# # patch "ChangeLog" # from [5387993cd1182600f3f4459588e89af64f7feb59] # to [8e125fbadc17a0ed7a690076ac222d275524af74] # # patch "cert.cc" # from [7375c4ce0944680b0b1347414d653139f6c828c7] # to [43de7f5240b7caa27fc590630afe3ffeea0bfa0b] # # patch "keys.cc" # from [444db9ef45da738d82da852b28e12e3c378b6d7e] # to [cf21506cfc9735f800dccf4d1c3b575fa97bab90] # # patch "keys.hh" # from [3618c073f57fdabfaf53fbf596c4d7d324aa2be5] # to [16c620ec000b13c0ef656a92a59c18660d4c1aaf] # # patch "packet.cc" # from [ac38aac6e3209972c9417388914ddc795ed4a53a] # to [407e15cf1c485e09665a372588be2f99491a17d7] # ======================================================================== --- ChangeLog 5387993cd1182600f3f4459588e89af64f7feb59 +++ ChangeLog 8e125fbadc17a0ed7a690076ac222d275524af74 @@ -1,3 +1,9 @@ +2005-08-28 Matt Johnston + + * keys.cc (keys_match): new function to compare whether two keys + match (ignoring whitespace as the database does, etc). + * packet.cc, keys.cc: use it for existing-key-comparison. + 2005-08-27 Nathaniel Smith * commands.cc (checkout): Special-case "checkout ." ======================================================================== --- cert.cc 7375c4ce0944680b0b1347414d653139f6c828c7 +++ cert.cc 43de7f5240b7caa27fc590630afe3ffeea0bfa0b @@ -369,7 +369,7 @@ { // We really don't want the database key and the rcfile key // to differ. - N(remove_ws(dbkey()) == remove_ws(luakey()), + N(keys_match(id, dbkey, id, luakey), F("mismatch between private key '%s' in database" " and get_priv_key hook") % id); } ======================================================================== --- keys.cc 444db9ef45da738d82da852b28e12e3c378b6d7e +++ keys.cc cf21506cfc9735f800dccf4d1c3b575fa97bab90 @@ -474,6 +474,32 @@ calculate_ident(tdat, out); } +// helper to compare if two keys have the same hash +// (ie are the same key) +bool +keys_match(rsa_keypair_id const & id1, + base64 const & key1, + rsa_keypair_id const & id2, + base64 const & key2) +{ + hexenc hash1, hash2; + key_hash_code(id1, key1, hash1); + key_hash_code(id2, key2, hash2); + return hash1 == hash2; +} + +bool +keys_match(rsa_keypair_id const & id1, + base64< arc4 > const & key1, + rsa_keypair_id const & id2, + base64< arc4 > const & key2) +{ + hexenc hash1, hash2; + key_hash_code(id1, key1, hash1); + key_hash_code(id2, key2, hash2); + return hash1 == hash2; +} + void require_password(rsa_keypair_id const & key, app_state & app) ======================================================================== --- keys.hh 3618c073f57fdabfaf53fbf596c4d7d324aa2be5 +++ keys.hh 16c620ec000b13c0ef656a92a59c18660d4c1aaf @@ -72,6 +72,15 @@ base64< arc4 > const & priv, hexenc & out); +bool keys_match(rsa_keypair_id const & id1, + base64 const & key1, + rsa_keypair_id const & id2, + base64 const & key2); +bool keys_match(rsa_keypair_id const & id1, + base64< arc4 > const & key1, + rsa_keypair_id const & id2, + base64< arc4 > const & key2); + #endif // __KEYS_HH__ ======================================================================== --- packet.cc ac38aac6e3209972c9417388914ddc795ed4a53a +++ packet.cc 407e15cf1c485e09665a372588be2f99491a17d7 @@ -17,6 +17,7 @@ #include "revision.hh" #include "sanity.hh" #include "transforms.hh" +#include "keys.hh" using namespace std; using boost::shared_ptr; @@ -982,7 +983,7 @@ { base64 tmp; pimpl->app.db.get_key(ident, tmp); - if (!(tmp() == k())) + if (!keys_match(ident, tmp, ident, k)) W(F("key '%s' is not equal to key '%s' in database\n") % ident % ident); L(F("skipping existing public key %s\n") % ident); }