diff --git a/g10/card-util.c b/g10/card-util.c index 62b2a6755..790f95e20 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1,2176 +1,2178 @@ /* card-util.c - Utility functions for the OpenPGP card. * Copyright (C) 2003-2005, 2009 Free Software Foundation, Inc. * Copyright (C) 2003-2005, 2009 Werner Koch * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #ifdef HAVE_LIBREADLINE # define GNUPG_LIBREADLINE_H_INCLUDED # include #endif /*HAVE_LIBREADLINE*/ #if GNUPG_MAJOR_VERSION != 1 # include "gpg.h" #endif /*GNUPG_MAJOR_VERSION != 1*/ #include "../common/util.h" #include "../common/i18n.h" #include "../common/ttyio.h" #include "../common/status.h" #include "options.h" #include "main.h" #include "keyserver-internal.h" #if GNUPG_MAJOR_VERSION == 1 # include "cardglue.h" #else /*GNUPG_MAJOR_VERSION!=1*/ # include "call-agent.h" #endif /*GNUPG_MAJOR_VERSION!=1*/ #define CONTROL_D ('D' - 'A' + 1) static void write_sc_op_status (gpg_error_t err) { switch (gpg_err_code (err)) { case 0: write_status (STATUS_SC_OP_SUCCESS); break; #if GNUPG_MAJOR_VERSION != 1 case GPG_ERR_CANCELED: case GPG_ERR_FULLY_CANCELED: write_status_text (STATUS_SC_OP_FAILURE, "1"); break; case GPG_ERR_BAD_PIN: write_status_text (STATUS_SC_OP_FAILURE, "2"); break; default: write_status (STATUS_SC_OP_FAILURE); break; #endif /* GNUPG_MAJOR_VERSION != 1 */ } } /* Change the PIN of an OpenPGP card. This is an interactive function. */ void change_pin (int unblock_v2, int allow_admin) { struct agent_card_info_s info; int rc; rc = agent_scd_learn (&info, 0); if (rc) { log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (rc)); return; } log_info (_("OpenPGP card no. %s detected\n"), info.serialno? info.serialno : "[none]"); agent_clear_pin_cache (info.serialno); if (opt.batch) { agent_release_card_info (&info); log_error (_("can't do this in batch mode\n")); return; } if (unblock_v2) { if (!info.is_v2) log_error (_("This command is only available for version 2 cards\n")); else if (!info.chvretry[1]) log_error (_("Reset Code not or not anymore available\n")); else { rc = agent_scd_change_pin (2, info.serialno); write_sc_op_status (rc); if (rc) tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc)); else tty_printf ("PIN changed.\n"); } } else if (!allow_admin) { rc = agent_scd_change_pin (1, info.serialno); write_sc_op_status (rc); if (rc) tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc)); else tty_printf ("PIN changed.\n"); } else for (;;) { char *answer; tty_printf ("\n"); tty_printf ("1 - change PIN\n" "2 - unblock PIN\n" "3 - change Admin PIN\n" "4 - set the Reset Code\n" "Q - quit\n"); tty_printf ("\n"); answer = cpr_get("cardutil.change_pin.menu",_("Your selection? ")); cpr_kill_prompt(); if (strlen (answer) != 1) continue; if (*answer == '1') { /* Change PIN. */ rc = agent_scd_change_pin (1, info.serialno); write_sc_op_status (rc); if (rc) tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc)); else tty_printf ("PIN changed.\n"); } else if (*answer == '2') { /* Unblock PIN. */ rc = agent_scd_change_pin (101, info.serialno); write_sc_op_status (rc); if (rc) tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc)); else tty_printf ("PIN unblocked and new PIN set.\n"); } else if (*answer == '3') { /* Change Admin PIN. */ rc = agent_scd_change_pin (3, info.serialno); write_sc_op_status (rc); if (rc) tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc)); else tty_printf ("PIN changed.\n"); } else if (*answer == '4') { /* Set a new Reset Code. */ rc = agent_scd_change_pin (102, info.serialno); write_sc_op_status (rc); if (rc) tty_printf ("Error setting the Reset Code: %s\n", gpg_strerror (rc)); else tty_printf ("Reset Code set.\n"); } else if (*answer == 'q' || *answer == 'Q') { break; } } agent_release_card_info (&info); } static const char * get_manufacturer (unsigned int no) { /* Note: Make sure that there is no colon or linefeed in the string. */ switch (no) { case 0x0001: return "PPC Card Systems"; case 0x0002: return "Prism"; case 0x0003: return "OpenFortress"; case 0x0004: return "Wewid"; case 0x0005: return "ZeitControl"; case 0x0006: return "Yubico"; case 0x0007: return "OpenKMS"; case 0x0008: return "LogoEmail"; case 0x0009: return "Fidesmo"; case 0x000A: return "Dangerous Things"; case 0x002A: return "Magrathea"; case 0x1337: return "Warsaw Hackerspace"; case 0x2342: return "warpzone"; /* hackerspace Muenster. */ case 0xF517: return "FSIJ"; /* 0x0000 and 0xFFFF are defined as test cards per spec, 0xFF00 to 0xFFFE are assigned for use with randomly created serial numbers. */ case 0x0000: case 0xffff: return "test card"; default: return (no & 0xff00) == 0xff00? "unmanaged S/N range":"unknown"; } } static void print_sha1_fpr (estream_t fp, const unsigned char *fpr) { int i; if (fpr) { for (i=0; i < 20 ; i+=2, fpr += 2 ) { if (i == 10 ) tty_fprintf (fp, " "); tty_fprintf (fp, " %02X%02X", *fpr, fpr[1]); } } else tty_fprintf (fp, " [none]"); tty_fprintf (fp, "\n"); } static void print_sha1_fpr_colon (estream_t fp, const unsigned char *fpr) { int i; if (fpr) { for (i=0; i < 20 ; i++, fpr++) es_fprintf (fp, "%02X", *fpr); } es_putc (':', fp); } static void print_name (estream_t fp, const char *text, const char *name) { tty_fprintf (fp, "%s", text); /* FIXME: tty_printf_utf8_string2 eats everything after and including an @ - e.g. when printing an url. */ if (name && *name) { if (fp) print_utf8_buffer2 (fp, name, strlen (name), '\n'); else tty_print_utf8_string2 (NULL, name, strlen (name), 0); } else tty_fprintf (fp, _("[not set]")); tty_fprintf (fp, "\n"); } static void print_isoname (estream_t fp, const char *text, const char *tag, const char *name) { if (opt.with_colons) es_fprintf (fp, "%s:", tag); else tty_fprintf (fp, "%s", text); if (name && *name) { char *p, *given, *buf = xstrdup (name); given = strstr (buf, "<<"); for (p=buf; *p; p++) if (*p == '<') *p = ' '; if (given && given[2]) { *given = 0; given += 2; if (opt.with_colons) es_write_sanitized (fp, given, strlen (given), ":", NULL); else if (fp) print_utf8_buffer2 (fp, given, strlen (given), '\n'); else tty_print_utf8_string2 (NULL, given, strlen (given), 0); if (opt.with_colons) es_putc (':', fp); else if (*buf) tty_fprintf (fp, " "); } if (opt.with_colons) es_write_sanitized (fp, buf, strlen (buf), ":", NULL); else if (fp) print_utf8_buffer2 (fp, buf, strlen (buf), '\n'); else tty_print_utf8_string2 (NULL, buf, strlen (buf), 0); xfree (buf); } else { if (opt.with_colons) es_putc (':', fp); else tty_fprintf (fp, _("[not set]")); } if (opt.with_colons) es_fputs (":\n", fp); else tty_fprintf (fp, "\n"); } /* Return true if the SHA1 fingerprint FPR consists only of zeroes. */ static int fpr_is_zero (const char *fpr) { int i; for (i=0; i < 20 && !fpr[i]; i++) ; return (i == 20); } /* Return true if the SHA1 fingerprint FPR consists only of 0xFF. */ static int fpr_is_ff (const char *fpr) { int i; for (i=0; i < 20 && fpr[i] == '\xff'; i++) ; return (i == 20); } /* Print all available information about the current card. */ static void current_card_status (ctrl_t ctrl, estream_t fp, char *serialno, size_t serialnobuflen) { struct agent_card_info_s info; PKT_public_key *pk = xcalloc (1, sizeof *pk); kbnode_t keyblock = NULL; int rc; unsigned int uval; const unsigned char *thefpr; int i; if (serialno && serialnobuflen) *serialno = 0; rc = agent_scd_learn (&info, 0); if (rc) { if (opt.with_colons) es_fputs ("AID:::\n", fp); log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (rc)); xfree (pk); return; } if (opt.with_colons) es_fprintf (fp, "Reader:%s:", info.reader? info.reader : ""); else tty_fprintf (fp, "Reader ...........: %s\n", info.reader? info.reader : "[none]"); if (opt.with_colons) es_fprintf (fp, "AID:%s:", info.serialno? info.serialno : ""); else tty_fprintf (fp, "Application ID ...: %s\n", info.serialno? info.serialno : "[none]"); if (!info.serialno || strncmp (info.serialno, "D27600012401", 12) || strlen (info.serialno) != 32 ) { if (info.apptype && !strcmp (info.apptype, "NKS")) { if (opt.with_colons) es_fputs ("netkey-card:\n", fp); log_info ("this is a NetKey card\n"); } else if (info.apptype && !strcmp (info.apptype, "DINSIG")) { if (opt.with_colons) es_fputs ("dinsig-card:\n", fp); log_info ("this is a DINSIG compliant card\n"); } else if (info.apptype && !strcmp (info.apptype, "P15")) { if (opt.with_colons) es_fputs ("pkcs15-card:\n", fp); log_info ("this is a PKCS#15 compliant card\n"); } else if (info.apptype && !strcmp (info.apptype, "GELDKARTE")) { if (opt.with_colons) es_fputs ("geldkarte-card:\n", fp); log_info ("this is a Geldkarte compliant card\n"); } else { if (opt.with_colons) es_fputs ("unknown:\n", fp); } log_info ("not an OpenPGP card\n"); agent_release_card_info (&info); xfree (pk); return; } if (!serialno) ; else if (strlen (info.serialno)+1 > serialnobuflen) log_error ("serial number longer than expected\n"); else strcpy (serialno, info.serialno); if (opt.with_colons) es_fputs ("openpgp-card:\n", fp); if (opt.with_colons) { es_fprintf (fp, "version:%.4s:\n", info.serialno+12); uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18); es_fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval)); es_fprintf (fp, "serial:%.8s:\n", info.serialno+20); print_isoname (fp, "Name of cardholder: ", "name", info.disp_name); es_fputs ("lang:", fp); if (info.disp_lang) es_write_sanitized (fp, info.disp_lang, strlen (info.disp_lang), ":", NULL); es_fputs (":\n", fp); es_fprintf (fp, "sex:%c:\n", (info.disp_sex == 1? 'm': info.disp_sex == 2? 'f' : 'u')); es_fputs ("url:", fp); if (info.pubkey_url) es_write_sanitized (fp, info.pubkey_url, strlen (info.pubkey_url), ":", NULL); es_fputs (":\n", fp); es_fputs ("login:", fp); if (info.login_data) es_write_sanitized (fp, info.login_data, strlen (info.login_data), ":", NULL); es_fputs (":\n", fp); es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached); for (i=0; i < DIM (info.key_attr); i++) if (info.key_attr[i].algo == PUBKEY_ALGO_RSA) es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1, info.key_attr[i].algo, info.key_attr[i].nbits); else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH || info.key_attr[i].algo == PUBKEY_ALGO_ECDSA || info.key_attr[i].algo == PUBKEY_ALGO_EDDSA) es_fprintf (fp, "keyattr:%d:%d:%s:\n", i+1, info.key_attr[i].algo, info.key_attr[i].curve); es_fprintf (fp, "maxpinlen:%d:%d:%d:\n", info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]); es_fprintf (fp, "pinretry:%d:%d:%d:\n", info.chvretry[0], info.chvretry[1], info.chvretry[2]); es_fprintf (fp, "sigcount:%lu:::\n", info.sig_counter); for (i=0; i < 4; i++) { if (info.private_do[i]) { es_fprintf (fp, "private_do:%d:", i+1); es_write_sanitized (fp, info.private_do[i], strlen (info.private_do[i]), ":", NULL); es_fputs (":\n", fp); } } es_fputs ("cafpr:", fp); print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL); print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL); print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL); es_putc ('\n', fp); es_fputs ("fpr:", fp); print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL); print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL); print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL); es_putc ('\n', fp); es_fprintf (fp, "fprtime:%lu:%lu:%lu:\n", (unsigned long)info.fpr1time, (unsigned long)info.fpr2time, (unsigned long)info.fpr3time); } else { tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n", info.serialno[12] == '0'?"":info.serialno+12, info.serialno[13], info.serialno[14] == '0'?"":info.serialno+14, info.serialno[15]); tty_fprintf (fp, "Manufacturer .....: %s\n", get_manufacturer (xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18))); tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20); print_isoname (fp, "Name of cardholder: ", "name", info.disp_name); print_name (fp, "Language prefs ...: ", info.disp_lang); tty_fprintf (fp, "Sex ..............: %s\n", info.disp_sex == 1? _("male"): info.disp_sex == 2? _("female") : _("unspecified")); print_name (fp, "URL of public key : ", info.pubkey_url); print_name (fp, "Login data .......: ", info.login_data); if (info.private_do[0]) print_name (fp, "Private DO 1 .....: ", info.private_do[0]); if (info.private_do[1]) print_name (fp, "Private DO 2 .....: ", info.private_do[1]); if (info.private_do[2]) print_name (fp, "Private DO 3 .....: ", info.private_do[2]); if (info.private_do[3]) print_name (fp, "Private DO 4 .....: ", info.private_do[3]); if (info.cafpr1valid) { tty_fprintf (fp, "CA fingerprint %d .:", 1); print_sha1_fpr (fp, info.cafpr1); } if (info.cafpr2valid) { tty_fprintf (fp, "CA fingerprint %d .:", 2); print_sha1_fpr (fp, info.cafpr2); } if (info.cafpr3valid) { tty_fprintf (fp, "CA fingerprint %d .:", 3); print_sha1_fpr (fp, info.cafpr3); } tty_fprintf (fp, "Signature PIN ....: %s\n", info.chv1_cached? _("not forced"): _("forced")); if (info.key_attr[0].algo) { tty_fprintf (fp, "Key attributes ...:"); for (i=0; i < DIM (info.key_attr); i++) if (info.key_attr[i].algo == PUBKEY_ALGO_RSA) tty_fprintf (fp, " rsa%u", info.key_attr[i].nbits); else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH || info.key_attr[i].algo == PUBKEY_ALGO_ECDSA || info.key_attr[i].algo == PUBKEY_ALGO_EDDSA) { const char *curve_for_print = "?"; if (info.key_attr[i].curve) { const char *oid; oid = openpgp_curve_to_oid (info.key_attr[i].curve, NULL); if (oid) curve_for_print = openpgp_oid_to_curve (oid, 0); } tty_fprintf (fp, " %s", curve_for_print); } tty_fprintf (fp, "\n"); } tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n", info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]); tty_fprintf (fp, "PIN retry counter : %d %d %d\n", info.chvretry[0], info.chvretry[1], info.chvretry[2]); tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter); tty_fprintf (fp, "Signature key ....:"); print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL); if (info.fpr1valid && info.fpr1time) tty_fprintf (fp, " created ....: %s\n", isotimestamp (info.fpr1time)); tty_fprintf (fp, "Encryption key....:"); print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL); if (info.fpr2valid && info.fpr2time) tty_fprintf (fp, " created ....: %s\n", isotimestamp (info.fpr2time)); tty_fprintf (fp, "Authentication key:"); print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL); if (info.fpr3valid && info.fpr3time) tty_fprintf (fp, " created ....: %s\n", isotimestamp (info.fpr3time)); tty_fprintf (fp, "General key info..: "); thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 : info.fpr3valid? info.fpr3 : NULL); /* If the fingerprint is all 0xff, the key has no asssociated OpenPGP certificate. */ if ( thefpr && !fpr_is_ff (thefpr) && !get_pubkey_byfprint (ctrl, pk, &keyblock, thefpr, 20)) { print_pubkey_info (ctrl, fp, pk); if (keyblock) print_card_key_info (fp, keyblock); } else tty_fprintf (fp, "[none]\n"); } release_kbnode (keyblock); free_public_key (pk); agent_release_card_info (&info); } /* Print all available information for specific card with SERIALNO. Print all available information for current card when SERIALNO is NULL. Or print llfor all cards when SERIALNO is "all". */ void card_status (ctrl_t ctrl, estream_t fp, const char *serialno) { int err; strlist_t card_list, sl; char *serialno0; int all_cards = 0; if (serialno == NULL) { current_card_status (ctrl, fp, NULL, 0); return; } if (!strcmp (serialno, "all")) all_cards = 1; err = agent_scd_serialno (&serialno0, NULL); if (err) { if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose) log_info (_("error getting serial number of card: %s\n"), gpg_strerror (err)); /* Nothing available. */ return; } err = agent_scd_cardlist (&card_list); for (sl = card_list; sl; sl = sl->next) { char *serialno1; if (!all_cards && strcmp (serialno, sl->d)) continue; err = agent_scd_serialno (&serialno1, sl->d); if (err) { if (opt.verbose) log_info (_("error getting serial number of card: %s\n"), gpg_strerror (err)); continue; } current_card_status (ctrl, fp, NULL, 0); xfree (serialno1); if (!all_cards) goto leave; } /* Select the original card again. */ err = agent_scd_serialno (&serialno0, serialno0); leave: xfree (serialno0); free_strlist (card_list); } static char * get_one_name (const char *prompt1, const char *prompt2) { char *name; int i; for (;;) { name = cpr_get (prompt1, prompt2); if (!name) return NULL; trim_spaces (name); cpr_kill_prompt (); for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++) ; /* The name must be in Latin-1 and not UTF-8 - lacking the code to ensure this we restrict it to ASCII. */ if (name[i]) tty_printf (_("Error: Only plain ASCII is currently allowed.\n")); else if (strchr (name, '<')) tty_printf (_("Error: The \"<\" character may not be used.\n")); else if (strstr (name, " ")) tty_printf (_("Error: Double spaces are not allowed.\n")); else return name; xfree (name); } } static int change_name (void) { char *surname = NULL, *givenname = NULL; char *isoname, *p; int rc; surname = get_one_name ("keygen.smartcard.surname", _("Cardholder's surname: ")); givenname = get_one_name ("keygen.smartcard.givenname", _("Cardholder's given name: ")); if (!surname || !givenname || (!*surname && !*givenname)) { xfree (surname); xfree (givenname); return -1; /*canceled*/ } isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1); strcpy (stpcpy (stpcpy (isoname, surname), "<<"), givenname); xfree (surname); xfree (givenname); for (p=isoname; *p; p++) if (*p == ' ') *p = '<'; if (strlen (isoname) > 39 ) { tty_printf (_("Error: Combined name too long " "(limit is %d characters).\n"), 39); xfree (isoname); return -1; } rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname), NULL ); if (rc) log_error ("error setting Name: %s\n", gpg_strerror (rc)); xfree (isoname); return rc; } static int change_url (void) { char *url; int rc; url = cpr_get ("cardedit.change_url", _("URL to retrieve public key: ")); if (!url) return -1; trim_spaces (url); cpr_kill_prompt (); rc = agent_scd_setattr ("PUBKEY-URL", url, strlen (url), NULL ); if (rc) log_error ("error setting URL: %s\n", gpg_strerror (rc)); xfree (url); write_sc_op_status (rc); return rc; } /* Fetch the key from the URL given on the card or try to get it from the default keyserver. */ static int fetch_url (ctrl_t ctrl) { int rc; struct agent_card_info_s info; memset(&info,0,sizeof(info)); rc=agent_scd_getattr("PUBKEY-URL",&info); if(rc) log_error("error retrieving URL from card: %s\n",gpg_strerror(rc)); else { rc=agent_scd_getattr("KEY-FPR",&info); if(rc) log_error("error retrieving key fingerprint from card: %s\n", gpg_strerror(rc)); else if (info.pubkey_url && *info.pubkey_url) { strlist_t sl = NULL; add_to_strlist (&sl, info.pubkey_url); rc = keyserver_fetch (ctrl, sl, KEYORG_URL); free_strlist (sl); } else if (info.fpr1valid) { rc = keyserver_import_fprint (ctrl, info.fpr1, 20, opt.keyserver, 0); } } return rc; } #define MAX_GET_DATA_FROM_FILE 16384 /* Read data from file FNAME up to MAX_GET_DATA_FROM_FILE characters. On error return -1 and store NULL at R_BUFFER; on success return the number of bytes read and store the address of a newly allocated buffer at R_BUFFER. */ static int get_data_from_file (const char *fname, char **r_buffer) { estream_t fp; char *data; int n; *r_buffer = NULL; fp = es_fopen (fname, "rb"); #if GNUPG_MAJOR_VERSION == 1 if (fp && is_secured_file (fileno (fp))) { fclose (fp); fp = NULL; errno = EPERM; } #endif if (!fp) { tty_printf (_("can't open '%s': %s\n"), fname, strerror (errno)); return -1; } data = xtrymalloc (MAX_GET_DATA_FROM_FILE); if (!data) { tty_printf (_("error allocating enough memory: %s\n"), strerror (errno)); es_fclose (fp); return -1; } n = es_fread (data, 1, MAX_GET_DATA_FROM_FILE, fp); es_fclose (fp); if (n < 0) { tty_printf (_("error reading '%s': %s\n"), fname, strerror (errno)); xfree (data); return -1; } *r_buffer = data; return n; } /* Write LENGTH bytes from BUFFER to file FNAME. Return 0 on success. */ static int put_data_to_file (const char *fname, const void *buffer, size_t length) { estream_t fp; fp = es_fopen (fname, "wb"); #if GNUPG_MAJOR_VERSION == 1 if (fp && is_secured_file (fileno (fp))) { fclose (fp); fp = NULL; errno = EPERM; } #endif if (!fp) { tty_printf (_("can't create '%s': %s\n"), fname, strerror (errno)); return -1; } if (length && es_fwrite (buffer, length, 1, fp) != 1) { tty_printf (_("error writing '%s': %s\n"), fname, strerror (errno)); es_fclose (fp); return -1; } es_fclose (fp); return 0; } static int change_login (const char *args) { char *data; int n; int rc; if (args && *args == '<') /* Read it from a file */ { for (args++; spacep (args); args++) ; n = get_data_from_file (args, &data); if (n < 0) return -1; } else { data = cpr_get ("cardedit.change_login", _("Login data (account name): ")); if (!data) return -1; trim_spaces (data); cpr_kill_prompt (); n = strlen (data); } rc = agent_scd_setattr ("LOGIN-DATA", data, n, NULL ); if (rc) log_error ("error setting login data: %s\n", gpg_strerror (rc)); xfree (data); write_sc_op_status (rc); return rc; } static int change_private_do (const char *args, int nr) { char do_name[] = "PRIVATE-DO-X"; char *data; int n; int rc; log_assert (nr >= 1 && nr <= 4); do_name[11] = '0' + nr; if (args && (args = strchr (args, '<'))) /* Read it from a file */ { for (args++; spacep (args); args++) ; n = get_data_from_file (args, &data); if (n < 0) return -1; } else { data = cpr_get ("cardedit.change_private_do", _("Private DO data: ")); if (!data) return -1; trim_spaces (data); cpr_kill_prompt (); n = strlen (data); } rc = agent_scd_setattr (do_name, data, n, NULL ); if (rc) log_error ("error setting private DO: %s\n", gpg_strerror (rc)); xfree (data); write_sc_op_status (rc); return rc; } static int change_cert (const char *args) { char *data; int n; int rc; if (args && *args == '<') /* Read it from a file */ { for (args++; spacep (args); args++) ; n = get_data_from_file (args, &data); if (n < 0) return -1; } else { tty_printf ("usage error: redirection to file required\n"); return -1; } rc = agent_scd_writecert ("OPENPGP.3", data, n); if (rc) log_error ("error writing certificate to card: %s\n", gpg_strerror (rc)); xfree (data); write_sc_op_status (rc); return rc; } static int read_cert (const char *args) { const char *fname; void *buffer; size_t length; int rc; if (args && *args == '>') /* Write it to a file */ { for (args++; spacep (args); args++) ; fname = args; } else { tty_printf ("usage error: redirection to file required\n"); return -1; } rc = agent_scd_readcert ("OPENPGP.3", &buffer, &length); if (rc) log_error ("error reading certificate from card: %s\n", gpg_strerror (rc)); else rc = put_data_to_file (fname, buffer, length); xfree (buffer); write_sc_op_status (rc); return rc; } static int change_lang (void) { char *data, *p; int rc; data = cpr_get ("cardedit.change_lang", _("Language preferences: ")); if (!data) return -1; trim_spaces (data); cpr_kill_prompt (); if (strlen (data) > 8 || (strlen (data) & 1)) { tty_printf (_("Error: invalid length of preference string.