LCOV - code coverage report
Current view: top level - g10 - trust.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 81 284 28.5 %
Date: 2016-11-29 15:00:56 Functions: 15 24 62.5 %

          Line data    Source code
       1             : /* trust.c - High level trust functions
       2             :  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
       3             :  *               2008, 2012 Free Software Foundation, Inc.
       4             :  * Copyright (C) 2014 Werner Koch
       5             :  *
       6             :  * This file is part of GnuPG.
       7             :  *
       8             :  * GnuPG is free software; you can redistribute it and/or modify
       9             :  * it under the terms of the GNU General Public License as published by
      10             :  * the Free Software Foundation; either version 3 of the License, or
      11             :  * (at your option) any later version.
      12             :  *
      13             :  * GnuPG is distributed in the hope that it will be useful,
      14             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :  * GNU General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU General Public License
      19             :  * along with this program; if not, see <https://www.gnu.org/licenses/>.
      20             :  */
      21             : 
      22             : #include <config.h>
      23             : #include <stdio.h>
      24             : #include <stdlib.h>
      25             : #include <string.h>
      26             : 
      27             : #include "gpg.h"
      28             : #include "keydb.h"
      29             : #include "util.h"
      30             : #include "options.h"
      31             : #include "packet.h"
      32             : #include "main.h"
      33             : #include "i18n.h"
      34             : #include "trustdb.h"
      35             : #include "host2net.h"
      36             : 
      37             : 
      38             : /* Return true if key is disabled.  Note that this is usually used via
      39             :    the pk_is_disabled macro.  */
      40             : int
      41         314 : cache_disabled_value (PKT_public_key *pk)
      42             : {
      43             : #ifdef NO_TRUST_MODELS
      44             :   (void)pk;
      45             :   return 0;
      46             : #else
      47         314 :   return tdb_cache_disabled_value (pk);
      48             : #endif
      49             : }
      50             : 
      51             : 
      52             : void
      53           3 : register_trusted_keyid (u32 *keyid)
      54             : {
      55             : #ifdef NO_TRUST_MODELS
      56             :   (void)keyid;
      57             : #else
      58           3 :   tdb_register_trusted_keyid (keyid);
      59             : #endif
      60           3 : }
      61             : 
      62             : 
      63             : void
      64           0 : register_trusted_key (const char *string)
      65             : {
      66             : #ifdef NO_TRUST_MODELS
      67             :   (void)string;
      68             : #else
      69           0 :   tdb_register_trusted_key (string);
      70             : #endif
      71           0 : }
      72             : 
      73             : 
      74             : 
      75             : /*
      76             :  * This function returns a letter for a trust value.  Trust flags
      77             :  * are ignored.
      78             :  */
      79             : static int
      80         292 : trust_letter (unsigned int value)
      81             : {
      82         292 :   switch( (value & TRUST_MASK) )
      83             :     {
      84         175 :     case TRUST_UNKNOWN:   return '-';
      85           3 :     case TRUST_EXPIRED:   return 'e';
      86          12 :     case TRUST_UNDEFINED: return 'q';
      87          28 :     case TRUST_NEVER:     return 'n';
      88          27 :     case TRUST_MARGINAL:  return 'm';
      89          29 :     case TRUST_FULLY:     return 'f';
      90          18 :     case TRUST_ULTIMATE:  return 'u';
      91           0 :     default:              return '?';
      92             :     }
      93             : }
      94             : 
      95             : 
      96             : /* The strings here are similar to those in
      97             :    pkclist.c:do_edit_ownertrust() */
      98             : const char *
      99         388 : trust_value_to_string (unsigned int value)
     100             : {
     101         388 :   switch ((value & TRUST_MASK))
