| blob | 4630967116db7bb863bab4a44d443c2907f72e2f |
1 /* trustdb.c
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
3 * 2005 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
27 #ifndef DISABLE_REGEX
28 #include <sys/types.h>
29 #ifdef USE_INTERNAL_REGEX
31 #else
32 #include <regex.h>
33 #endif
49 /*
50 * A structure to store key identification as well as some stuff needed
51 * for validation
52 */
56 byte trust_depth;
57 byte trust_value;
60 };
65 /*
66 * Structure to keep track of keys, this is used as an array wherre
67 * the item right after the last one has a keyblock set to NULL.
68 * Maybe we can drop this thing and replace it by key_item
69 */
71 KBNODE keyblock;
72 };
75 /* control information for the trust DB */
82 /* some globals */
90 \f
91 /**********************************************
92 ************* some helpers *******************
93 **********************************************/
97 {
102 }
104 static void
106 {
110 {
114 }
115 }
117 /*
118 * For fast keylook up we need a hash table. Each byte of a KeyIDs
119 * should be distributed equally over the 256 possible values (except
120 * for v3 keyIDs but we consider them as not important here). So we
121 * can just use 10 bits to index a table of 1024 key items.
122 * Possible optimization: Don not use key_items but other hash_table when the
123 * duplicates lists gets too large.
124 */
125 static KeyHashTable
127 {
132 }
134 static void
136 {
144 }
146 /*
147 * Returns: True if the keyID is in the given hash table
148 */
149 static int
151 {
158 }
160 /*
161 * Add a new key to the hash table. The key is identified by its key ID.
162 */
163 static void
165 {
177 }
179 /*
180 * Release a key_array
181 */
182 static void
184 {
191 }
192 }
194 \f
195 /*********************************************
196 ********** Initialization *****************
197 *********************************************/
201 /*
202 * Used to register extra ultimately trusted keys - this has to be done
203 * before initializing the validation module.
204 * FIXME: Should be replaced by a function to add those keys to the trustdb.
205 */
206 void
208 {
216 }
218 void
220 {
221 KEYDB_SEARCH_DESC desc;
224 {
227 }
230 }
232 /*
233 * Helper to add a key to the global list of ultimately trusted keys.
234 * Retruns: true = inserted, false = already in in list.
235 */
236 static int
238 {
242 {
244 {
246 }
247 }
258 }
261 /****************
262 * Verify that all our secret keys are usable and put them into the utk_list.
263 */
264 static void
266 {
267 TRUSTREC rec;
268 ulong recnum;
275 /* scan the trustdb to find all ultimately trusted keys */
277 {
280 {
285 /* Problem: We do only use fingerprints in the trustdb but
286 * we need the keyID here to indetify the key; we can only
287 * use that ugly hack to distinguish between 16 and 20
288 * butes fpr - it does not work always so we better change
289 * the whole validation code to only work with
290 * fingerprints */
296 }
297 }
299 /* Put any --trusted-key keys into the trustdb */
301 {
304 PKT_public_key pk;
311 else
312 {
317 }
320 }
321 }
323 /* release the helper table table */
327 }
329 \f
330 /*********************************************
331 *********** TrustDB stuff *******************
332 *********************************************/
334 /*
335 * Read a record but die if it does not exist
336 */
337 static void
339 {
342 {
346 }
348 {
352 }
353 }
355 /*
356 * Write a record and die on error
357 */
358 static void
360 {
363 {
367 }
368 }
370 /*
371 * sync the TrustDb and die on error
372 */
373 static void
375 {
378 {
381 }
382 }
386 {
388 {
395 }
396 }
398 /****************
399 * Perform some checks over the trustdb
400 * level 0: only open the db
401 * 1: used for initial program startup
402 */
403 int
405 {
406 /* just store the args */
412 }
414 void
416 {
426 {
430 }
431 else
435 {
436 /* Try and set the trust model off of whatever the trustdb says
437 it is. */
440 /* Sanity check this ;) */
444 {
448 }
452 }
455 {
456 /* Verify the list of ultimately trusted keys and move the
457 --trusted-keys list there as well. */
463 }
464 }
467 /***********************************************
468 ************* Print helpers ****************
469 ***********************************************/
471 /****************
472 * This function returns a letter for a trustvalue Trust flags
473 * are ignore.