\n")); xfree (data); return -1; } for (p=data; *p && *p >= 'a' && *p <= 'z'; p++) ; if (*p) { tty_printf (_("Error: invalid characters in preference string.\n")); xfree (data); return -1; } rc = agent_scd_setattr ("DISP-LANG", data, strlen (data), NULL ); if (rc) log_error ("error setting lang: %s\n", gpg_strerror (rc)); xfree (data); write_sc_op_status (rc); return rc; } static int change_sex (void) { char *data; const char *str; int rc; data = cpr_get ("cardedit.change_sex", _("Sex ((M)ale, (F)emale or space): ")); if (!data) return -1; trim_spaces (data); cpr_kill_prompt (); if (!*data) str = "9"; else if ((*data == 'M' || *data == 'm') && !data[1]) str = "1"; else if ((*data == 'F' || *data == 'f') && !data[1]) str = "2"; else { tty_printf (_("Error: invalid response.\n")); xfree (data); return -1; } rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL ); if (rc) log_error ("error setting sex: %s\n", gpg_strerror (rc)); xfree (data); write_sc_op_status (rc); return rc; } static int change_cafpr (int fprno) { char *data; const char *s; int i, c, rc; - unsigned char fpr[20]; + unsigned char fpr[MAX_FINGERPRINT_LEN]; + int fprlen; data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: ")); if (!data) return -1; trim_spaces (data); cpr_kill_prompt (); - for (i=0, s=data; i < 20 && *s; ) + for (i=0, s=data; i < MAX_FINGERPRINT_LEN && *s; ) { while (spacep(s)) s++; if (*s == ':') s++; while (spacep(s)) s++; c = hextobyte (s); if (c == -1) break; fpr[i++] = c; s += 2; } + fprlen = i; xfree (data); - if (i != 20 || *s) + if ((fprlen != 20 && fprlen != 32) || *s) { tty_printf (_("Error: invalid formatted fingerprint.\n")); return -1; } rc = agent_scd_setattr (fprno==1?"CA-FPR-1": fprno==2?"CA-FPR-2": - fprno==3?"CA-FPR-3":"x", fpr, 20, NULL ); + fprno==3?"CA-FPR-3":"x", fpr, fprlen, NULL ); if (rc) log_error ("error setting cafpr: %s\n", gpg_strerror (rc)); write_sc_op_status (rc); return rc; } static void toggle_forcesig (void) { struct agent_card_info_s info; int rc; int newstate; memset (&info, 0, sizeof info); rc = agent_scd_getattr ("CHV-STATUS", &info); if (rc) { log_error ("error getting current status: %s\n", gpg_strerror (rc)); return; } newstate = !info.chv1_cached; agent_release_card_info (&info); rc = agent_scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1, NULL); if (rc) log_error ("error toggling signature PIN flag: %s\n", gpg_strerror (rc)); write_sc_op_status (rc); } /* Helper for the key generation/edit functions. */ static int get_info_for_key_operation (struct agent_card_info_s *info) { int rc; memset (info, 0, sizeof *info); rc = agent_scd_getattr ("SERIALNO", info); if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12) || strlen (info->serialno) != 32 ) { log_error (_("key operation not possible: %s\n"), rc ? gpg_strerror (rc) : _("not an OpenPGP card")); return rc? rc: -1; } rc = agent_scd_getattr ("KEY-FPR", info); if (!rc) rc = agent_scd_getattr ("CHV-STATUS", info); if (!rc) rc = agent_scd_getattr ("DISP-NAME", info); if (!rc) rc = agent_scd_getattr ("EXTCAP", info); if (!rc) rc = agent_scd_getattr ("KEY-ATTR", info); if (rc) log_error (_("error getting current key info: %s\n"), gpg_strerror (rc)); return rc; } /* Helper for the key generation/edit functions. */ static int check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1) { int rc = 0; agent_clear_pin_cache (info->serialno); *forced_chv1 = !info->chv1_cached; if (*forced_chv1) { /* Switch off the forced mode so that during key generation we don't get bothered with PIN queries for each self-signature. */ rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1, info->serialno); if (rc) { log_error ("error clearing forced signature PIN flag: %s\n", gpg_strerror (rc)); *forced_chv1 = 0; } } if (!rc) { /* Check the PIN now, so that we won't get asked later for each binding signature. */ rc = agent_scd_checkpin (info->serialno); if (rc) { log_error ("error checking the PIN: %s\n", gpg_strerror (rc)); write_sc_op_status (rc); } } return rc; } /* Helper for the key generation/edit functions. */ static void restore_forced_chv1 (int *forced_chv1) { int rc; if (*forced_chv1) { /* Switch back to forced state. */ rc = agent_scd_setattr ("CHV-STATUS-1", "", 1, NULL); if (rc) { log_error ("error setting forced signature PIN flag: %s\n", gpg_strerror (rc)); } } } /* Helper for the key generation/edit functions. */ static void show_card_key_info (struct agent_card_info_s *info) { tty_fprintf (NULL, "Signature key ....:"); print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL); tty_fprintf (NULL, "Encryption key....:"); print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL); tty_fprintf (NULL, "Authentication key:"); print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL); tty_printf ("\n"); } /* Helper for the key generation/edit functions. */ static int replace_existing_key_p (struct agent_card_info_s *info, int keyno) { log_assert (keyno >= 0 && keyno <= 3); if ((keyno == 1 && info->fpr1valid) || (keyno == 2 && info->fpr2valid) || (keyno == 3 && info->fpr3valid)) { tty_printf ("\n"); log_info ("WARNING: such a key has already been stored on the card!\n"); tty_printf ("\n"); if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key", _("Replace existing key? (y/N) "))) return -1; return 1; } return 0; } static void show_keysize_warning (void) { static int shown; if (shown) return; shown = 1; tty_printf (_("Note: There is no guarantee that the card " "supports the requested size.\n" " If the key generation does not succeed, " "please check the\n" " documentation of your card to see what " "sizes are allowed.\n")); } /* Ask for the size of a card key. NBITS is the current size configured for the card. KEYNO is the number of the key used to select the prompt. Returns 0 to use the default size (i.e. NBITS) or the selected size. */ static unsigned int ask_card_rsa_keysize (int keyno, unsigned int nbits) { unsigned int min_nbits = 1024; unsigned int max_nbits = 4096; char *prompt, *answer; unsigned int req_nbits; for (;;) { prompt = xasprintf (keyno == 0? _("What keysize do you want for the Signature key? (%u) "): keyno == 1? _("What keysize do you want for the Encryption key? (%u) "): _("What keysize do you want for the Authentication key? (%u) "), nbits); answer = cpr_get ("cardedit.genkeys.size", prompt); cpr_kill_prompt (); req_nbits = *answer? atoi (answer): nbits; xfree (prompt); xfree (answer); if (req_nbits != nbits && (req_nbits % 32) ) { req_nbits = ((req_nbits + 31) / 32) * 32; tty_printf (_("rounded up to %u bits\n"), req_nbits); } if (req_nbits == nbits) return 0; /* Use default. */ if (req_nbits < min_nbits || req_nbits > max_nbits) { tty_printf (_("%s keysizes must be in the range %u-%u\n"), "RSA", min_nbits, max_nbits); } else { tty_printf (_("The card will now be re-configured " "to generate a key of %u bits\n"), req_nbits); show_keysize_warning (); return req_nbits; } } } /* Change the size of key KEYNO (0..2) to NBITS and show an error message if that fails. */ static gpg_error_t do_change_rsa_keysize (int keyno, unsigned int nbits) { gpg_error_t err; char args[100]; snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits); err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL); if (err) log_error (_("error changing size of key %d to %u bits: %s\n"), keyno+1, nbits, gpg_strerror (err)); return err; } static void generate_card_keys (ctrl_t ctrl) { struct agent_card_info_s info; int forced_chv1; int want_backup; int keyno; if (get_info_for_key_operation (&info)) return; if (info.extcap.ki) { char *answer; /* FIXME: Should be something like cpr_get_bool so that a status GET_BOOL will be emitted. */ answer = cpr_get ("cardedit.genkeys.backup_enc", _("Make off-card backup of encryption key? (Y/n) ")); want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/); cpr_kill_prompt (); xfree (answer); } else want_backup = 0; if ( (info.fpr1valid && !fpr_is_zero (info.fpr1)) || (info.fpr2valid && !fpr_is_zero (info.fpr2)) || (info.fpr3valid && !fpr_is_zero (info.fpr3))) { tty_printf ("\n"); log_info (_("Note: keys are already stored on the card!\n")); tty_printf ("\n"); if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys", _("Replace existing keys? (y/N) "))) { agent_release_card_info (&info); return; } } /* If no displayed name has been set, we assume that this is a fresh card and print a hint about the default PINs. */ if (!info.disp_name || !*info.disp_name) { tty_printf ("\n"); tty_printf (_("Please note that the factory settings of the PINs are\n" " PIN = '%s' Admin PIN = '%s'\n" "You should change them using the command --change-pin\n"), "123456", "12345678"); tty_printf ("\n"); } if (check_pin_for_key_operation (&info, &forced_chv1)) goto leave; /* If the cards features changeable key attributes, we ask for the key size. */ if (info.is_v2 && info.extcap.aac) { unsigned int nbits; for (keyno = 0; keyno < DIM (info.key_attr); keyno++) { if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA) { nbits = ask_card_rsa_keysize (keyno, info.key_attr[keyno].nbits); if (nbits && do_change_rsa_keysize (keyno, nbits)) { /* Error: Better read the default key size again. */ agent_release_card_info (&info); if (get_info_for_key_operation (&info)) goto leave; /* Ask again for this key size. */ keyno--; } } } /* Note that INFO has not be synced. However we will only use the serialnumber and thus it won't harm. */ } generate_keypair (ctrl, 1, NULL, info.serialno, want_backup); leave: agent_release_card_info (&info); restore_forced_chv1 (&forced_chv1); } /* This function is used by the key edit menu to generate an arbitrary subkey. */ gpg_error_t card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock) { gpg_error_t err; struct agent_card_info_s info; int forced_chv1 = 0; int keyno; err = get_info_for_key_operation (&info); if (err) return err; show_card_key_info (&info); tty_printf (_("Please select the type of key to generate:\n")); tty_printf (_(" (1) Signature key\n")); tty_printf (_(" (2) Encryption key\n")); tty_printf (_(" (3) Authentication key\n")); for (;;) { char *answer = cpr_get ("cardedit.genkeys.subkeytype", _("Your selection? ")); cpr_kill_prompt(); if (*answer == CONTROL_D) { xfree (answer); err = gpg_error (GPG_ERR_CANCELED); goto leave; } keyno = *answer? atoi(answer): 0; xfree(answer); if (keyno >= 1 && keyno <= 3) break; /* Okay. */ tty_printf(_("Invalid selection.\n")); } if (replace_existing_key_p (&info, keyno) < 0) { err = gpg_error (GPG_ERR_CANCELED); goto leave; } err = check_pin_for_key_operation (&info, &forced_chv1); if (err) goto leave; /* If the cards features changeable key attributes, we ask for the key size. */ if (info.is_v2 && info.extcap.aac) { if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA) { unsigned int nbits; ask_again: nbits = ask_card_rsa_keysize (keyno-1, info.key_attr[keyno-1].nbits); if (nbits && do_change_rsa_keysize (keyno-1, nbits)) { /* Error: Better read the default key size again. */ agent_release_card_info (&info); err = get_info_for_key_operation (&info); if (err) goto leave; goto ask_again; } } /* Note that INFO has not be synced. However we will only use the serialnumber and thus it won't harm. */ } err = generate_card_subkeypair (ctrl, pub_keyblock, keyno, info.serialno); leave: agent_release_card_info (&info); restore_forced_chv1 (&forced_chv1); return err; } /* Store the key at NODE into the smartcard and modify NODE to carry the serialno stuff instead of the actual secret key parameters. USE is the usage for that key; 0 means any usage. */ int card_store_subkey (KBNODE node, int use) { struct agent_card_info_s info; int okay = 0; unsigned int nbits; int allow_keyno[3]; int keyno; PKT_public_key *pk; gpg_error_t err; char *hexgrip; int rc; gnupg_isotime_t timebuf; log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY); pk = node->pkt->pkt.public_key; if (get_info_for_key_operation (&info)) return 0; if (!info.extcap.ki) { tty_printf ("The card does not support the import of keys\n"); tty_printf ("\n"); goto leave; } nbits = nbits_from_pk (pk); if (!info.is_v2 && nbits != 1024) { tty_printf ("You may only store a 1024 bit RSA key on the card\n"); tty_printf ("\n"); goto leave; } allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT))); allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); tty_printf (_("Please select where to store the key:\n")); if (allow_keyno[0]) tty_printf (_(" (1) Signature key\n")); if (allow_keyno[1]) tty_printf (_(" (2) Encryption key\n")); if (allow_keyno[2]) tty_printf (_(" (3) Authentication key\n")); for (;;) { char *answer = cpr_get ("cardedit.genkeys.storekeytype", _("Your selection? ")); cpr_kill_prompt(); if (*answer == CONTROL_D || !*answer) { xfree (answer); goto leave; } keyno = *answer? atoi(answer): 0; xfree(answer); if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1]) { if (info.is_v2 && !info.extcap.aac && info.key_attr[keyno-1].nbits != nbits) { tty_printf ("Key does not match the card's capability.\n"); } else break; /* Okay. */ } else tty_printf(_("Invalid selection.\n")); } if ((rc = replace_existing_key_p (&info, keyno)) < 0) goto leave; err = hexkeygrip_from_pk (pk, &hexgrip); if (err) goto leave; epoch2isotime (timebuf, (time_t)pk->timestamp); rc = agent_keytocard (hexgrip, keyno, rc, info.serialno, timebuf); if (rc) log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc)); else okay = 1; xfree (hexgrip); leave: agent_release_card_info (&info); return okay; } /* Direct sending of an hex encoded APDU with error printing. */ static gpg_error_t send_apdu (const char *hexapdu, const char *desc, unsigned int ignore) { gpg_error_t err; unsigned int sw; err = agent_scd_apdu (hexapdu, &sw); if (err) tty_printf ("sending card command %s failed: %s\n", desc, gpg_strerror (err)); else if (!hexapdu || !strcmp (hexapdu, "undefined")) ; else if (ignore == 0xffff) ; /* Ignore all status words. */ else if (sw != 0x9000) { switch (sw) { case 0x6285: err = gpg_error (GPG_ERR_OBJ_TERM_STATE); break; case 0x6982: err = gpg_error (GPG_ERR_BAD_PIN); break; case 0x6985: err = gpg_error (GPG_ERR_USE_CONDITIONS); break; default: err = gpg_error (GPG_ERR_CARD); } if (!(ignore && ignore == sw)) tty_printf ("card command %s failed: %s (0x%04x)\n", desc, gpg_strerror (err), sw); } return err; } /* Do a factory reset after confirmation. */ static void factory_reset (void) { struct agent_card_info_s info; gpg_error_t err; char *answer = NULL; int termstate = 0; int i; /* The code below basically does the same what this gpg-connect-agent script does: scd reset scd serialno undefined scd apdu 00 A4 04 00 06 D2 76 00 01 24 01 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 scd apdu 00 e6 00 00 scd reset scd serialno undefined scd apdu 00 A4 04 00 06 D2 76 00 01 24 01 scd apdu 00 44 00 00 /echo Card has been reset to factory defaults but tries to find out something about the card first. */ err = agent_scd_learn (&info, 0); if (gpg_err_code (err) == GPG_ERR_OBJ_TERM_STATE && gpg_err_source (err) == GPG_ERR_SOURCE_SCD) termstate = 1; else if (err) { log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err)); return; } if (!termstate) { log_info (_("OpenPGP card no. %s detected\n"), info.serialno? info.serialno : "[none]"); if (!(info.status_indicator == 3 || info.status_indicator == 5)) { /* Note: We won't see status-indicator 3 here because it is not possible to select a card application in termination state. */ log_error (_("This command is not supported by this card\n")); goto leave; } tty_printf ("\n"); log_info (_("Note: This command destroys all keys stored on the card!\n")); tty_printf ("\n"); if (!cpr_get_answer_is_yes ("cardedit.factory-reset.proceed", _("Continue? (y/N) "))) goto leave; answer = cpr_get ("cardedit.factory-reset.really", _("Really do a factory reset? (enter \"yes\") ")); cpr_kill_prompt (); trim_spaces (answer); if (strcmp (answer, "yes")) goto leave; /* We need to select a card application before we can send APDUs to the card without scdaemon doing anything on its own. */ err = send_apdu (NULL, "RESET", 0); if (err) goto leave; err = send_apdu ("undefined", "dummy select ", 0); if (err) goto leave; /* Select the OpenPGP application. */ err = send_apdu ("00A4040006D27600012401", "SELECT AID", 0); if (err) goto leave; /* Do some dummy verifies with wrong PINs to set the retry counter to zero. We can't easily use the card version 2.1 feature of presenting the admin PIN to allow the terminate command because there is no machinery in scdaemon to catch the verify command and ask for the PIN when the "APDU" command is used. */ for (i=0; i < 4; i++) send_apdu ("00200081084040404040404040", "VERIFY", 0xffff); for (i=0; i < 4; i++) send_apdu ("00200083084040404040404040", "VERIFY", 0xffff); /* Send terminate datafile command. */ err = send_apdu ("00e60000", "TERMINATE DF", 0x6985); if (err) goto leave; } /* The card is in termination state - reset and select again. */ err = send_apdu (NULL, "RESET", 0); if (err) goto leave; err = send_apdu ("undefined", "dummy select", 0); if (err) goto leave; /* Select the OpenPGP application. (no error checking here). */ send_apdu ("00A4040006D27600012401", "SELECT AID", 0xffff); /* Send activate datafile command. This is used without confirmation if the card is already in termination state. */ err = send_apdu ("00440000", "ACTIVATE DF", 0); if (err) goto leave; /* Finally we reset the card reader once more. */ err = send_apdu (NULL, "RESET", 0); if (err) goto leave; leave: xfree (answer); agent_release_card_info (&info); } /* Data used by the command parser. This needs to be outside of the function scope to allow readline based command completion. */ enum cmdids { cmdNOP = 0, cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdDEBUG, cmdVERIFY, cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR, cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT, cmdREADCERT, cmdUNBLOCK, cmdFACTORYRESET, cmdINVCMD }; static struct { const char *name; enum cmdids id; int admin_only; const char *desc; } cmds[] = { { "quit" , cmdQUIT , 0, N_("quit this menu")}, { "q" , cmdQUIT , 0, NULL }, { "admin" , cmdADMIN , 0, N_("show admin commands")}, { "help" , cmdHELP , 0, N_("show this help")}, { "?" , cmdHELP , 0, NULL }, { "list" , cmdLIST , 0, N_("list all available data")}, { "l" , cmdLIST , 0, NULL }, { "debug" , cmdDEBUG , 0, NULL }, { "name" , cmdNAME , 1, N_("change card holder's name")}, { "url" , cmdURL , 1, N_("change URL to retrieve key")}, { "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")}, { "login" , cmdLOGIN , 1, N_("change the login name")}, { "lang" , cmdLANG , 1, N_("change the language preferences")}, { "sex" , cmdSEX , 1, N_("change card holder's sex")}, { "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")}, { "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")}, { "generate", cmdGENERATE, 1, N_("generate new keys")}, { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")}, { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")}, { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code") }, { "factory-reset", cmdFACTORYRESET, 1, N_("destroy all keys and data")}, /* Note, that we do not announce these command yet. */ { "privatedo", cmdPRIVATEDO, 0, NULL }, { "readcert", cmdREADCERT, 0, NULL }, { "writecert", cmdWRITECERT, 1, NULL }, { NULL, cmdINVCMD, 0, NULL } }; #ifdef HAVE_LIBREADLINE /* These two functions are used by readline for command completion. */ static char * command_generator(const char *text,int state) { static int list_index,len; const char *name; /* If this is a new word to complete, initialize now. This includes saving the length of TEXT for efficiency, and initializing the index variable to 0. */ if(!state) { list_index=0; len=strlen(text); } /* Return the next partial match */ while((name=cmds[list_index].name)) { /* Only complete commands that have help text */ if(cmds[list_index++].desc && strncmp(name,text,len)==0) return strdup(name); } return NULL; } static char ** card_edit_completion(const char *text, int start, int end) { (void)end; /* If we are at the start of a line, we try and command-complete. If not, just do nothing for now. */ if(start==0) return rl_completion_matches(text,command_generator); rl_attempted_completion_over=1; return NULL; } #endif /*HAVE_LIBREADLINE*/ /* Menu to edit all user changeable values on an OpenPGP card. Only Key creation is not handled here. */ void card_edit (ctrl_t ctrl, strlist_t commands) { enum cmdids cmd = cmdNOP; int have_commands = !!commands; int redisplay = 1; char *answer = NULL; int allow_admin=0; char serialnobuf[50]; if (opt.command_fd != -1) ; else if (opt.batch && !have_commands) { log_error(_("can't do this in batch mode\n")); goto leave; } for (;;) { int arg_number; const char *arg_string = ""; const char *arg_rest = ""; char *p; int i; int cmd_admin_only; tty_printf("\n"); if (redisplay) { if (opt.with_colons) { current_card_status (ctrl, es_stdout, serialnobuf, DIM (serialnobuf)); fflush (stdout); } else { current_card_status (ctrl, NULL, serialnobuf, DIM (serialnobuf)); tty_printf("\n"); } redisplay = 0; } do { xfree (answer); if (have_commands) { if (commands) { answer = xstrdup (commands->d); commands = commands->next; } else if (opt.batch) { answer = xstrdup ("quit"); } else have_commands = 0; } if (!have_commands) { tty_enable_completion (card_edit_completion); answer = cpr_get_no_help("cardedit.prompt", _("gpg/card> ")); cpr_kill_prompt(); tty_disable_completion (); } trim_spaces(answer); } while ( *answer == '#' ); arg_number = 0; /* Yes, here is the init which egcc complains about */ cmd_admin_only = 0; if (!