Line data Source code
1 : /* pkclist.c - create a list of public keys
2 : * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 : * 2008, 2009, 2010 Free Software Foundation, Inc.
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <errno.h>
26 :
27 : #include "gpg.h"
28 : #include "options.h"
29 : #include "packet.h"
30 : #include "status.h"
31 : #include "keydb.h"
32 : #include "util.h"
33 : #include "main.h"
34 : #include "trustdb.h"
35 : #include "ttyio.h"
36 : #include "status.h"
37 : #include "photoid.h"
38 : #include "i18n.h"
39 : #include "tofu.h"
40 :
41 : #define CONTROL_D ('D' - 'A' + 1)
42 :
43 : static void
44 0 : send_status_inv_recp (int reason, const char *name)
45 : {
46 : char buf[40];
47 :
48 0 : snprintf (buf, sizeof buf, "%d ", reason);
49 0 : write_status_text_and_buffer (STATUS_INV_RECP, buf,
50 : name, strlen (name),
51 : -1);
52 0 : }
53 :
54 :
55 : /****************
56 : * Show the revocation reason as it is stored with the given signature
57 : */
58 : static void
59 0 : do_show_revocation_reason( PKT_signature *sig )
60 : {
61 : size_t n, nn;
62 : const byte *p, *pp;
63 0 : int seq = 0;
64 : const char *text;
65 :
66 0 : while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
67 : &n, &seq, NULL )) ) {
68 0 : if( !n )
69 0 : continue; /* invalid - just skip it */
70 :
71 0 : if( *p == 0 )
72 0 : text = _("No reason specified");
73 0 : else if( *p == 0x01 )
74 0 : text = _("Key is superseded");
75 0 : else if( *p == 0x02 )
76 0 : text = _("Key has been compromised");
77 0 : else if( *p == 0x03 )
78 0 : text = _("Key is no longer used");
79 0 : else if( *p == 0x20 )
80 0 : text = _("User ID is no longer valid");
81 : else
82 0 : text = NULL;
83 :
84 0 : log_info ( _("reason for revocation: "));
85 0 : if (text)
86 0 : log_printf ("%s\n", text);
87 : else
88 0 : log_printf ("code=%02x\n", *p );
89 0 : n--; p++;
90 0 : pp = NULL;
91 : do {
92 : /* We don't want any empty lines, so skip them */
93 0 : while( n && *p == '\n' ) {
94 0 : p++;
95 0 : n--;
96 : }
97 0 : if( n ) {
98 0 : pp = memchr( p, '\n', n );
99 0 : nn = pp? pp - p : n;
100 0 : log_info ( _("revocation comment: ") );
101 0 : es_write_sanitized (log_get_stream(), p, nn, NULL, NULL);
102 0 : log_printf ("\n");
103 0 : p += nn; n -= nn;
104 : }
105 0 : } while( pp );
106 : }
107 0 : }
108 :
109 : /* Mode 0: try and find the revocation based on the pk (i.e. check
110 : subkeys, etc.) Mode 1: use only the revocation on the main pk */
111 :
112 : void
113 0 : show_revocation_reason( PKT_public_key *pk, int mode )
114 : {
115 : /* Hmmm, this is not so easy because we have to duplicate the code
116 : * used in the trustbd to calculate the keyflags. We need to find
117 : * a clean way to check revocation certificates on keys and
118 : * signatures. And there should be no duplicate code. Because we
119 : * enter this function only when the trustdb told us that we have
120 : * a revoked key, we could simply look for a revocation cert and
121 : * display this one, when there is only one. Let's try to do this
122 : * until we have a better solution. */
123 0 : KBNODE node, keyblock = NULL;
124 : byte fingerprint[MAX_FINGERPRINT_LEN];
125 : size_t fingerlen;
126 : int rc;
127 :
128 : /* get the keyblock */
129 0 : fingerprint_from_pk( pk, fingerprint, &fingerlen );
130 0 : rc = get_pubkey_byfprint(NULL, &keyblock, fingerprint, fingerlen);
131 0 : if( rc ) { /* that should never happen */
132 0 : log_debug( "failed to get the keyblock\n");
133 0 : return;
134 : }
135 :
136 0 : for( node=keyblock; node; node = node->next ) {
137 0 : if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
138 0 : ( ( node->pkt->pkttype == PKT_PUBLIC_KEY
139 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
140 0 : && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
141 : break;
142 : }
143 0 : if( !node ) {
144 0 : log_debug("Oops, PK not in keyblock\n");
145 0 : release_kbnode( keyblock );
146 0 : return;
147 : }
148 : /* now find the revocation certificate */
149 0 : for( node = node->next; node ; node = node->next ) {
150 0 : if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
151 0 : break;
152 0 : if( node->pkt->pkttype == PKT_SIGNATURE
153 0 : && (node->pkt->pkt.signature->sig_class == 0x20
154 0 : || node->pkt->pkt.signature->sig_class == 0x28 ) ) {
155 : /* FIXME: we should check the signature here */
156 0 : do_show_revocation_reason ( node->pkt->pkt.signature );
157 0 : break;
158 : }
159 : }
160 :
161 : /* We didn't find it, so check if the whole key is revoked */
162 0 : if(!node && !mode)
163 0 : show_revocation_reason(pk,1);
164 :
165 0 : release_kbnode( keyblock );
166 : }
167 :
168 :
169 : /****************
170 : * mode: 0 = standard
171 : * 1 = Without key info and additional menu option 'm'
172 : * this does also add an option to set the key to ultimately trusted.
173 : * Returns:
174 : * -2 = nothing changed - caller should show some additional info
175 : * -1 = quit operation
176 : * 0 = nothing changed
177 : * 1 = new ownertrust now in new_trust
178 : */
179 : #ifndef NO_TRUST_MODELS
180 : static int
181 0 : do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
182 : unsigned *new_trust, int defer_help )
183 : {
184 : char *p;
185 : u32 keyid[2];
186 0 : int changed=0;
187 0 : int quit=0;
188 0 : int show=0;
189 : int min_num;
190 0 : int did_help=defer_help;
191 0 : unsigned int minimum = tdb_get_min_ownertrust (pk);
192 :
193 0 : switch(minimum)
194 : {
195 : default:
196 0 : case TRUST_UNDEFINED: min_num=1; break;
197 0 : case TRUST_NEVER: min_num=2; break;
198 0 : case TRUST_MARGINAL: min_num=3; break;
199 0 : case TRUST_FULLY: min_num=4; break;
200 : }
201 :
202 0 : keyid_from_pk (pk, keyid);
203 : for(;;) {
204 : /* A string with valid answers.
205 :
206 : TRANSLATORS: These are the allowed answers in lower and
207 : uppercase. Below you will find the matching strings which
208 : should be translated accordingly and the letter changed to
209 : match the one in the answer string.
