LCOV - code coverage report
Current view: top level - g10 - trust.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 71 273 26.0 %
Date: 2016-09-12 13:01:59 Functions: 15 24 62.5 %

          Line data    Source code
       1             : /* trust.c - High level trust functions
       2             :  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
       3             :  *               2008, 2012 Free Software Foundation, Inc.
       4             :  * Copyright (C) 2014 Werner Koch
       5             :  *
       6             :  * This file is part of GnuPG.
       7             :  *
       8             :  * GnuPG is free software; you can redistribute it and/or modify
       9             :  * it under the terms of the GNU General Public License as published by
      10             :  * the Free Software Foundation; either version 3 of the License, or
      11             :  * (at your option) any later version.
      12             :  *
      13             :  * GnuPG is distributed in the hope that it will be useful,
      14             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :  * GNU General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU General Public License
      19             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      20             :  */
      21             : 
      22             : #include <config.h>
      23             : #include <stdio.h>
      24             : #include <stdlib.h>
      25             : #include <string.h>
      26             : 
      27             : #include "gpg.h"
      28             : #include "keydb.h"
      29             : #include "util.h"
      30             : #include "options.h"
      31             : #include "packet.h"
      32             : #include "main.h"
      33             : #include "i18n.h"
      34             : #include "trustdb.h"
      35             : #include "host2net.h"
      36             : 
      37             : 
      38             : /* Return true if key is disabled.  Note that this is usually used via
      39             :    the pk_is_disabled macro.  */
      40             : int
      41         264 : cache_disabled_value (PKT_public_key *pk)
      42             : {
      43             : #ifdef NO_TRUST_MODELS
      44             :   (void)pk;
      45             :   return 0;
      46             : #else
      47         264 :   return tdb_cache_disabled_value (pk);
      48             : #endif
      49             : }
      50             : 
      51             : 
      52             : void
      53           2 : register_trusted_keyid (u32 *keyid)
      54             : {
      55             : #ifdef NO_TRUST_MODELS
      56             :   (void)keyid;
      57             : #else
      58           2 :   tdb_register_trusted_keyid (keyid);
      59             : #endif
      60           2 : }
      61             : 
      62             : 
      63             : void
      64           0 : register_trusted_key (const char *string)
      65             : {
      66             : #ifdef NO_TRUST_MODELS
      67             :   (void)string;
      68             : #else
      69           0 :   tdb_register_trusted_key (string);
      70             : #endif
      71           0 : }
      72             : 
      73             : 
      74             : 
      75             : /*
      76             :  * This function returns a letter for a trust value.  Trust flags
      77             :  * are ignored.
      78             :  */
      79             : static int
      80         131 : trust_letter (unsigned int value)
      81             : {
      82         131 :   switch( (value & TRUST_MASK) )
      83             :     {
      84          70 :     case TRUST_UNKNOWN:   return '-';
      85           1 :     case TRUST_EXPIRED:   return 'e';
      86           6 :     case TRUST_UNDEFINED: return 'q';
      87          26 :     case TRUST_NEVER:     return 'n';
      88           6 :     case TRUST_MARGINAL:  return 'm';
      89          22 :     case TRUST_FULLY:     return 'f';
      90           0 :     case TRUST_ULTIMATE:  return 'u';
      91           0 :     default:              return '?';
      92             :     }
      93             : }
      94             : 
      95             : 
      96             : /* The strings here are similar to those in
      97             :    pkclist.c:do_edit_ownertrust() */
      98             : const char *
      99         357 : trust_value_to_string (unsigned int value)
     100             : {
     101         357 :   switch ((value & TRUST_MASK))
     102             :     {
     103         354 :     case TRUST_UNKNOWN:   return _("unknown");
     104           0 :     case TRUST_EXPIRED:   return _("expired");
     105           2 :     case TRUST_UNDEFINED: return _("undefined");
     106           0 :     case TRUST_NEVER:     return _("never");
     107           1 :     case TRUST_MARGINAL:  return _("marginal");
     108           0 :     case TRUST_FULLY:     return _("full");
     109           0 :     case TRUST_ULTIMATE:  return _("ultimate");
     110           0 :     default:              return "err";
     111             :     }
     112             : }
     113             : 
     114             : 
     115             : int
     116           0 : string_to_trust_value (const char *str)
     117             : {
     118           0 :   if (!ascii_strcasecmp (str, "undefined"))
     119           0 :     return TRUST_UNDEFINED;
     120           0 :   else if (!ascii_strcasecmp (str, "never"))
     121           0 :     return TRUST_NEVER;
     122           0 :   else if (!ascii_strcasecmp (str, "marginal"))
     123           0 :     return TRUST_MARGINAL;
     124           0 :   else if (!ascii_strcasecmp (str, "full"))
     125           0 :     return TRUST_FULLY;
     126           0 :   else if (!ascii_strcasecmp(str, "ultimate"))
     127           0 :     return TRUST_ULTIMATE;
     128             :   else
     129           0 :     return -1;
     130             : }
     131             : 
     132             : 
     133             : const char *
     134          52 : uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
     135             : {
     136          52 :   if (!key && !uid)
     137             :     {
     138             :       /* TRANSLATORS: these strings are similar to those in
     139             :          trust_value_to_string(), but are a fixed length.  This is needed to
     140             :          make attractive information listings where columns line up
     141             :          properly.  The value "10" should be the length of the strings you
     142             :          choose to translate to.  This is the length in printable columns.
