search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2008-05-15 Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / g10 / pkclist.c
blob2c56c78cc6032b74b9adf4386d063f9cdfaff9c4
1 /* pkclist.c - create a list of public keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <errno.h>
26 #include <assert.h>
27
28 #include "gpg.h"
29 #include "options.h"
30 #include "packet.h"
31 #include "status.h"
32 #include "keydb.h"
33 #include "util.h"
34 #include "main.h"
35 #include "trustdb.h"
36 #include "ttyio.h"
37 #include "status.h"
38 #include "photoid.h"
39 #include "i18n.h"
40
41 #define CONTROL_D ('D' - 'A' + 1)
42
43 /****************
44 * Show the revocation reason as it is stored with the given signature
45 */
46 static void
47 do_show_revocation_reason( PKT_signature *sig )
48 {
49 size_t n, nn;
50 const byte *p, *pp;
51 int seq = 0;
52 const char *text;
53
54 while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
55 &n, &seq, NULL )) ) {
56 if( !n )
57 continue; /* invalid - just skip it */
58
59 if( *p == 0 )
60 text = _("No reason specified");
61 else if( *p == 0x01 )
62 text = _("Key is superseded");
63 else if( *p == 0x02 )
64 text = _("Key has been compromised");
65 else if( *p == 0x03 )
66 text = _("Key is no longer used");
67 else if( *p == 0x20 )
68 text = _("User ID is no longer valid");
69 else
70 text = NULL;
71
72 log_info( _("reason for revocation: ") );
73 if( text )
74 fputs( text, log_get_stream() );
75 else
76 fprintf( log_get_stream(), "code=%02x", *p );
77 log_printf ("\n");
78 n--; p++;
79 pp = NULL;
80 do {
81 /* We don't want any empty lines, so skip them */
82 while( n && *p == '\n' ) {
83 p++;
84 n--;
85 }
86 if( n ) {
87 pp = memchr( p, '\n', n );
88 nn = pp? pp - p : n;
89 log_info ( _("revocation comment: ") );
90 print_string ( log_get_stream(), p, nn, 0 );
91 log_printf ("\n");
92 p += nn; n -= nn;
93 }
94 } while( pp );
95 }
96 }
97
98 /* Mode 0: try and find the revocation based on the pk (i.e. check
99 subkeys, etc.) Mode 1: use only the revocation on the main pk */
100
101 void
102 show_revocation_reason( PKT_public_key *pk, int mode )
103 {
104 /* Hmmm, this is not so easy becuase we have to duplicate the code
105 * used in the trustbd to calculate the keyflags. We need to find
106 * a clean way to check revocation certificates on keys and
107 * signatures. And there should be no duplicate code. Because we
108 * enter this function only when the trustdb told us that we have
109 * a revoked key, we could simply look for a revocation cert and
110 * display this one, when there is only one. Let's try to do this
111 * until we have a better solution. */
112 KBNODE node, keyblock = NULL;
113 byte fingerprint[MAX_FINGERPRINT_LEN];
114 size_t fingerlen;
115 int rc;
116
117 /* get the keyblock */
118 fingerprint_from_pk( pk, fingerprint, &fingerlen );
119 rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
120 if( rc ) { /* that should never happen */
121 log_debug( "failed to get the keyblock\n");
122 return;
123 }
124
125 for( node=keyblock; node; node = node->next ) {
126 if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
127 ( ( node->pkt->pkttype == PKT_PUBLIC_KEY
128 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
129 && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
130 break;
131 }
132 if( !node ) {
133 log_debug("Oops, PK not in keyblock\n");
134 release_kbnode( keyblock );
135 return;
136 }
137 /* now find the revocation certificate */
138 for( node = node->next; node ; node = node->next ) {
139 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
140 break;
141 if( node->pkt->pkttype == PKT_SIGNATURE
142 && (node->pkt->pkt.signature->sig_class == 0x20
143 || node->pkt->pkt.signature->sig_class == 0x28 ) ) {
144 /* FIXME: we should check the signature here */
145 do_show_revocation_reason ( node->pkt->pkt.signature );
146 break;
147 }
148 }
149
150 /* We didn't find it, so check if the whole key is revoked */
151 if(!node && !mode)
152 show_revocation_reason(pk,1);
153
154 release_kbnode( keyblock );
155 }
156
157
158 /****************
159 * mode: 0 = standard
160 * 1 = Without key info and additional menu option 'm'
161 * this does also add an option to set the key to ultimately trusted.
162 * Returns:
163 * -2 = nothing changed - caller should show some additional info
164 * -1 = quit operation
165 * 0 = nothing changed
166 * 1 = new ownertrust now in new_trust
167 */
168 static int
169 do_edit_ownertrust (PKT_public_key *pk, int mode,
170 unsigned *new_trust, int defer_help )
171 {
172 char *p;
173 u32 keyid[2];
174 int changed=0;
175 int quit=0;
176 int show=0;
177 int min_num;
178 int did_help=defer_help;
179 unsigned int minimum=get_min_ownertrust(pk);
180
181 switch(minimum)
182 {
183 default:
184 case TRUST_UNDEFINED: min_num=1; break;
185 case TRUST_NEVER: min_num=2; break;
186 case TRUST_MARGINAL: min_num=3; break;
187 case TRUST_FULLY: min_num=4; break;
188 }
189
190 keyid_from_pk (pk, keyid);
191 for(;;) {
192 /* A string with valid answers.
193
194 Note to translators: These are the allowed answers in lower and
195 uppercase. Below you will find the matching strings which
196 should be translated accordingly and the letter changed to
197 match the one in the answer string.
