2003-06-05 07:14:21 +00:00
|
|
|
|
/* trustdb.c
|
2008-12-09 10:46:29 +00:00
|
|
|
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
|
2012-01-19 22:33:51 -05:00
|
|
|
|
* 2008, 2012 Free Software Foundation, Inc.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 19:49:40 +00:00
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
2003-06-18 19:56:13 +00:00
|
|
|
|
#include "gpg.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
|
#include "../common/status.h"
|
|
|
|
|
#include "../common/iobuf.h"
|
2020-04-03 15:30:08 +09:00
|
|
|
|
#include "../regexp/jimregexp.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
|
#include "keydb.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
|
#include "../common/util.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
|
#include "options.h"
|
|
|
|
|
#include "packet.h"
|
|
|
|
|
#include "main.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
|
#include "../common/mbox-util.h"
|
|
|
|
|
#include "../common/i18n.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
|
#include "tdbio.h"
|
|
|
|
|
#include "trustdb.h"
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
#include "tofu.h"
|
2018-07-06 11:40:16 +02:00
|
|
|
|
#include "key-clean.h"
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2024-03-04 14:56:16 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Structure to keep track of keys, this is used as an array where the
|
|
|
|
|
* item right after the last one has a keyblock set to NULL. Maybe we
|
|
|
|
|
* can drop this thing and replace it by key_item
|
|
|
|
|
*/
|
|
|
|
|
struct key_array
|
|
|
|
|
{
|
|
|
|
|
KBNODE keyblock;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Control information for the trust DB. */
|
|
|
|
|
static struct
|
|
|
|
|
{
|
|
|
|
|
int init;
|
|
|
|
|
int level;
|
|
|
|
|
char *dbname;
|
|
|
|
|
int no_trustdb;
|
|
|
|
|
} trustdb_args;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Some globals. */
|
|
|
|
|
static struct key_item *utk_list; /* all ultimately trusted keys */
|
|
|
|
|
|
|
|
|
|
/* A list used to temporary store trusted keys and a flag indicated
|
|
|
|
|
* whether any --trusted-key option has been seen. */
|
|
|
|
|
static struct key_item *trusted_key_list;
|
|
|
|
|
static int any_trusted_key_seen;
|
|
|
|
|
|
2024-03-06 10:00:37 +01:00
|
|
|
|
/* Flag whether a trustdb check is pending. */
|
2024-03-04 14:56:16 +01:00
|
|
|
|
static int pending_check_trustdb;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2021-11-13 20:34:06 +01:00
|
|
|
|
static void write_record (ctrl_t ctrl, TRUSTREC *rec);
|
2024-03-04 14:56:16 +01:00
|
|
|
|
static void do_sync (void);
|
|
|
|
|
static int validate_keys (ctrl_t ctrl, int interactive);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**********************************************
|
|
|
|
|
************* some helpers *******************
|
|
|
|
|
**********************************************/
|
2021-11-13 20:34:06 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2020-08-07 12:46:09 +09:00
|
|
|
|
static u32
|
|
|
|
|
keyid_from_fpr20 (ctrl_t ctrl, const byte *fpr, u32 *keyid)
|
|
|
|
|
{
|
|
|
|
|
u32 dummy_keyid[2];
|
|
|
|
|
int fprlen;
|
|
|
|
|
|
|
|
|
|
if( !keyid )
|
|
|
|
|
keyid = dummy_keyid;
|
|
|
|
|
|
|
|
|
|
/* Problem: We do only use fingerprints in the trustdb but
|
2024-03-04 14:56:16 +01:00
|
|
|
|
* we need the keyID here to identify the key; we can only
|
2020-08-07 12:46:09 +09:00
|
|
|
|
* use that ugly hack to distinguish between 16 and 20
|
|
|
|
|
* bytes fpr - it does not work always so we better change
|
|
|
|
|
* the whole validation code to only work with
|
|
|
|
|
* fingerprints */
|
|
|
|
|
fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
|
|
|
|
|
|
|
|
|
|
if (fprlen != 20)
|
|
|
|
|
{
|
|
|
|
|
/* This is special as we have to lookup the key first. */
|
|
|
|
|
PKT_public_key pk;
|
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
memset (&pk, 0, sizeof pk);
|
|
|
|
|
rc = get_pubkey_byfprint (ctrl, &pk, NULL, fpr, fprlen);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_printhex (fpr, fprlen,
|
|
|
|
|
"Oops: keyid_from_fingerprint: no pubkey; fpr:");
|
|
|
|
|
keyid[0] = 0;
|
|
|
|
|
keyid[1] = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
keyid_from_pk (&pk, keyid);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
keyid[0] = buf32_to_u32 (fpr+12);
|
|
|
|
|
keyid[1] = buf32_to_u32 (fpr+16);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return keyid[1];
|
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static struct key_item *
|
|
|
|
|
new_key_item (void)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *k;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
k = xmalloc_clear (sizeof *k);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return k;
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-25 15:15:51 +02:00
|
|
|
|
static struct key_item *
|
|
|
|
|
copy_key_item (struct key_item *k0)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *k;
|
|
|
|
|
|
|
|
|
|
k = xmalloc_clear (sizeof *k);
|
|
|
|
|
k->ownertrust = k0->ownertrust;
|
|
|
|
|
k->min_ownertrust = k0->min_ownertrust;
|
|
|
|
|
k->trust_depth = k0->trust_depth;
|
|
|
|
|
k->trust_value = k0->trust_value;
|
|
|
|
|
if (k0->trust_regexp)
|
|
|
|
|
k->trust_regexp = xstrdup (k0->trust_regexp);
|
|
|
|
|
k->kid[0] = k0->kid[0];
|
|
|
|
|
k->kid[1] = k0->kid[1];
|
|
|
|
|
|
|
|
|
|
return k;
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
static void
|
|
|
|
|
release_key_items (struct key_item *k)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *k2;
|
|
|
|
|
|
|
|
|
|
for (; k; k = k2)
|
|
|
|
|
{
|
|
|
|
|
k2 = k->next;
|
2003-06-18 19:56:13 +00:00
|
|
|
|
xfree (k->trust_regexp);
|
|
|
|
|
xfree (k);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-01 10:40:04 +02:00
|
|
|
|
#define KEY_HASH_TABLE_SIZE 1024
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/*
|
2015-09-01 10:40:04 +02:00
|
|
|
|
* For fast keylook up we need a hash table. Each byte of a KeyID
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* should be distributed equally over the 256 possible values (except
|
|
|
|
|
* for v3 keyIDs but we consider them as not important here). So we
|
2015-09-01 10:40:04 +02:00
|
|
|
|
* can just use 10 bits to index a table of KEY_HASH_TABLE_SIZE key items.
|
|
|
|
|
* Possible optimization: Do not use key_items but other hash_table when the
|
|
|
|
|
* duplicates lists get too large.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*/
|
2011-02-04 12:57:53 +01:00
|
|
|
|
static KeyHashTable
|
2003-06-05 07:14:21 +00:00
|
|
|
|
new_key_hash_table (void)
|
|
|
|
|
{
|
|
|
|
|
struct key_item **tbl;
|
|
|
|
|
|
2015-09-01 10:40:04 +02:00
|
|
|
|
tbl = xmalloc_clear (KEY_HASH_TABLE_SIZE * sizeof *tbl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return tbl;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
release_key_hash_table (KeyHashTable tbl)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (!tbl)
|
|
|
|
|
return;
|
2015-09-01 10:40:04 +02:00
|
|
|
|
for (i=0; i < KEY_HASH_TABLE_SIZE; i++)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
release_key_items (tbl[i]);
|
2003-06-18 19:56:13 +00:00
|
|
|
|
xfree (tbl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
/*
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* Returns: True if the keyID is in the given hash table
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
test_key_hash_table (KeyHashTable tbl, u32 *kid)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *k;
|
|
|
|
|
|
2015-09-01 10:40:04 +02:00
|
|
|
|
for (k = tbl[(kid[1] % KEY_HASH_TABLE_SIZE)]; k; k = k->next)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
|
|
|
|
return 1;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Add a new key to the hash table. The key is identified by its key ID.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
add_key_hash_table (KeyHashTable tbl, u32 *kid)
|
|
|
|
|
{
|
2015-09-01 10:40:04 +02:00
|
|
|
|
int i = kid[1] % KEY_HASH_TABLE_SIZE;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
struct key_item *k, *kk;
|
|
|
|
|
|
2015-09-01 10:40:04 +02:00
|
|
|
|
for (k = tbl[i]; k; k = k->next)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
|
|
|
|
return; /* already in table */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
kk = new_key_item ();
|
|
|
|
|
kk->kid[0] = kid[0];
|
|
|
|
|
kk->kid[1] = kid[1];
|
2015-09-01 10:40:04 +02:00
|
|
|
|
kk->next = tbl[i];
|
|
|
|
|
tbl[i] = kk;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Release a key_array
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
release_key_array ( struct key_array *keys )
|
|
|
|
|
{
|
|
|
|
|
struct key_array *k;
|
|
|
|
|
|
|
|
|
|
if (keys) {
|
|
|
|
|
for (k=keys; k->keyblock; k++)
|
|
|
|
|
release_kbnode (k->keyblock);
|
2003-06-18 19:56:13 +00:00
|
|
|
|
xfree (keys);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*********************************************
|
|
|
|
|
********** Initialization *****************
|
|
|
|
|
*********************************************/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Used to register extra ultimately trusted keys - this has to be done
|
|
|
|
|
* before initializing the validation module.
|
|
|
|
|
* FIXME: Should be replaced by a function to add those keys to the trustdb.
|
|
|
|
|
*/
|
2021-04-23 20:45:25 +02:00
|
|
|
|
static void
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
|
tdb_register_trusted_keyid (u32 *keyid)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
struct key_item *k;
|
|
|
|
|
|
|
|
|
|
k = new_key_item ();
|
2006-04-19 11:26:11 +00:00
|
|
|
|
k->kid[0] = keyid[0];
|
|
|
|
|
k->kid[1] = keyid[1];
|
2024-03-04 14:56:16 +01:00
|
|
|
|
k->next = trusted_key_list;
|
|
|
|
|
trusted_key_list = k;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
2020-02-26 12:53:22 -05:00
|
|
|
|
|
2024-03-04 14:56:16 +01:00
|
|
|
|
/* This is called for the option --trusted-key to register these keys
|
|
|
|
|
* for later syncing them into the trustdb. The special value "none"
|
|
|
|
|
* may be used to indicate that there is a trusted-key option but no
|
|
|
|
|
* key shall be inserted for it. This "none" value is helpful to
|
|
|
|
|
* distinguish between changing the gpg.conf from a trusted-key to no
|
|
|
|
|
* trusted-key options at all. Simply not specify the option would
|
|
|
|
|
* not allow to distinguish this case from the --no-options case as
|
|
|
|
|
* used for certain calls of gpg for example by gpg-wks-client. */
|
2006-04-19 11:26:11 +00:00
|
|
|
|
void
|
2020-02-26 12:53:22 -05:00
|
|
|
|
tdb_register_trusted_key (const char *string)
|
2006-04-19 11:26:11 +00:00
|
|
|
|
{
|
2009-12-08 16:30:33 +00:00
|
|
|
|
gpg_error_t err;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
2020-02-26 12:53:22 -05:00
|
|
|
|
u32 kid[2];
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
2024-03-04 14:56:16 +01:00
|
|
|
|
any_trusted_key_seen = 1;
|
|
|
|
|
if (!strcmp (string, "none"))
|
|
|
|
|
return;
|
2011-04-25 23:56:47 +02:00
|
|
|
|
err = classify_user_id (string, &desc, 1);
|
2020-02-26 12:53:22 -05:00
|
|
|
|
if (!err)
|
2006-04-19 11:26:11 +00:00
|
|
|
|
{
|
2020-02-26 12:53:22 -05:00
|
|
|
|
if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID)
|
|
|
|
|
{
|
2021-04-23 20:45:25 +02:00
|
|
|
|
tdb_register_trusted_keyid (desc.u.kid);
|
2020-02-26 12:53:22 -05:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (desc.mode == KEYDB_SEARCH_MODE_FPR && desc.fprlen == 20)
|
|
|
|
|
{
|
|
|
|
|
kid[0] = buf32_to_u32 (desc.u.fpr+12);
|
|
|
|
|
kid[1] = buf32_to_u32 (desc.u.fpr+16);
|
2021-04-23 20:45:25 +02:00
|
|
|
|
tdb_register_trusted_keyid (kid);
|
2020-02-26 12:53:22 -05:00
|
|
|
|
return;
|
|
|
|
|
}
|
2020-03-18 13:56:43 +01:00
|
|
|
|
if (desc.mode == KEYDB_SEARCH_MODE_FPR && desc.fprlen == 32)
|
|
|
|
|
{
|
|
|
|
|
kid[0] = buf32_to_u32 (desc.u.fpr);
|
|
|
|
|
kid[1] = buf32_to_u32 (desc.u.fpr+4);
|
2021-04-23 20:45:25 +02:00
|
|
|
|
tdb_register_trusted_keyid (kid);
|
2020-03-18 13:56:43 +01:00
|
|
|
|
return;
|
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
}
|
2020-02-26 12:53:22 -05:00
|
|
|
|
log_error (_("'%s' is not a valid long keyID\n"), string );
|
2006-04-19 11:26:11 +00:00
|
|
|
|
}
|
|
|
|
|
|
2020-02-26 12:53:22 -05:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/*
|
|
|
|
|
* Helper to add a key to the global list of ultimately trusted keys.