210 :
211 : i = please show me more information
212 : m = back to the main menu
213 : s = skip this key
214 : q = quit
215 : */
216 0 : const char *ans = _("iImMqQsS");
217 :
218 0 : if( !did_help )
219 : {
220 0 : if( !mode )
221 : {
222 : KBNODE keyblock, un;
223 :
224 0 : tty_printf (_("No trust value assigned to:\n"));
225 0 : print_key_line (NULL, pk, 0);
226 :
227 0 : p = get_user_id_native(keyid);
228 0 : tty_printf (_(" \"%s\"\n"),p);
229 0 : xfree (p);
230 :
231 0 : keyblock = get_pubkeyblock (keyid);
232 0 : if (!keyblock)
233 0 : BUG ();
234 0 : for (un=keyblock; un; un = un->next)
235 : {
236 0 : if (un->pkt->pkttype != PKT_USER_ID )
237 0 : continue;
238 0 : if (un->pkt->pkt.user_id->is_revoked )
239 0 : continue;
240 0 : if (un->pkt->pkt.user_id->is_expired )
241 0 : continue;
242 : /* Only skip textual primaries */
243 0 : if (un->pkt->pkt.user_id->is_primary
244 0 : && !un->pkt->pkt.user_id->attrib_data )
245 0 : continue;
246 :
247 0 : if((opt.verify_options&VERIFY_SHOW_PHOTOS)
248 0 : && un->pkt->pkt.user_id->attrib_data)
249 0 : show_photos (ctrl,
250 0 : un->pkt->pkt.user_id->attribs,
251 0 : un->pkt->pkt.user_id->numattribs, pk,
252 0 : un->pkt->pkt.user_id);
253 :
254 0 : p=utf8_to_native(un->pkt->pkt.user_id->name,
255 0 : un->pkt->pkt.user_id->len,0);
256 :
257 0 : tty_printf(_(" aka \"%s\"\n"),p);
258 : }
259 :
260 0 : print_fingerprint (NULL, pk, 2);
261 0 : tty_printf("\n");
262 0 : release_kbnode (keyblock);
263 : }
264 :
265 0 : if(opt.trust_model==TM_DIRECT)
266 : {
267 0 : tty_printf(_("How much do you trust that this key actually "
268 : "belongs to the named user?\n"));
269 0 : tty_printf("\n");
270 : }
271 : else
272 : {
273 : /* This string also used in keyedit.c:trustsig_prompt */
274 0 : tty_printf(_("Please decide how far you trust this user to"
275 : " correctly verify other users' keys\n"
276 : "(by looking at passports, checking fingerprints from"
277 : " different sources, etc.)\n"));
278 0 : tty_printf("\n");
279 : }
280 :
281 0 : if(min_num<=1)
282 0 : tty_printf (_(" %d = I don't know or won't say\n"), 1);
283 0 : if(min_num<=2)
284 0 : tty_printf (_(" %d = I do NOT trust\n"), 2);
285 0 : if(min_num<=3)
286 0 : tty_printf (_(" %d = I trust marginally\n"), 3);
287 0 : if(min_num<=4)
288 0 : tty_printf (_(" %d = I trust fully\n"), 4);
289 0 : if (mode)
290 0 : tty_printf (_(" %d = I trust ultimately\n"), 5);
291 : #if 0
292 : /* not yet implemented */
293 : tty_printf (" i = please show me more information\n");
294 : #endif
295 0 : if( mode )
296 0 : tty_printf(_(" m = back to the main menu\n"));
297 : else
298 : {
299 0 : tty_printf(_(" s = skip this key\n"));
300 0 : tty_printf(_(" q = quit\n"));
301 : }
302 0 : tty_printf("\n");
303 0 : if(minimum)
304 0 : tty_printf(_("The minimum trust level for this key is: %s\n\n"),
305 : trust_value_to_string(minimum));
306 0 : did_help = 1;
307 : }
308 0 : if( strlen(ans) != 8 )
309 0 : BUG();
310 0 : p = cpr_get("edit_ownertrust.value",_("Your decision? "));
311 0 : trim_spaces(p);
312 0 : cpr_kill_prompt();
313 0 : if( !*p )
314 0 : did_help = 0;
315 0 : else if( *p && p[1] )
316 : ;
317 0 : else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
318 0 : {
319 : unsigned int trust;
320 0 : switch( *p )
321 : {
322 0 : case '1': trust = TRUST_UNDEFINED; break;
323 0 : case '2': trust = TRUST_NEVER ; break;
324 0 : case '3': trust = TRUST_MARGINAL ; break;
325 0 : case '4': trust = TRUST_FULLY ; break;
326 0 : case '5': trust = TRUST_ULTIMATE ; break;
327 0 : default: BUG();
328 : }
329 0 : if (trust == TRUST_ULTIMATE
330 0 : && !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay",
331 0 : _("Do you really want to set this key"
332 : " to ultimate trust? (y/N) ")))
333 : ; /* no */
334 : else
335 : {
336 0 : *new_trust = trust;
337 0 : changed = 1;
338 0 : break;
339 : }
340 : }
341 : #if 0
342 : /* not yet implemented */
343 : else if( *p == ans[0] || *p == ans[1] )
344 : {
345 : tty_printf(_("Certificates leading to an ultimately trusted key:\n"));
346 : show = 1;
347 : break;
348 : }
349 : #endif
350 0 : else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) )
351 : {
352 : break ; /* back to the menu */
353 : }
354 0 : else if( !mode && (*p == ans[6] || *p == ans[7] ) )
355 : {
356 : break; /* skip */
357 : }
358 0 : else if( !mode && (*p == ans[4] || *p == ans[5] ) )
359 : {
360 0 : quit = 1;
361 0 : break ; /* back to the menu */
362 : }
363 0 : xfree(p); p = NULL;
364 0 : }
365 0 : xfree(p);
366 0 : return show? -2: quit? -1 : changed;
367 : }
368 : #endif /*!NO_TRUST_MODELS*/
369 :
370 :
371 : /*
372 : * Display a menu to change the ownertrust of the key PK (which should
373 : * be a primary key).
374 : * For mode values see do_edit_ownertrust ()
375 : */
376 : #ifndef NO_TRUST_MODELS
377 : int
378 0 : edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode )
379 : {
380 0 : unsigned int trust = 0;
381 0 : int no_help = 0;
382 :
383 : for(;;)
384 : {
385 0 : switch ( do_edit_ownertrust (ctrl, pk, mode, &trust, no_help ) )
386 : {
387 : case -1: /* quit */
388 0 : return -1;
389 : case -2: /* show info */
390 0 : no_help = 1;
391 0 : break;
392 : case 1: /* trust value set */
393 0 : trust &= ~TRUST_FLAG_DISABLED;
394 0 : trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED;
395 0 : update_ownertrust (pk, trust );
396 0 : return 1;
397 : default:
398 0 : return 0;
399 : }
400 0 : }
401 : }
402 : #endif /*!NO_TRUST_MODELS*/
403 :
404 :
405 : /****************
406 : * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
407 : * Returns: true if we trust.
408 : */
409 : static int
410 244 : do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
411 : {
412 : /* We should not be able to get here with a revoked or expired
413 : key */
414 244 : if(trustlevel & TRUST_FLAG_REVOKED
415 244 : || trustlevel & TRUST_FLAG_SUB_REVOKED
416 244 : || (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
417 0 : BUG();
418 :
419 244 : if( opt.trust_model==TM_ALWAYS )
420 : {
421 244 : if( opt.verbose )
422 0 : log_info("No trust check due to '--trust-model always' option\n");
423 244 : return 1;
424 : }
425 :
426 0 : switch(trustlevel & TRUST_MASK)
427 : {
428 : default:
429 0 : log_error ("invalid trustlevel %u returned from validation layer\n",
430 : trustlevel);
431 : /* fall through */
432 : case TRUST_UNKNOWN:
433 : case TRUST_UNDEFINED:
434 0 : log_info(_("%s: There is no assurance this key belongs"
435 : " to the named user\n"),keystr_from_pk(pk));
436 0 : return 0; /* no */
437 :
438 : case TRUST_MARGINAL:
439 0 : log_info(_("%s: There is limited assurance this key belongs"
440 : " to the named user\n"),keystr_from_pk(pk));
441 0 : return 1; /* yes */
442 :
443 : case TRUST_FULLY:
444 0 : if( opt.verbose )
445 0 : log_info(_("This key probably belongs to the named user\n"));
446 0 : return 1; /* yes */
447 :
448 : case TRUST_ULTIMATE:
449 0 : if( opt.verbose )
450 0 : log_info(_("This key belongs to us\n"));
451 0 : return 1; /* yes */
452 :
453 : case TRUST_NEVER:
454 : /* This can be returned by TOFU, which can return negative
455 : assertions. */
456 0 : log_info(_("%s: This key is bad! It has been marked as untrusted!\n"),
457 : keystr_from_pk(pk));
458 0 : return 0; /* no */
459 : }
460 :
461 : return 1; /*NOTREACHED*/
462 : }
463 :
464 :
465 : /****************
466 : * wrapper around do_we_trust, so we can ask whether to use the
467 : * key anyway.