198
199 i = please show me more information
200 m = back to the main menu
201 s = skip this key
202 q = quit
203 */
204 const char *ans = _("iImMqQsS");
205
206 if( !did_help )
207 {
208 if( !mode )
209 {
210 KBNODE keyblock, un;
211
212 tty_printf(_("No trust value assigned to:\n"));
213 tty_printf("%4u%c/%s %s\n",nbits_from_pk( pk ),
214 pubkey_letter( pk->pubkey_algo ),
215 keystr(keyid), datestr_from_pk( pk ) );
216 p=get_user_id_native(keyid);
217 tty_printf(_(" \"%s\"\n"),p);
218 xfree(p);
219
220 keyblock = get_pubkeyblock (keyid);
221 if (!keyblock)
222 BUG ();
223 for (un=keyblock; un; un = un->next)
224 {
225 if (un->pkt->pkttype != PKT_USER_ID )
226 continue;
227 if (un->pkt->pkt.user_id->is_revoked )
228 continue;
229 if (un->pkt->pkt.user_id->is_expired )
230 continue;
231 /* Only skip textual primaries */
232 if (un->pkt->pkt.user_id->is_primary
233 && !un->pkt->pkt.user_id->attrib_data )
234 continue;
235
236 if((opt.verify_options&VERIFY_SHOW_PHOTOS)
237 && un->pkt->pkt.user_id->attrib_data)
238 show_photos(un->pkt->pkt.user_id->attribs,
239 un->pkt->pkt.user_id->numattribs,pk,NULL);
240
241 p=utf8_to_native(un->pkt->pkt.user_id->name,
242 un->pkt->pkt.user_id->len,0);
243
244 tty_printf(_(" aka \"%s\"\n"),p);
245 }
246
247 print_fingerprint (pk, NULL, 2);
248 tty_printf("\n");
249 release_kbnode (keyblock);
250 }
251
252 if(opt.trust_model==TM_DIRECT)
253 {
254 tty_printf(_("How much do you trust that this key actually "
255 "belongs to the named user?\n"));
256 tty_printf("\n");
257 }
258 else
259 {
260 /* This string also used in keyedit.c:trustsig_prompt */
261 tty_printf(_("Please decide how far you trust this user to"
262 " correctly verify other users' keys\n"
263 "(by looking at passports, checking fingerprints from"
264 " different sources, etc.)\n"));
265 tty_printf("\n");
266 }
267
268 if(min_num<=1)
269 tty_printf (_(" %d = I don't know or won't say\n"), 1);
270 if(min_num<=2)
271 tty_printf (_(" %d = I do NOT trust\n"), 2);
272 if(min_num<=3)
273 tty_printf (_(" %d = I trust marginally\n"), 3);
274 if(min_num<=4)
275 tty_printf (_(" %d = I trust fully\n"), 4);
276 if (mode)
277 tty_printf (_(" %d = I trust ultimately\n"), 5);
278 #if 0
279 /* not yet implemented */
280 tty_printf (" i = please show me more information\n");
281 #endif
282 if( mode )
283 tty_printf(_(" m = back to the main menu\n"));
284 else
285 {
286 tty_printf(_(" s = skip this key\n"));
287 tty_printf(_(" q = quit\n"));
288 }
289 tty_printf("\n");
290 if(minimum)
291 tty_printf(_("The minimum trust level for this key is: %s\n\n"),
292 trust_value_to_string(minimum));
293 did_help = 1;
294 }
295 if( strlen(ans) != 8 )
296 BUG();
297 p = cpr_get("edit_ownertrust.value",_("Your decision? "));
298 trim_spaces(p);
299 cpr_kill_prompt();
300 if( !*p )
301 did_help = 0;
302 else if( *p && p[1] )
303 ;
304 else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
305 {
306 unsigned int trust;
307 switch( *p )
308 {
309 case '1': trust = TRUST_UNDEFINED; break;
310 case '2': trust = TRUST_NEVER ; break;
311 case '3': trust = TRUST_MARGINAL ; break;
312 case '4': trust = TRUST_FULLY ; break;
313 case '5': trust = TRUST_ULTIMATE ; break;
314 default: BUG();
315 }
316 if (trust == TRUST_ULTIMATE
317 && !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay",
318 _("Do you really want to set this key"
319 " to ultimate trust? (y/N) ")))
320 ; /* no */
321 else
322 {
323 *new_trust = trust;
324 changed = 1;
325 break;
326 }
327 }
328 #if 0
329 /* not yet implemented */
330 else if( *p == ans[0] || *p == ans[1] )
331 {
332 tty_printf(_("Certificates leading to an ultimately trusted key:\n"));
333 show = 1;
334 break;
335 }
336 #endif
337 else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) )
338 {
339 break ; /* back to the menu */
340 }
341 else if( !mode && (*p == ans[6] || *p == ans[7] ) )
342 {
343 break; /* skip */
344 }
345 else if( !mode && (*p == ans[4] || *p == ans[5] ) )
346 {
347 quit = 1;
348 break ; /* back to the menu */
349 }
350 xfree(p); p = NULL;
351 }
352 xfree(p);
353 return show? -2: quit? -1 : changed;
354 }
355
356 /*
357 * Display a menu to change the ownertrust of the key PK (which should
358 * be a primary key).
359 * For mode values see do_edit_ownertrust ()
360 */
361 int
362 edit_ownertrust (PKT_public_key *pk, int mode )
363 {
364 unsigned int trust = 0;
365 int no_help = 0;
366
367 for(;;)
368 {
369 switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) )
370 {
371 case -1: /* quit */
372 return -1;
373 case -2: /* show info */
374 no_help = 1;
375 break;
376 case 1: /* trust value set */
377 trust &= ~TRUST_FLAG_DISABLED;
378 trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED;
379 update_ownertrust (pk, trust );
380 return 1;
381 default:
382 return 0;
383 }
384 }
385 }
386
387
388 /****************
389 * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
390 * Returns: true if we trust.