474 */
475 static int
477 {
479 {
488 }
489 }
491 /* NOTE TO TRANSLATOR: these strings are similar to those in
492 trust_value_to_string(), but are a fixed length. This is needed to
493 make attractive information listings where columns line up
494 properly. The value "10" should be the length of the strings you
495 choose to translate to. This is the length in printable columns.
496 It gets passed to atoi() so everything after the number is
497 essentially a comment and need not be translated. Either key and
498 uid are both NULL, or neither are NULL. */
501 {
510 {
517 }
520 }
522 /* The strings here are similar to those in
523 pkclist.c:do_edit_ownertrust() */
526 {
528 {
537 }
538 }
540 int
542 {
553 else
555 }
557 /****************
558 * Recreate the WoT but do not ask for new ownertrusts. Special
559 * feature: In batch mode and without a forced yes, this is only done
560 * when a check is due. This can be used to run the check from a crontab
561 */
562 void
564 {
567 {
569 {
570 ulong scheduled;
574 {
577 }
580 {
584 }
585 }
588 }
589 else
592 }
595 /*
596 * Recreate the WoT.
597 */
598 void
600 {
604 else
607 }
609 void
611 {
613 /* we simply set the time for the next check to 1 (far back in 1970)
614 * so that a --update-trustdb will be scheduled */
618 }
620 int
622 {
624 }
626 /* If the trustdb is dirty, and we're interactive, update it.
627 Otherwise, check it unless no-auto-check-trustdb is set. */
628 void
630 {
632 {
637 }
638 }
640 void
643 {
644 TRUSTREC opts;
662 }
664 /***********************************************
665 *********** Ownertrust et al. ****************
666 ***********************************************/
668 static int
670 {
678 {
682 }
685 {
689 }
692 }
694 /****************
695 * Return the assigned ownertrust value for the given public key.
696 * The key should be the primary key.
697 */
698 unsigned int
700 {
701 TRUSTREC rec;
708 {
711 }
714 }
716 unsigned int
718 {
719 TRUSTREC rec;
726 {
729 }
732 }
734 /*
735 * Same as get_ownertrust but this takes the minimum ownertrust value
736 * into into account, and will bump up the value as needed.
737 */
738 static int
740 {
746 {
747 /* If the trust that the user has set is less than the trust
748 that was calculated from a trust signature chain, use the
749 higher of the two. We do this here and not in
750 get_ownertrust since the underlying ownertrust should not
751 really be set - just the appearance of the ownertrust. */
754 }
757 }
759 /*
760 * Same as get_ownertrust but return a trust letter instead of an
761 * value. This takes the minimum ownertrust value into account.
762 */
763 int
765 {
767 }
769 /*
770 * Same as get_ownertrust but return a trust string instead of an
771 * value. This takes the minimum ownertrust value into account.
772 */
775 {
777 }
779 /*
780 * Set the trust value of the given public key to the new value.
781 * The key should be a primary one.