*answer) cmd = cmdLIST; /* Default to the list command */ else if (*answer == CONTROL_D) cmd = cmdQUIT; else { if ((p=strchr (answer,' '))) { *p++ = 0; trim_spaces (answer); trim_spaces (p); arg_number = atoi(p); arg_string = p; arg_rest = p; while (digitp (arg_rest)) arg_rest++; while (spacep (arg_rest)) arg_rest++; } for (i=0; cmds[i].name; i++ ) if (!ascii_strcasecmp (answer, cmds[i].name )) break; cmd = cmds[i].id; cmd_admin_only = cmds[i].admin_only; } if (!allow_admin && cmd_admin_only) { tty_printf ("\n"); tty_printf (_("Admin-only command\n")); continue; } switch (cmd) { case cmdHELP: for (i=0; cmds[i].name; i++ ) if(cmds[i].desc && (!cmds[i].admin_only || (cmds[i].admin_only && allow_admin))) tty_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) ); break; case cmdADMIN: if ( !strcmp (arg_string, "on") ) allow_admin = 1; else if ( !strcmp (arg_string, "off") ) allow_admin = 0; else if ( !strcmp (arg_string, "verify") ) { /* Force verification of the Admin Command. However, this is only done if the retry counter is at initial state. */ char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1); strcpy (stpcpy (tmp, serialnobuf), "[CHV3]"); allow_admin = !agent_scd_checkpin (tmp); xfree (tmp); } else /* Toggle. */ allow_admin=!allow_admin; if(allow_admin) tty_printf(_("Admin commands are allowed\n")); else tty_printf(_("Admin commands are not allowed\n")); break; case cmdVERIFY: agent_scd_checkpin (serialnobuf); redisplay = 1; break; case cmdLIST: redisplay = 1; break; case cmdNAME: change_name (); break; case cmdURL: change_url (); break; case cmdFETCH: fetch_url (ctrl); break; case cmdLOGIN: change_login (arg_string); break; case cmdLANG: change_lang (); break; case cmdSEX: change_sex (); break; case cmdCAFPR: if ( arg_number < 1 || arg_number > 3 ) tty_printf ("usage: cafpr N\n" " 1 <= N <= 3\n"); else change_cafpr (arg_number); break; case cmdPRIVATEDO: if ( arg_number < 1 || arg_number > 4 ) tty_printf ("usage: privatedo N\n" " 1 <= N <= 4\n"); else change_private_do (arg_string, arg_number); break; case cmdWRITECERT: if ( arg_number != 3 ) tty_printf ("usage: writecert 3 < FILE\n"); else change_cert (arg_rest); break; case cmdREADCERT: if ( arg_number != 3 ) tty_printf ("usage: readcert 3 > FILE\n"); else read_cert (arg_rest); break; case cmdFORCESIG: toggle_forcesig (); break; case cmdGENERATE: generate_card_keys (ctrl); break; case cmdPASSWD: change_pin (0, allow_admin); break; case cmdUNBLOCK: change_pin (1, allow_admin); break; case cmdFACTORYRESET: factory_reset (); break; case cmdQUIT: goto leave; case cmdNOP: break; case cmdINVCMD: default: tty_printf ("\n"); tty_printf (_("Invalid command (try \"help\")\n")); break; } /* End command switch. */ } /* End of main menu loop. */ leave: xfree (answer); } diff --git a/g10/cipher.c b/g10/cipher.c index 655937f07..7031d93eb 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -1,162 +1,162 @@ /* cipher.c - En-/De-ciphering filter * Copyright (C) 1998, 1999, 2000, 2001, 2003, * 2006, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #include "gpg.h" #include "../common/status.h" #include "../common/iobuf.h" #include "../common/util.h" #include "filter.h" #include "packet.h" #include "options.h" #include "main.h" #include "../common/status.h" #define MIN_PARTIAL_SIZE 512 static void write_header( cipher_filter_context_t *cfx, IOBUF a ) { gcry_error_t err; PACKET pkt; PKT_encrypted ed; byte temp[18]; unsigned int blocksize; unsigned int nprefix; blocksize = openpgp_cipher_get_algo_blklen (cfx->dek->algo); if ( blocksize < 8 || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.extralen = blocksize+2; ed.new_ctb = !ed.len; if( cfx->dek->use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0); if ( DBG_HASHING ) gcry_md_debug (cfx->mdc_hash, "creatmdc"); } { char buf[20]; - sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo); + snprintf (buf, sizeof buf, "%d %d", ed.mdc_method, cfx->dek->algo); write_status_text (STATUS_BEGIN_ENCRYPTION, buf); } init_packet( &pkt ); pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; if( build_packet( a, &pkt )) log_bug("build_packet(ENCR_DATA) failed\n"); nprefix = blocksize; gcry_randomize (temp, nprefix, GCRY_STRONG_RANDOM ); temp[nprefix] = temp[nprefix-2]; temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); err = openpgp_cipher_open (&cfx->cipher_hd, cfx->dek->algo, GCRY_CIPHER_MODE_CFB, (GCRY_CIPHER_SECURE | ((cfx->dek->use_mdc || cfx->dek->algo >= 100)? 0 : GCRY_CIPHER_ENABLE_SYNC))); if (err) { /* We should never get an error here cause we already checked, * that the algorithm is available. */ BUG(); } /* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/ gcry_cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); gcry_cipher_setiv( cfx->cipher_hd, NULL, 0 ); /* log_hexdump( "prefix", temp, nprefix+2 ); */ if (cfx->mdc_hash) /* Hash the "IV". */ gcry_md_write (cfx->mdc_hash, temp, nprefix+2 ); gcry_cipher_encrypt (cfx->cipher_hd, temp, nprefix+2, NULL, 0); gcry_cipher_sync (cfx->cipher_hd); iobuf_write(a, temp, nprefix+2); cfx->header=1; } /**************** * This filter is used to en/de-cipher data with a conventional algorithm */ int cipher_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) { size_t size = *ret_len; cipher_filter_context_t *cfx = opaque; int rc=0; if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */ rc = -1; /* not yet used */ } else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */ log_assert(a); if( !cfx->header ) { write_header( cfx, a ); } if (cfx->mdc_hash) gcry_md_write (cfx->mdc_hash, buf, size); gcry_cipher_encrypt (cfx->cipher_hd, buf, size, NULL, 0); rc = iobuf_write( a, buf, size ); } else if( control == IOBUFCTRL_FREE ) { if( cfx->mdc_hash ) { byte *hash; int hashlen = gcry_md_get_algo_dlen (gcry_md_get_algo (cfx->mdc_hash)); byte temp[22]; log_assert( hashlen == 20 ); /* We must hash the prefix of the MDC packet here. */ temp[0] = 0xd3; temp[1] = 0x14; gcry_md_putc (cfx->mdc_hash, temp[0]); gcry_md_putc (cfx->mdc_hash, temp[1]); gcry_md_final (cfx->mdc_hash); hash = gcry_md_read (cfx->mdc_hash, 0); memcpy(temp+2, hash, 20); gcry_cipher_encrypt (cfx->cipher_hd, temp, 22, NULL, 0); gcry_md_close (cfx->mdc_hash); cfx->mdc_hash = NULL; if( iobuf_write( a, temp, 22 ) ) log_error("writing MDC packet failed\n" ); } gcry_cipher_close (cfx->cipher_hd); } else if( control == IOBUFCTRL_DESC ) { mem2str (buf, "cipher_filter", *ret_len); } return rc; } diff --git a/g10/gpg.h b/g10/gpg.h index 9b8b77ca0..03fe384aa 100644 --- a/g10/gpg.h +++ b/g10/gpg.h @@ -1,106 +1,107 @@ /* gpg.h - top level include file for gpg etc. * Copyright (C) 2003, 2006, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #ifndef GNUPG_G10_GPG_H #define GNUPG_G10_GPG_H /* Note, that this file should be the first one after the system header files. This is required to set the error source to the correct value and may be of advantage if we ever have to do special things. */ #ifdef GPG_ERR_SOURCE_DEFAULT #error GPG_ERR_SOURCE_DEFAULT already defined #endif #define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPG #define map_assuan_err(a) \ map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a)) #include #include /* Number of bits we accept when reading or writing MPIs. */ #define MAX_EXTERN_MPI_BITS 16384 /* The maximum length of a binary fingerprints. This is used to - provide a static buffer and will be increased if we need to support - longer fingerprints. - Warning: At some places we still use 20 instead of this macro. */ -#define MAX_FINGERPRINT_LEN 20 + * provide a static buffer and will be increased if we need to support + * longer fingerprints. Warning: At some places we have some + * assumption on a 20 byte fingerprint. + * Watch out for FIXME(fingerprint) */ +#define MAX_FINGERPRINT_LEN 32 /* The maximum length of a formatted fingerprint as returned by - format_hexfingerprint(). */ -#define MAX_FORMATTED_FINGERPRINT_LEN 50 + * format_hexfingerprint(). */ +#define MAX_FORMATTED_FINGERPRINT_LEN 59 /* Forward declarations. */ /* Object used to keep state locally to server.c . */ struct server_local_s; /* Object used to keep state locally to call-dirmngr.c . */ struct dirmngr_local_s; typedef struct dirmngr_local_s *dirmngr_local_t; /* Object used to describe a keyblock node. */ typedef struct kbnode_struct *KBNODE; /* Deprecated use kbnode_t. */ typedef struct kbnode_struct *kbnode_t; /* The handle for keydb operations. */ typedef struct keydb_handle *KEYDB_HANDLE; /* TOFU database meta object. */ struct tofu_dbs_s; typedef struct tofu_dbs_s *tofu_dbs_t; #if SIZEOF_UNSIGNED_LONG == 8 # define SERVER_CONTROL_MAGIC 0x53616c696e676572 #else # define SERVER_CONTROL_MAGIC 0x53616c69 #endif /* Session control object. This object is passed to most functions to convey the status of a session. Note that the defaults are set by gpg_init_default_ctrl(). */ struct server_control_s { /* Always has the value SERVER_CONTROL_MAGIC. */ unsigned long magic; /* Local data for server.c */ struct server_local_s *server_local; /* Local data for call-dirmngr.c */ dirmngr_local_t dirmngr_local; /* Local data for tofu.c */ struct { tofu_dbs_t dbs; int batch_updated_wanted; } tofu; /* This is used to cache a key data base handle. */ KEYDB_HANDLE cached_getkey_kdb; }; #endif /*GNUPG_G10_GPG_H*/ diff --git a/g10/keyid.c b/g10/keyid.c index de38580f2..78a5b0b70 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -1,978 +1,1012 @@ /* keyid.c - key ID and fingerprint handling * Copyright (C) 1998, 1999, 2000, 2001, 2003, * 2004, 2006, 2010 Free Software Foundation, Inc. * Copyright (C) 2014 Werner Koch * Copyright (C) 2016 g10 Code GmbH * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #include #include "gpg.h" #include "../common/util.h" #include "main.h" #include "packet.h" #include "options.h" #include "keydb.h" #include "../common/i18n.h" #include "rmd160.h" #include "../common/host2net.h" #define KEYID_STR_SIZE 19 #ifdef HAVE_UNSIGNED_TIME_T # define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1)) #else /* Error or 32 bit time_t and value after 2038-01-19. */ # define IS_INVALID_TIME_T(a) ((a) < 0) #endif /* Return a letter describing the public key algorithms. */ int pubkey_letter( int algo ) { switch (algo) { case PUBKEY_ALGO_RSA: return 'R' ; case PUBKEY_ALGO_RSA_E: return 'r' ; case PUBKEY_ALGO_RSA_S: return 's' ; case PUBKEY_ALGO_ELGAMAL_E: return 'g' ; case PUBKEY_ALGO_ELGAMAL: return 'G' ; case PUBKEY_ALGO_DSA: return 'D' ; case PUBKEY_ALGO_ECDH: return 'e' ; /* ECC DH (encrypt only) */ case PUBKEY_ALGO_ECDSA: return 'E' ; /* ECC DSA (sign only) */ case PUBKEY_ALGO_EDDSA: return 'E' ; /* ECC EdDSA (sign only) */ default: return '?'; } } /* Return a string describing the public key algorithm and the keysize. For elliptic curves the functions prints the name of the curve because the keysize is a property of the curve. The string is copied to the supplied buffer up a length of BUFSIZE-1. Examples for the output are: "rsa3072" - RSA with 3072 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". "E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID. "unknown_N" - Unknown OpenPGP algorithm N. If the option --legacy-list-mode is active, the output use the legacy format: "3072R" - RSA with 3072 bit "1024g" - Elgamal with 1024 bit "256E" - ECDSA using a curve with 256 bit The macro PUBKEY_STRING_SIZE may be used to allocate a buffer with a suitable size.*/ char * pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize) { const char *prefix = NULL; if (opt.legacy_list_mode) { snprintf (buffer, bufsize, "%4u%c", nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo)); return buffer; } switch (pk->pubkey_algo) { case PUBKEY_ALGO_RSA: case PUBKEY_ALGO_RSA_E: case PUBKEY_ALGO_RSA_S: prefix = "rsa"; break; case PUBKEY_ALGO_ELGAMAL_E: prefix = "elg"; break; case PUBKEY_ALGO_DSA: prefix = "dsa"; break; case PUBKEY_ALGO_ELGAMAL: prefix = "xxx"; break; case PUBKEY_ALGO_ECDH: case PUBKEY_ALGO_ECDSA: case PUBKEY_ALGO_EDDSA: prefix = ""; break; } if (prefix && *prefix) snprintf (buffer, bufsize, "%s%u", prefix, nbits_from_pk (pk)); else if (prefix) { char *curve = openpgp_oid_to_str (pk->pkey[0]); const char *name = openpgp_oid_to_curve (curve, 0); if (name) snprintf (buffer, bufsize, "%s", name); else if (curve) snprintf (buffer, bufsize, "E_%s", curve); else snprintf (buffer, bufsize, "E_error"); xfree (curve); } else snprintf (buffer, bufsize, "unknown_%u", (unsigned int)pk->pubkey_algo); return buffer; } /* Hash a public key. This function is useful for v4 fingerprints and for v3 or v4 key signing. */ void hash_public_key (gcry_md_hd_t md, PKT_public_key *pk) { unsigned int n = 6; unsigned int nn[PUBKEY_MAX_NPKEY]; byte *pp[PUBKEY_MAX_NPKEY]; int i; unsigned int nbits; size_t nbytes; int npkey = pubkey_get_npkey (pk->pubkey_algo); /* FIXME: We can avoid the extra malloc by calling only the first mpi_print here which computes the required length and calling the real mpi_print only at the end. The speed advantage would only be for ECC (opaque MPIs) or if we could implement an mpi_print variant with a callback handler to do the hashing. */ if (npkey==0 && pk->pkey[0] && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE)) { pp[0] = gcry_mpi_get_opaque (pk->pkey[0], &nbits); nn[0] = (nbits+7)/8; n+=nn[0]; } else { for (i=0; i < npkey; i++ ) { if (!pk->pkey[i]) { /* This case may only happen if the parsing of the MPI failed but the key was anyway created. May happen during "gpg KEYFILE". */ pp[i] = NULL; nn[i] = 0; } else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)) { const void *p; p = gcry_mpi_get_opaque (pk->pkey[i], &nbits); pp[i] = xmalloc ((nbits+7)/8); if (p) memcpy (pp[i], p, (nbits+7)/8); else pp[i] = NULL; nn[i] = (nbits+7)/8; n += nn[i]; } else { if (gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &nbytes, pk->pkey[i])) BUG (); pp[i] = xmalloc (nbytes); if (gcry_mpi_print (GCRYMPI_FMT_PGP, pp[i], nbytes, &nbytes, pk->pkey[i])) BUG (); nn[i] = nbytes; n += nn[i]; } } } gcry_md_putc ( md, 0x99 ); /* ctb */ /* What does it mean if n is greater than 0xFFFF ? */ gcry_md_putc ( md, n >> 8 ); /* 2 byte length header */ gcry_md_putc ( md, n ); gcry_md_putc ( md, pk->version ); gcry_md_putc ( md, pk->timestamp >> 24 ); gcry_md_putc ( md, pk->timestamp >> 16 ); gcry_md_putc ( md, pk->timestamp >> 8 ); gcry_md_putc ( md, pk->timestamp ); gcry_md_putc ( md, pk->pubkey_algo ); if(npkey==0 && pk->pkey[0] && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE)) { if (pp[0]) gcry_md_write (md, pp[0], nn[0]); } else { for(i=0; i < npkey; i++ ) { if (pp[i]) gcry_md_write ( md, pp[i], nn[i] ); xfree(pp[i]); } } } static gcry_md_hd_t do_fingerprint_md( PKT_public_key *pk ) { gcry_md_hd_t md; if (gcry_md_open (&md, DIGEST_ALGO_SHA1, 0)) BUG (); hash_public_key(md,pk); gcry_md_final( md ); return md; } /* fixme: Check whether we can replace this function or if not describe why we need it. */ u32 v3_keyid (gcry_mpi_t a, u32 *ki) { byte *buffer, *p; size_t nbytes; if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &nbytes, a )) BUG (); /* fixme: allocate it on the stack */ buffer = xmalloc (nbytes); if (gcry_mpi_print( GCRYMPI_FMT_USG, buffer, nbytes, NULL, a )) BUG (); if (nbytes < 8) /* oops */ ki[0] = ki[1] = 0; else { p = buffer + nbytes - 8; ki[0] = buf32_to_u32 (p); p += 4; ki[1] = buf32_to_u32 (p); } xfree (buffer); return ki[1]; } /* Return PK's keyid. The memory is owned by PK. */ u32 * pk_keyid (PKT_public_key *pk) { keyid_from_pk (pk, NULL); /* Uncomment this for help tracking down bugs related to keyid or main_keyid not being set correctly. */ #if 0 if (! (pk->main_keyid[0] || pk->main_keyid[1])) log_bug ("pk->main_keyid not set!\n"); if (keyid_cmp (pk->keyid, pk->main_keyid) == 0 && ! pk->flags.primary) log_bug ("keyid and main_keyid are the same, but primary flag not set!\n"); if (keyid_cmp (pk->keyid, pk->main_keyid) != 0 && pk->flags.primary) log_bug ("keyid and main_keyid are different, but primary flag set!\n"); #endif return pk->keyid; } /* Return the keyid of the primary key associated with PK. The memory is owned by PK. */ u32 * pk_main_keyid (PKT_public_key *pk) { /* Uncomment this for help tracking down bugs related to keyid or main_keyid not being set correctly. */ #if 0 if (! (pk->main_keyid[0] || pk->main_keyid[1])) log_bug ("pk->main_keyid not set!