391 */
392 static int
393 do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
394 {
395 /* We should not be able to get here with a revoked or expired
396 key */
397 if(trustlevel & TRUST_FLAG_REVOKED
398 || trustlevel & TRUST_FLAG_SUB_REVOKED
399 || (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
400 BUG();
401
402 if( opt.trust_model==TM_ALWAYS )
403 {
404 if( opt.verbose )
405 log_info("No trust check due to `--trust-model always' option\n");
406 return 1;
407 }
408
409 switch(trustlevel & TRUST_MASK)
410 {
411 default:
412 log_error ("invalid trustlevel %u returned from validation layer\n",
413 trustlevel);
414 /* fall thru */
415 case TRUST_UNKNOWN:
416 case TRUST_UNDEFINED:
417 log_info(_("%s: There is no assurance this key belongs"
418 " to the named user\n"),keystr_from_pk(pk));
419 return 0; /* no */
420
421 case TRUST_MARGINAL:
422 log_info(_("%s: There is limited assurance this key belongs"
423 " to the named user\n"),keystr_from_pk(pk));
424 return 1; /* yes */
425
426 case TRUST_FULLY:
427 if( opt.verbose )
428 log_info(_("This key probably belongs to the named user\n"));
429 return 1; /* yes */
430
431 case TRUST_ULTIMATE:
432 if( opt.verbose )
433 log_info(_("This key belongs to us\n"));
434 return 1; /* yes */
435 }
436
437 return 1; /*NOTREACHED*/
438 }
439
440
441 /****************
442 * wrapper around do_we_trust, so we can ask whether to use the
443 * key anyway.
444 */
445 static int
446 do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
447 {
448 int rc;
449
450 rc = do_we_trust( pk, trustlevel );
451
452 if( !opt.batch && !rc )
453 {
454 print_pubkey_info(NULL,pk);
455 print_fingerprint (pk, NULL, 2);
456 tty_printf("\n");
457
458 tty_printf(
459 _("It is NOT certain that the key belongs to the person named\n"
460 "in the user ID. If you *really* know what you are doing,\n"
461 "you may answer the next question with yes.\n"));
462
463 tty_printf("\n");
464
465
466 if (is_status_enabled ())
467 {
468 u32 kid[2];
469 char *hint_str;
470
471 keyid_from_pk (pk, kid);
472 hint_str = get_long_user_id_string ( kid );
473 write_status_text ( STATUS_USERID_HINT, hint_str );
474 xfree (hint_str);
475 }
476
477 if( cpr_get_answer_is_yes("untrusted_key.override",
478 _("Use this key anyway? (y/N) ")) )
479 rc = 1;
480
481 /* Hmmm: Should we set a flag to tell the user about
482 * his decision the next time he encrypts for this recipient?
483 */
484 }
485
486 return rc;
487 }
488
489
490 /****************
491 * Check whether we can trust this signature.
492 * Returns: Error if we shall not trust this signatures.
493 */
494 int
495 check_signatures_trust( PKT_signature *sig )
496 {
497 PKT_public_key *pk = xmalloc_clear( sizeof *pk );
498 unsigned int trustlevel;
499 int rc=0;
500
501 rc = get_pubkey( pk, sig->keyid );
502 if (rc)
503 { /* this should not happen */
504 log_error("Ooops; the key vanished - can't check the trust\n");
505 rc = G10ERR_NO_PUBKEY;
506 goto leave;
507 }
508
509 if ( opt.trust_model==TM_ALWAYS )
510 {
511 if( !opt.quiet )
512 log_info(_("WARNING: Using untrusted key!\n"));
513 if (opt.with_fingerprint)
514 print_fingerprint (pk, NULL, 1);
515 goto leave;
516 }
517
518 if(pk->maybe_revoked && !pk->is_revoked)
519 log_info(_("WARNING: this key might be revoked (revocation key"
520 " not present)\n"));
521
522 trustlevel = get_validity (pk, NULL);
523
524 if ( (trustlevel & TRUST_FLAG_REVOKED) )
525 {
526 write_status( STATUS_KEYREVOKED );
527 if(pk->is_revoked==2)
528 log_info(_("WARNING: This key has been revoked by its"
529 " designated revoker!\n"));
530 else
531 log_info(_("WARNING: This key has been revoked by its owner!\n"));
532 log_info(_(" This could mean that the signature is forged.\n"));
533 show_revocation_reason( pk, 0 );
534 }
535 else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
536 {
537 write_status( STATUS_KEYREVOKED );
538 log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
539 show_revocation_reason( pk, 0 );
540 }
541
542 if ((trustlevel & TRUST_FLAG_DISABLED))
543 log_info (_("Note: This key has been disabled.\n"));
544
545 /* If we have PKA information adjust the trustlevel. */
546 if (sig->pka_info && sig->pka_info->valid)
547 {
548 unsigned char fpr[MAX_FINGERPRINT_LEN];
549 PKT_public_key *primary_pk;
550 size_t fprlen;
551 int okay;
552
553
554 primary_pk = xmalloc_clear (sizeof *primary_pk);
555 get_pubkey (primary_pk, pk->main_keyid);
556 fingerprint_from_pk (primary_pk, fpr, &fprlen);
557 free_public_key (primary_pk);
558
559 if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
560 {
561 okay = 1;
562 write_status_text (STATUS_PKA_TRUST_GOOD, sig->pka_info->email);
563 log_info (_("Note: Verified signer's address is `%s'\n"),
564 sig->pka_info->email);
565 }
566 else
567 {
568 okay = 0;
569 write_status_text (STATUS_PKA_TRUST_BAD, sig->pka_info->email);
570 log_info (_("Note: Signer's address `%s' "
571 "does not match DNS entry\n"), sig->pka_info->email);
572 }
573
574 switch ( (trustlevel & TRUST_MASK) )
575 {
576 case TRUST_UNKNOWN:
577 case TRUST_UNDEFINED:
578 case TRUST_MARGINAL:
579 if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
580 {
581 trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
582 log_info (_("trustlevel adjusted to FULL"