782 */
783 void
785 {
786 TRUSTREC rec;
791 {
796 {
801 }
802 }
819 }
820 else
821 {
823 }
824 }
826 static void
828 {
830 TRUSTREC rec;
836 {
839 }
843 {
848 new_trust );
850 {
855 }
856 }
873 }
874 else
875 {
877 }
878 }
880 /* Clear the ownertrust and min_ownertrust values. Return true if a
881 change actually happened. */
882 int
884 {
885 TRUSTREC rec;
890 {
892 {
897 }
899 {
906 }
907 }
909 {
911 }
913 }
915 /*
916 * Note: Caller has to do a sync
917 */
918 static void
921 {
924 ulong recno;
930 {
933 }
935 {
944 }
946 /* locate an existing one */
949 {
954 }
957 {
964 }
971 }
974 /***********************************************
975 ********* Query trustdb values **************
976 ***********************************************/
978 /* Return true if key is disabled */
979 int
981 {
983 TRUSTREC trec;
993 {
996 }
1003 /* Cache it for later so we don't need to look at the trustdb every
1004 time */
1007 else
1010 leave:
1012 }
1014 void
1016 {
1022 {
1023 ulong scheduled;
1028 {
1030 {
1033 }
1034 else
1035 {
1038 }
1039 }
1040 }
1041 }
1043 /*
1044 * Return the validity information for PK. If the namehash is not
1045 * NULL, the validity of the corresponsing user ID is returned,
1046 * otherwise, a reasonable value for the entire key is returned.
1047 */
1048 unsigned int
1050 {
1053 ulong recno;
1070 {
1077 }
1078 }
1079 else
1083 {
1084 /* Note that this happens BEFORE any user ID stuff is checked.
1085 The direct trust model applies to keys as a whole. */
1088 }
1092 {
1095 }
1097 {
1100 }
1102 /* loop over all user IDs */
1106 {
1110 {
1111 /* If a user ID is given we return the validity for that
1112 user ID ONLY. If the namehash is not found, then there
1113 is no validity at all (i.e. the user ID wasn't
1114 signed). */
1116 {
1119 }
1120 }
1121 else
1122 {
1123 /* If no namehash is given, we take the maximum validity
1124 over all user IDs */
1127 }
1130 }
1133 {
1136 }
1137 else
1140 leave:
1141 /* set some flags direct from the key */
1146 /* Note: expiration is a trust value and not a flag - don't know why
1147 * I initially designed it that way */
1157 }
1159 int
1161 {
1168 }
1172 {
1179 }
1181 static void
1183 {
1185 ulong recno;
1199 /* loop over all user IDs */
1202 {
1206 {
1209 /* printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
1211 }
1214 }
1215 }
1217 void
1219 {
1220 }
1222 /****************
1223 * Enumerate all keys, which are needed to build all trust paths for
1224 * the given key. This function does not return the key itself or
1225 * the ultimate key (the last point in cerificate chain). Only
1226 * certificate chains which ends up at an ultimately trusted key
1227 * are listed. If ownertrust or validity is not NULL, the corresponding
1228 * value for the returned LID is also returned in these variable(s).
1229 *
1230 * 1) create a void pointer and initialize it to NULL
1231 * 2) pass this void pointer by reference to this function.
1232 * Set lid to the key you want to enumerate and pass it by reference.
1233 * 3) call this function as long as it does not return -1
1234 * to indicate EOF. LID does contain the next key used to build the web
1235 * 4) Always call this function a last time with LID set to NULL,
1236 * so that it can free its context.
1237 *
1238 * Returns: -1 on EOF or the level of the returned LID
1239 */
1240 int
1243 {
1245 }
1248 /****************
1249 * Print the current path
1250 */
1251 void
1254 {
1256 }
1259 \f
1260 /****************************************
1261 *********** NEW NEW NEW ****************
1262 ****************************************/
1264 static int
1266 {
1274 {
1278 }
1281 {
1286 }
1287 else
1288 {
1294 else
1296 }
1301 }
1304 static void
1306 {
1310 {
1315 }
1316 }
1319 static void
1321 {
1325 {
1334 {
1336 {
1349 }
1350 }
1351 }
1352 }
1355 static void
1357 {
1358 KBNODE node;
1363 {
1365 {
1373 else
1377 {
1384 }
1385 }
1386 }
1390 }
1392 /*
1393 * check whether the signature sig is in the klist k
1394 */
1397 {
1399 {
1402 }
1404 }
1406 /*
1407 * Mark the signature of the given UID which are used to certify it.