468 : */
469 : static int
470 244 : do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
471 : {
472 : int rc;
473 :
474 244 : rc = do_we_trust( pk, trustlevel );
475 :
476 244 : if( !opt.batch && !rc )
477 : {
478 0 : print_pubkey_info(NULL,pk);
479 0 : print_fingerprint (NULL, pk, 2);
480 0 : tty_printf("\n");
481 :
482 0 : if ((trustlevel & TRUST_MASK) == TRUST_NEVER)
483 0 : tty_printf(
484 0 : _("This key has is bad! It has been marked as untrusted! If you\n"
485 : "*really* know what you are doing, you may answer the next\n"
486 : "question with yes.\n"));
487 : else
488 0 : tty_printf(
489 0 : _("It is NOT certain that the key belongs to the person named\n"
490 : "in the user ID. If you *really* know what you are doing,\n"
491 : "you may answer the next question with yes.\n"));
492 :
493 0 : tty_printf("\n");
494 :
495 :
496 0 : if (is_status_enabled ())
497 : {
498 : u32 kid[2];
499 : char *hint_str;
500 :
501 0 : keyid_from_pk (pk, kid);
502 0 : hint_str = get_long_user_id_string ( kid );
503 0 : write_status_text ( STATUS_USERID_HINT, hint_str );
504 0 : xfree (hint_str);
505 : }
506 :
507 0 : if( cpr_get_answer_is_yes("untrusted_key.override",
508 0 : _("Use this key anyway? (y/N) ")) )
509 0 : rc = 1;
510 :
511 : /* Hmmm: Should we set a flag to tell the user about
512 : * his decision the next time he encrypts for this recipient?
513 : */
514 : }
515 :
516 244 : return rc;
517 : }
518 :
519 :
520 : /* Write a TRUST_foo status line inclduing the validation model. */
521 : static void
522 32 : write_trust_status (int statuscode, int trustlevel)
523 : {
524 : #ifdef NO_TRUST_MODELS
525 : write_status (statuscode);
526 : #else /* NO_TRUST_MODELS */
527 : int tm;
528 :
529 : /* For the combined tofu+pgp method, we return the trust model which
530 : * was responsible for the trustlevel. */
531 32 : if (opt.trust_model == TM_TOFU_PGP)
532 0 : tm = (trustlevel & TRUST_FLAG_TOFU_BASED)? TM_TOFU : TM_PGP;
533 : else
534 32 : tm = opt.trust_model;
535 32 : write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
536 : #endif /* NO_TRUST_MODELS */
537 32 : }
538 :
539 :
540 : /****************
541 : * Check whether we can trust this signature.
542 : * Returns an error code if we should not trust this signature.
543 : */
544 : int
545 183 : check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
546 : {
547 183 : PKT_public_key *pk = xmalloc_clear( sizeof *pk );
548 183 : unsigned int trustlevel = TRUST_UNKNOWN;
549 183 : int rc=0;
550 :
551 183 : rc = get_pubkey( pk, sig->keyid );
552 183 : if (rc)
553 : { /* this should not happen */
554 0 : log_error("Ooops; the key vanished - can't check the trust\n");
555 0 : rc = GPG_ERR_NO_PUBKEY;
556 0 : goto leave;
557 : }
558 :
559 183 : if ( opt.trust_model==TM_ALWAYS )
560 : {
561 151 : if( !opt.quiet )
562 151 : log_info(_("WARNING: Using untrusted key!\n"));
563 151 : if (opt.with_fingerprint)
564 0 : print_fingerprint (NULL, pk, 1);
565 151 : goto leave;
566 : }
567 :
568 32 : if(pk->flags.maybe_revoked && !pk->flags.revoked)
569 0 : log_info(_("WARNING: this key might be revoked (revocation key"
570 : " not present)\n"));
571 :
572 32 : trustlevel = get_validity (ctrl, NULL, pk, NULL, sig, 1);
573 :
574 32 : if ( (trustlevel & TRUST_FLAG_REVOKED) )
575 : {
576 0 : write_status( STATUS_KEYREVOKED );
577 0 : if(pk->flags.revoked == 2)
578 0 : log_info(_("WARNING: This key has been revoked by its"
579 : " designated revoker!\n"));
580 : else
581 0 : log_info(_("WARNING: This key has been revoked by its owner!\n"));
582 0 : log_info(_(" This could mean that the signature is forged.\n"));
583 0 : show_revocation_reason( pk, 0 );
584 : }
585 32 : else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
586 : {
587 0 : write_status( STATUS_KEYREVOKED );
588 0 : log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
589 0 : show_revocation_reason( pk, 0 );
590 : }
591 :
592 32 : if ((trustlevel & TRUST_FLAG_DISABLED))
593 0 : log_info (_("Note: This key has been disabled.\n"));
594 :
595 : /* If we have PKA information adjust the trustlevel. */
596 32 : if (sig->pka_info && sig->pka_info->valid)
597 : {
598 : unsigned char fpr[MAX_FINGERPRINT_LEN];
599 : PKT_public_key *primary_pk;
600 : size_t fprlen;
601 : int okay;
602 :
603 :
604 0 : primary_pk = xmalloc_clear (sizeof *primary_pk);
605 0 : get_pubkey (primary_pk, pk->main_keyid);
606 0 : fingerprint_from_pk (primary_pk, fpr, &fprlen);
607 0 : free_public_key (primary_pk);
608 :
609 0 : if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
610 : {
611 0 : okay = 1;
612 0 : write_status_text (STATUS_PKA_TRUST_GOOD, sig->pka_info->email);
613 0 : log_info (_("Note: Verified signer's address is '%s'\n"),
614 0 : sig->pka_info->email);
615 : }
616 : else
617 : {
618 0 : okay = 0;
619 0 : write_status_text (STATUS_PKA_TRUST_BAD, sig->pka_info->email);
620 0 : log_info (_("Note: Signer's address '%s' "
621 0 : "does not match DNS entry\n"), sig->pka_info->email);
622 : }
623 :
624 0 : switch ( (trustlevel & TRUST_MASK) )
625 : {
626 : case TRUST_UNKNOWN:
627 : case TRUST_UNDEFINED:
628 : case TRUST_MARGINAL:
629 0 : if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
630 : {
631 0 : trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
632 0 : log_info (_("trustlevel adjusted to FULL"
633 : " due to valid PKA info\n"));
634 : }
635 : /* (fall through) */
636 : case TRUST_FULLY:
637 0 : if (!okay)
638 : {
639 0 : trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_NEVER);
640 0 : log_info (_("trustlevel adjusted to NEVER"
641 : " due to bad PKA info\n"));
642 : }
643 0 : break;
644 : }
645 : }
646 :
647 : /* Now let the user know what up with the trustlevel. */
648 32 : switch ( (trustlevel & TRUST_MASK) )
649 : {
650 : case TRUST_EXPIRED:
651 0 : log_info(_("Note: This key has expired!\n"));
652 0 : print_fingerprint (NULL, pk, 1);
653 0 : break;
654 :
655 : default:
656 0 : log_error ("invalid trustlevel %u returned from validation layer\n",
657 : trustlevel);
658 : /* fall through */
659 : case TRUST_UNKNOWN:
660 : case TRUST_UNDEFINED:
661 7 : write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel);
662 7 : log_info(_("WARNING: This key is not certified with"
663 : " a trusted signature!\n"));
664 7 : log_info(_(" There is no indication that the "
665 : "signature belongs to the owner.\n" ));
666 7 : print_fingerprint (NULL, pk, 1);
667 7 : break;
668 :
669 : case TRUST_NEVER:
670 : /* This level can be returned by TOFU, which supports negative
671 : * assertions. */
672 0 : write_trust_status (STATUS_TRUST_NEVER, trustlevel);
673 0 : log_info(_("WARNING: We do NOT trust this key!\n"));
674 0 : log_info(_(" The signature is probably a FORGERY.\n"));
675 0 : if (opt.with_fingerprint)
676 0 : print_fingerprint (NULL, pk, 1);
677 0 : rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
678 0 : break;
679 :