583 " due to valid PKA info\n"));
584 }
585 /* (fall through) */
586 case TRUST_FULLY:
587 if (!okay)
588 {
589 trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_NEVER);
590 log_info (_("trustlevel adjusted to NEVER"
591 " due to bad PKA info\n"));
592 }
593 break;
594 }
595 }
596
597 /* Now let the user know what up with the trustlevel. */
598 switch ( (trustlevel & TRUST_MASK) )
599 {
600 case TRUST_EXPIRED:
601 log_info(_("Note: This key has expired!\n"));
602 print_fingerprint (pk, NULL, 1);
603 break;
604
605 default:
606 log_error ("invalid trustlevel %u returned from validation layer\n",
607 trustlevel);
608 /* fall thru */
609 case TRUST_UNKNOWN:
610 case TRUST_UNDEFINED:
611 write_status( STATUS_TRUST_UNDEFINED );
612 log_info(_("WARNING: This key is not certified with"
613 " a trusted signature!\n"));
614 log_info(_(" There is no indication that the "
615 "signature belongs to the owner.\n" ));
616 print_fingerprint (pk, NULL, 1);
617 break;
618
619 case TRUST_NEVER:
620 /* currently we won't get that status */
621 write_status( STATUS_TRUST_NEVER );
622 log_info(_("WARNING: We do NOT trust this key!\n"));
623 log_info(_(" The signature is probably a FORGERY.\n"));
624 if (opt.with_fingerprint)
625 print_fingerprint (pk, NULL, 1);
626 rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
627 break;
628
629 case TRUST_MARGINAL:
630 write_status( STATUS_TRUST_MARGINAL );
631 log_info(_("WARNING: This key is not certified with"
632 " sufficiently trusted signatures!\n"));
633 log_info(_(" It is not certain that the"
634 " signature belongs to the owner.\n" ));
635 print_fingerprint (pk, NULL, 1);
636 break;
637
638 case TRUST_FULLY:
639 write_status( STATUS_TRUST_FULLY );
640 if (opt.with_fingerprint)
641 print_fingerprint (pk, NULL, 1);
642 break;
643
644 case TRUST_ULTIMATE:
645 write_status( STATUS_TRUST_ULTIMATE );
646 if (opt.with_fingerprint)
647 print_fingerprint (pk, NULL, 1);
648 break;
649 }
650
651 leave:
652 free_public_key( pk );
653 return rc;
654 }
655
656
657 void
658 release_pk_list( PK_LIST pk_list )
659 {
660 PK_LIST pk_rover;
661
662 for( ; pk_list; pk_list = pk_rover ) {
663 pk_rover = pk_list->next;
664 free_public_key( pk_list->pk );
665 xfree( pk_list );
666 }
667 }
668
669
670 static int
671 key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk)
672 {
673 for( ; pk_list; pk_list = pk_list->next)
674 if (cmp_public_keys(pk_list->pk, pk) == 0)
675 return 0;
676
677 return -1;
678 }
679
680
681 /****************
682 * Return a malloced string with a default reciepient if there is any
683 */
684 static char *
685 default_recipient(void)
686 {
687 PKT_secret_key *sk;
688 byte fpr[MAX_FINGERPRINT_LEN+1];
689 size_t n;
690 char *p;
691 int i;
692
693 if( opt.def_recipient )
694 return xstrdup( opt.def_recipient );
695 if( !opt.def_recipient_self )
696 return NULL;
697 sk = xmalloc_clear( sizeof *sk );
698 i = get_seckey_byname( sk, NULL, 0 );
699 if( i ) {
700 free_secret_key( sk );
701 return NULL;
702 }
703 n = MAX_FINGERPRINT_LEN;
704 fingerprint_from_sk( sk, fpr, &n );
705 free_secret_key( sk );
706 p = xmalloc( 2*n+3 );
707 *p++ = '0';
708 *p++ = 'x';
709 for(i=0; i < n; i++ )
710 sprintf( p+2*i, "%02X", fpr[i] );
711 p -= 2;
712 return p;
713 }
714
715 static int
716 expand_id(const char *id,strlist_t *into,unsigned int flags)
717 {
718 struct groupitem *groups;
719 int count=0;
720
721 for(groups=opt.grouplist;groups;groups=groups->next)
722 {
723 /* need strcasecmp() here, as this should be localized */
724 if(strcasecmp(groups->name,id)==0)
725 {
726 strlist_t each,sl;
727
728 /* this maintains the current utf8-ness */
729 for(each=groups->values;each;each=each->next)
730 {
731 sl=add_to_strlist(into,each->d);
732 sl->flags=flags;
733 count++;
734 }
735
736 break;
737 }
738 }
739
740 return count;
741 }
742
743 /* For simplicity, and to avoid potential loops, we only expand once -
744 you can't make an alias that points to an alias. */
745 static strlist_t
746 expand_group(strlist_t input)
747 {
748 strlist_t sl,output=NULL,rover;
749
750 for(rover=input;rover;rover=rover->next)
751 if(expand_id(rover->d,&output,rover->flags)==0)
752 {
753 /* Didn't find any groups, so use the existing string */
754 sl=add_to_strlist(&output,rover->d);
755 sl->flags=rover->flags;
756 }
757
758 return output;
759 }
760
761
762 /* This is the central function to collect the keys for recipients.
763 It is thus used to prepare a public key encryption. encrypt-to
764 keys, default keys and the keys for the actual recipients are all
765 collected here. When not in batch mode and no recipient has been
766 passed on the commandline, the function will also ask for
767 recipients.
768
769 RCPTS is a string list with the recipients; NULL is an allowed
770 value but not very useful. Group expansion is done on these names;
771 they may be in any of the user Id formats we can handle. The flags
772 bits for each string in the string list are used for:
773 Bit 0: This is an encrypt-to recipient.
774 Bit 1: This is a hidden recipient.
775
776 USE is the desired use for the key - usually PUBKEY_USAGE_ENC.
777
778 On success a list of keys is stored at the address RET_PK_LIST; the
779 caller must free this list. On error the value at this address is
780 not changed.
