search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix for bug 797.
[gnupg.git] / g10 / revoke.c
blob4d7b8c366289849d72e5d699ba571e8ba5dadc79
1 /* revoke.c
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
3 * 2004 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
20 * USA.
21 */
22
23 #include <config.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <errno.h>
28 #include <assert.h>
29 #include <ctype.h>
30
31 #include "gpg.h"
32 #include "options.h"
33 #include "packet.h"
34 #include "errors.h"
35 #include "keydb.h"
36 #include "util.h"
37 #include "main.h"
38 #include "ttyio.h"
39 #include "status.h"
40 #include "i18n.h"
41
42
43 struct revocation_reason_info {
44 int code;
45 char *desc;
46 };
47
48
49 int
50 revocation_reason_build_cb( PKT_signature *sig, void *opaque )
51 {
52 struct revocation_reason_info *reason = opaque;
53 char *ud = NULL;
54 byte *buffer;
55 size_t buflen = 1;
56
57 if(!reason)
58 return 0;
59
60 if( reason->desc ) {
61 ud = native_to_utf8( reason->desc );
62 buflen += strlen(ud);
63 }
64 buffer = xmalloc( buflen );
65 *buffer = reason->code;
66 if( ud ) {
67 memcpy(buffer+1, ud, strlen(ud) );
68 xfree( ud );
69 }
70
71 build_sig_subpkt( sig, SIGSUBPKT_REVOC_REASON, buffer, buflen );
72 xfree( buffer );
73 return 0;
74 }
75
76 /* Outputs a minimal pk (as defined by 2440) from a keyblock. A
77 minimal pk consists of the public key packet and a user ID. We try
78 and pick a user ID that has a uid signature, and include it if
79 possible. */
80 static int
81 export_minimal_pk(IOBUF out,KBNODE keyblock,
82 PKT_signature *revsig,PKT_signature *revkey)
83 {
84 KBNODE node;
85 PACKET pkt;
86 PKT_user_id *uid=NULL;
87 PKT_signature *selfsig=NULL;
88 u32 keyid[2];
89 int rc;
90
91 node=find_kbnode(keyblock,PKT_PUBLIC_KEY);
92 if(!node)
93 {
94 log_error("key incomplete\n");
95 return G10ERR_GENERAL;
96 }
97
98 keyid_from_pk(node->pkt->pkt.public_key,keyid);
99
100 pkt=*node->pkt;
101 rc=build_packet(out,&pkt);
102 if(rc)
103 {
104 log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
105 return rc;
106 }
107
108 init_packet(&pkt);
109 pkt.pkttype=PKT_SIGNATURE;
110
111 /* the revocation itself, if any. 2440 likes this to come first. */
112 if(revsig)
113 {
114 pkt.pkt.signature=revsig;
115 rc=build_packet(out,&pkt);
116 if(rc)
117 {
118 log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
119 return rc;
120 }
121 }
122
123 /* If a revkey in a 1F sig is present, include it too */
124 if(revkey)
125 {
126 pkt.pkt.signature=revkey;
127 rc=build_packet(out,&pkt);
128 if(rc)
129 {
130 log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
131 return rc;
132 }
133 }
134
135 while(!selfsig)
136 {
137 KBNODE signode;
138
139 node=find_next_kbnode(node,PKT_USER_ID);
140 if(!node)
141 {
142 /* We're out of user IDs - none were self-signed. */
143 if(uid)
144 break;
145 else
146 {
147 log_error(_("key %s has no user IDs\n"),keystr(keyid));
148 return G10ERR_GENERAL;
149 }
150 }
151
152 if(node->pkt->pkt.user_id->attrib_data)
153 continue;
154
155 uid=node->pkt->pkt.user_id;
156 signode=node;
157
158 while((signode=find_next_kbnode(signode,PKT_SIGNATURE)))
159 {
160 if(keyid[0]==signode->pkt->pkt.signature->keyid[0] &&
161 keyid[1]==signode->pkt->pkt.signature->keyid[1] &&
162 IS_UID_SIG(signode->pkt->pkt.signature))
163 {
164 selfsig=signode->pkt->pkt.signature;
165 break;
166 }
167 }
168 }
169
170 pkt.pkttype=PKT_USER_ID;
171 pkt.pkt.user_id=uid;
172
173 rc=build_packet(out,&pkt);
174 if(rc)
175 {
176 log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
177 return rc;
178 }
179
180 if(selfsig)
181 {
182 pkt.pkttype=PKT_SIGNATURE;
183 pkt.pkt.signature=selfsig;
184
185 rc=build_packet(out,&pkt);
186 if(rc)
187 {
