| blob | 902089c2d7621b8348be042bdb2be3d087787b60 |
1 /* trustdb.c
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
27 #ifndef DISABLE_REGEX
28 #include <sys/types.h>
29 #include <regex.h>
45 /*
46 * A structure to store key identification as well as some stuff needed
47 * for validation
48 */
52 byte trust_depth;
53 byte trust_value;
56 };
61 /*
62 * Structure to keep track of keys, this is used as an array wherre
63 * the item right after the last one has a keyblock set to NULL.
64 * Maybe we can drop this thing and replace it by key_item
65 */
67 KBNODE keyblock;
68 };
71 /* control information for the trust DB */
78 /* some globals */
86 \f
87 /**********************************************
88 ************* some helpers *******************
89 **********************************************/
93 {
98 }
100 static void
102 {
106 {
110 }
111 }
113 /*
114 * For fast keylook up we need a hash table. Each byte of a KeyIDs
115 * should be distributed equally over the 256 possible values (except
116 * for v3 keyIDs but we consider them as not important here). So we
117 * can just use 10 bits to index a table of 1024 key items.
118 * Possible optimization: Don not use key_items but other hash_table when the
119 * duplicates lists gets too large.
120 */
121 static KeyHashTable
123 {
128 }
130 static void
132 {
140 }
142 /*
143 * Returns: True if the keyID is in the given hash table
144 */
145 static int
147 {
154 }
156 /*
157 * Add a new key to the hash table. The key is identified by its key ID.
158 */
159 static void
161 {
173 }
175 /*
176 * Release a key_array
177 */
178 static void
180 {
187 }
188 }
190 \f
191 /*********************************************
192 ********** Initialization *****************
193 *********************************************/
197 /*
198 * Used to register extra ultimately trusted keys - this has to be done
199 * before initializing the validation module.
200 * FIXME: Should be replaced by a function to add those keys to the trustdb.
201 */
202 void
204 {
212 }
214 void
216 {
217 KEYDB_SEARCH_DESC desc;
220 {
223 }
226 }
228 /*
229 * Helper to add a key to the global list of ultimately trusted keys.
230 * Retruns: true = inserted, false = already in in list.
231 */
232 static int
234 {
238 {
240 {
242 }
243 }
254 }
257 /****************
258 * Verify that all our secret keys are usable and put them into the utk_list.
259 */
260 static void
262 {
263 TRUSTREC rec;
264 ulong recnum;
271 /* scan the trustdb to find all ultimately trusted keys */
273 {
276 {
281 /* Problem: We do only use fingerprints in the trustdb but
282 * we need the keyID here to indetify the key; we can only
283 * use that ugly hack to distinguish between 16 and 20
284 * butes fpr - it does not work always so we better change
285 * the whole validation code to only work with
286 * fingerprints */
292 }
293 }
295 /* Put any --trusted-key keys into the trustdb */
297 {
300 PKT_public_key pk;
307 else
308 {
313 }
316 }
317 }
319 /* release the helper table table */
323 }
325 \f
326 /*********************************************
327 *********** TrustDB stuff *******************
328 *********************************************/
330 /*
331 * Read a record but die if it does not exist
332 */
333 static void
335 {
338 {
342 }
344 {
348 }
349 }
351 /*
352 * Write a record and die on error
353 */
354 static void
356 {
359 {
363 }
364 }
366 /*
367 * sync the TrustDb and die on error
368 */
369 static void
371 {
374 {
377 }
378 }
382 {
384 {
391 }
392 }
394 /****************
395 * Perform some checks over the trustdb
396 * level 0: only open the db
397 * 1: used for initial program startup
398 */
399 int
401 {
402 /* just store the args */
408 }
410 void
412 {
422 {
426 }
427 else
431 {
432 /* Try and set the trust model off of whatever the trustdb says
433 it is. */
436 /* Sanity check this ;) */
440 {
444 }
448 }
451 {
452 /* Verify the list of ultimately trusted keys and move the
453 --trusted-keys list there as well. */
459 }
460 }
463 /***********************************************
464 ************* Print helpers ****************
465 ***********************************************/
467 /****************
468 * This function returns a letter for a trustvalue Trust flags
469 * are ignore.
