1 /* trust.c - High level trust functions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2012 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
38 /* Return true if key is disabled. Note that this is usually used via
39 the pk_is_disabled macro. */
41 cache_disabled_value (PKT_public_key *pk)
43 #ifdef NO_TRUST_MODELS
47 return tdb_cache_disabled_value (pk);
53 register_trusted_keyid (u32 *keyid)
55 #ifdef NO_TRUST_MODELS
58 tdb_register_trusted_keyid (keyid);
64 register_trusted_key (const char *string)
66 #ifdef NO_TRUST_MODELS
69 tdb_register_trusted_key (string);
76 * This function returns a letter for a trust value. Trust flags
80 trust_letter (unsigned int value)
82 switch( (value & TRUST_MASK) )
84 case TRUST_UNKNOWN: return '-';
85 case TRUST_EXPIRED: return 'e';
86 case TRUST_UNDEFINED: return 'q';
87 case TRUST_NEVER: return 'n';
88 case TRUST_MARGINAL: return 'm';
89 case TRUST_FULLY: return 'f';
90 case TRUST_ULTIMATE: return 'u';
96 /* The strings here are similar to those in
97 pkclist.c:do_edit_ownertrust() */
99 trust_value_to_string (unsigned int value)
101 switch ((value & TRUST_MASK))
103 case TRUST_UNKNOWN: return _("unknown");
104 case TRUST_EXPIRED: return _("expired");
105 case TRUST_UNDEFINED: return _("undefined");
106 case TRUST_NEVER: return _("never");
107 case TRUST_MARGINAL: return _("marginal");
108 case TRUST_FULLY: return _("full");
109 case TRUST_ULTIMATE: return _("ultimate");
110 default: return "err";
116 string_to_trust_value (const char *str)
118 if (!ascii_strcasecmp (str, "undefined"))
119 return TRUST_UNDEFINED;
120 else if (!ascii_strcasecmp (str, "never"))
122 else if (!ascii_strcasecmp (str, "marginal"))
123 return TRUST_MARGINAL;
124 else if (!ascii_strcasecmp (str, "full"))
126 else if (!ascii_strcasecmp(str, "ultimate"))
127 return TRUST_ULTIMATE;
134 uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
138 /* TRANSLATORS: these strings are similar to those in
139 trust_value_to_string(), but are a fixed length. This is needed to
140 make attractive information listings where columns line up
141 properly. The value "10" should be the length of the strings you
142 choose to translate to. This is the length in printable columns.
143 It gets passed to atoi() so everything after the number is
144 essentially a comment and need not be translated. Either key and
145 uid are both NULL, or neither are NULL. */
146 return _("10 translator see trust.c:uid_trust_string_fixed");
148 else if(uid->is_revoked || (key && key->flags.revoked))
149 return _("[ revoked]");
150 else if(uid->is_expired)
151 return _("[ expired]");
154 switch (get_validity (ctrl, NULL, key, uid, NULL, 0) & TRUST_MASK)
156 case TRUST_UNKNOWN: return _("[ unknown]");
157 case TRUST_EXPIRED: return _("[ expired]");
158 case TRUST_UNDEFINED: return _("[ undef ]");
159 case TRUST_NEVER: return _("[ never ]");
160 case TRUST_MARGINAL: return _("[marginal]");
161 case TRUST_FULLY: return _("[ full ]");
162 case TRUST_ULTIMATE: return _("[ultimate]");
172 * Return the assigned ownertrust value for the given public key.
173 * The key should be the primary key.
176 get_ownertrust (PKT_public_key *pk)
178 #ifdef NO_TRUST_MODELS
180 return TRUST_UNKNOWN;
182 return tdb_get_ownertrust (pk);
188 * Same as get_ownertrust but this takes the minimum ownertrust value
189 * into into account, and will bump up the value as needed.
192 get_ownertrust_with_min (PKT_public_key *pk)
194 #ifdef NO_TRUST_MODELS
196 return TRUST_UNKNOWN;
198 unsigned int otrust, otrust_min;
200 otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
201 otrust_min = tdb_get_min_ownertrust (pk);
202 if (otrust < otrust_min)
204 /* If the trust that the user has set is less than the trust
205 that was calculated from a trust signature chain, use the
206 higher of the two. We do this here and not in
207 get_ownertrust since the underlying ownertrust should not
208 really be set - just the appearance of the ownertrust. */
219 * Same as get_ownertrust but return a trust letter instead of an
220 * value. This takes the minimum ownertrust value into account.