     143             :          It gets passed to atoi() so everything after the number is
     144             :          essentially a comment and need not be translated.  Either key and
     145             :          uid are both NULL, or neither are NULL. */
     146          26 :       return _("10 translator see trust.c:uid_trust_string_fixed");
     147             :     }
     148          26 :   else if(uid->is_revoked || (key && key->flags.revoked))
     149           0 :     return                         _("[ revoked]");
     150          26 :   else if(uid->is_expired)
     151           0 :     return                         _("[ expired]");
     152          26 :   else if(key)
     153             :     {
     154          26 :       switch (get_validity (ctrl, key, uid, NULL, 0) & TRUST_MASK)
     155             :         {
     156          26 :         case TRUST_UNKNOWN:   return _("[ unknown]");
     157           0 :         case TRUST_EXPIRED:   return _("[ expired]");
     158           0 :         case TRUST_UNDEFINED: return _("[  undef ]");
     159           0 :         case TRUST_NEVER:     return _("[  never ]");
     160           0 :         case TRUST_MARGINAL:  return _("[marginal]");
     161           0 :         case TRUST_FULLY:     return _("[  full  ]");
     162           0 :         case TRUST_ULTIMATE:  return _("[ultimate]");
     163             :         }
     164             :     }
     165             : 
     166           0 :   return "err";
     167             : }
     168             : 
     169             : 
     170             : 
     171             : /*
     172             :  * Return the assigned ownertrust value for the given public key.
     173             :  * The key should be the primary key.
     174             :  */
     175             : unsigned int
     176           2 : get_ownertrust (PKT_public_key *pk)
     177             : {
     178             : #ifdef NO_TRUST_MODELS
     179             :   (void)pk;
     180             :   return TRUST_UNKNOWN;
     181             : #else
     182           2 :   return tdb_get_ownertrust (pk);
     183             : #endif
     184             : }
     185             : 
     186             : 
     187             : /*
     188             :  * Same as get_ownertrust but this takes the minimum ownertrust value
     189             :  * into into account, and will bump up the value as needed.
     190             :  */
     191             : static int
     192          44 : get_ownertrust_with_min (PKT_public_key *pk)
     193             : {
     194             : #ifdef NO_TRUST_MODELS
     195             :   (void)pk;
     196             :   return TRUST_UNKNOWN;
     197             : #else
     198             :   unsigned int otrust, otrust_min;
     199             : 
     200          44 :   otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
     201          44 :   otrust_min = tdb_get_min_ownertrust (pk);
     202          44 :   if (otrust < otrust_min)
     203             :     {
     204             :       /* If the trust that the user has set is less than the trust
     205             :          that was calculated from a trust signature chain, use the
     206             :          higher of the two.  We do this here and not in
     207             :          get_ownertrust since the underlying ownertrust should not
     208             :          really be set - just the appearance of the ownertrust. */
     209             : 
     210           0 :       otrust = otrust_min;
     211             :     }
     212             : 
     213          44 :   return otrust;
     214             : #endif
     215             : }
     216             : 
     217             : 
     218             : /*
     219             :  * Same as get_ownertrust but return a trust letter instead of an
     220             :  * value.  This takes the minimum ownertrust value into account.
