Line data Source code
1 : /* trust.c - High level trust functions
2 : * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 : * 2008, 2012 Free Software Foundation, Inc.
4 : * Copyright (C) 2014 Werner Koch
5 : *
6 : * This file is part of GnuPG.
7 : *
8 : * GnuPG is free software; you can redistribute it and/or modify
9 : * it under the terms of the GNU General Public License as published by
10 : * the Free Software Foundation; either version 3 of the License, or
11 : * (at your option) any later version.
12 : *
13 : * GnuPG is distributed in the hope that it will be useful,
14 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : * GNU General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU General Public License
19 : * along with this program; if not, see <https://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include <config.h>
23 : #include <stdio.h>
24 : #include <stdlib.h>
25 : #include <string.h>
26 :
27 : #include "gpg.h"
28 : #include "keydb.h"
29 : #include "util.h"
30 : #include "options.h"
31 : #include "packet.h"
32 : #include "main.h"
33 : #include "i18n.h"
34 : #include "trustdb.h"
35 : #include "host2net.h"
36 :
37 :
38 : /* Return true if key is disabled. Note that this is usually used via
39 : the pk_is_disabled macro. */
40 : int
41 314 : cache_disabled_value (PKT_public_key *pk)
42 : {
43 : #ifdef NO_TRUST_MODELS
44 : (void)pk;
45 : return 0;
46 : #else
47 314 : return tdb_cache_disabled_value (pk);
48 : #endif
49 : }
50 :
51 :
52 : void
53 3 : register_trusted_keyid (u32 *keyid)
54 : {
55 : #ifdef NO_TRUST_MODELS
56 : (void)keyid;
57 : #else
58 3 : tdb_register_trusted_keyid (keyid);
59 : #endif
60 3 : }
61 :
62 :
63 : void
64 0 : register_trusted_key (const char *string)
65 : {
66 : #ifdef NO_TRUST_MODELS
67 : (void)string;
68 : #else
69 0 : tdb_register_trusted_key (string);
70 : #endif
71 0 : }
72 :
73 :
74 : �
75 : /*
76 : * This function returns a letter for a trust value. Trust flags
77 : * are ignored.
78 : */
79 : static int
80 292 : trust_letter (unsigned int value)
81 : {
82 292 : switch( (value & TRUST_MASK) )
83 : {
84 175 : case TRUST_UNKNOWN: return '-';
85 3 : case TRUST_EXPIRED: return 'e';
86 12 : case TRUST_UNDEFINED: return 'q';
87 28 : case TRUST_NEVER: return 'n';
88 27 : case TRUST_MARGINAL: return 'm';
89 29 : case TRUST_FULLY: return 'f';
90 18 : case TRUST_ULTIMATE: return 'u';
91 0 : default: return '?';
92 : }
93 : }
94 :
95 :
96 : /* The strings here are similar to those in
97 : pkclist.c:do_edit_ownertrust() */
98 : const char *
99 388 : trust_value_to_string (unsigned int value)
100 : {
101 388 : switch ((value & TRUST_MASK))
102 : {
103 354 : case TRUST_UNKNOWN: return _("unknown");
104 0 : case TRUST_EXPIRED: return _("expired");
105 5 : case TRUST_UNDEFINED: return _("undefined");
106 0 : case TRUST_NEVER: return _("never");
107 19 : case TRUST_MARGINAL: return _("marginal");
108 6 : case TRUST_FULLY: return _("full");
109 4 : case TRUST_ULTIMATE: return _("ultimate");
110 0 : default: return "err";
111 : }
112 : }
113 :
114 :
115 : int
116 0 : string_to_trust_value (const char *str)
117 : {
118 0 : if (!ascii_strcasecmp (str, "undefined"))
119 0 : return TRUST_UNDEFINED;
120 0 : else if (!ascii_strcasecmp (str, "never"))
121 0 : return TRUST_NEVER;
122 0 : else if (!ascii_strcasecmp (str, "marginal"))
123 0 : return TRUST_MARGINAL;
124 0 : else if (!ascii_strcasecmp (str, "full"))
125 0 : return TRUST_FULLY;
126 0 : else if (!ascii_strcasecmp(str, "ultimate"))
127 0 : return TRUST_ULTIMATE;
128 : else
129 0 : return -1;
130 : }
131 :
132 :
133 : const char *
134 52 : uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
135 : {
136 52 : if (!key && !uid)
137 : {
138 : /* TRANSLATORS: these strings are similar to those in
139 : trust_value_to_string(), but are a fixed length. This is needed to
140 : make attractive information listings where columns line up
141 : properly. The value "10" should be the length of the strings you
142 : choose to translate to. This is the length in printable columns.