223 get_ownertrust_info (PKT_public_key *pk)
225 return trust_letter (get_ownertrust_with_min (pk));
230 * Same as get_ownertrust but return a trust string instead of an
231 * value. This takes the minimum ownertrust value into account.
234 get_ownertrust_string (PKT_public_key *pk)
236 return trust_value_to_string (get_ownertrust_with_min (pk));
241 * Set the trust value of the given public key to the new value.
242 * The key should be a primary one.
245 update_ownertrust (PKT_public_key *pk, unsigned int new_trust)
247 #ifdef NO_TRUST_MODELS
251 tdb_update_ownertrust (pk, new_trust);
257 clear_ownertrusts (PKT_public_key *pk)
259 #ifdef NO_TRUST_MODELS
263 return tdb_clear_ownertrusts (pk);
269 revalidation_mark (void)
271 #ifndef NO_TRUST_MODELS
272 tdb_revalidation_mark ();
278 check_trustdb_stale (ctrl_t ctrl)
280 #ifndef NO_TRUST_MODELS
281 tdb_check_trustdb_stale (ctrl);
289 check_or_update_trustdb (ctrl_t ctrl)
291 #ifndef NO_TRUST_MODELS
292 tdb_check_or_update (ctrl);
300 * Return the validity information for KB/PK (at least one must be
301 * non-NULL). If the namehash is not NULL, the validity of the
302 * corresponding user ID is returned, otherwise, a reasonable value
303 * for the entire key is returned.
306 get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
307 PKT_signature *sig, int may_ask)
310 unsigned int validity;
312 PKT_public_key *main_pk;
315 log_assert (keyid_cmp (pk_main_keyid (pk),
316 pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
321 pk = kb->pkt->pkt.public_key;
325 namehash_from_uid (uid);
327 keyid_from_pk (pk, kid);
328 if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
330 /* This is a subkey - get the mainkey. */
332 main_pk = kb->pkt->pkt.public_key;
335 main_pk = xmalloc_clear (sizeof *main_pk);
336 rc = get_pubkey (main_pk, pk->main_keyid);
339 char *tempkeystr = xstrdup (keystr (pk->main_keyid));
340 log_error ("error getting main key %s of subkey %s: %s\n",
341 tempkeystr, keystr (kid), gpg_strerror (rc));
343 validity = TRUST_UNKNOWN;
351 #ifdef NO_TRUST_MODELS
352 validity = TRUST_UNKNOWN;
354 validity = tdb_get_validity_core (ctrl, kb, pk, uid, main_pk, sig, may_ask);
358 /* Set some flags direct from the key */
359 if (main_pk->flags.revoked)
360 validity |= TRUST_FLAG_REVOKED;
361 if (main_pk != pk && pk->flags.revoked)
362 validity |= TRUST_FLAG_SUB_REVOKED;
363 /* Note: expiration is a trust value and not a flag - don't know why
364 * I initially designed it that way. */
365 if (main_pk->has_expired || pk->has_expired)
366 validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
369 if (main_pk != pk && !kb)
370 free_public_key (main_pk);
376 get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
382 log_assert (keyid_cmp (pk_main_keyid (pk),
383 pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
386 pk = kb->pkt->pkt.public_key;
388 return '?'; /* Just in case a NULL PK is passed. */
390 trustlevel = get_validity (ctrl, kb, pk, uid, NULL, 0);
391 if ((trustlevel & TRUST_FLAG_REVOKED))
393 return trust_letter (trustlevel);
398 get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
403 return "err"; /* Just in case a NULL PK is passed. */
405 trustlevel = get_validity (ctrl, NULL, pk, uid, NULL, 0);
406 if ((trustlevel & TRUST_FLAG_REVOKED))
408 return trust_value_to_string (trustlevel);
414 * Mark the signature of the given UID which are used to certify it.
415 * To do this, we first revmove all signatures which are not valid and
416 * from the remain ones we look for the latest one. If this is not a
417 * certification revocation signature we mark the signature by setting
418 * node flag bit 8. Revocations are marked with flag 11, and sigs
419 * from unavailable keys are marked with flag 12. Note that flag bits
420 * 9 and 10 are used for internal purposes.
