| blob | 1d083a73843bed98458a54dffbc3456bc359a80e |
1 /* trustdb.c
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
27 #ifndef DISABLE_REGEX
28 #include <sys/types.h>
29 #include <regex.h>
45 /*
46 * A structure to store key identification as well as some stuff needed
47 * for validation
48 */
52 byte trust_depth;
53 byte trust_value;
56 };
61 /*
62 * Structure to keep track of keys, this is used as an array wherre
63 * the item right after the last one has a keyblock set to NULL.
64 * Maybe we can drop this thing and replace it by key_item
65 */
67 KBNODE keyblock;
68 };
71 /* control information for the trust DB */
78 /* some globals */
86 \f
87 /**********************************************
88 ************* some helpers *******************
89 **********************************************/
93 {
98 }
100 static void
102 {
106 {
110 }
111 }
113 /*
114 * For fast keylook up we need a hash table. Each byte of a KeyIDs
115 * should be distributed equally over the 256 possible values (except
116 * for v3 keyIDs but we consider them as not important here). So we
117 * can just use 10 bits to index a table of 1024 key items.
118 * Possible optimization: Don not use key_items but other hash_table when the
119 * duplicates lists gets too large.
120 */
121 static KeyHashTable
123 {
128 }
130 static void
132 {
140 }
142 /*
143 * Returns: True if the keyID is in the given hash table
144 */
145 static int
147 {
154 }
156 /*
157 * Add a new key to the hash table. The key is identified by its key ID.
158 */
159 static void
161 {
173 }
175 /*
176 * Release a key_array
177 */
178 static void
180 {
187 }
188 }
190 \f
191 /*********************************************
192 ********** Initialization *****************
193 *********************************************/
197 /*
198 * Used to register extra ultimately trusted keys - this has to be done
199 * before initializing the validation module.
200 * FIXME: Should be replaced by a function to add those keys to the trustdb.
201 */
202 void
204 {
212 }
214 void
216 {
217 KEYDB_SEARCH_DESC desc;
220 {
223 }
226 }
228 /*
229 * Helper to add a key to the global list of ultimately trusted keys.
230 * Retruns: true = inserted, false = already in in list.
231 */
232 static int
234 {
238 {
240 {
242 }
243 }
254 }
257 /****************
258 * Verify that all our secret keys are usable and put them into the utk_list.
259 */
260 static void
262 {
263 TRUSTREC rec;
264 ulong recnum;
271 /* scan the trustdb to find all ultimately trusted keys */
273 {
276 {
281 /* Problem: We do only use fingerprints in the trustdb but
282 * we need the keyID here to indetify the key; we can only
283 * use that ugly hack to distinguish between 16 and 20
284 * butes fpr - it does not work always so we better change
285 * the whole validation code to only work with
286 * fingerprints */
292 }
293 }
295 /* Put any --trusted-key keys into the trustdb */
297 {
300 PKT_public_key pk;
307 else
308 {
313 }
316 }
317 }
319 /* release the helper table table */
323 }
325 \f
326 /*********************************************
327 *********** TrustDB stuff *******************
328 *********************************************/
330 /*
331 * Read a record but die if it does not exist
332 */
333 static void
335 {
338 {
342 }
344 {
348 }
349 }
351 /*
352 * Write a record and die on error
353 */
354 static void
356 {
359 {
363 }
364 }
366 /*
367 * sync the TrustDb and die on error
368 */
369 static void
371 {
374 {
377 }
378 }
382 {
384 {
391 }
392 }
394 /****************
395 * Perform some checks over the trustdb
396 * level 0: only open the db
397 * 1: used for initial program startup
398 */
399 int
401 {
402 /* just store the args */
408 }
410 void
412 {
421 #ifdef HAVE_W32_SYSTEM
423 #else
425 #endif
428 }
431 void
433 {
443 {
447 }
448 else
452 {
453 /* Try and set the trust model off of whatever the trustdb says
454 it is. */
457 /* Sanity check this ;) */
461 {
465 }
469 }
472 {
473 /* Verify the list of ultimately trusted keys and move the
474 --trusted-keys list there as well. */
480 }
481 }
484 /***********************************************
485 ************* Print helpers ****************
486 ***********************************************/
488 /****************
489 * This function returns a letter for a trustvalue Trust flags
490 * are ignore.