     221             :  */
     222             : int
     223          44 : get_ownertrust_info (PKT_public_key *pk)
     224             : {
     225          44 :   return trust_letter (get_ownertrust_with_min (pk));
     226             : }
     227             : 
     228             : 
     229             : /*
     230             :  * Same as get_ownertrust but return a trust string instead of an
     231             :  * value.  This takes the minimum ownertrust value into account.
     232             :  */
     233             : const char *
     234           0 : get_ownertrust_string (PKT_public_key *pk)
     235             : {
     236           0 :   return trust_value_to_string (get_ownertrust_with_min (pk));
     237             : }
     238             : 
     239             : 
     240             : /*
     241             :  * Set the trust value of the given public key to the new value.
     242             :  * The key should be a primary one.
     243             :  */
     244             : void
     245           2 : update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
     246             : {
     247             : #ifdef NO_TRUST_MODELS
     248             :   (void)pk;
     249             :   (void)new_trust;
     250             : #else
     251           2 :   tdb_update_ownertrust (pk, new_trust);
     252             : #endif
     253           2 : }
     254             : 
     255             : 
     256             : int
     257          66 : clear_ownertrusts (PKT_public_key *pk)
     258             : {
     259             : #ifdef NO_TRUST_MODELS
     260             :   (void)pk;
     261             :   return 0;
     262             : #else
     263          66 :   return tdb_clear_ownertrusts (pk);
     264             : #endif
     265             : }
     266             : 
     267             : 
     268             : void
     269           3 : revalidation_mark (void)
     270             : {
     271             : #ifndef NO_TRUST_MODELS
     272           3 :   tdb_revalidation_mark ();
     273             : #endif
     274           3 : }
     275             : 
     276             : 
     277             : void
     278         276 : check_trustdb_stale (ctrl_t ctrl)
     279             : {
     280             : #ifndef NO_TRUST_MODELS
     281         276 :   tdb_check_trustdb_stale (ctrl);
     282             : #else
     283             :   (void)ctrl;
     284             : #endif
     285         276 : }
     286             : 
     287             : 
     288             : void
     289          24 : check_or_update_trustdb (ctrl_t ctrl)
     290             : {
     291             : #ifndef NO_TRUST_MODELS
     292          24 :   tdb_check_or_update (ctrl);
     293             : #else
     294             :   (void)ctrl;
     295             : #endif
     296          24 : }
     297             : 
     298             : 
     299             : /*
     300             :  * Return the validity information for PK.  If the namehash is not
     301             :  * NULL, the validity of the corresponding user ID is returned,
     302             :  * otherwise, a reasonable value for the entire key is returned.
     303             :  */
     304             : unsigned int
     305         723 : get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
     306             :               PKT_signature *sig, int may_ask)
     307             : {
     308             :   int rc;
     309             :   unsigned int validity;
     310             :   u32 kid[2];
     311             :   PKT_public_key *main_pk;
     312             : 
     313         723 :   if (uid)
     314         552 :     namehash_from_uid (uid);
     315             : 
     316         723 :   keyid_from_pk (pk, kid);
     317         723 :   if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
     318             :     {
     319             :       /* This is a subkey - get the mainkey. */
     320         244 :       main_pk = xmalloc_clear (sizeof *main_pk);
     321         244 :       rc = get_pubkey (main_pk, pk->main_keyid);
     322         488 :       if (rc)
     323             :         {
     324           0 :           char *tempkeystr = xstrdup (keystr (pk->main_keyid));
     325           0 :           log_error ("error getting main key %s of subkey %s: %s\n",
     326             :                      tempkeystr, keystr (kid), gpg_strerror (rc));
     327           0 :           xfree (tempkeystr);
     328           0 :           validity = TRUST_UNKNOWN;
     329           0 :           goto leave;
     330             :         }
     331             :     }
     332             :   else
     333         479 :     main_pk = pk;
     334             : 
     335             : #ifdef NO_TRUST_MODELS
     336             :   validity = TRUST_UNKNOWN;
     337             : #else
     338         723 :   validity = tdb_get_validity_core (ctrl, pk, uid, main_pk, sig, may_ask);
     339             : #endif
     340             : 
     341             :  leave:
     342             :   /* Set some flags direct from the key */
     343         723 :   if (main_pk->flags.revoked)
     344           0 :     validity |= TRUST_FLAG_REVOKED;
     345         723 :   if (main_pk != pk && pk->flags.revoked)
     346           0 :     validity |= TRUST_FLAG_SUB_REVOKED;
     347             :   /* Note: expiration is a trust value and not a flag - don't know why
     348             :    * I initially designed it that way.  */