|
2017-02-20 16:25:15 -05:00
|
|
|
|
* Returns: true = inserted, false = already in list.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
add_utk (u32 *kid)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *k;
|
|
|
|
|
|
2015-10-21 12:52:56 +02:00
|
|
|
|
if (tdb_keyid_is_utk (kid))
|
|
|
|
|
return 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
k = new_key_item ();
|
|
|
|
|
k->kid[0] = kid[0];
|
|
|
|
|
k->kid[1] = kid[1];
|
|
|
|
|
k->ownertrust = TRUST_ULTIMATE;
|
|
|
|
|
k->next = utk_list;
|
|
|
|
|
utk_list = k;
|
|
|
|
|
if( opt.verbose > 1 )
|
2006-04-19 11:26:11 +00:00
|
|
|
|
log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2022-01-12 13:34:31 +09:00
|
|
|
|
/* Add/remove KID to/from the list of ultimately trusted keys. */
|
|
|
|
|
void
|
|
|
|
|
tdb_update_utk (u32 *kid, int add)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *k, *k_prev;
|
|
|
|
|
|
|
|
|
|
k_prev = NULL;
|
|
|
|
|
for (k = utk_list; k; k = k->next)
|
|
|
|
|
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
|
|
|
|
break;
|
|
|
|
|
else
|
|
|
|
|
k_prev = k;
|
|
|
|
|
|
|
|
|
|
if (add)
|
|
|
|
|
{
|
|
|
|
|
if (!k)
|
|
|
|
|
{
|
|
|
|
|
k = new_key_item ();
|
|
|
|
|
k->kid[0] = kid[0];
|
|
|
|
|
k->kid[1] = kid[1];
|
|
|
|
|
k->ownertrust = TRUST_ULTIMATE;
|
|
|
|
|
k->next = utk_list;
|
|
|
|
|
utk_list = k;
|
|
|
|
|
if ( opt.verbose > 1 )
|
|
|
|
|
log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (k)
|
|
|
|
|
{
|
|
|
|
|
if (k_prev)
|
|
|
|
|
k_prev->next = k->next;
|
|
|
|
|
else
|
|
|
|
|
utk_list = NULL;
|
|
|
|
|
|
|
|
|
|
xfree (k->trust_regexp);
|
|
|
|
|
xfree (k);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/****************
|
|
|
|
|
* Verify that all our secret keys are usable and put them into the utk_list.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
verify_own_keys (ctrl_t ctrl)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC rec;
|
|
|
|
|
ulong recnum;
|
|
|
|
|
int rc;
|
2021-11-13 20:34:06 +01:00
|
|
|
|
struct key_item *k, *k2;
|
|
|
|
|
int need_revalidation = 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
if (utk_list)
|
2021-11-13 20:34:06 +01:00
|
|
|
|
return; /* Has already been run. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
/* scan the trustdb to find all ultimately trusted keys */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2020-08-07 12:46:09 +09:00
|
|
|
|
if (rec.rectype == RECTYPE_TRUST
|
|
|
|
|
&& (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2020-08-07 12:46:09 +09:00
|
|
|
|
u32 kid[2];
|
|
|
|
|
|
|
|
|
|
keyid_from_fpr20 (ctrl, rec.r.trust.fingerprint, kid);
|
|
|
|
|
if (!add_utk (kid))
|
|
|
|
|
log_info (_("key %s occurs more than once in the trustdb\n"),
|
|
|
|
|
keystr(kid));
|
2024-03-04 14:56:16 +01:00
|
|
|
|
else if ((rec.r.trust.flags & 1)
|
|
|
|
|
&& any_trusted_key_seen)
|
2021-11-13 20:34:06 +01:00
|
|
|
|
{
|
|
|
|
|
/* Record marked as inserted via --trusted-key. Is this
|
|
|
|
|
* still the case? */
|
2024-03-04 14:56:16 +01:00
|
|
|
|
for (k2 = trusted_key_list; k2; k2 = k2->next)
|
2021-11-13 20:34:06 +01:00
|
|
|
|
if (k2->kid[0] == kid[0] && k2->kid[1] == kid[1])
|
|
|
|
|
break;
|
|
|
|
|
if (!k2) /* No - clear the flag. */
|
|
|
|
|
{
|
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
log_debug ("clearing former --trusted-key %s\n",
|
|
|
|
|
keystr (kid));
|
|
|
|
|
rec.r.trust.ownertrust = TRUST_UNKNOWN;
|
|
|
|
|
rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
|
|
|
|
|
write_record (ctrl, &rec);
|
|
|
|
|
need_revalidation = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-13 20:34:06 +01:00
|
|
|
|
if (need_revalidation)
|
|
|
|
|
{
|
|
|
|
|
tdb_revalidation_mark (ctrl);
|
|
|
|
|
do_sync ();
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/* Put any --trusted-key keys into the trustdb */
|
2024-03-04 14:56:16 +01:00
|
|
|
|
for (k = trusted_key_list; k; k = k->next)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if ( add_utk (k->kid) )
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{ /* not yet in trustDB as ultimately trusted */
|
|
|
|
|
PKT_public_key pk;
|
|
|
|
|
|
|
|
|
|
memset (&pk, 0, sizeof pk);
|
2021-04-25 20:03:07 +02:00
|
|
|
|
rc = get_pubkey_with_ldap_fallback (ctrl, &pk, k->kid);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
if (rc)
|
|
|
|
|
log_info(_("key %s: no public key for trusted key - skipped\n"),
|
|
|
|
|
keystr(k->kid));
|
|
|
|
|
else
|
|
|
|
|
{
|
2017-02-28 20:28:56 +01:00
|
|
|
|
tdb_update_ownertrust
|
2017-03-31 20:03:52 +02:00
|
|
|
|
(ctrl, &pk, ((tdb_get_ownertrust (ctrl, &pk, 0) & ~TRUST_MASK)
|
2021-11-13 20:34:06 +01:00
|
|
|
|
| TRUST_ULTIMATE ), 1);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
release_public_key_parts (&pk);
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-23 11:45:49 +02:00
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
log_info (_("key %s marked as ultimately trusted\n"),
|
|
|
|
|
keystr(k->kid));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-04 14:56:16 +01:00
|
|
|
|
/* Release the helper table. */
|
|
|
|
|
release_key_items (trusted_key_list);
|
|
|
|
|
trusted_key_list = NULL;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-21 12:52:56 +02:00
|
|
|
|
/* Returns whether KID is on the list of ultimately trusted keys. */
|
|
|
|
|
int
|
|
|
|
|
tdb_keyid_is_utk (u32 *kid)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *k;
|
|
|
|
|
|
|
|
|
|
for (k = utk_list; k; k = k->next)
|
|
|
|
|
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-11-22 15:05:59 +01:00
|
|
|
|
|
|
|
|
|
/* Return the list of ultimately trusted keys. */
|
|
|
|
|
struct key_item *
|
|
|
|
|
tdb_utks (void)
|
|
|
|
|
{
|
|
|
|
|
return utk_list;
|
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
/*********************************************
|
|
|
|
|
*********** TrustDB stuff *******************
|
|
|
|
|
*********************************************/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Read a record but die if it does not exist
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
read_record (ulong recno, TRUSTREC *rec, int rectype )
|
|
|
|
|
{
|
|
|
|
|
int rc = tdbio_read_record (recno, rec, rectype);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error(_("trust record %lu, req type %d: read failed: %s\n"),
|
2015-01-22 12:06:11 +01:00
|
|
|
|
recno, rec->rectype, gpg_strerror (rc) );
|
2003-06-05 07:14:21 +00:00
|
|
|
|
tdbio_invalid();
|
|
|
|
|
}
|
|
|
|
|
if (rectype != rec->rectype)
|
|
|
|
|
{
|
|
|
|
|
log_error(_("trust record %lu is not of requested type %d\n"),
|
|
|
|
|
rec->recnum, rectype);
|
|
|
|
|
tdbio_invalid();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Write a record and die on error
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl_t ctrl, TRUSTREC *rec)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
int rc = tdbio_write_record (ctrl, rec);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error(_("trust record %lu, type %d: write failed: %s\n"),
|
2015-01-22 12:06:11 +01:00
|
|
|
|
rec->recnum, rec->rectype, gpg_strerror (rc) );
|
2003-06-05 07:14:21 +00:00
|
|
|
|
tdbio_invalid();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* sync the TrustDb and die on error
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
do_sync(void)
|
|
|
|
|
{
|
|
|
|
|
int rc = tdbio_sync ();
|
|
|
|
|
if(rc)
|
|
|
|
|
{
|
2015-01-22 12:06:11 +01:00
|
|
|
|
log_error (_("trustdb: sync failed: %s\n"), gpg_strerror (rc) );
|
2003-06-05 07:14:21 +00:00
|
|
|
|
g10_exit(2);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-02 19:10:59 +02:00
|
|
|
|
const char *
|
|
|
|
|
trust_model_string (int model)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2016-05-02 19:10:59 +02:00
|
|
|
|
switch (model)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
|
case TM_CLASSIC: return "classic";
|
2016-05-02 19:10:59 +02:00
|
|
|
|
case TM_PGP: return "pgp";
|
2006-04-19 11:26:11 +00:00
|
|
|
|
case TM_EXTERNAL: return "external";
|
2016-05-02 19:10:59 +02:00
|
|
|
|
case TM_TOFU: return "tofu";
|
|
|
|
|
case TM_TOFU_PGP: return "tofu+pgp";
|
2006-04-19 11:26:11 +00:00
|
|
|
|
case TM_ALWAYS: return "always";
|
|
|
|
|
case TM_DIRECT: return "direct";
|
|
|
|
|
default: return "unknown";
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/****************
|
|
|
|
|
* Perform some checks over the trustdb
|
|
|
|
|
* level 0: only open the db
|
|
|
|
|
* 1: used for initial program startup
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
setup_trustdb( int level, const char *dbname )
|
|
|
|
|
{
|
|
|
|
|
/* just store the args */
|
|
|
|
|
if( trustdb_args.init )
|
|
|
|
|
return 0;
|
|
|
|
|
trustdb_args.level = level;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
trustdb_args.dbname = dbname? xstrdup(dbname): NULL;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2009-07-22 09:43:10 +00:00
|
|
|
|
void
|
2022-09-13 16:34:00 +09:00
|
|
|
|
how_to_fix_the_trustdb (void)
|
2009-07-22 09:43:10 +00:00
|
|
|
|
{
|
|
|
|
|
const char *name = trustdb_args.dbname;
|
|
|
|
|
|
|
|
|
|
if (!name)
|
|
|
|
|
name = "trustdb.gpg";
|
|
|
|
|
|
|
|
|
|
log_info (_("You may try to re-create the trustdb using the commands:\n"));
|
2021-05-21 09:13:50 +02:00
|
|
|
|
log_info (" cd %s\n", gnupg_homedir ());
|
2016-04-05 11:10:09 +02:00
|
|
|
|
log_info (" %s --export-ownertrust > otrust.tmp\n", GPG_NAME);
|
2009-07-22 09:43:10 +00:00
|
|
|
|
#ifdef HAVE_W32_SYSTEM
|
|
|
|
|
log_info (" del %s\n", name);
|
|
|
|
|
#else
|
|
|
|
|
log_info (" rm %s\n", name);
|
|
|
|
|
#endif
|
2016-04-05 11:10:09 +02:00
|
|
|
|
log_info (" %s --import-ownertrust < otrust.tmp\n", GPG_NAME);
|
2009-07-22 09:43:10 +00:00
|
|
|
|
log_info (_("If that does not work, please consult the manual\n"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-02-28 20:28:56 +01:00
|
|
|
|
/* Initialize the trustdb. With NO_CREATE set a missing trustdb is
|
|
|
|
|
* not an error and the function won't terminate the process on error;
|
|
|
|
|
* in that case 0 is returned if there is a trustdb or an error code
|
|
|
|
|
* if no trustdb is available. */
|
|
|
|
|
gpg_error_t
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl_t ctrl, int no_create)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
int level = trustdb_args.level;
|
|
|
|
|
const char* dbname = trustdb_args.dbname;
|
|
|
|
|
|
|
|
|
|
if( trustdb_args.init )
|
2017-02-28 20:28:56 +01:00
|
|
|
|
return 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
trustdb_args.init = 1;
|
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
if(level==0 || level==1)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
int rc = tdbio_set_dbname (ctrl, dbname, (!no_create && level),
|
2017-02-28 20:28:56 +01:00
|
|
|
|
&trustdb_args.no_trustdb);
|
|
|
|
|
if (no_create && trustdb_args.no_trustdb)
|
|
|
|
|
{
|
|
|
|
|
/* No trustdb found and the caller asked us not to create
|
|
|
|
|
* it. Return an error and set the initialization state
|
|
|
|
|
* back so that we always test for an existing trustdb. */
|
|
|
|
|
trustdb_args.init = 0;
|
|
|
|
|
return gpg_error (GPG_ERR_ENOENT);
|
|
|
|
|
}
|
|
|
|
|
if (rc)
|
2015-01-22 12:06:11 +01:00
|
|
|
|
log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
BUG();
|
|
|
|
|
|
|
|
|
|
if(opt.trust_model==TM_AUTO)
|
|
|
|
|
{
|
|
|
|
|
/* Try and set the trust model off of whatever the trustdb says
|
|
|
|
|
it is. */
|
|
|
|
|
opt.trust_model=tdbio_read_model();
|
|
|
|
|
|
|
|
|
|
/* Sanity check this ;) */
|
2015-10-21 13:28:15 +02:00
|
|
|
|
if(opt.trust_model != TM_CLASSIC
|
|
|
|
|
&& opt.trust_model != TM_PGP
|
|
|
|
|
&& opt.trust_model != TM_TOFU_PGP
|
|
|
|
|
&& opt.trust_model != TM_TOFU
|
|
|
|
|
&& opt.trust_model != TM_EXTERNAL)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
log_info(_("unable to use unknown trust model (%d) - "
|
2015-11-10 08:05:17 +01:00
|
|
|
|
"assuming %s trust model\n"),opt.trust_model,"pgp");
|
|
|
|
|
opt.trust_model = TM_PGP;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(opt.verbose)
|
2016-05-02 19:10:59 +02:00
|
|
|
|
log_info(_("using %s trust model\n"),
|
|
|
|
|
trust_model_string (opt.trust_model));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
2015-10-21 13:28:15 +02:00
|
|
|
|
if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
|
|
|
|
|
|| opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
|
2006-04-19 11:26:11 +00:00
|
|
|
|
{
|
|
|
|
|
/* Verify the list of ultimately trusted keys and move the
|
|
|
|
|
--trusted-keys list there as well. */
|
|
|
|
|
if(level==1)
|
2017-03-31 20:03:52 +02:00
|
|
|
|
verify_own_keys (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
if(!tdbio_db_matches_options())
|
|
|
|
|
pending_check_trustdb=1;
|
|
|
|
|
}
|
2017-02-28 20:28:56 +01:00
|
|
|
|
|
|
|
|
|
return 0;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
|
2017-03-02 14:35:09 +01:00
|
|
|
|
/* Check whether we have a trust database, initializing it if
|
|
|
|
|
necessary if the trust model is not 'always trust'. Returns true
|
|
|
|
|
if we do have a usable trust database. */
|
|
|
|
|
int
|
2017-03-31 20:03:52 +02:00
|
|
|
|
have_trustdb (ctrl_t ctrl)
|
2017-03-02 14:35:09 +01:00
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
return !init_trustdb (ctrl, opt.trust_model == TM_ALWAYS);
|
2017-03-02 14:35:09 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/****************
|
|
|
|
|
* Recreate the WoT but do not ask for new ownertrusts. Special
|
|
|
|
|
* feature: In batch mode and without a forced yes, this is only done
|
|
|
|
|
* when a check is due. This can be used to run the check from a crontab
|
|
|
|
|
*/
|
|
|
|
|
void
|
2016-05-21 11:41:49 +02:00
|
|
|
|
check_trustdb (ctrl_t ctrl)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2015-10-21 13:28:15 +02:00
|
|
|
|
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|
|
|
|
|
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
if (opt.batch && !opt.answer_yes)
|
|
|
|
|
{
|
|
|
|
|
ulong scheduled;
|
|
|
|
|
|
|
|
|
|
scheduled = tdbio_read_nextcheck ();
|
|
|
|
|
if (!scheduled)
|
|
|
|
|
{
|
|
|
|
|
log_info (_("no need for a trustdb check\n"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (scheduled > make_timestamp ())
|
|
|
|
|
{
|
|
|
|
|
log_info (_("next trustdb check due at %s\n"),
|
|
|
|
|
strtimestamp (scheduled));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-21 11:41:49 +02:00
|
|
|
|
validate_keys (ctrl, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
else
|
2012-06-05 19:29:22 +02:00
|
|
|
|
log_info (_("no need for a trustdb check with '%s' trust model\n"),
|
2016-05-02 19:10:59 +02:00
|
|
|
|
trust_model_string(opt.trust_model));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2011-02-04 12:57:53 +01:00
|
|
|
|
* Recreate the WoT.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*/
|
|
|
|
|
void
|
2016-05-21 11:41:49 +02:00
|
|
|
|
update_trustdb (ctrl_t ctrl)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2015-10-21 13:28:15 +02:00
|
|
|
|
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|
|
|
|
|
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
|
2016-05-21 11:41:49 +02:00
|
|
|
|
validate_keys (ctrl, 1);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
else
|
2012-06-05 19:29:22 +02:00
|
|
|
|
log_info (_("no need for a trustdb update with '%s' trust model\n"),
|
2016-05-02 19:10:59 +02:00
|
|
|
|
trust_model_string(opt.trust_model));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
tdb_revalidation_mark (ctrl_t ctrl)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2013-10-11 09:25:58 +02:00
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* We simply set the time for the next check to 1 (far back in 1970)
|
|
|
|
|
so that a --update-trustdb will be scheduled. */
|
2017-03-31 20:03:52 +02:00
|
|
|
|
if (tdbio_write_nextcheck (ctrl, 1))
|
2013-10-11 09:25:58 +02:00
|
|
|
|
do_sync ();
|
2003-06-05 07:14:21 +00:00
|
|
|
|
pending_check_trustdb = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
trustdb_pending_check(void)
|
|
|
|
|
{
|
|
|
|
|
return pending_check_trustdb;
|
|
|
|
|
}
|
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
/* If the trustdb is dirty, and we're interactive, update it.
