1 /* trust.c - High level trust functions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
39 /* Return true if key is disabled. Note that this is usually used via
40 the pk_is_disabled macro. */
42 cache_disabled_value (PKT_public_key *pk)
44 #ifdef NO_TRUST_MODELS
48 return tdb_cache_disabled_value (pk);
54 register_trusted_keyid (u32 *keyid)
56 #ifdef NO_TRUST_MODELS
59 tdb_register_trusted_keyid (keyid);
65 register_trusted_key (const char *string)
67 #ifdef NO_TRUST_MODELS
70 tdb_register_trusted_key (string);
77 * This function returns a letter for a trust value. Trust flags
81 trust_letter (unsigned int value)
83 switch( (value & TRUST_MASK) )
85 case TRUST_UNKNOWN: return '-';
86 case TRUST_EXPIRED: return 'e';
87 case TRUST_UNDEFINED: return 'q';
88 case TRUST_NEVER: return 'n';
89 case TRUST_MARGINAL: return 'm';
90 case TRUST_FULLY: return 'f';
91 case TRUST_ULTIMATE: return 'u';
97 /* The strings here are similar to those in
98 pkclist.c:do_edit_ownertrust() */
100 trust_value_to_string (unsigned int value)
102 switch ((value & TRUST_MASK))
104 case TRUST_UNKNOWN: return _("unknown");
105 case TRUST_EXPIRED: return _("expired");
106 case TRUST_UNDEFINED: return _("undefined");
107 case TRUST_NEVER: return _("never");
108 case TRUST_MARGINAL: return _("marginal");
109 case TRUST_FULLY: return _("full");
110 case TRUST_ULTIMATE: return _("ultimate");
111 default: return "err";
117 string_to_trust_value (const char *str)
119 if (!ascii_strcasecmp (str, "undefined"))
120 return TRUST_UNDEFINED;
121 else if (!ascii_strcasecmp (str, "never"))
123 else if (!ascii_strcasecmp (str, "marginal"))
124 return TRUST_MARGINAL;
125 else if (!ascii_strcasecmp (str, "full"))
127 else if (!ascii_strcasecmp(str, "ultimate"))
128 return TRUST_ULTIMATE;
135 uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
139 /* TRANSLATORS: these strings are similar to those in
140 trust_value_to_string(), but are a fixed length. This is needed to
141 make attractive information listings where columns line up
142 properly. The value "10" should be the length of the strings you
143 choose to translate to. This is the length in printable columns.
144 It gets passed to atoi() so everything after the number is
145 essentially a comment and need not be translated. Either key and
146 uid are both NULL, or neither are NULL. */
147 return _("10 translator see trust.c:uid_trust_string_fixed");
149 else if(uid->is_revoked || (key && key->flags.revoked))
150 return _("[ revoked]");
151 else if(uid->is_expired)
152 return _("[ expired]");
155 switch (get_validity (key, uid, NULL, 0) & TRUST_MASK)
157 case TRUST_UNKNOWN: return _("[ unknown]");
158 case TRUST_EXPIRED: return _("[ expired]");
159 case TRUST_UNDEFINED: return _("[ undef ]");
160 case TRUST_MARGINAL: return _("[marginal]");
161 case TRUST_FULLY: return _("[ full ]");
162 case TRUST_ULTIMATE: return _("[ultimate]");
172 * Return the assigned ownertrust value for the given public key.
173 * The key should be the primary key.
176 get_ownertrust (PKT_public_key *pk)
178 #ifdef NO_TRUST_MODELS
180 return TRUST_UNKNOWN;
182 return tdb_get_ownertrust (pk);
188 * Same as get_ownertrust but this takes the minimum ownertrust value
189 * into into account, and will bump up the value as needed.
192 get_ownertrust_with_min (PKT_public_key *pk)
194 #ifdef NO_TRUST_MODELS
196 return TRUST_UNKNOWN;
198 unsigned int otrust, otrust_min;
200 otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
201 otrust_min = tdb_get_min_ownertrust (pk);
202 if (otrust < otrust_min)
204 /* If the trust that the user has set is less than the trust
205 that was calculated from a trust signature chain, use the
206 higher of the two. We do this here and not in
207 get_ownertrust since the underlying ownertrust should not
208 really be set - just the appearance of the ownertrust. */
219 * Same as get_ownertrust but return a trust letter instead of an
220 * value. This takes the minimum ownertrust value into account.
