Line data Source code
1 : /* trust.c - High level trust functions
2 : * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 : * 2008, 2012 Free Software Foundation, Inc.
4 : * Copyright (C) 2014 Werner Koch
5 : *
6 : * This file is part of GnuPG.
7 : *
8 : * GnuPG is free software; you can redistribute it and/or modify
9 : * it under the terms of the GNU General Public License as published by
10 : * the Free Software Foundation; either version 3 of the License, or
11 : * (at your option) any later version.
12 : *
13 : * GnuPG is distributed in the hope that it will be useful,
14 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : * GNU General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU General Public License
19 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include <config.h>
23 : #include <stdio.h>
24 : #include <stdlib.h>
25 : #include <string.h>
26 : #include <assert.h>
27 :
28 : #include "gpg.h"
29 : #include "keydb.h"
30 : #include "util.h"
31 : #include "options.h"
32 : #include "packet.h"
33 : #include "main.h"
34 : #include "i18n.h"
35 : #include "trustdb.h"
36 : #include "host2net.h"
37 :
38 :
39 : /* Return true if key is disabled. Note that this is usually used via
40 : the pk_is_disabled macro. */
41 : int
42 277 : cache_disabled_value (PKT_public_key *pk)
43 : {
44 : #ifdef NO_TRUST_MODELS
45 : (void)pk;
46 : return 0;
47 : #else
48 277 : return tdb_cache_disabled_value (pk);
49 : #endif
50 : }
51 :
52 :
53 : void
54 2 : register_trusted_keyid (u32 *keyid)
55 : {
56 : #ifdef NO_TRUST_MODELS
57 : (void)keyid;
58 : #else
59 2 : tdb_register_trusted_keyid (keyid);
60 : #endif
61 2 : }
62 :
63 :
64 : void
65 0 : register_trusted_key (const char *string)
66 : {
67 : #ifdef NO_TRUST_MODELS
68 : (void)string;
69 : #else
70 0 : tdb_register_trusted_key (string);
71 : #endif
72 0 : }
73 :
74 :
75 : �
76 : /*
77 : * This function returns a letter for a trust value. Trust flags
78 : * are ignored.
79 : */
80 : static int
81 254 : trust_letter (unsigned int value)
82 : {
83 254 : switch( (value & TRUST_MASK) )
84 : {
85 145 : case TRUST_UNKNOWN: return '-';
86 1 : case TRUST_EXPIRED: return 'e';
87 0 : case TRUST_UNDEFINED: return 'q';
88 52 : case TRUST_NEVER: return 'n';
89 12 : case TRUST_MARGINAL: return 'm';
90 44 : case TRUST_FULLY: return 'f';
91 0 : case TRUST_ULTIMATE: return 'u';
92 0 : default: return '?';
93 : }
94 : }
95 :
96 :
97 : /* The strings here are similar to those in
98 : pkclist.c:do_edit_ownertrust() */
99 : const char *
100 313 : trust_value_to_string (unsigned int value)
101 : {
102 313 : switch ((value & TRUST_MASK))
103 : {
104 311 : case TRUST_UNKNOWN: return _("unknown");
105 0 : case TRUST_EXPIRED: return _("expired");
106 0 : case TRUST_UNDEFINED: return _("undefined");
107 0 : case TRUST_NEVER: return _("never");
108 2 : case TRUST_MARGINAL: return _("marginal");
109 0 : case TRUST_FULLY: return _("full");
110 0 : case TRUST_ULTIMATE: return _("ultimate");
111 0 : default: return "err";
112 : }
113 : }
114 :
115 :
116 : int
117 0 : string_to_trust_value (const char *str)
118 : {
119 0 : if (!ascii_strcasecmp (str, "undefined"))
120 0 : return TRUST_UNDEFINED;
121 0 : else if (!ascii_strcasecmp (str, "never"))
122 0 : return TRUST_NEVER;
123 0 : else if (!ascii_strcasecmp (str, "marginal"))
124 0 : return TRUST_MARGINAL;
125 0 : else if (!ascii_strcasecmp (str, "full"))
126 0 : return TRUST_FULLY;
127 0 : else if (!ascii_strcasecmp(str, "ultimate"))
128 0 : return TRUST_ULTIMATE;
129 : else
130 0 : return -1;
131 : }
132 :
133 :
134 : const char *
135 6 : uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
136 : {
137 6 : if (!key && !uid)
138 : {
139 : /* TRANSLATORS: these strings are similar to those in
140 : trust_value_to_string(), but are a fixed length. This is needed to
141 : make attractive information listings where columns line up
142 : properly. The value "10" should be the length of the strings you
143 : choose to translate to. This is the length in printable columns.