781 */
782 int
783 build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
784 {
785 PK_LIST pk_list = NULL;
786 PKT_public_key *pk=NULL;
787 int rc=0;
788 int any_recipients=0;
789 strlist_t rov,remusr;
790 char *def_rec = NULL;
791
792 /* Try to expand groups if any have been defined. */
793 if (opt.grouplist)
794 remusr = expand_group (rcpts);
795 else
796 remusr = rcpts;
797
798 /* Check whether there are any recipients in the list and build the
799 * list of the encrypt-to ones (we always trust them). */
800 for ( rov = remusr; rov; rov = rov->next )
801 {
802 if ( !(rov->flags & 1) )
803 {
804 /* This is a regular recipient; i.e. not an encrypt-to
805 one. */
806 any_recipients = 1;
807
808 /* Hidden recipients are not allowed while in PGP mode,
809 issue a warning and switch into GnuPG mode. */
810 if ((rov->flags&2) && (PGP2 || PGP6 || PGP7 || PGP8))
811 {
812 log_info(_("you may not use %s while in %s mode\n"),
813 "--hidden-recipient",
814 compliance_option_string());
815
816 compliance_failure();
817 }
818 }
819 else if ( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to )
820 {
821 /* Encryption has been requested and --encrypt-to has not
822 been disabled. Check this encrypt-to key. */
823 pk = xmalloc_clear( sizeof *pk );
824 pk->req_usage = use;
825
826 /* We explicitly allow encrypt-to to an disabled key; thus
827 we pass 1for the second last argument and 1 as the last
828 argument to disable AKL. */
829 if ( (rc = get_pubkey_byname (NULL, pk, rov->d, NULL, NULL, 1, 1)) )
830 {
831 free_public_key ( pk ); pk = NULL;
832 log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
833 write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
834 rov->d, strlen (rov->d), -1);
835 goto fail;
836 }
837 else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
838 {
839 /* Skip the actual key if the key is already present
840 * in the list. Add it to our list if not. */
841 if (key_present_in_pk_list(pk_list, pk) == 0)
842 {
843 free_public_key (pk); pk = NULL;
844 log_info (_("%s: skipped: public key already present\n"),
845 rov->d);
846 }
847 else
848 {
849 PK_LIST r;
850 r = xmalloc( sizeof *r );
851 r->pk = pk; pk = NULL;
852 r->next = pk_list;
853 r->flags = (rov->flags&2)?1:0;
854 pk_list = r;
855
856 /* Hidden encrypt-to recipients are not allowed while
857 in PGP mode, issue a warning and switch into
858 GnuPG mode. */
859 if ((r->flags&1) && (PGP2 || PGP6 || PGP7 || PGP8))
860 {
861 log_info(_("you may not use %s while in %s mode\n"),
862 "--hidden-encrypt-to",
863 compliance_option_string());
864
865 compliance_failure();
866 }
867 }
868 }
869 else
870 {
871 /* The public key is not usable for encryption or not
872 available. */
873 free_public_key( pk ); pk = NULL;
874 log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
875 write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
876 rov->d, strlen (rov->d), -1);
877 goto fail;
878 }
879 }
880 }
881
882 /* If we don't have any recipients yet and we are not in batch mode
883 drop into interactive selection mode. */
884 if ( !any_recipients && !opt.batch )
885 {
886 int have_def_rec;
887 char *answer = NULL;
888 strlist_t backlog = NULL;
889
890 if (pk_list)
891 any_recipients = 1;
892 def_rec = default_recipient();
893 have_def_rec = !!def_rec;
894 if ( !have_def_rec )
895 tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n"));
896
897 for (;;)
898 {
899 rc = 0;
900 xfree(answer);
901 if ( have_def_rec )
902 {
903 /* A default recipient is taken as the first entry. */
904 answer = def_rec;
905 def_rec = NULL;
906 }
907 else if (backlog)
908 {
909 /* This is part of our trick to expand and display groups. */
910 answer = strlist_pop (&backlog);
911 }
912 else
913 {
914 /* Show the list of already collected recipients and ask
915 for more. */
916 PK_LIST iter;
917
918 tty_printf("\n");
919 tty_printf(_("Current recipients:\n"));
920 for (iter=pk_list;iter;iter=iter->next)
921 {
922 u32 keyid[2];
923
924 keyid_from_pk(iter->pk,keyid);
925 tty_printf("%4u%c/%s %s \"",
926 nbits_from_pk(iter->pk),
927 pubkey_letter(iter->pk->pubkey_algo),
928 keystr(keyid),
929 datestr_from_pk(iter->pk));
930
931 if (iter->pk->user_id)
932 tty_print_utf8_string(iter->pk->user_id->name,
933 iter->pk->user_id->len);
934 else
935 {
936 size_t n;
937 char *p = get_user_id( keyid, &n );
938 tty_print_utf8_string( p, n );
939 xfree(p);
940 }
941 tty_printf("\"\n");
942 }
943
944 answer = cpr_get_utf8("pklist.user_id.enter",
945 _("\nEnter the user ID. "
946 "End with an empty line: "));
947 trim_spaces(answer);
948 cpr_kill_prompt();
949 }
950
951 if ( !answer || !*answer )
952 {
953 xfree(answer);
954 break; /* No more recipients entered - get out of loop. */
955 }
956
957 /* Do group expand here too. The trick here is to continue
958 the loop if any expansion occured. The code above will
959 then list all expanded keys. */
960 if (expand_id(answer,&backlog,0))
961 continue;
962
963 /* Get and check key for the current name. */
964 if (pk)
965 free_public_key (pk);
966 pk = xmalloc_clear( sizeof *pk );
967 pk->req_usage = use;
968 rc = get_pubkey_byname (NULL, pk, answer, NULL, NULL, 0, 0 );
969 if (rc)
970 tty_printf(_("No such user ID.\n"));
971 else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
972 {
973 if ( have_def_rec )
974 {
975 /* No validation for a default recipient. */
976 if (!key_present_in_pk_list(pk_list, pk))
977 {
978 free_public_key (pk); pk = NULL;
979 log_info (_("skipped: public key "
980 "already set as default recipient\n") );
981 }
982 else
983 {
984 PK_LIST r = xmalloc (sizeof *r);
985 r->pk = pk; pk = NULL;
986 r->next = pk_list;
987 r->flags = 0; /* No throwing default ids. */
988 pk_list = r;
989 }
990 any_recipients = 1;
991 continue;
992 }
993 else
994 { /* Check validity of this key. */