143 : It gets passed to atoi() so everything after the number is
144 : essentially a comment and need not be translated. Either key and
145 : uid are both NULL, or neither are NULL. */
146 26 : return _("10 translator see trust.c:uid_trust_string_fixed");
147 : }
148 26 : else if(uid->is_revoked || (key && key->flags.revoked))
149 0 : return _("[ revoked]");
150 26 : else if(uid->is_expired)
151 0 : return _("[ expired]");
152 26 : else if(key)
153 : {
154 26 : switch (get_validity (ctrl, NULL, key, uid, NULL, 0) & TRUST_MASK)
155 : {
156 26 : case TRUST_UNKNOWN: return _("[ unknown]");
157 0 : case TRUST_EXPIRED: return _("[ expired]");
158 0 : case TRUST_UNDEFINED: return _("[ undef ]");
159 0 : case TRUST_NEVER: return _("[ never ]");
160 0 : case TRUST_MARGINAL: return _("[marginal]");
161 0 : case TRUST_FULLY: return _("[ full ]");
162 0 : case TRUST_ULTIMATE: return _("[ultimate]");
163 : }
164 : }
165 :
166 0 : return "err";
167 : }
168 :
169 :
170 : �
171 : /*
172 : * Return the assigned ownertrust value for the given public key.
173 : * The key should be the primary key.
174 : */
175 : unsigned int
176 3 : get_ownertrust (PKT_public_key *pk)
177 : {
178 : #ifdef NO_TRUST_MODELS
179 : (void)pk;
180 : return TRUST_UNKNOWN;
181 : #else
182 3 : return tdb_get_ownertrust (pk);
183 : #endif
184 : }
185 :
186 :
187 : /*
188 : * Same as get_ownertrust but this takes the minimum ownertrust value
189 : * into into account, and will bump up the value as needed.
190 : */
191 : static int
192 100 : get_ownertrust_with_min (PKT_public_key *pk)
193 : {
194 : #ifdef NO_TRUST_MODELS
195 : (void)pk;
196 : return TRUST_UNKNOWN;
197 : #else
198 : unsigned int otrust, otrust_min;
199 :
200 100 : otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
201 100 : otrust_min = tdb_get_min_ownertrust (pk);
202 100 : if (otrust < otrust_min)
203 : {
204 : /* If the trust that the user has set is less than the trust
205 : that was calculated from a trust signature chain, use the
206 : higher of the two. We do this here and not in
207 : get_ownertrust since the underlying ownertrust should not
208 : really be set - just the appearance of the ownertrust. */
209 :
210 0 : otrust = otrust_min;
211 : }
212 :
213 100 : return otrust;
214 : #endif
215 : }
216 :
217 :
218 : /*
219 : * Same as get_ownertrust but return a trust letter instead of an
220 : * value. This takes the minimum ownertrust value into account.
221 : */
222 : int
223 100 : get_ownertrust_info (PKT_public_key *pk)
224 : {
225 100 : return trust_letter (get_ownertrust_with_min (pk));
226 : }
227 :
228 :
229 : /*
230 : * Same as get_ownertrust but return a trust string instead of an
231 : * value. This takes the minimum ownertrust value into account.
