2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2012 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
27 #include <sys/types.h>
29 #endif /* !DISABLE_REGEX */
39 #include "mbox-util.h"
46 typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
49 * Structure to keep track of keys, this is used as an array wherre
50 * the item right after the last one has a keyblock set to NULL.
51 * Maybe we can drop this thing and replace it by key_item
59 /* Control information for the trust DB. */
69 static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
70 static struct key_item *utk_list; /* all ultimately trusted keys */
72 static int pending_check_trustdb;
74 static int validate_keys (ctrl_t ctrl, int interactive);
77 /**********************************************
78 ************* some helpers *******************
79 **********************************************/
81 static struct key_item *
86 k = xmalloc_clear (sizeof *k);
91 release_key_items (struct key_item *k)
98 xfree (k->trust_regexp);
103 #define KEY_HASH_TABLE_SIZE 1024
106 * For fast keylook up we need a hash table. Each byte of a KeyID
107 * should be distributed equally over the 256 possible values (except
108 * for v3 keyIDs but we consider them as not important here). So we
109 * can just use 10 bits to index a table of KEY_HASH_TABLE_SIZE key items.
110 * Possible optimization: Do not use key_items but other hash_table when the
111 * duplicates lists get too large.
114 new_key_hash_table (void)
116 struct key_item **tbl;
118 tbl = xmalloc_clear (KEY_HASH_TABLE_SIZE * sizeof *tbl);
123 release_key_hash_table (KeyHashTable tbl)
129 for (i=0; i < KEY_HASH_TABLE_SIZE; i++)
130 release_key_items (tbl[i]);
135 * Returns: True if the keyID is in the given hash table
138 test_key_hash_table (KeyHashTable tbl, u32 *kid)
142 for (k = tbl[(kid[1] % KEY_HASH_TABLE_SIZE)]; k; k = k->next)
143 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
149 * Add a new key to the hash table. The key is identified by its key ID.
152 add_key_hash_table (KeyHashTable tbl, u32 *kid)
154 int i = kid[1] % KEY_HASH_TABLE_SIZE;
155 struct key_item *k, *kk;
157 for (k = tbl[i]; k; k = k->next)
158 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
159 return; /* already in table */
161 kk = new_key_item ();
169 * Release a key_array
172 release_key_array ( struct key_array *keys )
177 for (k=keys; k->keyblock; k++)
178 release_kbnode (k->keyblock);
184 /*********************************************
185 ********** Initialization *****************
186 *********************************************/
191 * Used to register extra ultimately trusted keys - this has to be done
192 * before initializing the validation module.
193 * FIXME: Should be replaced by a function to add those keys to the trustdb.
196 tdb_register_trusted_keyid (u32 *keyid)
201 k->kid[0] = keyid[0];
202 k->kid[1] = keyid[1];
203 k->next = user_utk_list;
208 tdb_register_trusted_key( const char *string )
211 KEYDB_SEARCH_DESC desc;
213 err = classify_user_id (string, &desc, 1);
214 if (err || desc.mode != KEYDB_SEARCH_MODE_LONG_KID )
216 log_error(_("'%s' is not a valid long keyID\n"), string );
220 register_trusted_keyid(desc.u.kid);
224 * Helper to add a key to the global list of ultimately trusted keys.
225 * Retruns: true = inserted, false = already in in list.
232 if (tdb_keyid_is_utk (kid))
238 k->ownertrust = TRUST_ULTIMATE;
241 if( opt.verbose > 1 )
242 log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
248 * Verify that all our secret keys are usable and put them into the utk_list.
251 verify_own_keys(void)
261 /* scan the trustdb to find all ultimately trusted keys */
262 for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
264 if ( rec.rectype == RECTYPE_TRUST
265 && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
267 byte *fpr = rec.r.trust.fingerprint;
271 /* Problem: We do only use fingerprints in the trustdb but
272 * we need the keyID here to indetify the key; we can only
273 * use that ugly hack to distinguish between 16 and 20
274 * butes fpr - it does not work always so we better change
275 * the whole validation code to only work with
277 fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
278 keyid_from_fingerprint (fpr, fprlen, kid);
280 log_info(_("key %s occurs more than once in the trustdb\n"),
285 /* Put any --trusted-key keys into the trustdb */
286 for (k = user_utk_list; k; k = k->next)
288 if ( add_utk (k->kid) )
289 { /* not yet in trustDB as ultimately trusted */
292 memset (&pk, 0, sizeof pk);
293 rc = get_pubkey (&pk, k->kid);
295 log_info(_("key %s: no public key for trusted key - skipped\n"),
299 tdb_update_ownertrust (&pk,
300 ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
302 release_public_key_parts (&pk);
305 log_info (_("key %s marked as ultimately trusted\n"),keystr(k->kid));
309 /* release the helper table table */
310 release_key_items (user_utk_list);
311 user_utk_list = NULL;
315 /* Returns whether KID is on the list of ultimately trusted keys. */
317 tdb_keyid_is_utk (u32 *kid)
321 for (k = utk_list; k; k = k->next)
322 if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
328 /* Return the list of ultimately trusted keys. */
335 /*********************************************
336 *********** TrustDB stuff *******************
337 *********************************************/
340 * Read a record but die if it does not exist
343 read_record (ulong recno, TRUSTREC *rec, int rectype )
345 int rc = tdbio_read_record (recno, rec, rectype);
348 log_error(_("trust record %lu, req type %d: read failed: %s\n"),
349 recno, rec->rectype, gpg_strerror (rc) );
352 if (rectype != rec->rectype)
354 log_error(_("trust record %lu is not of requested type %d\n"),
355 rec->recnum, rectype);
361 * Write a record and die on error
364 write_record (TRUSTREC *rec)
366 int rc = tdbio_write_record (rec);
369 log_error(_("trust record %lu, type %d: write failed: %s\n"),
370 rec->recnum, rec->rectype, gpg_strerror (rc) );
376 * sync the TrustDb and die on error
381 int rc = tdbio_sync ();
