[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
06/12: openpgp: 'verify-openpgp-signature' looks up by fingerprint when
|
From: |
guix-commits |
|
Subject: |
06/12: openpgp: 'verify-openpgp-signature' looks up by fingerprint when possible. |
|
Date: |
Fri, 1 May 2020 12:46:17 -0400 (EDT) |
civodul pushed a commit to branch wip-openpgp
in repository guix.
commit 9b88e076e53a924a1af9403ab6896278dbbd14a4
Author: Ludovic Courtès <address@hidden>
AuthorDate: Sun Apr 26 23:27:36 2020 +0200
openpgp: 'verify-openpgp-signature' looks up by fingerprint when possible.
* guix/openpgp.scm (verify-openpgp-signature): Use
'lookup-key-by-fingerprint' when SIG contains a fingerprint.
Honor FINGERPRINT in the 'find' predicate. Upon missing-key, return
FINGERPRINT if available.
* tests/openpgp.scm ("verify-openpgp-signature, missing key"): Adjust
expected value accordingly.
---
guix/openpgp.scm | 15 +++++++++++----
tests/openpgp.scm | 2 +-
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/guix/openpgp.scm b/guix/openpgp.scm
index e4fa2da..c2d8e4c 100644
--- a/guix/openpgp.scm
+++ b/guix/openpgp.scm
@@ -574,18 +574,25 @@ the issuer's OpenPGP public key extracted from KEYRING."
;; TODO: Support SIGNATURE-TEXT.
(if (= (openpgp-signature-type sig) SIGNATURE-BINARY)
- (let* ((issuer (openpgp-signature-issuer-key-id sig))
- (key-data (lookup-key-by-id keyring issuer)))
+ (let* ((id (openpgp-signature-issuer-key-id sig))
+ (fingerprint (openpgp-signature-issuer-fingerprint sig))
+ (key-data (if fingerprint
+ (lookup-key-by-fingerprint keyring fingerprint)
+ (lookup-key-by-id keyring id))))
;; Find the primary key or subkey that made the signature.
(let ((key (find (lambda (k)
(and (openpgp-public-key? k)
- (= (openpgp-public-key-id k) issuer)))
+ (if fingerprint
+ (bytevector=?
+ (openpgp-public-key-fingerprint k)
+ fingerprint)
+ (= (openpgp-public-key-id k) id))))
key-data)))
(if key
(begin
(print "Signature made with key: " key)
(check key sig))
- (values 'missing-key issuer))))
+ (values 'missing-key (or fingerprint id)))))
(values 'unsupported-signature sig)))
(define (key-id-matches-fingerprint? key-id fingerprint)
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index eac2e88..cc5e6cb 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -192,7 +192,7 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
%hello-signature/ed25519/sha1)))
(test-equal "verify-openpgp-signature, missing key"
- `(missing-key ,%rsa-key-id)
+ `(missing-key ,%rsa-key-fingerprint)
(let* ((keyring (get-openpgp-keyring (%make-void-port "r")))
(signature (get-openpgp-packet
(open-bytevector-input-port
- branch wip-openpgp created (now 8916c2f), guix-commits, 2020/05/01
- 01/12: Add '.guix-authorizations'., guix-commits, 2020/05/01
- 02/12: DRAFT Add (guix openpgp)., guix-commits, 2020/05/01
- 04/12: openpgp: Store the issuer key id and fingerprint in <openpgp-signature>., guix-commits, 2020/05/01
- 03/12: openpgp: Decode the issuer-fingerprint signature subpacket., guix-commits, 2020/05/01
- 05/12: openpgp: Add 'lookup-key-by-fingerprint'., guix-commits, 2020/05/01
- 07/12: openpgp: 'lookup-key-by-{id, fingerprint}' return the key first., guix-commits, 2020/05/01
- 09/12: git-authenticate: Use (guix openpgp)., guix-commits, 2020/05/01
- 06/12: openpgp: 'verify-openpgp-signature' looks up by fingerprint when possible.,
guix-commits <=
- 08/12: openpgp: Add 'string->openpgp-packet'., guix-commits, 2020/05/01
- 11/12: git-authenticate: Load the list of authorized keys from the tree., guix-commits, 2020/05/01
- 10/12: .guix-authorizations: Augment., guix-commits, 2020/05/01
- 12/12: git-authenticate: Load the keyring from the repository., guix-commits, 2020/05/01