232 : */
233 : const char *
234 0 : get_ownertrust_string (PKT_public_key *pk)
235 : {
236 0 : return trust_value_to_string (get_ownertrust_with_min (pk));
237 : }
238 :
239 :
240 : /*
241 : * Set the trust value of the given public key to the new value.
242 : * The key should be a primary one.
243 : */
244 : void
245 3 : update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
246 : {
247 : #ifdef NO_TRUST_MODELS
248 : (void)pk;
249 : (void)new_trust;
250 : #else
251 3 : tdb_update_ownertrust (pk, new_trust);
252 : #endif
253 3 : }
254 :
255 :
256 : int
257 235 : clear_ownertrusts (PKT_public_key *pk)
258 : {
259 : #ifdef NO_TRUST_MODELS
260 : (void)pk;
261 : return 0;
262 : #else
263 235 : return tdb_clear_ownertrusts (pk);
264 : #endif
265 : }
266 :
267 :
268 : void
269 13 : revalidation_mark (void)
270 : {
271 : #ifndef NO_TRUST_MODELS
272 13 : tdb_revalidation_mark ();
273 : #endif
274 13 : }
275 :
276 :
277 : void
278 432 : check_trustdb_stale (ctrl_t ctrl)
279 : {
280 : #ifndef NO_TRUST_MODELS
281 432 : tdb_check_trustdb_stale (ctrl);
282 : #else
283 : (void)ctrl;
284 : #endif
285 432 : }
286 :
287 :
288 : void
289 70 : check_or_update_trustdb (ctrl_t ctrl)
290 : {
291 : #ifndef NO_TRUST_MODELS
292 70 : tdb_check_or_update (ctrl);
293 : #else
294 : (void)ctrl;
295 : #endif
296 70 : }
297 :
298 :
299 : /*
300 : * Return the validity information for KB/PK (at least one must be
301 : * non-NULL). If the namehash is not NULL, the validity of the
302 : * corresponding user ID is returned, otherwise, a reasonable value
303 : * for the entire key is returned.
304 : */
305 : unsigned int
306 932 : get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
307 : PKT_signature *sig, int may_ask)
308 : {
309 : int rc;
310 : unsigned int validity;
311 : u32 kid[2];
312 : PKT_public_key *main_pk;
313 :
314 932 : if (kb && pk)
315 630 : log_assert (keyid_cmp (pk_main_keyid (pk),
316 : pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
317 :
318 932 : if (! pk)
319 : {
320 0 : log_assert (kb);
321 0 : pk = kb->pkt->pkt.public_key;
322 : }
323 :
324 932 : if (uid)
325 684 : namehash_from_uid (uid);
326 :
327 932 : keyid_from_pk (pk, kid);
328 932 : if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
329 : {
330 : /* This is a subkey - get the mainkey. */
331 488 : if (kb)
332 0 : main_pk = kb->pkt->pkt.public_key;
333 : else
334 : {
335 244 : main_pk = xmalloc_clear (sizeof *main_pk);
336 244 : rc = get_pubkey (main_pk, pk->main_keyid);
337 244 : if (rc)
338 : {
339 0 : char *tempkeystr = xstrdup (keystr (pk->main_keyid));
340 0 : log_error ("error getting main key %s of subkey %s: %s\n",
341 : tempkeystr, keystr (kid), gpg_strerror (rc));
342 0 : xfree (tempkeystr);
343 0 : validity = TRUST_UNKNOWN;
344 0 : goto leave;
345 : }
346 : }
347 : }
348 : else
349 688 : main_pk = pk;
350 :
351 : #ifdef NO_TRUST_MODELS
352 : validity = TRUST_UNKNOWN;
353 : #else
354 932 : validity = tdb_get_validity_core (ctrl, kb, pk, uid, main_pk, sig, may_ask);
355 : #endif
356 :
357 : leave:
358 : /* Set some flags direct from the key */
359 932 : if (main_pk->flags.revoked)
360 0 : validity |= TRUST_FLAG_REVOKED;
361 932 : if (main_pk != pk && pk->flags.revoked)
362 0 : validity |= TRUST_FLAG_SUB_REVOKED;
363 : /* Note: expiration is a trust value and not a flag - don't know why
364 : * I initially designed it that way. */
365 932 : if (main_pk->has_expired || pk->has_expired)
366 11 : validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
367 : | TRUST_EXPIRED);