1408 * To do this, we first revmove all signatures which are not valid and
1409 * from the remain ones we look for the latest one. If this is not a
1410 * certification revocation signature we mark the signature by setting
1411 * node flag bit 8. Revocations are marked with flag 11, and sigs
1412 * from unavailable keys are marked with flag 12. Note that flag bits
1413 * 9 and 10 are used for internal purposes.
1414 */
1415 static void
1419 {
1420 KBNODE node;
1423 /* first check all signatures */
1425 {
1443 invalid signature */
1447 {
1448 /* we ignore anything that won't verify, but tag the
1449 no_pubkey case */
1453 }
1455 }
1456 /* reset the remaining flags */
1460 /* kbnode flag usage: bit 9 is here set for signatures to consider,
1461 * bit 10 will be set by the loop to keep track of keyIDs already
1462 * processed, bit 8 will be set for the usable signatures, and bit
1463 * 11 will be set for usable revocations. */
1465 /* for each cert figure out the latest valid one */
1467 {
1470 u32 sigdate;
1484 /* Now find the latest and greatest signature */
1486 {
1498 /* If signode is nonrevocable and unexpired and n isn't,
1499 then take signode (skip). It doesn't matter which is
1500 older: if signode was older then we don't want to take n
1501 as signode is nonrevocable. If n was older then we're
1502 automatically fine. */
1514 /* If n is nonrevocable and unexpired and signode isn't,
1515 then take n. Again, it doesn't matter which is older: if
1516 n was older then we don't want to take signode as n is
1517 nonrevocable. If signode was older then we're
1518 automatically fine. */
1528 {
1532 }
1534 /* At this point, if it's newer, it goes in as the only
1535 remaining possibilities are signode and n are both either
1536 revocable or expired or both nonrevocable and unexpired.
1537 If the timestamps are equal take the later ordered
1538 packet, presuming that the key packets are hopefully in
1539 their original order. */
1542 {
1545 }
1546 }
1551 * Just need to check whether there is an expiration time,
1552 * We do the expired certification after finding a suitable
1553 * certification, the assumption is that a signator does not
1554 * want that after the expiration of his certificate the
1555 * system falls back to an older certification which has a
1556 * different expiration time */
1558 u32 expire;
1564 {
1568 }
1569 }
1570 else
1572 }
1573 }
1575 static int
1577 {
1579 KBNODE node;
1586 /* Passing in a 0 for current time here means that we'll never weed
1587 out an expired sig. This is correct behavior since we want to
1588 keep the most recent expired sig in a series. */
1591 /* What we want to do here is remove signatures that are not
1592 considered as part of the trust calculations. Thus, all invalid
1593 signatures are out, as are any signatures that aren't the last of
1594 a series of uid sigs or revocations It breaks down like this:
1595 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
1596 not even a candidate. If a sig has flag 9 or 10, that means it
1597 was selected as a candidate and vetted. If a sig has flag 8 it
1598 is a usable signature. If a sig has flag 11 it is a usable
1599 revocation. If a sig has flag 12 it was issued by an unavailable
1600 key. "Usable" here means the most recent valid
1601 signature/revocation in a series from a particular signer.
1603 Delete everything that isn't a usable uid sig (which might be
1604 expired), a usable revocation, or a sig from an unavailable
1605 key. */
1610 {
1614 /* Keep usable uid sigs ... */
1618 /* ... and usable revocations... */
1622 /* ... and sigs from unavailable keys. */
1623 /* disabled for now since more people seem to want sigs from
1624 unavailable keys removed altogether. */
1625 /*
1626 if(node->flag & (1<<12))
1627 continue;
1628 */
1630 /* Everything else we delete */
1632 /* At this point, if 12 is set, the signing key was unavailable.
1633 If 9 or 10 is set, it's superceded. Otherwise, it's
1634 invalid. */
1644 deleted++;
1645 }
1648 }
1650 /* This is substantially easier than clean_sigs_from_uid since we just
1651 have to establish if the uid has a valid self-sig, is not revoked,
1652 and is not expired. Note that this does not take into account
1653 whether the uid has a trust path to it - just whether the keyholder
1654 themselves has certified the uid. Returns true if the uid was
1655 compacted. To "compact" a user ID, we simply remove ALL signatures
1656 except the self-sig that caused the user ID to be remove-worthy.