|
|
|
|
|
Otherwise, check it unless no-auto-check-trustdb is set. */
|
|
|
|
|
void
|
2016-05-21 11:41:49 +02:00
|
|
|
|
tdb_check_or_update (ctrl_t ctrl)
|
2006-04-19 11:26:11 +00:00
|
|
|
|
{
|
2016-05-21 11:41:49 +02:00
|
|
|
|
if (trustdb_pending_check ())
|
2006-04-19 11:26:11 +00:00
|
|
|
|
{
|
2016-05-21 11:41:49 +02:00
|
|
|
|
if (opt.interactive)
|
|
|
|
|
update_trustdb (ctrl);
|
|
|
|
|
else if (!opt.no_auto_check_trustdb)
|
2023-09-06 12:09:55 +02:00
|
|
|
|
check_trustdb (ctrl);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-23 17:48:33 +00:00
|
|
|
|
void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
read_trust_options (ctrl_t ctrl,
|
|
|
|
|
byte *trust_model, ulong *created, ulong *nextcheck,
|
|
|
|
|
byte *marginals, byte *completes, byte *cert_depth,
|
|
|
|
|
byte *min_cert_level)
|
2003-09-23 17:48:33 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC opts;
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2013-10-11 09:25:58 +02:00
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
memset (&opts, 0, sizeof opts);
|
|
|
|
|
else
|
|
|
|
|
read_record (0, &opts, RECTYPE_VER);
|
2003-09-23 17:48:33 +00:00
|
|
|
|
|
|
|
|
|
if(trust_model)
|
|
|
|
|
*trust_model=opts.r.ver.trust_model;
|
|
|
|
|
if(created)
|
|
|
|
|
*created=opts.r.ver.created;
|
|
|
|
|
if(nextcheck)
|
|
|
|
|
*nextcheck=opts.r.ver.nextcheck;
|
|
|
|
|
if(marginals)
|
|
|
|
|
*marginals=opts.r.ver.marginals;
|
|
|
|
|
if(completes)
|
|
|
|
|
*completes=opts.r.ver.completes;
|
|
|
|
|
if(cert_depth)
|
|
|
|
|
*cert_depth=opts.r.ver.cert_depth;
|
2012-01-19 22:33:51 -05:00
|
|
|
|
if(min_cert_level)
|
|
|
|
|
*min_cert_level=opts.r.ver.min_cert_level;
|
2003-09-23 17:48:33 +00:00
|
|
|
|
}
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/***********************************************
|
|
|
|
|
*********** Ownertrust et al. ****************
|
|
|
|
|
***********************************************/
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
static int
|
2017-03-31 20:03:52 +02:00
|
|
|
|
read_trust_record (ctrl_t ctrl, PKT_public_key *pk, TRUSTREC *rec)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
int rc;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2018-03-26 18:06:43 +02:00
|
|
|
|
rc = tdbio_search_trust_bypk (ctrl, pk, rec);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (rc)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
|
|
|
|
|
log_error ("trustdb: searching trust record failed: %s\n",
|
|
|
|
|
gpg_strerror (rc));
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return rc;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (rec->rectype != RECTYPE_TRUST)
|
|
|
|
|
{
|
|
|
|
|
log_error ("trustdb: record %lu is not a trust record\n",
|
|
|
|
|
rec->recnum);
|
2015-01-22 12:06:11 +01:00
|
|
|
|
return GPG_ERR_TRUSTDB;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-28 20:28:56 +01:00
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Return the assigned ownertrust value for the given public key. The
|
|
|
|
|
* key should be the primary key. If NO_CREATE is set a missing
|
|
|
|
|
* trustdb will not be created. This comes for example handy when we
|
|
|
|
|
* want to print status lines (DECRYPTION_KEY) which carry ownertrust
|
|
|
|
|
* values but we usually use --always-trust.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*/
|
2011-02-04 12:57:53 +01:00
|
|
|
|
unsigned int
|
2017-03-31 20:03:52 +02:00
|
|
|
|
tdb_get_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int no_create)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC rec;
|
2015-06-04 18:08:26 +02:00
|
|
|
|
gpg_error_t err;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2013-10-11 09:25:58 +02:00
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
return TRUST_UNKNOWN;
|
|
|
|
|
|
2017-02-28 20:28:56 +01:00
|
|
|
|
/* If the caller asked not to create a trustdb we call init_trustdb
|
|
|
|
|
* directly and allow it to fail with an error code for a
|
|
|
|
|
* non-existing trustdb. */
|
2017-03-31 20:03:52 +02:00
|
|
|
|
if (no_create && init_trustdb (ctrl, 1))
|
2017-02-28 20:28:56 +01:00
|
|
|
|
return TRUST_UNKNOWN;
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, pk, &rec);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return TRUST_UNKNOWN; /* no record yet */
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (err)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
tdbio_invalid ();
|
2015-06-04 18:08:26 +02:00
|
|
|
|
return TRUST_UNKNOWN; /* actually never reached */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rec.r.trust.ownertrust;
|
|
|
|
|
}
|
|
|
|
|
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
unsigned int
|
2017-03-31 20:03:52 +02:00
|
|
|
|
tdb_get_min_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int no_create)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC rec;
|
2015-06-04 18:08:26 +02:00
|
|
|
|
gpg_error_t err;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2013-10-11 09:25:58 +02:00
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
return TRUST_UNKNOWN;
|
|
|
|
|
|
2017-02-28 20:28:56 +01:00
|
|
|
|
/* If the caller asked not to create a trustdb we call init_trustdb
|
|
|
|
|
* directly and allow it to fail with an error code for a
|
|
|
|
|
* non-existing trustdb. */
|
2017-03-31 20:03:52 +02:00
|
|
|
|
if (no_create && init_trustdb (ctrl, 1))
|
2017-02-28 20:28:56 +01:00
|
|
|
|
return TRUST_UNKNOWN;
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, pk, &rec);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return TRUST_UNKNOWN; /* no record yet */
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (err)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
tdbio_invalid ();
|
2015-06-04 18:08:26 +02:00
|
|
|
|
return TRUST_UNKNOWN; /* actually never reached */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rec.r.trust.min_ownertrust;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set the trust value of the given public key to the new value.
|
|
|
|
|
* The key should be a primary one.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2021-11-13 20:34:06 +01:00
|
|
|
|
tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust,
|
|
|
|
|
int as_trusted_key)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC rec;
|
2015-06-04 18:08:26 +02:00
|
|
|
|
gpg_error_t err;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2013-10-11 09:25:58 +02:00
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
return;
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, pk, &rec);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (!err)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
if (DBG_TRUST)
|
2021-11-13 20:34:06 +01:00
|
|
|
|
log_debug ("update ownertrust from %u to %u%s\n",
|
|
|
|
|
(unsigned int)rec.r.trust.ownertrust, new_trust,
|
|
|
|
|
as_trusted_key? " via --trusted-key":"");
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (rec.r.trust.ownertrust != new_trust)
|
|
|
|
|
{
|
|
|
|
|
rec.r.trust.ownertrust = new_trust;
|
2021-11-13 20:34:06 +01:00
|
|
|
|
/* Clear or set the trusted key flag if the new value is
|
|
|
|
|
* ultimate. This is required so that we know which keys
|
|
|
|
|
* have been added by --trusted-keys. */
|
|
|
|
|
if ((rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
|
|
|
|
|
{
|
|
|
|
|
if (as_trusted_key)
|
|
|
|
|
rec.r.trust.flags |= 1;
|
|
|
|
|
else
|
|
|
|
|
rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &rec);
|
|
|
|
|
tdb_revalidation_mark (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
do_sync ();
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-06-04 18:08:26 +02:00
|
|
|
|
else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{ /* no record yet - create a new one */
|
|
|
|
|
if (DBG_TRUST)
|
2021-11-13 20:34:06 +01:00
|
|
|
|
log_debug ("insert ownertrust %u%s\n", new_trust,
|
|
|
|
|
as_trusted_key? " via --trusted-key":"");
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
memset (&rec, 0, sizeof rec);
|
2017-03-31 20:03:52 +02:00
|
|
|
|
rec.recnum = tdbio_new_recnum (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
rec.rectype = RECTYPE_TRUST;
|
2020-08-07 12:46:09 +09:00
|
|
|
|
fpr20_from_pk (pk, rec.r.trust.fingerprint);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
rec.r.trust.ownertrust = new_trust;
|
2021-11-13 20:34:06 +01:00
|
|
|
|
if ((rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE
|
|
|
|
|
&& as_trusted_key)
|
|
|
|
|
rec.r.trust.flags = 1;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &rec);
|
|
|
|
|
tdb_revalidation_mark (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
do_sync ();
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
tdbio_invalid ();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
update_min_ownertrust (ctrl_t ctrl, u32 *kid, unsigned int new_trust)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
PKT_public_key *pk;
|
|
|
|
|
TRUSTREC rec;
|
2015-06-04 18:08:26 +02:00
|
|
|
|
gpg_error_t err;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2013-10-11 09:25:58 +02:00
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
return;
|
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
pk = xmalloc_clear (sizeof *pk);
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = get_pubkey (ctrl, pk, kid);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (err)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2015-06-04 18:08:26 +02:00
|
|
|
|
log_error (_("public key %s not found: %s\n"),
|
|
|
|
|
keystr (kid), gpg_strerror (err));
|
2017-08-24 22:06:59 +02:00
|
|
|
|
xfree (pk);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, pk, &rec);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (!err)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
if (DBG_TRUST)
|
2006-04-19 11:26:11 +00:00
|
|
|
|
log_debug ("key %08lX%08lX: update min_ownertrust from %u to %u\n",
|
|
|
|
|
(ulong)kid[0],(ulong)kid[1],
|
|
|
|
|
(unsigned int)rec.r.trust.min_ownertrust,
|
2003-06-05 07:14:21 +00:00
|
|
|
|
new_trust );
|
|
|
|
|
if (rec.r.trust.min_ownertrust != new_trust)
|
|
|
|
|
{
|
|
|
|
|
rec.r.trust.min_ownertrust = new_trust;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &rec);
|
|
|
|
|
tdb_revalidation_mark (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
do_sync ();
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-06-04 18:08:26 +02:00
|
|
|
|
else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{ /* no record yet - create a new one */
|
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
log_debug ("insert min_ownertrust %u\n", new_trust );
|
|
|
|
|
|
|
|
|
|
memset (&rec, 0, sizeof rec);
|
2017-03-31 20:03:52 +02:00
|
|
|
|
rec.recnum = tdbio_new_recnum (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
rec.rectype = RECTYPE_TRUST;
|
2020-08-07 12:46:09 +09:00
|
|
|
|
fpr20_from_pk (pk, rec.r.trust.fingerprint);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
rec.r.trust.min_ownertrust = new_trust;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &rec);
|
|
|
|
|
tdb_revalidation_mark (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
do_sync ();
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
tdbio_invalid ();
|
|
|
|
|
}
|
2017-08-24 22:06:59 +02:00
|
|
|
|
|
|
|
|
|
free_public_key (pk);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
|
|
2015-06-04 18:08:26 +02:00
|
|
|
|
/*
|
|
|
|
|
* Clear the ownertrust and min_ownertrust values.