223 get_ownertrust_info (PKT_public_key *pk)
225 return trust_letter (get_ownertrust_with_min (pk));
230 * Same as get_ownertrust but return a trust string instead of an
231 * value. This takes the minimum ownertrust value into account.
234 get_ownertrust_string (PKT_public_key *pk)
236 return trust_value_to_string (get_ownertrust_with_min (pk));
241 * Set the trust value of the given public key to the new value.
242 * The key should be a primary one.
245 update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
247 #ifdef NO_TRUST_MODELS
251 tdb_update_ownertrust (pk, new_trust);
257 clear_ownertrusts (PKT_public_key *pk)
259 #ifdef NO_TRUST_MODELS
263 return tdb_clear_ownertrusts (pk);
269 revalidation_mark (void)
271 #ifndef NO_TRUST_MODELS
272 tdb_revalidation_mark ();
278 check_trustdb_stale (void)
280 #ifndef NO_TRUST_MODELS
281 tdb_check_trustdb_stale ();
287 check_or_update_trustdb (void)
289 #ifndef NO_TRUST_MODELS
290 tdb_check_or_update ();
296 * Return the validity information for PK. If the namehash is not
297 * NULL, the validity of the corresponding user ID is returned,
298 * otherwise, a reasonable value for the entire key is returned.
301 get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
305 unsigned int validity;
307 PKT_public_key *main_pk;
310 namehash_from_uid (uid);
312 keyid_from_pk (pk, kid);
313 if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
315 /* This is a subkey - get the mainkey. */
316 main_pk = xmalloc_clear (sizeof *main_pk);
317 rc = get_pubkey (main_pk, pk->main_keyid);
320 char *tempkeystr = xstrdup (keystr (pk->main_keyid));
321 log_error ("error getting main key %s of subkey %s: %s\n",
322 tempkeystr, keystr (kid), gpg_strerror (rc));
324 validity = TRUST_UNKNOWN;
331 #ifdef NO_TRUST_MODELS
332 validity = TRUST_UNKNOWN;
334 validity = tdb_get_validity_core (pk, uid, main_pk, sig, may_ask);
338 /* Set some flags direct from the key */
339 if (main_pk->flags.revoked)
340 validity |= TRUST_FLAG_REVOKED;
341 if (main_pk != pk && pk->flags.revoked)
342 validity |= TRUST_FLAG_SUB_REVOKED;
343 /* Note: expiration is a trust value and not a flag - don't know why
344 * I initially designed it that way. */
345 if (main_pk->has_expired || pk->has_expired)
346 validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
350 free_public_key (main_pk);
356 get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
361 return '?'; /* Just in case a NULL PK is passed. */
363 trustlevel = get_validity (pk, uid, NULL, 0);
364 if ((trustlevel & TRUST_FLAG_REVOKED))
366 return trust_letter (trustlevel);
371 get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
376 return "err"; /* Just in case a NULL PK is passed. */
378 trustlevel = get_validity (pk, uid, NULL, 0);
379 if ((trustlevel & TRUST_FLAG_REVOKED))
381 return trust_value_to_string (trustlevel);
387 * Mark the signature of the given UID which are used to certify it.
388 * To do this, we first revmove all signatures which are not valid and
389 * from the remain ones we look for the latest one. If this is not a
390 * certification revocation signature we mark the signature by setting
391 * node flag bit 8. Revocations are marked with flag 11, and sigs
392 * from unavailable keys are marked with flag 12. Note that flag bits
393 * 9 and 10 are used for internal purposes.