1657 We don't actually remove the user ID packet itself since it might
1658 be ressurected in a later merge. Note that this function requires
1659 that the caller has already done a merge_keys_and_selfsig().
1661 TODO: change the import code to allow importing a uid with only a
1662 revocation if the uid already exists on the keyring. */
1664 static int
1666 {
1667 KBNODE node;
1674 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
1675 IDs if --allow-non-selfsigned-uid is set. */
1685 {
1689 }
1692 {
1700 else
1705 reason);
1708 }
1711 }
1713 /* Needs to be called after a merge_keys_and_selfsig() */
1714 void
1717 {
1729 /* Do clean_uid_from_key first since if it fires off, we don't
1730 have to bother with the other */
1734 }
1736 void
1739 {
1740 KBNODE uidnode;
1750 }
1752 /* Used by validate_one_keyblock to confirm a regexp within a trust
1753 signature. Returns 1 for match, and 0 for no match or regex
1754 error. */
1755 static int
1757 {
1758 #ifdef DISABLE_REGEX
1759 /* When DISABLE_REGEX is defined, assume all regexps do not
1760 match. */
1762 #elif defined(__riscos__)
1764 #else
1766 regex_t pat;
1779 #endif
1780 }
1782 /*
1783 * Return true if the key is signed by one of the keys in the given
1784 * key ID list. User IDs with a valid signature are marked by node
1785 * flags as follows:
1786 * flag bit 0: There is at least one signature
1787 * 1: There is marginal confidence that this is a legitimate uid
1788 * 2: There is full confidence that this is a legitimate uid.
1789 * 8: Used for internal purposes.
1790 * 9: Ditto (in mark_usable_uid_certs())
1791 * 10: Ditto (ditto)
1792 * This function assumes that all kbnode flags are cleared on entry.
1793 */
1794 static int
1797 {
1807 {
1808 /* A bit of discussion here: is it better for the web of trust
1809 to be built among only self-signed uids? On the one hand, a
1810 self-signed uid is a statement that the key owner definitely
1811 intended that uid to be there, but on the other hand, a
1812 signed (but not self-signed) uid does carry trust, of a sort,
1813 even if it is a statement being made by people other than the
1814 key owner "through" the uids on the key owner's key. I'm
1815 going with the latter. However, if the user ID was
1816 explicitly revoked, or passively allowed to expire, that
1817 should stop validity through the user ID until it is
1818 resigned. -dshaw */
1823 {
1825 {
1833 }
1837 /* If the selfsig is going to expire... */
1845 }
1848 {
1849 /* Note that we are only seeing unrevoked sigs here */
1853 /* If the trust_regexp does not match, it's as if the sig
1854 did not exist. This is safe for non-trust sigs as well
1855 since we don't accept a regexp on the sig unless it's a
1856 trust sig. */
1860 {
1866 /* Are we part of a trust sig chain? We always favor
1867 the latest trust sig, rather than the greater or
1868 lesser trust sig or value. I could make a decent
1869 argument for any of these cases, but this seems to be
1870 what PGP does, and I'd like to be compatible. -dms */
1875 {
1876 /* If we got here, we know that:
1878 this is a trust sig.
1880 it's a newer trust sig than any previous trust
1881 sig on this key (not uid).
1883 it is legal in that it was either generated by an
1884 ultimate key, or a key that was part of a trust
1885 chain, and the depth does not violate the
1886 original trust sig.
1888 if there is a regexp attached, it matched
1889 successfully.
1890 */
1901 /* If the trust sig contains a regexp, record it
1902 on the pk for the next round. */
1905 }
1914 }
1915 }
1916 }
1919 {
1927 }
1930 }
1933 static int
1935 {
1937 }
1940 /*
1941 * Scan all keys and return a key_array of all suitable keys from
1942 * kllist. The caller has to pass keydb handle so that we don't use
1943 * to create our own. Returns either a key_array or NULL in case of
1944 * an error. No results found are indicated by an empty array.