995 int trustlevel;
996
997 trustlevel = get_validity (pk, pk->user_id);
998 if ( (trustlevel & TRUST_FLAG_DISABLED) )
999 {
1000 tty_printf (_("Public key is disabled.\n") );
1001 }
1002 else if ( do_we_trust_pre (pk, trustlevel) )
1003 {
1004 /* Skip the actual key if the key is already
1005 * present in the list */
1006 if (!key_present_in_pk_list(pk_list, pk))
1007 {
1008 free_public_key(pk); pk = NULL;
1009 log_info(_("skipped: public key already set\n") );
1010 }
1011 else
1012 {
1013 PK_LIST r;
1014 r = xmalloc( sizeof *r );
1015 r->pk = pk; pk = NULL;
1016 r->next = pk_list;
1017 r->flags = 0; /* No throwing interactive ids. */
1018 pk_list = r;
1019 }
1020 any_recipients = 1;
1021 continue;
1022 }
1023 }
1024 }
1025 xfree(def_rec); def_rec = NULL;
1026 have_def_rec = 0;
1027 }
1028 if ( pk )
1029 {
1030 free_public_key( pk );
1031 pk = NULL;
1032 }
1033 }
1034 else if ( !any_recipients && (def_rec = default_recipient()) )
1035 {
1036 /* We are in batch mode and have only a default recipient. */
1037 pk = xmalloc_clear( sizeof *pk );
1038 pk->req_usage = use;
1039
1040 /* The default recipient is allowed to be disabled; thus pass 1
1041 as second last argument. We also don't want an AKL. */
1042 rc = get_pubkey_byname (NULL, pk, def_rec, NULL, NULL, 1, 1);
1043 if (rc)
1044 log_error(_("unknown default recipient \"%s\"\n"), def_rec );
1045 else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use)) )
1046 {
1047 /* Mark any_recipients here since the default recipient
1048 would have been used if it wasn't already there. It
1049 doesn't really matter if we got this key from the default
1050 recipient or an encrypt-to. */
1051 any_recipients = 1;
1052 if (!key_present_in_pk_list(pk_list, pk))
1053 log_info (_("skipped: public key already set "
1054 "as default recipient\n"));
1055 else
1056 {
1057 PK_LIST r = xmalloc( sizeof *r );
1058 r->pk = pk; pk = NULL;
1059 r->next = pk_list;
1060 r->flags = 0; /* No throwing default ids. */
1061 pk_list = r;
1062 }
1063 }
1064 if ( pk )
1065 {
1066 free_public_key( pk );
1067 pk = NULL;
1068 }
1069 xfree(def_rec); def_rec = NULL;
1070 }
1071 else
1072 {
1073 /* General case: Check all keys. */
1074 any_recipients = 0;
1075 for (; remusr; remusr = remusr->next )
1076 {
1077 if ( (remusr->flags & 1) )
1078 continue; /* encrypt-to keys are already handled. */
1079
1080 pk = xmalloc_clear( sizeof *pk );
1081 pk->req_usage = use;
1082 if ((rc = get_pubkey_byname (NULL, pk, remusr->d, NULL, NULL, 0, 0)))
1083 {
1084 /* Key not found or other error. */
1085 free_public_key( pk ); pk = NULL;
1086 log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
1087 write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
1088 remusr->d, strlen (remusr->d),
1089 -1);
1090 goto fail;
1091 }
1092 else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use )) )
1093 {
1094 /* Key found and usable. Check validity. */
1095 int trustlevel;
1096
1097 trustlevel = get_validity (pk, pk->user_id);
1098 if ( (trustlevel & TRUST_FLAG_DISABLED) )
1099 {
1100 /*Key has been disabled. */
1101 free_public_key(pk); pk = NULL;
1102 log_info(_("%s: skipped: public key is disabled\n"),
1103 remusr->d);
1104 write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
1105 remusr->d,
1106 strlen (remusr->d),
1107 -1);
1108 rc=G10ERR_UNU_PUBKEY;
1109 goto fail;
1110 }
1111 else if ( do_we_trust_pre( pk, trustlevel ) )
1112 {
1113 /* Note: do_we_trust may have changed the trustlevel */
1114
1115 /* We have at least one valid recipient. It doesn't
1116 * matters if this recipient is already present. */
1117 any_recipients = 1;
1118
1119 /* Skip the actual key if the key is already present
1120 * in the list */
1121 if (!key_present_in_pk_list(pk_list, pk))
1122 {
1123 free_public_key(pk); pk = NULL;
1124 log_info(_("%s: skipped: public key already present\n"),
1125 remusr->d);
1126 }
1127 else
1128 {
1129 PK_LIST r;
1130 r = xmalloc( sizeof *r );
1131 r->pk = pk; pk = NULL;
1132 r->next = pk_list;
1133 r->flags = (remusr->flags&2)?1:0;
1134 pk_list = r;
1135 }
1136 }
1137 else
1138 { /* We don't trust this key. */
1139 free_public_key( pk ); pk = NULL;
1140 write_status_text_and_buffer (STATUS_INV_RECP, "10 ",
1141 remusr->d,
1142 strlen (remusr->d),
1143 -1);
1144 rc=G10ERR_UNU_PUBKEY;
1145 goto fail;
1146 }
1147 }
1148 else
1149 {
1150 /* Key found but not usable for us (e.g. sign-only key). */
1151 free_public_key( pk ); pk = NULL;
1152 write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
1153 remusr->d,
1154 strlen (remusr->d),
1155 -1);
1156 log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
1157 goto fail;
1158 }
1159 }
1160 }
1161
1162 if ( !rc && !any_recipients )
1163 {
1164 log_error(_("no valid addressees\n"));
1165 write_status_text (STATUS_NO_RECP, "0");
1166 rc = G10ERR_NO_USER_ID;
1167 }
1168
1169 fail:
1170
1171 if ( rc )
1172 release_pk_list( pk_list );
1173 else
1174 *ret_pk_list = pk_list;
1175 if (opt.grouplist)
1176 free_strlist(remusr);
1177 return rc;
1178 }
1179
1180
1181 /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
1182 CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
1183 and all compressions except none (0) and ZIP (1). pgp7 and pgp8
1184 mode expands the cipher list to include AES128 (7), AES192 (8),
1185 AES256 (9), and TWOFISH (10). pgp8 adds the SHA-256 hash (8). For
1186 a true PGP key all of this is unneeded as they are the only items
1187 present in the preferences subpacket, but checking here covers the
1188 weird case of encrypting to a key that had preferences from a
1189 different implementation which was then used with PGP. I am not
1190 completely comfortable with this as the right thing to do, as it
1191 slightly alters the list of what the user is supposedly requesting.