     102             :     {
     103         354 :     case TRUST_UNKNOWN:   return _("unknown");
     104           0 :     case TRUST_EXPIRED:   return _("expired");
     105           5 :     case TRUST_UNDEFINED: return _("undefined");
     106           0 :     case TRUST_NEVER:     return _("never");
     107          19 :     case TRUST_MARGINAL:  return _("marginal");
     108           6 :     case TRUST_FULLY:     return _("full");
     109           4 :     case TRUST_ULTIMATE:  return _("ultimate");
     110           0 :     default:              return "err";
     111             :     }
     112             : }
     113             : 
     114             : 
     115             : int
     116           0 : string_to_trust_value (const char *str)
     117             : {
     118           0 :   if (!ascii_strcasecmp (str, "undefined"))
     119           0 :     return TRUST_UNDEFINED;
     120           0 :   else if (!ascii_strcasecmp (str, "never"))
     121           0 :     return TRUST_NEVER;
     122           0 :   else if (!ascii_strcasecmp (str, "marginal"))
     123           0 :     return TRUST_MARGINAL;
     124           0 :   else if (!ascii_strcasecmp (str, "full"))
     125           0 :     return TRUST_FULLY;
     126           0 :   else if (!ascii_strcasecmp(str, "ultimate"))
     127           0 :     return TRUST_ULTIMATE;
     128             :   else
     129           0 :     return -1;
     130             : }
     131             : 
     132             : 
     133             : const char *
     134          52 : uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
     135             : {
     136          52 :   if (!key && !uid)
     137             :     {
     138             :       /* TRANSLATORS: these strings are similar to those in
     139             :          trust_value_to_string(), but are a fixed length.  This is needed to
     140             :          make attractive information listings where columns line up
     141             :          properly.  The value "10" should be the length of the strings you
     142             :          choose to translate to.  This is the length in printable columns.
     143             :          It gets passed to atoi() so everything after the number is
     144             :          essentially a comment and need not be translated.  Either key and
     145             :          uid are both NULL, or neither are NULL. */
     146          26 :       return _("10 translator see trust.c:uid_trust_string_fixed");
     147             :     }
     148          26 :   else if(uid->is_revoked || (key && key->flags.revoked))
     149           0 :     return                         _("[ revoked]");
     150          26 :   else if(uid->is_expired)
     151           0 :     return                         _("[ expired]");
     152          26 :   else if(key)
     153             :     {
     154          26 :       switch (get_validity (ctrl, NULL, key, uid, NULL, 0) & TRUST_MASK)
     155             :         {
     156          26 :         case TRUST_UNKNOWN:   return _("[ unknown]");
     157           0 :         case TRUST_EXPIRED:   return _("[ expired]");
     158           0 :         case TRUST_UNDEFINED: return _("[  undef ]");
     159           0 :         case TRUST_NEVER:     return _("[  never ]");
     160           0 :         case TRUST_MARGINAL:  return _("[marginal]");
     161           0 :         case TRUST_FULLY:     return _("[  full  ]");
     162           0 :         case TRUST_ULTIMATE:  return _("[ultimate]");
     163             :         }
     164             :     }
     165             : 
     166           0 :   return "err";
     167             : }
     168             : 
     169             : 
     170             : 
     171             : /*
     172             :  * Return the assigned ownertrust value for the given public key.
     173             :  * The key should be the primary key.
     174             :  */
     175             : unsigned int
     176           3 : get_ownertrust (PKT_public_key *pk)
     177             : {
     178             : #ifdef NO_TRUST_MODELS
     179             :   (void)pk;
     180             :   return TRUST_UNKNOWN;
     181             : #else
     182           3 :   return tdb_get_ownertrust (pk);
     183             : #endif
     184             : }
     185             : 
     186             : 
     187             : /*
     188             :  * Same as get_ownertrust but this takes the minimum ownertrust value
     189             :  * into into account, and will bump up the value as needed.