|
2023-09-06 12:09:55 +02:00
|
|
|
|
* Also schedule a revalidation if a stale validity record exists.
|
2015-06-04 18:08:26 +02:00
|
|
|
|
*
|
|
|
|
|
* Return: True if a change actually happened.
|
|
|
|
|
*/
|
2003-06-05 07:14:21 +00:00
|
|
|
|
int
|
2017-03-31 20:03:52 +02:00
|
|
|
|
tdb_clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC rec;
|
2015-06-04 18:08:26 +02:00
|
|
|
|
gpg_error_t err;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2013-10-11 09:25:58 +02:00
|
|
|
|
|
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, pk, &rec);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (!err)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
{
|
|
|
|
|
log_debug ("clearing ownertrust (old value %u)\n",
|
|
|
|
|
(unsigned int)rec.r.trust.ownertrust);
|
|
|
|
|
log_debug ("clearing min_ownertrust (old value %u)\n",
|
|
|
|
|
(unsigned int)rec.r.trust.min_ownertrust);
|
|
|
|
|
}
|
|
|
|
|
if (rec.r.trust.ownertrust || rec.r.trust.min_ownertrust)
|
|
|
|
|
{
|
|
|
|
|
rec.r.trust.ownertrust = 0;
|
|
|
|
|
rec.r.trust.min_ownertrust = 0;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &rec);
|
|
|
|
|
tdb_revalidation_mark (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
do_sync ();
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2023-09-06 12:09:55 +02:00
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* Check whether we have a stale RECTYPE_VALID for that key
|
|
|
|
|
* and if its validity ist set, schedule a revalidation. */
|
|
|
|
|
ulong recno = rec.r.trust.validlist;
|
|
|
|
|
while (recno)
|
|
|
|
|
{
|
|
|
|
|
read_record (recno, &rec, RECTYPE_VALID);
|
|
|
|
|
if (rec.r.valid.validity)
|
|
|
|
|
break;
|
|
|
|
|
recno = rec.r.valid.next;
|
|
|
|
|
}
|
|
|
|
|
if (recno)
|
|
|
|
|
{
|
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
log_debug ("stale validity value detected"
|
|
|
|
|
" - scheduling check\n");
|
|
|
|
|
tdb_revalidation_mark (ctrl);
|
|
|
|
|
}
|
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
2015-06-04 18:08:26 +02:00
|
|
|
|
else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
tdbio_invalid ();
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
/*
|
|
|
|
|
* Note: Caller has to do a sync
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*/
|
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
update_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
|
2003-06-05 07:14:21 +00:00
|
|
|
|
int depth, int validity)
|
|
|
|
|
{
|
|
|
|
|
TRUSTREC trec, vrec;
|
2015-06-04 18:08:26 +02:00
|
|
|
|
gpg_error_t err;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
ulong recno;
|
|
|
|
|
|
|
|
|
|
namehash_from_uid(uid);
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, pk, &trec);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
tdbio_invalid ();
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
{
|
2015-06-04 18:08:26 +02:00
|
|
|
|
/* No record yet - create a new one. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
memset (&trec, 0, sizeof trec);
|
2017-03-31 20:03:52 +02:00
|
|
|
|
trec.recnum = tdbio_new_recnum (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
trec.rectype = RECTYPE_TRUST;
|
2020-08-07 12:46:09 +09:00
|
|
|
|
fpr20_from_pk (pk, trec.r.trust.fingerprint);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
trec.r.trust.ownertrust = 0;
|
2024-09-25 14:04:59 +02:00
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
/* locate an existing one */
|
|
|
|
|
recno = trec.r.trust.validlist;
|
|
|
|
|
while (recno)
|
|
|
|
|
{
|
|
|
|
|
read_record (recno, &vrec, RECTYPE_VALID);
|
|
|
|
|
if ( !memcmp (vrec.r.valid.namehash, uid->namehash, 20) )
|
|
|
|
|
break;
|
|
|
|
|
recno = vrec.r.valid.next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!recno) /* insert a new validity record */
|
|
|
|
|
{
|
|
|
|
|
memset (&vrec, 0, sizeof vrec);
|
2017-03-31 20:03:52 +02:00
|
|
|
|
vrec.recnum = tdbio_new_recnum (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
vrec.rectype = RECTYPE_VALID;
|
|
|
|
|
memcpy (vrec.r.valid.namehash, uid->namehash, 20);
|
|
|
|
|
vrec.r.valid.next = trec.r.trust.validlist;
|
|
|
|
|
trec.r.trust.validlist = vrec.recnum;
|
|
|
|
|
}
|
|
|
|
|
vrec.r.valid.validity = validity;
|
|
|
|
|
vrec.r.valid.full_count = uid->help_full_count;
|
|
|
|
|
vrec.r.valid.marginal_count = uid->help_marginal_count;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &vrec);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
trec.r.trust.depth = depth;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &trec);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/***********************************************
|
|
|
|
|
********* Query trustdb values **************
|
|
|
|
|
***********************************************/
|
|
|
|
|
|
2010-10-20 11:33:50 +00:00
|
|
|
|
/* Return true if key is disabled. Note that this is usually used via
|
|
|
|
|
the pk_is_disabled macro. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
int
|
2017-03-31 20:03:52 +02:00
|
|
|
|
tdb_cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2015-06-04 18:08:26 +02:00
|
|
|
|
gpg_error_t err;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
TRUSTREC trec;
|
2010-10-20 11:33:50 +00:00
|
|
|
|
int disabled = 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2010-10-20 11:33:50 +00:00
|
|
|
|
if (pk->flags.disabled_valid)
|
|
|
|
|
return pk->flags.disabled;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2013-10-11 09:25:58 +02:00
|
|
|
|
if (trustdb_args.no_trustdb)
|
|
|
|
|
return 0; /* No trustdb => not disabled. */
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, pk, &trec);
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
tdbio_invalid ();
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
|
|
|
|
{
|
|
|
|
|
/* No record found, so assume not disabled. */
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2015-06-04 18:08:26 +02:00
|
|
|
|
if ((trec.r.trust.ownertrust & TRUST_FLAG_DISABLED))
|
2010-10-20 11:33:50 +00:00
|
|
|
|
disabled = 1;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/* Cache it for later so we don't need to look at the trustdb every
|
|
|
|
|
time */
|
2010-10-20 11:33:50 +00:00
|
|
|
|
pk->flags.disabled = disabled;
|
|
|
|
|
pk->flags.disabled_valid = 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
leave:
|
2015-06-04 18:08:26 +02:00
|
|
|
|
return disabled;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
void
|
2016-05-21 11:41:49 +02:00
|
|
|
|
tdb_check_trustdb_stale (ctrl_t ctrl)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
|
static int did_nextcheck=0;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2013-10-11 09:25:58 +02:00
|
|
|
|
|
|
|
|
|
if (trustdb_args.no_trustdb)
|
|
|
|
|
return; /* No trustdb => can't be stale. */
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (!did_nextcheck
|
2015-10-21 13:28:15 +02:00
|
|
|
|
&& (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|
|
|
|
|
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
ulong scheduled;
|
|
|
|
|
|
|
|
|
|
did_nextcheck = 1;
|
|
|
|
|
scheduled = tdbio_read_nextcheck ();
|
2012-01-19 22:33:51 -05:00
|
|
|
|
if ((scheduled && scheduled <= make_timestamp ())
|
|
|
|
|
|| pending_check_trustdb)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (opt.no_auto_check_trustdb)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
pending_check_trustdb = 1;
|
2015-02-21 11:04:13 -05:00
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
log_info (_("please do a --check-trustdb\n"));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2015-02-21 11:04:13 -05:00
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
log_info (_("checking the trustdb\n"));
|
2016-05-21 11:41:49 +02:00
|
|
|
|
validate_keys (ctrl, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2016-11-23 12:29:22 +01:00
|
|
|
|
* Return the validity information for KB/PK (at least one of them
|
|
|
|
|
* must be non-NULL). This is the core of get_validity. If SIG is
|
|
|
|
|
* not NULL, then the trust is being evaluated in the context of the
|
|
|
|
|
* provided signature. This is used by the TOFU code to record
|
|
|
|
|
* statistics.
|
2006-04-19 11:26:11 +00:00
|
|
|
|
*/
|
|
|
|
|
unsigned int
|
2016-05-21 11:41:49 +02:00
|
|
|
|
tdb_get_validity_core (ctrl_t ctrl,
|
2016-11-23 12:29:22 +01:00
|
|
|
|
kbnode_t kb,
|
2016-05-21 11:41:49 +02:00
|
|
|
|
PKT_public_key *pk, PKT_user_id *uid,
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
PKT_public_key *main_pk,
|
|
|
|
|
PKT_signature *sig,
|
|
|
|
|
int may_ask)
|
2006-04-19 11:26:11 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC trec, vrec;
|
2016-08-29 16:16:44 +02:00
|
|
|
|
gpg_error_t err = 0;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
ulong recno;
|
2015-11-27 17:53:52 +01:00
|
|
|
|
#ifdef USE_TOFU
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
unsigned int tofu_validity = TRUST_UNKNOWN;
|
2017-01-04 08:31:06 -05:00
|
|
|
|
int free_kb = 0;
|
2015-11-27 17:53:52 +01:00
|
|
|
|
#endif
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
unsigned int validity = TRUST_UNKNOWN;
|
2016-11-23 12:29:22 +01:00
|
|
|
|
|
|
|
|
|
if (kb && pk)
|
|
|
|
|
log_assert (keyid_cmp (pk_main_keyid (pk),
|
|
|
|
|
pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
|
|
|
|
|
|
|
|
|
|
if (! pk)
|
|
|
|
|
{
|
|
|
|
|
log_assert (kb);
|
|
|
|
|
pk = kb->pkt->pkt.public_key;
|
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
2015-11-27 17:53:52 +01:00
|
|
|
|
#ifndef USE_TOFU
|
|
|
|
|
(void)sig;
|
|
|
|
|
(void)may_ask;
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2013-10-11 09:25:58 +02:00
|
|
|
|
|
|
|
|
|
/* If we have no trustdb (which also means it has not been created)
|
|
|
|
|
and the trust-model is always, we don't know the validity -
|
|
|
|
|
return immediately. If we won't do that the tdbio code would try
|
|
|
|
|
to open the trustdb and run into a fatal error. */
|
|
|
|
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
|
|
|
|
return TRUST_UNKNOWN;
|
|
|
|
|
|
2016-05-21 11:41:49 +02:00
|
|
|
|
check_trustdb_stale (ctrl);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
if(opt.trust_model==TM_DIRECT)
|
|
|
|
|
{
|
|
|
|
|
/* Note that this happens BEFORE any user ID stuff is checked.
