g10/skclist.c

   1 /* skclist.c - Build a list of secret keys
   2  * Copyright (C) 1998, 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
   3  *
   4  * This file is part of GnuPG.
   5  *
   6  * GnuPG is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GnuPG is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include <config.h>
  21 #include <stdio.h>
  22 #include <stdlib.h>
  23 #include <string.h>
  24 #include <errno.h>
  25 #include <assert.h>
  26
  27 #include "gpg.h"
  28 #include "options.h"
  29 #include "packet.h"
  30 #include "status.h"
  31 #include "keydb.h"
  32 #include "util.h"
  33 #include "i18n.h"
  34 #include "cipher.h"
  35
  36 #ifndef GCRYCTL_FAKED_RANDOM_P
  37 #define GCRYCTL_FAKED_RANDOM_P 51
  38 #endif
  39
  40 /* Return true if Libgcrypt's RNG is in faked mode.  */
  41 int
  42 random_is_faked (void)
  43 {
  44   return !!gcry_control ( GCRYCTL_FAKED_RANDOM_P, 0);
  45 }
  46
  47
  48
  49 void
  50 release_sk_list( SK_LIST sk_list )
  51 {
  52     SK_LIST sk_rover;
  53
  54     for( ; sk_list; sk_list = sk_rover ) {
  55         sk_rover = sk_list->next;
  56         free_secret_key( sk_list->sk );
  57         xfree( sk_list );
  58     }
  59 }
  60
  61
  62 /* Check that we are only using keys which don't have
  63  * the string "(insecure!)" or "not secure" or "do not use"
  64  * in one of the user ids
  65  */
  66 static int
  67 is_insecure( PKT_secret_key *sk )
  68 {
  69     u32 keyid[2];
  70     KBNODE node = NULL, u;
  71     int insecure = 0;
  72
  73     keyid_from_sk( sk, keyid );
  74     node = get_pubkeyblock( keyid );
  75     for ( u = node; u; u = u->next ) {
  76         if ( u->pkt->pkttype == PKT_USER_ID ) {
  77             PKT_user_id *id = u->pkt->pkt.user_id;
  78             if ( id->attrib_data )
  79                 continue; /* skip attribute packets */
  80             if ( strstr( id->name, "(insecure!)" )
  81                  || strstr( id->name, "not secure" )
  82                  || strstr( id->name, "do not use" )
  83                  || strstr( id->name, "(INSECURE!)" ) ) {
  84                 insecure = 1;
  85                 break;
  86             }
  87         }
  88     }
  89     release_kbnode( node );
  90
  91     return insecure;
  92 }
  93
  94 static int
  95 key_present_in_sk_list(SK_LIST sk_list, PKT_secret_key *sk)
  96 {
  97     for (; sk_list; sk_list = sk_list->next) {
  98         if ( !cmp_secret_keys(sk_list->sk, sk) )
  99             return 0;
 100     }
 101     return -1;
 102 }
 103
 104 static int
 105 is_duplicated_entry (strlist_t list, strlist_t item)
 106 {
 107     for(; list && list != item; list = list->next) {
 108         if ( !strcmp (list->d, item->d) )
 109             return 1;
 110     }
 111     return 0;
 112 }
 113
 114
 115 int
 116 build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 117                int unlock, unsigned int use )
 118 {
 119     SK_LIST sk_list = NULL;
 120     int rc;
 121
 122     if( !locusr )
 123       { /* use the default one */
 124         PKT_secret_key *sk;
 125
 126         sk = xmalloc_clear( sizeof *sk );
 127         sk->req_usage = use;
 128         if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
 129           free_secret_key( sk ); sk = NULL;
 130           log_error("no default secret key: %s\n", g10_errstr(rc) );
 131         }
 132         else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) )
 133           {
 134             SK_LIST r;
 135
 136             if( random_is_faked() && !is_insecure( sk ) )
 137               {
 138                 log_info(_("key is not flagged as insecure - "
 139                            "can't use it with the faked RNG!\n"));
 140                 free_secret_key( sk ); sk = NULL;
 141               }
 142             else
 143               {
 144                 r = xmalloc( sizeof *r );
 145                 r->sk = sk; sk = NULL;
 146                 r->next = sk_list;
 147                 r->mark = 0;
 148                 sk_list = r;
 149               }
 150           }
 151         else
 152           {
 153             free_secret_key( sk ); sk = NULL;
 154             log_error("invalid default secret key: %s\n", g10_errstr(rc) );
 155           }
 156       }
 157     else {
 158         strlist_t locusr_orig = locusr;
 159         for(; locusr; locusr = locusr->next ) {
 160             PKT_secret_key *sk;
 161
 162             rc = 0;
 163             /* Do an early check agains duplicated entries.  However this
 164              * won't catch all duplicates because the user IDs may be
 165              * specified in different ways.
 166              */
 167             if ( is_duplicated_entry ( locusr_orig, locusr ) )
 168               {
 169                 log_info (_("skipped \"%s\": duplicated\n"), locusr->d );
 170                 continue;
 171               }
 172             sk = xmalloc_clear( sizeof *sk );
 173             sk->req_usage = use;
 174             if( (rc = get_seckey_byname( sk, locusr->d, 0 )) )
 175               {
 176                 free_secret_key( sk ); sk = NULL;
 177                 log_error(_("skipped \"%s\": %s\n"),
 178                           locusr->d, g10_errstr(rc) );
 179               }
 180             else if ( key_present_in_sk_list(sk_list, sk) == 0) {
 181                 free_secret_key(sk); sk = NULL;
 182                 log_info(_("skipped: secret key already present\n"));
 183             }
 184             else if ( unlock && (rc = check_secret_key( sk, 0 )) )
 185               {
 186                 free_secret_key( sk ); sk = NULL;
 187                 log_error(_("skipped \"%s\": %s\n"),
 188                           locusr->d, g10_errstr(rc) );
 189               }
 190             else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) ) {
 191                 SK_LIST r;
 192
 193                 if( sk->version == 4 && (use & PUBKEY_USAGE_SIG)
 194                     && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E )
 195                   {
 196                     log_info(_("skipped \"%s\": %s\n"),locusr->d,
 197                              _("this is a PGP generated Elgamal key which"
 198                                " is not secure for signatures!"));
 199                     free_secret_key( sk ); sk = NULL;
 200                   }
 201                 else if( random_is_faked() && !is_insecure( sk ) ) {
 202                     log_info(_("key is not flagged as insecure - "
 203                                "can't use it with the faked RNG!\n"));
 204                     free_secret_key( sk ); sk = NULL;
 205                 }
 206                 else {
 207                     r = xmalloc( sizeof *r );
 208                     r->sk = sk; sk = NULL;
 209                     r->next = sk_list;
 210                     r->mark = 0;
 211                     sk_list = r;
 212                 }
 213             }
 214             else {
 215                 free_secret_key( sk ); sk = NULL;
 216                 log_error("skipped \"%s\": %s\n", locusr->d, g10_errstr(rc) );
 217             }
 218         }
 219     }
 220
 221
 222     if( !rc && !sk_list ) {
 223         log_error("no valid signators\n");
 224         rc = G10ERR_NO_USER_ID;
 225     }
 226
 227     if( rc )
 228         release_sk_list( sk_list );
 229     else
 230         *ret_sk_list = sk_list;
 231     return rc;
 232 }
 233