\n"); #endif return pk->main_keyid; } /* Copy the keyid in SRC to DEST and return DEST. */ u32 * keyid_copy (u32 *dest, const u32 *src) { dest[0] = src[0]; dest[1] = src[1]; return dest; } char * format_keyid (u32 *keyid, int format, char *buffer, int len) { char tmp[KEYID_STR_SIZE]; if (! buffer) { buffer = tmp; len = sizeof (tmp); } if (format == KF_DEFAULT) format = opt.keyid_format; if (format == KF_DEFAULT) format = KF_NONE; switch (format) { case KF_NONE: if (len) *buffer = 0; break; case KF_SHORT: snprintf (buffer, len, "%08lX", (ulong)keyid[1]); break; case KF_LONG: snprintf (buffer, len, "%08lX%08lX", (ulong)keyid[0], (ulong)keyid[1]); break; case KF_0xSHORT: snprintf (buffer, len, "0x%08lX", (ulong)keyid[1]); break; case KF_0xLONG: snprintf (buffer, len, "0x%08lX%08lX", (ulong)keyid[0],(ulong)keyid[1]); break; default: BUG(); } if (buffer == tmp) return xstrdup (buffer); return buffer; } size_t keystrlen(void) { int format = opt.keyid_format; if (format == KF_DEFAULT) format = KF_NONE; switch(format) { case KF_NONE: return 0; case KF_SHORT: return 8; case KF_LONG: return 16; case KF_0xSHORT: return 10; case KF_0xLONG: return 18; default: BUG(); } } const char * keystr (u32 *keyid) { static char keyid_str[KEYID_STR_SIZE]; int format = opt.keyid_format; if (format == KF_DEFAULT) format = KF_NONE; if (format == KF_NONE) format = KF_LONG; return format_keyid (keyid, format, keyid_str, sizeof (keyid_str)); } /* This function returns the key id of the main and possible the * subkey as one string. It is used by error messages. */ const char * keystr_with_sub (u32 *main_kid, u32 *sub_kid) { static char buffer[KEYID_STR_SIZE+1+KEYID_STR_SIZE]; char *p; int format = opt.keyid_format; if (format == KF_NONE) format = KF_LONG; format_keyid (main_kid, format, buffer, KEYID_STR_SIZE); if (sub_kid) { p = buffer + strlen (buffer); *p++ = '/'; format_keyid (sub_kid, format, p, KEYID_STR_SIZE); } return buffer; } const char * keystr_from_pk(PKT_public_key *pk) { keyid_from_pk(pk,NULL); return keystr(pk->keyid); } const char * keystr_from_pk_with_sub (PKT_public_key *main_pk, PKT_public_key *sub_pk) { keyid_from_pk (main_pk, NULL); if (sub_pk) keyid_from_pk (sub_pk, NULL); return keystr_with_sub (main_pk->keyid, sub_pk? sub_pk->keyid:NULL); } /* Return PK's key id as a string using the default format. PK owns the storage. */ const char * pk_keyid_str (PKT_public_key *pk) { return keystr (pk_keyid (pk)); } const char * keystr_from_desc(KEYDB_SEARCH_DESC *desc) { switch(desc->mode) { case KEYDB_SEARCH_MODE_LONG_KID: case KEYDB_SEARCH_MODE_SHORT_KID: return keystr(desc->u.kid); case KEYDB_SEARCH_MODE_FPR20: { u32 keyid[2]; keyid[0] = buf32_to_u32 (desc->u.fpr+12); keyid[1] = buf32_to_u32 (desc->u.fpr+16); return keystr(keyid); } case KEYDB_SEARCH_MODE_FPR16: return "?v3 fpr?"; default: BUG(); } } /* * Get the keyid from the public key and put it into keyid * if this is not NULL. Return the 32 low bits of the keyid. */ u32 keyid_from_pk (PKT_public_key *pk, u32 *keyid) { u32 lowbits; u32 dummy_keyid[2]; if (!keyid) keyid = dummy_keyid; if( pk->keyid[0] || pk->keyid[1] ) { keyid[0] = pk->keyid[0]; keyid[1] = pk->keyid[1]; lowbits = keyid[1]; } else { const byte *dp; gcry_md_hd_t md; md = do_fingerprint_md(pk); if(md) { dp = gcry_md_read ( md, 0 ); keyid[0] = buf32_to_u32 (dp+12); keyid[1] = buf32_to_u32 (dp+16); lowbits = keyid[1]; gcry_md_close (md); pk->keyid[0] = keyid[0]; pk->keyid[1] = keyid[1]; } else pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF; } return lowbits; } /* * Get the keyid from the fingerprint. This function is simple for most * keys, but has to do a keylookup for old stayle keys. */ u32 keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint, size_t fprint_len, u32 *keyid) { u32 dummy_keyid[2]; if( !keyid ) keyid = dummy_keyid; if (fprint_len != 20) { /* This is special as we have to lookup the key first. */ PKT_public_key pk; int rc; memset (&pk, 0, sizeof pk); rc = get_pubkey_byfprint (ctrl, &pk, NULL, fprint, fprint_len); if( rc ) { log_error("Oops: keyid_from_fingerprint: no pubkey\n"); keyid[0] = 0; keyid[1] = 0; } else keyid_from_pk (&pk, keyid); } else { const byte *dp = fprint; keyid[0] = buf32_to_u32 (dp+12); keyid[1] = buf32_to_u32 (dp+16); } return keyid[1]; } u32 keyid_from_sig (PKT_signature *sig, u32 *keyid) { if( keyid ) { keyid[0] = sig->keyid[0]; keyid[1] = sig->keyid[1]; } return sig->keyid[1]; } byte * namehash_from_uid (PKT_user_id *uid) { if (!uid->namehash) { uid->namehash = xmalloc (20); if (uid->attrib_data) rmd160_hash_buffer (uid->namehash, uid->attrib_data, uid->attrib_len); else rmd160_hash_buffer (uid->namehash, uid->name, uid->len); } return uid->namehash; } /* * Return the number of bits used in PK. */ unsigned int nbits_from_pk (PKT_public_key *pk) { return pubkey_nbits (pk->pubkey_algo, pk->pkey); } /* Convert an UTC TIMESTAMP into an UTC yyyy-mm-dd string. Return * that string. The caller should pass a buffer with at least a size * of MK_DATESTR_SIZE. */ char * mk_datestr (char *buffer, size_t bufsize, u32 timestamp) { time_t atime = timestamp; struct tm *tp; if (IS_INVALID_TIME_T (atime)) strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid. */ else { tp = gmtime (&atime); snprintf (buffer, bufsize, "%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); } return buffer; } /* * return a string with the creation date of the pk * Note: this is alloced in a static buffer. * Format is: yyyy-mm-dd */ const char * datestr_from_pk (PKT_public_key *pk) { static char buffer[MK_DATESTR_SIZE]; return mk_datestr (buffer, sizeof buffer, pk->timestamp); } const char * datestr_from_sig (PKT_signature *sig ) { static char buffer[MK_DATESTR_SIZE]; return mk_datestr (buffer, sizeof buffer, sig->timestamp); } const char * expirestr_from_pk (PKT_public_key *pk) { static char buffer[MK_DATESTR_SIZE]; if (!pk->expiredate) return _("never "); return mk_datestr (buffer, sizeof buffer, pk->expiredate); } const char * expirestr_from_sig (PKT_signature *sig) { static char buffer[MK_DATESTR_SIZE]; if (!sig->expiredate) return _("never "); return mk_datestr (buffer, sizeof buffer, sig->expiredate); } const char * revokestr_from_pk( PKT_public_key *pk ) { static char buffer[MK_DATESTR_SIZE]; if(!pk->revoked.date) return _("never "); return mk_datestr (buffer, sizeof buffer, pk->revoked.date); } const char * usagestr_from_pk (PKT_public_key *pk, int fill) { static char buffer[10]; int i = 0; unsigned int use = pk->pubkey_usage; if ( use & PUBKEY_USAGE_SIG ) buffer[i++] = 'S'; if ( use & PUBKEY_USAGE_CERT ) buffer[i++] = 'C'; if ( use & PUBKEY_USAGE_ENC ) buffer[i++] = 'E'; if ( (use & PUBKEY_USAGE_AUTH) ) buffer[i++] = 'A'; while (fill && i < 4) buffer[i++] = ' '; buffer[i] = 0; return buffer; } const char * colon_strtime (u32 t) { static char buf[20]; if (!t) return ""; snprintf (buf, sizeof buf, "%lu", (ulong)t); return buf; } const char * colon_datestr_from_pk (PKT_public_key *pk) { static char buf[20]; snprintf (buf, sizeof buf, "%lu", (ulong)pk->timestamp); return buf; } const char * colon_datestr_from_sig (PKT_signature *sig) { static char buf[20]; snprintf (buf, sizeof buf, "%lu", (ulong)sig->timestamp); return buf; } const char * colon_expirestr_from_sig (PKT_signature *sig) { static char buf[20]; if (!sig->expiredate) return ""; snprintf (buf, sizeof buf,"%lu", (ulong)sig->expiredate); return buf; } /* * Return a byte array with the fingerprint for the given PK/SK * The length of the array is returned in ret_len. Caller must free * the array or provide an array of length MAX_FINGERPRINT_LEN. */ byte * fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len) { const byte *dp; size_t len; gcry_md_hd_t md; md = do_fingerprint_md(pk); dp = gcry_md_read( md, 0 ); len = gcry_md_get_algo_dlen (gcry_md_get_algo (md)); log_assert( len <= MAX_FINGERPRINT_LEN ); if (!array) array = xmalloc ( len ); memcpy (array, dp, len ); pk->keyid[0] = buf32_to_u32 (dp+12); pk->keyid[1] = buf32_to_u32 (dp+16); gcry_md_close( md); if (ret_len) *ret_len = len; return array; } /* Return an allocated buffer with the fingerprint of PK formatted as a plain hexstring. If BUFFER is NULL the result is a malloc'd string. If BUFFER is not NULL the result will be copied into this buffer. In the latter case BUFLEN describes the length of the buffer; if this is too short the function terminates the process. Returns a malloc'ed string or BUFFER. A suitable length for BUFFER is (2*MAX_FINGERPRINT_LEN + 1). */ char * hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen) { unsigned char fpr[MAX_FINGERPRINT_LEN]; size_t len; fingerprint_from_pk (pk, fpr, &len); if (!buffer) buffer = xmalloc (2 * len + 1); else if (buflen < 2*len+1) log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen); bin2hex (fpr, len, buffer); return buffer; } /* Pretty print a hex fingerprint. If BUFFER is NULL the result is a malloc'd string. If BUFFER is not NULL the result will be copied into this buffer. In the latter case BUFLEN describes the length of the buffer; if this is too short the function terminates the process. Returns a malloc'ed string or BUFFER. A suitable length for BUFFER is (MAX_FORMATTED_FINGERPRINT_LEN + 1). */ char * format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen) { int hexlen = strlen (fingerprint); int space; int i, j; if (hexlen == 40) /* v4 fingerprint */ { space = (/* The characters and the NUL. */ 40 + 1 /* After every fourth character, we add a space (except the last). */ + 40 / 4 - 1 /* Half way through we add a second space. */ + 1); } + else if (hexlen == 64 || hexlen == 50) /* v5 fingerprint */ + { + /* The v5 fingerprint is commonly printed truncated to 25 + * octets. We accept the truncated as well as the full hex + * version here and format it like this: + * B2CCB6 838332 5D61BA C50F9F 5E CD21A8 0AC8C5 2565C8 C52565 + */ + hexlen = 50; + space = 8 * 6 + 2 + 8 + 1; + } else /* Other fingerprint versions - print as is. */ { + /* We truncated here so that we do not need to provide a buffer + * of a length which is in reality never used. */ + if (hexlen > MAX_FORMATTED_FINGERPRINT_LEN - 1) + hexlen = MAX_FORMATTED_FINGERPRINT_LEN - 1; space = hexlen + 1; } if (!buffer) buffer = xmalloc (space); else if (buflen < space) log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen); if (hexlen == 40) /* v4 fingerprint */ { for (i = 0, j = 0; i < 40; i ++) { - if (i && i % 4 == 0) + if (i && !(i % 4)) buffer[j ++] = ' '; if (i == 40 / 2) buffer[j ++] = ' '; buffer[j ++] = fingerprint[i]; } buffer[j ++] = 0; log_assert (j == space); } + else if (hexlen == 50) /* v5 fingerprint */ + { + for (i=j=0; i < 24; i++) + { + if (i && !(i % 6)) + buffer[j++] = ' '; + buffer[j++] = fingerprint[i]; + } + buffer[j++] = ' '; + buffer[j++] = fingerprint[i++]; + buffer[j++] = fingerprint[i++]; + for (; i < 50; i++) + { + if (!((i-26) % 6)) + buffer[j++] = ' '; + buffer[j++] = fingerprint[i]; + } + buffer[j++] = 0; + log_assert (j == space); + } else { - strcpy (buffer, fingerprint); + mem2str (buffer, fingerprint, space); } return buffer; } /* Return the so called KEYGRIP which is the SHA-1 hash of the public key parameters expressed as an canoncial encoded S-Exp. ARRAY must be 20 bytes long. Returns 0 on success or an error code. */ gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array) { gpg_error_t err; gcry_sexp_t s_pkey; if (DBG_PACKET) log_debug ("get_keygrip for public key\n"); switch (pk->pubkey_algo) { case GCRY_PK_DSA: err = gcry_sexp_build (&s_pkey, NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", pk->pkey[0], pk->pkey[1], pk->pkey[2], pk->pkey[3]); break; case GCRY_PK_ELG: case GCRY_PK_ELG_E: err = gcry_sexp_build (&s_pkey, NULL, "(public-key(elg(p%m)(g%m)(y%m)))", pk->pkey[0], pk->pkey[1], pk->pkey[2]); break; case GCRY_PK_RSA: case GCRY_PK_RSA_S: case GCRY_PK_RSA_E: err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%m)(e%m)))", pk->pkey[0], pk->pkey[1]); break; case PUBKEY_ALGO_EDDSA: case PUBKEY_ALGO_ECDSA: case PUBKEY_ALGO_ECDH: { char *curve = openpgp_oid_to_str (pk->pkey[0]); if (!curve) err = gpg_error_from_syserror (); else { err = gcry_sexp_build (&s_pkey, NULL, pk->pubkey_algo == PUBKEY_ALGO_EDDSA? "(public-key(ecc(curve%s)(flags eddsa)(q%m)))": (pk->pubkey_algo == PUBKEY_ALGO_ECDH && openpgp_oid_is_cv25519 (pk->pkey[0]))? "(public-key(ecc(curve%s)(flags djb-tweak)(q%m)))": "(public-key(ecc(curve%s)(q%m)))", curve, pk->pkey[1]); xfree (curve); } } break; default: err = gpg_error (GPG_ERR_PUBKEY_ALGO); break; } if (err) return err; if (!gcry_pk_get_keygrip (s_pkey, array)) { log_info ("error computing keygrip\n"); memset (array, 0, 20); err = gpg_error (GPG_ERR_GENERAL); } else { if (DBG_PACKET) log_printhex ("keygrip=", array, 20); /* FIXME: Save the keygrip in PK. */ } gcry_sexp_release (s_pkey); return err; } /* Store an allocated buffer with the keygrip of PK encoded as a hexstring at r_GRIP. Returns 0 on success. */ gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip) { gpg_error_t err; unsigned char grip[KEYGRIP_LEN]; *r_grip = NULL; err = keygrip_from_pk (pk, grip); if (!err) { char * buf = xtrymalloc (KEYGRIP_LEN * 2 + 1); if (!buf) err = gpg_error_from_syserror (); else { bin2hex (grip, KEYGRIP_LEN, buf); *r_grip = buf; } } return err; } diff --git a/g10/keylist.c b/g10/keylist.c index 86d1c564f..dccae91c9 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1,2011 +1,2014 @@ /* keylist.c - Print information about OpenPGP keys * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, * 2008, 2010, 2012 Free Software Foundation, Inc. * Copyright (C) 2013, 2014 Werner Koch * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #ifdef HAVE_DOSISH_SYSTEM # include /* for setmode() */ #endif #include "gpg.h" #include "options.h" #include "packet.h" #include "../common/status.h" #include "keydb.h" #include "photoid.h" #include "../common/util.h" #include "../common/ttyio.h" #include "trustdb.h" #include "main.h" #include "../common/i18n.h" #include "../common/status.h" #include "call-agent.h" #include "../common/mbox-util.h" #include "../common/zb32.h" #include "tofu.h" #include "../common/compliance.h" static void list_all (ctrl_t, int, int); static void list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret); static void locate_one (ctrl_t ctrl, strlist_t names); static void print_card_serialno (const char *serialno); struct keylist_context { int check_sigs; /* If set signatures shall be verified. */ int good_sigs; /* Counter used if CHECK_SIGS is set. */ int inv_sigs; /* Counter used if CHECK_SIGS is set. */ int no_key; /* Counter used if CHECK_SIGS is set. */ int oth_err; /* Counter used if CHECK_SIGS is set. */ int no_validity; /* Do not show validity. */ }; static void list_keyblock (ctrl_t ctrl, kbnode_t keyblock, int secret, int has_secret, int fpr, struct keylist_context *listctx); /* The stream used to write attribute packets to. */ static estream_t attrib_fp; /* Release resources from a keylist context. */ static void keylist_context_release (struct keylist_context *listctx) { (void)listctx; /* Nothing to release. */ } /* List the keys. If list is NULL, all available keys are listed. With LOCATE_MODE set the locate algorithm is used to find a key. */ void public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode) { #ifndef NO_TRUST_MODELS if (opt.with_colons) { byte trust_model, marginals, completes, cert_depth, min_cert_level; ulong created, nextcheck; read_trust_options (ctrl, &trust_model, &created, &nextcheck, &marginals, &completes, &cert_depth, &min_cert_level); es_fprintf (es_stdout, "tru:"); if (nextcheck && nextcheck <= make_timestamp ()) es_fprintf (es_stdout, "o"); if (trust_model != opt.trust_model) es_fprintf (es_stdout, "t"); if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC || opt.trust_model == TM_TOFU_PGP) { if (marginals != opt.marginals_needed) es_fprintf (es_stdout, "m"); if (completes != opt.completes_needed) es_fprintf (es_stdout, "c"); if (cert_depth != opt.max_cert_depth) es_fprintf (es_stdout, "d"); if (min_cert_level != opt.min_cert_level) es_fprintf (es_stdout, "l"); } es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck); /* Only show marginals, completes, and cert_depth in the classic or PGP trust models since they are not meaningful otherwise. */ if (trust_model == TM_PGP || trust_model == TM_CLASSIC) es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth); es_fprintf (es_stdout, "\n"); } #endif /*!NO_TRUST_MODELS*/ /* We need to do the stale check right here because it might need to update the keyring while we already have the keyring open. This is very bad for W32 because of a sharing violation. For real OSes it might lead to false results if we are later listing a keyring which is associated with the inode of a deleted file. */ check_trustdb_stale (ctrl); #ifdef USE_TOFU tofu_begin_batch_update (ctrl); #endif if (locate_mode) locate_one (ctrl, list); else if (!list) list_all (ctrl, 0, opt.with_secret); else list_one (ctrl, list, 0, opt.with_secret); #ifdef USE_TOFU tofu_end_batch_update (ctrl); #endif } void secret_key_list (ctrl_t ctrl, strlist_t list) { (void)ctrl; check_trustdb_stale (ctrl); if (!list) list_all (ctrl, 1, 0); else /* List by user id */ list_one (ctrl, list, 1, 0); } char * format_seckey_info (ctrl_t ctrl, PKT_public_key *pk) { u32 keyid[2]; char *p; char pkstrbuf[PUBKEY_STRING_SIZE]; char *info; keyid_from_pk (pk, keyid); p = get_user_id_native (ctrl, keyid); info = xtryasprintf ("sec %s/%s %s %s", pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), keystr (keyid), datestr_from_pk (pk), p); xfree (p); return info; } void print_seckey_info (ctrl_t ctrl, PKT_public_key *pk) { char *p = format_seckey_info (ctrl, pk); tty_printf ("\n%s\n", p); xfree (p); } /* Print information about the public key. With FP passed as NULL, the tty output interface is used, otherwise output is directed to the given stream. */ void print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk) { u32 keyid[2]; char *p; char pkstrbuf[PUBKEY_STRING_SIZE]; keyid_from_pk (pk, keyid); /* If the pk was chosen by a particular user ID, that is the one to print. */ if (pk->user_id) p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0); else p = get_user_id_native (ctrl, keyid); if (fp) tty_printf ("\n"); tty_fprintf (fp, "%s %s/%s %s %s\n", pk->flags.primary? "pub":"sub", pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), keystr (keyid), datestr_from_pk (pk), p); xfree (p); } /* Print basic information of a secret key including the card serial number information. */ #ifdef ENABLE_CARD_SUPPORT void print_card_key_info (estream_t fp, kbnode_t keyblock) { kbnode_t node; char *hexgrip; char *serialno; int s2k_char; char pkstrbuf[PUBKEY_STRING_SIZE]; int indent; for (node = keyblock; node; node = node->next) { if (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { int rc; PKT_public_key *pk = node->pkt->pkt.public_key; serialno = NULL; rc = hexkeygrip_from_pk (pk, &hexgrip); if (rc) { log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); s2k_char = '?'; } else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) s2k_char = serialno? '>':' '; else s2k_char = '#'; /* Key not found. */ tty_fprintf (fp, "%s%c %s/%s %n", node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb", s2k_char, pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), keystr_from_pk (pk), &indent); tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk)); tty_fprintf (fp, " "); tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); if (serialno) { tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: ")); if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12)) { /* This is an OpenPGP card. Print the relevant part. */ /* Example: D2760001240101010001000003470000 */ /* xxxxyyyyyyyy */ tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20); } else tty_fprintf (fp, "%s", serialno); } tty_fprintf (fp, "\n"); xfree (hexgrip); xfree (serialno); } } } #endif /*ENABLE_CARD_SUPPORT*/ /* Flags = 0x01 hashed 0x02 critical. */ static void status_one_subpacket (sigsubpkttype_t type, size_t len, int flags, const byte * buf) { char status[40]; /* Don't print these. */ if (len > 256) return; snprintf (status, sizeof status, "%d %u %u ", type, flags, (unsigned int) len); write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0); } /* Print a policy URL. Allowed values for MODE are: * -1 - print to the TTY * 0 - print to stdout. * 1 - use log_info and emit status messages. * 2 - emit only status messages. */ void show_policy_url (PKT_signature * sig, int indent, int mode) { const byte *p; size_t len; int seq = 0, crit; estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; while ((p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit))) { if (mode != 2) { const char *str; tty_fprintf (fp, "%*s", indent, ""); if (crit) str = _("Critical signature policy: "); else str = _("Signature policy: "); if (mode > 0) log_info ("%s", str); else tty_fprintf (fp, "%s", str); tty_print_utf8_string2 (fp, p, len, 0); tty_fprintf (fp, "\n"); } if (mode > 0) write_status_buffer (STATUS_POLICY_URL, p, len, 0); } } /* Print a keyserver URL. Allowed values for MODE are: * -1 - print to the TTY * 0 - print to stdout. * 1 - use log_info and emit status messages. * 2 - emit only status messages. */ void show_keyserver_url (PKT_signature * sig, int indent, int mode) { const byte *p; size_t len; int seq = 0, crit; estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; while ((p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq, &crit))) { if (mode != 2) { const char *str; tty_fprintf (fp, "%*s", indent, ""); if (crit) str = _("Critical preferred keyserver: "); else str = _("Preferred keyserver: "); if (mode > 0) log_info ("%s", str); else tty_fprintf (fp, "%s", str); tty_print_utf8_string2 (fp, p, len, 0); tty_fprintf (fp, "\n"); } if (mode > 0) status_one_subpacket (SIGSUBPKT_PREF_KS, len, (crit ? 