491 */
492 static int
494 {
496 {
505 }
506 }
508 /* NOTE TO TRANSLATOR: these strings are similar to those in
509 trust_value_to_string(), but are a fixed length. This is needed to
510 make attractive information listings where columns line up
511 properly. The value "10" should be the length of the strings you
512 choose to translate to. This is the length in printable columns.
513 It gets passed to atoi() so everything after the number is
514 essentially a comment and need not be translated. Either key and
515 uid are both NULL, or neither are NULL. */
518 {
527 {
534 }
537 }
539 /* The strings here are similar to those in
540 pkclist.c:do_edit_ownertrust() */
543 {
545 {
554 }
555 }
557 int
559 {
570 else
572 }
574 /****************
575 * Recreate the WoT but do not ask for new ownertrusts. Special
576 * feature: In batch mode and without a forced yes, this is only done
577 * when a check is due. This can be used to run the check from a crontab
578 */
579 void
581 {
584 {
586 {
587 ulong scheduled;
591 {
594 }
597 {
601 }
602 }
605 }
606 else
609 }
612 /*
613 * Recreate the WoT.
614 */
615 void
617 {
621 else
624 }
626 void
628 {
630 /* we simply set the time for the next check to 1 (far back in 1970)
631 * so that a --update-trustdb will be scheduled */
635 }
637 int
639 {
641 }
643 /* If the trustdb is dirty, and we're interactive, update it.
644 Otherwise, check it unless no-auto-check-trustdb is set. */
645 void
647 {
649 {
654 }
655 }
657 void
660 {
661 TRUSTREC opts;
679 }
681 /***********************************************
682 *********** Ownertrust et al. ****************
683 ***********************************************/
685 static int
687 {
695 {
699 }
702 {
706 }
709 }
711 /****************
712 * Return the assigned ownertrust value for the given public key.
713 * The key should be the primary key.
714 */
715 unsigned int
717 {
718 TRUSTREC rec;
725 {
728 }
731 }
733 unsigned int
735 {
736 TRUSTREC rec;
743 {
746 }
749 }
751 /*
752 * Same as get_ownertrust but this takes the minimum ownertrust value
753 * into into account, and will bump up the value as needed.
754 */
755 static int
757 {
763 {
764 /* If the trust that the user has set is less than the trust
765 that was calculated from a trust signature chain, use the
766 higher of the two. We do this here and not in
767 get_ownertrust since the underlying ownertrust should not
768 really be set - just the appearance of the ownertrust. */
771 }
774 }
776 /*
777 * Same as get_ownertrust but return a trust letter instead of an
778 * value. This takes the minimum ownertrust value into account.
779 */
780 int
782 {
784 }
786 /*
787 * Same as get_ownertrust but return a trust string instead of an
788 * value. This takes the minimum ownertrust value into account.
789 */
792 {
794 }
796 /*
797 * Set the trust value of the given public key to the new value.
798 * The key should be a primary one.
799 */
800 void
802 {
803 TRUSTREC rec;
808 {
813 {
818 }
819 }
836 }
837 else
838 {
840 }
841 }
843 static void
845 {
847 TRUSTREC rec;
853 {
856 }
860 {
865 new_trust );
867 {
872 }
873 }
890 }
891 else
892 {
894 }
895 }
897 /* Clear the ownertrust and min_ownertrust values. Return true if a
898 change actually happened. */
899 int
901 {
902 TRUSTREC rec;
907 {
909 {
914 }
916 {
923 }
924 }
926 {
928 }
930 }
932 /*
933 * Note: Caller has to do a sync
934 */
935 static void
938 {
941 ulong recno;
947 {
950 }
952 {
961 }
963 /* locate an existing one */
966 {
971 }
974 {
981 }
988 }
991 /***********************************************
992 ********* Query trustdb values **************
993 ***********************************************/
995 /* Return true if key is disabled */
996 int
998 {
1000 TRUSTREC trec;
1010 {
1013 }
1020 /* Cache it for later so we don't need to look at the trustdb every
1021 time */
1024 else
1027 leave:
1029 }
1031 void
1033 {
1039 {
1040 ulong scheduled;
1045 {
1047 {
1050 }
1051 else
1052 {
1055 }
1056 }
1057 }
1058 }
1060 /*
1061 * Return the validity information for PK. If the namehash is not
1062 * NULL, the validity of the corresponsing user ID is returned,
1063 * otherwise, a reasonable value for the entire key is returned.