     349         723 :   if (main_pk->has_expired || pk->has_expired)
     350           1 :     validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
     351             :                 | TRUST_EXPIRED);
     352             : 
     353         723 :   if (main_pk != pk)
     354         244 :     free_public_key (main_pk);
     355         723 :   return validity;
     356             : }
     357             : 
     358             : 
     359             : int
     360          87 : get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
     361             : {
     362             :   int trustlevel;
     363             : 
     364          87 :   if (!pk)
     365           0 :     return '?';  /* Just in case a NULL PK is passed.  */
     366             : 
     367          87 :   trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
     368          87 :   if ((trustlevel & TRUST_FLAG_REVOKED))
     369           0 :     return 'r';
     370          87 :   return trust_letter (trustlevel);
     371             : }
     372             : 
     373             : 
     374             : const char *
     375           0 : get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
     376             : {
     377             :   int trustlevel;
     378             : 
     379           0 :   if (!pk)
     380           0 :     return "err";  /* Just in case a NULL PK is passed.  */
     381             : 
     382           0 :   trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
     383           0 :   if ((trustlevel & TRUST_FLAG_REVOKED))
     384           0 :     return _("revoked");
     385           0 :   return trust_value_to_string (trustlevel);
     386             : }
     387             : 
     388             : 
     389             : 
     390             : /*
     391             :  * Mark the signature of the given UID which are used to certify it.
     392             :  * To do this, we first revmove all signatures which are not valid and
     393             :  * from the remain ones we look for the latest one.  If this is not a
     394             :  * certification revocation signature we mark the signature by setting
     395             :  * node flag bit 8.  Revocations are marked with flag 11, and sigs
     396             :  * from unavailable keys are marked with flag 12.  Note that flag bits
     397             :  * 9 and 10 are used for internal purposes.
     398             :  */
     399             : void
     400           0 : mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
     401             :                        u32 *main_kid, struct key_item *klist,
     402             :                        u32 curtime, u32 *next_expire)
     403             : {
     404             :   kbnode_t node;
     405             :   PKT_signature *sig;
     406             : 
     407             :   /* First check all signatures.  */
     408           0 :   for (node=uidnode->next; node; node = node->next)
     409             :     {
     410             :       int rc;
     411             : 
     412           0 :       node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
     413           0 :       if (node->pkt->pkttype == PKT_USER_ID
     414           0 :           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     415             :         break; /* ready */
     416           0 :       if (node->pkt->pkttype != PKT_SIGNATURE)
     417           0 :         continue;
     418           0 :       sig = node->pkt->pkt.signature;
     419           0 :       if (main_kid
     420           0 :           && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
     421           0 :         continue; /* ignore self-signatures if we pass in a main_kid */
     422           0 :       if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
     423           0 :         continue; /* we only look at these signature classes */
     424           0 :       if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
     425           0 :          sig->sig_class-0x10<opt.min_cert_level)
     426           0 :         continue; /* treat anything under our min_cert_level as an
     427             :                      invalid signature */
     428           0 :       if (klist && !is_in_klist (klist, sig))
     429           0 :         continue;  /* no need to check it then */
     430           0 :       if ((rc=check_key_signature (keyblock, node, NULL)))
     431             :         {
     432             :           /* we ignore anything that won't verify, but tag the
     433             :              no_pubkey case */
     434           0 :           if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
     435           0 :             node->flag |= 1<<12;
     436           0 :           continue;
     437             :         }
     438           0 :       node->flag |= 1<<9;
     439             :     }
     440             :   /* Reset the remaining flags. */
     441           0 :   for (; node; node = node->next)
     442           0 :     node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
     443             : 
     444             :   /* kbnode flag usage: bit 9 is here set for signatures to consider,
     445             :    * bit 10 will be set by the loop to keep track of keyIDs already
     446             :    * processed, bit 8 will be set for the usable signatures, and bit
     447             :    * 11 will be set for usable revocations. */
     448             : 
