[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    Re: pks not handling multiple subkeys?
From:       Hironobu SUZUKI <hironobu () h2np ! net>
Date:       2001-01-28 10:30:53
[Download RAW message or body]

FYI.

This weekend, I try to read pksd source codes and I realized this
problem is big problem than I thought. This problem was not fixed by
week-end quick hack.

This is a quick memo for my debugging.  (I'm sorry for this memo is
written by strange English :-)

					--hironobu

-----------------------------------------------------------

WHAT'S WRONG
-------------

1) OpenPGP allows multiple public subkeys.

2) In pksd, only-one subkey is allowed and there is no data type for
subkeys list.

See. kd_types.h
---
  typedef struct _sigs_elem {  <== signature packets
   ...
  } sigs_elem;
  typedef struct _userids_elem { <== user id's packets
   ...
  } userids_elem;

  typedef struct _keys_elem {
   xbuffer pubkey;
   xbuffer subkey;  <== ONLY ONE
   xbuffer subkeysig; <== ONLY ONE
  ....
   llist userids;  <== LIST
   llist words;    <== LIST
  } keys_elem;
----

3) When subkey found in new add key, new subkey is appended
keys_elem's subkey element. It causes many problems.

kd_search.c:315
---
	 } else {				/* subkey packet */
=>	    if (!xbuffer_append(&(s->ke->subkey), packet->data, packet->size)) {
	       s->err->fatal = 1;
	       s->err->str = "Appending subkey to key failed";
	       fail();
	    }
---

WHAT'S HAPPENED
---------------

CASE 1:

If new pubkey has multiple subkeys and is added to pksd, all public
subkeys append to only-one xbuffer(s->ke->subkey). This xbuffer (not
list) become meaningless data because subkey area is assumed for
only-one subkey.
 
CASE 2:

If already pubkey exits in pksd, new submitting pubkey's subkeys are
ignored.

CASE 3:

If a pubkey with one-subkey already exits in pksd database and
submitting pubkey's subkeys has any revoke(s) signature, revoke
signature is effective for a pubkey with one-subkey which already
exits in pksd database.

HOW TO FIX IT
-------------

  NOT YET.

[prev in list] [next in list] [prev in thread] [next in thread]