0x02 : 0) | 0x01, p); } } /* Print notation data. Allowed values for MODE are: * -1 - print to the TTY * 0 - print to stdout. * 1 - use log_info and emit status messages. * 2 - emit only status messages. * * Defined bits in WHICH: * 1 - standard notations * 2 - user notations */ void show_notation (PKT_signature * sig, int indent, int mode, int which) { estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; notation_t nd, notations; if (which == 0) which = 3; notations = sig_to_notation (sig); /* There may be multiple notations in the same sig. */ for (nd = notations; nd; nd = nd->next) { if (mode != 2) { int has_at = !!strchr (nd->name, '@'); if ((which & 1 && !has_at) || (which & 2 && has_at)) { const char *str; tty_fprintf (fp, "%*s", indent, ""); if (nd->flags.critical) str = _("Critical signature notation: "); else str = _("Signature notation: "); if (mode > 0) log_info ("%s", str); else tty_fprintf (fp, "%s", str); /* This is all UTF8 */ tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0); tty_fprintf (fp, "="); tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0); /* (We need to use log_printf so that the next call to a log function does not insert an extra LF.) */ if (mode > 0) log_printf ("\n"); else tty_fprintf (fp, "\n"); } } if (mode > 0) { write_status_buffer (STATUS_NOTATION_NAME, nd->name, strlen (nd->name), 0); if (nd->flags.critical || nd->flags.human) write_status_text (STATUS_NOTATION_FLAGS, nd->flags.critical && nd->flags.human? "1 1" : nd->flags.critical? "1 0" : "0 1"); write_status_buffer (STATUS_NOTATION_DATA, nd->value, strlen (nd->value), 50); } } free_notation (notations); } static void print_signature_stats (struct keylist_context *s) { if (!s->check_sigs) return; /* Signature checking was not requested. */ /* Better flush stdout so that the stats are always printed after * the output. */ es_fflush (es_stdout); if (s->good_sigs) log_info (ngettext("%d good signature\n", "%d good signatures\n", s->good_sigs), s->good_sigs); if (s->inv_sigs) log_info (ngettext("%d bad signature\n", "%d bad signatures\n", s->inv_sigs), s->inv_sigs); if (s->no_key) log_info (ngettext("%d signature not checked due to a missing key\n", "%d signatures not checked due to missing keys\n", s->no_key), s->no_key); if (s->oth_err) log_info (ngettext("%d signature not checked due to an error\n", "%d signatures not checked due to errors\n", s->oth_err), s->oth_err); } /* List all keys. If SECRET is true only secret keys are listed. If MARK_SECRET is true secret keys are indicated in a public key listing. */ static void list_all (ctrl_t ctrl, int secret, int mark_secret) { KEYDB_HANDLE hd; KBNODE keyblock = NULL; int rc = 0; int any_secret; const char *lastresname, *resname; struct keylist_context listctx; memset (&listctx, 0, sizeof (listctx)); if (opt.check_sigs) listctx.check_sigs = 1; hd = keydb_new (); if (!hd) rc = gpg_error_from_syserror (); else rc = keydb_search_first (hd); if (rc) { if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc)); goto leave; } lastresname = NULL; do { rc = keydb_get_keyblock (hd, &keyblock); if (rc) { if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) continue; /* Skip legacy keys. */ log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc)); goto leave; } if (secret || mark_secret) any_secret = !agent_probe_any_secret_key (NULL, keyblock); else any_secret = 0; if (secret && !any_secret) ; /* Secret key listing requested but this isn't one. */ else { if (!opt.with_colons) { resname = keydb_get_resource_name (hd); if (lastresname != resname) { int i; es_fprintf (es_stdout, "%s\n", resname); for (i = strlen (resname); i; i--) es_putc ('-', es_stdout); es_putc ('\n', es_stdout); lastresname = resname; } } merge_keys_and_selfsig (ctrl, keyblock); list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint, &listctx); } release_kbnode (keyblock); keyblock = NULL; } while (!(rc = keydb_search_next (hd))); es_fflush (es_stdout); if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc)); if (keydb_get_skipped_counter (hd)) log_info (ngettext("Warning: %lu key skipped due to its large size\n", "Warning: %lu keys skipped due to their large sizes\n", keydb_get_skipped_counter (hd)), keydb_get_skipped_counter (hd)); if (opt.check_sigs && !opt.with_colons) print_signature_stats (&listctx); leave: keylist_context_release (&listctx); release_kbnode (keyblock); keydb_release (hd); } static void list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret) { int rc = 0; KBNODE keyblock = NULL; GETKEY_CTX ctx; const char *resname; const char *keyring_str = _("Keyring"); int i; struct keylist_context listctx; memset (&listctx, 0, sizeof (listctx)); if (!secret && opt.check_sigs) listctx.check_sigs = 1; /* fixme: using the bynames function has the disadvantage that we * don't know whether one of the names given was not found. OTOH, * this function has the advantage to list the names in the * sequence as defined by the keyDB and does not duplicate * outputs. A solution could be do test whether all given have * been listed (this needs a way to use the keyDB search * functions) or to have the search function return indicators for * found names. Yet another way is to use the keydb search * facilities directly. */ rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock); if (rc) { log_error ("error reading key: %s\n", gpg_strerror (rc)); getkey_end (ctrl, ctx); return; } do { if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons) { resname = keydb_get_resource_name (get_ctx_handle (ctx)); es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname); for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--) es_putc ('-', es_stdout); es_putc ('\n', es_stdout); } list_keyblock (ctrl, keyblock, secret, mark_secret, opt.fingerprint, &listctx); release_kbnode (keyblock); } while (!getkey_next (ctrl, ctx, NULL, &keyblock)); getkey_end (ctrl, ctx); if (opt.check_sigs && !opt.with_colons) print_signature_stats (&listctx); keylist_context_release (&listctx); } static void locate_one (ctrl_t ctrl, strlist_t names) { int rc = 0; strlist_t sl; GETKEY_CTX ctx = NULL; KBNODE keyblock = NULL; struct keylist_context listctx; memset (&listctx, 0, sizeof (listctx)); if (opt.check_sigs) listctx.check_sigs = 1; for (sl = names; sl; sl = sl->next) { rc = get_best_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, 1, 0); if (rc) { if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY) log_error ("error reading key: %s\n", gpg_strerror (rc)); else if (opt.verbose) log_info (_("key \"%s\" not found: %s\n"), sl->d, gpg_strerror (rc)); } else { do { list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx); release_kbnode (keyblock); } while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock)); getkey_end (ctrl, ctx); ctx = NULL; } } if (opt.check_sigs && !opt.with_colons) print_signature_stats (&listctx); keylist_context_release (&listctx); } static void print_key_data (PKT_public_key * pk) { int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0; int i; for (i = 0; i < n; i++) { es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i])); mpi_print (es_stdout, pk->pkey[i], 1); es_putc (':', es_stdout); es_putc ('\n', es_stdout); } } static void print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock) { unsigned int use = pk->pubkey_usage; int c_printed = 0; if (use & PUBKEY_USAGE_ENC) es_putc ('e', es_stdout); if (use & PUBKEY_USAGE_SIG) { es_putc ('s', es_stdout); if (pk->flags.primary) { es_putc ('c', es_stdout); /* The PUBKEY_USAGE_CERT flag was introduced later and we used to always print 'c' for a primary key. To avoid any regression here we better track whether we printed 'c' already. */ c_printed = 1; } } if ((use & PUBKEY_USAGE_CERT) && !c_printed) es_putc ('c', es_stdout); if ((use & PUBKEY_USAGE_AUTH)) es_putc ('a', es_stdout); if ((use & PUBKEY_USAGE_UNKNOWN)) es_putc ('?', es_stdout); if (keyblock) { /* Figure out the usable capabilities. */ KBNODE k; int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0; for (k = keyblock; k; k = k->next) { if (k->pkt->pkttype == PKT_PUBLIC_KEY || k->pkt->pkttype == PKT_PUBLIC_SUBKEY) { pk = k->pkt->pkt.public_key; if (pk->flags.primary) disabled = pk_is_disabled (pk); if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired) { if (pk->pubkey_usage & PUBKEY_USAGE_ENC) enc = 1; if (pk->pubkey_usage & PUBKEY_USAGE_SIG) { sign = 1; if (pk->flags.primary) cert = 1; } if (pk->pubkey_usage & PUBKEY_USAGE_CERT) cert = 1; if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH)) auth = 1; } } } if (enc) es_putc ('E', es_stdout); if (sign) es_putc ('S', es_stdout); if (cert) es_putc ('C', es_stdout); if (auth) es_putc ('A', es_stdout); if (disabled) es_putc ('D', es_stdout); } es_putc (':', es_stdout); } /* FLAGS: 0x01 hashed 0x02 critical */ static void print_one_subpacket (sigsubpkttype_t type, size_t len, int flags, const byte * buf) { size_t i; es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len); for (i = 0; i < len; i++) { /* printable ascii other than : and % */ if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%') es_fprintf (es_stdout, "%c", buf[i]); else es_fprintf (es_stdout, "%%%02X", buf[i]); } es_fprintf (es_stdout, "\n"); } void print_subpackets_colon (PKT_signature * sig) { byte *i; log_assert (opt.show_subpackets); for (i = opt.show_subpackets; *i; i++) { const byte *p; size_t len; int seq, crit; seq = 0; while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit))) print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p); seq = 0; while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit))) print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p); } } void dump_attribs (const PKT_user_id *uid, PKT_public_key *pk) { int i; if (!attrib_fp) return; for (i = 0; i < uid->numattribs; i++) { if (is_status_enabled ()) { byte array[MAX_FINGERPRINT_LEN], *p; char buf[(MAX_FINGERPRINT_LEN * 2) + 90]; size_t j, n; if (!pk) BUG (); fingerprint_from_pk (pk, array, &n); p = array; for (j = 0; j < n; j++, p++) sprintf (buf + 2 * j, "%02X", *p); sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u", (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1, uid->numattribs, (ulong) uid->created, (ulong) uid->expiredate, ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) | (uid->flags.expired ? 0x04 : 0))); write_status_text (STATUS_ATTRIBUTE, buf); } es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp); es_fflush (attrib_fp); } } static void list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, struct keylist_context *listctx) { int rc; KBNODE kbctx; KBNODE node; PKT_public_key *pk; int skip_sigs = 0; char *hexgrip = NULL; char *serialno = NULL; /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); if (!node) { log_error ("Oops; key lost!\n"); dump_kbnode (keyblock); return; } pk = node->pkt->pkt.public_key; if (secret || opt.with_keygrip) { rc = hexkeygrip_from_pk (pk, &hexgrip); if (rc) log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); } if (secret) { /* Encode some info about the secret key in SECRET. */ if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) secret = serialno? 3 : 1; else secret = 2; /* Key not found. */ } if (!listctx->no_validity) check_trustdb_stale (ctrl); /* Print the "pub" line and in KF_NONE mode the fingerprint. */ print_key_line (ctrl, es_stdout, pk, secret); if (fpr) print_fingerprint (ctrl, NULL, pk, 0); if (opt.with_keygrip && hexgrip) es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); if (serialno) print_card_serialno (serialno); if (opt.with_key_data) print_key_data (pk); if (opt.with_key_origin && (pk->keyorg || pk->keyupdate || pk->updateurl)) { char updatestr[MK_DATESTR_SIZE]; es_fprintf (es_stdout, " origin=%s last=%s %s", key_origin_string (pk->keyorg), mk_datestr (updatestr, sizeof updatestr, pk->keyupdate), pk->updateurl? "url=":""); if (pk->updateurl) print_utf8_string (es_stdout, pk->updateurl); es_putc ('\n', es_stdout); } for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) { if (node->pkt->pkttype == PKT_USER_ID) { PKT_user_id *uid = node->pkt->pkt.user_id; int indent; int kl = opt.keyid_format == KF_NONE? 10 : keystrlen (); if ((uid->flags.expired || uid->flags.revoked) && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS)) { skip_sigs = 1; continue; } else skip_sigs = 0; if (attrib_fp && uid->attrib_data != NULL) dump_attribs (uid, pk); if ((uid->flags.revoked || uid->flags.expired) || ((opt.list_options & LIST_SHOW_UID_VALIDITY) && !listctx->no_validity)) { const char *validity; validity = uid_trust_string_fixed (ctrl, pk, uid); indent = ((kl + (opt.legacy_list_mode? 9:11)) - atoi (uid_trust_string_fixed (ctrl, NULL, NULL))); if (indent < 0 || indent > 40) indent = 0; es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity); } else { indent = kl + (opt.legacy_list_mode? 10:12); es_fprintf (es_stdout, "uid%*s", indent, ""); } print_utf8_buffer (es_stdout, uid->name, uid->len); es_putc ('\n', es_stdout); if (opt.with_wkd_hash) { char *mbox, *hash, *p; char hashbuf[32]; mbox = mailbox_from_userid (uid->name); if (mbox && (p = strchr (mbox, '@'))) { *p++ = 0; gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox)); hash = zb32_encode (hashbuf, 8*20); if (hash) { es_fprintf (es_stdout, " %*s%s@%s\n", indent, "", hash, p); xfree (hash); } } xfree (mbox); } if (opt.with_key_origin && (uid->keyorg || uid->keyupdate || uid->updateurl)) { char updatestr[MK_DATESTR_SIZE]; es_fprintf (es_stdout, " %*sorigin=%s last=%s %s", indent, "", key_origin_string (uid->keyorg), mk_datestr (updatestr, sizeof updatestr, uid->keyupdate), uid->updateurl? "url=":""); if (uid->updateurl) print_utf8_string (es_stdout, uid->updateurl); es_putc ('\n', es_stdout); } if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL) show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid); } else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { PKT_public_key *pk2 = node->pkt->pkt.public_key; if ((pk2->flags.revoked || pk2->has_expired) && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS)) { skip_sigs = 1; continue; } else skip_sigs = 0; xfree (serialno); serialno = NULL; xfree (hexgrip); hexgrip = NULL; if (secret || opt.with_keygrip) { rc = hexkeygrip_from_pk (pk2, &hexgrip); if (rc) log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); } if (secret) { if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) secret = serialno? 3 : 1; else secret = 2; /* Key not found. */ } /* Print the "sub" line. */ print_key_line (ctrl, es_stdout, pk2, secret); if (fpr > 1 || opt.with_subkey_fingerprint) { print_fingerprint (ctrl, NULL, pk2, 0); if (serialno) print_card_serialno (serialno); } if (opt.with_keygrip && hexgrip) es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); if (opt.with_key_data) print_key_data (pk2); } else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs) { PKT_signature *sig = node->pkt->pkt.signature; int sigrc; char *sigstr; if (listctx->check_sigs) { rc = check_key_signature (ctrl, keyblock, node, NULL); switch (gpg_err_code (rc)) { case 0: listctx->good_sigs++; sigrc = '!'; break; case GPG_ERR_BAD_SIGNATURE: listctx->inv_sigs++; sigrc = '-'; break; case GPG_ERR_NO_PUBKEY: case GPG_ERR_UNUSABLE_PUBKEY: listctx->no_key++; continue; default: listctx->oth_err++; sigrc = '%'; break; } /* TODO: Make sure a cached sig record here still has the pk that issued it. See also keyedit.c:print_and_check_one_sig */ } else { rc = 0; sigrc = ' '; } if (sig->sig_class == 0x20 || sig->sig_class == 0x28 || sig->sig_class == 0x30) sigstr = "rev"; else if ((sig->sig_class & ~3) == 0x10) sigstr = "sig"; else if (sig->sig_class == 0x18) sigstr = "sig"; else if (sig->sig_class == 0x1F) sigstr = "sig"; else { es_fprintf (es_stdout, "sig " "[unexpected signature class 0x%02x]\n", sig->sig_class); continue; } es_fputs (sigstr, es_stdout); es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s", sigrc, (sig->sig_class - 0x10 > 0 && sig->sig_class - 0x10 < 4) ? '0' + sig->sig_class - 0x10 : ' ', sig->flags.exportable ? ' ' : 'L', sig->flags.revocable ? ' ' : 'R', sig->flags.policy_url ? 'P' : ' ', sig->flags.notation ? 'N' : ' ', sig->flags.expired ? 'X' : ' ', (sig->trust_depth > 9) ? 'T' : (sig->trust_depth > 0) ? '0' + sig->trust_depth : ' ', keystr (sig->keyid), datestr_from_sig (sig)); if (opt.list_options & LIST_SHOW_SIG_EXPIRE) es_fprintf (es_stdout, " %s", expirestr_from_sig (sig)); es_fprintf (es_stdout, " "); if (sigrc == '%') es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); else if (sigrc == '?') ; else if (!opt.fast_list_mode) { size_t n; char *p = get_user_id (ctrl, sig->keyid, &n); print_utf8_buffer (es_stdout, p, n); xfree (p); } es_putc ('\n', es_stdout); if (sig->flags.policy_url && (opt.list_options & LIST_SHOW_POLICY_URLS)) show_policy_url (sig, 3, 0); if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS)) show_notation (sig, 3, 0, ((opt. list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) + ((opt. list_options & LIST_SHOW_USER_NOTATIONS) ? 2 : 0)); if (sig->flags.pref_ks && (opt.list_options & LIST_SHOW_KEYSERVER_URLS)) show_keyserver_url (sig, 3, 0); /* fixme: check or list other sigs here */ } } es_putc ('\n', es_stdout); xfree (serialno); xfree (hexgrip); } void print_revokers (estream_t fp, PKT_public_key * pk) { /* print the revoker record */ if (!pk->revkey && pk->numrevkeys) BUG (); else { int i, j; for (i = 0; i < pk->numrevkeys; i++) { byte *p; es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid); p = pk->revkey[i].fpr; for (j = 0; j < 20; j++, p++) es_fprintf (fp, "%02X", *p); es_fprintf (fp, ":%02x%s:\n", pk->revkey[i].class, (pk->revkey[i].class & 0x40) ? "s" : ""); } } } /* Print the compliance flags to field 18. PK is the public key. * KEYLENGTH is the length of the key in bits and CURVENAME is either * NULL or the name of the curve. The latter two args are here * merely because the caller has already computed them. */ static void print_compliance_flags (PKT_public_key *pk, unsigned int keylength, const char *curvename) { int any = 0; if (!keylength) keylength = nbits_from_pk (pk); if (pk->version == 5) { es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout); any++; } if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey, keylength, curvename)) { es_fprintf (es_stdout, any ? " %s" : "%s", gnupg_status_compliance_flag (CO_DE_VS)); any++; } } /* List a key in colon mode. If SECRET is true this is a secret key record (i.e. requested via --list-secret-key). If HAS_SECRET a secret key is available even if SECRET is not set. */ static void list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, int secret, int has_secret) { int rc; KBNODE kbctx; KBNODE node; PKT_public_key *pk; u32 keyid[2]; int trustletter = 0; int trustletter_print; int ownertrust_print; int ulti_hack = 0; int i; char *hexgrip_buffer = NULL; const char *hexgrip = NULL; char *serialno = NULL; int stubkey; unsigned int keylength; char *curve = NULL; const char *curvename = NULL; /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); if (!node) { log_error ("Oops; key lost!\n"); dump_kbnode (keyblock); return; } pk = node->pkt->pkt.public_key; if (secret || has_secret || opt.with_keygrip || opt.with_key_data) { rc = hexkeygrip_from_pk (pk, &hexgrip_buffer); if (rc) log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); /* In the error case we print an empty string so that we have a * "grp" record for each and subkey - even if it is empty. This * may help to prevent sync problems. */ hexgrip = hexgrip_buffer? hexgrip_buffer : ""; } stubkey = 0; if ((secret || has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) stubkey = 1; /* Key not found. */ keyid_from_pk (pk, keyid); if (!pk->flags.valid) trustletter_print = 'i'; else if (pk->flags.revoked) trustletter_print = 'r'; else if (pk->has_expired) trustletter_print = 'e'; else if (opt.fast_list_mode || opt.no_expensive_trust_checks) trustletter_print = 0; else { trustletter = get_validity_info (ctrl, keyblock, pk, NULL); if (trustletter == 'u') ulti_hack = 1; trustletter_print = trustletter; } if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) ownertrust_print = get_ownertrust_info (ctrl, pk, 0); else ownertrust_print = 0; keylength = nbits_from_pk (pk); es_fputs (secret? "sec:":"pub:", es_stdout); if (trustletter_print) es_putc (trustletter_print, es_stdout); es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::", keylength, pk->pubkey_algo, (ulong) keyid[0], (ulong) keyid[1], colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); if (ownertrust_print) es_putc (ownertrust_print, es_stdout); es_putc (':', es_stdout); es_putc (':', es_stdout); es_putc (':', es_stdout); print_capabilities (ctrl, pk, keyblock); es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 14. */ if (secret || has_secret) { if (stubkey) es_putc ('#', es_stdout); else if (serialno) es_fputs (serialno, es_stdout); else if (has_secret) es_putc ('+', es_stdout); } es_putc (':', es_stdout); /* End of field 15. */ es_putc (':', es_stdout); /* End of field 16. */ if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA || pk->pubkey_algo == PUBKEY_ALGO_EDDSA || pk->pubkey_algo == PUBKEY_ALGO_ECDH) { curve = openpgp_oid_to_str (pk->pkey[0]); curvename = openpgp_oid_to_curve (curve, 0); if (!curvename) curvename = curve; es_fputs (curvename, es_stdout); } es_putc (':', es_stdout); /* End of field 17. */ print_compliance_flags (pk, keylength, curvename); es_putc (':', es_stdout); /* End of field 18 (compliance). */ if (pk->keyupdate) es_fputs (colon_strtime (pk->keyupdate), es_stdout); es_putc (':', es_stdout); /* End of field 19 (last_update). */ es_fprintf (es_stdout, "%d%s", pk->keyorg, pk->updateurl? " ":""); if (pk->updateurl) es_write_sanitized (es_stdout, pk->updateurl, strlen (pk->updateurl), ":", NULL); es_putc (':', es_stdout); /* End of field 20 (origin). */ es_putc ('\n', es_stdout); print_revokers (es_stdout, pk); print_fingerprint (ctrl, NULL, pk, 0); if (hexgrip) es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); if (opt.with_key_data) print_key_data (pk); for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) { if (node->pkt->pkttype == PKT_USER_ID) { PKT_user_id *uid = node->pkt->pkt.user_id; int uid_validity; if (attrib_fp && uid->attrib_data != NULL) dump_attribs (uid, pk); if (uid->flags.revoked) uid_validity = 'r'; else if (uid->flags.expired) uid_validity = 'e'; else if (opt.no_expensive_trust_checks) uid_validity = 0; else if (ulti_hack) uid_validity = 'u'; else uid_validity = get_validity_info (ctrl, keyblock, pk, uid); es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout); if (uid_validity) es_putc (uid_validity, es_stdout); es_fputs ("::::", es_stdout); es_fprintf (es_stdout, "%s:", colon_strtime (uid->created)); es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate)); namehash_from_uid (uid); for (i = 0; i < 20; i++) es_fprintf (es_stdout, "%02X", uid->namehash[i]); es_fprintf (es_stdout, "::"); if (uid->attrib_data) es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len); else es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL); es_fputs (":::::::::", es_stdout); if (uid->keyupdate) es_fputs (colon_strtime (uid->keyupdate), es_stdout); es_putc (':', es_stdout); /* End of field 19 (last_update). */ es_fprintf (es_stdout, "%d%s", uid->keyorg, uid->updateurl? " ":""); if (uid->updateurl) es_write_sanitized (es_stdout, uid->updateurl, strlen (uid->updateurl), ":", NULL); es_putc (':', es_stdout); /* End of field 20 (origin). */ es_putc ('\n', es_stdout); #ifdef USE_TOFU if (!uid->attrib_data && opt.with_tofu_info && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)) { /* Print a "tfs" record. */ tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name); } #endif /*USE_TOFU*/ } else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { u32 keyid2[2]; PKT_public_key *pk2; int need_hexgrip = !!hexgrip; pk2 = node->pkt->pkt.public_key; xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL; xfree (serialno); serialno = NULL; if (need_hexgrip || secret || has_secret || opt.with_keygrip || opt.with_key_data) { rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer); if (rc) log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); hexgrip = hexgrip_buffer? hexgrip_buffer : ""; } stubkey = 0; if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) stubkey = 1; /* Key not found. */ keyid_from_pk (pk2, keyid2); es_fputs (secret? "ssb:":"sub:", es_stdout); if (!pk2->flags.valid) es_putc ('i', es_stdout); else if (pk2->flags.revoked) es_putc ('r', es_stdout); else if (pk2->has_expired) es_putc ('e', es_stdout); else if (opt.fast_list_mode || opt.no_expensive_trust_checks) ; else { /* TRUSTLETTER should always be defined here. */ if (trustletter) es_fprintf (es_stdout, "%c", trustletter); } keylength = nbits_from_pk (pk2); es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::", keylength, pk2->pubkey_algo, (ulong) keyid2[0], (ulong) keyid2[1], colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)); print_capabilities (ctrl, pk2, NULL); es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 14. */ if (secret || has_secret) { if (stubkey) es_putc ('#', es_stdout); else if (serialno) es_fputs (serialno, es_stdout); else if (has_secret) es_putc ('+', es_stdout); } es_putc (':', es_stdout); /* End of field 15. */ es_putc (':', es_stdout); /* End of field 16. */ if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA || pk2->pubkey_algo == PUBKEY_ALGO_ECDH) { xfree (curve); curve = openpgp_oid_to_str (pk2->pkey[0]); curvename = openpgp_oid_to_curve (curve, 0); if (!curvename) curvename = curve; es_fputs (curvename, es_stdout); } es_putc (':', es_stdout); /* End of field 17. */ print_compliance_flags (pk2, keylength, curvename); es_putc (':', es_stdout); /* End of field 18. */ es_putc ('\n', es_stdout); print_fingerprint (ctrl, NULL, pk2, 0); if (hexgrip) es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); if (opt.with_key_data) print_key_data (pk2); } else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE) { PKT_signature *sig = node->pkt->pkt.signature; int sigrc, fprokay = 0; char *sigstr; size_t fplen; byte fparray[MAX_FINGERPRINT_LEN]; char *siguid; size_t siguidlen; if (sig->sig_class == 0x20 || sig->sig_class == 0x28 || sig->sig_class == 0x30) sigstr = "rev"; else if ((sig->sig_class & ~3) == 0x10) sigstr = "sig"; else if (sig->sig_class == 0x18) sigstr = "sig"; else if (sig->sig_class == 0x1F) sigstr = "sig"; else { es_fprintf (es_stdout, "sig::::::::::%02x%c:\n", sig->sig_class, sig->flags.exportable ? 'x' : 'l'); continue; } if (opt.check_sigs) { PKT_public_key *signer_pk = NULL; es_fflush (es_stdout); if (opt.no_sig_cache) signer_pk = xmalloc_clear (sizeof (PKT_public_key)); rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk, NULL, NULL, NULL); switch (gpg_err_code (rc)) { case 0: sigrc = '!'; break; case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; case GPG_ERR_NO_PUBKEY: case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; default: sigrc = '%'; break; } if (opt.no_sig_cache) { if (!rc) { fingerprint_from_pk (signer_pk, fparray, &fplen); fprokay = 1; } free_public_key (signer_pk); } } else { rc = 0; sigrc = ' '; } if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode) siguid = get_user_id (ctrl, sig->keyid, &siguidlen); else { siguid = NULL; siguidlen = 0; } es_fputs (sigstr, es_stdout); es_putc (':', es_stdout); if (sigrc != ' ') es_putc (sigrc, es_stdout); es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo, (ulong) sig->keyid[0], (ulong) sig->keyid[1], colon_datestr_from_sig (sig), colon_expirestr_from_sig (sig)); if (sig->trust_depth || sig->trust_value) es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value); es_fprintf (es_stdout, ":"); if (sig->trust_regexp) es_write_sanitized (es_stdout, sig->trust_regexp, strlen (sig->trust_regexp), ":", NULL); es_fprintf (es_stdout, ":"); if (sigrc == '%') es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); else if (siguid) es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL); es_fprintf (es_stdout, ":%02x%c::", sig->sig_class, sig->flags.exportable ? 'x' : 'l'); if (opt.no_sig_cache && opt.check_sigs && fprokay) { for (i = 0; i < fplen; i++) es_fprintf (es_stdout, "%02X", fparray[i]); } es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo); if (opt.show_subpackets) print_subpackets_colon (sig); /* fixme: check or list other sigs here */ xfree (siguid); } } xfree (curve); xfree (hexgrip_buffer); xfree (serialno); } /* * Reorder the keyblock so that the primary user ID (and not attribute * packet) comes first. Fixme: Replace this by a generic sort * function. */ static void do_reorder_keyblock (KBNODE keyblock, int attr) { KBNODE primary = NULL, primary0 = NULL, primary2 = NULL; KBNODE last, node; for (node = keyblock; node; primary0 = node, node = node->next) { if (node->pkt->pkttype == PKT_USER_ID && ((attr && node->pkt->pkt.user_id->attrib_data) || (!attr && !node->pkt->pkt.user_id->attrib_data)) && node->pkt->pkt.user_id->flags.primary) { primary = primary2 = node; for (node = node->next; node; primary2 = node, node = node->next) { if (node->pkt->pkttype == PKT_USER_ID || node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY) { break; } } break; } } if (!primary) return; /* No primary key flag found (should not happen). */ for (last = NULL, node = keyblock; node; last = node, node = node->next) { if (node->pkt->pkttype == PKT_USER_ID) break; } log_assert (node); log_assert (last); /* The user ID is never the first packet. */ log_assert (primary0); /* Ditto (this is the node before primary). */ if (node == primary) return; /* Already the first one. */ last->next = primary; primary0->next = primary2->next; primary2->next = node; } void reorder_keyblock (KBNODE keyblock) { do_reorder_keyblock (keyblock, 1); do_reorder_keyblock (keyblock, 0); } static void list_keyblock (ctrl_t ctrl, KBNODE keyblock, int secret, int has_secret, int fpr, struct keylist_context *listctx) { reorder_keyblock (keyblock); if (opt.with_colons) list_keyblock_colon (ctrl, keyblock, secret, has_secret); else list_keyblock_print (ctrl, keyblock, secret, fpr, listctx); if (secret) es_fflush (es_stdout); } /* Public function used by keygen to list a keyblock. If NO_VALIDITY * is set the validity of a key is never shown. */ void list_keyblock_direct (ctrl_t ctrl, kbnode_t keyblock, int secret, int has_secret, int fpr, int no_validity) { struct keylist_context listctx; memset (&listctx, 0, sizeof (listctx)); listctx.no_validity = !!no_validity; list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx); keylist_context_release (&listctx); } /* Print an hex digit in ICAO spelling. */ static void print_icao_hexdigit (estream_t fp, int c) { static const char *list[16] = { "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven", "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot" }; tty_fprintf (fp, "%s", list[c&15]); } /* * Function to print the finperprint. * mode 0: as used in key listings, opt.with_colons is honored * 1: print using log_info () * 2: direct use of tty * 3: direct use of tty but only primary key. * 4: direct use of tty but only subkey. * 10: Same as 0 but with_colons etc is ignored. * 20: Same as 0 but using a compact format. * * Modes 1 and 2 will try and print both subkey and primary key * fingerprints. A MODE with bit 7 set is used internally. If * OVERRIDE_FP is not NULL that stream will be used in 0 instead * of es_stdout or instead of the TTY in modes 2 and 3. */ void print_fingerprint (ctrl_t ctrl, estream_t override_fp, PKT_public_key *pk, int mode) { char hexfpr[2*MAX_FINGERPRINT_LEN+1]; char *p; size_t i; estream_t fp; const char *text; int primary = 0; int with_colons = opt.with_colons; int with_icao = opt.with_icao_spelling; int compact = 0; if (mode == 10) { mode = 0; with_colons = 0; with_icao = 0; } else if (mode == 20) { mode = 0; with_colons = 0; compact = 1; } if (!opt.fingerprint && !opt.with_fingerprint && opt.with_subkey_fingerprint) compact = 1; if (pk->main_keyid[0] == pk->keyid[0] && pk->main_keyid[1] == pk->keyid[1]) primary = 1; /* Just to be safe */ if ((mode & 0x80) && !primary) { log_error ("primary key is not really primary!\n"); return; } mode &= ~0x80; if (!primary && (mode == 1 || mode == 2)) { PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk)); get_pubkey (ctrl, primary_pk, pk->main_keyid); print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80)); free_public_key (primary_pk); } if (mode == 1) { fp = log_get_stream (); if (primary) text = _("Primary key fingerprint:"); else text = _(" Subkey fingerprint:"); } else if (mode == 2) { fp = override_fp; /* Use tty or given stream. */ if (primary) /* TRANSLATORS: this should fit into 24 bytes so that the * fingerprint data is properly aligned with the user ID */ text = _(" Primary key fingerprint:"); else text = _(" Subkey fingerprint:"); } else if (mode == 3) { fp = override_fp; /* Use tty or given stream. */ text = _(" Key fingerprint ="); } else if (mode == 4) { fp = override_fp; /* Use tty or given stream. */ text = _(" Subkey fingerprint:"); } else { fp = override_fp? override_fp : es_stdout; if (opt.keyid_format == KF_NONE) { text = " "; /* To indent ICAO spelling. */ compact = 1; } else text = _(" Key fingerprint ="); } hexfingerprint (pk, hexfpr, sizeof hexfpr); if (with_colons && !mode) { es_fprintf (fp, "fpr:::::::::%s:", hexfpr); } else if (compact && !opt.fingerprint && !opt.with_fingerprint) { tty_fprintf (fp, "%*s%s", 6, "", hexfpr); } else { char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1]; format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr); if (compact) tty_fprintf (fp, "%*s%s", 6, "", fmtfpr); else tty_fprintf (fp, "%s %s", text, fmtfpr); } tty_fprintf (fp, "\n"); if (!with_colons && with_icao) { ; tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, ""); for (i = 0, p = hexfpr; *p; i++, p++) { if (!i) ; else if (!(i%8)) tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, ""); else if (!(i%4)) tty_fprintf (fp, " "); else tty_fprintf (fp, " "); print_icao_hexdigit (fp, xtoi_1 (p)); } tty_fprintf (fp, "\"\n"); } } /* Print the serial number of an OpenPGP card if available. */ static void print_card_serialno (const char *serialno) { if (!serialno) return; if (opt.with_colons) return; /* Handled elsewhere. */ es_fputs (_(" Card serial no. ="), es_stdout); es_putc (' ', es_stdout); if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12)) { /* This is an OpenPGP card. Print the relevant part. */ /* Example: D2760001240101010001000003470000 */ /* xxxxyyyyyyyy */ es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20); } else es_fputs (serialno, es_stdout); es_putc ('\n', es_stdout); } /* Print a public or secret (sub)key line. Example: * * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31] * 80615870F5BAD690333686D0F2AD85AC1E42B367 * + * pub rsa2048 2017-12-31 [SC] [expires: 2028-12-31] + * 80615870F5BAD690333686D0F2AD85AC1E42B3671122334455 + * * Some global options may result in a different output format. If * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and * depending on the value a flag character is shown: * * 1 := ' ' Regular secret key * 2 := '#' Stub secret key * 3 := '>' Secret key is on a token. */ void print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret) { char pkstrbuf[PUBKEY_STRING_SIZE]; tty_fprintf (fp, "%s%c %s", pk->flags.primary? (secret? "sec":"pub") /**/ : (secret? "ssb":"sub"), secret == 2? '#' : secret == 3? '>' : ' ', pubkey_string (pk, pkstrbuf, sizeof pkstrbuf)); if (opt.keyid_format != KF_NONE) tty_fprintf (fp, "/%s", keystr_from_pk (pk)); tty_fprintf (fp, " %s", datestr_from_pk (pk)); if ((opt.list_options & LIST_SHOW_USAGE)) { tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0)); } if (pk->flags.revoked) { tty_fprintf (fp, " ["); tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk)); tty_fprintf (fp, "]"); } else if (pk->has_expired) { tty_fprintf (fp, " ["); tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk)); tty_fprintf (fp, "]"); } else if (pk->expiredate) { tty_fprintf (fp, " ["); tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); tty_fprintf (fp, "]"); } #if 0 /* I need to think about this some more. It's easy enough to include, but it looks sort of confusing in the listing... */ if (opt.list_options & LIST_SHOW_VALIDITY) { int validity = get_validity (ctrl, pk, NULL, NULL, 0); tty_fprintf (fp, " [%s]", trust_value_to_string (validity)); } #endif if (pk->pubkey_algo >= 100) tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo); tty_fprintf (fp, "\n"); /* if the user hasn't explicitly asked for human-readable fingerprints, show compact fpr of primary key: */ if (pk->flags.primary && !opt.fingerprint && !opt.with_fingerprint) print_fingerprint (ctrl, fp, pk, 20); } void set_attrib_fd (int fd) { static int last_fd = -1; if (fd != -1 && last_fd == fd) return; /* Fixme: Do we need to check for the log stream here? */ if (attrib_fp && attrib_fp != log_get_stream ()) es_fclose (attrib_fp); attrib_fp = NULL; if (fd == -1) return; if (! gnupg_fd_valid (fd)) log_fatal ("attribute-fd is invalid: %s\n", strerror (errno)); #ifdef HAVE_DOSISH_SYSTEM setmode (fd, O_BINARY); #endif if (fd == 1) attrib_fp = es_stdout; else if (fd == 2) attrib_fp = es_stderr; else attrib_fp = es_fdopen (fd, "wb"); if (!attrib_fp) { log_fatal ("can't open fd %d for attribute output: %s\n", fd, strerror (errno)); } last_fd = fd; } diff --git a/g10/sig-check.c b/g10/sig-check.c index 63c38a64a..f8e366b7e 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -1,1181 +1,1181 @@ /* sig-check.c - Check a signature * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, * 2004, 2006 Free Software Foundation, Inc. * Copyright (C) 2015, 2016 g10 Code GmbH * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include "gpg.h" #include "../common/util.h" #include "packet.h" #include "keydb.h" #include "main.h" #include "../common/status.h" #include "../common/i18n.h" #include "options.h" #include "pkglue.h" #include "../common/compliance.h" static int check_signature_end (PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest, int *r_expired, int *r_revoked, PKT_public_key *ret_pk); static int check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest); /* Statistics for signature verification. */ struct { unsigned int total; /* Total number of verifications. */ unsigned int cached; /* Number of seen cache entries. */ unsigned int goodsig;/* Number of good verifications from the cache. */ unsigned int badsig; /* Number of bad verifications from the cache. */ } cache_stats; /* Dump verification stats. */ void sig_check_dump_stats (void) { log_info ("sig_cache: total=%u cached=%u good=%u bad=%u\n", cache_stats.total, cache_stats.cached, cache_stats.goodsig, cache_stats.badsig); } /* Check a signature. This is shorthand for check_signature2 with the unnamed arguments passed as NULL. */ int check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest) { return check_signature2 (ctrl, sig, digest, NULL, NULL, NULL, NULL); } /* Check a signature. * * Looks up the public key that created the signature (SIG->KEYID) * from the key db. Makes sure that the signature is valid (it was * not created prior to the key, the public key was created in the * past, and the signature does not include any unsupported critical * features), finishes computing the hash of the signature data, and * checks that the signature verifies the digest. If the key that * generated the signature is a subkey, this function also verifies * that there is a valid backsig from the subkey to the primary key. * Finally, if status fd is enabled and the signature class is 0x00 or * 0x01, then a STATUS_SIG_ID is emitted on the status fd. * * SIG is the signature to check. * * DIGEST contains a valid hash context that already includes the * signed data. This function adds the relevant meta-data from the * signature packet to compute the final hash. (See Section 5.2 of * RFC 4880: "The concatenation of the data being signed and the * signature data from the version number through the hashed subpacket * data (inclusive) is hashed.") * * If R_EXPIREDATE is not NULL, R_EXPIREDATE is set to the key's * expiry. * * If R_EXPIRED is not NULL, *R_EXPIRED is set to 1 if PK has expired * (0 otherwise). Note: PK being expired does not cause this function * to fail. * * If R_REVOKED is not NULL, *R_REVOKED is set to 1 if PK has been * revoked (0 otherwise). Note: PK being revoked does not cause this * function to fail. * * If R_PK is not NULL, the public key is stored at that address if it * was found; other wise NULL is stored. * * Returns 0 on success. An error code otherwise. */ gpg_error_t check_signature2 (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, int *r_expired, int *r_revoked, PKT_public_key **r_pk) { int rc=0; PKT_public_key *pk; if (r_expiredate) *r_expiredate = 0; if (r_expired) *r_expired = 0; if (r_revoked) *r_revoked = 0; if (r_pk) *r_pk = NULL; pk = xtrycalloc (1, sizeof *pk); if (!pk) return gpg_error_from_syserror (); if ( (rc=openpgp_md_test_algo(sig->digest_algo)) ) ; /* We don't have this digest. */ else if (! gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo)) { /* Compliance failure. */ log_info (_("digest algorithm '%s' may not be used in %s mode\n"), gcry_md_algo_name (sig->digest_algo), gnupg_compliance_option_string (opt.compliance)); rc = gpg_error (GPG_ERR_DIGEST_ALGO); } else if ((rc=openpgp_pk_test_algo(sig->pubkey_algo))) ; /* We don't have this pubkey algo. */ else if (!gcry_md_is_enabled (digest,sig->digest_algo)) { /* Sanity check that the md has a context for the hash that the sig is expecting. This can happen if a onepass sig header does not match the actual sig, and also if the clearsign "Hash:" header is missing or does not match the actual sig. */ log_info(_("WARNING: signature digest conflict in message\n")); rc = gpg_error (GPG_ERR_GENERAL); } else if( get_pubkey (ctrl, pk, sig->keyid ) ) rc = gpg_error (GPG_ERR_NO_PUBKEY); else if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION, pk->pubkey_algo, pk->pkey, nbits_from_pk (pk), NULL)) { /* Compliance failure. */ log_error (_("key %s may not be used for signing in %s mode\n"), keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance)); rc = gpg_error (GPG_ERR_PUBKEY_ALGO); } else if(!pk->flags.valid) { /* You cannot have a good sig from an invalid key. */ rc = gpg_error (GPG_ERR_BAD_PUBKEY); } else { if(r_expiredate) *r_expiredate = pk->expiredate; rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL); /* Check the backsig. This is a 0x19 signature from the subkey on the primary key. The idea here is that it should not be possible for someone to "steal" subkeys and claim them as their own. The attacker couldn't actually use the subkey, but they could try and claim ownership of any signatures issued by it. */ if (!rc && !pk->flags.primary && pk->flags.backsig < 2) { if (!pk->flags.backsig) { log_info(_("WARNING: signing subkey %s is not" " cross-certified\n"),keystr_from_pk(pk)); log_info(_("please see %s for more information\n"), "https://gnupg.org/faq/subkey-cross-certify.html"); /* --require-cross-certification makes this warning an error. TODO: change the default to require this after more keys have backsigs. */ if(opt.flags.require_cross_cert) rc = gpg_error (GPG_ERR_GENERAL); } else if(pk->flags.backsig == 1) { log_info(_("WARNING: signing subkey %s has an invalid" " cross-certification\n"),keystr_from_pk(pk)); rc = gpg_error (GPG_ERR_GENERAL); } } } if( !rc && sig->sig_class < 2 && is_status_enabled() ) { /* This signature id works best with DLP algorithms because * they use a random parameter for every signature. Instead of * this sig-id we could