     449             :   /* For each cert figure out the latest valid one.  */
     450           0 :   for (node=uidnode->next; node; node = node->next)
     451             :     {
     452             :       KBNODE n, signode;
     453             :       u32 kid[2];
     454             :       u32 sigdate;
     455             : 
     456           0 :       if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     457           0 :         break;
     458           0 :       if ( !(node->flag & (1<<9)) )
     459           0 :         continue; /* not a node to look at */
     460           0 :       if ( (node->flag & (1<<10)) )
     461           0 :         continue; /* signature with a keyID already processed */
     462           0 :       node->flag |= (1<<10); /* mark this node as processed */
     463           0 :       sig = node->pkt->pkt.signature;
     464           0 :       signode = node;
     465           0 :       sigdate = sig->timestamp;
     466           0 :       kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
     467             : 
     468             :       /* Now find the latest and greatest signature */
     469           0 :       for (n=uidnode->next; n; n = n->next)
     470             :         {
     471           0 :           if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     472           0 :             break;
     473           0 :           if ( !(n->flag & (1<<9)) )
     474           0 :             continue;
     475           0 :           if ( (n->flag & (1<<10)) )
     476           0 :             continue; /* shortcut already processed signatures */
     477           0 :           sig = n->pkt->pkt.signature;
     478           0 :           if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
     479           0 :             continue;
     480           0 :           n->flag |= (1<<10); /* mark this node as processed */
     481             : 
     482             :           /* If signode is nonrevocable and unexpired and n isn't,
     483             :              then take signode (skip).  It doesn't matter which is
     484             :              older: if signode was older then we don't want to take n
     485             :              as signode is nonrevocable.  If n was older then we're
     486             :              automatically fine. */
     487             : 
     488           0 :           if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
     489           0 :                !signode->pkt->pkt.signature->flags.revocable &&
     490           0 :                (signode->pkt->pkt.signature->expiredate==0 ||
     491           0 :                 signode->pkt->pkt.signature->expiredate>curtime))) &&
     492           0 :              (!(IS_UID_SIG(n->pkt->pkt.signature) &&
     493           0 :                 !n->pkt->pkt.signature->flags.revocable &&
     494           0 :                 (n->pkt->pkt.signature->expiredate==0 ||
     495           0 :                  n->pkt->pkt.signature->expiredate>curtime))))
     496           0 :             continue;
     497             : 
     498             :           /* If n is nonrevocable and unexpired and signode isn't,
     499             :              then take n.  Again, it doesn't matter which is older: if
     500             :              n was older then we don't want to take signode as n is
     501             :              nonrevocable.  If signode was older then we're
     502             :              automatically fine. */
     503             : 
     504           0 :           if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
     505           0 :                 !signode->pkt->pkt.signature->flags.revocable &&
     506           0 :                 (signode->pkt->pkt.signature->expiredate==0 ||
     507           0 :                  signode->pkt->pkt.signature->expiredate>curtime))) &&
     508           0 :              ((IS_UID_SIG(n->pkt->pkt.signature) &&
     509           0 :                !n->pkt->pkt.signature->flags.revocable &&
     510           0 :                (n->pkt->pkt.signature->expiredate==0 ||
     511           0 :                 n->pkt->pkt.signature->expiredate>curtime))))
     512             :             {
     513           0 :               signode = n;
     514           0 :               sigdate = sig->timestamp;
     515           0 :               continue;
     516             :             }
     517             : 
     518             :           /* At this point, if it's newer, it goes in as the only
     519             :              remaining possibilities are signode and n are both either
     520             :              revocable or expired or both nonrevocable and unexpired.
     521             :              If the timestamps are equal take the later ordered
     522             :              packet, presuming that the key packets are hopefully in
     523             :              their original order. */
     524             : 
     525           0 :           if (sig->timestamp >= sigdate)
     526             :             {
     527           0 :               signode = n;
     528           0 :               sigdate = sig->timestamp;
     529             :             }
     530             :         }
     531             : 
     532           0 :       sig = signode->pkt->pkt.signature;
     533           0 :       if (IS_UID_SIG (sig))
     534             :         { /* this seems to be a usable one which is not revoked.