|
|
|
|
|
The direct trust model applies to keys as a whole. */
|
2017-03-31 20:03:52 +02:00
|
|
|
|
validity = tdb_get_ownertrust (ctrl, main_pk, 0);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-20 17:32:23 +02:00
|
|
|
|
#ifdef USE_TOFU
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2016-08-29 16:16:44 +02:00
|
|
|
|
kbnode_t n = NULL;
|
|
|
|
|
strlist_t user_id_list = NULL;
|
2016-09-15 12:21:15 +02:00
|
|
|
|
int done = 0;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2016-08-29 16:16:44 +02:00
|
|
|
|
/* If the caller didn't supply a user id then use all uids. */
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
if (! uid)
|
2016-11-23 12:29:22 +01:00
|
|
|
|
{
|
|
|
|
|
if (! kb)
|
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
kb = get_pubkeyblock (ctrl, main_pk->keyid);
|
2016-11-23 12:29:22 +01:00
|
|
|
|
free_kb = 1;
|
|
|
|
|
}
|
|
|
|
|
n = kb;
|
|
|
|
|
}
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
2016-09-15 12:21:15 +02:00
|
|
|
|
if (DBG_TRUST && sig && sig->signers_uid)
|
|
|
|
|
log_debug ("TOFU: only considering user id: '%s'\n",
|
|
|
|
|
sig->signers_uid);
|
|
|
|
|
|
|
|
|
|
while (!done && (uid || (n = find_next_kbnode (n, PKT_USER_ID))))
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
PKT_user_id *user_id;
|
2016-08-29 16:16:44 +02:00
|
|
|
|
int expired = 0;
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
|
|
|
|
if (uid)
|
2016-09-15 12:21:15 +02:00
|
|
|
|
{
|
|
|
|
|
user_id = uid;
|
|
|
|
|
/* If the caller specified a user id, then we only
|
|
|
|
|
process the specified user id and are done after the
|
|
|
|
|
first iteration. */
|
|
|
|
|
done = 1;
|
|
|
|
|
}
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
else
|
2016-07-01 12:48:57 +02:00
|
|
|
|
user_id = n->pkt->pkt.user_id;
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
2016-09-05 16:44:09 +02:00
|
|
|
|
if (user_id->attrib_data)
|
2016-09-15 12:21:15 +02:00
|
|
|
|
/* Skip user attributes. */
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (sig && sig->signers_uid)
|
|
|
|
|
/* Make sure the UID matches. */
|
2016-09-05 16:44:09 +02:00
|
|
|
|
{
|
2018-11-12 07:44:33 +01:00
|
|
|
|
char *email = mailbox_from_userid (user_id->name, 0);
|
2016-09-15 12:21:15 +02:00
|
|
|
|
if (!email || !*email || strcmp (sig->signers_uid, email) != 0)
|
|
|
|
|
{
|
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
log_debug ("TOFU: skipping user id '%s', which does"
|
|
|
|
|
" not match the signer's email ('%s')\n",
|
|
|
|
|
email, sig->signers_uid);
|
|
|
|
|
xfree (email);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
xfree (email);
|
2016-09-05 16:44:09 +02:00
|
|
|
|
}
|
|
|
|
|
|
2016-01-20 15:51:18 +01:00
|
|
|
|
/* If the user id is revoked or expired, then skip it. */
|
2017-03-08 11:01:22 +01:00
|
|
|
|
if (user_id->flags.revoked || user_id->flags.expired)
|
2016-08-29 16:16:44 +02:00
|
|
|
|
{
|
2016-01-20 15:51:18 +01:00
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
{
|
|
|
|
|
char *s;
|
2017-03-08 11:01:22 +01:00
|
|
|
|
if (user_id->flags.revoked && user_id->flags.expired)
|
2016-01-20 15:51:18 +01:00
|
|
|
|
s = "revoked and expired";
|
2017-03-08 11:01:22 +01:00
|
|
|
|
else if (user_id->flags.revoked)
|
2016-01-20 15:51:18 +01:00
|
|
|
|
s = "revoked";
|
|
|
|
|
else
|
|
|
|
|
s = "expire";
|
|
|
|
|
|
|
|
|
|
log_debug ("TOFU: Ignoring %s user id (%s)\n",
|
|
|
|
|
s, user_id->name);
|
|
|
|
|
}
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
2017-03-08 11:01:22 +01:00
|
|
|
|
if (user_id->flags.revoked)
|
2016-08-29 16:16:44 +02:00
|
|
|
|
continue;
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
2016-08-29 16:16:44 +02:00
|
|
|
|
expired = 1;
|
|
|
|
|
}
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
2016-08-29 16:16:44 +02:00
|
|
|
|
add_to_strlist (&user_id_list, user_id->name);
|
|
|
|
|
user_id_list->flags = expired;
|
|
|
|
|
}
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
2016-08-29 16:16:44 +02:00
|
|
|
|
/* Process the user ids in the order they appear in the key
|
|
|
|
|
block. */
|
|
|
|
|
strlist_rev (&user_id_list);
|
|
|
|
|
|
|
|
|
|
/* It only makes sense to observe any signature before getting
|
|
|
|
|
the validity. This is because if the current signature
|
|
|
|
|
results in a conflict, then we damn well want to take that
|
|
|
|
|
into account. */
|
|
|
|
|
if (sig)
|
|
|
|
|
{
|
2016-09-06 15:45:38 +02:00
|
|
|
|
err = tofu_register_signature (ctrl, main_pk, user_id_list,
|
|
|
|
|
sig->digest, sig->digest_len,
|
|
|
|
|
sig->timestamp, "unknown");
|
2016-08-29 16:16:44 +02:00
|
|
|
|
if (err)
|
|
|
|
|
{
|
|
|
|
|
log_error ("TOFU: error registering signature: %s\n",
|
|
|
|
|
gpg_strerror (err));
|
|
|
|
|
|
|
|
|
|
tofu_validity = TRUST_UNKNOWN;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (! err)
|
|
|
|
|
tofu_validity = tofu_get_validity (ctrl, main_pk, user_id_list,
|
|
|
|
|
may_ask);
|
|
|
|
|
|
|
|
|
|
free_strlist (user_id_list);
|
2016-11-23 12:29:22 +01:00
|
|
|
|
if (free_kb)
|
|
|
|
|
release_kbnode (kb);
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
}
|
2015-10-20 17:32:23 +02:00
|
|
|
|
#endif /*USE_TOFU*/
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
|
|
|
|
if (opt.trust_model == TM_TOFU_PGP
|
|
|
|
|
|| opt.trust_model == TM_CLASSIC
|
|
|
|
|
|| opt.trust_model == TM_PGP)
|
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
err = read_trust_record (ctrl, main_pk, &trec);
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
tdbio_invalid ();
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
|
|
|
|
|
{
|
|
|
|
|
/* No record found. */
|
|
|
|
|
validity = TRUST_UNKNOWN;
|
|
|
|
|
goto leave;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
/* Loop over all user IDs */
|
|
|
|
|
recno = trec.r.trust.validlist;
|
|
|
|
|
validity = 0;
|
|
|
|
|
while (recno)
|
|
|
|
|
{
|
|
|
|
|
read_record (recno, &vrec, RECTYPE_VALID);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
if(uid)
|
|
|
|
|
{
|
|
|
|
|
/* If a user ID is given we return the validity for that
|
|
|
|
|
user ID ONLY. If the namehash is not found, then
|
|
|
|
|
there is no validity at all (i.e. the user ID wasn't
|
|
|
|
|
signed). */
|
|
|
|
|
if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
|
|
|
|
|
{
|
|
|
|
|
validity=(vrec.r.valid.validity & TRUST_MASK);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* If no user ID is given, we take the maximum validity
|
|
|
|
|
over all user IDs */
|
|
|
|
|
if (validity < (vrec.r.valid.validity & TRUST_MASK))
|
|
|
|
|
validity = (vrec.r.valid.validity & TRUST_MASK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
recno = vrec.r.valid.next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((trec.r.trust.ownertrust & TRUST_FLAG_DISABLED))
|
|
|
|
|
{
|
|
|
|
|
validity |= TRUST_FLAG_DISABLED;
|
|
|
|
|
pk->flags.disabled = 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
pk->flags.disabled = 0;
|
|
|
|
|
pk->flags.disabled_valid = 1;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
leave:
|
2015-10-20 17:32:23 +02:00
|
|
|
|
#ifdef USE_TOFU
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
validity = tofu_wot_trust_combine (tofu_validity, validity);
|
2015-10-20 17:32:23 +02:00
|
|
|
|
#else /*!USE_TOFU*/
|
|
|
|
|
validity &= TRUST_MASK;
|
|
|
|
|
|
|
|
|
|
if (validity == TRUST_NEVER)
|
|
|
|
|
/* TRUST_NEVER trumps everything else. */
|
|
|
|
|
validity |= TRUST_NEVER;
|
|
|
|
|
if (validity == TRUST_EXPIRED)
|
|
|
|
|
/* TRUST_EXPIRED trumps everything but TRUST_NEVER. */
|
|
|
|
|
validity |= TRUST_EXPIRED;
|
|
|
|
|
#endif /*!USE_TOFU*/
|
g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
|
|
|
|
|
|
|
|
|
if (opt.trust_model != TM_TOFU
|
|
|
|
|
&& pending_check_trustdb)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
validity |= TRUST_FLAG_PENDING_CHECK;
|
|
|
|
|
|
|
|
|
|
return validity;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
get_validity_counts (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
TRUSTREC trec, vrec;
|
|
|
|
|
ulong recno;
|
|
|
|
|
|
|
|
|
|
if(pk==NULL || uid==NULL)
|
|
|
|
|
BUG();
|
|
|
|
|
|
|
|
|
|
namehash_from_uid(uid);
|
|
|
|
|
|
|
|
|
|
uid->help_marginal_count=uid->help_full_count=0;
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
init_trustdb (ctrl, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
if(read_trust_record (ctrl, pk, &trec))
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* loop over all user IDs */
|
|
|
|
|
recno = trec.r.trust.validlist;
|
|
|
|
|
while (recno)
|
|
|
|
|
{
|
|
|
|
|
read_record (recno, &vrec, RECTYPE_VALID);
|
|
|
|
|
|
|
|
|
|
if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
|
|
|
|
|
{
|
|
|
|
|
uid->help_marginal_count=vrec.r.valid.marginal_count;
|
|
|
|
|
uid->help_full_count=vrec.r.valid.full_count;
|
2015-02-19 17:22:27 +01:00
|
|
|
|
/* es_printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
recno = vrec.r.valid.next;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
list_trust_path( const char *username )
|
|
|
|
|
{
|
2008-10-20 13:53:23 +00:00
|
|
|
|
(void)username;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/****************
|
|
|
|
|
* Enumerate all keys, which are needed to build all trust paths for
|
|
|
|
|
* the given key. This function does not return the key itself or
|
|
|
|
|
* the ultimate key (the last point in cerificate chain). Only
|
|
|
|
|
* certificate chains which ends up at an ultimately trusted key
|
|
|
|
|
* are listed. If ownertrust or validity is not NULL, the corresponding
|
|
|
|
|
* value for the returned LID is also returned in these variable(s).
|
|
|
|
|
*
|
|
|
|
|
* 1) create a void pointer and initialize it to NULL
|
|
|
|
|
* 2) pass this void pointer by reference to this function.
|
|
|
|
|
* Set lid to the key you want to enumerate and pass it by reference.
|
|
|
|
|
* 3) call this function as long as it does not return -1
|
|
|
|
|
* to indicate EOF. LID does contain the next key used to build the web
|
|
|
|
|
* 4) Always call this function a last time with LID set to NULL,
|
|
|
|
|
* so that it can free its context.
|
|
|
|
|
*
|
|
|
|
|
* Returns: -1 on EOF or the level of the returned LID
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
enum_cert_paths( void **context, ulong *lid,
|
|
|
|
|
unsigned *ownertrust, unsigned *validity )
|
|
|
|
|
{
|
2008-10-20 13:53:23 +00:00
|
|
|
|
(void)context;
|
|
|
|
|
(void)lid;
|
|
|
|
|
(void)ownertrust;
|
|
|
|
|
(void)validity;
|
|
|
|
|
return -1;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/****************
|
|
|
|
|
* Print the current path
|
|
|
|
|
*/
|
|
|
|
|
void
|
2008-10-20 13:53:23 +00:00
|
|
|
|
enum_cert_paths_print (void **context, FILE *fp,
|
|
|
|
|
int refresh, ulong selected_lid)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2008-10-20 13:53:23 +00:00
|
|
|
|
(void)context;
|
|
|
|
|
(void)fp;
|
|
|
|
|
(void)refresh;
|
|
|
|
|
(void)selected_lid;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/****************************************
|
|
|
|
|
*********** NEW NEW NEW ****************
|
|
|
|
|
****************************************/
|
|
|
|
|
|
|
|
|
|
static int
|
2016-05-21 11:41:49 +02:00
|
|
|
|
ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
PKT_public_key *pk;
|
|
|
|
|
int rc;
|
|
|
|
|
int ot;
|
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
pk = xmalloc_clear (sizeof *pk);
|
2017-03-31 20:03:52 +02:00
|
|
|
|
rc = get_pubkey (ctrl, pk, kid);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (rc)
|
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
|
log_error (_("public key %s not found: %s\n"),
|
2015-01-22 12:06:11 +01:00
|
|
|
|
keystr(kid), gpg_strerror (rc) );
|
2021-05-20 10:13:51 +02:00
|
|
|
|
free_public_key (pk);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return TRUST_UNKNOWN;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if(opt.force_ownertrust)
|
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
|
log_info("force trust for key %s to %s\n",
|
|
|
|
|
keystr(kid),trust_value_to_string(opt.force_ownertrust));
|
2021-11-13 20:34:06 +01:00
|
|
|
|
tdb_update_ownertrust (ctrl, pk, opt.force_ownertrust, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
ot=opt.force_ownertrust;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2016-05-21 11:41:49 +02:00
|
|
|
|
ot=edit_ownertrust (ctrl, pk, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if(ot>0)
|
2017-03-31 20:03:52 +02:00
|
|
|
|
ot = tdb_get_ownertrust (ctrl, pk, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
else if(ot==0)
|
|
|
|
|
ot = minimum?minimum:TRUST_UNDEFINED;
|
|
|
|
|
else
|
|
|
|
|
ot = -1; /* quit */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free_public_key( pk );
|
|
|
|
|
|
|
|
|
|
return ot;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
mark_keyblock_seen (KeyHashTable tbl, KBNODE node)
|
|
|
|
|
{
|
|
|
|
|
for ( ;node; node = node->next )
|
|
|
|
|
if (node->pkt->pkttype == PKT_PUBLIC_KEY
|
|
|
|
|
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
|
|
|
|
|
{
|
|
|
|
|
u32 aki[2];
|
|
|
|
|
|
|
|
|
|
keyid_from_pk (node->pkt->pkt.public_key, aki);
|
|
|
|
|
add_key_hash_table (tbl, aki);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
dump_key_array (int depth, struct key_array *keys)
|
|
|
|
|
{
|
|
|
|
|
struct key_array *kar;
|
|
|
|
|
|
|
|
|
|
for (kar=keys; kar->keyblock; kar++)
|
|
|
|
|
{
|
|
|
|
|
KBNODE node = kar->keyblock;
|
|
|
|
|
u32 kid[2];
|
|
|
|
|
|
|
|
|
|
keyid_from_pk(node->pkt->pkt.public_key, kid);
|
2015-02-19 17:22:27 +01:00
|
|
|
|
es_printf ("%d:%08lX%08lX:K::%c::::\n",
|
|
|
|
|
depth, (ulong)kid[0], (ulong)kid[1], '?');
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
for (; node; node = node->next)
|
|
|
|
|
{
|
|
|
|
|
if (node->pkt->pkttype == PKT_USER_ID)
|
|
|
|
|
{
|
|
|
|
|
int len = node->pkt->pkt.user_id->len;
|
|
|
|
|
|
|
|
|
|
if (len > 30)
|
|
|
|
|
len = 30;
|
2015-02-19 17:22:27 +01:00
|
|
|
|
es_printf ("%d:%08lX%08lX:U:::%c:::",
|
|
|
|
|
depth, (ulong)kid[0], (ulong)kid[1],
|
|
|
|
|
(node->flag & 4)? 'f':
|
|
|
|
|
(node->flag & 2)? 'm':
|
|
|
|
|
(node->flag & 1)? 'q':'-');
|
2010-03-15 11:15:45 +00:00
|
|
|
|
es_write_sanitized (es_stdout, node->pkt->pkt.user_id->name,
|
|
|
|
|
len, ":", NULL);
|
2015-02-19 17:22:27 +01:00
|
|
|
|
es_putc (':', es_stdout);
|
|
|
|
|
es_putc ('\n', es_stdout);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* Store the validation status as given by the node flags of the
|
|
|
|
|
* KEYBLOCK in the trustdb. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
static void
|
2024-09-25 14:04:59 +02:00
|
|
|
|
store_validation_status (ctrl_t ctrl, int depth, kbnode_t keyblock)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2024-09-25 14:04:59 +02:00
|
|
|
|
kbnode_t node;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
int status;
|
|
|
|
|
int any = 0;
|
|
|
|
|
|
|
|
|
|
for (node=keyblock; node; node = node->next)
|
|
|
|
|
{
|
|
|
|
|
if (node->pkt->pkttype == PKT_USER_ID)
|
|
|
|
|
{
|
|
|
|
|
PKT_user_id *uid = node->pkt->pkt.user_id;
|
2024-09-25 14:04:59 +02:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (node->flag & 4)
|
|
|
|
|
status = TRUST_FULLY;
|
|
|
|
|
else if (node->flag & 2)
|
|
|
|
|
status = TRUST_MARGINAL;
|
|
|
|
|
else if (node->flag & 1)
|
|
|
|
|
status = TRUST_UNDEFINED;
|
|
|
|
|
else
|
|
|
|
|
status = 0;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (status)
|
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
update_validity (ctrl, keyblock->pkt->pkt.public_key,
|
2003-06-05 07:14:21 +00:00
|
|
|
|
uid, depth, status);
|
|
|
|
|
any = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (any)
|
|
|
|
|
do_sync ();
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
|
2007-12-12 16:47:52 +00:00
|
|
|
|
/* Returns a sanitized copy of the regexp (which might be "", but not
|
|
|
|
|
NULL). */
|
2018-10-24 15:56:18 -04:00
|
|
|
|
/* Operator characters except '.' and backslash.
