security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpg: Extend TRUST_foo status lines with the trust model.

Browse Source 
* g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
* g10/trustdb.c (trust_model_string): Lowercase the strings.  Add arg
"model" and change callers to call with OPT.TRUST_MODEL.
* g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
* g10/pkclist.c (write_trust_status): New.
(check_signatures_trust): Call new function.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-05-02 19:10:59 +02:00
parent 5cef611858
commit ae1889320b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 58 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
g10/pkclist.c
View File

@ -505,6 +505,22 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
} }
/* Write a TRUST_foo status line inclduing the validation model. */
static void
write_trust_status (int statuscode, int trustlevel)
{
int tm;
/* For the combined tofu+pgp method, we return the trust model which
* was responsible for the trustlevel. */
if (opt.trust_model == TM_TOFU_PGP)
tm = (trustlevel & TRUST_FLAG_TOFU_BASED)? TM_TOFU : TM_PGP;
else
tm = opt.trust_model;
write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
}
/**************** /****************
* Check whether we can trust this signature. * Check whether we can trust this signature.
* Returns an error code if we should not trust this signature. * Returns an error code if we should not trust this signature.
@ -626,7 +642,7 @@ check_signatures_trust( PKT_signature *sig )
/* fall thru */ /* fall thru */
case TRUST_UNKNOWN: case TRUST_UNKNOWN:
case TRUST_UNDEFINED: case TRUST_UNDEFINED:
write_status( STATUS_TRUST_UNDEFINED ); write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel);
log_info(_("WARNING: This key is not certified with" log_info(_("WARNING: This key is not certified with"
" a trusted signature!\n")); " a trusted signature!\n"));
log_info(_(" There is no indication that the " log_info(_(" There is no indication that the "
@ -636,7 +652,7 @@ check_signatures_trust( PKT_signature *sig )
case TRUST_NEVER: case TRUST_NEVER:
/* currently we won't get that status */ /* currently we won't get that status */
write_status( STATUS_TRUST_NEVER ); write_trust_status (STATUS_TRUST_NEVER, trustlevel);
log_info(_("WARNING: We do NOT trust this key!\n")); log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n")); log_info(_(" The signature is probably a FORGERY.\n"));
if (opt.with_fingerprint) if (opt.with_fingerprint)
@ -645,7 +661,7 @@ check_signatures_trust( PKT_signature *sig )
break; break;
case TRUST_MARGINAL: case TRUST_MARGINAL:
write_status( STATUS_TRUST_MARGINAL ); write_trust_status (STATUS_TRUST_MARGINAL, trustlevel);
log_info(_("WARNING: This key is not certified with" log_info(_("WARNING: This key is not certified with"
" sufficiently trusted signatures!\n")); " sufficiently trusted signatures!\n"));
log_info(_(" It is not certain that the" log_info(_(" It is not certain that the"
@ -654,13 +670,13 @@ check_signatures_trust( PKT_signature *sig )
break; break;
case TRUST_FULLY: case TRUST_FULLY:
write_status( STATUS_TRUST_FULLY ); write_trust_status (STATUS_TRUST_FULLY, trustlevel);
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1); print_fingerprint (NULL, pk, 1);
break; break;
case TRUST_ULTIMATE: case TRUST_ULTIMATE:
write_status( STATUS_TRUST_ULTIMATE ); write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel);
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1); print_fingerprint (NULL, pk, 1);
break; break;

21
g10/tofu.c
View File

@ -2795,17 +2795,30 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
/* Now we only have positive or neutral trust policies. We take /* Now we only have positive or neutral trust policies. We take
the max. */ the max. */
if (tofu == TRUST_ULTIMATE || wot == TRUST_ULTIMATE) if (tofu == TRUST_ULTIMATE)
return upper | TRUST_ULTIMATE | TRUST_FLAG_TOFU_BASED;
if (wot == TRUST_ULTIMATE)
return upper | TRUST_ULTIMATE; return upper | TRUST_ULTIMATE;
if (tofu == TRUST_FULLY || wot == TRUST_FULLY)
if (tofu == TRUST_FULLY)
return upper | TRUST_FULLY | TRUST_FLAG_TOFU_BASED;
if (wot == TRUST_FULLY)
return upper | TRUST_FULLY; return upper | TRUST_FULLY;
if (tofu == TRUST_MARGINAL || wot == TRUST_MARGINAL)
if (tofu == TRUST_MARGINAL)
return upper | TRUST_MARGINAL | TRUST_FLAG_TOFU_BASED;
if (wot == TRUST_MARGINAL)
return upper | TRUST_MARGINAL; return upper | TRUST_MARGINAL;
if (tofu == TRUST_UNDEFINED || wot == TRUST_UNDEFINED)
if (tofu == TRUST_UNDEFINED)
return upper | TRUST_UNDEFINED | TRUST_FLAG_TOFU_BASED;
if (wot == TRUST_UNDEFINED)
return upper | TRUST_UNDEFINED; return upper | TRUST_UNDEFINED;
return upper | TRUST_UNKNOWN; return upper | TRUST_UNKNOWN;
} }
/* Return the validity (TRUST_NEVER, etc.) of the binding /* Return the validity (TRUST_NEVER, etc.) of the binding
<FINGERPRINT, USER_ID>. <FINGERPRINT, USER_ID>.