144 : It gets passed to atoi() so everything after the number is
145 : essentially a comment and need not be translated. Either key and
146 : uid are both NULL, or neither are NULL. */
147 3 : return _("10 translator see trust.c:uid_trust_string_fixed");
148 : }
149 3 : else if(uid->is_revoked || (key && key->flags.revoked))
150 0 : return _("[ revoked]");
151 3 : else if(uid->is_expired)
152 0 : return _("[ expired]");
153 3 : else if(key)
154 : {
155 3 : switch (get_validity (key, uid, NULL, 0) & TRUST_MASK)
156 : {
157 3 : case TRUST_UNKNOWN: return _("[ unknown]");
158 0 : case TRUST_EXPIRED: return _("[ expired]");
159 0 : case TRUST_UNDEFINED: return _("[ undef ]");
160 0 : case TRUST_MARGINAL: return _("[marginal]");
161 0 : case TRUST_FULLY: return _("[ full ]");
162 0 : case TRUST_ULTIMATE: return _("[ultimate]");
163 : }
164 : }
165 :
166 0 : return "err";
167 : }
168 :
169 :
170 : �
171 : /*
172 : * Return the assigned ownertrust value for the given public key.
173 : * The key should be the primary key.
174 : */
175 : unsigned int
176 2 : get_ownertrust (PKT_public_key *pk)
177 : {
178 : #ifdef NO_TRUST_MODELS
179 : (void)pk;
180 : return TRUST_UNKNOWN;
181 : #else
182 2 : return tdb_get_ownertrust (pk);
183 : #endif
184 : }
185 :
186 :
187 : /*
188 : * Same as get_ownertrust but this takes the minimum ownertrust value
189 : * into into account, and will bump up the value as needed.
190 : */
191 : static int
192 85 : get_ownertrust_with_min (PKT_public_key *pk)
193 : {
194 : #ifdef NO_TRUST_MODELS
195 : (void)pk;
196 : return TRUST_UNKNOWN;
197 : #else
198 : unsigned int otrust, otrust_min;
199 :
200 85 : otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
201 85 : otrust_min = tdb_get_min_ownertrust (pk);
202 85 : if (otrust < otrust_min)
203 : {
204 : /* If the trust that the user has set is less than the trust
205 : that was calculated from a trust signature chain, use the
206 : higher of the two. We do this here and not in
207 : get_ownertrust since the underlying ownertrust should not
208 : really be set - just the appearance of the ownertrust. */
209 :
210 0 : otrust = otrust_min;
211 : }
212 :
213 85 : return otrust;
214 : #endif
215 : }
216 :
217 :
218 : /*
219 : * Same as get_ownertrust but return a trust letter instead of an
220 : * value. This takes the minimum ownertrust value into account.
221 : */
222 : int
223 85 : get_ownertrust_info (PKT_public_key *pk)
224 : {
225 85 : return trust_letter (get_ownertrust_with_min (pk));
226 : }
227 :
228 :
229 : /*
230 : * Same as get_ownertrust but return a trust string instead of an
231 : * value. This takes the minimum ownertrust value into account.
232 : */
233 : const char *
234 0 : get_ownertrust_string (PKT_public_key *pk)
235 : {
236 0 : return trust_value_to_string (get_ownertrust_with_min (pk));
237 : }
238 :
239 :
240 : /*
241 : * Set the trust value of the given public key to the new value.
242 : * The key should be a primary one.