1064 */
1065 unsigned int
1067 {
1070 ulong recno;
1087 {
1094 }
1095 }
1096 else
1100 {
1101 /* Note that this happens BEFORE any user ID stuff is checked.
1102 The direct trust model applies to keys as a whole. */
1105 }
1109 {
1112 }
1114 {
1117 }
1119 /* loop over all user IDs */
1123 {
1127 {
1128 /* If a user ID is given we return the validity for that
1129 user ID ONLY. If the namehash is not found, then there
1130 is no validity at all (i.e. the user ID wasn't
1131 signed). */
1133 {
1136 }
1137 }
1138 else
1139 {
1140 /* If no namehash is given, we take the maximum validity
1141 over all user IDs */
1144 }
1147 }
1150 {
1153 }
1154 else
1157 leave:
1158 /* set some flags direct from the key */
1163 /* Note: expiration is a trust value and not a flag - don't know why
1164 * I initially designed it that way */
1174 }
1176 int
1178 {
1185 }
1189 {
1196 }
1198 static void
1200 {
1202 ulong recno;
1216 /* loop over all user IDs */
1219 {
1223 {
1226 /* printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
1228 }
1231 }
1232 }
1234 void
1236 {
1238 }
1240 /****************
1241 * Enumerate all keys, which are needed to build all trust paths for
1242 * the given key. This function does not return the key itself or
1243 * the ultimate key (the last point in cerificate chain). Only
1244 * certificate chains which ends up at an ultimately trusted key
1245 * are listed. If ownertrust or validity is not NULL, the corresponding
1246 * value for the returned LID is also returned in these variable(s).
1247 *
1248 * 1) create a void pointer and initialize it to NULL
1249 * 2) pass this void pointer by reference to this function.
1250 * Set lid to the key you want to enumerate and pass it by reference.
1251 * 3) call this function as long as it does not return -1
1252 * to indicate EOF. LID does contain the next key used to build the web
1253 * 4) Always call this function a last time with LID set to NULL,
1254 * so that it can free its context.
1255 *
1256 * Returns: -1 on EOF or the level of the returned LID
1257 */
1258 int
1261 {
1267 }
1270 /****************
1271 * Print the current path
1272 */
1273 void
1276 {
1281 }
1284 \f
1285 /****************************************
1286 *********** NEW NEW NEW ****************
1287 ****************************************/
1289 static int
1291 {
1299 {
1303 }
1306 {
1311 }
1312 else
1313 {
1319 else
1321 }
1326 }
1329 static void
1331 {
1335 {
1340 }
1341 }
1344 static void
1346 {
1350 {
1359 {
1361 {
1374 }
1375 }
1376 }
1377 }
1380 static void
1382 {
1383 KBNODE node;
1388 {
1390 {
1398 else
1402 {
1409 }
1410 }
1411 }
1415 }
1417 /*
1418 * check whether the signature sig is in the klist k
1419 */
1422 {
1424 {
1427 }
1429 }
1431 /*
1432 * Mark the signature of the given UID which are used to certify it.
1433 * To do this, we first revmove all signatures which are not valid and
1434 * from the remain ones we look for the latest one. If this is not a
1435 * certification revocation signature we mark the signature by setting
1436 * node flag bit 8. Revocations are marked with flag 11, and sigs
1437 * from unavailable keys are marked with flag 12. Note that flag bits
1438 * 9 and 10 are used for internal purposes.
1439 */
1440 static void
1444 {
1445 KBNODE node;
1448 /* first check all signatures */
1450 {
1468 invalid signature */
1472 {
1473 /* we ignore anything that won't verify, but tag the
1474 no_pubkey case */
1478 }
1480 }
1481 /* reset the remaining flags */
1485 /* kbnode flag usage: bit 9 is here set for signatures to consider,
1486 * bit 10 will be set by the loop to keep track of keyIDs already
1487 * processed, bit 8 will be set for the usable signatures, and bit
1488 * 11 will be set for usable revocations. */
1490 /* for each cert figure out the latest valid one */
1492 {
1495 u32 sigdate;
1509 /* Now find the latest and greatest signature */
1511 {
1523 /* If signode is nonrevocable and unexpired and n isn't,
1524 then take signode (skip). It doesn't matter which is
1525 older: if signode was older then we don't want to take n
1526 as signode is nonrevocable. If n was older then we're
1527 automatically fine. */
1539 /* If n is nonrevocable and unexpired and signode isn't,
1540 then take n. Again, it doesn't matter which is older: if
1541 n was older then we don't want to take signode as n is
1542 nonrevocable. If signode was older then we're
1543 automatically fine. */
1553 {
1557 }
1559 /* At this point, if it's newer, it goes in as the only
1560 remaining possibilities are signode and n are both either
1561 revocable or expired or both nonrevocable and unexpired.