1192 It is not against the RFC however, as the preference chosen will
1193 never be one that the user didn't specify somewhere ("The
1194 implementation may use any mechanism to pick an algorithm in the
1195 intersection"), and PGP has no mechanism to fix such a broken
1196 preference list, so I'm including it. -dms */
1197
1198 int
1199 algo_available( preftype_t preftype, int algo, const union pref_hint *hint)
1200 {
1201 if( preftype == PREFTYPE_SYM )
1202 {
1203 if(PGP6 && (algo != CIPHER_ALGO_IDEA
1204 && algo != CIPHER_ALGO_3DES
1205 && algo != CIPHER_ALGO_CAST5))
1206 return 0;
1207
1208 if(PGP7 && (algo != CIPHER_ALGO_IDEA
1209 && algo != CIPHER_ALGO_3DES
1210 && algo != CIPHER_ALGO_CAST5
1211 && algo != CIPHER_ALGO_AES
1212 && algo != CIPHER_ALGO_AES192
1213 && algo != CIPHER_ALGO_AES256
1214 && algo != CIPHER_ALGO_TWOFISH))
1215 return 0;
1216
1217 /* PGP8 supports all the ciphers we do.. */
1218
1219 return algo && !openpgp_cipher_test_algo ( algo );
1220 }
1221 else if( preftype == PREFTYPE_HASH )
1222 {
1223 if (hint && hint->digest_length)
1224 {
1225 if (hint->digest_length!=20 || opt.flags.dsa2)
1226 {
1227 /* If --enable-dsa2 is set or the hash isn't 160 bits
1228 (which implies DSA2), then we'll accept a hash that
1229 is larger than we need. Otherwise we won't accept
1230 any hash that isn't exactly the right size. */
1231 if (hint->digest_length > gcry_md_get_algo_dlen (algo))
1232 return 0;
1233 }
1234 else if (hint->digest_length != gcry_md_get_algo_dlen (algo))
1235 return 0;
1236 }
1237
1238 if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
1239 && algo != DIGEST_ALGO_SHA1
1240 && algo != DIGEST_ALGO_RMD160))
1241 return 0;
1242
1243
1244 if(PGP8 && (algo != DIGEST_ALGO_MD5
1245 && algo != DIGEST_ALGO_SHA1
1246 && algo != DIGEST_ALGO_RMD160
1247 && algo != DIGEST_ALGO_SHA256))
1248 return 0;
1249
1250 return algo && !openpgp_md_test_algo (algo);
1251 }
1252 else if( preftype == PREFTYPE_ZIP )
1253 {
1254 if((PGP6 || PGP7) && (algo != COMPRESS_ALGO_NONE
1255 && algo != COMPRESS_ALGO_ZIP))
1256 return 0;
1257
1258 /* PGP8 supports all the compression algos we do */
1259
1260 return !check_compress_algo( algo );
1261 }
1262 else
1263 return 0;
1264 }
1265
1266
1267
1268 /****************
1269 * Return -1 if we could not find an algorithm.
1270 */
1271 int
1272 select_algo_from_prefs(PK_LIST pk_list, int preftype, int request,
1273 const union pref_hint *hint)
1274 {
1275 PK_LIST pkr;
1276 u32 bits[8];
1277 const prefitem_t *prefs;
1278 int i, j;
1279 int compr_hack=0;
1280 int any;
1281
1282 if( !pk_list )
1283 return -1;
1284
1285 memset( bits, ~0, 8 * sizeof *bits );
1286 for( pkr = pk_list; pkr; pkr = pkr->next ) {
1287 u32 mask[8];
1288
1289 memset( mask, 0, 8 * sizeof *mask );
1290 if( preftype == PREFTYPE_SYM ) {
1291 if( PGP2 &&
1292 pkr->pk->version < 4 &&
1293 pkr->pk->selfsigversion < 4 )
1294 mask[0] |= (1<<1); /* IDEA is implicitly there for v3 keys
1295 with v3 selfsigs (rfc2440:12.1) if
1296 --pgp2 mode is on. This doesn't
1297 mean it's actually available, of
1298 course. */
1299 else
1300 mask[0] |= (1<<2); /* 3DES is implicitly there for everyone else */
1301 }
1302 else if( preftype == PREFTYPE_HASH ) {
1303 /* While I am including this code for completeness, note
1304 that currently --pgp2 mode locks the hash at MD5, so this
1305 function will never even be called. Even if the hash
1306 wasn't locked at MD5, we don't support sign+encrypt in
1307 --pgp2 mode, and that's the only time PREFTYPE_HASH is
1308 used anyway. -dms */
1309 if( PGP2 &&
1310 pkr->pk->version < 4 &&
1311 pkr->pk->selfsigversion < 4 )
1312 mask[0] |= (1<<1); /* MD5 is there for v3 keys with v3
1313 selfsigs when --pgp2 is on. */
1314 else
1315 mask[0] |= (1<<2); /* SHA1 is there for everyone else */
1316 }
1317 else if( preftype == PREFTYPE_ZIP )
1318 mask[0] |= (1<<0); /* Uncompressed is implicit */
1319
1320 if (pkr->pk->user_id) /* selected by user ID */
1321 prefs = pkr->pk->user_id->prefs;
1322 else
1323 prefs = pkr->pk->prefs;
1324
1325 any = 0;
1326 if( prefs ) {
1327 for (i=0; prefs[i].type; i++ ) {
1328 if( prefs[i].type == preftype ) {
1329 mask[prefs[i].value/32] |= 1 << (prefs[i].value%32);
1330 any = 1;
1331 }
1332 }
1333 }
1334
1335 if( (!prefs || !any) && preftype == PREFTYPE_ZIP ) {
1336 mask[0] |= 3; /* asume no_compression and old pgp */
1337 compr_hack = 1;
1338 }
1339
1340 #if 0
1341 log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX (%s)\n",
1342 (ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4],
1343 (ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0],
1344 keystr_from_pk (pkr->pk));
1345 #endif
1346 for(i=0; i < 8; i++ )
1347 bits[i] &= mask[i];
1348 #if 0
1349 log_debug("pref bits=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n",
1350 (ulong)bits[7], (ulong)bits[6], (ulong)bits[5], (ulong)bits[4],
1351 (ulong)bits[3], (ulong)bits[2], (ulong)bits[1], (ulong)bits[0]);
1352 #endif
1353 }
1354 /* usable algorithms are now in bits
1355 * We now use the last key from pk_list to select
1356 * the algorithm we want to use. there are no
1357 * preferences for the last key, we select the one
1358 * corresponding to first set bit.
