| blob | 2db97152689930998c00b16fbb84d09d5b352ee0 |
1 /* trustdb.c
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
27 #ifndef DISABLE_REGEX
28 #include <sys/types.h>
29 #include <regex.h>
45 /*
46 * A structure to store key identification as well as some stuff needed
47 * for validation
48 */
52 byte trust_depth;
53 byte trust_value;
56 };
61 /*
62 * Structure to keep track of keys, this is used as an array wherre
63 * the item right after the last one has a keyblock set to NULL.
64 * Maybe we can drop this thing and replace it by key_item
65 */
67 KBNODE keyblock;
68 };
71 /* control information for the trust DB */
78 /* some globals */
86 \f
87 /**********************************************
88 ************* some helpers *******************
89 **********************************************/
93 {
98 }
100 static void
102 {
106 {
110 }
111 }
113 /*
114 * For fast keylook up we need a hash table. Each byte of a KeyIDs
115 * should be distributed equally over the 256 possible values (except
116 * for v3 keyIDs but we consider them as not important here). So we
117 * can just use 10 bits to index a table of 1024 key items.
118 * Possible optimization: Don not use key_items but other hash_table when the
119 * duplicates lists gets too large.
120 */
121 static KeyHashTable
123 {
128 }
130 static void
132 {
140 }
142 /*
143 * Returns: True if the keyID is in the given hash table
144 */
145 static int
147 {
154 }
156 /*
157 * Add a new key to the hash table. The key is identified by its key ID.
158 */
159 static void
161 {
173 }
175 /*
176 * Release a key_array
177 */
178 static void
180 {
187 }
188 }
190 \f
191 /*********************************************
192 ********** Initialization *****************
193 *********************************************/
197 /*
198 * Used to register extra ultimately trusted keys - this has to be done
199 * before initializing the validation module.
200 * FIXME: Should be replaced by a function to add those keys to the trustdb.
201 */
202 void
204 {
212 }
214 void
216 {
217 KEYDB_SEARCH_DESC desc;
220 {
223 }
226 }
228 /*
229 * Helper to add a key to the global list of ultimately trusted keys.
230 * Retruns: true = inserted, false = already in in list.
231 */
232 static int
234 {
238 {
240 {
242 }
243 }
254 }
257 /****************
258 * Verify that all our secret keys are usable and put them into the utk_list.
259 */
260 static void
262 {
263 TRUSTREC rec;
264 ulong recnum;
271 /* scan the trustdb to find all ultimately trusted keys */
273 {
276 {
281 /* Problem: We do only use fingerprints in the trustdb but
282 * we need the keyID here to indetify the key; we can only
283 * use that ugly hack to distinguish between 16 and 20
284 * butes fpr - it does not work always so we better change
285 * the whole validation code to only work with
286 * fingerprints */
292 }
293 }
295 /* Put any --trusted-key keys into the trustdb */
297 {
300 PKT_public_key pk;
307 else
308 {
313 }
316 }
317 }
319 /* release the helper table table */
323 }
325 \f
326 /*********************************************
327 *********** TrustDB stuff *******************
328 *********************************************/
330 /*
331 * Read a record but die if it does not exist
332 */
333 static void
335 {
338 {
342 }
344 {
348 }
349 }
351 /*
352 * Write a record and die on error
353 */
354 static void
356 {
359 {
363 }
364 }
366 /*
367 * sync the TrustDb and die on error
368 */
369 static void
371 {
374 {
377 }
378 }
382 {
384 {
391 }
392 }
394 /****************
395 * Perform some checks over the trustdb
396 * level 0: only open the db
397 * 1: used for initial program startup
398 */
399 int
401 {
402 /* just store the args */
408 }
410 void
412 {
421 #ifdef HAVE_W32_SYSTEM
423 #else
425 #endif
428 }
431 void
433 {
443 {
447 }
448 else
452 {
453 /* Try and set the trust model off of whatever the trustdb says
454 it is. */
457 /* Sanity check this ;) */
461 {
465 }
469 }
472 {
473 /* Verify the list of ultimately trusted keys and move the
474 --trusted-keys list there as well. */
480 }
481 }
484 /***********************************************
485 ************* Print helpers ****************
486 ***********************************************/
488 /****************
489 * This function returns a letter for a trustvalue Trust flags
490 * are ignore.
