp-signature-issuer-key-id
             openpgp-signature-issuer-fingerprint
             openpgp-signature-public-key-algorithm
             openpgp-signature-hash-algorithm
@@ -469,7 +469,7 @@ hexadecimal format for fingerprints."
 (define-record-type <openpgp-signature>
   (make-openpgp-signature version type pk-algorithm hash-algorithm hashl16
                           append-data hashed-subpackets unhashed-subpackets
-                          value)
+                          value issuer issuer-fingerprint)
   openpgp-signature?
   (version               openpgp-signature-version)
   (type                  openpgp-signature-type)
@@ -479,19 +479,9 @@ hexadecimal format for fingerprints."
   (append-data           openpgp-signature-append-data) ;append to data when hashing
   (hashed-subpackets     openpgp-signature-hashed-subpackets)
   (unhashed-subpackets   openpgp-signature-unhashed-subpackets)
-  (value                 openpgp-signature-value))
-
-(define (openpgp-signature-issuer sig)
-  (cond ((assq 'issuer (openpgp-signature-unhashed-subpackets sig)) => cdr)
-        ;; XXX: is the issuer always in the unhashed subpackets?
-        (else #f)))
-
-(define (openpgp-signature-issuer-fingerprint sig)
-  "When it's available, return the fingerprint, a bytevector, or the issuer of
-SIG.  Otherwise, return #f."
-  (or (assoc-ref (openpgp-signature-hashed-subpackets sig) 'issuer-fingerprint)
-      (assoc-ref (openpgp-signature-unhashed-subpackets sig)
-                 'issuer-fingerprint)))
+  (value                 openpgp-signature-value)
+  (issuer                openpgp-signature-issuer-key-id)       ;integer | #f
+  (issuer-fingerprint    openpgp-signature-issuer-fingerprint)) ;bytevector | #f
 
 (define (openpgp-signature-creation-time sig)
   (cond ((assq 'signature-ctime (openpgp-signature-hashed-subpackets sig))
@@ -573,7 +563,7 @@ the issuer's OpenPGP public key extracted from KEYRING."
 
   ;; TODO: Support SIGNATURE-TEXT.
   (if (= (openpgp-signature-type sig) SIGNATURE-BINARY)
-      (let* ((issuer   (openpgp-signature-issuer sig))
+      (let* ((issuer   (openpgp-signature-issuer-key-id sig))
              (key-data (lookup-key-by-id keyring issuer)))
         ;; Find the primary key or subkey that made the signature.
         (let ((key (find (lambda (k)
@@ -651,7 +641,8 @@ FINGERPRINT, a bytevector."
                                    (list (cons 'signature-ctime ctime))
                                    ;; Unhashed subpackets
                                    (list (cons 'issuer keyid))
-                                   value))))
+                                   value
+                                   keyid #f))))
       ((4)
        (let*-values (((type pkalg halg) (get-integers p u8 u8 u8))
                      ((hashed-subpackets)
@@ -697,7 +688,8 @@ FINGERPRINT, a bytevector."
                                      append-data
                                      hashed-subpackets
                                      unhashed-subpackets
-                                     value)))))
+                                     value
+                                     issuer-key-id issuer)))))
       (else
        (print "Unsupported signature version: " version)
        'unsupported-signature-version))))
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index 20d65171fd..1709167859 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -179,7 +179,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
   (map (lambda (str)
          (let ((signature (get-openpgp-detached-signature/ascii
                            (open-input-string str))))
-           (list (openpgp-signature-issuer signature)
+           (list (openpgp-signature-issuer-key-id signature)
                  (openpgp-signature-issuer-fingerprint signature)
                  (openpgp-signature-public-key-algorithm signature)
                  (openpgp-signature-hash-algorithm signature))))