     190             :  */
     191             : static int
     192         100 : get_ownertrust_with_min (PKT_public_key *pk)
     193             : {
     194             : #ifdef NO_TRUST_MODELS
     195             :   (void)pk;
     196             :   return TRUST_UNKNOWN;
     197             : #else
     198             :   unsigned int otrust, otrust_min;
     199             : 
     200         100 :   otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
     201         100 :   otrust_min = tdb_get_min_ownertrust (pk);
     202         100 :   if (otrust < otrust_min)
     203             :     {
     204             :       /* If the trust that the user has set is less than the trust
     205             :          that was calculated from a trust signature chain, use the
     206             :          higher of the two.  We do this here and not in
     207             :          get_ownertrust since the underlying ownertrust should not
     208             :          really be set - just the appearance of the ownertrust. */
     209             : 
     210           0 :       otrust = otrust_min;
     211             :     }
     212             : 
     213         100 :   return otrust;
     214             : #endif
     215             : }
     216             : 
     217             : 
     218             : /*
     219             :  * Same as get_ownertrust but return a trust letter instead of an
     220             :  * value.  This takes the minimum ownertrust value into account.
     221             :  */
     222             : int
     223         100 : get_ownertrust_info (PKT_public_key *pk)
     224             : {
     225         100 :   return trust_letter (get_ownertrust_with_min (pk));
     226             : }
     227             : 
     228             : 
     229             : /*
     230             :  * Same as get_ownertrust but return a trust string instead of an
     231             :  * value.  This takes the minimum ownertrust value into account.
     232             :  */
     233             : const char *
     234           0 : get_ownertrust_string (PKT_public_key *pk)
     235             : {
     236           0 :   return trust_value_to_string (get_ownertrust_with_min (pk));
     237             : }
     238             : 
     239             : 
     240             : /*
     241             :  * Set the trust value of the given public key to the new value.
     242             :  * The key should be a primary one.
     243             :  */
     244             : void
     245           3 : update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
     246             : {
     247             : #ifdef NO_TRUST_MODELS
     248             :   (void)pk;
     249             :   (void)new_trust;
     250             : #else
     251           3 :   tdb_update_ownertrust (pk, new_trust);
     252             : #endif
     253           3 : }
     254             : 
     255             : 
     256             : int
     257         235 : clear_ownertrusts (PKT_public_key *pk)
     258             : {
     259             : #ifdef NO_TRUST_MODELS
     260             :   (void)pk;
     261             :   return 0;
     262             : #else
     263         235 :   return tdb_clear_ownertrusts (pk);
     264             : #endif
     265             : }
     266             : 
     267             : 
     268             : void
     269          13 : revalidation_mark (void)
     270             : {
     271             : #ifndef NO_TRUST_MODELS
     272          13 :   tdb_revalidation_mark ();
     273             : #endif
     274          13 : }
     275             : 
     276             : 
     277             : void
     278         432 : check_trustdb_stale (ctrl_t ctrl)
     279             : {
     280             : #ifndef NO_TRUST_MODELS
     281         432 :   tdb_check_trustdb_stale (ctrl);
     282             : #else
     283             :   (void)ctrl;
     284             : #endif
     285         432 : }
     286             : 
     287             : 
     288             : void
     289          70 : check_or_update_trustdb (ctrl_t ctrl)
     290             : {
     291             : #ifndef NO_TRUST_MODELS
     292          70 :   tdb_check_or_update (ctrl);
     293             : #else
     294             :   (void)ctrl;
     295             : #endif
     296          70 : }
     297             : 
     298             : 
     299             : /*
     300             :  * Return the validity information for KB/PK (at least one must be
     301             :  * non-NULL).  If the namehash is not NULL, the validity of the
     302             :  * corresponding user ID is returned, otherwise, a reasonable value
     303             :  * for the entire key is returned.