470 */
471 static int
473 {
475 {
484 }
485 }
487 /* NOTE TO TRANSLATOR: these strings are similar to those in
488 trust_value_to_string(), but are a fixed length. This is needed to
489 make attractive information listings where columns line up
490 properly. The value "10" should be the length of the strings you
491 choose to translate to. This is the length in printable columns.
492 It gets passed to atoi() so everything after the number is
493 essentially a comment and need not be translated. Either key and
494 uid are both NULL, or neither are NULL. */
497 {
506 {
513 }
516 }
518 /* The strings here are similar to those in
519 pkclist.c:do_edit_ownertrust() */
522 {
524 {
533 }
534 }
536 int
538 {
549 else
551 }
553 /****************
554 * Recreate the WoT but do not ask for new ownertrusts. Special
555 * feature: In batch mode and without a forced yes, this is only done
556 * when a check is due. This can be used to run the check from a crontab
557 */
558 void
560 {
563 {
565 {
566 ulong scheduled;
570 {
573 }
576 {
580 }
581 }
584 }
585 else
588 }
591 /*
592 * Recreate the WoT.
593 */
594 void
596 {
600 else
603 }
605 void
607 {
609 /* we simply set the time for the next check to 1 (far back in 1970)
610 * so that a --update-trustdb will be scheduled */
614 }
616 int
618 {
620 }
622 /* If the trustdb is dirty, and we're interactive, update it.
623 Otherwise, check it unless no-auto-check-trustdb is set. */
624 void
626 {
628 {
633 }
634 }
636 void
639 {
640 TRUSTREC opts;
658 }
660 /***********************************************
661 *********** Ownertrust et al. ****************
662 ***********************************************/
664 static int
666 {
674 {
678 }
681 {
685 }
688 }
690 /****************
691 * Return the assigned ownertrust value for the given public key.
692 * The key should be the primary key.
693 */
694 unsigned int
696 {
697 TRUSTREC rec;
704 {
707 }
710 }
712 unsigned int
714 {
715 TRUSTREC rec;
722 {
725 }
728 }
730 /*
731 * Same as get_ownertrust but this takes the minimum ownertrust value
732 * into into account, and will bump up the value as needed.
733 */
734 static int
736 {
742 {
743 /* If the trust that the user has set is less than the trust
744 that was calculated from a trust signature chain, use the
745 higher of the two. We do this here and not in
746 get_ownertrust since the underlying ownertrust should not
747 really be set - just the appearance of the ownertrust. */
750 }
753 }
755 /*
756 * Same as get_ownertrust but return a trust letter instead of an
757 * value. This takes the minimum ownertrust value into account.
758 */
759 int
761 {
763 }
765 /*
766 * Same as get_ownertrust but return a trust string instead of an
767 * value. This takes the minimum ownertrust value into account.
768 */
771 {
773 }
775 /*
776 * Set the trust value of the given public key to the new value.
777 * The key should be a primary one.
778 */
779 void
781 {
782 TRUSTREC rec;
787 {
792 {
797 }
798 }
815 }
816 else
817 {
819 }
820 }
822 static void
824 {
826 TRUSTREC rec;
832 {
835 }
839 {
844 new_trust );
846 {
851 }
852 }
869 }
870 else
871 {
873 }
874 }
876 /* Clear the ownertrust and min_ownertrust values. Return true if a
877 change actually happened. */
878 int
880 {
881 TRUSTREC rec;
886 {
888 {
893 }
895 {
902 }
903 }
905 {
907 }
909 }
911 /*
912 * Note: Caller has to do a sync
913 */
914 static void
917 {
920 ulong recno;
926 {
929 }
931 {
940 }
942 /* locate an existing one */
945 {
950 }
953 {
960 }
967 }
970 /***********************************************
971 ********* Query trustdb values **************
972 ***********************************************/
974 /* Return true if key is disabled */
975 int
977 {
979 TRUSTREC trec;
989 {
992 }
999 /* Cache it for later so we don't need to look at the trustdb every
1000 time */
1003 else
1006 leave:
1008 }
1010 void
1012 {
1018 {
1019 ulong scheduled;
1024 {
1026 {
1029 }
1030 else
1031 {
1034 }
1035 }
1036 }
1037 }
1039 /*
1040 * Return the validity information for PK. If the namehash is not
1041 * NULL, the validity of the corresponsing user ID is returned,
1042 * otherwise, a reasonable value for the entire key is returned.