491 */
492 static int
494 {
496 {
505 }
506 }
508 /* NOTE TO TRANSLATOR: these strings are similar to those in
509 trust_value_to_string(), but are a fixed length. This is needed to
510 make attractive information listings where columns line up
511 properly. The value "10" should be the length of the strings you
512 choose to translate to. This is the length in printable columns.
513 It gets passed to atoi() so everything after the number is
514 essentially a comment and need not be translated. Either key and
515 uid are both NULL, or neither are NULL. */
518 {
527 {
534 }
537 }
539 /* The strings here are similar to those in
540 pkclist.c:do_edit_ownertrust() */
543 {
545 {
554 }
555 }
557 int
559 {
570 else
572 }
574 /****************
575 * Recreate the WoT but do not ask for new ownertrusts. Special
576 * feature: In batch mode and without a forced yes, this is only done
577 * when a check is due. This can be used to run the check from a crontab
578 */
579 void
581 {
584 {
586 {
587 ulong scheduled;
591 {
594 }
597 {
601 }
602 }
605 }
606 else
609 }
612 /*
613 * Recreate the WoT.
614 */
615 void
617 {
621 else
624 }
626 void
628 {
630 /* we simply set the time for the next check to 1 (far back in 1970)
631 * so that a --update-trustdb will be scheduled */
635 }
637 int
639 {
641 }
643 /* If the trustdb is dirty, and we're interactive, update it.
644 Otherwise, check it unless no-auto-check-trustdb is set. */
645 void
647 {
649 {
654 }
655 }
657 void
660 {
661 TRUSTREC opts;
679 }
681 /***********************************************
682 *********** Ownertrust et al. ****************
683 ***********************************************/
685 static int
687 {
695 {
699 }
702 {
706 }
709 }
711 /****************
712 * Return the assigned ownertrust value for the given public key.
713 * The key should be the primary key.
714 */
715 unsigned int
717 {
718 TRUSTREC rec;
725 {
728 }
731 }
733 unsigned int
735 {
736 TRUSTREC rec;
743 {
746 }
749 }
751 /*
752 * Same as get_ownertrust but this takes the minimum ownertrust value
753 * into into account, and will bump up the value as needed.
754 */
755 static int
757 {
763 {
764 /* If the trust that the user has set is less than the trust
765 that was calculated from a trust signature chain, use the
766 higher of the two. We do this here and not in
767 get_ownertrust since the underlying ownertrust should not
768 really be set - just the appearance of the ownertrust. */
771 }
774 }
776 /*
777 * Same as get_ownertrust but return a trust letter instead of an
778 * value. This takes the minimum ownertrust value into account.
779 */
780 int
782 {
784 }
786 /*
787 * Same as get_ownertrust but return a trust string instead of an
788 * value. This takes the minimum ownertrust value into account.
789 */
792 {
794 }
796 /*
797 * Set the trust value of the given public key to the new value.
798 * The key should be a primary one.
799 */
800 void
802 {
803 TRUSTREC rec;
808 {
813 {
818 }
819 }
836 }
837 else
838 {
840 }
841 }
843 static void
845 {
847 TRUSTREC rec;
853 {
856 }
860 {
865 new_trust );
867 {
872 }
873 }
890 }
891 else
892 {
894 }
895 }
897 /* Clear the ownertrust and min_ownertrust values. Return true if a
898 change actually happened. */
899 int
901 {
902 TRUSTREC rec;
907 {
909 {
914 }
916 {
923 }
924 }
926 {
928 }
930 }
932 /*
933 * Note: Caller has to do a sync
934 */
935 static void
938 {
941 ulong recno;
947 {
950 }
952 {
961 }
963 /* locate an existing one */
966 {
971 }
974 {
981 }
988 }
991 /***********************************************
992 ********* Query trustdb values **************
993 ***********************************************/
995 /* Return true if key is disabled */
996 int
998 {
1000 TRUSTREC trec;
1010 {
1013 }
1020 /* Cache it for later so we don't need to look at the trustdb every
1021 time */
1024 else
1027 leave:
1029 }
1031 void
1033 {
1039 {
1040 ulong scheduled;
1045 {
1047 {
1050 }
1051 else
1052 {
1055 }
1056 }
1057 }
1058 }
1060 /*
1061 * Return the validity information for PK. If the namehash is not
1062 * NULL, the validity of the corresponsing user ID is returned,
1063 * otherwise, a reasonable value for the entire key is returned.