     304             :  */
     305             : unsigned int
     306         932 : get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
     307             :               PKT_signature *sig, int may_ask)
     308             : {
     309             :   int rc;
     310             :   unsigned int validity;
     311             :   u32 kid[2];
     312             :   PKT_public_key *main_pk;
     313             : 
     314         932 :   if (kb && pk)
     315         630 :     log_assert (keyid_cmp (pk_main_keyid (pk),
     316             :                            pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
     317             : 
     318         932 :   if (! pk)
     319             :     {
     320           0 :       log_assert (kb);
     321           0 :       pk = kb->pkt->pkt.public_key;
     322             :     }
     323             : 
     324         932 :   if (uid)
     325         684 :     namehash_from_uid (uid);
     326             : 
     327         932 :   keyid_from_pk (pk, kid);
     328         932 :   if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
     329             :     {
     330             :       /* This is a subkey - get the mainkey. */
     331         488 :       if (kb)
     332           0 :         main_pk = kb->pkt->pkt.public_key;
     333             :       else
     334             :         {
     335         244 :           main_pk = xmalloc_clear (sizeof *main_pk);
     336         244 :           rc = get_pubkey (main_pk, pk->main_keyid);
     337         244 :           if (rc)
     338             :             {
     339           0 :               char *tempkeystr = xstrdup (keystr (pk->main_keyid));
     340           0 :               log_error ("error getting main key %s of subkey %s: %s\n",
     341             :                          tempkeystr, keystr (kid), gpg_strerror (rc));
     342           0 :               xfree (tempkeystr);
     343           0 :               validity = TRUST_UNKNOWN;
     344           0 :               goto leave;
     345             :             }
     346             :         }
     347             :     }
     348             :   else
     349         688 :     main_pk = pk;
     350             : 
     351             : #ifdef NO_TRUST_MODELS
     352             :   validity = TRUST_UNKNOWN;
     353             : #else
     354         932 :   validity = tdb_get_validity_core (ctrl, kb, pk, uid, main_pk, sig, may_ask);
     355             : #endif
     356             : 
     357             :  leave:
     358             :   /* Set some flags direct from the key */
     359         932 :   if (main_pk->flags.revoked)
     360           0 :     validity |= TRUST_FLAG_REVOKED;
     361         932 :   if (main_pk != pk && pk->flags.revoked)
     362           0 :     validity |= TRUST_FLAG_SUB_REVOKED;
     363             :   /* Note: expiration is a trust value and not a flag - don't know why
     364             :    * I initially designed it that way.  */
     365         932 :   if (main_pk->has_expired || pk->has_expired)
     366          11 :     validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
     367             :                 | TRUST_EXPIRED);
     368             : 
     369         932 :   if (main_pk != pk && !kb)
     370         244 :     free_public_key (main_pk);
     371         932 :   return validity;
     372             : }
     373             : 
     374             : 
     375             : int
     376         192 : get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
     377             :                    PKT_user_id *uid)
     378             : {
     379             :   int trustlevel;
     380             : 
     381         192 :   if (kb && pk)
     382         192 :     log_assert (keyid_cmp (pk_main_keyid (pk),
     383             :                            pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
     384             : 
     385         192 :   if (! pk && kb)
     386           0 :     pk = kb->pkt->pkt.public_key;
     387         192 :   if (!pk)
     388           0 :     return '?';  /* Just in case a NULL PK is passed.  */
     389             : 
     390         192 :   trustlevel = get_validity (ctrl, kb, pk, uid, NULL, 0);
     391         192 :   if ((trustlevel & TRUST_FLAG_REVOKED))
     392           0 :     return 'r';
     393         192 :   return trust_letter (trustlevel);
     394             : }
     395             : 
     396             : 
     397             : const char *
     398           0 : get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
     399             : {
     400             :   int trustlevel;
     401             : 
     402           0 :   if (!pk)
     403           0 :     return "err";  /* Just in case a NULL PK is passed.  */
     404             : 
     405           0 :   trustlevel = get_validity (ctrl, NULL, pk, uid, NULL, 0);
     406           0 :   if ((trustlevel & TRUST_FLAG_REVOKED))
     407           0 :     return _("revoked");
     408           0 :   return trust_value_to_string (trustlevel);
     409             : }
     410             : 
     411             : 
     412             : 
     413             : /*
     414             :  * Mark the signature of the given UID which are used to certify it.