680 : case TRUST_MARGINAL:
681 17 : write_trust_status (STATUS_TRUST_MARGINAL, trustlevel);
682 17 : log_info(_("WARNING: This key is not certified with"
683 : " sufficiently trusted signatures!\n"));
684 17 : log_info(_(" It is not certain that the"
685 : " signature belongs to the owner.\n" ));
686 17 : print_fingerprint (NULL, pk, 1);
687 17 : break;
688 :
689 : case TRUST_FULLY:
690 4 : write_trust_status (STATUS_TRUST_FULLY, trustlevel);
691 4 : if (opt.with_fingerprint)
692 0 : print_fingerprint (NULL, pk, 1);
693 4 : break;
694 :
695 : case TRUST_ULTIMATE:
696 4 : write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel);
697 4 : if (opt.with_fingerprint)
698 0 : print_fingerprint (NULL, pk, 1);
699 4 : break;
700 : }
701 :
702 : leave:
703 183 : free_public_key( pk );
704 183 : return rc;
705 : }
706 :
707 :
708 : void
709 333 : release_pk_list (pk_list_t pk_list)
710 : {
711 : PK_LIST pk_rover;
712 :
713 588 : for ( ; pk_list; pk_list = pk_rover)
714 : {
715 255 : pk_rover = pk_list->next;
716 255 : free_public_key ( pk_list->pk );
717 255 : xfree ( pk_list );
718 : }
719 333 : }
720 :
721 :
722 : static int
723 250 : key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk)
724 : {
725 258 : for( ; pk_list; pk_list = pk_list->next)
726 8 : if (cmp_public_keys(pk_list->pk, pk) == 0)
727 0 : return 0;
728 :
729 250 : return -1;
730 : }
731 :
732 :
733 : /****************
734 : * Return a malloced string with a default recipient if there is any
735 : */
736 : static char *
737 0 : default_recipient(ctrl_t ctrl)
738 : {
739 : PKT_public_key *pk;
740 : byte fpr[MAX_FINGERPRINT_LEN+1];
741 : size_t n;
742 : char *p;
743 : int i;
744 :
745 0 : if( opt.def_recipient )
746 0 : return xstrdup( opt.def_recipient );
747 0 : if( !opt.def_recipient_self )
748 0 : return NULL;
749 0 : pk = xmalloc_clear( sizeof *pk );
750 0 : i = get_seckey_default (ctrl, pk);
751 0 : if( i ) {
752 0 : free_public_key( pk );
753 0 : return NULL;
754 : }
755 0 : n = MAX_FINGERPRINT_LEN;
756 0 : fingerprint_from_pk( pk, fpr, &n );
757 0 : free_public_key( pk );
758 0 : p = xmalloc( 2*n+3 );
759 0 : *p++ = '0';
760 0 : *p++ = 'x';
761 0 : for(i=0; i < n; i++ )
762 0 : sprintf( p+2*i, "%02X", fpr[i] );
763 0 : p -= 2;
764 0 : return p;
765 : }
766 :
767 : static int
768 0 : expand_id(const char *id,strlist_t *into,unsigned int flags)
769 : {
770 : struct groupitem *groups;
771 0 : int count=0;
772 :
773 0 : for(groups=opt.grouplist;groups;groups=groups->next)
774 : {
775 : /* need strcasecmp() here, as this should be localized */
776 0 : if(strcasecmp(groups->name,id)==0)
777 : {
778 : strlist_t each,sl;
779 :
780 : /* this maintains the current utf8-ness */
781 0 : for(each=groups->values;each;each=each->next)
782 : {
783 0 : sl=add_to_strlist(into,each->d);
784 0 : sl->flags=flags;
785 0 : count++;
786 : }
787 :
788 0 : break;
789 : }
790 : }
791 :
792 0 : return count;
793 : }
794 :
795 : /* For simplicity, and to avoid potential loops, we only expand once -
796 : * you can't make an alias that points to an alias. */
797 : static strlist_t
798 0 : expand_group (strlist_t input)
799 : {
800 0 : strlist_t output = NULL;
801 : strlist_t sl, rover;
802 :
803 0 : for (rover = input; rover; rover = rover->next)
804 0 : if (!(rover->flags & PK_LIST_FROM_FILE)
805 0 : && !expand_id(rover->d,&output,rover->flags))
806 : {
807 : /* Didn't find any groups, so use the existing string */
808 0 : sl=add_to_strlist(&output,rover->d);
809 0 : sl->flags=rover->flags;
810 : }
811 :
812 0 : return output;
813 : }
814 :
815 :
816 : /* Helper for build_pk_list to find and check one key. This helper is
817 : * also used directly in server mode by the RECIPIENTS command. On
818 : * success the new key is added to PK_LIST_ADDR. NAME is the user id
819 : * of the key. USE the requested usage and a set MARK_HIDDEN will
820 : * mark the key in the updated list as a hidden recipient. If
821 : * FROM_FILE is true, NAME is is not a user ID but the name of a file
822 : * holding a key. */
823 : gpg_error_t
824 250 : find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
825 : int mark_hidden, int from_file, pk_list_t *pk_list_addr)
826 : {
827 : int rc;
828 : PKT_public_key *pk;
829 :
830 250 : if (!name || !*name)
831 0 : return gpg_error (GPG_ERR_INV_USER_ID);
832 :
833 250 : pk = xtrycalloc (1, sizeof *pk);
834 250 : if (!pk)
835 0 : return gpg_error_from_syserror ();
836 250 : pk->req_usage = use;
837 :
838 250 : if (from_file)
839 6 : rc = get_pubkey_fromfile (ctrl, pk, name);
840 : else
841 244 : rc = get_best_pubkey_byname (ctrl, NULL, pk, name, NULL, 0, 0);
842 250 : if (rc)
843 : {
844 : int code;
845 :
846 : /* Key not found or other error. */
847 0 : log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
848 0 : switch (gpg_err_code (rc))
849 : {
850 : case GPG_ERR_NO_SECKEY:
851 0 : case GPG_ERR_NO_PUBKEY: code = 1; break;
852 0 : case GPG_ERR_INV_USER_ID: code = 14; break;
853 0 : default: code = 0; break;
854 : }
855 0 : send_status_inv_recp (code, name);
856 0 : free_public_key (pk);
857 0 : return rc;
858 : }
859 :
860 250 : rc = openpgp_pk_test_algo2 (pk->pubkey_algo, use);
861 250 : if (rc)
862 : {
863 : /* Key found but not usable for us (e.g. sign-only key). */
864 0 : send_status_inv_recp (3, name); /* Wrong key usage */
865 0 : log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
866 0 : free_public_key (pk);
867 0 : return rc;
868 : }
869 :
870 : /* Key found and usable. Check validity. */
871 250 : if (!from_file)
872 : {
873 : int trustlevel;
874 :
875 244 : trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
876 244 : if ( (trustlevel & TRUST_FLAG_DISABLED) )
877 : {
878 : /* Key has been disabled. */
879 0 : send_status_inv_recp (13, name);
880 0 : log_info (_("%s: skipped: public key is disabled\n"), name);
881 0 : free_public_key (pk);
882 0 : return GPG_ERR_UNUSABLE_PUBKEY;
883 : }
884 :
885 244 : if ( !do_we_trust_pre (pk, trustlevel) )
886 : {
887 : /* We don't trust this key. */
888 0 : send_status_inv_recp (10, name);
889 0 : free_public_key (pk);
890 0 : return GPG_ERR_UNUSABLE_PUBKEY;
891 : }
892 : }
893 :
894 : /* Skip the actual key if the key is already present in the
895 : list. */
896 250 : if (!key_present_in_pk_list (*pk_list_addr, pk))
897 : {
898 0 : if (!opt.quiet)
899 0 : log_info (_("%s: skipped: public key already present\n"), name);
900 0 : free_public_key (pk);
901 : }
902 : else
903 : {
904 : pk_list_t r;
905 :
906 250 : r = xtrymalloc (sizeof *r);
907 250 : if (!r)
908 : {
909 0 : rc = gpg_error_from_syserror ();
910 0 : free_public_key (pk);
911 0 : return rc;
912 : }
913 250 : r->pk = pk;
914 250 : r->next = *pk_list_addr;
915 250 : r->flags = mark_hidden? 1:0;
916 250 : *pk_list_addr = r;
917 : }
918 :
919 250 : return 0;
920 : }
921 :
922 :
923 :
924 : /* This is the central function to collect the keys for recipients.