1945 * Caller hast to release the returned array.
1946 */
1950 {
1955 KEYDB_SEARCH_DESC desc;
1963 {
1967 }
1975 {
1978 }
1980 {
1984 }
1987 do
1988 {
1993 {
1997 }
2000 {
2006 }
2008 /* prepare the keyblock for further processing */
2013 {
2014 /* it does not make sense to look further at those keys */
2016 }
2018 {
2019 KBNODE node;
2028 }
2031 /* Optimization - if all uids are fully trusted, then we
2032 never need to consider this key as a candidate again. */
2042 }
2046 }
2049 {
2053 }
2057 }
2059 /* Caller must sync */
2060 static void
2062 {
2063 TRUSTREC rec;
2064 ulong recnum;
2068 {
2070 {
2071 count++;
2073 {
2076 }
2078 }
2083 {
2086 nreset++;
2088 }
2090 }
2095 }
2097 /*
2098 * Run the key validation procedure.
2099 *
2100 * This works this way:
2101 * Step 1: Find all ultimately trusted keys (UTK).
2102 * mark them all as seen and put them into klist.
2103 * Step 2: loop max_cert_times
2104 * Step 3: if OWNERTRUST of any key in klist is undefined
2105 * ask user to assign ownertrust
2106 * Step 4: Loop over all keys in the keyDB which are not marked seen
2107 * Step 5: if key is revoked or expired
2108 * mark key as seen
2109 * continue loop at Step 4
2110 * Step 6: For each user ID of that key signed by a key in klist
2111 * Calculate validity by counting trusted signatures.
2112 * Set validity of user ID
2113 * Step 7: If any signed user ID was found
2114 * mark key as seen
2115 * End Loop
2116 * Step 8: Build a new klist from all fully trusted keys from step 6
2117 * End Loop
2118 * Ready
2119 *
2120 */
2121 static int
2123 {
2131 KBNODE node;
2137 /* Make sure we have all sigs cached. TODO: This is going to
2138 require some architectual re-thinking, as it is agonizingly slow.
2139 Perhaps combine this with reset_trust_records(), or only check
2140 the caches on keys that are actually involved in the web of
2141 trust. */
2153 /* Fixme: Instead of always building a UTK list, we could just build it
2154 * here when needed */
2156 {
2160 }
2162 /* mark all UTKs as used and fully_trusted and set validity to
2163 ultimate */
2165 {
2166 KBNODE keyblock;
2171 {
2175 }
2181 {
2184 }
2191 }
2199 {
2201 /* See whether we should assign ownertrust values to the keys in
2202 klist. */
2206 {
2209 /* 120 and 60 are as per RFC2440 */
2219 {
2223 {
2226 }
2227 }
2229 /* This can happen during transition from an old trustdb
2230 before trust sigs. It can also happen if a user uses two
2231 different versions of GnuPG or changes the --trust-model
2232 setting. */
2234 {
2243 }
2246 ot_unknown++;
2248 ot_undefined++;
2250 ot_never++;
2252 ot_marginal++;
2254 ot_full++;
2256 ot_ultimate++;
2258 valids++;
2259 }
2261 /* Find all keys which are signed by a key in kdlist */
2265 {
2269 }
2272 ;
2274 /* Store the calculated valididation status somewhere */
2286 /* Build a new kdlist from all fully valid keys in KEYS */
2291 {
2293 {
2295 {
2298 /* have we used this key already? */
2301 {
2302 /* Normally we add both the primary and subkey
2303 ids to the hash via mark_keyblock_seen, but
2304 since we aren't using this hash as a skipfnc,
2305 that doesn't matter here. */
2326 }
2327 }
2328 }
2329 }
2334 }
2336 leave:
2344 {
2347 else
2348 {
2352 }
2355 {
2359 }
2363 }
2366 }