     415             :  * To do this, we first revmove all signatures which are not valid and
     416             :  * from the remain ones we look for the latest one.  If this is not a
     417             :  * certification revocation signature we mark the signature by setting
     418             :  * node flag bit 8.  Revocations are marked with flag 11, and sigs
     419             :  * from unavailable keys are marked with flag 12.  Note that flag bits
     420             :  * 9 and 10 are used for internal purposes.
     421             :  */
     422             : void
     423           0 : mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
     424             :                        u32 *main_kid, struct key_item *klist,
     425             :                        u32 curtime, u32 *next_expire)
     426             : {
     427             :   kbnode_t node;
     428             :   PKT_signature *sig;
     429             : 
     430             :   /* First check all signatures.  */
     431           0 :   for (node=uidnode->next; node; node = node->next)
     432             :     {
     433             :       int rc;
     434             : 
     435           0 :       node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
     436           0 :       if (node->pkt->pkttype == PKT_USER_ID
     437           0 :           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     438             :         break; /* ready */
     439           0 :       if (node->pkt->pkttype != PKT_SIGNATURE)
     440           0 :         continue;
     441           0 :       sig = node->pkt->pkt.signature;
     442           0 :       if (main_kid
     443           0 :           && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
     444           0 :         continue; /* ignore self-signatures if we pass in a main_kid */
     445           0 :       if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
     446           0 :         continue; /* we only look at these signature classes */
     447           0 :       if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
     448           0 :          sig->sig_class-0x10<opt.min_cert_level)
     449           0 :         continue; /* treat anything under our min_cert_level as an
     450             :                      invalid signature */
     451           0 :       if (klist && !is_in_klist (klist, sig))
     452           0 :         continue;  /* no need to check it then */
     453           0 :       if ((rc=check_key_signature (keyblock, node, NULL)))
     454             :         {
     455             :           /* we ignore anything that won't verify, but tag the
     456             :              no_pubkey case */
     457           0 :           if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
     458           0 :             node->flag |= 1<<12;
     459           0 :           continue;
     460             :         }
     461           0 :       node->flag |= 1<<9;
     462             :     }
     463             :   /* Reset the remaining flags. */
     464           0 :   for (; node; node = node->next)
     465           0 :     node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
     466             : 
     467             :   /* kbnode flag usage: bit 9 is here set for signatures to consider,
     468             :    * bit 10 will be set by the loop to keep track of keyIDs already
     469             :    * processed, bit 8 will be set for the usable signatures, and bit
     470             :    * 11 will be set for usable revocations. */
     471             : 
     472             :   /* For each cert figure out the latest valid one.  */
     473           0 :   for (node=uidnode->next; node; node = node->next)
     474             :     {
     475             :       KBNODE n, signode;
     476             :       u32 kid[2];
     477             :       u32 sigdate;
     478             : 
     479           0 :       if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     480           0 :         break;
     481           0 :       if ( !(node->flag & (1<<9)) )
     482           0 :         continue; /* not a node to look at */
     483           0 :       if ( (node->flag & (1<<10)) )
     484           0 :         continue; /* signature with a keyID already processed */
     485           0 :       node->flag |= (1<<10); /* mark this node as processed */
     486           0 :       sig = node->pkt->pkt.signature;
     487           0 :       signode = node;
     488           0 :       sigdate = sig->timestamp;