925 : * It is thus used to prepare a public key encryption. encrypt-to
926 : * keys, default keys and the keys for the actual recipients are all
927 : * collected here. When not in batch mode and no recipient has been
928 : * passed on the commandline, the function will also ask for
929 : * recipients.
930 : *
931 : * RCPTS is a string list with the recipients; NULL is an allowed
932 : * value but not very useful. Group expansion is done on these names;
933 : * they may be in any of the user Id formats we can handle. The flags
934 : * bits for each string in the string list are used for:
935 : *
936 : * - PK_LIST_ENCRYPT_TO :: This is an encrypt-to recipient.
937 : * - PK_LIST_HIDDEN :: This is a hidden recipient.
938 : * - PK_LIST_FROM_FILE :: The argument is a file with a key.
939 : *
940 : * On success a list of keys is stored at the address RET_PK_LIST; the
941 : * caller must free this list. On error the value at this address is
942 : * not changed.
943 : */
944 : int
945 247 : build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
946 : {
947 247 : PK_LIST pk_list = NULL;
948 247 : PKT_public_key *pk=NULL;
949 247 : int rc=0;
950 247 : int any_recipients=0;
951 : strlist_t rov,remusr;
952 247 : char *def_rec = NULL;
953 : char pkstrbuf[PUBKEY_STRING_SIZE];
954 :
955 : /* Try to expand groups if any have been defined. */
956 247 : if (opt.grouplist)
957 0 : remusr = expand_group (rcpts);
958 : else
959 247 : remusr = rcpts;
960 :
961 : /* XXX: Change this function to use get_pubkeys instead of
962 : get_pubkey_byname to detect ambiguous key specifications and warn
963 : about duplicate keyblocks. For ambiguous key specifications on
964 : the command line or provided interactively, prompt the user to
965 : select the best key. If a key specification is ambiguous and we
966 : are in batch mode, die. */
967 :
968 247 : if (opt.encrypt_to_default_key)
969 : {
970 : static int warned;
971 :
972 5 : const char *default_key = parse_def_secret_key (ctrl);
973 5 : if (default_key)
974 : {
975 5 : PK_LIST r = xmalloc_clear (sizeof *r);
976 :
977 5 : r->pk = xmalloc_clear (sizeof *r->pk);
978 5 : r->pk->req_usage = PUBKEY_USAGE_ENC;
979 :
980 5 : rc = get_pubkey_byname (ctrl, NULL, r->pk, default_key,
981 : NULL, NULL, 0, 1);
982 5 : if (rc)
983 : {
984 0 : xfree (r->pk);
985 0 : xfree (r);
986 :
987 0 : log_error (_("can't encrypt to '%s'\n"), default_key);
988 0 : if (!opt.quiet)
989 0 : log_info (_("(check argument of option '%s')\n"),
990 : "--default-key");
991 : }
992 : else
993 : {
994 5 : r->next = pk_list;
995 5 : r->flags = 0;
996 5 : pk_list = r;
997 : }
998 : }
999 0 : else if (opt.def_secret_key)
1000 : {
1001 0 : if (! warned)
1002 0 : log_info (_("option '%s' given, but no valid default keys given\n"),
1003 : "--encrypt-to-default-key");
1004 0 : warned = 1;
1005 : }
1006 : else
1007 : {
1008 0 : if (! warned)
1009 0 : log_info (_("option '%s' given, but option '%s' not given\n"),
1010 : "--encrypt-to-default-key", "--default-key");
1011 0 : warned = 1;
1012 : }
1013 : }
1014 :
1015 : /* Check whether there are any recipients in the list and build the
1016 : * list of the encrypt-to ones (we always trust them). */
1017 497 : for ( rov = remusr; rov; rov = rov->next )
1018 : {
1019 250 : if ( !(rov->flags & PK_LIST_ENCRYPT_TO) )
1020 : {
1021 : /* This is a regular recipient; i.e. not an encrypt-to
1022 : one. */
1023 250 : any_recipients = 1;
1024 :
1025 : /* Hidden recipients are not allowed while in PGP mode,
1026 : issue a warning and switch into GnuPG mode. */
1027 250 : if ((rov->flags & PK_LIST_HIDDEN) && (PGP6 || PGP7 || PGP8))
1028 : {
1029 0 : log_info(_("you may not use %s while in %s mode\n"),
1030 : "--hidden-recipient",
1031 : compliance_option_string());
1032 :
1033 0 : compliance_failure();
1034 : }
1035 : }
1036 0 : else if (!opt.no_encrypt_to)
1037 : {
1038 : /* --encrypt-to has not been disabled. Check this
1039 : encrypt-to key. */
1040 0 : pk = xmalloc_clear( sizeof *pk );
1041 0 : pk->req_usage = PUBKEY_USAGE_ENC;
1042 :
1043 : /* We explicitly allow encrypt-to to an disabled key; thus
1044 : we pass 1 for the second last argument and 1 as the last
1045 : argument to disable AKL. */
1046 0 : if ( (rc = get_pubkey_byname (ctrl,
1047 0 : NULL, pk, rov->d, NULL, NULL, 1, 1)) )
1048 : {
1049 0 : free_public_key ( pk ); pk = NULL;
1050 0 : log_error (_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
1051 0 : send_status_inv_recp (0, rov->d);
1052 0 : goto fail;
1053 : }
1054 0 : else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo,
1055 : PUBKEY_USAGE_ENC)) )
1056 : {
1057 : /* Skip the actual key if the key is already present
1058 : * in the list. Add it to our list if not. */
1059 0 : if (key_present_in_pk_list(pk_list, pk) == 0)
1060 : {
1061 0 : free_public_key (pk); pk = NULL;
1062 0 : if (!opt.quiet)
1063 0 : log_info (_("%s: skipped: public key already present\n"),
1064 0 : rov->d);
1065 : }
1066 : else
1067 : {
1068 : PK_LIST r;
1069 0 : r = xmalloc( sizeof *r );
1070 0 : r->pk = pk; pk = NULL;
1071 0 : r->next = pk_list;
1072 0 : r->flags = (rov->flags&PK_LIST_HIDDEN)?1:0;
1073 0 : pk_list = r;
1074 :
1075 : /* Hidden encrypt-to recipients are not allowed while
1076 : in PGP mode, issue a warning and switch into
1077 : GnuPG mode. */
1078 0 : if ((r->flags&PK_LIST_ENCRYPT_TO) && (PGP6 || PGP7 || PGP8))
1079 : {
1080 0 : log_info(_("you may not use %s while in %s mode\n"),
1081 : "--hidden-encrypt-to",
1082 : compliance_option_string());
1083 :
1084 0 : compliance_failure();
1085 : }
1086 : }
1087 : }
1088 : else
1089 : {