384 log_error (_("trustdb: sync failed: %s\n"), gpg_strerror (rc) );
390 trust_model_string (int model)
394 case TM_CLASSIC: return "classic";
395 case TM_PGP: return "pgp";
396 case TM_EXTERNAL: return "external";
397 case TM_TOFU: return "tofu";
398 case TM_TOFU_PGP: return "tofu+pgp";
399 case TM_ALWAYS: return "always";
400 case TM_DIRECT: return "direct";
401 default: return "unknown";
406 * Perform some checks over the trustdb
407 * level 0: only open the db
408 * 1: used for initial program startup
411 setup_trustdb( int level, const char *dbname )
413 /* just store the args */
414 if( trustdb_args.init )
416 trustdb_args.level = level;
417 trustdb_args.dbname = dbname? xstrdup(dbname): NULL;
422 how_to_fix_the_trustdb ()
424 const char *name = trustdb_args.dbname;
427 name = "trustdb.gpg";
429 log_info (_("You may try to re-create the trustdb using the commands:\n"));
430 log_info (" cd %s\n", default_homedir ());
431 log_info (" %s --export-ownertrust > otrust.tmp\n", GPG_NAME);
432 #ifdef HAVE_W32_SYSTEM
433 log_info (" del %s\n", name);
435 log_info (" rm %s\n", name);
437 log_info (" %s --import-ownertrust < otrust.tmp\n", GPG_NAME);
438 log_info (_("If that does not work, please consult the manual\n"));
445 int level = trustdb_args.level;
446 const char* dbname = trustdb_args.dbname;
448 if( trustdb_args.init )
451 trustdb_args.init = 1;
453 if(level==0 || level==1)
455 int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
457 log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
462 if(opt.trust_model==TM_AUTO)
464 /* Try and set the trust model off of whatever the trustdb says
466 opt.trust_model=tdbio_read_model();
468 /* Sanity check this ;) */
469 if(opt.trust_model != TM_CLASSIC
470 && opt.trust_model != TM_PGP
471 && opt.trust_model != TM_TOFU_PGP
472 && opt.trust_model != TM_TOFU
473 && opt.trust_model != TM_EXTERNAL)
475 log_info(_("unable to use unknown trust model (%d) - "
476 "assuming %s trust model\n"),opt.trust_model,"pgp");
477 opt.trust_model = TM_PGP;
481 log_info(_("using %s trust model\n"),
482 trust_model_string (opt.trust_model));
485 if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
486 || opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
488 /* Verify the list of ultimately trusted keys and move the
489 --trusted-keys list there as well. */
493 if(!tdbio_db_matches_options())
494 pending_check_trustdb=1;
500 * Recreate the WoT but do not ask for new ownertrusts. Special
501 * feature: In batch mode and without a forced yes, this is only done
502 * when a check is due. This can be used to run the check from a crontab
505 check_trustdb (ctrl_t ctrl)
508 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
509 || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
511 if (opt.batch && !opt.answer_yes)
515 scheduled = tdbio_read_nextcheck ();
518 log_info (_("no need for a trustdb check\n"));
522 if (scheduled > make_timestamp ())
524 log_info (_("next trustdb check due at %s\n"),
525 strtimestamp (scheduled));
530 validate_keys (ctrl, 0);
533 log_info (_("no need for a trustdb check with '%s' trust model\n"),
534 trust_model_string(opt.trust_model));
542 update_trustdb (ctrl_t ctrl)
545 if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
546 || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
547 validate_keys (ctrl, 1);
549 log_info (_("no need for a trustdb update with '%s' trust model\n"),
550 trust_model_string(opt.trust_model));
554 tdb_revalidation_mark (void)
557 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
560 /* We simply set the time for the next check to 1 (far back in 1970)
561 so that a --update-trustdb will be scheduled. */
562 if (tdbio_write_nextcheck (1))
564 pending_check_trustdb = 1;
568 trustdb_pending_check(void)
570 return pending_check_trustdb;
573 /* If the trustdb is dirty, and we're interactive, update it.
574 Otherwise, check it unless no-auto-check-trustdb is set. */
576 tdb_check_or_update (ctrl_t ctrl)
578 if (trustdb_pending_check ())
581 update_trustdb (ctrl);
582 else if (!opt.no_auto_check_trustdb)
583 check_trustdb (ctrl);
588 read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
589 byte *marginals,byte *completes,byte *cert_depth,
590 byte *min_cert_level)
595 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
596 memset (&opts, 0, sizeof opts);
598 read_record (0, &opts, RECTYPE_VER);
601 *trust_model=opts.r.ver.trust_model;
603 *created=opts.r.ver.created;
605 *nextcheck=opts.r.ver.nextcheck;
607 *marginals=opts.r.ver.marginals;
609 *completes=opts.r.ver.completes;
611 *cert_depth=opts.r.ver.cert_depth;
613 *min_cert_level=opts.r.ver.min_cert_level;
616 /***********************************************
617 *********** Ownertrust et al. ****************
618 ***********************************************/
621 read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
626 rc = tdbio_search_trust_bypk (pk, rec);
629 if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
630 log_error ("trustdb: searching trust record failed: %s\n",
635 if (rec->rectype != RECTYPE_TRUST)
637 log_error ("trustdb: record %lu is not a trust record\n",
639 return GPG_ERR_TRUSTDB;
646 * Return the assigned ownertrust value for the given public key.
647 * The key should be the primary key.
650 tdb_get_ownertrust ( PKT_public_key *pk)
655 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
656 return TRUST_UNKNOWN;
658 err = read_trust_record (pk, &rec);
659 if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
660 return TRUST_UNKNOWN; /* no record yet */
664 return TRUST_UNKNOWN; /* actually never reached */
667 return rec.r.trust.ownertrust;
672 tdb_get_min_ownertrust (PKT_public_key *pk)
677 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
678 return TRUST_UNKNOWN;
680 err = read_trust_record (pk, &rec);
681 if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
682 return TRUST_UNKNOWN; /* no record yet */
686 return TRUST_UNKNOWN; /* actually never reached */
689 return rec.r.trust.min_ownertrust;
694 * Set the trust value of the given public key to the new value.