188 log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
189 return rc;
190 }
191 }
192
193 return 0;
194 }
195
196 /****************
197 * Generate a revocation certificate for UNAME via a designated revoker
198 */
199 int
200 gen_desig_revoke( const char *uname, strlist_t locusr )
201 {
202 int rc = 0;
203 armor_filter_context_t *afx;
204 PKT_public_key *pk = NULL;
205 PKT_secret_key *sk = NULL;
206 PKT_signature *sig = NULL;
207 IOBUF out = NULL;
208 struct revocation_reason_info *reason = NULL;
209 KEYDB_HANDLE kdbhd;
210 KEYDB_SEARCH_DESC desc;
211 KBNODE keyblock=NULL,node;
212 u32 keyid[2];
213 int i,any=0;
214 SK_LIST sk_list=NULL;
215
216 if( opt.batch )
217 {
218 log_error(_("can't do this in batch mode\n"));
219 return G10ERR_GENERAL;
220 }
221
222 afx = new_armor_context ();
223
224 kdbhd = keydb_new (0);
225 classify_user_id (uname, &desc);
226 rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID;
227 if (rc) {
228 log_error (_("key \"%s\" not found: %s\n"),uname, g10_errstr (rc));
229 goto leave;
230 }
231
232 rc = keydb_get_keyblock (kdbhd, &keyblock );
233 if( rc ) {
234 log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
235 goto leave;
236 }
237
238 /* To parse the revkeys */
239 merge_keys_and_selfsig(keyblock);
240
241 /* get the key from the keyblock */
242 node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
243 if( !node )
244 BUG ();
245
246 pk=node->pkt->pkt.public_key;
247
248 keyid_from_pk(pk,keyid);
249
250 if(locusr)
251 {
252 rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT);
253 if(rc)
254 goto leave;
255 }
256
257 /* Are we a designated revoker for this key? */
258
259 if(!pk->revkey && pk->numrevkeys)
260 BUG();
261
262 for(i=0;i<pk->numrevkeys;i++)
263 {
264 SK_LIST list;
265
266 if(sk)
267 free_secret_key(sk);
268
269 if(sk_list)
270 {
271 for(list=sk_list;list;list=list->next)
272 {
273 byte fpr[MAX_FINGERPRINT_LEN];
274 size_t fprlen;
275
276 fingerprint_from_sk(list->sk,fpr,&fprlen);
277
278 /* Don't get involved with keys that don't have 160
279 bit fingerprints */
280 if(fprlen!=20)
281 continue;
282
283 if(memcmp(fpr,pk->revkey[i].fpr,20)==0)
284 break;
285 }
286
287 if(list)
288 sk=copy_secret_key(NULL,list->sk);
289 else
290 continue;
291 }
292 else
293 {
294 sk=xmalloc_secure_clear(sizeof(*sk));
295 rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN);
296 }
297
298 /* We have the revocation key */
299 if(!rc)
300 {
301 PKT_signature *revkey = NULL;
302
303 any = 1;
304
305 print_pubkey_info (NULL, pk);
306 tty_printf ("\n");
307
308 tty_printf (_("To be revoked by:\n"));
309 print_seckey_info (sk);
310
311 if(pk->revkey[i].class&0x40)
312 tty_printf(_("(This is a sensitive revocation key)\n"));
313 tty_printf("\n");
314
315 if( !cpr_get_answer_is_yes("gen_desig_revoke.okay",
316 _("Create a designated revocation certificate for this key? (y/N) ")))
317 continue;
318
319 /* get the reason for the revocation (this is always v4) */
320 reason = ask_revocation_reason( 1, 0, 1 );
321 if( !reason )
322 continue;
323
324 rc = check_secret_key( sk, 0 );
325 if( rc )
326 continue;
327
328 if( !opt.armor )
329 tty_printf(_("ASCII armored output forced.\n"));
330
331 if( (rc = open_outfile( NULL, 0, &out )) )
332 goto leave;
333
334 afx->what = 1;
335 afx->hdrlines = "Comment: A designated revocation certificate"
336 " should follow\n";
337 push_armor_filter (afx, out);
338
339 /* create it */
340 rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
341 0, 0, 0,
342 revocation_reason_build_cb, reason );
343 if( rc ) {
344 log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
345 goto leave;
346 }
347
348 /* Spit out a minimal pk as well, since otherwise there is
349 no way to know which key to attach this revocation to.