22
g10/trustdb.c
View File

@ -378,16 +378,16 @@ do_sync(void)
} }
} }
static const char * const char *
trust_model_string(void) trust_model_string (int model)
{ {
switch(opt.trust_model) switch (model)
{ {
case TM_CLASSIC: return "classic"; case TM_CLASSIC: return "classic";
case TM_PGP: return "PGP"; case TM_PGP: return "pgp";
case TM_EXTERNAL: return "external"; case TM_EXTERNAL: return "external";
case TM_TOFU: return "TOFU"; case TM_TOFU: return "tofu";
case TM_TOFU_PGP: return "TOFU+PGP"; case TM_TOFU_PGP: return "tofu+pgp";
case TM_ALWAYS: return "always"; case TM_ALWAYS: return "always";
case TM_DIRECT: return "direct"; case TM_DIRECT: return "direct";
default: return "unknown"; default: return "unknown";
@ -470,7 +470,8 @@ init_trustdb ()
} }
if(opt.verbose) if(opt.verbose)
log_info(_("using %s trust model\n"),trust_model_string()); log_info(_("using %s trust model\n"),
trust_model_string (opt.trust_model));
} }
if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
@ -522,7 +523,7 @@ check_trustdb ()
} }
else else
log_info (_("no need for a trustdb check with '%s' trust model\n"), log_info (_("no need for a trustdb check with '%s' trust model\n"),
trust_model_string()); trust_model_string(opt.trust_model));
} }
@ -538,7 +539,7 @@ update_trustdb()
validate_keys (1); validate_keys (1);
else else
log_info (_("no need for a trustdb update with '%s' trust model\n"), log_info (_("no need for a trustdb update with '%s' trust model\n"),
trust_model_string()); trust_model_string(opt.trust_model));
} }
void void
@ -1963,7 +1964,8 @@ validate_keys (int interactive)
if (!opt.quiet) if (!opt.quiet)
log_info ("marginals needed: %d completes needed: %d trust model: %s\n", log_info ("marginals needed: %d completes needed: %d trust model: %s\n",
opt.marginals_needed, opt.completes_needed, trust_model_string()); opt.marginals_needed, opt.completes_needed,
trust_model_string (opt.trust_model));
for (depth=0; depth < opt.max_cert_depth; depth++) for (depth=0; depth < opt.max_cert_depth; depth++)
{ {

7
g10/trustdb.h
View File

@ -21,7 +21,7 @@
#ifndef G10_TRUSTDB_H #ifndef G10_TRUSTDB_H
#define G10_TRUSTDB_H #define G10_TRUSTDB_H
/* Trust values must be sorted in ascending order */ /* Trust values must be sorted in ascending order! */
#define TRUST_MASK 15 #define TRUST_MASK 15
#define TRUST_UNKNOWN 0 /* o: not yet calculated/assigned */ #define TRUST_UNKNOWN 0 /* o: not yet calculated/assigned */
#define TRUST_EXPIRED 1 /* e: calculation may be invalid */ #define TRUST_EXPIRED 1 /* e: calculation may be invalid */
@ -30,11 +30,13 @@
#define TRUST_MARGINAL 4 /* m: marginally trusted */ #define TRUST_MARGINAL 4 /* m: marginally trusted */
#define TRUST_FULLY 5 /* f: fully trusted */ #define TRUST_FULLY 5 /* f: fully trusted */
#define TRUST_ULTIMATE 6 /* u: ultimately trusted */ #define TRUST_ULTIMATE 6 /* u: ultimately trusted */
/* trust values not covered by the mask */ /* Trust values not covered by the mask. */
#define TRUST_FLAG_REVOKED 32 /* r: revoked */ #define TRUST_FLAG_REVOKED 32 /* r: revoked */
#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */ #define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */ #define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */ #define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
#define TRUST_FLAG_TOFU_BASED 512 /* The trust value is based on
* the TOFU information. */
/* Private value used in tofu.c - must be different from the trust /* Private value used in tofu.c - must be different from the trust
values. */ values. */
@ -117,6 +119,7 @@ void check_trustdb (void);
void update_trustdb (void); void update_trustdb (void);
int setup_trustdb( int level, const char *dbname ); int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void); void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model);
void init_trustdb( void ); void init_trustdb( void );
void tdb_check_trustdb_stale (void); void tdb_check_trustdb_stale (void);
void sync_trustdb( void ); void sync_trustdb( void );