1043 */
1044 unsigned int
1046 {
1049 ulong recno;
1066 {
1073 }
1074 }
1075 else
1079 {
1080 /* Note that this happens BEFORE any user ID stuff is checked.
1081 The direct trust model applies to keys as a whole. */
1084 }
1088 {
1091 }
1093 {
1096 }
1098 /* loop over all user IDs */
1102 {
1106 {
1107 /* If a user ID is given we return the validity for that
1108 user ID ONLY. If the namehash is not found, then there
1109 is no validity at all (i.e. the user ID wasn't
1110 signed). */
1112 {
1115 }
1116 }
1117 else
1118 {
1119 /* If no namehash is given, we take the maximum validity
1120 over all user IDs */
1123 }
1126 }
1129 {
1132 }
1133 else
1136 leave:
1137 /* set some flags direct from the key */
1142 /* Note: expiration is a trust value and not a flag - don't know why
1143 * I initially designed it that way */
1153 }
1155 int
1157 {
1164 }
1168 {
1175 }
1177 static void
1179 {
1181 ulong recno;
1195 /* loop over all user IDs */
1198 {
1202 {
1205 /* printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
1207 }
1210 }
1211 }
1213 void
1215 {
1217 }
1219 /****************
1220 * Enumerate all keys, which are needed to build all trust paths for
1221 * the given key. This function does not return the key itself or
1222 * the ultimate key (the last point in cerificate chain). Only
1223 * certificate chains which ends up at an ultimately trusted key
1224 * are listed. If ownertrust or validity is not NULL, the corresponding
1225 * value for the returned LID is also returned in these variable(s).
1226 *
1227 * 1) create a void pointer and initialize it to NULL
1228 * 2) pass this void pointer by reference to this function.
1229 * Set lid to the key you want to enumerate and pass it by reference.
1230 * 3) call this function as long as it does not return -1
1231 * to indicate EOF. LID does contain the next key used to build the web
1232 * 4) Always call this function a last time with LID set to NULL,
1233 * so that it can free its context.
1234 *
1235 * Returns: -1 on EOF or the level of the returned LID
1236 */
1237 int
1240 {
1246 }
1249 /****************
1250 * Print the current path
1251 */
1252 void
1255 {
1260 }
1263 \f
1264 /****************************************
1265 *********** NEW NEW NEW ****************
1266 ****************************************/
1268 static int
1270 {
1278 {
1282 }
1285 {
1290 }
1291 else
1292 {
1298 else
1300 }
1305 }
1308 static void
1310 {
1314 {
1319 }
1320 }
1323 static void
1325 {
1329 {
1338 {
1340 {
1353 }
1354 }
1355 }
1356 }
1359 static void
1361 {
1362 KBNODE node;
1367 {
1369 {
1377 else
1381 {
1388 }
1389 }
1390 }
1394 }
1396 /*
1397 * check whether the signature sig is in the klist k
1398 */
1401 {
1403 {
1406 }
1408 }
1410 /*
1411 * Mark the signature of the given UID which are used to certify it.
1412 * To do this, we first revmove all signatures which are not valid and
1413 * from the remain ones we look for the latest one. If this is not a
1414 * certification revocation signature we mark the signature by setting
1415 * node flag bit 8. Revocations are marked with flag 11, and sigs
1416 * from unavailable keys are marked with flag 12. Note that flag bits
1417 * 9 and 10 are used for internal purposes.
1418 */
1419 static void
1423 {
1424 KBNODE node;
1427 /* first check all signatures */
1429 {
1447 invalid signature */
1451 {
1452 /* we ignore anything that won't verify, but tag the
1453 no_pubkey case */
1457 }
1459 }
1460 /* reset the remaining flags */
1464 /* kbnode flag usage: bit 9 is here set for signatures to consider,
1465 * bit 10 will be set by the loop to keep track of keyIDs already
1466 * processed, bit 8 will be set for the usable signatures, and bit
1467 * 11 will be set for usable revocations. */
1469 /* for each cert figure out the latest valid one */
1471 {
1474 u32 sigdate;
1488 /* Now find the latest and greatest signature */
1490 {
1502 /* If signode is nonrevocable and unexpired and n isn't,
1503 then take signode (skip). It doesn't matter which is
1504 older: if signode was older then we don't want to take n
1505 as signode is nonrevocable. If n was older then we're
1506 automatically fine. */
1518 /* If n is nonrevocable and unexpired and signode isn't,
1519 then take n. Again, it doesn't matter which is older: if
1520 n was older then we don't want to take signode as n is
1521 nonrevocable. If signode was older then we're
1522 automatically fine. */
1532 {
1536 }
1538 /* At this point, if it's newer, it goes in as the only
1539 remaining possibilities are signode and n are both either
1540 revocable or expired or both nonrevocable and unexpired.
