1 /* trust.c - High level trust functions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
38 /* Return true if key is disabled. Note that this is usually used via
39 the pk_is_disabled macro. */
41 cache_disabled_value (PKT_public_key *pk)
43 #ifdef NO_TRUST_MODELS
47 return tdb_cache_disabled_value (pk);
53 register_trusted_keyid (u32 *keyid)
55 #ifdef NO_TRUST_MODELS
58 tdb_register_trusted_keyid (keyid);
64 register_trusted_key (const char *string)
66 #ifdef NO_TRUST_MODELS
69 tdb_register_trusted_key (string);
76 * This function returns a letter for a trust value. Trust flags
80 trust_letter (unsigned int value)
82 switch( (value & TRUST_MASK) )
84 case TRUST_UNKNOWN: return '-';
85 case TRUST_EXPIRED: return 'e';
86 case TRUST_UNDEFINED: return 'q';
87 case TRUST_NEVER: return 'n';
88 case TRUST_MARGINAL: return 'm';
89 case TRUST_FULLY: return 'f';
90 case TRUST_ULTIMATE: return 'u';
96 /* The strings here are similar to those in
97 pkclist.c:do_edit_ownertrust() */
99 trust_value_to_string (unsigned int value)
101 switch ((value & TRUST_MASK))
103 case TRUST_UNKNOWN: return _("unknown");
104 case TRUST_EXPIRED: return _("expired");
105 case TRUST_UNDEFINED: return _("undefined");
106 case TRUST_NEVER: return _("never");
107 case TRUST_MARGINAL: return _("marginal");
108 case TRUST_FULLY: return _("full");
109 case TRUST_ULTIMATE: return _("ultimate");
110 default: return "err";
116 string_to_trust_value (const char *str)
118 if (!ascii_strcasecmp (str, "undefined"))
119 return TRUST_UNDEFINED;
120 else if (!ascii_strcasecmp (str, "never"))
122 else if (!ascii_strcasecmp (str, "marginal"))
123 return TRUST_MARGINAL;
124 else if (!ascii_strcasecmp (str, "full"))
126 else if (!ascii_strcasecmp(str, "ultimate"))
127 return TRUST_ULTIMATE;
134 uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
138 /* TRANSLATORS: these strings are similar to those in
139 trust_value_to_string(), but are a fixed length. This is needed to
140 make attractive information listings where columns line up
141 properly. The value "10" should be the length of the strings you
142 choose to translate to. This is the length in printable columns.
143 It gets passed to atoi() so everything after the number is
144 essentially a comment and need not be translated. Either key and
145 uid are both NULL, or neither are NULL. */
146 return _("10 translator see trust.c:uid_trust_string_fixed");
148 else if(uid->is_revoked || (key && key->flags.revoked))
149 return _("[ revoked]");
150 else if(uid->is_expired)
151 return _("[ expired]");
154 switch (get_validity(key,uid)&TRUST_MASK)
156 case TRUST_UNKNOWN: return _("[ unknown]");
157 case TRUST_EXPIRED: return _("[ expired]");
158 case TRUST_UNDEFINED: return _("[ undef ]");
159 case TRUST_MARGINAL: return _("[marginal]");
160 case TRUST_FULLY: return _("[ full ]");
161 case TRUST_ULTIMATE: return _("[ultimate]");
171 * Return the assigned ownertrust value for the given public key.
172 * The key should be the primary key.
175 get_ownertrust (PKT_public_key *pk)
177 #ifdef NO_TRUST_MODELS
179 return TRUST_UNKNOWN;
181 return tdb_get_ownertrust (pk);
187 * Same as get_ownertrust but this takes the minimum ownertrust value
188 * into into account, and will bump up the value as needed.
191 get_ownertrust_with_min (PKT_public_key *pk)
193 #ifdef NO_TRUST_MODELS
195 return TRUST_UNKNOWN;
197 unsigned int otrust, otrust_min;
199 otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
200 otrust_min = tdb_get_min_ownertrust (pk);
201 if (otrust < otrust_min)
203 /* If the trust that the user has set is less than the trust
204 that was calculated from a trust signature chain, use the
205 higher of the two. We do this here and not in
206 get_ownertrust since the underlying ownertrust should not
207 really be set - just the appearance of the ownertrust. */
218 * Same as get_ownertrust but return a trust letter instead of an
219 * value. This takes the minimum ownertrust value into account.