695 * The key should be a primary one.
698 tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
703 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
706 err = read_trust_record (pk, &rec);
710 log_debug ("update ownertrust from %u to %u\n",
711 (unsigned int)rec.r.trust.ownertrust, new_trust );
712 if (rec.r.trust.ownertrust != new_trust)
714 rec.r.trust.ownertrust = new_trust;
715 write_record( &rec );
716 tdb_revalidation_mark ();
720 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
721 { /* no record yet - create a new one */
725 log_debug ("insert ownertrust %u\n", new_trust );
727 memset (&rec, 0, sizeof rec);
728 rec.recnum = tdbio_new_recnum ();
729 rec.rectype = RECTYPE_TRUST;
730 fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
731 rec.r.trust.ownertrust = new_trust;
733 tdb_revalidation_mark ();
743 update_min_ownertrust (u32 *kid, unsigned int new_trust )
749 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
752 pk = xmalloc_clear (sizeof *pk);
753 err = get_pubkey (pk, kid);
756 log_error (_("public key %s not found: %s\n"),
757 keystr (kid), gpg_strerror (err));
761 err = read_trust_record (pk, &rec);
765 log_debug ("key %08lX%08lX: update min_ownertrust from %u to %u\n",
766 (ulong)kid[0],(ulong)kid[1],
767 (unsigned int)rec.r.trust.min_ownertrust,
769 if (rec.r.trust.min_ownertrust != new_trust)
771 rec.r.trust.min_ownertrust = new_trust;
772 write_record( &rec );
773 tdb_revalidation_mark ();
777 else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
778 { /* no record yet - create a new one */
782 log_debug ("insert min_ownertrust %u\n", new_trust );
784 memset (&rec, 0, sizeof rec);
785 rec.recnum = tdbio_new_recnum ();
786 rec.rectype = RECTYPE_TRUST;
787 fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
788 rec.r.trust.min_ownertrust = new_trust;
790 tdb_revalidation_mark ();
801 * Clear the ownertrust and min_ownertrust values.
803 * Return: True if a change actually happened.
806 tdb_clear_ownertrusts (PKT_public_key *pk)
813 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
816 err = read_trust_record (pk, &rec);
821 log_debug ("clearing ownertrust (old value %u)\n",
822 (unsigned int)rec.r.trust.ownertrust);
823 log_debug ("clearing min_ownertrust (old value %u)\n",
824 (unsigned int)rec.r.trust.min_ownertrust);
826 if (rec.r.trust.ownertrust || rec.r.trust.min_ownertrust)
828 rec.r.trust.ownertrust = 0;
829 rec.r.trust.min_ownertrust = 0;
830 write_record( &rec );
831 tdb_revalidation_mark ();
836 else if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
844 * Note: Caller has to do a sync
847 update_validity (PKT_public_key *pk, PKT_user_id *uid,
848 int depth, int validity)
854 namehash_from_uid(uid);
856 err = read_trust_record (pk, &trec);
857 if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
862 if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
864 /* No record yet - create a new one. */
867 memset (&trec, 0, sizeof trec);
868 trec.recnum = tdbio_new_recnum ();
869 trec.rectype = RECTYPE_TRUST;
870 fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy);
871 trec.r.trust.ownertrust = 0;
874 /* locate an existing one */
875 recno = trec.r.trust.validlist;
878 read_record (recno, &vrec, RECTYPE_VALID);
879 if ( !memcmp (vrec.r.valid.namehash, uid->namehash, 20) )
881 recno = vrec.r.valid.next;
884 if (!recno) /* insert a new validity record */
886 memset (&vrec, 0, sizeof vrec);
887 vrec.recnum = tdbio_new_recnum ();
888 vrec.rectype = RECTYPE_VALID;
889 memcpy (vrec.r.valid.namehash, uid->namehash, 20);
890 vrec.r.valid.next = trec.r.trust.validlist;
891 trec.r.trust.validlist = vrec.recnum;
893 vrec.r.valid.validity = validity;
894 vrec.r.valid.full_count = uid->help_full_count;
895 vrec.r.valid.marginal_count = uid->help_marginal_count;
896 write_record (&vrec);
897 trec.r.trust.depth = depth;
898 write_record (&trec);
902 /***********************************************
903 ********* Query trustdb values **************
904 ***********************************************/
906 /* Return true if key is disabled. Note that this is usually used via
907 the pk_is_disabled macro. */
909 tdb_cache_disabled_value (PKT_public_key *pk)
915 if (pk->flags.disabled_valid)
916 return pk->flags.disabled;
920 if (trustdb_args.no_trustdb)
921 return 0; /* No trustdb => not disabled. */
923 err = read_trust_record (pk, &trec);
924 if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
929 if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
931 /* No record found, so assume not disabled. */
935 if ((trec.r.trust.ownertrust & TRUST_FLAG_DISABLED))
938 /* Cache it for later so we don't need to look at the trustdb every
940 pk->flags.disabled = disabled;
941 pk->flags.disabled_valid = 1;
949 tdb_check_trustdb_stale (ctrl_t ctrl)
951 static int did_nextcheck=0;
955 if (trustdb_args.no_trustdb)
956 return; /* No trustdb => can't be stale. */
959 && (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
960 || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
965 scheduled = tdbio_read_nextcheck ();
966 if ((scheduled && scheduled <= make_timestamp ())
967 || pending_check_trustdb)
969 if (opt.no_auto_check_trustdb)
971 pending_check_trustdb = 1;
973 log_info (_("please do a --check-trustdb\n"));
978 log_info (_("checking the trustdb\n"));
979 validate_keys (ctrl, 0);
986 * Return the validity information for KB/PK (at least one of them
987 * must be non-NULL). This is the core of get_validity. If SIG is
988 * not NULL, then the trust is being evaluated in the context of the
989 * provided signature. This is used by the TOFU code to record
993 tdb_get_validity_core (ctrl_t ctrl,
995 PKT_public_key *pk, PKT_user_id *uid,
996 PKT_public_key *main_pk,
1000 TRUSTREC trec, vrec;
1001 gpg_error_t err = 0;
1004 unsigned int tofu_validity = TRUST_UNKNOWN;
1006 unsigned int validity = TRUST_UNKNOWN;
1010 log_assert (keyid_cmp (pk_main_keyid (pk),
1011 pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
1016 pk = kb->pkt->pkt.public_key;
1026 /* If we have no trustdb (which also means it has not been created)
1027 and the trust-model is always, we don't know the validity -
1028 return immediately. If we won't do that the tdbio code would try
1029 to open the trustdb and run into a fatal error. */
1030 if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
1031 return TRUST_UNKNOWN;
1033 check_trustdb_stale (ctrl);
1035 if(opt.trust_model==TM_DIRECT)
1037 /* Note that this happens BEFORE any user ID stuff is checked.