1541 If the timestamps are equal take the later ordered
1542 packet, presuming that the key packets are hopefully in
1543 their original order. */
1546 {
1549 }
1550 }
1555 * Just need to check whether there is an expiration time,
1556 * We do the expired certification after finding a suitable
1557 * certification, the assumption is that a signator does not
1558 * want that after the expiration of his certificate the
1559 * system falls back to an older certification which has a
1560 * different expiration time */
1562 u32 expire;
1568 {
1572 }
1573 }
1574 else
1576 }
1577 }
1579 static int
1581 {
1583 KBNODE node;
1590 /* Passing in a 0 for current time here means that we'll never weed
1591 out an expired sig. This is correct behavior since we want to
1592 keep the most recent expired sig in a series. */
1595 /* What we want to do here is remove signatures that are not
1596 considered as part of the trust calculations. Thus, all invalid
1597 signatures are out, as are any signatures that aren't the last of
1598 a series of uid sigs or revocations It breaks down like this:
1599 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
1600 not even a candidate. If a sig has flag 9 or 10, that means it
1601 was selected as a candidate and vetted. If a sig has flag 8 it
1602 is a usable signature. If a sig has flag 11 it is a usable
1603 revocation. If a sig has flag 12 it was issued by an unavailable
1604 key. "Usable" here means the most recent valid
1605 signature/revocation in a series from a particular signer.
1607 Delete everything that isn't a usable uid sig (which might be
1608 expired), a usable revocation, or a sig from an unavailable
1609 key. */
1614 {
1618 /* Keep usable uid sigs ... */
1622 /* ... and usable revocations... */
1626 /* ... and sigs from unavailable keys. */
1627 /* disabled for now since more people seem to want sigs from
1628 unavailable keys removed altogether. */
1629 /*
1630 if(node->flag & (1<<12))
1631 continue;
1632 */
1634 /* Everything else we delete */
1636 /* At this point, if 12 is set, the signing key was unavailable.
1637 If 9 or 10 is set, it's superceded. Otherwise, it's
1638 invalid. */
1648 deleted++;
1649 }
1652 }
1654 /* This is substantially easier than clean_sigs_from_uid since we just
1655 have to establish if the uid has a valid self-sig, is not revoked,
1656 and is not expired. Note that this does not take into account
1657 whether the uid has a trust path to it - just whether the keyholder
1658 themselves has certified the uid. Returns true if the uid was
1659 compacted. To "compact" a user ID, we simply remove ALL signatures
1660 except the self-sig that caused the user ID to be remove-worthy.
1661 We don't actually remove the user ID packet itself since it might
1662 be ressurected in a later merge. Note that this function requires
1663 that the caller has already done a merge_keys_and_selfsig().
1665 TODO: change the import code to allow importing a uid with only a
1666 revocation if the uid already exists on the keyring. */
1668 static int
1670 {
1671 KBNODE node;
1678 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
1679 IDs if --allow-non-selfsigned-uid is set. */
1689 {
1693 }
1696 {
1704 else
1709 reason);
1712 }
1715 }
1717 /* Needs to be called after a merge_keys_and_selfsig() */
1718 void
1721 {
1733 /* Do clean_uid_from_key first since if it fires off, we don't
1734 have to bother with the other */
1738 }
1740 void
1743 {
1744 KBNODE uidnode;
1754 }
1756 /* Returns a sanitized copy of the regexp (which might be "", but not
1757 NULL). */
1758 #ifndef DISABLE_REGEX
1761 {
1765 have to */
1767 /* There are basically two commonly-used regexps here. GPG and most
1768 versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
1769 command line uses "example.com" (i.e. whatever the user specfies,
1770 and we can't expect users know to use "\." instead of "."). So
1771 here are the rules: we're allowed to start with "<[^>]+[@.]" and
1772 end with ">$" or start and end with nothing. In between, the
1773 only legal regex character is ".", and everything else gets
1774 escaped. Part of the gotcha here is that some regex packages
1775 allow more than RFC-4880 requires. For example, 4880 has no "{}"
1776 operator, but GNU regex does. Commenting removes these operators
1777 from consideration. A possible future enhancement is to use
1778 commenting to effectively back off a given regex to the Henry
1779 Spencer syntax in 4880. -dshaw */
1781 /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
1784 {
1790 }
1792 /* Walk the remaining characters and ensure that everything that is
1793 left is not an operational regex character. */
1795 {
1800 else
1804 }
1808 /* Note that the (sub)string we look at might end with a bare "\".