243 : */
244 : void
245 2 : update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
246 : {
247 : #ifdef NO_TRUST_MODELS
248 : (void)pk;
249 : (void)new_trust;
250 : #else
251 2 : tdb_update_ownertrust (pk, new_trust);
252 : #endif
253 2 : }
254 :
255 :
256 : int
257 60 : clear_ownertrusts (PKT_public_key *pk)
258 : {
259 : #ifdef NO_TRUST_MODELS
260 : (void)pk;
261 : return 0;
262 : #else
263 60 : return tdb_clear_ownertrusts (pk);
264 : #endif
265 : }
266 :
267 :
268 : void
269 3 : revalidation_mark (void)
270 : {
271 : #ifndef NO_TRUST_MODELS
272 3 : tdb_revalidation_mark ();
273 : #endif
274 3 : }
275 :
276 :
277 : void
278 954 : check_trustdb_stale (void)
279 : {
280 : #ifndef NO_TRUST_MODELS
281 954 : tdb_check_trustdb_stale ();
282 : #endif
283 954 : }
284 :
285 :
286 : void
287 19 : check_or_update_trustdb (void)
288 : {
289 : #ifndef NO_TRUST_MODELS
290 19 : tdb_check_or_update ();
291 : #endif
292 19 : }
293 :
294 :
295 : /*
296 : * Return the validity information for PK. If the namehash is not
297 : * NULL, the validity of the corresponsing user ID is returned,
298 : * otherwise, a reasonable value for the entire key is returned.
299 : */
300 : unsigned int
301 864 : get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
302 : int may_ask)
303 : {
304 : int rc;
305 : unsigned int validity;
306 : u32 kid[2];
307 : PKT_public_key *main_pk;
308 :
309 864 : if (uid)
310 523 : namehash_from_uid (uid);
311 :
312 864 : keyid_from_pk (pk, kid);
313 864 : if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
314 : {
315 : /* This is a subkey - get the mainkey. */
316 236 : main_pk = xmalloc_clear (sizeof *main_pk);
317 236 : rc = get_pubkey (main_pk, pk->main_keyid);
318 472 : if (rc)
319 : {
320 0 : char *tempkeystr = xstrdup (keystr (pk->main_keyid));
321 0 : log_error ("error getting main key %s of subkey %s: %s\n",
322 : tempkeystr, keystr (kid), gpg_strerror (rc));
323 0 : xfree (tempkeystr);
324 0 : validity = TRUST_UNKNOWN;
325 0 : goto leave;
326 : }
327 : }
328 : else
329 628 : main_pk = pk;
330 :
331 : #ifdef NO_TRUST_MODELS
332 : validity = TRUST_UNKNOWN;
333 : #else
334 864 : validity = tdb_get_validity_core (pk, uid, main_pk, sig, may_ask);
335 : #endif
336 :
337 : leave:
338 : /* Set some flags direct from the key */
339 864 : if (main_pk->flags.revoked)
340 0 : validity |= TRUST_FLAG_REVOKED;
341 864 : if (main_pk != pk && pk->flags.revoked)
342 0 : validity |= TRUST_FLAG_SUB_REVOKED;
343 : /* Note: expiration is a trust value and not a flag - don't know why
344 : * I initially designed it that way. */
345 864 : if (main_pk->has_expired || pk->has_expired)
346 1 : validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
347 : | TRUST_EXPIRED);
348 :
349 864 : if (main_pk != pk)
350 236 : free_public_key (main_pk);
351 864 : return validity;
352 : }
353 :
354 :
355 : int
356 169 : get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
357 : {
358 : int trustlevel;
359 :
360 169 : if (!pk)
361 0 : return '?'; /* Just in case a NULL PK is passed. */
362 :
363 169 : trustlevel = get_validity (pk, uid, NULL, 0);
364 169 : if ((trustlevel & TRUST_FLAG_REVOKED))
365 0 : return 'r';
366 169 : return trust_letter (trustlevel);
367 : }
368 :
369 :
370 : const char *
371 0 : get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
372 : {
373 : int trustlevel;
374 :
375 0 : if (!pk)
376 0 : return "err"; /* Just in case a NULL PK is passed. */
377 :
378 0 : trustlevel = get_validity (pk, uid, NULL, 0);
379 0 : if ((trustlevel & TRUST_FLAG_REVOKED))
380 0 : return _("revoked");
381 0 : return trust_value_to_string (trustlevel);
382 : }
383 :
384 :
385 : �
386 : /*
387 : * Mark the signature of the given UID which are used to certify it.
388 : * To do this, we first revmove all signatures which are not valid and
389 : * from the remain ones we look for the latest one. If this is not a
390 : * certification revocation signature we mark the signature by setting
391 : * node flag bit 8. Revocations are marked with flag 11, and sigs
392 : * from unavailable keys are marked with flag 12. Note that flag bits
393 : * 9 and 10 are used for internal purposes.