1064 */
1065 unsigned int
1067 {
1070 ulong recno;
1087 {
1094 }
1095 }
1096 else
1100 {
1101 /* Note that this happens BEFORE any user ID stuff is checked.
1102 The direct trust model applies to keys as a whole. */
1105 }
1109 {
1112 }
1114 {
1117 }
1119 /* loop over all user IDs */
1123 {
1127 {
1128 /* If a user ID is given we return the validity for that
1129 user ID ONLY. If the namehash is not found, then there
1130 is no validity at all (i.e. the user ID wasn't
1131 signed). */
1133 {
1136 }
1137 }
1138 else
1139 {
1140 /* If no namehash is given, we take the maximum validity
1141 over all user IDs */
1144 }
1147 }
1150 {
1153 }
1154 else
1157 leave:
1158 /* set some flags direct from the key */
1163 /* Note: expiration is a trust value and not a flag - don't know why
1164 * I initially designed it that way */
1174 }
1176 int
1178 {
1188 }
1192 {
1202 }
1204 static void
1206 {
1208 ulong recno;
1222 /* loop over all user IDs */
1225 {
1229 {
1232 /* printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */
1234 }
1237 }
1238 }
1240 void
1242 {
1244 }
1246 /****************
1247 * Enumerate all keys, which are needed to build all trust paths for
1248 * the given key. This function does not return the key itself or
1249 * the ultimate key (the last point in cerificate chain). Only
1250 * certificate chains which ends up at an ultimately trusted key
1251 * are listed. If ownertrust or validity is not NULL, the corresponding
1252 * value for the returned LID is also returned in these variable(s).
1253 *
1254 * 1) create a void pointer and initialize it to NULL
1255 * 2) pass this void pointer by reference to this function.
1256 * Set lid to the key you want to enumerate and pass it by reference.
1257 * 3) call this function as long as it does not return -1
1258 * to indicate EOF. LID does contain the next key used to build the web
1259 * 4) Always call this function a last time with LID set to NULL,
1260 * so that it can free its context.
1261 *
1262 * Returns: -1 on EOF or the level of the returned LID
1263 */
1264 int
1267 {
1273 }
1276 /****************
1277 * Print the current path
1278 */
1279 void
1282 {
1287 }
1290 \f
1291 /****************************************
1292 *********** NEW NEW NEW ****************
1293 ****************************************/
1295 static int
1297 {
1305 {
1309 }
1312 {
1317 }
1318 else
1319 {
1325 else
1327 }
1332 }
1335 static void
1337 {
1341 {
1346 }
1347 }
1350 static void
1352 {
1356 {
1365 {
1367 {
1380 }
1381 }
1382 }
1383 }
1386 static void
1388 {
1389 KBNODE node;
1394 {
1396 {
1404 else
1408 {
1415 }
1416 }
1417 }
1421 }
1423 /*
1424 * check whether the signature sig is in the klist k
1425 */
1428 {
1430 {
1433 }
1435 }
1437 /*
1438 * Mark the signature of the given UID which are used to certify it.
1439 * To do this, we first revmove all signatures which are not valid and
1440 * from the remain ones we look for the latest one. If this is not a
1441 * certification revocation signature we mark the signature by setting
1442 * node flag bit 8. Revocations are marked with flag 11, and sigs
1443 * from unavailable keys are marked with flag 12. Note that flag bits
1444 * 9 and 10 are used for internal purposes.
1445 */
1446 static void
1450 {
1451 KBNODE node;
1454 /* first check all signatures */
1456 {
1474 invalid signature */
1478 {
1479 /* we ignore anything that won't verify, but tag the
1480 no_pubkey case */
1484 }
1486 }
1487 /* reset the remaining flags */
1491 /* kbnode flag usage: bit 9 is here set for signatures to consider,
1492 * bit 10 will be set by the loop to keep track of keyIDs already
1493 * processed, bit 8 will be set for the usable signatures, and bit
1494 * 11 will be set for usable revocations. */
1496 /* for each cert figure out the latest valid one */
1498 {
1501 u32 sigdate;
1515 /* Now find the latest and greatest signature */
1517 {
1529 /* If signode is nonrevocable and unexpired and n isn't,
1530 then take signode (skip). It doesn't matter which is
1531 older: if signode was older then we don't want to take n
1532 as signode is nonrevocable. If n was older then we're
1533 automatically fine. */
1545 /* If n is nonrevocable and unexpired and signode isn't,
1546 then take n. Again, it doesn't matter which is older: if
1547 n was older then we don't want to take signode as n is
1548 nonrevocable. If signode was older then we're
1549 automatically fine. */
1559 {
1563 }
1565 /* At this point, if it's newer, it goes in as the only
1566 remaining possibilities are signode and n are both either
1567 revocable or expired or both nonrevocable and unexpired.