|
2017-11-09 14:03:22 +09:00
|
|
|
|
See regex(7) on BSD. */
|
|
|
|
|
#define REGEXP_OPERATOR_CHARS "^[$()|*+?{"
|
|
|
|
|
|
2007-12-12 16:47:52 +00:00
|
|
|
|
static char *
|
|
|
|
|
sanitize_regexp(const char *old)
|
|
|
|
|
{
|
|
|
|
|
size_t start=0,len=strlen(old),idx=0;
|
|
|
|
|
int escaped=0,standard_bracket=0;
|
|
|
|
|
char *new=xmalloc((len*2)+1); /* enough to \-escape everything if we
|
|
|
|
|
have to */
|
|
|
|
|
|
|
|
|
|
/* There are basically two commonly-used regexps here. GPG and most
|
|
|
|
|
versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
|
2017-04-28 10:06:33 +09:00
|
|
|
|
command line uses "example.com" (i.e. whatever the user specifies,
|
2007-12-12 16:47:52 +00:00
|
|
|
|
and we can't expect users know to use "\." instead of "."). So
|
|
|
|
|
here are the rules: we're allowed to start with "<[^>]+[@.]" and
|
|
|
|
|
end with ">$" or start and end with nothing. In between, the
|
|
|
|
|
only legal regex character is ".", and everything else gets
|
|
|
|
|
escaped. Part of the gotcha here is that some regex packages
|
|
|
|
|
allow more than RFC-4880 requires. For example, 4880 has no "{}"
|
|
|
|
|
operator, but GNU regex does. Commenting removes these operators
|
|
|
|
|
from consideration. A possible future enhancement is to use
|
|
|
|
|
commenting to effectively back off a given regex to the Henry
|
|
|
|
|
Spencer syntax in 4880. -dshaw */
|
|
|
|
|
|
|
|
|
|
/* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
|
|
|
|
|
if(len>=12 && strncmp(old,"<[^>]+[@.]",10)==0
|
|
|
|
|
&& old[len-2]=='>' && old[len-1]=='$')
|
|
|
|
|
{
|
|
|
|
|
strcpy(new,"<[^>]+[@.]");
|
|
|
|
|
idx=strlen(new);
|
|
|
|
|
standard_bracket=1;
|
|
|
|
|
start+=10;
|
|
|
|
|
len-=2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Walk the remaining characters and ensure that everything that is
|
|
|
|
|
left is not an operational regex character. */
|
|
|
|
|
for(;start<len;start++)
|
|
|
|
|
{
|
|
|
|
|
if(!escaped && old[start]=='\\')
|
|
|
|
|
escaped=1;
|
2017-11-09 14:03:22 +09:00
|
|
|
|
else if (!escaped && strchr (REGEXP_OPERATOR_CHARS, old[start]))
|
2007-12-12 16:47:52 +00:00
|
|
|
|
new[idx++]='\\';
|
|
|
|
|
else
|
|
|
|
|
escaped=0;
|
|
|
|
|
|
|
|
|
|
new[idx++]=old[start];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
new[idx]='\0';
|
|
|
|
|
|
|
|
|
|
/* Note that the (sub)string we look at might end with a bare "\".
|
|
|
|
|
If it does, leave it that way. If the regexp actually ended with
|
|
|
|
|
">$", then it was escaping the ">" and is fine. If the regexp
|
|
|
|
|
actually ended with the bare "\", then it's an illegal regexp and
|
|
|
|
|
regcomp should kick it out. */
|
|
|
|
|
|
|
|
|
|
if(standard_bracket)
|
|
|
|
|
strcat(new,">$");
|
|
|
|
|
|
|
|
|
|
return new;
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-28 11:17:39 +02:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/* Used by validate_one_keyblock to confirm a regexp within a trust
|
2022-10-28 11:17:39 +02:00
|
|
|
|
* signature. Returns 1 for match, and 0 for no match or regex
|
|
|
|
|
* error. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
static int
|
2022-10-28 11:17:39 +02:00
|
|
|
|
check_regexp (const char *expr,const char *string)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
int ret;
|
2007-12-12 16:47:52 +00:00
|
|
|
|
char *regexp;
|
2022-10-28 11:17:39 +02:00
|
|
|
|
char *stringbuf = NULL;
|
|
|
|
|
regex_t pat;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2022-10-28 11:17:39 +02:00
|
|
|
|
regexp = sanitize_regexp (expr);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2022-10-28 11:17:39 +02:00
|
|
|
|
ret = regcomp (&pat, regexp, (REG_ICASE|REG_EXTENDED));
|
|
|
|
|
if (!ret)
|
|
|
|
|
{
|
|
|
|
|
if (*regexp == '<' && !strchr (string, '<')
|
|
|
|
|
&& is_valid_mailbox (string))
|
|
|
|
|
{
|
|
|
|
|
/* The R.E. starts with an angle bracket but STRING seems to
|
|
|
|
|
* be a plain mailbox (e.g. "foo@example.org"). The
|
|
|
|
|
* commonly used R.E. pattern "<[^>]+[@.]example\.org>$"
|
|
|
|
|
* won't be able to detect this. Thus we enclose STRING
|
|
|
|
|
* into angle brackets for checking. */
|
|
|
|
|
stringbuf = xstrconcat ("<", string, ">", NULL);
|
|
|
|
|
string = stringbuf;
|
|
|
|
|
}
|
|
|
|
|
ret = regexec (&pat, string, 0, NULL, 0);
|
|
|
|
|
regfree (&pat);
|
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2022-10-28 11:17:39 +02:00
|
|
|
|
ret = !ret;
|
2007-12-12 16:47:52 +00:00
|
|
|
|
|
2022-10-28 11:17:39 +02:00
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
log_debug ("regexp '%s' ('%s') on '%s'%s: %s\n",
|
|
|
|
|
regexp, expr, string, stringbuf? " (fixed)":"", ret? "YES":"NO");
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2022-10-28 11:17:39 +02:00
|
|
|
|
xfree (regexp);
|
|
|
|
|
xfree (stringbuf);
|
2007-12-12 16:47:52 +00:00
|
|
|
|
return ret;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
2022-10-28 11:17:39 +02:00
|
|
|
|
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* This implements steps 6 as described for validate_keys.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* Return true if the key is signed by one of the keys in the given
|
|
|
|
|
* key ID list. User IDs with a valid signature are marked by node
|
|
|
|
|
* flags as follows:
|
|
|
|
|
* flag bit 0: There is at least one signature
|
|
|
|
|
* 1: There is marginal confidence that this is a legitimate uid
|
|
|
|
|
* 2: There is full confidence that this is a legitimate uid.
|
|
|
|
|
* 8: Used for internal purposes.
|
|
|
|
|
* 9: Ditto (in mark_usable_uid_certs())
|
|
|
|
|
* 10: Ditto (ditto)
|
|
|
|
|
* This function assumes that all kbnode flags are cleared on entry.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2017-03-31 20:03:52 +02:00
|
|
|
|
validate_one_keyblock (ctrl_t ctrl, kbnode_t kb, struct key_item *klist,
|
2003-06-05 07:14:21 +00:00
|
|
|
|
u32 curtime, u32 *next_expire)
|
|
|
|
|
{
|
|
|
|
|
struct key_item *kr;
|
|
|
|
|
KBNODE node, uidnode=NULL;
|
|
|
|
|
PKT_user_id *uid=NULL;
|
|
|
|
|
PKT_public_key *pk = kb->pkt->pkt.public_key;
|
|
|
|
|
u32 main_kid[2];
|
|
|
|
|
int issigned=0, any_signed = 0;
|
|
|
|
|
|
|
|
|
|
keyid_from_pk(pk, main_kid);
|
|
|
|
|
for (node=kb; node; node = node->next)
|
|
|
|
|
{
|
|
|
|
|
/* A bit of discussion here: is it better for the web of trust
|
|
|
|
|
to be built among only self-signed uids? On the one hand, a
|
|
|
|
|
self-signed uid is a statement that the key owner definitely
|
|
|
|
|
intended that uid to be there, but on the other hand, a
|
|
|
|
|
signed (but not self-signed) uid does carry trust, of a sort,
|
|
|
|
|
even if it is a statement being made by people other than the
|
|
|
|
|
key owner "through" the uids on the key owner's key. I'm
|
2003-09-23 17:48:33 +00:00
|
|
|
|
going with the latter. However, if the user ID was
|
|
|
|
|
explicitly revoked, or passively allowed to expire, that
|
|
|
|
|
should stop validity through the user ID until it is
|
|
|
|
|
resigned. -dshaw */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2003-09-23 17:48:33 +00:00
|
|
|
|
if (node->pkt->pkttype == PKT_USER_ID
|
2017-03-08 11:01:22 +01:00
|
|
|
|
&& !node->pkt->pkt.user_id->flags.revoked
|
|
|
|
|
&& !node->pkt->pkt.user_id->flags.expired)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
if (uidnode && issigned)
|
|
|
|
|
{
|
|
|
|
|
if (uid->help_full_count >= opt.completes_needed
|
|
|
|
|
|| uid->help_marginal_count >= opt.marginals_needed )
|
2011-02-04 12:57:53 +01:00
|
|
|
|
uidnode->flag |= 4;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
else if (uid->help_full_count || uid->help_marginal_count)
|
|
|
|
|
uidnode->flag |= 2;
|
|
|
|
|
uidnode->flag |= 1;
|
|
|
|
|
any_signed = 1;
|
|
|
|
|
}
|
|
|
|
|
uidnode = node;
|
|
|
|
|
uid=uidnode->pkt->pkt.user_id;
|
2003-09-23 17:48:33 +00:00
|
|
|
|
|
|
|
|
|
/* If the selfsig is going to expire... */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if(uid->expiredate && uid->expiredate<*next_expire)
|
|
|
|
|
*next_expire = uid->expiredate;
|
2003-09-23 17:48:33 +00:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
issigned = 0;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
get_validity_counts (ctrl, pk, uid);
|
|
|
|
|
mark_usable_uid_certs (ctrl, kb, uidnode, main_kid, klist,
|
2003-06-05 07:14:21 +00:00
|
|
|
|
curtime, next_expire);
|
|
|
|
|
}
|
|
|
|
|
else if (node->pkt->pkttype == PKT_SIGNATURE
|
|
|
|
|
&& (node->flag & (1<<8)) && uid)
|
|
|
|
|
{
|
|
|
|
|
/* Note that we are only seeing unrevoked sigs here */
|
|
|
|
|
PKT_signature *sig = node->pkt->pkt.signature;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
kr = is_in_klist (klist, sig);
|
|
|
|
|
/* If the trust_regexp does not match, it's as if the sig
|
|
|
|
|
did not exist. This is safe for non-trust sigs as well
|
|
|
|
|
since we don't accept a regexp on the sig unless it's a
|
|
|
|
|
trust sig. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (kr && (!kr->trust_regexp
|
2015-10-21 13:31:00 +02:00
|
|
|
|
|| !(opt.trust_model == TM_PGP
|
|
|
|
|
|| opt.trust_model == TM_TOFU_PGP)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|| (uidnode
|
2008-12-09 10:46:29 +00:00
|
|
|
|
&& check_regexp(kr->trust_regexp,
|
|
|
|
|
uidnode->pkt->pkt.user_id->name))))
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
/* Are we part of a trust sig chain? We always favor
|
|
|
|
|
the latest trust sig, rather than the greater or
|
|
|
|
|
lesser trust sig or value. I could make a decent
|
|
|
|
|
argument for any of these cases, but this seems to be
|
|
|
|
|
what PGP does, and I'd like to be compatible. -dms */
|
2015-10-21 13:31:00 +02:00
|
|
|
|
if ((opt.trust_model == TM_PGP
|
|
|
|
|
|| opt.trust_model == TM_TOFU_PGP)
|
2008-12-09 10:46:29 +00:00
|
|
|
|
&& sig->trust_depth
|
|
|
|
|
&& pk->trust_timestamp <= sig->timestamp)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2008-12-09 10:46:29 +00:00
|
|
|
|
unsigned char depth;
|
|
|
|
|
|
|
|
|
|
/* If the depth on the signature is less than the
|
|
|
|
|
chain currently has, then use the signature depth
|
|
|
|
|
so we don't increase the depth beyond what the
|
|
|
|
|
signer wanted. If the depth on the signature is
|
|
|
|
|
more than the chain currently has, then use the
|
|
|
|
|
chain depth so we use as much of the signature
|
|
|
|
|
depth as the chain will permit. An ultimately
|
|
|
|
|
trusted signature can restart the depth to
|
|
|
|
|
whatever level it likes. */
|
|
|
|
|
|
|
|
|
|
if (sig->trust_depth < kr->trust_depth
|
|
|
|
|
|| kr->ownertrust == TRUST_ULTIMATE)
|
|
|
|
|
depth = sig->trust_depth;
|
|
|
|
|
else
|
|
|
|
|
depth = kr->trust_depth;
|
|
|
|
|
|
|
|
|
|
if (depth)
|
|
|
|
|
{
|
|
|
|
|
if(DBG_TRUST)
|
|
|
|
|
log_debug ("trust sig on %s, sig depth is %d,"
|
|
|
|
|
" kr depth is %d\n",
|
|
|
|
|
uidnode->pkt->pkt.user_id->name,
|
|
|
|
|
sig->trust_depth,
|
|
|
|
|
kr->trust_depth);
|
|
|
|
|
|
|
|
|
|
/* If we got here, we know that:
|
|
|
|
|
|
|
|
|
|
this is a trust sig.