396 mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
397 u32 *main_kid, struct key_item *klist,
398 u32 curtime, u32 *next_expire)
403 /* First check all signatures. */
404 for (node=uidnode->next; node; node = node->next)
408 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
409 if (node->pkt->pkttype == PKT_USER_ID
410 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
412 if (node->pkt->pkttype != PKT_SIGNATURE)
414 sig = node->pkt->pkt.signature;
416 && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
417 continue; /* ignore self-signatures if we pass in a main_kid */
418 if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
419 continue; /* we only look at these signature classes */
420 if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
421 sig->sig_class-0x10<opt.min_cert_level)
422 continue; /* treat anything under our min_cert_level as an
424 if (klist && !is_in_klist (klist, sig))
425 continue; /* no need to check it then */
426 if ((rc=check_key_signature (keyblock, node, NULL)))
428 /* we ignore anything that won't verify, but tag the
430 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
436 /* Reset the remaining flags. */
437 for (; node; node = node->next)
438 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
440 /* kbnode flag usage: bit 9 is here set for signatures to consider,
441 * bit 10 will be set by the loop to keep track of keyIDs already
442 * processed, bit 8 will be set for the usable signatures, and bit
443 * 11 will be set for usable revocations. */
445 /* For each cert figure out the latest valid one. */
446 for (node=uidnode->next; node; node = node->next)
452 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
454 if ( !(node->flag & (1<<9)) )
455 continue; /* not a node to look at */
456 if ( (node->flag & (1<<10)) )
457 continue; /* signature with a keyID already processed */
458 node->flag |= (1<<10); /* mark this node as processed */
459 sig = node->pkt->pkt.signature;
461 sigdate = sig->timestamp;
462 kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
464 /* Now find the latest and greatest signature */
465 for (n=uidnode->next; n; n = n->next)
467 if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
469 if ( !(n->flag & (1<<9)) )
471 if ( (n->flag & (1<<10)) )
472 continue; /* shortcut already processed signatures */
473 sig = n->pkt->pkt.signature;
474 if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
476 n->flag |= (1<<10); /* mark this node as processed */
478 /* If signode is nonrevocable and unexpired and n isn't,
479 then take signode (skip). It doesn't matter which is
480 older: if signode was older then we don't want to take n
481 as signode is nonrevocable. If n was older then we're
482 automatically fine. */
484 if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
485 !signode->pkt->pkt.signature->flags.revocable &&
486 (signode->pkt->pkt.signature->expiredate==0 ||
487 signode->pkt->pkt.signature->expiredate>curtime))) &&
488 (!(IS_UID_SIG(n->pkt->pkt.signature) &&
489 !n->pkt->pkt.signature->flags.revocable &&
490 (n->pkt->pkt.signature->expiredate==0 ||
491 n->pkt->pkt.signature->expiredate>curtime))))
494 /* If n is nonrevocable and unexpired and signode isn't,
495 then take n. Again, it doesn't matter which is older: if
496 n was older then we don't want to take signode as n is
497 nonrevocable. If signode was older then we're
498 automatically fine. */
500 if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
501 !signode->pkt->pkt.signature->flags.revocable &&
502 (signode->pkt->pkt.signature->expiredate==0 ||
503 signode->pkt->pkt.signature->expiredate>curtime))) &&
504 ((IS_UID_SIG(n->pkt->pkt.signature) &&
505 !n->pkt->pkt.signature->flags.revocable &&
506 (n->pkt->pkt.signature->expiredate==0 ||
507 n->pkt->pkt.signature->expiredate>curtime))))
510 sigdate = sig->timestamp;
514 /* At this point, if it's newer, it goes in as the only
515 remaining possibilities are signode and n are both either
516 revocable or expired or both nonrevocable and unexpired.
517 If the timestamps are equal take the later ordered
518 packet, presuming that the key packets are hopefully in
519 their original order. */
521 if (sig->timestamp >= sigdate)
524 sigdate = sig->timestamp;
528 sig = signode->pkt->pkt.signature;
529 if (IS_UID_SIG (sig))
530 { /* this seems to be a usable one which is not revoked.
531 * Just need to check whether there is an expiration time,
532 * We do the expired certification after finding a suitable
533 * certification, the assumption is that a signator does not
534 * want that after the expiration of his certificate the
535 * system falls back to an older certification which has a
536 * different expiration time */
540 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
541 expire = p? sig->timestamp + buf32_to_u32(p) : 0;
543 if (expire==0 || expire > curtime )
545 signode->flag |= (1<<8); /* yeah, found a good cert */
546 if (next_expire && expire && expire < *next_expire)
547 *next_expire = expire;
551 signode->flag |= (1<<11);
557 clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
558 int noisy, int self_only)
564 assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
566 keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
568 /* Passing in a 0 for current time here means that we'll never weed
569 out an expired sig. This is correct behavior since we want to
570 keep the most recent expired sig in a series. */
571 mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
573 /* What we want to do here is remove signatures that are not
574 considered as part of the trust calculations. Thus, all invalid
575 signatures are out, as are any signatures that aren't the last of
576 a series of uid sigs or revocations It breaks down like this:
577 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
578 not even a candidate. If a sig has flag 9 or 10, that means it
579 was selected as a candidate and vetted. If a sig has flag 8 it
580 is a usable signature. If a sig has flag 11 it is a usable
581 revocation. If a sig has flag 12 it was issued by an unavailable
582 key. "Usable" here means the most recent valid
583 signature/revocation in a series from a particular signer.