1038 The direct trust model applies to keys as a whole. */
1039 validity = tdb_get_ownertrust (main_pk);
1044 if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
1047 strlist_t user_id_list = NULL;
1050 /* If the caller didn't supply a user id then use all uids. */
1055 kb = get_pubkeyblock (main_pk->keyid);
1061 if (DBG_TRUST && sig && sig->signers_uid)
1062 log_debug ("TOFU: only considering user id: '%s'\n",
1065 while (!done && (uid || (n = find_next_kbnode (n, PKT_USER_ID))))
1067 PKT_user_id *user_id;
1073 /* If the caller specified a user id, then we only
1074 process the specified user id and are done after the
1079 user_id = n->pkt->pkt.user_id;
1081 if (user_id->attrib_data)
1082 /* Skip user attributes. */
1085 if (sig && sig->signers_uid)
1086 /* Make sure the UID matches. */
1088 char *email = mailbox_from_userid (user_id->name);
1089 if (!email || !*email || strcmp (sig->signers_uid, email) != 0)
1092 log_debug ("TOFU: skipping user id '%s', which does"
1093 " not match the signer's email ('%s')\n",
1094 email, sig->signers_uid);
1101 /* If the user id is revoked or expired, then skip it. */
1102 if (user_id->is_revoked || user_id->is_expired)
1107 if (user_id->is_revoked && user_id->is_expired)
1108 s = "revoked and expired";
1109 else if (user_id->is_revoked)
1114 log_debug ("TOFU: Ignoring %s user id (%s)\n",
1118 if (user_id->is_revoked)
1124 add_to_strlist (&user_id_list, user_id->name);
1125 user_id_list->flags = expired;
1128 /* Process the user ids in the order they appear in the key
1130 strlist_rev (&user_id_list);
1132 /* It only makes sense to observe any signature before getting
1133 the validity. This is because if the current signature
1134 results in a conflict, then we damn well want to take that
1138 err = tofu_register_signature (ctrl, main_pk, user_id_list,
1139 sig->digest, sig->digest_len,
1140 sig->timestamp, "unknown");
1143 log_error ("TOFU: error registering signature: %s\n",
1144 gpg_strerror (err));
1146 tofu_validity = TRUST_UNKNOWN;
1150 tofu_validity = tofu_get_validity (ctrl, main_pk, user_id_list,
1153 free_strlist (user_id_list);
1155 release_kbnode (kb);
1159 if (opt.trust_model == TM_TOFU_PGP
1160 || opt.trust_model == TM_CLASSIC
1161 || opt.trust_model == TM_PGP)
1163 err = read_trust_record (main_pk, &trec);
1164 if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
1169 if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
1171 /* No record found. */
1172 validity = TRUST_UNKNOWN;
1176 /* Loop over all user IDs */
1177 recno = trec.r.trust.validlist;
1181 read_record (recno, &vrec, RECTYPE_VALID);
1185 /* If a user ID is given we return the validity for that
1186 user ID ONLY. If the namehash is not found, then
1187 there is no validity at all (i.e. the user ID wasn't
1189 if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
1191 validity=(vrec.r.valid.validity & TRUST_MASK);
1197 /* If no user ID is given, we take the maximum validity
1198 over all user IDs */
1199 if (validity < (vrec.r.valid.validity & TRUST_MASK))
1200 validity = (vrec.r.valid.validity & TRUST_MASK);
1203 recno = vrec.r.valid.next;
1206 if ((trec.r.trust.ownertrust & TRUST_FLAG_DISABLED))
1208 validity |= TRUST_FLAG_DISABLED;
1209 pk->flags.disabled = 1;
1212 pk->flags.disabled = 0;
1213 pk->flags.disabled_valid = 1;
1218 validity = tofu_wot_trust_combine (tofu_validity, validity);
1220 validity &= TRUST_MASK;
1222 if (validity == TRUST_NEVER)
1223 /* TRUST_NEVER trumps everything else. */
1224 validity |= TRUST_NEVER;
1225 if (validity == TRUST_EXPIRED)
1226 /* TRUST_EXPIRED trumps everything but TRUST_NEVER. */
1227 validity |= TRUST_EXPIRED;
1228 #endif /*!USE_TOFU*/
1230 if (opt.trust_model != TM_TOFU
1231 && pending_check_trustdb)
1232 validity |= TRUST_FLAG_PENDING_CHECK;
1239 get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
1241 TRUSTREC trec, vrec;
1244 if(pk==NULL || uid==NULL)
1247 namehash_from_uid(uid);
1249 uid->help_marginal_count=uid->help_full_count=0;
1253 if(read_trust_record (pk, &trec))
1256 /* loop over all user IDs */
1257 recno = trec.r.trust.validlist;
1260 read_record (recno, &vrec, RECTYPE_VALID);
1262 if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
1264 uid->help_marginal_count=vrec.r.valid.marginal_count;
1265 uid->help_full_count=vrec.r.valid.full_count;
1266 /* es_printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
1270 recno = vrec.r.valid.next;
1275 list_trust_path( const char *username )
1281 * Enumerate all keys, which are needed to build all trust paths for
1282 * the given key. This function does not return the key itself or
1283 * the ultimate key (the last point in cerificate chain). Only
1284 * certificate chains which ends up at an ultimately trusted key
1285 * are listed. If ownertrust or validity is not NULL, the corresponding
1286 * value for the returned LID is also returned in these variable(s).