222 get_ownertrust_info (PKT_public_key *pk)
224 return trust_letter (get_ownertrust_with_min (pk));
229 * Same as get_ownertrust but return a trust string instead of an
230 * value. This takes the minimum ownertrust value into account.
233 get_ownertrust_string (PKT_public_key *pk)
235 return trust_value_to_string (get_ownertrust_with_min (pk));
240 * Set the trust value of the given public key to the new value.
241 * The key should be a primary one.
244 update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
246 #ifdef NO_TRUST_MODELS
250 tdb_update_ownertrust (pk, new_trust);
256 clear_ownertrusts (PKT_public_key *pk)
258 #ifdef NO_TRUST_MODELS
262 return tdb_clear_ownertrusts (pk);
268 revalidation_mark (void)
270 #ifndef NO_TRUST_MODELS
271 tdb_revalidation_mark ();
277 check_trustdb_stale (void)
279 #ifndef NO_TRUST_MODELS
280 tdb_check_trustdb_stale ();
286 check_or_update_trustdb (void)
288 #ifndef NO_TRUST_MODELS
289 tdb_check_or_update ();
295 * Return the validity information for PK. If the namehash is not
296 * NULL, the validity of the corresponsing user ID is returned,
297 * otherwise, a reasonable value for the entire key is returned.
300 get_validity (PKT_public_key *pk, PKT_user_id *uid)
303 unsigned int validity;
305 PKT_public_key *main_pk;
308 namehash_from_uid (uid);
310 keyid_from_pk (pk, kid);
311 if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
313 /* This is a subkey - get the mainkey. */
314 main_pk = xmalloc_clear (sizeof *main_pk);
315 rc = get_pubkey (main_pk, pk->main_keyid);
318 char *tempkeystr = xstrdup (keystr (pk->main_keyid));
319 log_error ("error getting main key %s of subkey %s: %s\n",
320 tempkeystr, keystr (kid), g10_errstr (rc));
322 validity = TRUST_UNKNOWN;
329 #ifdef NO_TRUST_MODELS
330 validity = TRUST_UNKNOWN;
332 validity = tdb_get_validity_core (pk, uid, main_pk);
336 /* Set some flags direct from the key */
337 if (main_pk->flags.revoked)
338 validity |= TRUST_FLAG_REVOKED;
339 if (main_pk != pk && pk->flags.revoked)
340 validity |= TRUST_FLAG_SUB_REVOKED;
341 /* Note: expiration is a trust value and not a flag - don't know why
342 * I initially designed it that way. */
343 if (main_pk->has_expired || pk->has_expired)
344 validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
348 free_public_key (main_pk);
354 get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
359 return '?'; /* Just in case a NULL PK is passed. */
361 trustlevel = get_validity (pk, uid);
362 if ((trustlevel & TRUST_FLAG_REVOKED))
364 return trust_letter (trustlevel);
369 get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
374 return "err"; /* Just in case a NULL PK is passed. */
376 trustlevel = get_validity (pk, uid);
377 if ((trustlevel & TRUST_FLAG_REVOKED))
379 return trust_value_to_string (trustlevel);
385 * Mark the signature of the given UID which are used to certify it.
386 * To do this, we first revmove all signatures which are not valid and
387 * from the remain ones we look for the latest one. If this is not a
388 * certification revocation signature we mark the signature by setting
389 * node flag bit 8. Revocations are marked with flag 11, and sigs
390 * from unavailable keys are marked with flag 12. Note that flag bits
391 * 9 and 10 are used for internal purposes.