394 : */
395 : void
396 0 : mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
397 : u32 *main_kid, struct key_item *klist,
398 : u32 curtime, u32 *next_expire)
399 : {
400 : kbnode_t node;
401 : PKT_signature *sig;
402 :
403 : /* First check all signatures. */
404 0 : for (node=uidnode->next; node; node = node->next)
405 : {
406 : int rc;
407 :
408 0 : node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
409 0 : if (node->pkt->pkttype == PKT_USER_ID
410 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
411 : break; /* ready */
412 0 : if (node->pkt->pkttype != PKT_SIGNATURE)
413 0 : continue;
414 0 : sig = node->pkt->pkt.signature;
415 0 : if (main_kid
416 0 : && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
417 0 : continue; /* ignore self-signatures if we pass in a main_kid */
418 0 : if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
419 0 : continue; /* we only look at these signature classes */
420 0 : if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
421 0 : sig->sig_class-0x10<opt.min_cert_level)
422 0 : continue; /* treat anything under our min_cert_level as an
423 : invalid signature */
424 0 : if (klist && !is_in_klist (klist, sig))
425 0 : continue; /* no need to check it then */
426 0 : if ((rc=check_key_signature (keyblock, node, NULL)))
427 : {
428 : /* we ignore anything that won't verify, but tag the
429 : no_pubkey case */
430 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
431 0 : node->flag |= 1<<12;
432 0 : continue;
433 : }
434 0 : node->flag |= 1<<9;
435 : }
436 : /* Reset the remaining flags. */
437 0 : for (; node; node = node->next)
438 0 : node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
439 :
440 : /* kbnode flag usage: bit 9 is here set for signatures to consider,
441 : * bit 10 will be set by the loop to keep track of keyIDs already
442 : * processed, bit 8 will be set for the usable signatures, and bit
443 : * 11 will be set for usable revocations. */
444 :
445 : /* For each cert figure out the latest valid one. */
446 0 : for (node=uidnode->next; node; node = node->next)
447 : {
448 : KBNODE n, signode;
449 : u32 kid[2];
450 : u32 sigdate;
451 :
452 0 : if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
453 0 : break;
454 0 : if ( !(node->flag & (1<<9)) )
455 0 : continue; /* not a node to look at */
456 0 : if ( (node->flag & (1<<10)) )
457 0 : continue; /* signature with a keyID already processed */
458 0 : node->flag |= (1<<10); /* mark this node as processed */
459 0 : sig = node->pkt->pkt.signature;
460 0 : signode = node;
461 0 : sigdate = sig->timestamp;
462 0 : kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
463 :
464 : /* Now find the latest and greatest signature */
465 0 : for (n=uidnode->next; n; n = n->next)
466 : {
467 0 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
468 0 : break;
469 0 : if ( !(n->flag & (1<<9)) )
470 0 : continue;
471 0 : if ( (n->flag & (1<<10)) )
472 0 : continue; /* shortcut already processed signatures */
473 0 : sig = n->pkt->pkt.signature;
474 0 : if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
475 0 : continue;
476 0 : n->flag |= (1<<10); /* mark this node as processed */
477 :
478 : /* If signode is nonrevocable and unexpired and n isn't,
479 : then take signode (skip). It doesn't matter which is
480 : older: if signode was older then we don't want to take n
481 : as signode is nonrevocable. If n was older then we're
482 : automatically fine. */
483 :
484 0 : if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
485 0 : !signode->pkt->pkt.signature->flags.revocable &&
486 0 : (signode->pkt->pkt.signature->expiredate==0 ||
487 0 : signode->pkt->pkt.signature->expiredate>curtime))) &&
488 0 : (!(IS_UID_SIG(n->pkt->pkt.signature) &&
489 0 : !n->pkt->pkt.signature->flags.revocable &&
490 0 : (n->pkt->pkt.signature->expiredate==0 ||
491 0 : n->pkt->pkt.signature->expiredate>curtime))))
492 0 : continue;
493 :
494 : /* If n is nonrevocable and unexpired and signode isn't,
495 : then take n. Again, it doesn't matter which is older: if
496 : n was older then we don't want to take signode as n is
497 : nonrevocable. If signode was older then we're
498 : automatically fine. */
499 :
500 0 : if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
501 0 : !signode->pkt->pkt.signature->flags.revocable &&
502 0 : (signode->pkt->pkt.signature->expiredate==0 ||
503 0 : signode->pkt->pkt.signature->expiredate>curtime))) &&
504 0 : ((IS_UID_SIG(n->pkt->pkt.signature) &&
505 0 : !n->pkt->pkt.signature->flags.revocable &&
506 0 : (n->pkt->pkt.signature->expiredate==0 ||
507 0 : n->pkt->pkt.signature->expiredate>curtime))))
508 : {
509 0 : signode = n;
510 0 : sigdate = sig->timestamp;
511 0 : continue;
512 : }
513 :
514 : /* At this point, if it's newer, it goes in as the only
515 : remaining possibilities are signode and n are both either
516 : revocable or expired or both nonrevocable and unexpired.
