gpg: Extend the TRUST_ status lines.

* g10/pkclist.c (write_trust_status): Add arg mbox. (check_signatures_trust): Appenmd mbox to the status lines. -- GnuPG-bug-id: 4735 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-09 10:56:32 +02:00 · 2020-06-09 10:56:32 +02:00 · 96f1ed5468
parent da5e0bc31b
commit 96f1ed5468
2 changed files with 63 additions and 22 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -778,30 +778,51 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 *** TRUST_
    These are several similar status codes:

-    - TRUST_UNDEFINED <error_token>
-    - TRUST_NEVER     <error_token>
-    - TRUST_MARGINAL  [0  [<validation_model>]]
-    - TRUST_FULLY     [0  [<validation_model>]]
-    - TRUST_ULTIMATE  [0  [<validation_model>]]
+#+begin_src
+    - TRUST_UNDEFINED <error_token> [<validation_model> [<mbox>]]
+    - TRUST_NEVER     <error_token> [<validation_model> [<mbox>]]
+    - TRUST_MARGINAL  0  [<validation_model> [<mbox>]]
+    - TRUST_FULLY     0  [<validation_model> [<mbox>]]
+    - TRUST_ULTIMATE  0  [<validation_model> [<mbox>]]
+#+end_src

    For good signatures one of these status lines are emitted to
    indicate the validity of the key used to create the signature.
-    The error token values are currently only emitted by gpgsm.
+    <error_token> values other that a literal zero are currently only
+    emitted by gpgsm.

    VALIDATION_MODEL describes the algorithm used to check the
    validity of the key.  The defaults are the standard Web of Trust
    model for gpg and the standard X.509 model for gpgsm.  The
    defined values are

-       - pgp   :: The standard PGP WoT.
-       - shell :: The standard X.509 model.
-       - chain :: The chain model.
-       - steed :: The STEED model.
-       - tofu  :: The TOFU model
+       - classic  :: The classic PGP WoT model.
+       - pgp      :: The standard PGP WoT.
+       - external :: The external PGP trust model.
+       - tofu     :: The GPG Trust-On-First-Use model.
+       - tofu+pgp :: Ditto but combined with mopdel "pgp".
+       - always   :: The Always trust model.
+       - direct   :: The Direct Trust model.
+       - shell    :: The Standard X.509 model.
+       - chain    :: The Chain model.
+       - steed    :: The STEED model.
+       - unknown  :: An unknown trust model.

    Note that the term =TRUST_= in the status names is used for
    historic reasons; we now speak of validity.

+    MBOX is the UTF-8 encoded and percent escaped addr-spec of the
+    User ID used to compute the validity of a signature.  If this is
+    not known the validity is computed on the key with no specific
+    User ID.  Note that MBOX is always the addr-spec of the User ID;
+    for User IDs without a proper addr-spec a dash is used to
+    distinguish this from the case that no User ID at all is known.
+    The MBOX is either taken from the Signer's User ID signature
+    sub-packet or from the addr-spec passed to gpg using the --sender
+    option.  If both are available and they don't match
+    TRUST_UNDEFINED along with an error code is emitted.  MBOX is not
+    used by gpgsm.
+
 *** TOFU_USER <fingerprint_in_hex> <mbox>

    This status identifies the key and the userid for all following
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -520,9 +520,10 @@ do_we_trust_pre (ctrl_t ctrl, PKT_public_key *pk, unsigned int trustlevel )
 }


-/* Write a TRUST_foo status line inclduing the validation model.  */
+/* Write a TRUST_foo status line including the validation model and if
+ * MBOX is not NULL the targeted User ID's mbox.  */
 static void
-write_trust_status (int statuscode, int trustlevel)
+write_trust_status (int statuscode, int trustlevel, const char *mbox)
 {
 #ifdef NO_TRUST_MODELS
  write_status (statuscode);
@ -535,7 +536,18 @@ write_trust_status (int statuscode, int trustlevel)
    tm = (trustlevel & TRUST_FLAG_TOFU_BASED)? TM_TOFU : TM_PGP;
  else
    tm = opt.trust_model;
-  write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
+
+  if (mbox)
+    {
+      char *escmbox = percent_escape (mbox, NULL);
+
+      write_status_strings (statuscode, "0 ", trust_model_string (tm),
+                            " ", escmbox? escmbox : "?", NULL);
+      xfree (escmbox);
+    }
+  else
+    write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
+
 #endif /* NO_TRUST_MODELS */
 }

@ -568,6 +580,7 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
  PKT_public_key *mainpk;
  PKT_user_id *targetuid;
  const char *testedtarget = NULL;
+  const char *statusmbox = NULL;
  kbnode_t n;

  if (opt.trust_model == TM_ALWAYS)
@ -643,11 +656,18 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
          testedtarget = targetuid->mbox;
          targetuid = NULL;
        }
-
-      if (opt.verbose && targetuid)
-        log_info (_("checking User ID \"%s\"\n"), targetuid->mbox);
    }

+  if (uidbased && !targetuid)
+    statusmbox = testedtarget? testedtarget : sig->signers_uid;
+  else if (uidbased)
+    statusmbox = targetuid->mbox;
+  else
+    statusmbox = NULL;
+
+  if (opt.verbose && statusmbox)
+    log_info (_("checking User ID \"%s\"\n"), statusmbox);
+
  trustlevel = get_validity (ctrl, NULL, pk, targetuid, sig, 1);
  if (uidbased && !targetuid)
    {
@ -755,7 +775,7 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
      /* fall through */
    case TRUST_UNKNOWN:
    case TRUST_UNDEFINED:
-      write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel);
+      write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel, statusmbox);
      if (uidbased)
        log_info(_("WARNING: The key's User ID is not certified with"
                   " a trusted signature!\n"));
@ -770,7 +790,7 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
    case TRUST_NEVER:
      /* This level can be returned by TOFU, which supports negative
       * assertions.  */
-      write_trust_status (STATUS_TRUST_NEVER, trustlevel);
+      write_trust_status (STATUS_TRUST_NEVER, trustlevel, statusmbox);
      log_info(_("WARNING: We do NOT trust this key!\n"));
      log_info(_("         The signature is probably a FORGERY.\n"));
      if (opt.with_fingerprint)
@ -779,7 +799,7 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
      break;

    case TRUST_MARGINAL:
-      write_trust_status (STATUS_TRUST_MARGINAL, trustlevel);
+      write_trust_status (STATUS_TRUST_MARGINAL, trustlevel, statusmbox);
      if (uidbased)
        log_info(_("WARNING: The key's User ID is not certified with"
                 " sufficiently trusted signatures!\n"));
@ -792,13 +812,13 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
      break;

    case TRUST_FULLY:
-      write_trust_status (STATUS_TRUST_FULLY, trustlevel);
+      write_trust_status (STATUS_TRUST_FULLY, trustlevel, statusmbox);
      if (opt.with_fingerprint)
        print_fingerprint (ctrl, NULL, pk, 1);
      break;

    case TRUST_ULTIMATE:
-      write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel);
+      write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel, statusmbox);
      if (opt.with_fingerprint)
        print_fingerprint (ctrl, NULL, pk, 1);
      break;