394 mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
395 u32 *main_kid, struct key_item *klist,
396 u32 curtime, u32 *next_expire)
401 /* First check all signatures. */
402 for (node=uidnode->next; node; node = node->next)
406 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
407 if (node->pkt->pkttype == PKT_USER_ID
408 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
410 if (node->pkt->pkttype != PKT_SIGNATURE)
412 sig = node->pkt->pkt.signature;
414 && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
415 continue; /* ignore self-signatures if we pass in a main_kid */
416 if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
417 continue; /* we only look at these signature classes */
418 if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
419 sig->sig_class-0x10<opt.min_cert_level)
420 continue; /* treat anything under our min_cert_level as an
422 if (klist && !is_in_klist (klist, sig))
423 continue; /* no need to check it then */
424 if ((rc=check_key_signature (keyblock, node, NULL)))
426 /* we ignore anything that won't verify, but tag the
428 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
434 /* Reset the remaining flags. */
435 for (; node; node = node->next)
436 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
438 /* kbnode flag usage: bit 9 is here set for signatures to consider,
439 * bit 10 will be set by the loop to keep track of keyIDs already
440 * processed, bit 8 will be set for the usable signatures, and bit
441 * 11 will be set for usable revocations. */
443 /* For each cert figure out the latest valid one. */
444 for (node=uidnode->next; node; node = node->next)
450 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
452 if ( !(node->flag & (1<<9)) )
453 continue; /* not a node to look at */
454 if ( (node->flag & (1<<10)) )
455 continue; /* signature with a keyID already processed */
456 node->flag |= (1<<10); /* mark this node as processed */
457 sig = node->pkt->pkt.signature;
459 sigdate = sig->timestamp;
460 kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
462 /* Now find the latest and greatest signature */
463 for (n=uidnode->next; n; n = n->next)
465 if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
467 if ( !(n->flag & (1<<9)) )
469 if ( (n->flag & (1<<10)) )
470 continue; /* shortcut already processed signatures */
471 sig = n->pkt->pkt.signature;
472 if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
474 n->flag |= (1<<10); /* mark this node as processed */
476 /* If signode is nonrevocable and unexpired and n isn't,
477 then take signode (skip). It doesn't matter which is
478 older: if signode was older then we don't want to take n
479 as signode is nonrevocable. If n was older then we're
480 automatically fine. */
482 if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
483 !signode->pkt->pkt.signature->flags.revocable &&
484 (signode->pkt->pkt.signature->expiredate==0 ||
485 signode->pkt->pkt.signature->expiredate>curtime))) &&
486 (!(IS_UID_SIG(n->pkt->pkt.signature) &&
487 !n->pkt->pkt.signature->flags.revocable &&
488 (n->pkt->pkt.signature->expiredate==0 ||
489 n->pkt->pkt.signature->expiredate>curtime))))
492 /* If n is nonrevocable and unexpired and signode isn't,
493 then take n. Again, it doesn't matter which is older: if
494 n was older then we don't want to take signode as n is
495 nonrevocable. If signode was older then we're
496 automatically fine. */
498 if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
499 !signode->pkt->pkt.signature->flags.revocable &&
500 (signode->pkt->pkt.signature->expiredate==0 ||
501 signode->pkt->pkt.signature->expiredate>curtime))) &&
502 ((IS_UID_SIG(n->pkt->pkt.signature) &&
503 !n->pkt->pkt.signature->flags.revocable &&
504 (n->pkt->pkt.signature->expiredate==0 ||
505 n->pkt->pkt.signature->expiredate>curtime))))
508 sigdate = sig->timestamp;
512 /* At this point, if it's newer, it goes in as the only
513 remaining possibilities are signode and n are both either
514 revocable or expired or both nonrevocable and unexpired.
515 If the timestamps are equal take the later ordered
516 packet, presuming that the key packets are hopefully in
517 their original order. */
519 if (sig->timestamp >= sigdate)
522 sigdate = sig->timestamp;
526 sig = signode->pkt->pkt.signature;
527 if (IS_UID_SIG (sig))
528 { /* this seems to be a usable one which is not revoked.
529 * Just need to check whether there is an expiration time,
530 * We do the expired certification after finding a suitable
531 * certification, the assumption is that a signator does not
532 * want that after the expiration of his certificate the
533 * system falls back to an older certification which has a
534 * different expiration time */
538 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
539 expire = p? sig->timestamp + buffer_to_u32(p) : 0;
541 if (expire==0 || expire > curtime )
543 signode->flag |= (1<<8); /* yeah, found a good cert */
544 if (next_expire && expire && expire < *next_expire)
545 *next_expire = expire;
549 signode->flag |= (1<<11);
555 clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
556 int noisy, int self_only)
562 assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
564 keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
566 /* Passing in a 0 for current time here means that we'll never weed
567 out an expired sig. This is correct behavior since we want to
568 keep the most recent expired sig in a series. */
569 mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
571 /* What we want to do here is remove signatures that are not
572 considered as part of the trust calculations. Thus, all invalid
573 signatures are out, as are any signatures that aren't the last of
574 a series of uid sigs or revocations It breaks down like this:
575 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
576 not even a candidate. If a sig has flag 9 or 10, that means it
577 was selected as a candidate and vetted. If a sig has flag 8 it
578 is a usable signature. If a sig has flag 11 it is a usable
579 revocation. If a sig has flag 12 it was issued by an unavailable
580 key. "Usable" here means the most recent valid
581 signature/revocation in a series from a particular signer.