     489           0 :       kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
     490             : 
     491             :       /* Now find the latest and greatest signature */
     492           0 :       for (n=uidnode->next; n; n = n->next)
     493             :         {
     494           0 :           if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     495           0 :             break;
     496           0 :           if ( !(n->flag & (1<<9)) )
     497           0 :             continue;
     498           0 :           if ( (n->flag & (1<<10)) )
     499           0 :             continue; /* shortcut already processed signatures */
     500           0 :           sig = n->pkt->pkt.signature;
     501           0 :           if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
     502           0 :             continue;
     503           0 :           n->flag |= (1<<10); /* mark this node as processed */
     504             : 
     505             :           /* If signode is nonrevocable and unexpired and n isn't,
     506             :              then take signode (skip).  It doesn't matter which is
     507             :              older: if signode was older then we don't want to take n
     508             :              as signode is nonrevocable.  If n was older then we're
     509             :              automatically fine. */
     510             : 
     511           0 :           if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
     512           0 :                !signode->pkt->pkt.signature->flags.revocable &&
     513           0 :                (signode->pkt->pkt.signature->expiredate==0 ||
     514           0 :                 signode->pkt->pkt.signature->expiredate>curtime))) &&
     515           0 :              (!(IS_UID_SIG(n->pkt->pkt.signature) &&
     516           0 :                 !n->pkt->pkt.signature->flags.revocable &&
     517           0 :                 (n->pkt->pkt.signature->expiredate==0 ||
     518           0 :                  n->pkt->pkt.signature->expiredate>curtime))))
     519           0 :             continue;
     520             : 
     521             :           /* If n is nonrevocable and unexpired and signode isn't,
     522             :              then take n.  Again, it doesn't matter which is older: if
     523             :              n was older then we don't want to take signode as n is
     524             :              nonrevocable.  If signode was older then we're
     525             :              automatically fine. */
     526             : 
     527           0 :           if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
     528           0 :                 !signode->pkt->pkt.signature->flags.revocable &&
     529           0 :                 (signode->pkt->pkt.signature->expiredate==0 ||
     530           0 :                  signode->pkt->pkt.signature->expiredate>curtime))) &&
     531           0 :              ((IS_UID_SIG(n->pkt->pkt.signature) &&
     532           0 :                !n->pkt->pkt.signature->flags.revocable &&
     533           0 :                (n->pkt->pkt.signature->expiredate==0 ||
     534           0 :                 n->pkt->pkt.signature->expiredate>curtime))))
     535             :             {
     536           0 :               signode = n;
     537           0 :               sigdate = sig->timestamp;
     538           0 :               continue;
     539             :             }
     540             : 
     541             :           /* At this point, if it's newer, it goes in as the only
     542             :              remaining possibilities are signode and n are both either
     543             :              revocable or expired or both nonrevocable and unexpired.
     544             :              If the timestamps are equal take the later ordered
     545             :              packet, presuming that the key packets are hopefully in
     546             :              their original order. */
     547             : 
     548           0 :           if (sig->timestamp >= sigdate)
     549             :             {
     550           0 :               signode = n;
     551           0 :               sigdate = sig->timestamp;
     552             :             }
     553             :         }
     554             : 
     555           0 :       sig = signode->pkt->pkt.signature;
     556           0 :       if (IS_UID_SIG (sig))
     557             :         { /* this seems to be a usable one which is not revoked.
