1 /* skclist.c - Build a list of secret keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
36 #ifndef GCRYCTL_FAKED_RANDOM_P
37 #define GCRYCTL_FAKED_RANDOM_P 51
40 /* Return true if Libgcrypt's RNG is in faked mode. */
42 random_is_faked (void)
44 return !!gcry_control ( GCRYCTL_FAKED_RANDOM_P
, 0);
50 release_sk_list( SK_LIST sk_list
)
54 for( ; sk_list
; sk_list
= sk_rover
) {
55 sk_rover
= sk_list
->next
;
56 free_secret_key( sk_list
->sk
);
62 /* Check that we are only using keys which don't have
63 * the string "(insecure!)" or "not secure" or "do not use"
64 * in one of the user ids
67 is_insecure( PKT_secret_key
*sk
)
70 KBNODE node
= NULL
, u
;
73 keyid_from_sk( sk
, keyid
);
74 node
= get_pubkeyblock( keyid
);
75 for ( u
= node
; u
; u
= u
->next
) {
76 if ( u
->pkt
->pkttype
== PKT_USER_ID
) {
77 PKT_user_id
*id
= u
->pkt
->pkt
.user_id
;
78 if ( id
->attrib_data
)
79 continue; /* skip attribute packets */
80 if ( strstr( id
->name
, "(insecure!)" )
81 || strstr( id
->name
, "not secure" )
82 || strstr( id
->name
, "do not use" )
83 || strstr( id
->name
, "(INSECURE!)" ) ) {
89 release_kbnode( node
);
95 key_present_in_sk_list(SK_LIST sk_list
, PKT_secret_key
*sk
)
97 for (; sk_list
; sk_list
= sk_list
->next
) {
98 if ( !cmp_secret_keys(sk_list
->sk
, sk
) )
105 is_duplicated_entry (strlist_t list
, strlist_t item
)
107 for(; list
&& list
!= item
; list
= list
->next
) {
108 if ( !strcmp (list
->d
, item
->d
) )
116 build_sk_list( strlist_t locusr
, SK_LIST
*ret_sk_list
,
117 int unlock
, unsigned int use
)
119 SK_LIST sk_list
= NULL
;
123 { /* use the default one */
126 sk
= xmalloc_clear( sizeof *sk
);
128 if( (rc
= get_seckey_byname( sk
, NULL
, unlock
)) ) {
129 free_secret_key( sk
); sk
= NULL
;
130 log_error("no default secret key: %s\n", g10_errstr(rc
) );
132 else if( !(rc
=openpgp_pk_test_algo2 (sk
->pubkey_algo
, use
)) )
136 if( random_is_faked() && !is_insecure( sk
) )
138 log_info(_("key is not flagged as insecure - "
139 "can't use it with the faked RNG!\n"));
140 free_secret_key( sk
); sk
= NULL
;
144 r
= xmalloc( sizeof *r
);
145 r
->sk
= sk
; sk
= NULL
;
153 free_secret_key( sk
); sk
= NULL
;
154 log_error("invalid default secret key: %s\n", g10_errstr(rc
) );
158 strlist_t locusr_orig
= locusr
;
159 for(; locusr
; locusr
= locusr
->next
) {
163 /* Do an early check agains duplicated entries. However this
164 * won't catch all duplicates because the user IDs may be
165 * specified in different ways.
167 if ( is_duplicated_entry ( locusr_orig
, locusr
) )
169 log_error(_("skipped \"%s\": duplicated\n"), locusr
->d
);
172 sk
= xmalloc_clear( sizeof *sk
);
174 if( (rc
= get_seckey_byname( sk
, locusr
->d
, 0 )) )
176 free_secret_key( sk
); sk
= NULL
;
177 log_error(_("skipped \"%s\": %s\n"),
178 locusr
->d
, g10_errstr(rc
) );
180 else if ( key_present_in_sk_list(sk_list
, sk
) == 0) {
181 free_secret_key(sk
); sk
= NULL
;
182 log_info(_("skipped: secret key already present\n"));
184 else if ( unlock
&& (rc
= check_secret_key( sk
, 0 )) )
186 free_secret_key( sk
); sk
= NULL
;
187 log_error(_("skipped \"%s\": %s\n"),
188 locusr
->d
, g10_errstr(rc
) );
190 else if( !(rc
=openpgp_pk_test_algo2 (sk
->pubkey_algo
, use
)) ) {
193 if( sk
->version
== 4 && (use
& PUBKEY_USAGE_SIG
)
194 && sk
->pubkey_algo
== PUBKEY_ALGO_ELGAMAL_E
)
196 log_info(_("skipped \"%s\": %s\n"),locusr
->d
,
197 _("this is a PGP generated Elgamal key which"
198 " is not secure for signatures!"));
199 free_secret_key( sk
); sk
= NULL
;
201 else if( random_is_faked() && !is_insecure( sk
) ) {
202 log_info(_("key is not flagged as insecure - "
203 "can't use it with the faked RNG!\n"));
204 free_secret_key( sk
); sk
= NULL
;
207 r
= xmalloc( sizeof *r
);
208 r
->sk
= sk
; sk
= NULL
;
215 free_secret_key( sk
); sk
= NULL
;
216 log_error("skipped \"%s\": %s\n", locusr
->d
, g10_errstr(rc
) );
222 if( !rc
&& !sk_list
) {
223 log_error("no valid signators\n");
224 rc
= G10ERR_NO_USER_ID
;
228 release_sk_list( sk_list
);
230 *ret_sk_list
= sk_list
;