1809 If it does, leave it that way. If the regexp actually ended with
1810 ">$", then it was escaping the ">" and is fine. If the regexp
1811 actually ended with the bare "\", then it's an illegal regexp and
1812 regcomp should kick it out. */
1818 }
1821 /* Used by validate_one_keyblock to confirm a regexp within a trust
1822 signature. Returns 1 for match, and 0 for no match or regex
1823 error. */
1824 static int
1826 {
1827 #ifdef DISABLE_REGEX
1828 /* When DISABLE_REGEX is defined, assume all regexps do not
1829 match. */
1831 #else
1837 #ifdef __riscos__
1839 #else
1840 {
1841 regex_t pat;
1845 {
1849 }
1850 }
1851 #endif
1860 #endif
1861 }
1863 /*
1864 * Return true if the key is signed by one of the keys in the given
1865 * key ID list. User IDs with a valid signature are marked by node
1866 * flags as follows:
1867 * flag bit 0: There is at least one signature
1868 * 1: There is marginal confidence that this is a legitimate uid
1869 * 2: There is full confidence that this is a legitimate uid.
1870 * 8: Used for internal purposes.
1871 * 9: Ditto (in mark_usable_uid_certs())
1872 * 10: Ditto (ditto)
1873 * This function assumes that all kbnode flags are cleared on entry.
1874 */
1875 static int
1878 {
1888 {
1889 /* A bit of discussion here: is it better for the web of trust
1890 to be built among only self-signed uids? On the one hand, a
1891 self-signed uid is a statement that the key owner definitely
1892 intended that uid to be there, but on the other hand, a
1893 signed (but not self-signed) uid does carry trust, of a sort,
1894 even if it is a statement being made by people other than the
1895 key owner "through" the uids on the key owner's key. I'm
1896 going with the latter. However, if the user ID was
1897 explicitly revoked, or passively allowed to expire, that
1898 should stop validity through the user ID until it is
1899 resigned. -dshaw */
1904 {
1906 {
1914 }
1918 /* If the selfsig is going to expire... */
1926 }
1929 {
1930 /* Note that we are only seeing unrevoked sigs here */
1934 /* If the trust_regexp does not match, it's as if the sig
1935 did not exist. This is safe for non-trust sigs as well
1936 since we don't accept a regexp on the sig unless it's a
1937 trust sig. */
1940 || (uidnode
1943 {
1944 /* Are we part of a trust sig chain? We always favor
1945 the latest trust sig, rather than the greater or
1946 lesser trust sig or value. I could make a decent
1947 argument for any of these cases, but this seems to be
1948 what PGP does, and I'd like to be compatible. -dms */
1952 {
1955 /* If the depth on the signature is less than the
1956 chain currently has, then use the signature depth
1957 so we don't increase the depth beyond what the
1958 signer wanted. If the depth on the signature is
1959 more than the chain currently has, then use the
1960 chain depth so we use as much of the signature
1961 depth as the chain will permit. An ultimately
1962 trusted signature can restart the depth to
1963 whatever level it likes. */
1968 else
1972 {
1980 /* If we got here, we know that:
1982 this is a trust sig.
1984 it's a newer trust sig than any previous trust
1985 sig on this key (not uid).
1987 it is legal in that it was either generated by an
1988 ultimate key, or a key that was part of a trust
1989 chain, and the depth does not violate the
1990 original trust sig.
1992 if there is a regexp attached, it matched
1993 successfully.