350 Also include the direct key signature that contains
351 this revocation key. We're allowed to include
352 sensitive revocation keys along with a revocation, as
353 this may be the only time the recipient has seen it.
354 Note that this means that if we have multiple different
355 sensitive revocation keys in a given direct key
356 signature, we're going to include them all here. This
357 is annoying, but the good outweighs the bad, since
358 without including this a sensitive revoker can't really
359 do their job. People should not include multiple
360 sensitive revocation keys in one signature: 2440 says
361 "Note that it may be appropriate to isolate this
362 subpacket within a separate signature so that it is not
363 combined with other subpackets that need to be
364 exported." -dms */
365
366 while(!revkey)
367 {
368 KBNODE signode;
369
370 signode=find_next_kbnode(node,PKT_SIGNATURE);
371 if(!signode)
372 break;
373
374 node=signode;
375
376 if(keyid[0]==signode->pkt->pkt.signature->keyid[0] &&
377 keyid[1]==signode->pkt->pkt.signature->keyid[1] &&
378 IS_KEY_SIG(signode->pkt->pkt.signature))
379 {
380 int j;
381
382 for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++)
383 {
384 if(pk->revkey[i].class==
385 signode->pkt->pkt.signature->revkey[j]->class &&
386 pk->revkey[i].algid==
387 signode->pkt->pkt.signature->revkey[j]->algid &&
388 memcmp(pk->revkey[i].fpr,
389 signode->pkt->pkt.signature->revkey[j]->fpr,
390 MAX_FINGERPRINT_LEN)==0)
391 {
392 revkey=signode->pkt->pkt.signature;
393 break;
394 }
395 }
396 }
397 }
398
399 if(!revkey)
400 BUG();
401
402 rc=export_minimal_pk(out,keyblock,sig,revkey);
403 if(rc)
404 goto leave;
405
406 /* and issue a usage notice */
407 tty_printf(_("Revocation certificate created.\n"));
408 break;
409 }
410 }
411
412 if(!any)
413 log_error(_("no revocation keys found for \"%s\"\n"),uname);
414
415 leave:
416 if( pk )
417 free_public_key( pk );
418 if( sk )
419 free_secret_key( sk );
420 if( sig )
421 free_seckey_enc( sig );
422
423 release_sk_list(sk_list);
424
425 if( rc )
426 iobuf_cancel(out);
427 else
428 iobuf_close(out);
429 release_revocation_reason_info( reason );
430 release_armor_context (afx);
431 return rc;
432 }
433
434
435 /****************
436 * Generate a revocation certificate for UNAME
437 */
438 int
439 gen_revoke( const char *uname )
440 {
441 int rc = 0;
442 armor_filter_context_t *afx;
443 PACKET pkt;
444 PKT_secret_key *sk; /* used as pointer into a kbnode */
445 PKT_public_key *pk = NULL;
446 PKT_signature *sig = NULL;
447 u32 sk_keyid[2];
448 IOBUF out = NULL;
449 KBNODE keyblock = NULL, pub_keyblock = NULL;
450 KBNODE node;
451 KEYDB_HANDLE kdbhd;
452 struct revocation_reason_info *reason = NULL;
453 KEYDB_SEARCH_DESC desc;
454
455 if( opt.batch )
456 {
457 log_error(_("can't do this in batch mode\n"));
458 return G10ERR_GENERAL;
459 }
460
461 afx = new_armor_context ();
462 init_packet( &pkt );
463
464 /* search the userid:
465 * We don't want the whole getkey stuff here but the entire keyblock
466 */
467 kdbhd = keydb_new (1);
468 classify_user_id (uname, &desc);
469 rc = desc.mode? keydb_search (kdbhd, &desc, 1) : G10ERR_INV_USER_ID;
470 if (rc)
471 {
472 log_error (_("secret key \"%s\" not found: %s\n"),
473 uname, g10_errstr (rc));
474 goto leave;
475 }
476
477 rc = keydb_get_keyblock (kdbhd, &keyblock );
478 if( rc ) {
479 log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
480 goto leave;
481 }
