1 /* trust.c - High level trust functions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
29 #include "../common/util.h"
33 #include "../common/i18n.h"
35 #include "../common/host2net.h"
38 /* Return true if key is disabled. Note that this is usually used via
39 the pk_is_disabled macro. */
41 cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
43 #ifdef NO_TRUST_MODELS
47 return tdb_cache_disabled_value (ctrl, pk);
53 register_trusted_key (const char *string)
55 #ifdef NO_TRUST_MODELS
59 /* Some users have conf files with entries like
60 * trusted-key 0x1234567812345678 # foo
61 * That is obviously wrong. Before fixing bug#1206 trailing garbage
62 * on a key specification if was ignored. We detect the above use case
63 * here and cut off the junk-looking-like-a comment. */
64 if (strchr (string, '#'))
68 buf = xtrystrdup (string);
71 *strchr (buf, '#') = 0;
72 tdb_register_trusted_key (buf);
78 tdb_register_trusted_key (string);
85 * This function returns a letter for a trust value. Trust flags
89 trust_letter (unsigned int value)
91 switch( (value & TRUST_MASK) )
93 case TRUST_UNKNOWN: return '-';
94 case TRUST_EXPIRED: return 'e';
95 case TRUST_UNDEFINED: return 'q';
96 case TRUST_NEVER: return 'n';
97 case TRUST_MARGINAL: return 'm';
98 case TRUST_FULLY: return 'f';
99 case TRUST_ULTIMATE: return 'u';
105 /* The strings here are similar to those in
106 pkclist.c:do_edit_ownertrust() */
108 trust_value_to_string (unsigned int value)
110 switch ((value & TRUST_MASK))
112 case TRUST_UNKNOWN: return _("unknown");
113 case TRUST_EXPIRED: return _("expired");
114 case TRUST_UNDEFINED: return _("undefined");
115 case TRUST_NEVER: return _("never");
116 case TRUST_MARGINAL: return _("marginal");
117 case TRUST_FULLY: return _("full");
118 case TRUST_ULTIMATE: return _("ultimate");
119 default: return "err";
125 string_to_trust_value (const char *str)
127 if (!ascii_strcasecmp (str, "undefined"))
128 return TRUST_UNDEFINED;
129 else if (!ascii_strcasecmp (str, "never"))
131 else if (!ascii_strcasecmp (str, "marginal"))
132 return TRUST_MARGINAL;
133 else if (!ascii_strcasecmp (str, "full"))
135 else if (!ascii_strcasecmp(str, "ultimate"))
136 return TRUST_ULTIMATE;
143 uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
147 /* TRANSLATORS: these strings are similar to those in
148 trust_value_to_string(), but are a fixed length. This is needed to
149 make attractive information listings where columns line up
150 properly. The value "10" should be the length of the strings you
151 choose to translate to. This is the length in printable columns.
152 It gets passed to atoi() so everything after the number is
153 essentially a comment and need not be translated. Either key and
154 uid are both NULL, or neither are NULL. */
155 return _("10 translator see trust.c:uid_trust_string_fixed");
157 else if(uid->flags.revoked || (key && key->flags.revoked))
158 return _("[ revoked]");
159 else if(uid->flags.expired)
160 return _("[ expired]");
163 switch (get_validity (ctrl, NULL, key, uid, NULL, 0) & TRUST_MASK)
165 case TRUST_UNKNOWN: return _("[ unknown]");
166 case TRUST_EXPIRED: return _("[ expired]");
167 case TRUST_UNDEFINED: return _("[ undef ]");
168 case TRUST_NEVER: return _("[ never ]");
169 case TRUST_MARGINAL: return _("[marginal]");
170 case TRUST_FULLY: return _("[ full ]");
171 case TRUST_ULTIMATE: return _("[ultimate]");
181 * Return the assigned ownertrust value for the given public key.
182 * The key should be the primary key.
185 get_ownertrust (ctrl_t ctrl, PKT_public_key *pk)
187 #ifdef NO_TRUST_MODELS
189 return TRUST_UNKNOWN;
191 return tdb_get_ownertrust (ctrl, pk, 0);
197 * Same as get_ownertrust but this takes the minimum ownertrust value
198 * into account, and will bump up the value as needed. NO_CREATE
199 * inhibits creation of a trustdb it that does not yet exists.