368 :
369 932 : if (main_pk != pk && !kb)
370 244 : free_public_key (main_pk);
371 932 : return validity;
372 : }
373 :
374 :
375 : int
376 192 : get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
377 : PKT_user_id *uid)
378 : {
379 : int trustlevel;
380 :
381 192 : if (kb && pk)
382 192 : log_assert (keyid_cmp (pk_main_keyid (pk),
383 : pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
384 :
385 192 : if (! pk && kb)
386 0 : pk = kb->pkt->pkt.public_key;
387 192 : if (!pk)
388 0 : return '?'; /* Just in case a NULL PK is passed. */
389 :
390 192 : trustlevel = get_validity (ctrl, kb, pk, uid, NULL, 0);
391 192 : if ((trustlevel & TRUST_FLAG_REVOKED))
392 0 : return 'r';
393 192 : return trust_letter (trustlevel);
394 : }
395 :
396 :
397 : const char *
398 0 : get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
399 : {
400 : int trustlevel;
401 :
402 0 : if (!pk)
403 0 : return "err"; /* Just in case a NULL PK is passed. */
404 :
405 0 : trustlevel = get_validity (ctrl, NULL, pk, uid, NULL, 0);
406 0 : if ((trustlevel & TRUST_FLAG_REVOKED))
407 0 : return _("revoked");
408 0 : return trust_value_to_string (trustlevel);
409 : }
410 :
411 :
412 : �
413 : /*
414 : * Mark the signature of the given UID which are used to certify it.
415 : * To do this, we first revmove all signatures which are not valid and
416 : * from the remain ones we look for the latest one. If this is not a
417 : * certification revocation signature we mark the signature by setting
418 : * node flag bit 8. Revocations are marked with flag 11, and sigs
419 : * from unavailable keys are marked with flag 12. Note that flag bits
420 : * 9 and 10 are used for internal purposes.
421 : */
422 : void
423 0 : mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
424 : u32 *main_kid, struct key_item *klist,
425 : u32 curtime, u32 *next_expire)
426 : {
427 : kbnode_t node;
428 : PKT_signature *sig;
429 :
430 : /* First check all signatures. */
431 0 : for (node=uidnode->next; node; node = node->next)
432 : {
433 : int rc;
434 :
435 0 : node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
436 0 : if (node->pkt->pkttype == PKT_USER_ID
437 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
438 : break; /* ready */
439 0 : if (node->pkt->pkttype != PKT_SIGNATURE)
440 0 : continue;
441 0 : sig = node->pkt->pkt.signature;
442 0 : if (main_kid
443 0 : && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
444 0 : continue; /* ignore self-signatures if we pass in a main_kid */
445 0 : if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
446 0 : continue; /* we only look at these signature classes */
447 0 : if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
448 0 : sig->sig_class-0x10<opt.min_cert_level)
449 0 : continue; /* treat anything under our min_cert_level as an
450 : invalid signature */
451 0 : if (klist && !is_in_klist (klist, sig))
452 0 : continue; /* no need to check it then */
453 0 : if ((rc=check_key_signature (keyblock, node, NULL)))
454 : {
455 : /* we ignore anything that won't verify, but tag the
456 : no_pubkey case */
457 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
458 0 : node->flag |= 1<<12;
459 0 : continue;
460 : }
461 0 : node->flag |= 1<<9;
462 : }
463 : /* Reset the remaining flags. */
464 0 : for (; node; node = node->next)
465 0 : node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
466 :
467 : /* kbnode flag usage: bit 9 is here set for signatures to consider,
468 : * bit 10 will be set by the loop to keep track of keyIDs already