482
483 /* get the keyid from the keyblock */
484 node = find_kbnode( keyblock, PKT_SECRET_KEY );
485 if( !node )
486 BUG ();
487
488 /* fixme: should make a function out of this stuff,
489 * it's used all over the source */
490 sk = node->pkt->pkt.secret_key;
491 keyid_from_sk( sk, sk_keyid );
492 print_seckey_info (sk);
493
494 pk = xmalloc_clear( sizeof *pk );
495
496 /* FIXME: We should get the public key direct from the secret one */
497
498 pub_keyblock=get_pubkeyblock(sk_keyid);
499 if(!pub_keyblock)
500 {
501 log_error(_("no corresponding public key: %s\n"), g10_errstr(rc) );
502 goto leave;
503 }
504
505 node=find_kbnode(pub_keyblock,PKT_PUBLIC_KEY);
506 if(!node)
507 BUG();
508
509 pk=node->pkt->pkt.public_key;
510
511 if( cmp_public_secret_key( pk, sk ) ) {
512 log_error(_("public key does not match secret key!\n") );
513 rc = G10ERR_GENERAL;
514 goto leave;
515 }
516
517 tty_printf("\n");
518 if( !cpr_get_answer_is_yes("gen_revoke.okay",
519 _("Create a revocation certificate for this key? (y/N) ")) )
520 {
521 rc = 0;
522 goto leave;
523 }
524
525 if(sk->version>=4 || opt.force_v4_certs) {
526 /* get the reason for the revocation */
527 reason = ask_revocation_reason( 1, 0, 1 );
528 if( !reason ) { /* user decided to cancel */
529 rc = 0;
530 goto leave;
531 }
532 }
533
534 switch( is_secret_key_protected( sk ) ) {
535 case -1:
536 log_error(_("unknown protection algorithm\n"));
537 rc = G10ERR_PUBKEY_ALGO;
538 break;
539 case -3:
540 tty_printf (_("Secret parts of primary key are not available.\n"));
541 rc = G10ERR_NO_SECKEY;
542 break;
543 case 0:
544 tty_printf(_("NOTE: This key is not protected!\n"));
545 break;
546 default:
547 rc = check_secret_key( sk, 0 );
548 break;
549 }
550 if( rc )
551 goto leave;
552
553
554 if( !opt.armor )
555 tty_printf(_("ASCII armored output forced.\n"));
556
557 if( (rc = open_outfile( NULL, 0, &out )) )
558 goto leave;
559
560 afx->what = 1;
561 afx->hdrlines = "Comment: A revocation certificate should follow\n";
562 push_armor_filter (afx, out);
563
564 /* create it */
565 rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0,
566 opt.force_v4_certs?4:0, 0, 0,
567 revocation_reason_build_cb, reason );
568 if( rc ) {
569 log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
570 goto leave;
571 }
572
573 if(PGP2 || PGP6 || PGP7 || PGP8)
574 {
575 /* Use a minimal pk for PGPx mode, since PGP can't import bare
576 revocation certificates. */
577 rc=export_minimal_pk(out,pub_keyblock,sig,NULL);
578 if(rc)
579 goto leave;
580 }
581 else
582 {
583 init_packet( &pkt );
584 pkt.pkttype = PKT_SIGNATURE;
585 pkt.pkt.signature = sig;
586
587 rc = build_packet( out, &pkt );
588 if( rc ) {
589 log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
590 goto leave;
591 }
592 }
593
594 /* and issue a usage notice */
595 tty_printf(_("Revocation certificate created.\n\n"
596 "Please move it to a medium which you can hide away; if Mallory gets\n"
597 "access to this certificate he can use it to make your key unusable.\n"
598 "It is smart to print this certificate and store it away, just in case\n"
599 "your media become unreadable. But have some caution: The print system of\n"
600 "your machine might store the data and make it available to others!\n"));
601
602 leave:
603 if( sig )
604 free_seckey_enc( sig );
605 release_kbnode( keyblock );
606 release_kbnode( pub_keyblock );
607 keydb_release (kdbhd);
608 if( rc )
609 iobuf_cancel(out);