1288 * 1) create a void pointer and initialize it to NULL
1289 * 2) pass this void pointer by reference to this function.
1290 * Set lid to the key you want to enumerate and pass it by reference.
1291 * 3) call this function as long as it does not return -1
1292 * to indicate EOF. LID does contain the next key used to build the web
1293 * 4) Always call this function a last time with LID set to NULL,
1294 * so that it can free its context.
1296 * Returns: -1 on EOF or the level of the returned LID
1299 enum_cert_paths( void **context, ulong *lid,
1300 unsigned *ownertrust, unsigned *validity )
1311 * Print the current path
1314 enum_cert_paths_print (void **context, FILE *fp,
1315 int refresh, ulong selected_lid)
1325 /****************************************
1326 *********** NEW NEW NEW ****************
1327 ****************************************/
1330 ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
1336 pk = xmalloc_clear (sizeof *pk);
1337 rc = get_pubkey (pk, kid);
1340 log_error (_("public key %s not found: %s\n"),
1341 keystr(kid), gpg_strerror (rc) );
1342 return TRUST_UNKNOWN;
1345 if(opt.force_ownertrust)
1347 log_info("force trust for key %s to %s\n",
1348 keystr(kid),trust_value_to_string(opt.force_ownertrust));
1349 tdb_update_ownertrust (pk, opt.force_ownertrust);
1350 ot=opt.force_ownertrust;
1354 ot=edit_ownertrust (ctrl, pk, 0);
1356 ot = tdb_get_ownertrust (pk);
1358 ot = minimum?minimum:TRUST_UNDEFINED;
1363 free_public_key( pk );
1370 mark_keyblock_seen (KeyHashTable tbl, KBNODE node)
1372 for ( ;node; node = node->next )
1373 if (node->pkt->pkttype == PKT_PUBLIC_KEY
1374 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1378 keyid_from_pk (node->pkt->pkt.public_key, aki);
1379 add_key_hash_table (tbl, aki);
1385 dump_key_array (int depth, struct key_array *keys)
1387 struct key_array *kar;
1389 for (kar=keys; kar->keyblock; kar++)
1391 KBNODE node = kar->keyblock;
1394 keyid_from_pk(node->pkt->pkt.public_key, kid);
1395 es_printf ("%d:%08lX%08lX:K::%c::::\n",
1396 depth, (ulong)kid[0], (ulong)kid[1], '?');
1398 for (; node; node = node->next)
1400 if (node->pkt->pkttype == PKT_USER_ID)
1402 int len = node->pkt->pkt.user_id->len;
1406 es_printf ("%d:%08lX%08lX:U:::%c:::",
1407 depth, (ulong)kid[0], (ulong)kid[1],
1408 (node->flag & 4)? 'f':
1409 (node->flag & 2)? 'm':
1410 (node->flag & 1)? 'q':'-');
1411 es_write_sanitized (es_stdout, node->pkt->pkt.user_id->name,
1413 es_putc (':', es_stdout);
1414 es_putc ('\n', es_stdout);
1422 store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
1428 for (node=keyblock; node; node = node->next)
1430 if (node->pkt->pkttype == PKT_USER_ID)
1432 PKT_user_id *uid = node->pkt->pkt.user_id;
1434 status = TRUST_FULLY;
1435 else if (node->flag & 2)
1436 status = TRUST_MARGINAL;
1437 else if (node->flag & 1)
1438 status = TRUST_UNDEFINED;
1444 update_validity (keyblock->pkt->pkt.public_key,
1445 uid, depth, status);
1447 mark_keyblock_seen(stored,keyblock);
1459 /* Returns a sanitized copy of the regexp (which might be "", but not
1461 #ifndef DISABLE_REGEX
1463 sanitize_regexp(const char *old)
1465 size_t start=0,len=strlen(old),idx=0;
1466 int escaped=0,standard_bracket=0;
1467 char *new=xmalloc((len*2)+1); /* enough to \-escape everything if we
1470 /* There are basically two commonly-used regexps here. GPG and most
1471 versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
1472 command line uses "example.com" (i.e. whatever the user specfies,
1473 and we can't expect users know to use "\." instead of "."). So
1474 here are the rules: we're allowed to start with "<[^>]+[@.]" and
1475 end with ">$" or start and end with nothing. In between, the
1476 only legal regex character is ".", and everything else gets
1477 escaped. Part of the gotcha here is that some regex packages
1478 allow more than RFC-4880 requires. For example, 4880 has no "{}"
1479 operator, but GNU regex does. Commenting removes these operators
1480 from consideration. A possible future enhancement is to use
1481 commenting to effectively back off a given regex to the Henry
1482 Spencer syntax in 4880. -dshaw */
1484 /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
1485 if(len>=12 && strncmp(old,"<[^>]+[@.]",10)==0
1486 && old[len-2]=='>' && old[len-1]=='$')
1488 strcpy(new,"<[^>]+[@.]");
1495 /* Walk the remaining characters and ensure that everything that is
1496 left is not an operational regex character. */
1497 for(;start<len;start++)
1499 if(!escaped && old[start]=='\\')
1501 else if(!escaped && old[start]!='.')
1506 new[idx++]=old[start];
1511 /* Note that the (sub)string we look at might end with a bare "\".