|
|
|
|
|
|
|
|
|
|
it's a newer trust sig than any previous trust
|
|
|
|
|
sig on this key (not uid).
|
|
|
|
|
|
|
|
|
|
it is legal in that it was either generated by an
|
|
|
|
|
ultimate key, or a key that was part of a trust
|
|
|
|
|
chain, and the depth does not violate the
|
|
|
|
|
original trust sig.
|
|
|
|
|
|
|
|
|
|
if there is a regexp attached, it matched
|
|
|
|
|
successfully.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (DBG_TRUST)
|
|
|
|
|
log_debug ("replacing trust value %d with %d and "
|
|
|
|
|
"depth %d with %d\n",
|
|
|
|
|
pk->trust_value,sig->trust_value,
|
|
|
|
|
pk->trust_depth,depth);
|
|
|
|
|
|
|
|
|
|
pk->trust_value = sig->trust_value;
|
|
|
|
|
pk->trust_depth = depth-1;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2008-12-09 10:46:29 +00:00
|
|
|
|
/* If the trust sig contains a regexp, record it
|
|
|
|
|
on the pk for the next round. */
|
|
|
|
|
if (sig->trust_regexp)
|
|
|
|
|
pk->trust_regexp = sig->trust_regexp;
|
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (kr->ownertrust == TRUST_ULTIMATE)
|
|
|
|
|
uid->help_full_count = opt.completes_needed;
|
|
|
|
|
else if (kr->ownertrust == TRUST_FULLY)
|
|
|
|
|
uid->help_full_count++;
|
|
|
|
|
else if (kr->ownertrust == TRUST_MARGINAL)
|
|
|
|
|
uid->help_marginal_count++;
|
|
|
|
|
issigned = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (uidnode && issigned)
|
|
|
|
|
{
|
|
|
|
|
if (uid->help_full_count >= opt.completes_needed
|
|
|
|
|
|| uid->help_marginal_count >= opt.marginals_needed )
|
2011-02-04 12:57:53 +01:00
|
|
|
|
uidnode->flag |= 4;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
else if (uid->help_full_count || uid->help_marginal_count)
|
|
|
|
|
uidnode->flag |= 2;
|
|
|
|
|
uidnode->flag |= 1;
|
|
|
|
|
any_signed = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return any_signed;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2015-09-16 19:02:35 +02:00
|
|
|
|
search_skipfnc (void *opaque, u32 *kid, int dummy_uid_no)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2015-09-16 19:02:35 +02:00
|
|
|
|
(void)dummy_uid_no;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return test_key_hash_table ((KeyHashTable)opaque, kid);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* This implements steps 4 to 7 as described for validate_keys.
|
|
|
|
|
*
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* Scan all keys and return a key_array of all suitable keys from
|
2024-09-25 14:04:59 +02:00
|
|
|
|
* klist. The caller has to pass keydb handle so that we don't need
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* to create our own. Returns either a key_array or NULL in case of
|
|
|
|
|
* an error. No results found are indicated by an empty array.
|
2024-09-25 14:04:59 +02:00
|
|
|
|
* Caller has to release the returned array.
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*/
|
|
|
|
|
static struct key_array *
|
2017-03-31 20:03:52 +02:00
|
|
|
|
validate_key_list (ctrl_t ctrl, KEYDB_HANDLE hd, KeyHashTable full_trust,
|
2003-06-05 07:14:21 +00:00
|
|
|
|
struct key_item *klist, u32 curtime, u32 *next_expire)
|
|
|
|
|
{
|
|
|
|
|
KBNODE keyblock = NULL;
|
|
|
|
|
struct key_array *keys = NULL;
|
|
|
|
|
size_t nkeys, maxkeys;
|
|
|
|
|
int rc;
|
|
|
|
|
KEYDB_SEARCH_DESC desc;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2024-09-25 14:04:59 +02:00
|
|
|
|
maxkeys = 1000; /* Initially allocate space for 1000 keys. */
|
2003-06-18 19:56:13 +00:00
|
|
|
|
keys = xmalloc ((maxkeys+1) * sizeof *keys);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
nkeys = 0;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
rc = keydb_search_reset (hd);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
2015-01-22 12:06:11 +01:00
|
|
|
|
log_error ("keydb_search_reset failed: %s\n", gpg_strerror (rc));
|
2003-06-18 19:56:13 +00:00
|
|
|
|
xfree (keys);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset (&desc, 0, sizeof desc);
|
|
|
|
|
desc.mode = KEYDB_SEARCH_MODE_FIRST;
|
|
|
|
|
desc.skipfnc = search_skipfnc;
|
|
|
|
|
desc.skipfncvalue = full_trust;
|
2013-01-08 09:43:21 +01:00
|
|
|
|
rc = keydb_search (hd, &desc, 1, NULL);
|
2011-04-29 15:07:11 +02:00
|
|
|
|
if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
keys[nkeys].keyblock = NULL;
|
|
|
|
|
return keys;
|
|
|
|
|
}
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
2015-10-29 10:01:43 +01:00
|
|
|
|
log_error ("keydb_search(first) failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
goto die;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
PKT_public_key *pk;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
rc = keydb_get_keyblock (hd, &keyblock);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (rc)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2015-01-22 12:06:11 +01:00
|
|
|
|
log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
|
2015-10-29 10:01:43 +01:00
|
|
|
|
goto die;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
|
|
|
|
if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
log_debug ("ooops: invalid pkttype %d encountered\n",
|
|
|
|
|
keyblock->pkt->pkttype);
|
|
|
|
|
dump_kbnode (keyblock);
|
|
|
|
|
release_kbnode(keyblock);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* prepare the keyblock for further processing */
|
2017-03-31 20:03:52 +02:00
|
|
|
|
merge_keys_and_selfsig (ctrl, keyblock);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
clear_kbnode_flags (keyblock);
|
|
|
|
|
pk = keyblock->pkt->pkt.public_key;
|
2010-10-20 11:33:50 +00:00
|
|
|
|
if (pk->has_expired || pk->flags.revoked)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* Step 5: Mark revoked and expired keys.
|
|
|
|
|
* (it does not make sense to look further at those keys.) */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
mark_keyblock_seen (full_trust, keyblock);
|
|
|
|
|
}
|
2017-03-31 20:03:52 +02:00
|
|
|
|
else if (validate_one_keyblock (ctrl, keyblock, klist,
|
|
|
|
|
curtime, next_expire))
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* Step 6 has been done by validate_one_keyblock. This here
|
|
|
|
|
* is step 7. */
|
|
|
|
|
kbnode_t node;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
if (pk->expiredate && pk->expiredate >= curtime
|
|
|
|
|
&& pk->expiredate < *next_expire)
|
|
|
|
|
*next_expire = pk->expiredate;
|
|
|
|
|
|
|
|
|
|
if (nkeys == maxkeys) {
|
|
|
|
|
maxkeys += 1000;
|
2003-06-18 19:56:13 +00:00
|
|
|
|
keys = xrealloc (keys, (maxkeys+1) * sizeof *keys);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
keys[nkeys++].keyblock = keyblock;
|
|
|
|
|
|
|
|
|
|
/* Optimization - if all uids are fully trusted, then we
|
|
|
|
|
never need to consider this key as a candidate again. */
|
|
|
|
|
|
|
|
|
|
for (node=keyblock; node; node = node->next)
|
|
|
|
|
if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 4))
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
if(node==NULL)
|
|
|
|
|
mark_keyblock_seen (full_trust, keyblock);
|
|
|
|
|
|
|
|
|
|
keyblock = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
release_kbnode (keyblock);
|
|
|
|
|
keyblock = NULL;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2015-11-17 14:38:03 +01:00
|
|
|
|
while (!(rc = keydb_search (hd, &desc, 1, NULL)));
|
2013-01-08 09:43:21 +01:00
|
|
|
|
|
2011-04-29 15:07:11 +02:00
|
|
|
|
if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2015-01-22 12:06:11 +01:00
|
|
|
|
log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
|
2015-10-29 10:01:43 +01:00
|
|
|
|
goto die;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keys[nkeys].keyblock = NULL;
|
|
|
|
|
return keys;
|
2015-10-29 10:01:43 +01:00
|
|
|
|
|
|
|
|
|
die:
|
|
|
|
|
keys[nkeys].keyblock = NULL;
|
|
|
|
|
release_key_array (keys);
|
|
|
|
|
return NULL;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
/* Caller must sync */
|
|
|
|
|
static void
|
2017-03-31 20:03:52 +02:00
|
|
|
|
reset_trust_records (ctrl_t ctrl)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
|
TRUSTREC rec;
|
|
|
|
|
ulong recnum;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
int count = 0, nreset = 0;
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2006-04-19 11:26:11 +00:00
|
|
|
|
if(rec.rectype==RECTYPE_TRUST)
|
|
|
|
|
{
|
|
|
|
|
count++;
|
|
|
|
|
if(rec.r.trust.min_ownertrust)
|
|
|
|
|
{
|
|
|
|
|
rec.r.trust.min_ownertrust=0;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &rec);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
else if(rec.rectype==RECTYPE_VALID
|
|
|
|
|
&& ((rec.r.valid.validity&TRUST_MASK)
|
|
|
|
|
|| rec.r.valid.marginal_count
|
|
|
|
|
|| rec.r.valid.full_count))
|
|
|
|
|
{
|
|
|
|
|
rec.r.valid.validity &= ~TRUST_MASK;
|
|
|
|
|
rec.r.valid.marginal_count=rec.r.valid.full_count=0;
|
|
|
|
|
nreset++;
|
2017-03-31 20:03:52 +02:00
|
|
|
|
write_record (ctrl, &rec);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
}
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (opt.verbose)
|
2016-01-18 11:20:15 +01:00
|
|
|
|
{
|
|
|
|
|
log_info (ngettext("%d key processed",
|
|
|
|
|
"%d keys processed",
|
|
|
|
|
count), count);
|
|
|
|
|
log_printf (ngettext(" (%d validity count cleared)\n",
|
|
|
|
|
" (%d validity counts cleared)\n",
|
|
|
|
|
nreset), nreset);
|
|
|
|
|
}
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Run the key validation procedure.
|
|
|
|
|
*
|
|
|
|
|
* This works this way:
|
|
|
|
|
* Step 1: Find all ultimately trusted keys (UTK).
|
|
|
|
|
* mark them all as seen and put them into klist.
|
2024-09-25 14:04:59 +02:00
|
|
|
|
* Step 2: loop max_cert_depth
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* Step 3: if OWNERTRUST of any key in klist is undefined
|
|
|
|
|
* ask user to assign ownertrust
|
2011-02-04 12:57:53 +01:00
|
|
|
|
* Step 4: Loop over all keys in the keyDB which are not marked seen
|
2003-06-05 07:14:21 +00:00
|
|
|
|
* Step 5: if key is revoked or expired
|
|
|
|
|
* mark key as seen
|
|
|
|
|
* continue loop at Step 4
|
|
|
|
|
* Step 6: For each user ID of that key signed by a key in klist
|
|
|
|
|
* Calculate validity by counting trusted signatures.
|
|
|
|
|
* Set validity of user ID
|
|
|
|
|
* Step 7: If any signed user ID was found
|
|
|
|
|
* mark key as seen
|
|
|
|
|
* End Loop
|
|
|
|
|
* Step 8: Build a new klist from all fully trusted keys from step 6
|
|
|
|
|
* End Loop
|
2011-02-04 12:57:53 +01:00
|
|
|
|
* Ready
|
2003-06-05 07:14:21 +00:00
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2016-05-21 11:41:49 +02:00
|
|
|
|
validate_keys (ctrl_t ctrl, int interactive)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
int rc = 0;
|
|
|
|
|
int quit=0;
|
2024-09-25 15:15:51 +02:00
|
|
|
|
struct key_item *valid_utk_list = NULL;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
struct key_item *klist = NULL;
|
|
|
|
|
struct key_item *k;
|
|
|
|
|
struct key_array *keys = NULL;
|
|
|
|
|
struct key_array *kar;
|
|
|
|
|
KEYDB_HANDLE kdb = NULL;
|
|
|
|
|
KBNODE node;
|
|
|
|
|
int depth;
|
|
|
|
|
int ot_unknown, ot_undefined, ot_never, ot_marginal, ot_full, ot_ultimate;
|
2024-09-25 14:04:59 +02:00
|
|
|
|
KeyHashTable used, full_trust;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
u32 start_time, next_expire;
|
|
|
|
|
|
2006-04-19 11:26:11 +00:00
|
|
|
|
/* Make sure we have all sigs cached. TODO: This is going to
|
2015-11-16 12:41:46 +01:00
|
|
|
|
require some architectural re-thinking, as it is agonizingly slow.