1562 If the timestamps are equal take the later ordered
1563 packet, presuming that the key packets are hopefully in
1564 their original order. */
1567 {
1570 }
1571 }
1576 * Just need to check whether there is an expiration time,
1577 * We do the expired certification after finding a suitable
1578 * certification, the assumption is that a signator does not
1579 * want that after the expiration of his certificate the
1580 * system falls back to an older certification which has a
1581 * different expiration time */
1583 u32 expire;
1589 {
1593 }
1594 }
1595 else
1597 }
1598 }
1600 static int
1602 {
1604 KBNODE node;
1611 /* Passing in a 0 for current time here means that we'll never weed
1612 out an expired sig. This is correct behavior since we want to
1613 keep the most recent expired sig in a series. */
1616 /* What we want to do here is remove signatures that are not
1617 considered as part of the trust calculations. Thus, all invalid
1618 signatures are out, as are any signatures that aren't the last of
1619 a series of uid sigs or revocations It breaks down like this:
1620 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
1621 not even a candidate. If a sig has flag 9 or 10, that means it
1622 was selected as a candidate and vetted. If a sig has flag 8 it
1623 is a usable signature. If a sig has flag 11 it is a usable
1624 revocation. If a sig has flag 12 it was issued by an unavailable
1625 key. "Usable" here means the most recent valid
1626 signature/revocation in a series from a particular signer.
1628 Delete everything that isn't a usable uid sig (which might be
1629 expired), a usable revocation, or a sig from an unavailable
1630 key. */
1635 {
1639 /* Keep usable uid sigs ... */
1643 /* ... and usable revocations... */
1647 /* ... and sigs from unavailable keys. */
1648 /* disabled for now since more people seem to want sigs from
1649 unavailable keys removed altogether. */
1650 /*
1651 if(node->flag & (1<<12))
1652 continue;
1653 */
1655 /* Everything else we delete */
1657 /* At this point, if 12 is set, the signing key was unavailable.
1658 If 9 or 10 is set, it's superceded. Otherwise, it's
1659 invalid. */
1669 deleted++;
1670 }
1673 }
1675 /* This is substantially easier than clean_sigs_from_uid since we just
1676 have to establish if the uid has a valid self-sig, is not revoked,
1677 and is not expired. Note that this does not take into account
1678 whether the uid has a trust path to it - just whether the keyholder
1679 themselves has certified the uid. Returns true if the uid was
1680 compacted. To "compact" a user ID, we simply remove ALL signatures
1681 except the self-sig that caused the user ID to be remove-worthy.
1682 We don't actually remove the user ID packet itself since it might
1683 be ressurected in a later merge. Note that this function requires
1684 that the caller has already done a merge_keys_and_selfsig().
1686 TODO: change the import code to allow importing a uid with only a
1687 revocation if the uid already exists on the keyring. */
1689 static int
1691 {
1692 KBNODE node;
1699 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
1700 IDs if --allow-non-selfsigned-uid is set. */
1710 {
1714 }
1717 {
1725 else
1730 reason);
1733 }
1736 }
1738 /* Needs to be called after a merge_keys_and_selfsig() */
1739 void
1742 {
1754 /* Do clean_uid_from_key first since if it fires off, we don't
1755 have to bother with the other */
1759 }
1761 void
1764 {
1765 KBNODE uidnode;
1775 }
1777 /* Returns a sanitized copy of the regexp (which might be "", but not
1778 NULL). */
1779 #ifndef DISABLE_REGEX
1782 {
1786 have to */
1788 /* There are basically two commonly-used regexps here. GPG and most
1789 versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
1790 command line uses "example.com" (i.e. whatever the user specfies,
1791 and we can't expect users know to use "\." instead of "."). So
1792 here are the rules: we're allowed to start with "<[^>]+[@.]" and
1793 end with ">$" or start and end with nothing. In between, the
1794 only legal regex character is ".", and everything else gets
1795 escaped. Part of the gotcha here is that some regex packages
1796 allow more than RFC-4880 requires. For example, 4880 has no "{}"
1797 operator, but GNU regex does. Commenting removes these operators
1798 from consideration. A possible future enhancement is to use
1799 commenting to effectively back off a given regex to the Henry
1800 Spencer syntax in 4880. -dshaw */
1802 /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
1805 {
1811 }
1813 /* Walk the remaining characters and ensure that everything that is
1814 left is not an operational regex character. */
1816 {
1821 else
1825 }
1829 /* Note that the (sub)string we look at might end with a bare "\".