1568 If the timestamps are equal take the later ordered
1569 packet, presuming that the key packets are hopefully in
1570 their original order. */
1573 {
1576 }
1577 }
1582 * Just need to check whether there is an expiration time,
1583 * We do the expired certification after finding a suitable
1584 * certification, the assumption is that a signator does not
1585 * want that after the expiration of his certificate the
1586 * system falls back to an older certification which has a
1587 * different expiration time */
1589 u32 expire;
1595 {
1599 }
1600 }
1601 else
1603 }
1604 }
1606 static int
1608 {
1610 KBNODE node;
1617 /* Passing in a 0 for current time here means that we'll never weed
1618 out an expired sig. This is correct behavior since we want to
1619 keep the most recent expired sig in a series. */
1622 /* What we want to do here is remove signatures that are not
1623 considered as part of the trust calculations. Thus, all invalid
1624 signatures are out, as are any signatures that aren't the last of
1625 a series of uid sigs or revocations It breaks down like this:
1626 coming out of mark_usable_uid_certs, if a sig is unflagged, it is
1627 not even a candidate. If a sig has flag 9 or 10, that means it
1628 was selected as a candidate and vetted. If a sig has flag 8 it
1629 is a usable signature. If a sig has flag 11 it is a usable
1630 revocation. If a sig has flag 12 it was issued by an unavailable
1631 key. "Usable" here means the most recent valid
1632 signature/revocation in a series from a particular signer.
1634 Delete everything that isn't a usable uid sig (which might be
1635 expired), a usable revocation, or a sig from an unavailable
1636 key. */
1641 {
1645 /* Keep usable uid sigs ... */
1649 /* ... and usable revocations... */
1653 /* ... and sigs from unavailable keys. */
1654 /* disabled for now since more people seem to want sigs from
1655 unavailable keys removed altogether. */
1656 /*
1657 if(node->flag & (1<<12))
1658 continue;
1659 */
1661 /* Everything else we delete */
1663 /* At this point, if 12 is set, the signing key was unavailable.
1664 If 9 or 10 is set, it's superceded. Otherwise, it's
1665 invalid. */
1675 deleted++;
1676 }
1679 }
1681 /* This is substantially easier than clean_sigs_from_uid since we just
1682 have to establish if the uid has a valid self-sig, is not revoked,
1683 and is not expired. Note that this does not take into account
1684 whether the uid has a trust path to it - just whether the keyholder
1685 themselves has certified the uid. Returns true if the uid was
1686 compacted. To "compact" a user ID, we simply remove ALL signatures
1687 except the self-sig that caused the user ID to be remove-worthy.
1688 We don't actually remove the user ID packet itself since it might
1689 be ressurected in a later merge. Note that this function requires
1690 that the caller has already done a merge_keys_and_selfsig().
1692 TODO: change the import code to allow importing a uid with only a
1693 revocation if the uid already exists on the keyring. */
1695 static int
1697 {
1698 KBNODE node;
1705 /* Skip valid user IDs, compacted user IDs, and non-self-signed user
1706 IDs if --allow-non-selfsigned-uid is set. */
1716 {
1720 }
1723 {
1731 else
1736 reason);
1739 }
1742 }
1744 /* Needs to be called after a merge_keys_and_selfsig() */
1745 void
1748 {
1760 /* Do clean_uid_from_key first since if it fires off, we don't
1761 have to bother with the other */
1765 }
1767 void
1770 {
1771 KBNODE uidnode;
1781 }
1783 /* Returns a sanitized copy of the regexp (which might be "", but not
1784 NULL). */
1785 #ifndef DISABLE_REGEX
1788 {
1792 have to */
1794 /* There are basically two commonly-used regexps here. GPG and most
1795 versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
1796 command line uses "example.com" (i.e. whatever the user specfies,
1797 and we can't expect users know to use "\." instead of "."). So
1798 here are the rules: we're allowed to start with "<[^>]+[@.]" and
1799 end with ">$" or start and end with nothing. In between, the
1800 only legal regex character is ".", and everything else gets
1801 escaped. Part of the gotcha here is that some regex packages
1802 allow more than RFC-4880 requires. For example, 4880 has no "{}"
1803 operator, but GNU regex does. Commenting removes these operators
1804 from consideration. A possible future enhancement is to use
1805 commenting to effectively back off a given regex to the Henry
1806 Spencer syntax in 4880. -dshaw */
1808 /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */
1811 {
1817 }
1819 /* Walk the remaining characters and ensure that everything that is
1820 left is not an operational regex character. */
1822 {
1827 else
1831 }
1835 /* Note that the (sub)string we look at might end with a bare "\".