423 mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
424 u32 *main_kid, struct key_item *klist,
425 u32 curtime, u32 *next_expire)
430 /* First check all signatures. */
431 for (node=uidnode->next; node; node = node->next)
435 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
436 if (node->pkt->pkttype == PKT_USER_ID
437 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
439 if (node->pkt->pkttype != PKT_SIGNATURE)
441 sig = node->pkt->pkt.signature;
443 && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1])
444 continue; /* ignore self-signatures if we pass in a main_kid */
445 if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
446 continue; /* we only look at these signature classes */
447 if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
448 sig->sig_class-0x10<opt.min_cert_level)
449 continue; /* treat anything under our min_cert_level as an
451 if (klist && !is_in_klist (klist, sig))
452 continue; /* no need to check it then */
453 if ((rc=check_key_signature (keyblock, node, NULL)))
455 /* we ignore anything that won't verify, but tag the
457 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
463 /* Reset the remaining flags. */
464 for (; node; node = node->next)
465 node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
467 /* kbnode flag usage: bit 9 is here set for signatures to consider,
468 * bit 10 will be set by the loop to keep track of keyIDs already
469 * processed, bit 8 will be set for the usable signatures, and bit
470 * 11 will be set for usable revocations. */
472 /* For each cert figure out the latest valid one. */
473 for (node=uidnode->next; node; node = node->next)
479 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
481 if ( !(node->flag & (1<<9)) )
482 continue; /* not a node to look at */
483 if ( (node->flag & (1<<10)) )
484 continue; /* signature with a keyID already processed */
485 node->flag |= (1<<10); /* mark this node as processed */
486 sig = node->pkt->pkt.signature;
488 sigdate = sig->timestamp;
489 kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1];
491 /* Now find the latest and greatest signature */
492 for (n=uidnode->next; n; n = n->next)
494 if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
496 if ( !(n->flag & (1<<9)) )
498 if ( (n->flag & (1<<10)) )
499 continue; /* shortcut already processed signatures */
500 sig = n->pkt->pkt.signature;
501 if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
503 n->flag |= (1<<10); /* mark this node as processed */
505 /* If signode is nonrevocable and unexpired and n isn't,
506 then take signode (skip). It doesn't matter which is
507 older: if signode was older then we don't want to take n
508 as signode is nonrevocable. If n was older then we're
509 automatically fine. */
511 if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
512 !signode->pkt->pkt.signature->flags.revocable &&
513 (signode->pkt->pkt.signature->expiredate==0 ||
514 signode->pkt->pkt.signature->expiredate>curtime))) &&
515 (!(IS_UID_SIG(n->pkt->pkt.signature) &&
516 !n->pkt->pkt.signature->flags.revocable &&
517 (n->pkt->pkt.signature->expiredate==0 ||
518 n->pkt->pkt.signature->expiredate>curtime))))
521 /* If n is nonrevocable and unexpired and signode isn't,
522 then take n. Again, it doesn't matter which is older: if
523 n was older then we don't want to take signode as n is
524 nonrevocable. If signode was older then we're
525 automatically fine. */
527 if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
528 !signode->pkt->pkt.signature->flags.revocable &&
529 (signode->pkt->pkt.signature->expiredate==0 ||
530 signode->pkt->pkt.signature->expiredate>curtime))) &&
531 ((IS_UID_SIG(n->pkt->pkt.signature) &&
532 !n->pkt->pkt.signature->flags.revocable &&
533 (n->pkt->pkt.signature->expiredate==0 ||
534 n->pkt->pkt.signature->expiredate>curtime))))
537 sigdate = sig->timestamp;
541 /* At this point, if it's newer, it goes in as the only
542 remaining possibilities are signode and n are both either
543 revocable or expired or both nonrevocable and unexpired.
544 If the timestamps are equal take the later ordered
545 packet, presuming that the key packets are hopefully in
546 their original order. */
548 if (sig->timestamp >= sigdate)
551 sigdate = sig->timestamp;
555 sig = signode->pkt->pkt.signature;
556 if (IS_UID_SIG (sig))
557 { /* this seems to be a usable one which is not revoked.