583 Delete everything that isn't a usable uid sig (which might be
584 expired), a usable revocation, or a sig from an unavailable
587 for (node=uidnode->next;
588 node && node->pkt->pkttype==PKT_SIGNATURE;
593 keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
594 && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
596 /* Keep usable uid sigs ... */
597 if ((node->flag & (1<<8)) && keep)
600 /* ... and usable revocations... */
601 if ((node->flag & (1<<11)) && keep)
604 /* ... and sigs from unavailable keys. */
605 /* disabled for now since more people seem to want sigs from
606 unavailable keys removed altogether. */
608 if(node->flag & (1<<12))
612 /* Everything else we delete */
614 /* At this point, if 12 is set, the signing key was unavailable.
615 If 9 or 10 is set, it's superseded. Otherwise, it's
619 log_info ("removing signature from key %s on user ID \"%s\": %s\n",
620 keystr (node->pkt->pkt.signature->keyid),
621 uidnode->pkt->pkt.user_id->name,
622 node->flag&(1<<12)? "key unavailable":
623 node->flag&(1<<9)? "signature superseded"
624 /* */ :"invalid signature" );
626 delete_kbnode (node);
634 /* This is substantially easier than clean_sigs_from_uid since we just
635 have to establish if the uid has a valid self-sig, is not revoked,
636 and is not expired. Note that this does not take into account
637 whether the uid has a trust path to it - just whether the keyholder
638 themselves has certified the uid. Returns true if the uid was
639 compacted. To "compact" a user ID, we simply remove ALL signatures
640 except the self-sig that caused the user ID to be remove-worthy.
641 We don't actually remove the user ID packet itself since it might
642 be ressurected in a later merge. Note that this function requires
643 that the caller has already done a merge_keys_and_selfsig().
645 TODO: change the import code to allow importing a uid with only a
646 revocation if the uid already exists on the keyring. */
649 clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
652 PKT_user_id *uid = uidnode->pkt->pkt.user_id;
655 assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
656 assert (uidnode->pkt->pkttype==PKT_USER_ID);
658 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
659 IDs if --allow-non-selfsigned-uid is set. */
661 || uid->flags.compacted
662 || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
665 for (node=uidnode->next;
666 node && node->pkt->pkttype == PKT_SIGNATURE;
669 if (!node->pkt->pkt.signature->flags.chosen_selfsig)
671 delete_kbnode (node);
673 uidnode->pkt->pkt.user_id->flags.compacted = 1;
680 char *user = utf8_to_native (uid->name, uid->len, 0);
683 reason = _("revoked");
684 else if (uid->is_expired)
685 reason = _("expired");
687 reason = _("invalid");
689 log_info ("compacting user ID \"%s\" on key %s: %s\n",
690 user, keystr_from_pk (keyblock->pkt->pkt.public_key),
700 /* Needs to be called after a merge_keys_and_selfsig() */
702 clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
703 int *uids_cleaned, int *sigs_cleaned)
707 assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
708 assert (uidnode->pkt->pkttype==PKT_USER_ID);
711 uids_cleaned = &dummy;
714 sigs_cleaned = &dummy;
716 /* Do clean_uid_from_key first since if it fires off, we don't have
717 to bother with the other. */
718 *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
719 if (!uidnode->pkt->pkt.user_id->flags.compacted)
720 *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
725 clean_key (kbnode_t keyblock, int noisy, int self_only,
726 int *uids_cleaned, int *sigs_cleaned)
730 merge_keys_and_selfsig (keyblock);
732 for (uidnode = keyblock->next;
733 uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
734 uidnode = uidnode->next)
736 if (uidnode->pkt->pkttype == PKT_USER_ID)
737 clean_one_uid (keyblock, uidnode,noisy, self_only,
738 uids_cleaned, sigs_cleaned);