469 : * processed, bit 8 will be set for the usable signatures, and bit
470 : * 11 will be set for usable revocations. */
471 :
472 : /* For each cert figure out the latest valid one. */
473 0 : for (node=uidnode->next; node; node = node->next)
474 : {
475 : KBNODE n, signode;
476 : u32 kid[2];
477 : u32 sigdate;
478 :
479 0 : if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
480 0 : break;
481 0 : if ( !(node->flag & (1<<9)) )
482 0 : continue; /* not a node to look at */
483 0 : if ( (node->flag & (1<<10)) )
484 0 : continue; /* signature with a keyID already processed */
485 0 : node->flag |= (1<<10); /* mark this node as processed */
486 0 : sig = node->pkt->pkt.signature;
487 0 : signode = node;
488 0 : sigdate = sig->timestamp;
489 0 : kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
490 :
491 : /* Now find the latest and greatest signature */
492 0 : for (n=uidnode->next; n; n = n->next)
493 : {
494 0 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
495 0 : break;
496 0 : if ( !(n->flag & (1<<9)) )
497 0 : continue;
498 0 : if ( (n->flag & (1<<10)) )
499 0 : continue; /* shortcut already processed signatures */
500 0 : sig = n->pkt->pkt.signature;
501 0 : if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
502 0 : continue;
503 0 : n->flag |= (1<<10); /* mark this node as processed */
504 :
505 : /* If signode is nonrevocable and unexpired and n isn't,
506 : then take signode (skip). It doesn't matter which is
507 : older: if signode was older then we don't want to take n
508 : as signode is nonrevocable. If n was older then we're
509 : automatically fine. */
510 :
511 0 : if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
512 0 : !signode->pkt->pkt.signature->flags.revocable &&
513 0 : (signode->pkt->pkt.signature->expiredate==0 ||
514 0 : signode->pkt->pkt.signature->expiredate>curtime))) &&
515 0 : (!(IS_UID_SIG(n->pkt->pkt.signature) &&
516 0 : !n->pkt->pkt.signature->flags.revocable &&
517 0 : (n->pkt->pkt.signature->expiredate==0 ||
518 0 : n->pkt->pkt.signature->expiredate>curtime))))
519 0 : continue;
520 :
521 : /* If n is nonrevocable and unexpired and signode isn't,
522 : then take n. Again, it doesn't matter which is older: if
523 : n was older then we don't want to take signode as n is
524 : nonrevocable. If signode was older then we're
525 : automatically fine. */
526 :
527 0 : if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
528 0 : !signode->pkt->pkt.signature->flags.revocable &&
529 0 : (signode->pkt->pkt.signature->expiredate==0 ||
530 0 : signode->pkt->pkt.signature->expiredate>curtime))) &&
531 0 : ((IS_UID_SIG(n->pkt->pkt.signature) &&
532 0 : !n->pkt->pkt.signature->flags.revocable &&
533 0 : (n->pkt->pkt.signature->expiredate==0 ||
534 0 : n->pkt->pkt.signature->expiredate>curtime))))
535 : {
536 0 : signode = n;
537 0 : sigdate = sig->timestamp;
538 0 : continue;
539 : }
540 :
541 : /* At this point, if it's newer, it goes in as the only
542 : remaining possibilities are signode and n are both either
543 : revocable or expired or both nonrevocable and unexpired.
544 : If the timestamps are equal take the later ordered
545 : packet, presuming that the key packets are hopefully in
546 : their original order. */
547 :
548 0 : if (sig->timestamp >= sigdate)
549 : {
550 0 : signode = n;
551 0 : sigdate = sig->timestamp;
552 : }
553 : }
554 :
555 0 : sig = signode->pkt->pkt.signature;
556 0 : if (IS_UID_SIG (sig))
557 : { /* this seems to be a usable one which is not revoked.