|
2006-04-19 11:26:11 +00:00
|
|
|
|
Perhaps combine this with reset_trust_records(), or only check
|
|
|
|
|
the caches on keys that are actually involved in the web of
|
|
|
|
|
trust. */
|
2017-03-31 20:03:52 +02:00
|
|
|
|
keydb_rebuild_caches (ctrl, 0);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
2019-09-09 14:34:09 +02:00
|
|
|
|
kdb = keydb_new (ctrl);
|
2015-12-03 12:18:32 +01:00
|
|
|
|
if (!kdb)
|
|
|
|
|
return gpg_error_from_syserror ();
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
start_time = make_timestamp ();
|
|
|
|
|
next_expire = 0xffffffff; /* set next expire to the year 2106 */
|
|
|
|
|
used = new_key_hash_table ();
|
|
|
|
|
full_trust = new_key_hash_table ();
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
reset_trust_records (ctrl);
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* Step 1 */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
/* Fixme: Instead of always building a UTK list, we could just build it
|
|
|
|
|
* here when needed */
|
|
|
|
|
|
2024-09-25 15:15:51 +02:00
|
|
|
|
/* Mark all usable UTKs as used and fully_trusted and set validity
|
|
|
|
|
* to ultimate. Create a list of these UTKs for further processing. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
for (k=utk_list; k; k = k->next)
|
|
|
|
|
{
|
2024-09-25 15:15:51 +02:00
|
|
|
|
kbnode_t keyblock;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
PKT_public_key *pk;
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
keyblock = get_pubkeyblock (ctrl, k->kid);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (!keyblock)
|
|
|
|
|
{
|
2024-10-30 08:13:55 +01:00
|
|
|
|
log_info (_("Note: ultimately trusted key %s not found\n"),
|
2024-09-25 14:04:59 +02:00
|
|
|
|
keystr(k->kid));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
continue;
|
|
|
|
|
}
|
2024-09-25 14:04:59 +02:00
|
|
|
|
pk = keyblock->pkt->pkt.public_key;
|
2024-09-25 15:15:51 +02:00
|
|
|
|
if (pk->has_expired)
|
|
|
|
|
{
|
2024-10-30 08:13:55 +01:00
|
|
|
|
log_info (_("Note: ultimately trusted key %s expired\n"),
|
2024-09-25 15:15:51 +02:00
|
|
|
|
keystr(k->kid));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
struct key_item *ki = copy_key_item (k);
|
|
|
|
|
ki->next = valid_utk_list;
|
|
|
|
|
valid_utk_list = ki;
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
mark_keyblock_seen (used, keyblock);
|
|
|
|
|
mark_keyblock_seen (full_trust, keyblock);
|
|
|
|
|
for (node=keyblock; node; node = node->next)
|
|
|
|
|
{
|
|
|
|
|
if (node->pkt->pkttype == PKT_USER_ID)
|
2017-03-31 20:03:52 +02:00
|
|
|
|
update_validity (ctrl, pk, node->pkt->pkt.user_id,
|
|
|
|
|
0, TRUST_ULTIMATE);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
if ( pk->expiredate && pk->expiredate >= start_time
|
|
|
|
|
&& pk->expiredate < next_expire)
|
|
|
|
|
next_expire = pk->expiredate;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
release_kbnode (keyblock);
|
|
|
|
|
do_sync ();
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* In the TOFU trust model, we only need to save the ultimately
|
|
|
|
|
trusted keys. */
|
2015-10-21 13:28:15 +02:00
|
|
|
|
if (opt.trust_model == TM_TOFU)
|
|
|
|
|
goto leave;
|
|
|
|
|
|
2024-09-25 15:15:51 +02:00
|
|
|
|
if (!valid_utk_list)
|
|
|
|
|
{
|
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
log_info (_("no ultimately trusted keys found\n"));
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
klist = valid_utk_list;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2016-03-19 14:43:18 +01:00
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
log_info ("marginals needed: %d completes needed: %d trust model: %s\n",
|
2016-05-02 19:10:59 +02:00
|
|
|
|
opt.marginals_needed, opt.completes_needed,
|
|
|
|
|
trust_model_string (opt.trust_model));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2024-09-25 14:04:59 +02:00
|
|
|
|
/* Step 2 */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
for (depth=0; depth < opt.max_cert_depth; depth++)
|
|
|
|
|
{
|
2024-09-25 14:04:59 +02:00
|
|
|
|
int valids = 0;
|
|
|
|
|
int key_count;
|
|
|
|
|
|
|
|
|
|
/* Step 3: See whether we should assign ownertrust values to the
|
|
|
|
|
* keys in klist. */
|
2003-06-05 07:14:21 +00:00
|
|
|
|
ot_unknown = ot_undefined = ot_never = 0;
|
|
|
|
|
ot_marginal = ot_full = ot_ultimate = 0;
|
|
|
|
|
for (k=klist; k; k = k->next)
|
|
|
|
|
{
|
|
|
|
|
int min=0;
|
|
|
|
|
|
|
|
|
|
/* 120 and 60 are as per RFC2440 */
|
|
|
|
|
if(k->trust_value>=120)
|
|
|
|
|
min=TRUST_FULLY;
|
|
|
|
|
else if(k->trust_value>=60)
|
|
|
|
|
min=TRUST_MARGINAL;
|
|
|
|
|
|
|
|
|
|
if(min!=k->min_ownertrust)
|
2017-03-31 20:03:52 +02:00
|
|
|
|
update_min_ownertrust (ctrl, k->kid,min);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
|
|
|
|
if (interactive && k->ownertrust == TRUST_UNKNOWN)
|
|
|
|
|
{
|
2016-05-21 11:41:49 +02:00
|
|
|
|
k->ownertrust = ask_ownertrust (ctrl, k->kid,min);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2010-10-20 11:33:50 +00:00
|
|
|
|
if (k->ownertrust == (unsigned int)(-1))
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
quit=1;
|
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This can happen during transition from an old trustdb
|
|
|
|
|
before trust sigs. It can also happen if a user uses two
|
|
|
|
|
different versions of GnuPG or changes the --trust-model
|
|
|
|
|
setting. */
|
|
|
|
|
if(k->ownertrust<min)
|
|
|
|
|
{
|
|
|
|
|
if(DBG_TRUST)
|
2006-04-19 11:26:11 +00:00
|
|
|
|
log_debug("key %08lX%08lX:"
|
2012-06-05 19:29:22 +02:00
|
|
|
|
" overriding ownertrust '%s' with '%s'\n",
|
2006-04-19 11:26:11 +00:00
|
|
|
|
(ulong)k->kid[0],(ulong)k->kid[1],
|
2003-06-05 07:14:21 +00:00
|
|
|
|
trust_value_to_string(k->ownertrust),
|
|
|
|
|
trust_value_to_string(min));
|
|
|
|
|
|
|
|
|
|
k->ownertrust=min;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (k->ownertrust == TRUST_UNKNOWN)
|
|
|
|
|
ot_unknown++;
|
|
|
|
|
else if (k->ownertrust == TRUST_UNDEFINED)
|
|
|
|
|
ot_undefined++;
|
|
|
|
|
else if (k->ownertrust == TRUST_NEVER)
|
|
|
|
|
ot_never++;
|
|
|
|
|
else if (k->ownertrust == TRUST_MARGINAL)
|
|
|
|
|
ot_marginal++;
|
|
|
|
|
else if (k->ownertrust == TRUST_FULLY)
|
|
|
|
|
ot_full++;
|
|
|
|
|
else if (k->ownertrust == TRUST_ULTIMATE)
|
|
|
|
|
ot_ultimate++;
|
2006-04-19 11:26:11 +00:00
|
|
|
|
|
|
|
|
|
valids++;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
2024-09-25 15:15:51 +02:00
|
|
|
|
/* Step 4: Find all keys which are signed by a key in klist */
|
2017-03-31 20:03:52 +02:00
|
|
|
|
keys = validate_key_list (ctrl, kdb, full_trust, klist,
|
2003-06-05 07:14:21 +00:00
|
|
|
|
start_time, &next_expire);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (!keys)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
|
|
|
|
log_error ("validate_key_list failed\n");
|
2015-01-22 12:06:11 +01:00
|
|
|
|
rc = GPG_ERR_GENERAL;
|
2003-06-05 07:14:21 +00:00
|
|
|
|
goto leave;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (key_count=0, kar=keys; kar->keyblock; kar++, key_count++)
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
/* Store the calculated valididation status somewhere */
|
2015-05-08 16:30:04 +02:00
|
|
|
|
if (opt.verbose > 1 && DBG_TRUST)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
dump_key_array (depth, keys);
|
|
|
|
|
|
|
|
|
|
for (kar=keys; kar->keyblock; kar++)
|
2024-09-25 14:04:59 +02:00
|
|
|
|
store_validation_status (ctrl, depth, kar->keyblock);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2016-03-19 14:43:18 +01:00
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
log_info (_("depth: %d valid: %3d signed: %3d"
|
|
|
|
|
" trust: %d-, %dq, %dn, %dm, %df, %du\n"),
|
|
|
|
|
depth, valids, key_count, ot_unknown, ot_undefined,
|
|
|
|
|
ot_never, ot_marginal, ot_full, ot_ultimate );
|
2003-06-05 07:14:21 +00:00
|
|
|
|
|
2024-09-25 15:15:51 +02:00
|
|
|
|
/* Step 8: Build a new klist from all fully valid keys in KEYS */
|
|
|
|
|
if (klist != valid_utk_list)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
release_key_items (klist);
|
|
|
|
|
klist = NULL;
|
|
|
|
|
for (kar=keys; kar->keyblock; kar++)
|
|
|
|
|
{
|
|
|
|
|
for (node=kar->keyblock; node; node = node->next)
|
|
|
|
|
{
|
|
|
|
|
if (node->pkt->pkttype == PKT_USER_ID && (node->flag & 4))
|
|
|
|
|
{
|
|
|
|
|
u32 kid[2];
|
|
|
|
|
|
|
|
|
|
/* have we used this key already? */
|
|
|
|
|
keyid_from_pk (kar->keyblock->pkt->pkt.public_key, kid);
|
|
|
|
|
if(test_key_hash_table(used,kid)==0)
|
|
|
|
|
{
|
|
|
|
|
/* Normally we add both the primary and subkey
|
|
|
|
|
ids to the hash via mark_keyblock_seen, but
|
|
|
|
|
since we aren't using this hash as a skipfnc,
|
|
|
|
|
that doesn't matter here. */
|
|
|
|
|
add_key_hash_table (used,kid);
|
|
|
|
|
k = new_key_item ();
|
|
|
|
|
k->kid[0]=kid[0];
|
|
|
|
|
k->kid[1]=kid[1];
|
|
|
|
|
k->ownertrust =
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
|
(tdb_get_ownertrust
|
2017-03-31 20:03:52 +02:00
|
|
|
|
(ctrl, kar->keyblock->pkt->pkt.public_key, 0)
|
|
|
|
|
& TRUST_MASK);
|
gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
2014-02-10 17:05:54 +01:00
|
|
|
|
k->min_ownertrust = tdb_get_min_ownertrust
|
2017-03-31 20:03:52 +02:00
|
|
|
|
(ctrl, kar->keyblock->pkt->pkt.public_key, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
k->trust_depth=
|
|
|
|
|
kar->keyblock->pkt->pkt.public_key->trust_depth;
|
|
|
|
|
k->trust_value=
|
|
|
|
|
kar->keyblock->pkt->pkt.public_key->trust_value;
|
|
|
|
|
if(kar->keyblock->pkt->pkt.public_key->trust_regexp)
|
|
|
|
|
k->trust_regexp=
|
2006-04-19 11:26:11 +00:00
|
|
|
|
xstrdup(kar->keyblock->pkt->
|
2003-06-05 07:14:21 +00:00
|
|
|
|
pkt.public_key->trust_regexp);
|
|
|
|
|
k->next = klist;
|
|
|
|
|
klist = k;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
release_key_array (keys);
|
|
|
|
|
keys = NULL;
|
|
|
|
|
if (!klist)
|
|
|
|
|
break; /* no need to dive in deeper */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
leave:
|
|
|
|
|
keydb_release (kdb);
|
|
|
|
|
release_key_array (keys);
|
2024-09-25 15:15:51 +02:00
|
|
|
|
if (klist != valid_utk_list)
|
2015-10-21 13:36:12 +02:00
|
|
|
|
release_key_items (klist);
|
2024-09-25 15:15:51 +02:00
|
|
|
|
release_key_items (valid_utk_list);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
release_key_hash_table (full_trust);
|
|
|
|
|
release_key_hash_table (used);
|
|
|
|
|
if (!rc && !quit) /* mark trustDB as checked */
|
|
|
|
|
{
|
2015-10-29 10:09:58 +01:00
|
|
|
|
int rc2;
|
|
|
|
|
|
2003-06-05 07:14:21 +00:00
|
|
|
|
if (next_expire == 0xffffffff || next_expire < start_time )
|
2017-03-31 20:03:52 +02:00
|
|
|
|
tdbio_write_nextcheck (ctrl, 0);
|
2003-06-05 07:14:21 +00:00
|
|
|
|
else
|
|
|
|
|
{
|
2017-03-31 20:03:52 +02:00
|
|
|
|
tdbio_write_nextcheck (ctrl, next_expire);
|
2016-03-19 14:43:18 +01:00
|
|
|
|
if (!opt.quiet)
|
|
|
|
|
log_info (_("next trustdb check due at %s\n"),
|
|
|
|
|
strtimestamp (next_expire));
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
2017-03-31 20:03:52 +02:00
|
|
|
|
rc2 = tdbio_update_version_record (ctrl);
|
2015-10-29 10:09:58 +01:00
|
|
|
|
if (rc2)
|
2003-06-05 07:14:21 +00:00
|
|
|
|
{
|
2015-10-29 10:09:58 +01:00
|
|
|
|
log_error (_("unable to update trustdb version record: "
|
|
|
|
|
"write failed: %s\n"), gpg_strerror (rc2));
|
|
|
|
|
tdbio_invalid ();
|
2003-06-05 07:14:21 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do_sync ();
|
|
|
|
|
pending_check_trustdb = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|