have also used the hash of the document * and the timestamp, but the drawback of this is, that it is * not possible to sign more than one identical document within * one second. Some remote batch processing applications might * like this feature here. * * Note that before 2.0.10, we used RIPE-MD160 for the hash * and accidentally didn't include the timestamp and algorithm * information in the hash. Given that this feature is not * commonly used and that a replay attacks detection should * not solely be based on this feature (because it does not * work with RSA), we take the freedom and switch to SHA-1 * with 2.0.10 to take advantage of hardware supported SHA-1 * implementations. We also include the missing information * in the hash. Note also the SIG_ID as computed by gpg 1.x * and gpg 2.x didn't matched either because 2.x used to print * MPIs not in PGP format. */ u32 a = sig->timestamp; int nsig = pubkey_get_nsig( sig->pubkey_algo ); unsigned char *p, *buffer; size_t n, nbytes; int i; - char hashbuf[20]; + char hashbuf[20]; /* We use SHA-1 here. */ nbytes = 6; for (i=0; i < nsig; i++ ) { if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n, sig->data[i])) BUG(); nbytes += n; } /* Make buffer large enough to be later used as output buffer. */ if (nbytes < 100) nbytes = 100; nbytes += 10; /* Safety margin. */ /* Fill and hash buffer. */ buffer = p = xmalloc (nbytes); *p++ = sig->pubkey_algo; *p++ = sig->digest_algo; *p++ = (a >> 24) & 0xff; *p++ = (a >> 16) & 0xff; *p++ = (a >> 8) & 0xff; *p++ = a & 0xff; nbytes -= 6; for (i=0; i < nsig; i++ ) { if (gcry_mpi_print (GCRYMPI_FMT_PGP, p, nbytes, &n, sig->data[i])) BUG(); p += n; nbytes -= n; } gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, buffer, p-buffer); p = make_radix64_string (hashbuf, 20); sprintf (buffer, "%s %s %lu", p, strtimestamp (sig->timestamp), (ulong)sig->timestamp); xfree (p); write_status_text (STATUS_SIG_ID, buffer); xfree (buffer); } if (r_pk) *r_pk = pk; else { release_public_key_parts (pk); xfree (pk); } return rc; } /* The signature SIG was generated with the public key PK. Check * whether the signature is valid in the following sense: * * - Make sure the public key was created before the signature was * generated. * * - Make sure the public key was created in the past * * - Check whether PK has expired (set *R_EXPIRED to 1 if so and 0 * otherwise) * * - Check whether PK has been revoked (set *R_REVOKED to 1 if so * and 0 otherwise). * * If either of the first two tests fail, returns an error code. * Otherwise returns 0. (Thus, this function doesn't fail if the * public key is expired or revoked.) */ static int check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig, int *r_expired, int *r_revoked) { u32 cur_time; if(r_expired) *r_expired = 0; if(r_revoked) *r_revoked = 0; if( pk->timestamp > sig->timestamp ) { ulong d = pk->timestamp - sig->timestamp; if ( d < 86400 ) { log_info (ngettext ("public key %s is %lu second newer than the signature\n", "public key %s is %lu seconds newer than the signature\n", d), keystr_from_pk (pk), d); } else { d /= 86400; log_info (ngettext ("public key %s is %lu day newer than the signature\n", "public key %s is %lu days newer than the signature\n", d), keystr_from_pk (pk), d); } if (!opt.ignore_time_conflict) return GPG_ERR_TIME_CONFLICT; /* pubkey newer than signature. */ } cur_time = make_timestamp(); if( pk->timestamp > cur_time ) { ulong d = pk->timestamp - cur_time; if (d < 86400) { log_info (ngettext("key %s was created %lu second" " in the future (time warp or clock problem)\n", "key %s was created %lu seconds" " in the future (time warp or clock problem)\n", d), keystr_from_pk (pk), d); } else { d /= 86400; log_info (ngettext("key %s was created %lu day" " in the future (time warp or clock problem)\n", "key %s was created %lu days" " in the future (time warp or clock problem)\n", d), keystr_from_pk (pk), d); } if (!opt.ignore_time_conflict) return GPG_ERR_TIME_CONFLICT; } /* Check whether the key has expired. We check the has_expired flag which is set after a full evaluation of the key (getkey.c) as well as a simple compare to the current time in case the merge has for whatever reasons not been done. */ if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) { char buf[11]; if (opt.verbose) log_info(_("Note: signature key %s expired %s\n"), keystr_from_pk(pk), asctimestamp( pk->expiredate ) ); sprintf(buf,"%lu",(ulong)pk->expiredate); write_status_text(STATUS_KEYEXPIRED,buf); if(r_expired) *r_expired = 1; } if (pk->flags.revoked) { if (opt.verbose) log_info (_("Note: signature key %s has been revoked\n"), keystr_from_pk(pk)); if (r_revoked) *r_revoked=1; } return 0; } /* Finish generating a signature and check it. Concretely: make sure * that the signature is valid (it was not created prior to the key, * the public key was created in the past, and the signature does not * include any unsupported critical features), finish computing the * digest by adding the relevant data from the signature packet, and * check that the signature verifies the digest. * * DIGEST contains a hash context, which has already hashed the signed * data. This function adds the relevant meta-data from the signature * packet to compute the final hash. (See Section 5.2 of RFC 4880: * "The concatenation of the data being signed and the signature data * from the version number through the hashed subpacket data * (inclusive) is hashed.") * * SIG is the signature to check. * * PK is the public key used to generate the signature. * * If R_EXPIRED is not NULL, *R_EXPIRED is set to 1 if PK has expired * (0 otherwise). Note: PK being expired does not cause this function * to fail. * * If R_REVOKED is not NULL, *R_REVOKED is set to 1 if PK has been * revoked (0 otherwise). Note: PK being revoked does not cause this * function to fail. * * If RET_PK is not NULL, PK is copied into RET_PK on success. * * Returns 0 on success. An error code other. */ static int check_signature_end (PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest, int *r_expired, int *r_revoked, PKT_public_key *ret_pk) { int rc = 0; if ((rc = check_signature_metadata_validity (pk, sig, r_expired, r_revoked))) return rc; if ((rc = check_signature_end_simple (pk, sig, digest))) return rc; if(!rc && ret_pk) copy_public_key(ret_pk,pk); return rc; } /* This function is similar to check_signature_end, but it only checks whether the signature was generated by PK. It does not check expiration, revocation, etc. */ static int check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest) { gcry_mpi_t result = NULL; int rc = 0; const struct weakhash *weak; if (!opt.flags.allow_weak_digest_algos) for (weak = opt.weak_digests; weak; weak = weak->next) if (sig->digest_algo == weak->algo) { print_digest_rejected_note(sig->digest_algo); return GPG_ERR_DIGEST_ALGO; } /* Make sure the digest algo is enabled (in case of a detached signature). */ gcry_md_enable (digest, sig->digest_algo); /* Complete the digest. */ if( sig->version >= 4 ) gcry_md_putc( digest, sig->version ); gcry_md_putc( digest, sig->sig_class ); if( sig->version < 4 ) { u32 a = sig->timestamp; gcry_md_putc( digest, (a >> 24) & 0xff ); gcry_md_putc( digest, (a >> 16) & 0xff ); gcry_md_putc( digest, (a >> 8) & 0xff ); gcry_md_putc( digest, a & 0xff ); } else { byte buf[6]; size_t n; gcry_md_putc( digest, sig->pubkey_algo ); gcry_md_putc( digest, sig->digest_algo ); if( sig->hashed ) { n = sig->hashed->len; gcry_md_putc (digest, (n >> 8) ); gcry_md_putc (digest, n ); gcry_md_write (digest, sig->hashed->data, n); n += 6; } else { /* Two octets for the (empty) length of the hashed section. */ gcry_md_putc (digest, 0); gcry_md_putc (digest, 0); n = 6; } /* add some magic per Section 5.2.4 of RFC 4880. */ buf[0] = sig->version; buf[1] = 0xff; buf[2] = n >> 24; buf[3] = n >> 16; buf[4] = n >> 8; buf[5] = n; gcry_md_write( digest, buf, 6 ); } gcry_md_final( digest ); /* Convert the digest to an MPI. */ result = encode_md_value (pk, digest, sig->digest_algo ); if (!result) return GPG_ERR_GENERAL; /* Verify the signature. */ if (DBG_CLOCK && sig->sig_class <= 0x01) log_clock ("enter pk_verify"); rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey ); if (DBG_CLOCK && sig->sig_class <= 0x01) log_clock ("leave pk_verify"); gcry_mpi_release (result); if( !rc && sig->flags.unknown_critical ) { log_info(_("assuming bad signature from key %s" " due to an unknown critical bit\n"),keystr_from_pk(pk)); rc = GPG_ERR_BAD_SIGNATURE; } return rc; } /* Add a uid node to a hash context. See section 5.2.4, paragraph 4 of RFC 4880. */ static void hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig ) { if( uid->attrib_data ) { if( sig->version >=4 ) { byte buf[5]; buf[0] = 0xd1; /* packet of type 17 */ buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */ buf[2] = uid->attrib_len >> 16; buf[3] = uid->attrib_len >> 8; buf[4] = uid->attrib_len; gcry_md_write( md, buf, 5 ); } gcry_md_write( md, uid->attrib_data, uid->attrib_len ); } else { if( sig->version >=4 ) { byte buf[5]; buf[0] = 0xb4; /* indicates a userid packet */ buf[1] = uid->len >> 24; /* always use 4 length bytes */ buf[2] = uid->len >> 16; buf[3] = uid->len >> 8; buf[4] = uid->len; gcry_md_write( md, buf, 5 ); } gcry_md_write( md, uid->name, uid->len ); } } static void cache_sig_result ( PKT_signature *sig, int result ) { if ( !result ) { sig->flags.checked = 1; sig->flags.valid = 1; } else if ( gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE ) { sig->flags.checked = 1; sig->flags.valid = 0; } else { sig->flags.checked = 0; sig->flags.valid = 0; } } /* SIG is a key revocation signature. Check if this signature was * generated by any of the public key PK's designated revokers. * * PK is the public key that SIG allegedly revokes. * * SIG is the revocation signature to check. * * This function avoids infinite recursion, which can happen if two * keys are designed revokers for each other and they revoke each * other. This is done by observing that if a key A is revoked by key * B we still consider the revocation to be valid even if B is * revoked. Thus, we don't need to determine whether B is revoked to * determine whether A has been revoked by B, we just need to check * the signature. * * Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not * revoked. We are careful to make sure that GPG_ERR_NO_PUBKEY is * only returned when a revocation signature is from a valid * revocation key designated in a revkey subpacket, but the revocation * key itself isn't present. * * XXX: This code will need to be modified if gpg ever becomes * multi-threaded. Note that this guarantees that a designated * revocation sig will never be considered valid unless it is actually * valid, as well as being issued by a revocation key in a valid * direct signature. Note also that this is written so that a revoked * revoker can still issue revocations: i.e. If A revokes B, but A is * revoked, B is still revoked. I'm not completely convinced this is * the proper behavior, but it matches how PGP does it. -dms */ int check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig) { static int busy=0; int i; int rc = GPG_ERR_GENERAL; log_assert (IS_KEY_REV(sig)); log_assert ((sig->keyid[0]!=pk->keyid[0]) || (sig->keyid[0]!=pk->keyid[1])); /* Avoid infinite recursion. Consider the following: * * - We want to check if A is revoked. * * - C is a designated revoker for B and has revoked B. * * - B is a designated revoker for A and has revoked A. * * When checking if A is revoked (in merge_selfsigs_main), we * observe that A has a designed revoker. As such, we call this * function. This function sees that there is a valid revocation * signature, which is signed by B. It then calls check_signature() * to verify that the signature is good. To check the sig, we need * to lookup B. Looking up B means calling merge_selfsigs_main, * which checks whether B is revoked, which calls this function to * see if B was revoked by some key. * * In this case, the added level of indirection doesn't hurt. It * just means a bit more work. However, if C == A, then we'd end up * in a loop. But, it doesn't make sense to look up C anyways: even * if B is revoked, we conservatively consider a valid revocation * signed by B to revoke A. Since this is the only place where this * type of recursion can occur, we simply cause this function to * fail if it is entered recursively. */ if (busy) { /* Return an error (i.e. not revoked), but mark the pk as uncacheable as we don't really know its revocation status until it is checked directly. */ pk->flags.dont_cache = 1; return rc; } busy=1; /* es_printf("looking at %08lX with a sig from %08lX\n",(ulong)pk->keyid[1], (ulong)sig->keyid[1]); */ /* is the issuer of the sig one of our revokers? */ if( !pk->revkey && pk->numrevkeys ) BUG(); else for(i=0;inumrevkeys;i++) { /* The revoker's keyid. */ u32 keyid[2]; keyid_from_fingerprint (ctrl, pk->revkey[i].fpr, MAX_FINGERPRINT_LEN, keyid); if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1]) /* The signature was generated by a designated revoker. Verify the signature. */ { gcry_md_hd_t md; if (gcry_md_open (&md, sig->digest_algo, 0)) BUG (); hash_public_key(md,pk); /* Note: check_signature only checks that the signature is good. It does not fail if the key is revoked. */ rc = check_signature (ctrl, sig, md); cache_sig_result(sig,rc); gcry_md_close (md); break; } } busy=0; return rc; } /* Check that the backsig BACKSIG from the subkey SUB_PK to its primary key MAIN_PK is valid. Backsigs (0x19) have the same format as binding sigs (0x18), but this function is simpler than check_key_signature in a few ways. For example, there is no support for expiring backsigs since it is questionable what such a thing actually means. Note also that the sig cache check here, unlike other sig caches in GnuPG, is not persistent. */ int check_backsig (PKT_public_key *main_pk,PKT_public_key *sub_pk, PKT_signature *backsig) { gcry_md_hd_t md; int rc; /* Always check whether the algorithm is available. Although gcry_md_open would throw an error, some libgcrypt versions will print a debug message in that case too. */ if ((rc=openpgp_md_test_algo (backsig->digest_algo))) return rc; if(!opt.no_sig_cache && backsig->flags.checked) return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE); rc = gcry_md_open (&md, backsig->digest_algo,0); if (!rc) { hash_public_key(md,main_pk); hash_public_key(md,sub_pk); rc = check_signature_end (sub_pk, backsig, md, NULL, NULL, NULL); cache_sig_result(backsig,rc); gcry_md_close(md); } return rc; } /* Check that a signature over a key is valid. This is a * specialization of check_key_signature2 with the unnamed parameters * passed as NULL. See the documentation for that function for more * details. */ int check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t node, int *is_selfsig) { return check_key_signature2 (ctrl, root, node, NULL, NULL, is_selfsig, NULL, NULL); } /* Returns whether SIGNER generated the signature SIG over the packet * PACKET, which is a key, subkey or uid, and comes from the key block * KB. (KB is PACKET's corresponding keyblock; we don't assume that * SIG has been added to the keyblock.) * * If SIGNER is set, then checks whether SIGNER generated the * signature. Otherwise, uses SIG->KEYID to find the alleged signer. * This parameter can be used to effectively override the alleged * signer that is stored in SIG. * * KB may be NULL if SIGNER is set. * * Unlike check_key_signature, this function ignores any cached * results! That is, it does not consider SIG->FLAGS.CHECKED and * SIG->FLAGS.VALID nor does it set them. * * This doesn't check the signature's semantic mean. Concretely, it * doesn't check whether a non-self signed revocation signature was * created by a designated revoker. In fact, it doesn't return an * error for a binding generated by a completely different key! * * Returns 0 if the signature is valid. Returns GPG_ERR_SIG_CLASS if * this signature can't be over PACKET. Returns GPG_ERR_NOT_FOUND if * the key that generated the signature (according to SIG) could not * be found. Returns GPG_ERR_BAD_SIGNATURE if the signature is bad. * Other errors codes may be returned if something else goes wrong. * * IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a * self-signature (by the key's primary key) or 0 if not. * * If RET_PK is not NULL, returns a copy of the public key that * generated the signature (i.e., the signer) on success. This must * be released by the caller using release_public_key_parts (). */ gpg_error_t check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, PKT_signature *sig, KBNODE kb, PACKET *packet, int *is_selfsig, PKT_public_key *ret_pk) { int rc; PKT_public_key *pripk = kb->pkt->pkt.public_key; gcry_md_hd_t md; int signer_alloced = 0; rc = openpgp_pk_test_algo (sig->pubkey_algo); if (rc) return rc; rc = openpgp_md_test_algo (sig->digest_algo); if (rc) return rc; /* A signature's class indicates the type of packet that it signs. */ if (/* Primary key binding (made by a subkey). */ sig->sig_class == 0x19 /* Direct key signature. */ || sig->sig_class == 0x1f /* Primary key revocation. */ || sig->sig_class == 0x20) { /* Key revocations can only be over primary keys. */ if (packet->pkttype != PKT_PUBLIC_KEY) return gpg_error (GPG_ERR_SIG_CLASS); } else if (/* Subkey binding. */ sig->sig_class == 0x18 /* Subkey revocation. */ || sig->sig_class == 0x28) { if (packet->pkttype != PKT_PUBLIC_SUBKEY) return gpg_error (GPG_ERR_SIG_CLASS); } else if (/* Certification. */ sig->sig_class == 0x10 || sig->sig_class == 0x11 || sig->sig_class == 0x12 || sig->sig_class == 0x13 /* Certification revocation. */ || sig->sig_class == 0x30) { if (packet->pkttype != PKT_USER_ID) return gpg_error (GPG_ERR_SIG_CLASS); } else return gpg_error (GPG_ERR_SIG_CLASS); /* PACKET is the right type for SIG. */ if (signer) { if (is_selfsig) { if (signer->keyid[0] == pripk->keyid[0] && signer->keyid[1] == pripk->keyid[1]) *is_selfsig = 1; else *is_selfsig = 0; } } else { /* Get the signer. If possible, avoid a look up. */ if (sig->keyid[0] == pripk->keyid[0] && sig->keyid[1] == pripk->keyid[1]) { /* Issued by the primary key. */ signer = pripk; if (is_selfsig) *is_selfsig = 1; } else { /* See if one of the subkeys was the signer (although this is extremely unlikely). */ kbnode_t ctx = NULL; kbnode_t n; while ((n = walk_kbnode (kb, &ctx, 0))) { PKT_public_key *subk; if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY) continue; subk = n->pkt->pkt.public_key; if (sig->keyid[0] == subk->keyid[0] && sig->keyid[1] == subk->keyid[1]) { /* Issued by a subkey. */ signer = subk; break; } } if (! signer) { /* Signer by some other key. */ if (is_selfsig) *is_selfsig = 0; if (ret_pk) { signer = ret_pk; /* FIXME: Using memset here is probematic because it * assumes that there are no allocated fields in * SIGNER. */ memset (signer, 0, sizeof (*signer)); signer_alloced = 1; } else { signer = xmalloc_clear (sizeof (*signer)); signer_alloced = 2; } rc = get_pubkey (ctrl, signer, sig->keyid); if (rc) { xfree (signer); signer = NULL; signer_alloced = 0; goto leave; } } } } /* We checked above that we supported this algo, so an error here is * a bug. */ if (gcry_md_open (&md, sig->digest_algo, 0)) BUG (); /* Hash the relevant data. */ if (/* Direct key signature. */ sig->sig_class == 0x1f /* Primary key revocation. */ || sig->sig_class == 0x20) { log_assert (packet->pkttype == PKT_PUBLIC_KEY); hash_public_key (md, packet->pkt.public_key); rc = check_signature_end_simple (signer, sig, md); } else if (/* Primary key binding (made by a subkey). */ sig->sig_class == 0x19) { log_assert (packet->pkttype == PKT_PUBLIC_KEY); hash_public_key (md, packet->pkt.public_key); hash_public_key (md, signer); rc = check_signature_end_simple (signer, sig, md); } else if (/* Subkey binding. */ sig->sig_class == 0x18 /* Subkey revocation. */ || sig->sig_class == 0x28) { log_assert (packet->pkttype == PKT_PUBLIC_SUBKEY); hash_public_key (md, pripk); hash_public_key (md, packet->pkt.public_key); rc = check_signature_end_simple (signer, sig, md); } else if (/* Certification. */ sig->sig_class == 0x10 || sig->sig_class == 0x11 || sig->sig_class == 0x12 || sig->sig_class == 0x13 /* Certification revocation. */ || sig->sig_class == 0x30) { log_assert (packet->pkttype == PKT_USER_ID); hash_public_key (md, pripk); hash_uid_packet (packet->pkt.user_id, md, sig); rc = check_signature_end_simple (signer, sig, md); } else { /* We should never get here. (The first if above should have * already caught this error.) */ BUG (); } gcry_md_close (md); leave: if (! rc && ret_pk && ret_pk != signer) copy_public_key (ret_pk, signer); if (signer_alloced) { /* We looked up SIGNER; it is not a pointer into KB. */ release_public_key_parts (signer); /* Free if we also allocated the memory. */ if (signer_alloced == 2) xfree (signer); } return rc; } /* Check that a signature over a key (e.g., a key revocation, key * binding, user id certification, etc.) is valid. If the function * detects a self-signature, it uses the public key