558 : * Just need to check whether there is an expiration time,
559 : * We do the expired certification after finding a suitable
560 : * certification, the assumption is that a signator does not
561 : * want that after the expiration of his certificate the
562 : * system falls back to an older certification which has a
563 : * different expiration time */
564 : const byte *p;
565 : u32 expire;
566 :
567 0 : p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
568 0 : expire = p? sig->timestamp + buf32_to_u32(p) : 0;
569 :
570 0 : if (expire==0 || expire > curtime )
571 : {
572 0 : signode->flag |= (1<<8); /* yeah, found a good cert */
573 0 : if (next_expire && expire && expire < *next_expire)
574 0 : *next_expire = expire;
575 : }
576 : }
577 : else
578 0 : signode->flag |= (1<<11);
579 : }
580 0 : }
581 :
582 :
583 : static int
584 0 : clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
585 : int noisy, int self_only)
586 : {
587 0 : int deleted = 0;
588 : kbnode_t node;
589 : u32 keyid[2];
590 :
591 0 : log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
592 :
593 0 : keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
594 :
595 : /* Passing in a 0 for current time here means that we'll never weed
596 : out an expired sig. This is correct behavior since we want to
597 : keep the most recent expired sig in a series. */
598 0 : mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
599 :
600 : /* What we want to do here is remove signatures that are not
601 : considered as part of the trust calculations. Thus, all invalid
602 : signatures are out, as are any signatures that aren't the last of
603 : a series of uid sigs or revocations It breaks down like this:
604 : coming out of mark_usable_uid_certs, if a sig is unflagged, it is
605 : not even a candidate. If a sig has flag 9 or 10, that means it
606 : was selected as a candidate and vetted. If a sig has flag 8 it
607 : is a usable signature. If a sig has flag 11 it is a usable
608 : revocation. If a sig has flag 12 it was issued by an unavailable
609 : key. "Usable" here means the most recent valid
610 : signature/revocation in a series from a particular signer.
611 :
612 : Delete everything that isn't a usable uid sig (which might be
613 : expired), a usable revocation, or a sig from an unavailable
614 : key. */
615 :
616 0 : for (node=uidnode->next;
617 0 : node && node->pkt->pkttype==PKT_SIGNATURE;
618 0 : node=node->next)
619 : {
620 : int keep;
621 :
622 0 : keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
623 0 : && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
624 :
625 : /* Keep usable uid sigs ... */
626 0 : if ((node->flag & (1<<8)) && keep)
627 0 : continue;
628 :
629 : /* ... and usable revocations... */
630 0 : if ((node->flag & (1<<11)) && keep)
631 0 : continue;
632 :
633 : /* ... and sigs from unavailable keys. */
634 : /* disabled for now since more people seem to want sigs from
635 : unavailable keys removed altogether. */
636 : /*
637 : if(node->flag & (1<<12))
638 : continue;
639 : */
640 :
641 : /* Everything else we delete */
642 :
643 : /* At this point, if 12 is set, the signing key was unavailable.
644 : If 9 or 10 is set, it's superseded. Otherwise, it's
645 : invalid. */
646 :
647 0 : if (noisy)
648 0 : log_info ("removing signature from key %s on user ID \"%s\": %s\n",
649 0 : keystr (node->pkt->pkt.signature->keyid),
650 0 : uidnode->pkt->pkt.user_id->name,
651 0 : node->flag&(1<<12)? "key unavailable":
652 0 : node->flag&(1<<9)? "signature superseded"
653 0 : /* */ :"invalid signature" );
654 :
655 0 : delete_kbnode (node);
656 0 : deleted++;
657 : }
658 :
659 0 : return deleted;
660 : }
661 :
662 :
663 : /* This is substantially easier than clean_sigs_from_uid since we just
664 : have to establish if the uid has a valid self-sig, is not revoked,
665 : and is not expired. Note that this does not take into account
666 : whether the uid has a trust path to it - just whether the keyholder
667 : themselves has certified the uid. Returns true if the uid was
668 : compacted. To "compact" a user ID, we simply remove ALL signatures
669 : except the self-sig that caused the user ID to be remove-worthy.
