mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-01 20:18:44 +01:00
f77913e0ff
* configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
106 lines
4.2 KiB
C
106 lines
4.2 KiB
C
/* tofu.h - TOFU trust model.
|
|
* Copyright (C) 2015 g10 Code GmbH
|
|
*
|
|
* This file is part of GnuPG.
|
|
*
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef G10_TOFU_H
|
|
#define G10_TOFU_H
|
|
|
|
#include <config.h>
|
|
|
|
/* For each binding, we have a trust policy. */
|
|
enum tofu_policy
|
|
{
|
|
/* This value can be returned by tofu_get_policy to indicate that
|
|
there is no policy set for the specified binding. */
|
|
TOFU_POLICY_NONE = 0,
|
|
|
|
/* We made a default policy decision. This is only done if there
|
|
is no conflict with another binding (that is, the email address
|
|
is not part of another known key). The default policy is
|
|
configurable (and specified using: --tofu-default-policy).
|
|
|
|
Note: when using the default policy, we save TOFU_POLICY_AUTO
|
|
with the binding, not the policy that was in effect. This way,
|
|
if the user invokes gpg again, but with a different value for
|
|
--tofu-default-policy, a different decision is made. */
|
|
TOFU_POLICY_AUTO = 1,
|
|
|
|
/* The user explicitly marked the binding as good. In this case,
|
|
we return TRUST_FULLY. */
|
|
TOFU_POLICY_GOOD = 2,
|
|
|
|
/* The user explicitly marked the binding as unknown. In this
|
|
case, we return TRUST_UNKNOWN. */
|
|
TOFU_POLICY_UNKNOWN = 3,
|
|
|
|
/* The user explicitly marked the binding as bad. In this case,
|
|
we always return TRUST_NEVER. */
|
|
TOFU_POLICY_BAD = 4,
|
|
|
|
/* The user deferred a definitive policy decision about the
|
|
binding (by selecting accept once or reject once). The next
|
|
time we see this binding, we should ask the user what to
|
|
do. */
|
|
TOFU_POLICY_ASK = 5
|
|
};
|
|
|
|
/* Return a string representation of a trust policy. Returns "???" if
|
|
POLICY is not valid. */
|
|
const char *tofu_policy_str (enum tofu_policy policy);
|
|
|
|
/* Convert a binding policy (e.g., TOFU_POLICY_BAD) to a trust level
|
|
(e.g., TRUST_BAD) in light of the current configuration. */
|
|
int tofu_policy_to_trust_level (enum tofu_policy policy);
|
|
|
|
/* Register the binding <FINGERPRINT, USER_ID> and the signature
|
|
described by SIGS_DIGEST and SIG_TIME, which it generated. Origin
|
|
describes where the signed data came from, e.g., "email:claws"
|
|
(default: "unknown"). If MAY_ASK is 1, then this function may
|
|
interact with the user in the case of a conflict or if the
|
|
binding's policy is ask. This function returns the binding's trust
|
|
level. If an error occurs, it returns TRUST_UNKNOWN. */
|
|
int tofu_register (const byte *fingerprint, const char *user_id,
|
|
const byte *sigs_digest, int sigs_digest_len,
|
|
time_t sig_time, const char *origin, int may_ask);
|
|
|
|
/* Combine a trust level returned from the TOFU trust model with a
|
|
trust level returned by the PGP trust model. This is primarily of
|
|
interest when the trust model is tofu+pgp (TM_TOFU_PGP). */
|
|
int tofu_wot_trust_combine (int tofu, int wot);
|
|
|
|
/* Determine the validity (TRUST_NEVER, etc.) of the binding
|
|
<FINGERPRINT, USER_ID>. If MAY_ASK is 1, then this function may
|
|
interact with the user. If not, TRUST_UNKNOWN is returned. If an
|
|
error occurs, TRUST_UNDEFINED is returned. */
|
|
int tofu_get_validity (const byte *fingerprint, const char *user_id,
|
|
int may_ask);
|
|
|
|
/* Set the policy for all non-revoked user ids in the keyblock KB to
|
|
POLICY. */
|
|
gpg_error_t tofu_set_policy (kbnode_t kb, enum tofu_policy policy);
|
|
|
|
/* Set the TOFU policy for all non-revoked users in the key with the
|
|
key id KEYID to POLICY. */
|
|
gpg_error_t tofu_set_policy_by_keyid (u32 *keyid, enum tofu_policy policy);
|
|
|
|
/* Return the TOFU policy for the specified binding in *POLICY. */
|
|
gpg_error_t tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
|
|
enum tofu_policy *policy);
|
|
|
|
#endif
|