1830 If it does, leave it that way. If the regexp actually ended with
1831 ">$", then it was escaping the ">" and is fine. If the regexp
1832 actually ended with the bare "\", then it's an illegal regexp and
1833 regcomp should kick it out. */
1839 }
1842 /* Used by validate_one_keyblock to confirm a regexp within a trust
1843 signature. Returns 1 for match, and 0 for no match or regex
1844 error. */
1845 static int
1847 {
1848 #ifdef DISABLE_REGEX
1849 /* When DISABLE_REGEX is defined, assume all regexps do not
1850 match. */
1852 #else
1858 #ifdef __riscos__
1860 #else
1861 {
1862 regex_t pat;
1866 {
1870 }
1871 }
1872 #endif
1881 #endif
1882 }
1884 /*
1885 * Return true if the key is signed by one of the keys in the given
1886 * key ID list. User IDs with a valid signature are marked by node
1887 * flags as follows:
1888 * flag bit 0: There is at least one signature
1889 * 1: There is marginal confidence that this is a legitimate uid
1890 * 2: There is full confidence that this is a legitimate uid.
1891 * 8: Used for internal purposes.
1892 * 9: Ditto (in mark_usable_uid_certs())
1893 * 10: Ditto (ditto)
1894 * This function assumes that all kbnode flags are cleared on entry.
1895 */
1896 static int
1899 {
1909 {
1910 /* A bit of discussion here: is it better for the web of trust
1911 to be built among only self-signed uids? On the one hand, a
1912 self-signed uid is a statement that the key owner definitely
1913 intended that uid to be there, but on the other hand, a
1914 signed (but not self-signed) uid does carry trust, of a sort,
1915 even if it is a statement being made by people other than the
1916 key owner "through" the uids on the key owner's key. I'm
1917 going with the latter. However, if the user ID was
1918 explicitly revoked, or passively allowed to expire, that
1919 should stop validity through the user ID until it is
1920 resigned. -dshaw */
1925 {
1927 {
1935 }
1939 /* If the selfsig is going to expire... */
1947 }
1950 {
1951 /* Note that we are only seeing unrevoked sigs here */
1955 /* If the trust_regexp does not match, it's as if the sig
1956 did not exist. This is safe for non-trust sigs as well
1957 since we don't accept a regexp on the sig unless it's a
1958 trust sig. */
1961 || (uidnode
1964 {
1965 /* Are we part of a trust sig chain? We always favor
1966 the latest trust sig, rather than the greater or
1967 lesser trust sig or value. I could make a decent
1968 argument for any of these cases, but this seems to be
1969 what PGP does, and I'd like to be compatible. -dms */
1973 {
1976 /* If the depth on the signature is less than the
1977 chain currently has, then use the signature depth
1978 so we don't increase the depth beyond what the
1979 signer wanted. If the depth on the signature is
1980 more than the chain currently has, then use the
1981 chain depth so we use as much of the signature
1982 depth as the chain will permit. An ultimately
1983 trusted signature can restart the depth to
1984 whatever level it likes. */
1989 else
1993 {
2001 /* If we got here, we know that:
2003 this is a trust sig.
2005 it's a newer trust sig than any previous trust
2006 sig on this key (not uid).
2008 it is legal in that it was either generated by an
2009 ultimate key, or a key that was part of a trust
2010 chain, and the depth does not violate the
2011 original trust sig.
2013 if there is a regexp attached, it matched
2014 successfully.