670 : We don't actually remove the user ID packet itself since it might
671 : be resurrected in a later merge. Note that this function requires
672 : that the caller has already done a merge_keys_and_selfsig().
673 :
674 : TODO: change the import code to allow importing a uid with only a
675 : revocation if the uid already exists on the keyring. */
676 :
677 : static int
678 0 : clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
679 : {
680 : kbnode_t node;
681 0 : PKT_user_id *uid = uidnode->pkt->pkt.user_id;
682 0 : int deleted = 0;
683 :
684 0 : log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
685 0 : log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
686 :
687 : /* Skip valid user IDs, compacted user IDs, and non-self-signed user
688 : IDs if --allow-non-selfsigned-uid is set. */
689 0 : if (uid->created
690 0 : || uid->flags.compacted
691 0 : || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
692 0 : return 0;
693 :
694 0 : for (node=uidnode->next;
695 0 : node && node->pkt->pkttype == PKT_SIGNATURE;
696 0 : node=node->next)
697 : {
698 0 : if (!node->pkt->pkt.signature->flags.chosen_selfsig)
699 : {
700 0 : delete_kbnode (node);
701 0 : deleted = 1;
702 0 : uidnode->pkt->pkt.user_id->flags.compacted = 1;
703 : }
704 : }
705 :
706 0 : if (noisy)
707 : {
708 : const char *reason;
709 0 : char *user = utf8_to_native (uid->name, uid->len, 0);
710 :
711 0 : if (uid->is_revoked)
712 0 : reason = _("revoked");
713 0 : else if (uid->is_expired)
714 0 : reason = _("expired");
715 : else
716 0 : reason = _("invalid");
717 :
718 0 : log_info ("compacting user ID \"%s\" on key %s: %s\n",
719 0 : user, keystr_from_pk (keyblock->pkt->pkt.public_key),
720 : reason);
721 :
722 0 : xfree (user);
723 : }
724 :
725 0 : return deleted;
726 : }
727 :
728 :
729 : /* Needs to be called after a merge_keys_and_selfsig() */
730 : void
731 0 : clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
732 : int *uids_cleaned, int *sigs_cleaned)
733 : {
734 0 : int dummy = 0;
735 :
736 0 : log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
737 0 : log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
738 :
739 0 : if (!uids_cleaned)
740 0 : uids_cleaned = &dummy;
741 :
742 0 : if (!sigs_cleaned)
743 0 : sigs_cleaned = &dummy;
744 :
745 : /* Do clean_uid_from_key first since if it fires off, we don't have
746 : to bother with the other. */
747 0 : *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
748 0 : if (!uidnode->pkt->pkt.user_id->flags.compacted)
749 0 : *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
750 0 : }
751 :
752 :
753 : void
754 0 : clean_key (kbnode_t keyblock, int noisy, int self_only,
755 : int *uids_cleaned, int *sigs_cleaned)
756 : {
757 : kbnode_t uidnode;
758 :
759 0 : merge_keys_and_selfsig (keyblock);
760 :
761 0 : for (uidnode = keyblock->next;
762 0 : uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
763 0 : uidnode = uidnode->next)
764 : {
765 0 : if (uidnode->pkt->pkttype == PKT_USER_ID)
766 0 : clean_one_uid (keyblock, uidnode,noisy, self_only,
767 : uids_cleaned, sigs_cleaned);
768 : }
769 0 : }
|