     558             :            * Just need to check whether there is an expiration time,
     559             :            * We do the expired certification after finding a suitable
     560             :            * certification, the assumption is that a signator does not
     561             :            * want that after the expiration of his certificate the
     562             :            * system falls back to an older certification which has a
     563             :            * different expiration time */
     564             :           const byte *p;
     565             :           u32 expire;
     566             : 
     567           0 :           p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
     568           0 :           expire = p? sig->timestamp + buf32_to_u32(p) : 0;
     569             : 
     570           0 :           if (expire==0 || expire > curtime )
     571             :             {
     572           0 :               signode->flag |= (1<<8); /* yeah, found a good cert */
     573           0 :               if (next_expire && expire && expire < *next_expire)
     574           0 :                 *next_expire = expire;
     575             :             }
     576             :         }
     577             :       else
     578           0 :         signode->flag |= (1<<11);
     579             :     }
     580           0 : }
     581             : 
     582             : 
     583             : static int
     584           0 : clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
     585             :                      int noisy, int self_only)
     586             : {
     587           0 :   int deleted = 0;
     588             :   kbnode_t node;
     589             :   u32 keyid[2];
     590             : 
     591           0 :   log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
     592             : 
     593           0 :   keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
     594             : 
     595             :   /* Passing in a 0 for current time here means that we'll never weed
     596             :      out an expired sig.  This is correct behavior since we want to
     597             :      keep the most recent expired sig in a series. */
     598           0 :   mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
     599             : 
     600             :   /* What we want to do here is remove signatures that are not
     601             :      considered as part of the trust calculations.  Thus, all invalid
     602             :      signatures are out, as are any signatures that aren't the last of
     603             :      a series of uid sigs or revocations It breaks down like this:
     604             :      coming out of mark_usable_uid_certs, if a sig is unflagged, it is
     605             :      not even a candidate.  If a sig has flag 9 or 10, that means it
     606             :      was selected as a candidate and vetted.  If a sig has flag 8 it
     607             :      is a usable signature.  If a sig has flag 11 it is a usable
     608             :      revocation.  If a sig has flag 12 it was issued by an unavailable
     609             :      key.  "Usable" here means the most recent valid
     610             :      signature/revocation in a series from a particular signer.
     611             : 
     612             :      Delete everything that isn't a usable uid sig (which might be
     613             :      expired), a usable revocation, or a sig from an unavailable
     614             :      key. */
     615             : 
     616           0 :   for (node=uidnode->next;
     617           0 :        node && node->pkt->pkttype==PKT_SIGNATURE;
     618           0 :        node=node->next)
     619             :     {
     620             :       int keep;
     621             : 
     622           0 :       keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
     623           0 :                          && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
     624             : 
     625             :       /* Keep usable uid sigs ... */
     626           0 :       if ((node->flag & (1<<8)) && keep)
     627           0 :         continue;
     628             : 
     629             :       /* ... and usable revocations... */
     630           0 :       if ((node->flag & (1<<11)) && keep)
     631           0 :         continue;
     632             : 
     633             :       /* ... and sigs from unavailable keys. */
     634             :       /* disabled for now since more people seem to want sigs from
     635             :          unavailable keys removed altogether.  */
     636             :       /*
     637             :         if(node->flag & (1<<12))
     638             :         continue;
     639             :       */
     640             : 
     641             :       /* Everything else we delete */
     642             : 
     643             :       /* At this point, if 12 is set, the signing key was unavailable.
     644             :          If 9 or 10 is set, it's superseded.  Otherwise, it's
     645             :          invalid. */
     646             : 
     647           0 :       if (noisy)
     648           0 :         log_info ("removing signature from key %s on user ID \"%s\": %s\n",
     649           0 :                   keystr (node->pkt->pkt.signature->keyid),
     650           0 :                   uidnode->pkt->pkt.user_id->name,
     651           0 :                   node->flag&(1<<12)? "key unavailable":
     652           0 :                   node->flag&(1<<9)?  "signature superseded"
     653           0 :                   /* */               :"invalid signature"  );
     654             : 
     655           0 :       delete_kbnode (node);
     656           0 :       deleted++;
     657             :     }
     658             : 
     659           0 :   return deleted;
     660             : }
     661             : 
     662             : 
     663             : /* This is substantially easier than clean_sigs_from_uid since we just
     664             :    have to establish if the uid has a valid self-sig, is not revoked,
     665             :    and is not expired.  Note that this does not take into account
     666             :    whether the uid has a trust path to it - just whether the keyholder
     667             :    themselves has certified the uid.  Returns true if the uid was
     668             :    compacted.  To "compact" a user ID, we simply remove ALL signatures
     669             :    except the self-sig that caused the user ID to be remove-worthy.