202 get_ownertrust_with_min (ctrl_t ctrl, PKT_public_key *pk, int no_create)
204 #ifdef NO_TRUST_MODELS
206 return TRUST_UNKNOWN;
208 unsigned int otrust, otrust_min;
210 /* Shortcut instead of doing the same twice in the two tdb_get
211 * functions: If the caller asked not to create a trustdb we call
212 * init_trustdb directly and allow it to fail with an error code for
213 * a non-existing trustdb. */
214 if (no_create && init_trustdb (ctrl, 1))
215 return TRUST_UNKNOWN;
217 otrust = (tdb_get_ownertrust (ctrl, pk, no_create) & TRUST_MASK);
218 otrust_min = tdb_get_min_ownertrust (ctrl, pk, no_create);
219 if (otrust < otrust_min)
221 /* If the trust that the user has set is less than the trust
222 that was calculated from a trust signature chain, use the
223 higher of the two. We do this here and not in
224 get_ownertrust since the underlying ownertrust should not
225 really be set - just the appearance of the ownertrust. */
236 * Same as get_ownertrust but return a trust letter instead of an
237 * value. This takes the minimum ownertrust value into account. If
238 * NO_CREATE is set, no efforts for creating a trustdb will be taken.
241 get_ownertrust_info (ctrl_t ctrl, PKT_public_key *pk, int no_create)
243 return trust_letter (get_ownertrust_with_min (ctrl, pk, no_create));
248 * Same as get_ownertrust but return a trust string instead of an
249 * value. This takes the minimum ownertrust value into account. If
250 * NO_CREATE is set, no efforts for creating a trustdb will be taken.
253 get_ownertrust_string (ctrl_t ctrl, PKT_public_key *pk, int no_create)
255 return trust_value_to_string (get_ownertrust_with_min (ctrl, pk, no_create));
260 * Set the trust value of the given public key to the new value.
261 * The key should be a primary one.
264 update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust)
266 #ifdef NO_TRUST_MODELS
270 tdb_update_ownertrust (ctrl, pk, new_trust, 0);
276 clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk)
278 #ifdef NO_TRUST_MODELS
282 return tdb_clear_ownertrusts (ctrl, pk);
288 revalidation_mark (ctrl_t ctrl)
290 #ifndef NO_TRUST_MODELS
291 tdb_revalidation_mark (ctrl);
297 check_trustdb_stale (ctrl_t ctrl)
299 #ifndef NO_TRUST_MODELS
300 tdb_check_trustdb_stale (ctrl);
308 check_or_update_trustdb (ctrl_t ctrl)
310 #ifndef NO_TRUST_MODELS
311 tdb_check_or_update (ctrl);
319 * Return the validity information for KB/PK (at least one must be
320 * non-NULL). If the namehash is not NULL, the validity of the
321 * corresponding user ID is returned, otherwise, a reasonable value
322 * for the entire key is returned.
325 get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
326 PKT_signature *sig, int may_ask)
329 unsigned int validity;
331 PKT_public_key *main_pk;
334 log_assert (keyid_cmp (pk_main_keyid (pk),
335 pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
340 pk = kb->pkt->pkt.public_key;
344 namehash_from_uid (uid);
346 keyid_from_pk (pk, kid);
347 if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
349 /* This is a subkey - get the mainkey. */
351 main_pk = kb->pkt->pkt.public_key;
354 main_pk = xmalloc_clear (sizeof *main_pk);
355 rc = get_pubkey (ctrl, main_pk, pk->main_keyid);
358 char *tempkeystr = xstrdup (keystr (pk->main_keyid));
359 log_error ("error getting main key %s of subkey %s: %s\n",
360 tempkeystr, keystr (kid), gpg_strerror (rc));
362 validity = TRUST_UNKNOWN;
370 #ifdef NO_TRUST_MODELS
371 validity = TRUST_UNKNOWN;
373 validity = tdb_get_validity_core (ctrl, kb, pk, uid, main_pk, sig, may_ask);
377 /* Set some flags direct from the key */
378 if (main_pk->flags.revoked)
379 validity |= TRUST_FLAG_REVOKED;
380 if (main_pk != pk && pk->flags.revoked)
381 validity |= TRUST_FLAG_SUB_REVOKED;
382 /* Note: expiration is a trust value and not a flag - don't know why
383 * I initially designed it that way. */
384 if (main_pk->has_expired || pk->has_expired)
385 validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
388 if (main_pk != pk && !kb)
389 free_public_key (main_pk);
395 get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
401 log_assert (keyid_cmp (pk_main_keyid (pk),
402 pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
405 pk = kb->pkt->pkt.public_key;
407 return '?'; /* Just in case a NULL PK is passed. */
409 trustlevel = get_validity (ctrl, kb, pk, uid, NULL, 0);
410 if ((trustlevel & TRUST_FLAG_REVOKED))
412 return trust_letter (trustlevel);
417 get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
422 return "err"; /* Just in case a NULL PK is passed. */
424 trustlevel = get_validity (ctrl, NULL, pk, uid, NULL, 0);
425 if ((trustlevel & TRUST_FLAG_REVOKED))
427 return trust_value_to_string (trustlevel);