558 * Just need to check whether there is an expiration time,
559 * We do the expired certification after finding a suitable
560 * certification, the assumption is that a signator does not
561 * want that after the expiration of his certificate the
562 * system falls back to an older certification which has a
563 * different expiration time */
567 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
568 expire = p? sig->timestamp + buf32_to_u32(p) : 0;
570 if (expire==0 || expire > curtime )
572 signode->flag |= (1<<8); /* yeah, found a good cert */
573 if (next_expire && expire && expire < *next_expire)
574 *next_expire = expire;
578 signode->flag |= (1<<11);
584 clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
585 int noisy, int self_only)
591 log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
593 keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
595 /* Passing in a 0 for current time here means that we'll never weed
596 out an expired sig. This is correct behavior since we want to
597 keep the most recent expired sig in a series. */
598 mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL);
600 /* What we want to do here is remove signatures that are not
601 considered as part of the trust calculations. Thus, all invalid
602 signatures are out, as are any signatures that aren't the last of
603 a series of uid sigs or revocations It breaks down like this:
604 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
605 not even a candidate. If a sig has flag 9 or 10, that means it
606 was selected as a candidate and vetted. If a sig has flag 8 it
607 is a usable signature. If a sig has flag 11 it is a usable
608 revocation. If a sig has flag 12 it was issued by an unavailable
609 key. "Usable" here means the most recent valid
610 signature/revocation in a series from a particular signer.
612 Delete everything that isn't a usable uid sig (which might be
613 expired), a usable revocation, or a sig from an unavailable
616 for (node=uidnode->next;
617 node && node->pkt->pkttype==PKT_SIGNATURE;
622 keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0]
623 && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
625 /* Keep usable uid sigs ... */
626 if ((node->flag & (1<<8)) && keep)
629 /* ... and usable revocations... */
630 if ((node->flag & (1<<11)) && keep)
633 /* ... and sigs from unavailable keys. */
634 /* disabled for now since more people seem to want sigs from
635 unavailable keys removed altogether. */
637 if(node->flag & (1<<12))
641 /* Everything else we delete */
643 /* At this point, if 12 is set, the signing key was unavailable.
644 If 9 or 10 is set, it's superseded. Otherwise, it's
648 log_info ("removing signature from key %s on user ID \"%s\": %s\n",
649 keystr (node->pkt->pkt.signature->keyid),
650 uidnode->pkt->pkt.user_id->name,
651 node->flag&(1<<12)? "key unavailable":
652 node->flag&(1<<9)? "signature superseded"
653 /* */ :"invalid signature" );
655 delete_kbnode (node);
663 /* This is substantially easier than clean_sigs_from_uid since we just
664 have to establish if the uid has a valid self-sig, is not revoked,
665 and is not expired. Note that this does not take into account
666 whether the uid has a trust path to it - just whether the keyholder
667 themselves has certified the uid. Returns true if the uid was
668 compacted. To "compact" a user ID, we simply remove ALL signatures
669 except the self-sig that caused the user ID to be remove-worthy.
670 We don't actually remove the user ID packet itself since it might
671 be resurrected in a later merge. Note that this function requires
672 that the caller has already done a merge_keys_and_selfsig().
674 TODO: change the import code to allow importing a uid with only a
675 revocation if the uid already exists on the keyring. */
678 clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
681 PKT_user_id *uid = uidnode->pkt->pkt.user_id;
684 log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
685 log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
687 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
688 IDs if --allow-non-selfsigned-uid is set. */
690 || uid->flags.compacted
691 || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid))
694 for (node=uidnode->next;
695 node && node->pkt->pkttype == PKT_SIGNATURE;
698 if (!node->pkt->pkt.signature->flags.chosen_selfsig)
700 delete_kbnode (node);
702 uidnode->pkt->pkt.user_id->flags.compacted = 1;
709 char *user = utf8_to_native (uid->name, uid->len, 0);
712 reason = _("revoked");
713 else if (uid->is_expired)
714 reason = _("expired");
716 reason = _("invalid");
718 log_info ("compacting user ID \"%s\" on key %s: %s\n",
719 user, keystr_from_pk (keyblock->pkt->pkt.public_key),
729 /* Needs to be called after a merge_keys_and_selfsig() */
731 clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
732 int *uids_cleaned, int *sigs_cleaned)
736 log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
737 log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
740 uids_cleaned = &dummy;
743 sigs_cleaned = &dummy;
745 /* Do clean_uid_from_key first since if it fires off, we don't have
746 to bother with the other. */
747 *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
748 if (!uidnode->pkt->pkt.user_id->flags.compacted)
749 *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only);
754 clean_key (kbnode_t keyblock, int noisy, int self_only,
755 int *uids_cleaned, int *sigs_cleaned)
759 merge_keys_and_selfsig (keyblock);
761 for (uidnode = keyblock->next;
762 uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
763 uidnode = uidnode->next)
765 if (uidnode->pkt->pkttype == PKT_USER_ID)
766 clean_one_uid (keyblock, uidnode,noisy, self_only,
767 uids_cleaned, sigs_cleaned);