585 Delete everything that isn't a usable uid sig (which might be
586 expired), a usable revocation, or a sig from an unavailable
589 for (node=uidnode->next;
590 node && node->pkt->pkttype==PKT_SIGNATURE;
595 keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
596 && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
598 /* Keep usable uid sigs ... */
599 if ((node->flag & (1<<8)) && keep)
602 /* ... and usable revocations... */
603 if ((node->flag & (1<<11)) && keep)
606 /* ... and sigs from unavailable keys. */
607 /* disabled for now since more people seem to want sigs from
608 unavailable keys removed altogether. */
610 if(node->flag & (1<<12))
614 /* Everything else we delete */
616 /* At this point, if 12 is set, the signing key was unavailable.
617 If 9 or 10 is set, it's superseded. Otherwise, it's
621 log_info ("removing signature from key %s on user ID \"%s\": %s\n",
622 keystr (node->pkt->pkt.signature->keyid),
623 uidnode->pkt->pkt.user_id->name,
624 node->flag&(1<<12)? "key unavailable":
625 node->flag&(1<<9)? "signature superseded"
626 /* */ :"invalid signature" );
628 delete_kbnode (node);
636 /* This is substantially easier than clean_sigs_from_uid since we just
637 have to establish if the uid has a valid self-sig, is not revoked,
638 and is not expired. Note that this does not take into account
639 whether the uid has a trust path to it - just whether the keyholder
640 themselves has certified the uid. Returns true if the uid was
641 compacted. To "compact" a user ID, we simply remove ALL signatures
642 except the self-sig that caused the user ID to be remove-worthy.
643 We don't actually remove the user ID packet itself since it might
644 be resurrected in a later merge. Note that this function requires
645 that the caller has already done a merge_keys_and_selfsig().
647 TODO: change the import code to allow importing a uid with only a
648 revocation if the uid already exists on the keyring. */
651 clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
654 PKT_user_id *uid = uidnode->pkt->pkt.user_id;
657 assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
658 assert (uidnode->pkt->pkttype==PKT_USER_ID);
660 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
661 IDs if --allow-non-selfsigned-uid is set. */
663 || uid->flags.compacted
664 || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
667 for (node=uidnode->next;
668 node && node->pkt->pkttype == PKT_SIGNATURE;
671 if (!node->pkt->pkt.signature->flags.chosen_selfsig)
673 delete_kbnode (node);
675 uidnode->pkt->pkt.user_id->flags.compacted = 1;
682 char *user = utf8_to_native (uid->name, uid->len, 0);
685 reason = _("revoked");
686 else if (uid->is_expired)
687 reason = _("expired");
689 reason = _("invalid");
691 log_info ("compacting user ID \"%s\" on key %s: %s\n",
692 user, keystr_from_pk (keyblock->pkt->pkt.public_key),
702 /* Needs to be called after a merge_keys_and_selfsig() */
704 clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
705 int *uids_cleaned, int *sigs_cleaned)
709 assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
710 assert (uidnode->pkt->pkttype==PKT_USER_ID);
713 uids_cleaned = &dummy;
716 sigs_cleaned = &dummy;
718 /* Do clean_uid_from_key first since if it fires off, we don't have
719 to bother with the other. */
720 *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
721 if (!uidnode->pkt->pkt.user_id->flags.compacted)
722 *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
727 clean_key (kbnode_t keyblock, int noisy, int self_only,
728 int *uids_cleaned, int *sigs_cleaned)
732 merge_keys_and_selfsig (keyblock);
734 for (uidnode = keyblock->next;
735 uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
736 uidnode = uidnode->next)
738 if (uidnode->pkt->pkttype == PKT_USER_ID)
739 clean_one_uid (keyblock, uidnode,noisy, self_only,
740 uids_cleaned, sigs_cleaned);