517 : If the timestamps are equal take the later ordered
518 : packet, presuming that the key packets are hopefully in
519 : their original order. */
520 :
521 0 : if (sig->timestamp >= sigdate)
522 : {
523 0 : signode = n;
524 0 : sigdate = sig->timestamp;
525 : }
526 : }
527 :
528 0 : sig = signode->pkt->pkt.signature;
529 0 : if (IS_UID_SIG (sig))
530 : { /* this seems to be a usable one which is not revoked.
531 : * Just need to check whether there is an expiration time,
532 : * We do the expired certification after finding a suitable
533 : * certification, the assumption is that a signator does not
534 : * want that after the expiration of his certificate the
535 : * system falls back to an older certification which has a
536 : * different expiration time */
537 : const byte *p;
538 : u32 expire;
539 :
540 0 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
541 0 : expire = p? sig->timestamp + buf32_to_u32(p) : 0;
542 :
543 0 : if (expire==0 || expire > curtime )
544 : {
545 0 : signode->flag |= (1<<8); /* yeah, found a good cert */
546 0 : if (next_expire && expire && expire < *next_expire)
547 0 : *next_expire = expire;
548 : }
549 : }
550 : else
551 0 : signode->flag |= (1<<11);
552 : }
553 0 : }
554 :
555 :
556 : static int
557 0 : clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
558 : int noisy, int self_only)
559 : {
560 0 : int deleted = 0;
561 : kbnode_t node;
562 : u32 keyid[2];
563 :
564 0 : assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
565 :
566 0 : keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
567 :
568 : /* Passing in a 0 for current time here means that we'll never weed
569 : out an expired sig. This is correct behavior since we want to
570 : keep the most recent expired sig in a series. */
571 0 : mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
572 :
573 : /* What we want to do here is remove signatures that are not
574 : considered as part of the trust calculations. Thus, all invalid
575 : signatures are out, as are any signatures that aren't the last of
576 : a series of uid sigs or revocations It breaks down like this:
577 : coming out of mark_usable_uid_certs, if a sig is unflagged, it is
578 : not even a candidate. If a sig has flag 9 or 10, that means it
579 : was selected as a candidate and vetted. If a sig has flag 8 it
580 : is a usable signature. If a sig has flag 11 it is a usable
581 : revocation. If a sig has flag 12 it was issued by an unavailable
582 : key. "Usable" here means the most recent valid
583 : signature/revocation in a series from a particular signer.
584 :
585 : Delete everything that isn't a usable uid sig (which might be
586 : expired), a usable revocation, or a sig from an unavailable
587 : key. */
588 :
589 0 : for (node=uidnode->next;
590 0 : node && node->pkt->pkttype==PKT_SIGNATURE;
591 0 : node=node->next)
592 : {
593 : int keep;
594 :
595 0 : keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
596 0 : && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
597 :
598 : /* Keep usable uid sigs ... */
599 0 : if ((node->flag & (1<<8)) && keep)
600 0 : continue;
601 :
602 : /* ... and usable revocations... */
603 0 : if ((node->flag & (1<<11)) && keep)
604 0 : continue;
605 :
606 : /* ... and sigs from unavailable keys. */
607 : /* disabled for now since more people seem to want sigs from
608 : unavailable keys removed altogether. */
609 : /*
610 : if(node->flag & (1<<12))
611 : continue;
612 : */
613 :
614 : /* Everything else we delete */
615 :
616 : /* At this point, if 12 is set, the signing key was unavailable.