     535             :            * Just need to check whether there is an expiration time,
     536             :            * We do the expired certification after finding a suitable
     537             :            * certification, the assumption is that a signator does not
     538             :            * want that after the expiration of his certificate the
     539             :            * system falls back to an older certification which has a
     540             :            * different expiration time */
     541             :           const byte *p;
     542             :           u32 expire;
     543             : 
     544           0 :           p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
     545           0 :           expire = p? sig->timestamp + buf32_to_u32(p) : 0;
     546             : 
     547           0 :           if (expire==0 || expire > curtime )
     548             :             {
     549           0 :               signode->flag |= (1<<8); /* yeah, found a good cert */
     550           0 :               if (next_expire && expire && expire < *next_expire)
     551           0 :                 *next_expire = expire;
     552             :             }
     553             :         }
     554             :       else
     555           0 :         signode->flag |= (1<<11);
     556             :     }
     557           0 : }
     558             : 
     559             : 
     560             : static int
     561           0 : clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
     562             :                      int noisy, int self_only)
     563             : {
     564           0 :   int deleted = 0;
     565             :   kbnode_t node;
     566             :   u32 keyid[2];
     567             : 
     568           0 :   log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
     569             : 
     570           0 :   keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
     571             : 
     572             :   /* Passing in a 0 for current time here means that we'll never weed
     573             :      out an expired sig.  This is correct behavior since we want to
     574             :      keep the most recent expired sig in a series. */
     575           0 :   mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
     576             : 
     577             :   /* What we want to do here is remove signatures that are not
     578             :      considered as part of the trust calculations.  Thus, all invalid
     579             :      signatures are out, as are any signatures that aren't the last of
     580             :      a series of uid sigs or revocations It breaks down like this:
     581             :      coming out of mark_usable_uid_certs, if a sig is unflagged, it is
     582             :      not even a candidate.  If a sig has flag 9 or 10, that means it
     583             :      was selected as a candidate and vetted.  If a sig has flag 8 it
     584             :      is a usable signature.  If a sig has flag 11 it is a usable
     585             :      revocation.  If a sig has flag 12 it was issued by an unavailable
     586             :      key.  "Usable" here means the most recent valid
     587             :      signature/revocation in a series from a particular signer.
     588             : 
     589             :      Delete everything that isn't a usable uid sig (which might be
     590             :      expired), a usable revocation, or a sig from an unavailable
     591             :      key. */
     592             : 
     593           0 :   for (node=uidnode->next;
     594           0 :        node && node->pkt->pkttype==PKT_SIGNATURE;
     595           0 :        node=node->next)
     596             :     {
     597             :       int keep;
     598             : 
     599           0 :       keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
     600           0 :                          && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
     601             : 
     602             :       /* Keep usable uid sigs ... */
     603           0 :       if ((node->flag & (1<<8)) && keep)
     604           0 :         continue;
     605             : 
     606             :       /* ... and usable revocations... */
     607           0 :       if ((node->flag & (1<<11)) && keep)
     608           0 :         continue;
     609             : 
     610             :       /* ... and sigs from unavailable keys. */
     611             :       /* disabled for now since more people seem to want sigs from
     612             :          unavailable keys removed altogether.  */
     613             :       /*
     614             :         if(node->flag & (1<<12))
     615             :         continue;
     616             :       */
     617             : 
     618             :       /* Everything else we delete */
     619             : 
     620             :       /* At this point, if 12 is set, the signing key was unavailable.
     621             :          If 9 or 10 is set, it's superseded.  Otherwise, it's
     622             :          invalid. */
     623             : 
     624           0 :       if (noisy)
     625           0 :         log_info ("removing signature from key %s on user ID \"%s\": %s\n",
     626           0 :                   keystr (node->pkt->pkt.signature->keyid),
     627           0 :                   uidnode->pkt->pkt.user_id->name,
     628           0 :                   node->flag&(1<<12)? "key unavailable":
     629           0 :                   node->flag&(1<<9)?  "signature superseded"
     630           0 :                   /* */               :"invalid signature"  );
     631             : 
     632           0 :       delete_kbnode (node);
     633           0 :       deleted++;
     634             :     }
     635             : 
     636           0 :   return deleted;
     637             : }
     638             : 
     639             : 
     640             : /* This is substantially easier than clean_sigs_from_uid since we just
     641             :    have to establish if the uid has a valid self-sig, is not revoked,
     642             :    and is not expired.  Note that this does not take into account
     643             :    whether the uid has a trust path to it - just whether the keyholder
     644             :    themselves has certified the uid.  Returns true if the uid was
     645             :    compacted.  To "compact" a user ID, we simply remove ALL signatures
     646             :    except the self-sig that caused the user ID to be remove-worthy.