1090 : /* The public key is not usable for encryption. */
1091 0 : free_public_key( pk ); pk = NULL;
1092 0 : log_error(_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
1093 0 : send_status_inv_recp (3, rov->d); /* Wrong key usage */
1094 0 : goto fail;
1095 : }
1096 : }
1097 : }
1098 :
1099 : /* If we don't have any recipients yet and we are not in batch mode
1100 : drop into interactive selection mode. */
1101 247 : if ( !any_recipients && !opt.batch )
1102 0 : {
1103 : int have_def_rec;
1104 0 : char *answer = NULL;
1105 0 : strlist_t backlog = NULL;
1106 :
1107 0 : if (pk_list)
1108 0 : any_recipients = 1;
1109 0 : def_rec = default_recipient(ctrl);
1110 0 : have_def_rec = !!def_rec;
1111 0 : if ( !have_def_rec )
1112 0 : tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n"));
1113 :
1114 : for (;;)
1115 : {
1116 0 : rc = 0;
1117 0 : xfree(answer);
1118 0 : if ( have_def_rec )
1119 : {
1120 : /* A default recipient is taken as the first entry. */
1121 0 : answer = def_rec;
1122 0 : def_rec = NULL;
1123 : }
1124 0 : else if (backlog)
1125 : {
1126 : /* This is part of our trick to expand and display groups. */
1127 0 : answer = strlist_pop (&backlog);
1128 : }
1129 : else
1130 : {
1131 : /* Show the list of already collected recipients and ask
1132 : for more. */
1133 : PK_LIST iter;
1134 :
1135 0 : tty_printf("\n");
1136 0 : tty_printf(_("Current recipients:\n"));
1137 0 : for (iter=pk_list;iter;iter=iter->next)
1138 : {
1139 : u32 keyid[2];
1140 :
1141 0 : keyid_from_pk(iter->pk,keyid);
1142 0 : tty_printf ("%s/%s %s \"",
1143 : pubkey_string (iter->pk,
1144 : pkstrbuf, sizeof pkstrbuf),
1145 : keystr(keyid),
1146 : datestr_from_pk (iter->pk));
1147 :
1148 0 : if (iter->pk->user_id)
1149 0 : tty_print_utf8_string(iter->pk->user_id->name,
1150 0 : iter->pk->user_id->len);
1151 : else
1152 : {
1153 : size_t n;
1154 0 : char *p = get_user_id( keyid, &n );
1155 0 : tty_print_utf8_string( p, n );
1156 0 : xfree(p);
1157 : }
1158 0 : tty_printf("\"\n");
1159 : }
1160 :
1161 0 : answer = cpr_get_utf8("pklist.user_id.enter",
1162 0 : _("\nEnter the user ID. "
1163 : "End with an empty line: "));
1164 0 : trim_spaces(answer);
1165 0 : cpr_kill_prompt();
1166 : }
1167 :
1168 0 : if ( !answer || !*answer )
1169 : {
1170 0 : xfree(answer);
1171 0 : break; /* No more recipients entered - get out of loop. */
1172 : }
1173 :
1174 : /* Do group expand here too. The trick here is to continue
1175 : the loop if any expansion occurred. The code above will
1176 : then list all expanded keys. */
1177 0 : if (expand_id(answer,&backlog,0))
1178 0 : continue;
1179 :
1180 : /* Get and check key for the current name. */
1181 0 : free_public_key (pk);
1182 0 : pk = xmalloc_clear( sizeof *pk );
1183 0 : pk->req_usage = PUBKEY_USAGE_ENC;
1184 0 : rc = get_pubkey_byname (ctrl, NULL, pk, answer, NULL, NULL, 0, 0 );
1185 0 : if (rc)
1186 0 : tty_printf(_("No such user ID.\n"));
1187 0 : else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo,
1188 : PUBKEY_USAGE_ENC)) )
1189 : {
1190 0 : if ( have_def_rec )
1191 : {
1192 : /* No validation for a default recipient. */
1193 0 : if (!key_present_in_pk_list(pk_list, pk))
1194 : {
1195 0 : free_public_key (pk);
1196 0 : pk = NULL;
1197 0 : log_info (_("skipped: public key "
1198 : "already set as default recipient\n") );
1199 : }
1200 : else
1201 : {
1202 0 : PK_LIST r = xmalloc (sizeof *r);
1203 0 : r->pk = pk; pk = NULL;
1204 0 : r->next = pk_list;
1205 0 : r->flags = 0; /* No throwing default ids. */
1206 0 : pk_list = r;
1207 : }
1208 0 : any_recipients = 1;
1209 0 : continue;
1210 : }
1211 : else
1212 : { /* Check validity of this key. */
1213 : int trustlevel;
1214 :
1215 0 : trustlevel =
1216 0 : get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
1217 0 : if ( (trustlevel & TRUST_FLAG_DISABLED) )
1218 : {
1219 0 : tty_printf (_("Public key is disabled.\n") );
1220 : }
1221 0 : else if ( do_we_trust_pre (pk, trustlevel) )
1222 : {
1223 : /* Skip the actual key if the key is already
1224 : * present in the list */
1225 0 : if (!key_present_in_pk_list(pk_list, pk))
1226 : {
1227 0 : free_public_key (pk);
1228 0 : pk = NULL;
1229 0 : log_info(_("skipped: public key already set\n") );
1230 : }
1231 : else
1232 : {
1233 : PK_LIST r;
1234 0 : r = xmalloc( sizeof *r );
1235 0 : r->pk = pk; pk = NULL;
1236 0 : r->next = pk_list;
1237 0 : r->flags = 0; /* No throwing interactive ids. */
1238 0 : pk_list = r;
1239 : }
1240 0 : any_recipients = 1;
1241 0 : continue;
1242 : }
1243 : }
1244 : }
1245 0 : xfree(def_rec); def_rec = NULL;
1246 0 : have_def_rec = 0;
1247 0 : }
1248 0 : if ( pk )
1249 : {
1250 0 : free_public_key( pk );
1251 0 : pk = NULL;
1252 : }
1253 : }
1254 247 : else if ( !any_recipients && (def_rec = default_recipient(ctrl)) )
1255 : {
1256 : /* We are in batch mode and have only a default recipient. */
1257 0 : pk = xmalloc_clear( sizeof *pk );
1258 0 : pk->req_usage = PUBKEY_USAGE_ENC;
1259 :
1260 : /* The default recipient is allowed to be disabled; thus pass 1
1261 : as second last argument. We also don't want an AKL. */
1262 0 : rc = get_pubkey_byname (ctrl, NULL, pk, def_rec, NULL, NULL, 1, 1);
1263 0 : if (rc)
1264 0 : log_error(_("unknown default recipient \"%s\"\n"), def_rec );
1265 0 : else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo,
1266 : PUBKEY_USAGE_ENC)) )
1267 : {
1268 : /* Mark any_recipients here since the default recipient
1269 : would have been used if it wasn't already there. It
1270 : doesn't really matter if we got this key from the default
1271 : recipient or an encrypt-to. */
1272 0 : any_recipients = 1;