2015 */
2026 /* If the trust sig contains a regexp, record it
2027 on the pk for the next round. */
2030 }
2031 }
2040 }
2041 }
2042 }
2045 {
2053 }
2056 }
2059 static int
2061 {
2064 }
2067 /*
2068 * Scan all keys and return a key_array of all suitable keys from
2069 * kllist. The caller has to pass keydb handle so that we don't use
2070 * to create our own. Returns either a key_array or NULL in case of
2071 * an error. No results found are indicated by an empty array.
2072 * Caller hast to release the returned array.
2073 */
2077 {
2082 KEYDB_SEARCH_DESC desc;
2090 {
2094 }
2102 {
2105 }
2107 {
2111 }
2114 do
2115 {
2120 {
2124 }
2127 {
2133 }
2135 /* prepare the keyblock for further processing */
2140 {
2141 /* it does not make sense to look further at those keys */
2143 }
2145 {
2146 KBNODE node;
2155 }
2158 /* Optimization - if all uids are fully trusted, then we
2159 never need to consider this key as a candidate again. */
2169 }
2173 }
2176 {
2180 }
2184 }
2186 /* Caller must sync */
2187 static void
2189 {
2190 TRUSTREC rec;
2191 ulong recnum;
2195 {
2197 {
2198 count++;
2200 {
2203 }
2205 }
2210 {
2213 nreset++;
2215 }
2217 }
2222 }
2224 /*
2225 * Run the key validation procedure.
2226 *
2227 * This works this way:
2228 * Step 1: Find all ultimately trusted keys (UTK).
2229 * mark them all as seen and put them into klist.
2230 * Step 2: loop max_cert_times
2231 * Step 3: if OWNERTRUST of any key in klist is undefined
2232 * ask user to assign ownertrust
2233 * Step 4: Loop over all keys in the keyDB which are not marked seen
2234 * Step 5: if key is revoked or expired
2235 * mark key as seen
2236 * continue loop at Step 4
2237 * Step 6: For each user ID of that key signed by a key in klist
2238 * Calculate validity by counting trusted signatures.
2239 * Set validity of user ID
2240 * Step 7: If any signed user ID was found
2241 * mark key as seen
2242 * End Loop
2243 * Step 8: Build a new klist from all fully trusted keys from step 6
2244 * End Loop
2245 * Ready
2246 *
2247 */
2248 static int
2250 {
2258 KBNODE node;
2264 /* Make sure we have all sigs cached. TODO: This is going to
2265 require some architectual re-thinking, as it is agonizingly slow.
2266 Perhaps combine this with reset_trust_records(), or only check
2267 the caches on keys that are actually involved in the web of
2268 trust. */
2280 /* Fixme: Instead of always building a UTK list, we could just build it
2281 * here when needed */
2283 {
2287 }
2289 /* mark all UTKs as used and fully_trusted and set validity to
2290 ultimate */
2292 {
2293 KBNODE keyblock;
2298 {
2302 }
2308 {
2311 }
2318 }
2326 {
2328 /* See whether we should assign ownertrust values to the keys in
2329 klist. */
2333 {
2336 /* 120 and 60 are as per RFC2440 */
2346 {
2350 {
2353 }
2354 }
2356 /* This can happen during transition from an old trustdb
2357 before trust sigs. It can also happen if a user uses two
2358 different versions of GnuPG or changes the --trust-model
2359 setting. */
2361 {
2370 }
2373 ot_unknown++;
2375 ot_undefined++;
2377 ot_never++;
2379 ot_marginal++;
2381 ot_full++;
2383 ot_ultimate++;
2385 valids++;
2386 }
2388 /* Find all keys which are signed by a key in kdlist */
2392 {
2396 }
2399 ;
2401 /* Store the calculated valididation status somewhere */
2413 /* Build a new kdlist from all fully valid keys in KEYS */
2418 {
2420 {
2422 {
2425 /* have we used this key already? */
2428 {
2429 /* Normally we add both the primary and subkey
2430 ids to the hash via mark_keyblock_seen, but
2431 since we aren't using this hash as a skipfnc,
2432 that doesn't matter here. */
2453 }
2454 }
2455 }
2456 }
2461 }
2463 leave:
2471 {
2474 else
2475 {
2479 }
2482 {
2486 }
2490 }
2493 }