1512 If it does, leave it that way. If the regexp actually ended with
1513 ">$", then it was escaping the ">" and is fine. If the regexp
1514 actually ended with the bare "\", then it's an illegal regexp and
1515 regcomp should kick it out. */
1517 if(standard_bracket)
1522 #endif /*!DISABLE_REGEX*/
1524 /* Used by validate_one_keyblock to confirm a regexp within a trust
1525 signature. Returns 1 for match, and 0 for no match or regex
1528 check_regexp(const char *expr,const char *string)
1530 #ifdef DISABLE_REGEX
1533 /* When DISABLE_REGEX is defined, assume all regexps do not
1540 regexp=sanitize_regexp(expr);
1543 ret=riscos_check_regexp(expr, string, DBG_TRUST);
1548 ret=regcomp(&pat,regexp,REG_ICASE|REG_NOSUB|REG_EXTENDED);
1551 ret=regexec(&pat,string,0,NULL,0);
1559 log_debug("regexp '%s' ('%s') on '%s': %s\n",
1560 regexp,expr,string,ret==0?"YES":"NO");
1569 * Return true if the key is signed by one of the keys in the given
1570 * key ID list. User IDs with a valid signature are marked by node
1572 * flag bit 0: There is at least one signature
1573 * 1: There is marginal confidence that this is a legitimate uid
1574 * 2: There is full confidence that this is a legitimate uid.
1575 * 8: Used for internal purposes.
1576 * 9: Ditto (in mark_usable_uid_certs())
1578 * This function assumes that all kbnode flags are cleared on entry.
1581 validate_one_keyblock (KBNODE kb, struct key_item *klist,
1582 u32 curtime, u32 *next_expire)
1584 struct key_item *kr;
1585 KBNODE node, uidnode=NULL;
1586 PKT_user_id *uid=NULL;
1587 PKT_public_key *pk = kb->pkt->pkt.public_key;
1589 int issigned=0, any_signed = 0;
1591 keyid_from_pk(pk, main_kid);
1592 for (node=kb; node; node = node->next)
1594 /* A bit of discussion here: is it better for the web of trust
1595 to be built among only self-signed uids? On the one hand, a
1596 self-signed uid is a statement that the key owner definitely
1597 intended that uid to be there, but on the other hand, a
1598 signed (but not self-signed) uid does carry trust, of a sort,
1599 even if it is a statement being made by people other than the
1600 key owner "through" the uids on the key owner's key. I'm
1601 going with the latter. However, if the user ID was
1602 explicitly revoked, or passively allowed to expire, that
1603 should stop validity through the user ID until it is
1606 if (node->pkt->pkttype == PKT_USER_ID
1607 && !node->pkt->pkt.user_id->is_revoked
1608 && !node->pkt->pkt.user_id->is_expired)
1610 if (uidnode && issigned)
1612 if (uid->help_full_count >= opt.completes_needed
1613 || uid->help_marginal_count >= opt.marginals_needed )
1615 else if (uid->help_full_count || uid->help_marginal_count)
1621 uid=uidnode->pkt->pkt.user_id;
1623 /* If the selfsig is going to expire... */
1624 if(uid->expiredate && uid->expiredate<*next_expire)
1625 *next_expire = uid->expiredate;
1628 get_validity_counts(pk,uid);
1629 mark_usable_uid_certs (kb, uidnode, main_kid, klist,
1630 curtime, next_expire);
1632 else if (node->pkt->pkttype == PKT_SIGNATURE
1633 && (node->flag & (1<<8)) && uid)
1635 /* Note that we are only seeing unrevoked sigs here */
1636 PKT_signature *sig = node->pkt->pkt.signature;
1638 kr = is_in_klist (klist, sig);
1639 /* If the trust_regexp does not match, it's as if the sig
1640 did not exist. This is safe for non-trust sigs as well
1641 since we don't accept a regexp on the sig unless it's a
1643 if (kr && (!kr->trust_regexp
1644 || !(opt.trust_model == TM_PGP
1645 || opt.trust_model == TM_TOFU_PGP)
1647 && check_regexp(kr->trust_regexp,
1648 uidnode->pkt->pkt.user_id->name))))
1650 /* Are we part of a trust sig chain? We always favor
1651 the latest trust sig, rather than the greater or
1652 lesser trust sig or value. I could make a decent
1653 argument for any of these cases, but this seems to be
1654 what PGP does, and I'd like to be compatible. -dms */
1655 if ((opt.trust_model == TM_PGP
1656 || opt.trust_model == TM_TOFU_PGP)
1658 && pk->trust_timestamp <= sig->timestamp)
1660 unsigned char depth;
1662 /* If the depth on the signature is less than the
1663 chain currently has, then use the signature depth
1664 so we don't increase the depth beyond what the
1665 signer wanted. If the depth on the signature is
1666 more than the chain currently has, then use the
1667 chain depth so we use as much of the signature
1668 depth as the chain will permit. An ultimately
1669 trusted signature can restart the depth to
1670 whatever level it likes. */
1672 if (sig->trust_depth < kr->trust_depth
1673 || kr->ownertrust == TRUST_ULTIMATE)
1674 depth = sig->trust_depth;
1676 depth = kr->trust_depth;
1681 log_debug ("trust sig on %s, sig depth is %d,"
1682 " kr depth is %d\n",
1683 uidnode->pkt->pkt.user_id->name,
1687 /* If we got here, we know that:
1689 this is a trust sig.
1691 it's a newer trust sig than any previous trust
1692 sig on this key (not uid).
1694 it is legal in that it was either generated by an
1695 ultimate key, or a key that was part of a trust
1696 chain, and the depth does not violate the
1699 if there is a regexp attached, it matched
1704 log_debug ("replacing trust value %d with %d and "
1705 "depth %d with %d\n",
1706 pk->trust_value,sig->trust_value,
1707 pk->trust_depth,depth);
1709 pk->trust_value = sig->trust_value;
1710 pk->trust_depth = depth-1;
1712 /* If the trust sig contains a regexp, record it
1713 on the pk for the next round. */
1714 if (sig->trust_regexp)
1715 pk->trust_regexp = sig->trust_regexp;
1719 if (kr->ownertrust == TRUST_ULTIMATE)
1720 uid->help_full_count = opt.completes_needed;
1721 else if (kr->ownertrust == TRUST_FULLY)
1722 uid->help_full_count++;
1723 else if (kr->ownertrust == TRUST_MARGINAL)
1724 uid->help_marginal_count++;
1730 if (uidnode && issigned)
1732 if (uid->help_full_count >= opt.completes_needed
1733 || uid->help_marginal_count >= opt.marginals_needed )
1735 else if (uid->help_full_count || uid->help_marginal_count)
1746 search_skipfnc (void *opaque, u32 *kid, int dummy_uid_no)
1749 return test_key_hash_table ((KeyHashTable)opaque, kid);
1754 * Scan all keys and return a key_array of all suitable keys from
1755 * kllist. The caller has to pass keydb handle so that we don't use
1756 * to create our own. Returns either a key_array or NULL in case of
1757 * an error. No results found are indicated by an empty array.
