1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.

* g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD.
(FULL_TRUST_THRESHOLD): New.
(write_stats_status): New.
(show_statistics): Call new function.  Print TOFU_STATS_LONG.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-05-03 10:26:55 +02:00
parent ae1889320b
commit 83865be35c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 105 additions and 8 deletions

View File

@ -668,10 +668,54 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- shell :: The standard X.509 model. - shell :: The standard X.509 model.
- chain :: The chain model. - chain :: The chain model.
- steed :: The STEED model. - steed :: The STEED model.
- tofu :: The TOFU model
Note that the term =TRUST_= in the status names is used for Note that the term =TRUST_= in the status names is used for
historic reasons; we now speak of validity. historic reasons; we now speak of validity.
*** TOFU_USER <fingerprint_in_hex> <mbox>
This status identifies the key and the userid for all following
Tofu information. The fingerprint is the fingerprint of the
primary key and the mbox is in general the mailbox part of the
userid encoded in UTF-8 and percent escaped.
*** TOFU_STATS <validity> <sign-count> 0 [<policy> [<tm1> <tm2>]]
Statistics for the current user id.
Values for VALIDITY are:
- 0 :: conflict
- 1 :: key without history
- 2 :: key with too little history
- 3 :: key with enough history for basic trust
- 4 :: key with a lot of history
Values for POLICY are:
- none :: No Policy set
- auto :: Policy is "auto"
- good :: Policy is "good"
- bad :: Policy is "bad"
- ask :: Policy is "ask"
- unknown :: Policy is not known.
TM1 gives the number of seconds since the the first messages was
verified. TM2 gives the number of seconds since the most recent
message was verified.
*** TOFU_STATS_SHORT <long_string>
Information about the TOFU binding for the signature.
Example: "15 signatures verified. 10 messages encrypted"
*** TOFU_STATS_LONG <long_string>
Information about the TOFU binding for the signature in verbose
format. The LONG_STRING is percent escaped.
Example: 'Verified 9 messages signed by "Werner Koch
(dist sig)" in the past 3 minutes, 40 seconds. The most
recent message was verified 4 seconds ago.'
*** PKA_TRUST_ *** PKA_TRUST_
This is is one: This is is one:

View File

@ -47,8 +47,12 @@
#define CONTROL_L ('L' - 'A' + 1) #define CONTROL_L ('L' - 'A' + 1)
/* Number of signed messages required to not show extra warnings. */ /* Number of signed messages required to indicate that enough history
#define NO_WARNING_THRESHOLD 10 * is available for basic trust. */
#define BASIC_TRUST_THRESHOLD 10
/* Number of signed messages required to indicate that a lot of
* history is available. */
#define FULL_TRUST_THRESHOLD 100
#define DEBUG_TOFU_CACHE 0 #define DEBUG_TOFU_CACHE 0
@ -2365,6 +2369,40 @@ time_ago_str (long long int t)
} }
/* Write TOFU_STATS status line. */
static void
write_stats_status (long messages, enum tofu_policy policy,
long first_seen_ago, long most_recent_seen_ago)
{
char numbuf1[35];
char numbuf2[35];
char numbuf3[35];
const char *validity;
if (messages < 1)
validity = "1"; /* Key without history. */
else if (messages < BASIC_TRUST_THRESHOLD)
validity = "2"; /* Key with too little history. */
else if (messages < FULL_TRUST_THRESHOLD)
validity = "3"; /* Key with enough history for basic trust. */
else
validity = "4"; /* Key with a lot of history. */
snprintf (numbuf1, sizeof numbuf1, " %ld", messages);
*numbuf2 = *numbuf3 = 0;
if (first_seen_ago >= 0 && most_recent_seen_ago >= 0)
{
snprintf (numbuf2, sizeof numbuf2, " %ld", first_seen_ago);
snprintf (numbuf3, sizeof numbuf3, " %ld", most_recent_seen_ago);
}
write_status_strings (STATUS_TOFU_STATS,
validity, numbuf1, " 0",
" ", tofu_policy_str (policy),
numbuf2, numbuf3,
NULL);
}
static void static void
show_statistics (struct dbs *dbs, const char *fingerprint, show_statistics (struct dbs *dbs, const char *fingerprint,
const char *email, const char *user_id, const char *email, const char *user_id,
@ -2407,8 +2445,11 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
email, strlen (email), 0); email, strlen (email), 0);
if (! strlist) if (! strlist)
{
log_info (_("Have never verified a message signed by key %s!\n"), log_info (_("Have never verified a message signed by key %s!\n"),
fingerprint_pp); fingerprint_pp);
write_stats_status (0, TOFU_POLICY_NONE, -1, -1);
}
else else
{ {
signed long messages; signed long messages;
@ -2432,15 +2473,21 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
} }
if (messages == -1 || first_seen_ago == 0) if (messages == -1 || first_seen_ago == 0)
{
write_stats_status (0, TOFU_POLICY_NONE, -1, -1);
log_info (_("Failed to collect signature statistics for \"%s\"\n" log_info (_("Failed to collect signature statistics for \"%s\"\n"
"(key %s)\n"), "(key %s)\n"),
user_id, fingerprint_pp); user_id, fingerprint_pp);
}
else else
{ {
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL); enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
estream_t fp; estream_t fp;
char *msg; char *msg;
write_stats_status (messages, policy,
first_seen_ago, most_recent_seen_ago);
fp = es_fopenmem (0, "rw,samethread"); fp = es_fopenmem (0, "rw,samethread");
if (! fp) if (! fp)
log_fatal ("error creating memory stream: %s\n", log_fatal ("error creating memory stream: %s\n",
@ -2497,12 +2544,18 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
for (p=msg; *p; p++) for (p=msg; *p; p++)
if (*p == '~') if (*p == '~')
*p = ' '; *p = ' ';
/* Print a status line but suppress the trailing LF.
* Spaces are not percent escaped. */
if (*msg)
write_status_buffer (STATUS_TOFU_STATS_LONG,
msg, strlen (msg)-1, -1);
} }
log_string (GPGRT_LOG_INFO, msg); log_string (GPGRT_LOG_INFO, msg);
xfree (msg); xfree (msg);
if (policy == TOFU_POLICY_AUTO && messages < NO_WARNING_THRESHOLD) if (policy == TOFU_POLICY_AUTO && messages < BASIC_TRUST_THRESHOLD)
{ {
char *set_policy_command; char *set_policy_command;
char *text; char *text;