617 : If 9 or 10 is set, it's superseded. Otherwise, it's
618 : invalid. */
619 :
620 0 : if (noisy)
621 0 : log_info ("removing signature from key %s on user ID \"%s\": %s\n",
622 0 : keystr (node->pkt->pkt.signature->keyid),
623 0 : uidnode->pkt->pkt.user_id->name,
624 0 : node->flag&(1<<12)? "key unavailable":
625 0 : node->flag&(1<<9)? "signature superseded"
626 0 : /* */ :"invalid signature" );
627 :
628 0 : delete_kbnode (node);
629 0 : deleted++;
630 : }
631 :
632 0 : return deleted;
633 : }
634 :
635 :
636 : /* This is substantially easier than clean_sigs_from_uid since we just
637 : have to establish if the uid has a valid self-sig, is not revoked,
638 : and is not expired. Note that this does not take into account
639 : whether the uid has a trust path to it - just whether the keyholder
640 : themselves has certified the uid. Returns true if the uid was
641 : compacted. To "compact" a user ID, we simply remove ALL signatures
642 : except the self-sig that caused the user ID to be remove-worthy.
643 : We don't actually remove the user ID packet itself since it might
644 : be ressurected in a later merge. Note that this function requires
645 : that the caller has already done a merge_keys_and_selfsig().
646 :
647 : TODO: change the import code to allow importing a uid with only a
648 : revocation if the uid already exists on the keyring. */
649 :
650 : static int
651 0 : clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
652 : {
653 : kbnode_t node;
654 0 : PKT_user_id *uid = uidnode->pkt->pkt.user_id;
655 0 : int deleted = 0;
656 :
657 0 : assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
658 0 : assert (uidnode->pkt->pkttype==PKT_USER_ID);
659 :
660 : /* Skip valid user IDs, compacted user IDs, and non-self-signed user
661 : IDs if --allow-non-selfsigned-uid is set. */
662 0 : if (uid->created
663 0 : || uid->flags.compacted
664 0 : || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
665 0 : return 0;
666 :
667 0 : for (node=uidnode->next;
668 0 : node && node->pkt->pkttype == PKT_SIGNATURE;
669 0 : node=node->next)
670 : {
671 0 : if (!node->pkt->pkt.signature->flags.chosen_selfsig)
672 : {
673 0 : delete_kbnode (node);
674 0 : deleted = 1;
675 0 : uidnode->pkt->pkt.user_id->flags.compacted = 1;
676 : }
677 : }
678 :
679 0 : if (noisy)
680 : {
681 : const char *reason;
682 0 : char *user = utf8_to_native (uid->name, uid->len, 0);
683 :
684 0 : if (uid->is_revoked)
685 0 : reason = _("revoked");
686 0 : else if (uid->is_expired)
687 0 : reason = _("expired");
688 : else
689 0 : reason = _("invalid");
690 :
691 0 : log_info ("compacting user ID \"%s\" on key %s: %s\n",
692 0 : user, keystr_from_pk (keyblock->pkt->pkt.public_key),
693 : reason);
694 :
695 0 : xfree (user);
696 : }
697 :
698 0 : return deleted;
699 : }
700 :
701 :
702 : /* Needs to be called after a merge_keys_and_selfsig() */
703 : void
704 0 : clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
705 : int *uids_cleaned, int *sigs_cleaned)
706 : {
707 : int dummy;
708 :
709 0 : assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
710 0 : assert (uidnode->pkt->pkttype==PKT_USER_ID);
711 :
712 0 : if (!uids_cleaned)
713 0 : uids_cleaned = &dummy;
714 :
715 0 : if (!sigs_cleaned)
716 0 : sigs_cleaned = &dummy;
717 :
718 : /* Do clean_uid_from_key first since if it fires off, we don't have
719 : to bother with the other. */
720 0 : *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
721 0 : if (!uidnode->pkt->pkt.user_id->flags.compacted)
722 0 : *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
723 0 : }
724 :
725 :
726 : void
727 0 : clean_key (kbnode_t keyblock, int noisy, int self_only,
728 : int *uids_cleaned, int *sigs_cleaned)
729 : {
730 : kbnode_t uidnode;
731 :
732 0 : merge_keys_and_selfsig (keyblock);
733 :
734 0 : for (uidnode = keyblock->next;
735 0 : uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
736 0 : uidnode = uidnode->next)
737 : {
738 0 : if (uidnode->pkt->pkttype == PKT_USER_ID)
739 0 : clean_one_uid (keyblock, uidnode,noisy, self_only,
740 : uids_cleaned, sigs_cleaned);
741 : }
742 0 : }
|