     647             :    We don't actually remove the user ID packet itself since it might
     648             :    be resurrected in a later merge.  Note that this function requires
     649             :    that the caller has already done a merge_keys_and_selfsig().
     650             : 
     651             :    TODO: change the import code to allow importing a uid with only a
     652             :    revocation if the uid already exists on the keyring. */
     653             : 
     654             : static int
     655           0 : clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
     656             : {
     657             :   kbnode_t node;
     658           0 :   PKT_user_id *uid = uidnode->pkt->pkt.user_id;
     659           0 :   int deleted = 0;
     660             : 
     661           0 :   log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
     662           0 :   log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
     663             : 
     664             :   /* Skip valid user IDs, compacted user IDs, and non-self-signed user
     665             :      IDs if --allow-non-selfsigned-uid is set. */
     666           0 :   if (uid->created
     667           0 :       || uid->flags.compacted
     668           0 :       || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
     669           0 :     return 0;
     670             : 
     671           0 :   for (node=uidnode->next;
     672           0 :        node && node->pkt->pkttype == PKT_SIGNATURE;
     673           0 :       node=node->next)
     674             :     {
     675           0 :       if (!node->pkt->pkt.signature->flags.chosen_selfsig)
     676             :         {
     677           0 :           delete_kbnode (node);
     678           0 :           deleted = 1;
     679           0 :           uidnode->pkt->pkt.user_id->flags.compacted = 1;
     680             :         }
     681             :     }
     682             : 
     683           0 :   if (noisy)
     684             :     {
     685             :       const char *reason;
     686           0 :       char *user = utf8_to_native (uid->name, uid->len, 0);
     687             : 
     688           0 :       if (uid->is_revoked)
     689           0 :         reason = _("revoked");
     690           0 :       else if (uid->is_expired)
     691           0 :         reason = _("expired");
     692             :       else
     693           0 :         reason = _("invalid");
     694             : 
     695           0 :       log_info ("compacting user ID \"%s\" on key %s: %s\n",
     696           0 :                 user, keystr_from_pk (keyblock->pkt->pkt.public_key),
     697             :                 reason);
     698             : 
     699           0 :       xfree (user);
     700             :     }
     701             : 
     702           0 :   return deleted;
     703             : }
     704             : 
     705             : 
     706             : /* Needs to be called after a merge_keys_and_selfsig() */
     707             : void
     708           0 : clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
     709             :                int *uids_cleaned, int *sigs_cleaned)
     710             : {
     711           0 :   int dummy = 0;
     712             : 
     713           0 :   log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
     714           0 :   log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
     715             : 
     716           0 :   if (!uids_cleaned)
     717           0 :     uids_cleaned = &dummy;
     718             : 
     719           0 :   if (!sigs_cleaned)
     720           0 :     sigs_cleaned = &dummy;
     721             : 
     722             :   /* Do clean_uid_from_key first since if it fires off, we don't have
     723             :      to bother with the other.  */
     724           0 :   *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
     725           0 :   if (!uidnode->pkt->pkt.user_id->flags.compacted)
     726           0 :     *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
     727           0 : }
     728             : 
     729             : 
     730             : void
     731           0 : clean_key (kbnode_t keyblock, int noisy, int self_only,
     732             :            int *uids_cleaned, int *sigs_cleaned)
     733             : {
     734             :   kbnode_t uidnode;
     735             : 
     736           0 :   merge_keys_and_selfsig (keyblock);
     737             : 
     738           0 :   for (uidnode = keyblock->next;
     739           0 :        uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
     740           0 :        uidnode = uidnode->next)
     741             :     {
     742           0 :       if (uidnode->pkt->pkttype == PKT_USER_ID)
     743           0 :         clean_one_uid (keyblock, uidnode,noisy, self_only,
     744             :                        uids_cleaned, sigs_cleaned);
     745             :     }
     746           0 : }

Generated by: LCOV version 1.11