1273 0 : if (!key_present_in_pk_list(pk_list, pk))
1274 0 : log_info (_("skipped: public key already set "
1275 : "as default recipient\n"));
1276 : else
1277 : {
1278 0 : PK_LIST r = xmalloc( sizeof *r );
1279 0 : r->pk = pk; pk = NULL;
1280 0 : r->next = pk_list;
1281 0 : r->flags = 0; /* No throwing default ids. */
1282 0 : pk_list = r;
1283 : }
1284 : }
1285 0 : if ( pk )
1286 : {
1287 0 : free_public_key( pk );
1288 0 : pk = NULL;
1289 : }
1290 0 : xfree(def_rec); def_rec = NULL;
1291 : }
1292 : else
1293 : {
1294 : /* General case: Check all keys. */
1295 247 : any_recipients = 0;
1296 497 : for (; remusr; remusr = remusr->next )
1297 : {
1298 250 : if ( (remusr->flags & PK_LIST_ENCRYPT_TO) )
1299 0 : continue; /* encrypt-to keys are already handled. */
1300 :
1301 500 : rc = find_and_check_key (ctrl, remusr->d, PUBKEY_USAGE_ENC,
1302 250 : !!(remusr->flags&PK_LIST_HIDDEN),
1303 250 : !!(remusr->flags&PK_LIST_FROM_FILE),
1304 : &pk_list);
1305 250 : if (rc)
1306 0 : goto fail;
1307 250 : any_recipients = 1;
1308 : }
1309 : }
1310 :
1311 247 : if ( !rc && !any_recipients )
1312 : {
1313 0 : log_error(_("no valid addressees\n"));
1314 0 : write_status_text (STATUS_NO_RECP, "0");
1315 0 : rc = GPG_ERR_NO_USER_ID;
1316 : }
1317 :
1318 : #ifdef USE_TOFU
1319 247 : if (! rc && (opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
1320 : {
1321 : PK_LIST iter;
1322 0 : for (iter = pk_list; iter; iter = iter->next)
1323 : {
1324 : int rc2;
1325 :
1326 : /* Note: we already resolved any conflict when looking up
1327 : the key. Don't annoy the user again if she selected
1328 : accept once. */
1329 0 : rc2 = tofu_register_encryption (ctrl, iter->pk, NULL, 0);
1330 0 : if (rc2)
1331 0 : log_info ("WARNING: Failed to register encryption to %s"
1332 : " with TOFU engine\n",
1333 : keystr (pk_main_keyid (iter->pk)));
1334 0 : else if (DBG_TRUST)
1335 0 : log_debug ("Registered encryption to %s with TOFU DB.\n",
1336 : keystr (pk_main_keyid (iter->pk)));
1337 : }
1338 : }
1339 : #endif /*USE_TOFU*/
1340 :
1341 : fail:
1342 :
1343 247 : if ( rc )
1344 0 : release_pk_list( pk_list );
1345 : else
1346 247 : *ret_pk_list = pk_list;
1347 247 : if (opt.grouplist)
1348 0 : free_strlist(remusr);
1349 247 : return rc;
1350 : }
1351 :
1352 :
1353 : /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
1354 : CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
1355 : and all compressions except none (0) and ZIP (1). pgp7 and pgp8
1356 : mode expands the cipher list to include AES128 (7), AES192 (8),
1357 : AES256 (9), and TWOFISH (10). pgp8 adds the SHA-256 hash (8). For
1358 : a true PGP key all of this is unneeded as they are the only items
1359 : present in the preferences subpacket, but checking here covers the
1360 : weird case of encrypting to a key that had preferences from a
1361 : different implementation which was then used with PGP. I am not
1362 : completely comfortable with this as the right thing to do, as it
1363 : slightly alters the list of what the user is supposedly requesting.
1364 : It is not against the RFC however, as the preference chosen will
1365 : never be one that the user didn't specify somewhere ("The
1366 : implementation may use any mechanism to pick an algorithm in the
1367 : intersection"), and PGP has no mechanism to fix such a broken
1368 : preference list, so I'm including it. -dms */
1369 :
1370 : int
1371 2259 : algo_available( preftype_t preftype, int algo, const union pref_hint *hint)
1372 : {
1373 2259 : if( preftype == PREFTYPE_SYM )
1374 : {
1375 1602 : if(PGP6 && (algo != CIPHER_ALGO_IDEA
1376 0 : && algo != CIPHER_ALGO_3DES
1377 0 : && algo != CIPHER_ALGO_CAST5))
1378 0 : return 0;
1379 :
1380 1602 : if(PGP7 && (algo != CIPHER_ALGO_IDEA
1381 0 : && algo != CIPHER_ALGO_3DES
1382 0 : && algo != CIPHER_ALGO_CAST5
1383 0 : && algo != CIPHER_ALGO_AES
1384 0 : && algo != CIPHER_ALGO_AES192
1385 0 : && algo != CIPHER_ALGO_AES256
1386 0 : && algo != CIPHER_ALGO_TWOFISH))
1387 0 : return 0;
1388 :
1389 : /* PGP8 supports all the ciphers we do.. */
1390 :
1391 1602 : return algo && !openpgp_cipher_test_algo ( algo );
1392 : }
1393 657 : else if( preftype == PREFTYPE_HASH )
1394 : {
1395 28 : if (hint && hint->digest_length)
1396 : {
1397 24 : if (hint->digest_length!=20 || opt.flags.dsa2)
1398 : {
1399 : /* If --enable-dsa2 is set or the hash isn't 160 bits
1400 : (which implies DSA2), then we'll accept a hash that
1401 : is larger than we need. Otherwise we won't accept
1402 : any hash that isn't exactly the right size. */
1403 0 : if (hint->digest_length > gcry_md_get_algo_dlen (algo))
1404 0 : return 0;
1405 : }
1406 24 : else if (hint->digest_length != gcry_md_get_algo_dlen (algo))
1407 0 : return 0;
1408 : }
1409 :
1410 28 : if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
1411 0 : && algo != DIGEST_ALGO_SHA1
1412 0 : && algo != DIGEST_ALGO_RMD160))
1413 0 : return 0;
1414 :
1415 :
1416 28 : if(PGP8 && (algo != DIGEST_ALGO_MD5
1417 0 : && algo != DIGEST_ALGO_SHA1
1418 0 : && algo != DIGEST_ALGO_RMD160
1419 0 : && algo != DIGEST_ALGO_SHA256))
1420 0 : return 0;
1421 :
1422 28 : return algo && !openpgp_md_test_algo (algo);
1423 : }
1424 629 : else if( preftype == PREFTYPE_ZIP )
1425 : {
1426 629 : if((PGP6 || PGP7) && (algo != COMPRESS_ALGO_NONE
1427 0 : && algo != COMPRESS_ALGO_ZIP))
1428 0 : return 0;
1429 :
1430 : /* PGP8 supports all the compression algos we do */
1431 :
1432 629 : return !check_compress_algo( algo );
1433 : }
1434 : else
1435 0 : return 0;
1436 : }
1437 :
1438 : /****************
1439 : * Return -1 if we could not find an algorithm.