1836 If it does, leave it that way. If the regexp actually ended with
1837 ">$", then it was escaping the ">" and is fine. If the regexp
1838 actually ended with the bare "\", then it's an illegal regexp and
1839 regcomp should kick it out. */
1845 }
1848 /* Used by validate_one_keyblock to confirm a regexp within a trust
1849 signature. Returns 1 for match, and 0 for no match or regex
1850 error. */
1851 static int
1853 {
1854 #ifdef DISABLE_REGEX
1855 /* When DISABLE_REGEX is defined, assume all regexps do not
1856 match. */
1858 #else
1864 #ifdef __riscos__
1866 #else
1867 {
1868 regex_t pat;
1872 {
1876 }
1877 }
1878 #endif
1887 #endif
1888 }
1890 /*
1891 * Return true if the key is signed by one of the keys in the given
1892 * key ID list. User IDs with a valid signature are marked by node
1893 * flags as follows:
1894 * flag bit 0: There is at least one signature
1895 * 1: There is marginal confidence that this is a legitimate uid
1896 * 2: There is full confidence that this is a legitimate uid.
1897 * 8: Used for internal purposes.
1898 * 9: Ditto (in mark_usable_uid_certs())
1899 * 10: Ditto (ditto)
1900 * This function assumes that all kbnode flags are cleared on entry.
1901 */
1902 static int
1905 {
1915 {
1916 /* A bit of discussion here: is it better for the web of trust
1917 to be built among only self-signed uids? On the one hand, a
1918 self-signed uid is a statement that the key owner definitely
1919 intended that uid to be there, but on the other hand, a
1920 signed (but not self-signed) uid does carry trust, of a sort,
1921 even if it is a statement being made by people other than the
1922 key owner "through" the uids on the key owner's key. I'm
1923 going with the latter. However, if the user ID was
1924 explicitly revoked, or passively allowed to expire, that
1925 should stop validity through the user ID until it is
1926 resigned. -dshaw */
1931 {
1933 {
1941 }
1945 /* If the selfsig is going to expire... */
1953 }
1956 {
1957 /* Note that we are only seeing unrevoked sigs here */
1961 /* If the trust_regexp does not match, it's as if the sig
1962 did not exist. This is safe for non-trust sigs as well
1963 since we don't accept a regexp on the sig unless it's a
1964 trust sig. */
1967 || (uidnode
1970 {
1971 /* Are we part of a trust sig chain? We always favor
1972 the latest trust sig, rather than the greater or
1973 lesser trust sig or value. I could make a decent
1974 argument for any of these cases, but this seems to be
1975 what PGP does, and I'd like to be compatible. -dms */
1979 {
1982 /* If the depth on the signature is less than the
1983 chain currently has, then use the signature depth
1984 so we don't increase the depth beyond what the
1985 signer wanted. If the depth on the signature is
1986 more than the chain currently has, then use the
1987 chain depth so we use as much of the signature
1988 depth as the chain will permit. An ultimately
1989 trusted signature can restart the depth to
1990 whatever level it likes. */
1995 else
1999 {
2007 /* If we got here, we know that:
2009 this is a trust sig.
2011 it's a newer trust sig than any previous trust
2012 sig on this key (not uid).
2014 it is legal in that it was either generated by an
2015 ultimate key, or a key that was part of a trust
2016 chain, and the depth does not violate the
2017 original trust sig.
2019 if there is a regexp attached, it matched
2020 successfully.