     670             :    We don't actually remove the user ID packet itself since it might
     671             :    be resurrected in a later merge.  Note that this function requires
     672             :    that the caller has already done a merge_keys_and_selfsig().
     673             : 
     674             :    TODO: change the import code to allow importing a uid with only a
     675             :    revocation if the uid already exists on the keyring. */
     676             : 
     677             : static int
     678           0 : clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
     679             : {
     680             :   kbnode_t node;
     681           0 :   PKT_user_id *uid = uidnode->pkt->pkt.user_id;
     682           0 :   int deleted = 0;
     683             : 
     684           0 :   log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
     685           0 :   log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
     686             : 
     687             :   /* Skip valid user IDs, compacted user IDs, and non-self-signed user
     688             :      IDs if --allow-non-selfsigned-uid is set. */
     689           0 :   if (uid->created
     690           0 :       || uid->flags.compacted
     691           0 :       || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
     692           0 :     return 0;
     693             : 
     694           0 :   for (node=uidnode->next;
     695           0 :        node && node->pkt->pkttype == PKT_SIGNATURE;
     696           0 :       node=node->next)
     697             :     {
     698           0 :       if (!node->pkt->pkt.signature->flags.chosen_selfsig)
     699             :         {
     700           0 :           delete_kbnode (node);
     701           0 :           deleted = 1;
     702           0 :           uidnode->pkt->pkt.user_id->flags.compacted = 1;
     703             :         }
     704             :     }
     705             : 
     706           0 :   if (noisy)
     707             :     {
     708             :       const char *reason;
     709           0 :       char *user = utf8_to_native (uid->name, uid->len, 0);
     710             : 
     711           0 :       if (uid->is_revoked)
     712           0 :         reason = _("revoked");
     713           0 :       else if (uid->is_expired)
     714           0 :         reason = _("expired");
     715             :       else
     716           0 :         reason = _("invalid");
     717             : 
     718           0 :       log_info ("compacting user ID \"%s\" on key %s: %s\n",
     719           0 :                 user, keystr_from_pk (keyblock->pkt->pkt.public_key),
     720             :                 reason);
     721             : 
     722           0 :       xfree (user);
     723             :     }
     724             : 
     725           0 :   return deleted;
     726             : }
     727             : 
     728             : 
     729             : /* Needs to be called after a merge_keys_and_selfsig() */
     730             : void
     731           0 : clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
     732             :                int *uids_cleaned, int *sigs_cleaned)
     733             : {
     734           0 :   int dummy = 0;
     735             : 
     736           0 :   log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
     737           0 :   log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
     738             : 
     739           0 :   if (!uids_cleaned)
     740           0 :     uids_cleaned = &dummy;
     741             : 
     742           0 :   if (!sigs_cleaned)
     743           0 :     sigs_cleaned = &dummy;
     744             : 
     745             :   /* Do clean_uid_from_key first since if it fires off, we don't have
     746             :      to bother with the other.  */
     747           0 :   *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
     748           0 :   if (!uidnode->pkt->pkt.user_id->flags.compacted)
     749           0 :     *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
     750           0 : }
     751             : 
     752             : 
     753             : void
     754           0 : clean_key (kbnode_t keyblock, int noisy, int self_only,
     755             :            int *uids_cleaned, int *sigs_cleaned)
     756             : {
     757             :   kbnode_t uidnode;
     758             : 
     759           0 :   merge_keys_and_selfsig (keyblock);
     760             : 
     761           0 :   for (uidnode = keyblock->next;
     762           0 :        uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
     763           0 :        uidnode = uidnode->next)
     764             :     {
     765           0 :       if (uidnode->pkt->pkttype == PKT_USER_ID)
     766           0 :         clean_one_uid (keyblock, uidnode,noisy, self_only,
     767             :                        uids_cleaned, sigs_cleaned);
     768             :     }
     769           0 : }

Generated by: LCOV version 1.11