1758 * Caller hast to release the returned array.
1760 static struct key_array *
1761 validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
1762 struct key_item *klist, u32 curtime, u32 *next_expire)
1764 KBNODE keyblock = NULL;
1765 struct key_array *keys = NULL;
1766 size_t nkeys, maxkeys;
1768 KEYDB_SEARCH_DESC desc;
1771 keys = xmalloc ((maxkeys+1) * sizeof *keys);
1774 rc = keydb_search_reset (hd);
1777 log_error ("keydb_search_reset failed: %s\n", gpg_strerror (rc));
1782 memset (&desc, 0, sizeof desc);
1783 desc.mode = KEYDB_SEARCH_MODE_FIRST;
1784 desc.skipfnc = search_skipfnc;
1785 desc.skipfncvalue = full_trust;
1786 rc = keydb_search (hd, &desc, 1, NULL);
1787 if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
1789 keys[nkeys].keyblock = NULL;
1794 log_error ("keydb_search(first) failed: %s\n", gpg_strerror (rc));
1798 desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
1803 rc = keydb_get_keyblock (hd, &keyblock);
1806 log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
1810 if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
1812 log_debug ("ooops: invalid pkttype %d encountered\n",
1813 keyblock->pkt->pkttype);
1814 dump_kbnode (keyblock);
1815 release_kbnode(keyblock);
1819 /* prepare the keyblock for further processing */
1820 merge_keys_and_selfsig (keyblock);
1821 clear_kbnode_flags (keyblock);
1822 pk = keyblock->pkt->pkt.public_key;
1823 if (pk->has_expired || pk->flags.revoked)
1825 /* it does not make sense to look further at those keys */
1826 mark_keyblock_seen (full_trust, keyblock);
1828 else if (validate_one_keyblock (keyblock, klist, curtime, next_expire))
1832 if (pk->expiredate && pk->expiredate >= curtime
1833 && pk->expiredate < *next_expire)
1834 *next_expire = pk->expiredate;
1836 if (nkeys == maxkeys) {
1838 keys = xrealloc (keys, (maxkeys+1) * sizeof *keys);
1840 keys[nkeys++].keyblock = keyblock;
1842 /* Optimization - if all uids are fully trusted, then we
1843 never need to consider this key as a candidate again. */
1845 for (node=keyblock; node; node = node->next)
1846 if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 4))
1850 mark_keyblock_seen (full_trust, keyblock);
1855 release_kbnode (keyblock);
1858 while (!(rc = keydb_search (hd, &desc, 1, NULL)));
1860 if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
1862 log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
1866 keys[nkeys].keyblock = NULL;
1870 keys[nkeys].keyblock = NULL;
1871 release_key_array (keys);
1875 /* Caller must sync */
1877 reset_trust_records(void)
1881 int count = 0, nreset = 0;
1883 for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
1885 if(rec.rectype==RECTYPE_TRUST)
1888 if(rec.r.trust.min_ownertrust)
1890 rec.r.trust.min_ownertrust=0;
1895 else if(rec.rectype==RECTYPE_VALID
1896 && ((rec.r.valid.validity&TRUST_MASK)
1897 || rec.r.valid.marginal_count
1898 || rec.r.valid.full_count))
1900 rec.r.valid.validity &= ~TRUST_MASK;
1901 rec.r.valid.marginal_count=rec.r.valid.full_count=0;
1910 log_info (ngettext("%d key processed",
1911 "%d keys processed",
1913 log_printf (ngettext(" (%d validity count cleared)\n",
1914 " (%d validity counts cleared)\n",
1920 * Run the key validation procedure.
1922 * This works this way:
1923 * Step 1: Find all ultimately trusted keys (UTK).
1924 * mark them all as seen and put them into klist.
1925 * Step 2: loop max_cert_times
1926 * Step 3: if OWNERTRUST of any key in klist is undefined
1927 * ask user to assign ownertrust
1928 * Step 4: Loop over all keys in the keyDB which are not marked seen
1929 * Step 5: if key is revoked or expired
1931 * continue loop at Step 4
1932 * Step 6: For each user ID of that key signed by a key in klist
1933 * Calculate validity by counting trusted signatures.
1934 * Set validity of user ID
1935 * Step 7: If any signed user ID was found
1938 * Step 8: Build a new klist from all fully trusted keys from step 6
1944 validate_keys (ctrl_t ctrl, int interactive)
1948 struct key_item *klist = NULL;
1950 struct key_array *keys = NULL;
1951 struct key_array *kar;
1952 KEYDB_HANDLE kdb = NULL;
1955 int ot_unknown, ot_undefined, ot_never, ot_marginal, ot_full, ot_ultimate;
1956 KeyHashTable stored,used,full_trust;
1957 u32 start_time, next_expire;
1959 /* Make sure we have all sigs cached. TODO: This is going to
1960 require some architectural re-thinking, as it is agonizingly slow.