2021 */
2032 /* If the trust sig contains a regexp, record it
2033 on the pk for the next round. */
2036 }
2037 }
2046 }
2047 }
2048 }
2051 {
2059 }
2062 }
2065 static int
2067 {
2070 }
2073 /*
2074 * Scan all keys and return a key_array of all suitable keys from
2075 * kllist. The caller has to pass keydb handle so that we don't use
2076 * to create our own. Returns either a key_array or NULL in case of
2077 * an error. No results found are indicated by an empty array.
2078 * Caller hast to release the returned array.
2079 */
2083 {
2088 KEYDB_SEARCH_DESC desc;
2096 {
2100 }
2108 {
2111 }
2113 {
2117 }
2120 do
2121 {
2126 {
2130 }
2133 {
2139 }
2141 /* prepare the keyblock for further processing */
2146 {
2147 /* it does not make sense to look further at those keys */
2149 }
2151 {
2152 KBNODE node;
2161 }
2164 /* Optimization - if all uids are fully trusted, then we
2165 never need to consider this key as a candidate again. */
2175 }
2179 }
2182 {
2186 }
2190 }
2192 /* Caller must sync */
2193 static void
2195 {
2196 TRUSTREC rec;
2197 ulong recnum;
2201 {
2203 {
2204 count++;
2206 {
2209 }
2211 }
2216 {
2219 nreset++;
2221 }
2223 }
2228 }
2230 /*
2231 * Run the key validation procedure.
2232 *
2233 * This works this way:
2234 * Step 1: Find all ultimately trusted keys (UTK).
2235 * mark them all as seen and put them into klist.
2236 * Step 2: loop max_cert_times
2237 * Step 3: if OWNERTRUST of any key in klist is undefined
2238 * ask user to assign ownertrust
2239 * Step 4: Loop over all keys in the keyDB which are not marked seen
2240 * Step 5: if key is revoked or expired
2241 * mark key as seen
2242 * continue loop at Step 4
2243 * Step 6: For each user ID of that key signed by a key in klist
2244 * Calculate validity by counting trusted signatures.
2245 * Set validity of user ID
2246 * Step 7: If any signed user ID was found
2247 * mark key as seen
2248 * End Loop
2249 * Step 8: Build a new klist from all fully trusted keys from step 6
2250 * End Loop
2251 * Ready
2252 *
2253 */
2254 static int
2256 {
2264 KBNODE node;
2270 /* Make sure we have all sigs cached. TODO: This is going to
2271 require some architectual re-thinking, as it is agonizingly slow.
2272 Perhaps combine this with reset_trust_records(), or only check
2273 the caches on keys that are actually involved in the web of
2274 trust. */
2286 /* Fixme: Instead of always building a UTK list, we could just build it
2287 * here when needed */
2289 {
2293 }
2295 /* mark all UTKs as used and fully_trusted and set validity to
2296 ultimate */
2298 {
2299 KBNODE keyblock;
2304 {
2308 }
2314 {
2317 }
2324 }
2332 {
2334 /* See whether we should assign ownertrust values to the keys in
2335 klist. */
2339 {
2342 /* 120 and 60 are as per RFC2440 */
2352 {
2356 {
2359 }
2360 }
2362 /* This can happen during transition from an old trustdb
2363 before trust sigs. It can also happen if a user uses two
2364 different versions of GnuPG or changes the --trust-model
2365 setting. */
2367 {
2376 }
2379 ot_unknown++;
2381 ot_undefined++;
2383 ot_never++;
2385 ot_marginal++;
2387 ot_full++;
2389 ot_ultimate++;
2391 valids++;
2392 }
2394 /* Find all keys which are signed by a key in kdlist */
2398 {
2402 }
2405 ;
2407 /* Store the calculated valididation status somewhere */
2419 /* Build a new kdlist from all fully valid keys in KEYS */
2424 {
2426 {
2428 {
2431 /* have we used this key already? */
2434 {
2435 /* Normally we add both the primary and subkey
2436 ids to the hash via mark_keyblock_seen, but
2437 since we aren't using this hash as a skipfnc,
2438 that doesn't matter here. */
2459 }
2460 }
2461 }
2462 }
2467 }
2469 leave:
2477 {
2480 else
2481 {
2485 }
2488 {
2492 }
2496 }
2499 }