1994 */
2005 /* If the trust sig contains a regexp, record it
2006 on the pk for the next round. */
2009 }
2010 }
2019 }
2020 }
2021 }
2024 {
2032 }
2035 }
2038 static int
2040 {
2043 }
2046 /*
2047 * Scan all keys and return a key_array of all suitable keys from
2048 * kllist. The caller has to pass keydb handle so that we don't use
2049 * to create our own. Returns either a key_array or NULL in case of
2050 * an error. No results found are indicated by an empty array.
2051 * Caller hast to release the returned array.
2052 */
2056 {
2061 KEYDB_SEARCH_DESC desc;
2069 {
2073 }
2081 {
2084 }
2086 {
2090 }
2093 do
2094 {
2099 {
2103 }
2106 {
2112 }
2114 /* prepare the keyblock for further processing */
2119 {
2120 /* it does not make sense to look further at those keys */
2122 }
2124 {
2125 KBNODE node;
2134 }
2137 /* Optimization - if all uids are fully trusted, then we
2138 never need to consider this key as a candidate again. */
2148 }
2152 }
2155 {
2159 }
2163 }
2165 /* Caller must sync */
2166 static void
2168 {
2169 TRUSTREC rec;
2170 ulong recnum;
2174 {
2176 {
2177 count++;
2179 {
2182 }
2184 }
2189 {
2192 nreset++;
2194 }
2196 }
2201 }
2203 /*
2204 * Run the key validation procedure.
2205 *
2206 * This works this way:
2207 * Step 1: Find all ultimately trusted keys (UTK).
2208 * mark them all as seen and put them into klist.
2209 * Step 2: loop max_cert_times
2210 * Step 3: if OWNERTRUST of any key in klist is undefined
2211 * ask user to assign ownertrust
2212 * Step 4: Loop over all keys in the keyDB which are not marked seen
2213 * Step 5: if key is revoked or expired
2214 * mark key as seen
2215 * continue loop at Step 4
2216 * Step 6: For each user ID of that key signed by a key in klist
2217 * Calculate validity by counting trusted signatures.
2218 * Set validity of user ID
2219 * Step 7: If any signed user ID was found
2220 * mark key as seen
2221 * End Loop
2222 * Step 8: Build a new klist from all fully trusted keys from step 6
2223 * End Loop
2224 * Ready
2225 *
2226 */
2227 static int
2229 {
2237 KBNODE node;
2243 /* Make sure we have all sigs cached. TODO: This is going to
2244 require some architectual re-thinking, as it is agonizingly slow.
2245 Perhaps combine this with reset_trust_records(), or only check
2246 the caches on keys that are actually involved in the web of
2247 trust. */
2259 /* Fixme: Instead of always building a UTK list, we could just build it
2260 * here when needed */
2262 {
2266 }
2268 /* mark all UTKs as used and fully_trusted and set validity to
2269 ultimate */
2271 {
2272 KBNODE keyblock;
2277 {
2281 }
2287 {
2290 }
2297 }
2305 {
2307 /* See whether we should assign ownertrust values to the keys in
2308 klist. */
2312 {
2315 /* 120 and 60 are as per RFC2440 */
2325 {
2329 {
2332 }
2333 }
2335 /* This can happen during transition from an old trustdb
2336 before trust sigs. It can also happen if a user uses two
2337 different versions of GnuPG or changes the --trust-model
2338 setting. */
2340 {
2349 }
2352 ot_unknown++;
2354 ot_undefined++;
2356 ot_never++;
2358 ot_marginal++;
2360 ot_full++;
2362 ot_ultimate++;
2364 valids++;
2365 }
2367 /* Find all keys which are signed by a key in kdlist */
2371 {
2375 }
2378 ;
2380 /* Store the calculated valididation status somewhere */
2392 /* Build a new kdlist from all fully valid keys in KEYS */
2397 {
2399 {
2401 {
2404 /* have we used this key already? */
2407 {
2408 /* Normally we add both the primary and subkey
2409 ids to the hash via mark_keyblock_seen, but
2410 since we aren't using this hash as a skipfnc,
2411 that doesn't matter here. */
2432 }
2433 }
2434 }
2435 }
2440 }
2442 leave:
2450 {
2453 else
2454 {
2458 }
2461 {
2465 }
2469 }
2472 }