1440 : */
1441 : int
1442 1116 : select_algo_from_prefs(PK_LIST pk_list, int preftype,
1443 : int request, const union pref_hint *hint)
1444 : {
1445 : PK_LIST pkr;
1446 : u32 bits[8];
1447 : const prefitem_t *prefs;
1448 1116 : int result=-1,i;
1449 : u16 scores[256];
1450 :
1451 1116 : if( !pk_list )
1452 202 : return -1;
1453 :
1454 914 : memset(bits,0xFF,sizeof(bits));
1455 914 : memset(scores,0,sizeof(scores));
1456 :
1457 1864 : for( pkr = pk_list; pkr; pkr = pkr->next )
1458 : {
1459 : u32 mask[8];
1460 950 : int rank=1,implicit=-1;
1461 :
1462 950 : memset(mask,0,sizeof(mask));
1463 :
1464 950 : switch(preftype)
1465 : {
1466 : case PREFTYPE_SYM:
1467 : /* IDEA is implicitly there for v3 keys with v3 selfsigs if
1468 : --pgp2 mode is on. This was a 2440 thing that was
1469 : dropped from 4880 but is still relevant to GPG's 1991
1470 : support. All this doesn't mean IDEA is actually
1471 : available, of course. */
1472 667 : implicit=CIPHER_ALGO_3DES;
1473 :
1474 667 : break;
1475 :
1476 : case PREFTYPE_HASH:
1477 : /* While I am including this code for completeness, note
1478 : that currently --pgp2 mode locks the hash at MD5, so this
1479 : code will never even be called. Even if the hash wasn't
1480 : locked at MD5, we don't support sign+encrypt in --pgp2
1481 : mode, and that's the only time PREFTYPE_HASH is used
1482 : anyway. -dms */
1483 :
1484 28 : implicit=DIGEST_ALGO_SHA1;
1485 :
1486 28 : break;
1487 :
1488 : case PREFTYPE_ZIP:
1489 : /* Uncompressed is always an option. */
1490 255 : implicit=COMPRESS_ALGO_NONE;
1491 : }
1492 :
1493 950 : if (pkr->pk->user_id) /* selected by user ID */
1494 269 : prefs = pkr->pk->user_id->prefs;
1495 : else
1496 681 : prefs = pkr->pk->prefs;
1497 :
1498 950 : if( prefs )
1499 : {
1500 6373 : for (i=0; prefs[i].type; i++ )
1501 : {
1502 5423 : if( prefs[i].type == preftype )
1503 : {
1504 : /* Make sure all scores don't add up past 0xFFFF
1505 : (and roll around) */
1506 2827 : if(rank+scores[prefs[i].value]<=0xFFFF)
1507 2827 : scores[prefs[i].value]+=rank;
1508 : else
1509 0 : scores[prefs[i].value]=0xFFFF;
1510 :
1511 2827 : mask[prefs[i].value/32] |= 1<<(prefs[i].value%32);
1512 :
1513 2827 : rank++;
1514 :
1515 : /* We saw the implicit algorithm, so we don't need
1516 : tack it on the end ourselves. */
1517 2827 : if(implicit==prefs[i].value)
1518 672 : implicit=-1;
1519 : }
1520 : }
1521 : }
1522 :
1523 950 : if(rank==1 && preftype==PREFTYPE_ZIP)
1524 : {
1525 : /* If the compression preferences are not present, they are
1526 : assumed to be ZIP, Uncompressed (RFC4880:13.3.1) */
1527 98 : scores[1]=1; /* ZIP is first choice */
1528 98 : scores[0]=2; /* Uncompressed is second choice */
1529 98 : mask[0]|=3;
1530 : }
1531 :
1532 : /* If the key didn't have the implicit algorithm listed
1533 : explicitly, add it here at the tail of the list. */
1534 950 : if(implicit>-1)
1535 : {
1536 278 : scores[implicit]+=rank;
1537 278 : mask[implicit/32] |= 1<<(implicit%32);
1538 : }
1539 :
1540 8550 : for(i=0;i<8;i++)
1541 7600 : bits[i]&=mask[i];
1542 : }
1543 :
1544 : /* We've now scored all of the algorithms, and the usable ones have
1545 : bits set. Let's pick the winner. */
1546 :
1547 : /* The caller passed us a request. Can we use it? */
1548 978 : if(request>-1 && (bits[request/32] & (1<<(request%32))) &&
1549 64 : algo_available(preftype,request,hint))
1550 64 : result=request;
1551 :
1552 914 : if(result==-1)
1553 : {
1554 : /* If we have personal prefs set, use them. */
1555 850 : prefs=NULL;
1556 850 : if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs)
1557 0 : prefs=opt.personal_cipher_prefs;
1558 850 : else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs)
1559 0 : prefs=opt.personal_digest_prefs;
1560 850 : else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs)
1561 0 : prefs=opt.personal_compress_prefs;
1562 :
1563 850 : if( prefs )
1564 0 : for(i=0; prefs[i].type; i++ )
1565 : {
1566 0 : if(bits[prefs[i].value/32] & (1<<(prefs[i].value%32))
1567 0 : && algo_available( preftype, prefs[i].value, hint))
1568 : {
1569 0 : result = prefs[i].value;
1570 0 : break;
1571 : }
1572 : }
1573 : }
1574 :
1575 914 : if(result==-1)
1576 : {
1577 850 : unsigned int best=-1;
1578 :
1579 : /* At this point, we have not selected an algorithm due to a
1580 : special request or via personal prefs. Pick the highest
1581 : ranked algorithm (i.e. the one with the lowest score). */
1582 :
1583 850 : if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5])
1584 : {
1585 : /* "If you are building an authentication system, the recipient
1586 : may specify a preferred signing algorithm. However, the
1587 : signer would be foolish to use a weak algorithm simply
1588 : because the recipient requests it." (RFC4880:14). If any
1589 : other hash algorithm is available, pretend that MD5 isn't.
1590 : Note that if the user intentionally chose MD5 by putting it
1591 : in their personal prefs, then we do what the user said (as we
1592 : never reach this code). */
1593 :
1594 0 : for(i=DIGEST_ALGO_MD5+1;i<256;i++)
1595 0 : if(scores[i])
1596 : {
1597 0 : scores[DIGEST_ALGO_MD5]=0;
1598 0 : break;
1599 : }
1600 : }
1601 :
1602 218450 : for(i=0;i<256;i++)
1603 : {
1604 : /* Note the '<' here. This means in case of a tie, we will
1605 : favor the lower algorithm number. We have a choice
1606 : between the lower number (probably an older algorithm
1607 : with more time in use), or the higher number (probably a
1608 : newer algorithm with less time in use). Older is
1609 : probably safer here, even though the newer algorithms
1610 : tend to be "stronger". */
1611 217600 : if(scores[i] && scores[i]<best
1612 2280 : && (bits[i/32] & (1<<(i%32)))
1613 2195 : && algo_available(preftype,i,hint))
1614 : {
1615 2195 : best=scores[i];
1616 2195 : result=i;
1617 : }
1618 : }
1619 : }
1620 :
1621 914 : return result;
1622 : }
1623 :
1624 : /*
1625 : * Select the MDC flag from the pk_list. We can only use MDC if all
1626 : * recipients support this feature.
1627 : */
1628 : int
1629 280 : select_mdc_from_pklist (PK_LIST pk_list)
1630 : {
1631 : PK_LIST pkr;
1632 :
1633 280 : if ( !pk_list )
1634 33 : return 0;
1635 :
1636 399 : for (pkr = pk_list; pkr; pkr = pkr->next)
1637 : {
1638 : int mdc;
1639 :
1640 250 : if (pkr->pk->user_id) /* selected by user ID */
1641 125 : mdc = pkr->pk->user_id->flags.mdc;
1642 : else
1643 125 : mdc = pkr->pk->flags.mdc;
1644 250 : if (!mdc)
1645 98 : return 0; /* At least one recipient does not support it. */
1646 : }
1647 149 : return 1; /* Can be used. */
1648 : }
1649 :
1650 :
1651 : /* Print a warning for all keys in PK_LIST missing the MDC feature. */
1652 : void
1653 0 : warn_missing_mdc_from_pklist (PK_LIST pk_list)
1654 : {
1655 : PK_LIST pkr;
1656 :
1657 0 : for (pkr = pk_list; pkr; pkr = pkr->next)
1658 : {
1659 : int mdc;
1660 :
1661 0 : if (pkr->pk->user_id) /* selected by user ID */
1662 0 : mdc = pkr->pk->user_id->flags.mdc;
1663 : else
1664 0 : mdc = pkr->pk->flags.mdc;
1665 0 : if (!mdc)
1666 0 : log_info (_("Note: key %s has no %s feature\n"),
1667 : keystr_from_pk (pkr->pk), "MDC");
1668 : }
1669 0 : }
1670 :
1671 : void
1672 0 : warn_missing_aes_from_pklist (PK_LIST pk_list)
1673 : {
1674 : PK_LIST pkr;
1675 :
1676 0 : for (pkr = pk_list; pkr; pkr = pkr->next)
1677 : {
1678 : const prefitem_t *prefs;
1679 : int i;
1680 0 : int gotit = 0;
1681 :
1682 0 : prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
1683 0 : if (prefs)
1684 : {
1685 0 : for (i=0; !gotit && prefs[i].type; i++ )
1686 0 : if (prefs[i].type == PREFTYPE_SYM
1687 0 : && prefs[i].value == CIPHER_ALGO_AES)
1688 0 : gotit++;
1689 : }
1690 0 : if (!gotit)
1691 0 : log_info (_("Note: key %s has no preference for %s\n"),
1692 : keystr_from_pk (pkr->pk), "AES");
1693 : }
1694 0 : }
|