1961 Perhaps combine this with reset_trust_records(), or only check
1962 the caches on keys that are actually involved in the web of
1964 keydb_rebuild_caches(0);
1968 return gpg_error_from_syserror ();
1970 start_time = make_timestamp ();
1971 next_expire = 0xffffffff; /* set next expire to the year 2106 */
1972 stored = new_key_hash_table ();
1973 used = new_key_hash_table ();
1974 full_trust = new_key_hash_table ();
1976 reset_trust_records();
1978 /* Fixme: Instead of always building a UTK list, we could just build it
1979 * here when needed */
1983 log_info (_("no ultimately trusted keys found\n"));
1987 /* mark all UTKs as used and fully_trusted and set validity to
1989 for (k=utk_list; k; k = k->next)
1994 keyblock = get_pubkeyblock (k->kid);
1997 log_error (_("public key of ultimately"
1998 " trusted key %s not found\n"), keystr(k->kid));
2001 mark_keyblock_seen (used, keyblock);
2002 mark_keyblock_seen (stored, keyblock);
2003 mark_keyblock_seen (full_trust, keyblock);
2004 pk = keyblock->pkt->pkt.public_key;
2005 for (node=keyblock; node; node = node->next)
2007 if (node->pkt->pkttype == PKT_USER_ID)
2008 update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE);
2010 if ( pk->expiredate && pk->expiredate >= start_time
2011 && pk->expiredate < next_expire)
2012 next_expire = pk->expiredate;
2014 release_kbnode (keyblock);
2018 if (opt.trust_model == TM_TOFU)
2019 /* In the TOFU trust model, we only need to save the ultimately
2026 log_info ("marginals needed: %d completes needed: %d trust model: %s\n",
2027 opt.marginals_needed, opt.completes_needed,
2028 trust_model_string (opt.trust_model));
2030 for (depth=0; depth < opt.max_cert_depth; depth++)
2032 int valids=0,key_count;
2033 /* See whether we should assign ownertrust values to the keys in
2035 ot_unknown = ot_undefined = ot_never = 0;
2036 ot_marginal = ot_full = ot_ultimate = 0;
2037 for (k=klist; k; k = k->next)
2041 /* 120 and 60 are as per RFC2440 */
2042 if(k->trust_value>=120)
2044 else if(k->trust_value>=60)
2047 if(min!=k->min_ownertrust)
2048 update_min_ownertrust(k->kid,min);
2050 if (interactive && k->ownertrust == TRUST_UNKNOWN)
2052 k->ownertrust = ask_ownertrust (ctrl, k->kid,min);
2054 if (k->ownertrust == (unsigned int)(-1))
2061 /* This can happen during transition from an old trustdb
2062 before trust sigs. It can also happen if a user uses two
2063 different versions of GnuPG or changes the --trust-model
2065 if(k->ownertrust<min)
2068 log_debug("key %08lX%08lX:"
2069 " overriding ownertrust '%s' with '%s'\n",
2070 (ulong)k->kid[0],(ulong)k->kid[1],
2071 trust_value_to_string(k->ownertrust),
2072 trust_value_to_string(min));
2077 if (k->ownertrust == TRUST_UNKNOWN)
2079 else if (k->ownertrust == TRUST_UNDEFINED)
2081 else if (k->ownertrust == TRUST_NEVER)
2083 else if (k->ownertrust == TRUST_MARGINAL)
2085 else if (k->ownertrust == TRUST_FULLY)
2087 else if (k->ownertrust == TRUST_ULTIMATE)
2093 /* Find all keys which are signed by a key in kdlist */
2094 keys = validate_key_list (kdb, full_trust, klist,
2095 start_time, &next_expire);
2098 log_error ("validate_key_list failed\n");
2099 rc = GPG_ERR_GENERAL;
2103 for (key_count=0, kar=keys; kar->keyblock; kar++, key_count++)
2106 /* Store the calculated valididation status somewhere */
2107 if (opt.verbose > 1 && DBG_TRUST)
2108 dump_key_array (depth, keys);
2110 for (kar=keys; kar->keyblock; kar++)
2111 store_validation_status (depth, kar->keyblock, stored);
2114 log_info (_("depth: %d valid: %3d signed: %3d"
2115 " trust: %d-, %dq, %dn, %dm, %df, %du\n"),
2116 depth, valids, key_count, ot_unknown, ot_undefined,
2117 ot_never, ot_marginal, ot_full, ot_ultimate );
2119 /* Build a new kdlist from all fully valid keys in KEYS */
2120 if (klist != utk_list)
2121 release_key_items (klist);
2123 for (kar=keys; kar->keyblock; kar++)
2125 for (node=kar->keyblock; node; node = node->next)
2127 if (node->pkt->pkttype == PKT_USER_ID && (node->flag & 4))
2131 /* have we used this key already? */
2132 keyid_from_pk (kar->keyblock->pkt->pkt.public_key, kid);
2133 if(test_key_hash_table(used,kid)==0)
2135 /* Normally we add both the primary and subkey
2136 ids to the hash via mark_keyblock_seen, but
2137 since we aren't using this hash as a skipfnc,
2138 that doesn't matter here. */
2139 add_key_hash_table (used,kid);
2140 k = new_key_item ();
2145 (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
2146 k->min_ownertrust = tdb_get_min_ownertrust
2147 (kar->keyblock->pkt->pkt.public_key);
2149 kar->keyblock->pkt->pkt.public_key->trust_depth;
2151 kar->keyblock->pkt->pkt.public_key->trust_value;
2152 if(kar->keyblock->pkt->pkt.public_key->trust_regexp)
2154 xstrdup(kar->keyblock->pkt->
2155 pkt.public_key->trust_regexp);
2163 release_key_array (keys);
2166 break; /* no need to dive in deeper */
2170 keydb_release (kdb);
2171 release_key_array (keys);
2172 if (klist != utk_list)
2173 release_key_items (klist);
2174 release_key_hash_table (full_trust);
2175 release_key_hash_table (used);
2176 release_key_hash_table (stored);
2177 if (!rc && !quit) /* mark trustDB as checked */
2181 if (next_expire == 0xffffffff || next_expire < start_time )
2182 tdbio_write_nextcheck (0);
2185 tdbio_write_nextcheck (next_expire);
2187 log_info (_("next trustdb check due at %s\n"),
2188 strtimestamp (next_expire));
2191 rc2 = tdbio_update_version_record ();
2194 log_error (_("unable to update trustdb version record: "
2195 "write failed: %s\n"), gpg_strerror (rc2));
2200 pending_check_trustdb = 0;