610 else
611 iobuf_close(out);
612 release_revocation_reason_info( reason );
613 release_armor_context (afx);
614 return rc;
615 }
616
617
618
619 struct revocation_reason_info *
620 ask_revocation_reason( int key_rev, int cert_rev, int hint )
621 {
622 int code=-1;
623 char *description = NULL;
624 struct revocation_reason_info *reason;
625 const char *text_0 = _("No reason specified");
626 const char *text_1 = _("Key has been compromised");
627 const char *text_2 = _("Key is superseded");
628 const char *text_3 = _("Key is no longer used");
629 const char *text_4 = _("User ID is no longer valid");
630 const char *code_text = NULL;
631
632 do {
633 code=-1;
634 xfree(description);
635 description = NULL;
636
637 tty_printf(_("Please select the reason for the revocation:\n"));
638 tty_printf( " 0 = %s\n", text_0 );
639 if( key_rev )
640 tty_printf(" 1 = %s\n", text_1 );
641 if( key_rev )
642 tty_printf(" 2 = %s\n", text_2 );
643 if( key_rev )
644 tty_printf(" 3 = %s\n", text_3 );
645 if( cert_rev )
646 tty_printf(" 4 = %s\n", text_4 );
647 tty_printf( " Q = %s\n", _("Cancel") );
648 if( hint )
649 tty_printf(_("(Probably you want to select %d here)\n"), hint );
650
651 while(code==-1) {
652 int n;
653 char *answer = cpr_get("ask_revocation_reason.code",
654 _("Your decision? "));
655 trim_spaces( answer );
656 cpr_kill_prompt();
657 if( *answer == 'q' || *answer == 'Q')
658 return NULL; /* cancel */
659 if( hint && !*answer )
660 n = hint;
661 else if(!digitp( answer ) )
662 n = -1;
663 else
664 n = atoi(answer);
665 xfree(answer);
666 if( n == 0 ) {
667 code = 0x00; /* no particular reason */
668 code_text = text_0;
669 }
670 else if( key_rev && n == 1 ) {
671 code = 0x02; /* key has been compromised */
672 code_text = text_1;
673 }
674 else if( key_rev && n == 2 ) {
675 code = 0x01; /* key is superseded */
676 code_text = text_2;
677 }
678 else if( key_rev && n == 3 ) {
679 code = 0x03; /* key is no longer used */
680 code_text = text_3;
681 }
682 else if( cert_rev && n == 4 ) {
683 code = 0x20; /* uid is no longer valid */
684 code_text = text_4;
685 }
686 else
687 tty_printf(_("Invalid selection.\n"));
688 }
689
690 tty_printf(_("Enter an optional description; "
691 "end it with an empty line:\n") );
692 for(;;) {
693 char *answer = cpr_get("ask_revocation_reason.text", "> " );
694 trim_trailing_ws( answer, strlen(answer) );
695 cpr_kill_prompt();
696 if( !*answer ) {
697 xfree(answer);
698 break;
699 }
700
701 {
702 char *p = make_printable_string( answer, strlen(answer), 0 );
703 xfree(answer);
704 answer = p;
705 }
706
707 if( !description )
708 description = xstrdup(answer);
709 else {
710 char *p = xmalloc( strlen(description) + strlen(answer) + 2 );
711 strcpy(stpcpy(stpcpy( p, description),"\n"),answer);
712 xfree(description);
713 description = p;
714 }
715 xfree(answer);
716 }
717
718 tty_printf(_("Reason for revocation: %s\n"), code_text );
719 if( !description )
720 tty_printf(_("(No description given)\n") );
721 else
722 tty_printf("%s\n", description );
723
724 } while( !cpr_get_answer_is_yes("ask_revocation_reason.okay",
725 _("Is this okay? (y/N) ")) );
726
727 reason = xmalloc( sizeof *reason );
728 reason->code = code;
729 reason->desc = description;
730 return reason;
731 }
732
733 void
734 release_revocation_reason_info( struct revocation_reason_info *reason )
735 {
736 if( reason ) {
737 xfree( reason->desc );
738 xfree( reason );
739 }
740 }
gnupg svn clone