1359 */
1360 i = -1;
1361 any = 0;
1362
1363 /* Can we use the requested algorithm? */
1364 if(request>-1 && (bits[request/32] & (1<<(request%32))) &&
1365 algo_available(preftype,request,hint))
1366 return request;
1367
1368 /* If we have personal prefs set, use them instead of the last key */
1369 if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs)
1370 prefs=opt.personal_cipher_prefs;
1371 else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs)
1372 prefs=opt.personal_digest_prefs;
1373 else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs)
1374 prefs=opt.personal_compress_prefs;
1375
1376 if( prefs ) {
1377 for(j=0; prefs[j].type; j++ ) {
1378 if( prefs[j].type == preftype ) {
1379 if( (bits[prefs[j].value/32] & (1<<(prefs[j].value%32))) ) {
1380 if( algo_available( preftype, prefs[j].value, hint ) ) {
1381 any = 1;
1382 i = prefs[j].value;
1383 break;
1384 }
1385 }
1386 }
1387 }
1388 }
1389 if( !prefs || !any ) {
1390 for(j=0; j < 256; j++ )
1391 if( (bits[j/32] & (1<<(j%32))) ) {
1392 if( algo_available( preftype, j, hint ) ) {
1393 i = j;
1394 break;
1395 }
1396 }
1397 }
1398
1399 #if 0
1400 log_debug("prefs of type %d: selected %d\n", preftype, i );
1401 #endif
1402 if( compr_hack && !i ) {
1403 /* selected no compression, but we should check whether
1404 * algorithm 1 is also available (the ordering is not relevant
1405 * in this case). */
1406 if( bits[0] & (1<<1) )
1407 i = 1; /* yep; we can use compression algo 1 */
1408 }
1409
1410 /* "If you are building an authentication system, the recipient
1411 may specify a preferred signing algorithm. However, the signer
1412 would be foolish to use a weak algorithm simply because the
1413 recipient requests it." RFC2440:13. If we settle on MD5, and
1414 SHA1 is also available, use SHA1 instead. Of course, if the
1415 user intentionally chose MD5 (by putting it in their personal
1416 prefs), then we should do what they say. */
1417
1418 if(preftype==PREFTYPE_HASH &&
1419 i==DIGEST_ALGO_MD5 && (bits[0] & (1<<DIGEST_ALGO_SHA1)))
1420 {
1421 i=DIGEST_ALGO_SHA1;
1422
1423 if(opt.personal_digest_prefs)
1424 for(j=0; prefs[j].type; j++ )
1425 if(opt.personal_digest_prefs[j].type==PREFTYPE_HASH &&
1426 opt.personal_digest_prefs[j].value==DIGEST_ALGO_MD5)
1427 {
1428 i=DIGEST_ALGO_MD5;
1429 break;
1430 }
1431 }
1432
1433 return i;
1434 }
1435
1436 /*
1437 * Select the MDC flag from the pk_list. We can only use MDC if all
1438 * recipients support this feature.
1439 */
1440 int
1441 select_mdc_from_pklist (PK_LIST pk_list)
1442 {
1443 PK_LIST pkr;
1444
1445 if ( !pk_list )
1446 return 0;
1447
1448 for (pkr = pk_list; pkr; pkr = pkr->next)
1449 {
1450 int mdc;
1451
1452 if (pkr->pk->user_id) /* selected by user ID */
1453 mdc = pkr->pk->user_id->flags.mdc;
1454 else
1455 mdc = pkr->pk->mdc_feature;
1456 if (!mdc)
1457 return 0; /* At least one recipient does not support it. */
1458 }
1459 return 1; /* Can be used. */
1460 }
1461
1462
1463 /* Print a warning for all keys in PK_LIST missing the MDC feature. */
1464 void
1465 warn_missing_mdc_from_pklist (PK_LIST pk_list)
1466 {
1467 PK_LIST pkr;
1468
1469 for (pkr = pk_list; pkr; pkr = pkr->next)
1470 {
1471 int mdc;
1472
1473 if (pkr->pk->user_id) /* selected by user ID */
1474 mdc = pkr->pk->user_id->flags.mdc;
1475 else
1476 mdc = pkr->pk->mdc_feature;
1477 if (!mdc)
1478 log_info (_("Note: key %s has no %s feature\n"),
1479 keystr_from_pk (pkr->pk), "MDC");
1480 }
1481 }
1482
1483 void
1484 warn_missing_aes_from_pklist (PK_LIST pk_list)
1485 {
1486 PK_LIST pkr;
1487
1488 for (pkr = pk_list; pkr; pkr = pkr->next)
1489 {
1490 const prefitem_t *prefs;
1491 int i;
1492 int gotit = 0;
1493
1494 prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
1495 if (prefs)
1496 {
1497 for (i=0; !gotit && prefs[i].type; i++ )
1498 if (prefs[i].type == PREFTYPE_SYM
1499 && prefs[i].value == CIPHER_ALGO_AES)
1500 gotit++;
1501 }
1502 if (!gotit)
1503 log_info (_("Note: key %s has no preference for %s\n"),
1504 keystr_from_pk (pkr->pk), "AES");
1505 }
1506 }
gnupg svn clone