from the specified * key block and does not bother looking up the key specified in the * signature packet. * * ROOT is a keyblock. * * NODE references a signature packet that appears in the keyblock * that should be verified. * * If CHECK_PK is set, the specified key is sometimes preferred for * verifying signatures. See the implementation for details. * * If RET_PK is not NULL, the public key that successfully verified * the signature is copied into *RET_PK. * * If IS_SELFSIG is not NULL, *IS_SELFSIG is set to 1 if NODE is a * self-signature. * * If R_EXPIREDATE is not NULL, *R_EXPIREDATE is set to the expiry * date. * * If R_EXPIRED is not NULL, *R_EXPIRED is set to 1 if PK has been * expired (0 otherwise). Note: PK being revoked does not cause this * function to fail. * * * If OPT.NO_SIG_CACHE is not set, this function will first check if * the result of a previous verification is already cached in the * signature packet's data structure. * * TODO: add r_revoked here as well. It has the same problems as * r_expiredate and r_expired and the cache. */ int check_key_signature2 (ctrl_t ctrl, kbnode_t root, kbnode_t node, PKT_public_key *check_pk, PKT_public_key *ret_pk, int *is_selfsig, u32 *r_expiredate, int *r_expired ) { PKT_public_key *pk; PKT_signature *sig; int algo; int rc; if (is_selfsig) *is_selfsig = 0; if (r_expiredate) *r_expiredate = 0; if (r_expired) *r_expired = 0; log_assert (node->pkt->pkttype == PKT_SIGNATURE); log_assert (root->pkt->pkttype == PKT_PUBLIC_KEY); pk = root->pkt->pkt.public_key; sig = node->pkt->pkt.signature; algo = sig->digest_algo; /* Check whether we have cached the result of a previous signature * check. Note that we may no longer have the pubkey or hash * needed to verify a sig, but can still use the cached value. A * cache refresh detects and clears these cases. */ if ( !opt.no_sig_cache ) { cache_stats.total++; if (sig->flags.checked) /* Cached status available. */ { cache_stats.cached++; if (is_selfsig) { u32 keyid[2]; keyid_from_pk (pk, keyid); if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]) *is_selfsig = 1; } /* BUG: This is wrong for non-self-sigs... needs to be the * actual pk. */ rc = check_signature_metadata_validity (pk, sig, r_expired, NULL); if (rc) return rc; if (sig->flags.valid) { cache_stats.goodsig++; return 0; } cache_stats.badsig++; return gpg_error (GPG_ERR_BAD_SIGNATURE); } } rc = openpgp_pk_test_algo(sig->pubkey_algo); if (rc) return rc; rc = openpgp_md_test_algo(algo); if (rc) return rc; if (sig->sig_class == 0x20) /* key revocation */ { u32 keyid[2]; keyid_from_pk( pk, keyid ); /* Is it a designated revoker? */ if (keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1]) rc = check_revocation_keys (ctrl, pk, sig); else { rc = check_signature_metadata_validity (pk, sig, r_expired, NULL); if (! rc) rc = check_signature_over_key_or_uid (ctrl, pk, sig, root, root->pkt, is_selfsig, ret_pk); } } else if (sig->sig_class == 0x28 /* subkey revocation */ || sig->sig_class == 0x18) /* key binding */ { kbnode_t snode = find_prev_kbnode (root, node, PKT_PUBLIC_SUBKEY); if (snode) { rc = check_signature_metadata_validity (pk, sig, r_expired, NULL); if (! rc) { /* 0x28 must be a self-sig, but 0x18 needn't be. */ rc = check_signature_over_key_or_uid (ctrl, sig->sig_class == 0x18 ? NULL : pk, sig, root, snode->pkt, is_selfsig, ret_pk); } } else { if (opt.verbose) { if (sig->sig_class == 0x28) log_info (_("key %s: no subkey for subkey" " revocation signature\n"), keystr_from_pk(pk)); else if (sig->sig_class == 0x18) log_info(_("key %s: no subkey for subkey" " binding signature\n"), keystr_from_pk(pk)); } rc = GPG_ERR_SIG_CLASS; } } else if (sig->sig_class == 0x1f) /* direct key signature */ { rc = check_signature_metadata_validity (pk, sig, r_expired, NULL); if (! rc) rc = check_signature_over_key_or_uid (ctrl, pk, sig, root, root->pkt, is_selfsig, ret_pk); } else if (/* Certification. */ sig->sig_class == 0x10 || sig->sig_class == 0x11 || sig->sig_class == 0x12 || sig->sig_class == 0x13 /* Certification revocation. */ || sig->sig_class == 0x30) { kbnode_t unode = find_prev_kbnode (root, node, PKT_USER_ID); if (unode) { rc = check_signature_metadata_validity (pk, sig, r_expired, NULL); if (! rc) { /* If this is a self-sig, ignore check_pk. */ rc = check_signature_over_key_or_uid (ctrl, keyid_cmp (pk_keyid (pk), sig->keyid) == 0 ? pk : check_pk, sig, root, unode->pkt, NULL, ret_pk); } } else { if (!opt.quiet) log_info ("key %s: no user ID for key signature packet" " of class %02x\n",keystr_from_pk(pk),sig->sig_class); rc = GPG_ERR_SIG_CLASS; } } else { log_info ("sig issued by %s with class %d (digest: %02x %02x)" " is not valid over a user id or a key id, ignoring.\n", keystr (sig->keyid), sig->sig_class, sig->digest_start[0], sig->digest_start[1]); rc = gpg_error (GPG_ERR_BAD_SIGNATURE); } cache_sig_result (sig, rc); return rc; } diff --git a/g10/tdbdump.c b/g10/tdbdump.c index 5ea903f45..37bf78b80 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -1,237 +1,239 @@ /* tdbdump.c * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include #include #include #include #include #include #include "gpg.h" #include "../common/status.h" #include "../common/iobuf.h" #include "keydb.h" #include "../common/util.h" #include "trustdb.h" #include "options.h" #include "packet.h" #include "main.h" #include "../common/i18n.h" #include "tdbio.h" #define HEXTOBIN(x) ( (x) >= '0' && (x) <= '9' ? ((x)-'0') : \ (x) >= 'A' && (x) <= 'F' ? ((x)-'A'+10) : ((x)-'a'+10)) /* * Write a record; die on error. */ static void write_record (ctrl_t ctrl, TRUSTREC *rec) { int rc = tdbio_write_record (ctrl, rec); if( !rc ) return; log_error(_("trust record %lu, type %d: write failed: %s\n"), rec->recnum, rec->rectype, gpg_strerror (rc) ); tdbio_invalid(); } /* * Dump the entire trustdb to FP or only the entries of one key. */ void list_trustdb (ctrl_t ctrl, estream_t fp, const char *username) { TRUSTREC rec; (void)username; init_trustdb (ctrl, 0); /* For now we ignore the user ID. */ if (1) { ulong recnum; int i; es_fprintf (fp, "TrustDB: %s\n", tdbio_get_dbname ()); for (i = 9 + strlen (tdbio_get_dbname()); i > 0; i-- ) es_fputc ('-', fp); es_putc ('\n', fp); for (recnum=0; !tdbio_read_record (recnum, &rec, 0); recnum++) tdbio_dump_record (&rec, fp); } } /**************** * Print a list of all defined owner trust value. */ void export_ownertrust (ctrl_t ctrl) { TRUSTREC rec; ulong recnum; int i; byte *p; init_trustdb (ctrl, 0); es_printf (_("# List of assigned trustvalues, created %s\n" "# (Use \"gpg --import-ownertrust\" to restore them)\n"), asctimestamp( make_timestamp() ) ); for (recnum=0; !tdbio_read_record (recnum, &rec, 0); recnum++ ) { if (rec.rectype == RECTYPE_TRUST) { if (!rec.r.trust.ownertrust) continue; p = rec.r.trust.fingerprint; for (i=0; i < 20; i++, p++ ) es_printf("%02X", *p ); es_printf (":%u:\n", (unsigned int)rec.r.trust.ownertrust ); } } } void import_ownertrust (ctrl_t ctrl, const char *fname ) { estream_t fp; int is_stdin=0; char line[256]; char *p; size_t n, fprlen; unsigned int otrust; - byte fpr[20]; + byte fpr[MAX_FINGERPRINT_LEN]; int any = 0; int rc; init_trustdb (ctrl, 0); if( iobuf_is_pipe_filename (fname) ) { fp = es_stdin; fname = "[stdin]"; is_stdin = 1; } else if( !(fp = es_fopen( fname, "r" )) ) { log_error ( _("can't open '%s': %s\n"), fname, strerror(errno) ); return; } if (is_secured_file (es_fileno (fp))) { es_fclose (fp); gpg_err_set_errno (EPERM); log_error (_("can't open '%s': %s\n"), fname, strerror(errno) ); return; } while (es_fgets (line, DIM(line)-1, fp)) { TRUSTREC rec; if( !*line || *line == '#' ) continue; n = strlen(line); if( line[n-1] != '\n' ) { log_error (_("error in '%s': %s\n"), fname, _("line too long") ); /* ... or last line does not have a LF */ break; /* can't continue */ } for(p = line; *p && *p != ':' ; p++ ) if( !hexdigitp(p) ) break; if( *p != ':' ) { log_error (_("error in '%s': %s\n"), fname, _("colon missing") ); continue; } fprlen = p - line; - if( fprlen != 32 && fprlen != 40 ) { + if( fprlen != 32 && fprlen != 40 && fprlen != 64) { log_error (_("error in '%s': %s\n"), fname, _("invalid fingerprint") ); continue; } if( sscanf(p, ":%u:", &otrust ) != 1 ) { log_error (_("error in '%s': %s\n"), fname, _("ownertrust value missing")); continue; } if( !otrust ) continue; /* no otrust defined - no need to update or insert */ - /* convert the ascii fingerprint to binary */ - for(p=line, fprlen=0; fprlen < 20 && *p != ':'; p += 2 ) - fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]); - while (fprlen < 20) + /* Convert the ascii fingerprint to binary */ + for(p=line, fprlen=0; + fprlen < MAX_FINGERPRINT_LEN && *p != ':'; + p += 2 ) + fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]); + while (fprlen < MAX_FINGERPRINT_LEN) fpr[fprlen++] = 0; rc = tdbio_search_trust_byfpr (fpr, &rec); if( !rc ) { /* found: update */ if (rec.r.trust.ownertrust != otrust) { if (!opt.quiet) { if( rec.r.trust.ownertrust ) log_info("changing ownertrust from %u to %u\n", rec.r.trust.ownertrust, otrust ); else log_info("setting ownertrust to %u\n", otrust ); } rec.r.trust.ownertrust = otrust; write_record (ctrl, &rec); any = 1; } } else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { /* insert */ if (!opt.quiet) log_info("inserting ownertrust of %u\n", otrust ); memset (&rec, 0, sizeof rec); rec.recnum = tdbio_new_recnum (ctrl); rec.rectype = RECTYPE_TRUST; memcpy (rec.r.trust.fingerprint, fpr, 20); rec.r.trust.ownertrust = otrust; write_record (ctrl, &rec); any = 1; } else /* error */ log_error (_("error finding trust record in '%s': %s\n"), fname, gpg_strerror (rc)); } if (es_ferror (fp)) log_error ( _("read error in '%s': %s\n"), fname, strerror(errno) ); if (!is_stdin) es_fclose (fp); if (any) { revalidation_mark (ctrl); rc = tdbio_sync (); if (rc) log_error (_("trustdb: sync failed: %s\n"), gpg_strerror (rc) ); } } diff --git a/g10/tofu.c b/g10/tofu.c index c183fc665..ddd7f8cae 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1,4009 +1,4010 @@ /* tofu.c - TOFU trust model. * Copyright (C) 2015, 2016 g10 Code GmbH * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ /* TODO: - Format the fingerprints nicely when printing (similar to gpg --list-keys) */ #include #include #include #include #include #include #include "gpg.h" #include "../common/types.h" #include "../common/logging.h" #include "../common/stringhelp.h" #include "options.h" #include "../common/mbox-util.h" #include "../common/i18n.h" #include "../common/ttyio.h" #include "trustdb.h" #include "../common/mkdir_p.h" #include "gpgsql.h" #include "../common/status.h" #include "tofu.h" #define CONTROL_L ('L' - 'A' + 1) /* Number of days with signed / ecnrypted messages required to * indicate that enough history is available for basic trust. */ #define BASIC_TRUST_THRESHOLD 4 /* Number of days with signed / encrypted messages required to * indicate that a lot of history is available. */ #define FULL_TRUST_THRESHOLD 21 /* A struct with data pertaining to the tofu DB. There is one such struct per session and it is cached in session's ctrl structure. To initialize this or get the current singleton, call opendbs(). There is no need to explicitly release it; cleanup is done when the CTRL object is released. */ struct tofu_dbs_s { sqlite3 *db; char *want_lock_file; time_t want_lock_file_ctime; struct { sqlite3_stmt *savepoint_batch; sqlite3_stmt *savepoint_batch_commit; sqlite3_stmt *record_binding_get_old_policy; sqlite3_stmt *record_binding_update; sqlite3_stmt *get_policy_select_policy_and_conflict; sqlite3_stmt *get_trust_bindings_with_this_email; sqlite3_stmt *get_trust_gather_other_user_ids; sqlite3_stmt *get_trust_gather_signature_stats; sqlite3_stmt *get_trust_gather_encryption_stats; sqlite3_stmt *register_already_seen; sqlite3_stmt *register_signature; sqlite3_stmt *register_encryption; } s; int in_batch_transaction; int in_transaction; time_t batch_update_started; }; #define STRINGIFY(s) STRINGIFY2(s) #define STRINGIFY2(s) #s /* The grouping parameters when collecting signature statistics. */ /* If a message is signed a couple of hours in the future, just assume some clock skew. */ #define TIME_AGO_FUTURE_IGNORE (2 * 60 * 60) /* Days. */ #define TIME_AGO_UNIT_SMALL (24 * 60 * 60) #define TIME_AGO_SMALL_THRESHOLD (7 * TIME_AGO_UNIT_SMALL) /* Months. */ #define TIME_AGO_UNIT_MEDIUM (30 * 24 * 60 * 60) #define TIME_AGO_MEDIUM_THRESHOLD (2 * TIME_AGO_UNIT_MEDIUM) /* Years. */ #define TIME_AGO_UNIT_LARGE (365 * 24 * 60 * 60) #define TIME_AGO_LARGE_THRESHOLD (2 * TIME_AGO_UNIT_LARGE) /* Local prototypes. */ static gpg_error_t end_transaction (ctrl_t ctrl, int only_batch); static char *email_from_user_id (const char *user_id); static int show_statistics (tofu_dbs_t dbs, const char *fingerprint, const char *email, enum tofu_policy policy, estream_t outfp, int only_status_fd, time_t now); const char * tofu_policy_str (enum tofu_policy policy) { switch (policy) { case TOFU_POLICY_NONE: return "none"; case TOFU_POLICY_AUTO: return "auto"; case TOFU_POLICY_GOOD: return "good"; case TOFU_POLICY_UNKNOWN: return "unknown"; case TOFU_POLICY_BAD: return "bad"; case TOFU_POLICY_ASK: return "ask"; default: return "???"; } } /* Convert a binding policy (e.g., TOFU_POLICY_BAD) to a trust level (e.g., TRUST_BAD) in light of the current configuration. */ int tofu_policy_to_trust_level (enum tofu_policy policy) { if (policy == TOFU_POLICY_AUTO) /* If POLICY is AUTO, fallback to OPT.TOFU_DEFAULT_POLICY. */ policy = opt.tofu_default_policy; switch (policy) { case TOFU_POLICY_AUTO: /* If POLICY and OPT.TOFU_DEFAULT_POLICY are both AUTO, default to marginal trust. */ return TRUST_MARGINAL; case TOFU_POLICY_GOOD: return TRUST_FULLY; case TOFU_POLICY_UNKNOWN: return TRUST_UNKNOWN; case TOFU_POLICY_BAD: return TRUST_NEVER; case TOFU_POLICY_ASK: return TRUST_UNKNOWN; default: log_bug ("Bad value for trust policy: %d\n", opt.tofu_default_policy); return 0; } } /* Start a transaction on DB. If ONLY_BATCH is set, then this will start a batch transaction if we haven't started a batch transaction and one has been requested. */ static gpg_error_t begin_transaction (ctrl_t ctrl, int only_batch) { tofu_dbs_t dbs = ctrl->tofu.dbs; int rc; char *err = NULL; log_assert (dbs); /* If we've been in batch update mode for a while (on average, more * than 500 ms), to prevent starving other gpg processes, we drop * and retake the batch lock. * * Note: gnupg_get_time has a one second resolution, if we wanted a * higher resolution, we could use npth_clock_gettime. */ if (/* No real transactions. */ dbs->in_transaction == 0 /* There is an open batch transaction. */ && dbs->in_batch_transaction /* And some time has gone by since it was started. */ && dbs->batch_update_started != gnupg_get_time ()) { struct stat statbuf; /* If we are in a batch update, then batch updates better have been enabled. */ log_assert (ctrl->tofu.batch_updated_wanted); /* Check if another process wants to run. (We just ignore any * stat failure. A waiter might have to wait a bit longer, but * otherwise there should be no impact.) */ if (stat (dbs->want_lock_file, &statbuf) == 0 && statbuf.st_ctime != dbs->want_lock_file_ctime) { end_transaction (ctrl, 2); /* Yield to allow another process a chance to run. Note: * testing suggests that anything less than a 100ms tends to * not result in the other process getting the lock. */ gnupg_usleep (100000); } else dbs->batch_update_started = gnupg_get_time (); } if (/* We don't have an open batch transaction. */ !dbs->in_batch_transaction && (/* Batch mode is enabled or we are starting a new transaction. */ ctrl->tofu.batch_updated_wanted || dbs->in_transaction == 0)) { struct stat statbuf; /* We are in batch mode, but we don't have an open batch * transaction. Since the batch save point must be the outer * save point, it must be taken before the inner save point. */ log_assert (dbs->in_transaction == 0); rc = gpgsql_stepx (dbs->db, &dbs->s.savepoint_batch, NULL, NULL, &err, "begin immediate transaction;", GPGSQL_ARG_END); if (rc) { log_error (_("error beginning transaction on TOFU database: %s\n"), err); sqlite3_free (err); return gpg_error (GPG_ERR_GENERAL); } dbs->in_batch_transaction = 1; dbs->batch_update_started = gnupg_get_time (); if (stat (dbs->want_lock_file, &statbuf) == 0) dbs->want_lock_file_ctime = statbuf.st_ctime; } if (only_batch) return 0; log_assert (dbs->in_transaction >= 0); dbs->in_transaction ++; rc = gpgsql_exec_printf (dbs->db, NULL, NULL, &err, "savepoint inner%d;", dbs->in_transaction); if (rc) { log_error (_("error beginning transaction on TOFU database: %s\n"), err); sqlite3_free (err); return gpg_error (GPG_ERR_GENERAL); } return 0; } /* Commit a transaction. If ONLY_BATCH is 1, then this only ends the * batch transaction if we have left batch mode. If ONLY_BATCH is 2, * this commits any open batch transaction even if we are still in * batch mode. */ static gpg_error_t end_transaction (ctrl_t ctrl, int only_batch) { tofu_dbs_t dbs = ctrl->tofu.dbs; int rc; char *err = NULL; if (only_batch || (! only_batch && dbs->in_transaction == 1)) { if (!dbs) return 0; /* Shortcut to allow for easier cleanup code. */ /* If we are releasing the batch transaction, then we better not be in a normal transaction. */ if (only_batch) log_assert (dbs->in_transaction == 0); if (/* Batch mode disabled? */ (!ctrl->tofu.batch_updated_wanted || only_batch == 2) /* But, we still have an open batch transaction? */ && dbs->in_batch_transaction) { /* The batch transaction is still in open, but we've left * batch mode. */ dbs->in_batch_transaction = 0; dbs->in_transaction = 0; rc = gpgsql_stepx (dbs->db, &dbs->s.savepoint_batch_commit, NULL, NULL, &err, "commit transaction;", GPGSQL_ARG_END); if (rc) { log_error (_("error committing transaction on TOFU database: %s\n"), err); sqlite3_free (err); return gpg_error (GPG_ERR_GENERAL); } return 0; } if (only_batch) return 0; } log_assert (dbs); log_assert (dbs->in_transaction > 0); rc = gpgsql_exec_printf (dbs->db, NULL, NULL, &err, "release inner%d;", dbs->in_transaction); dbs->in_transaction --; if (rc) { log_error (_("error committing transaction on TOFU database: %s\n"), err); sqlite3_free (err); return gpg_error (GPG_ERR_GENERAL); } return 0; } static gpg_error_t rollback_transaction (ctrl_t ctrl) { tofu_dbs_t dbs = ctrl->tofu.dbs; int rc; char *err = NULL; log_assert (dbs); log_assert (dbs->in_transaction > 0); /* Be careful to not undo any progress made by closed transactions in batch mode. */ rc = gpgsql_exec_printf (dbs->db, NULL, NULL, &err, "rollback to inner%d;", dbs->in_transaction); dbs->in_transaction --; if (rc) { log_error (_("error rolling back transaction on TOFU database: %s\n"), err); sqlite3_free (err); return gpg_error (GPG_ERR_GENERAL); } return 0; } void tofu_begin_batch_update (ctrl_t ctrl) { ctrl->tofu.batch_updated_wanted ++; } void tofu_end_batch_update (ctrl_t ctrl) { log_assert (ctrl->tofu.batch_updated_wanted > 0); ctrl->tofu.batch_updated_wanted --; end_transaction (ctrl, 1); } /* Suspend any extant batch transaction (it is safe to call this even no batch transaction has been started). Note: you cannot suspend a batch transaction if you are in a normal transaction. The batch transaction can be resumed explicitly by calling tofu_resume_batch_transaction or implicitly by starting a normal transaction. */ static void tofu_suspend_batch_transaction (ctrl_t ctrl) { end_transaction (ctrl, 2); } /* Resume a batch transaction if there is no extant batch transaction and one has been requested using tofu_begin_batch_transaction. */ static void tofu_resume_batch_transaction (ctrl_t ctrl) { begin_transaction (ctrl, 1); } /* Wrapper around strtol which prints a warning in case of a * conversion error. On success the converted value is stored at * R_VALUE and 0 is returned; on error FALLBACK is stored at R_VALUE * and an error code is returned. */ static gpg_error_t string_to_long (long *r_value, const char *string, long fallback, int line) { gpg_error_t err; char *tail = NULL; gpg_err_set_errno (0); *r_value = strtol (string, &tail, 0); if (errno || !(!strcmp (tail, ".0") || !*tail)) { err = errno? gpg_error_from_errno (errno) : gpg_error (GPG_ERR_BAD_DATA); log_debug ("%s:%d: strtol failed for TOFU DB data; returned string" " (string='%.10s%s'; tail='%.10s%s'): %s\n", __FILE__, line, string, string && strlen(string) > 10 ? "..." : "", tail, tail && strlen(tail) > 10 ? "..." : "", gpg_strerror (err)); *r_value = fallback; } else err = 0; return err; } /* Wrapper around strtoul which prints a warning in case of a * conversion error. On success the converted value is stored at * R_VALUE and 0 is returned; on error FALLBACK is stored at R_VALUE * and an error code is returned. */ static gpg_error_t string_to_ulong (unsigned long *r_value, const char *string, unsigned long fallback, int line) { gpg_error_t err; char *tail = NULL; gpg_err_set_errno (0); *r_value = strtoul (string, &tail, 0); if (errno || !(!strcmp (tail, ".0") || !*tail)) { err = errno? gpg_error_from_errno (errno) : gpg_error (GPG_ERR_BAD_DATA); log_debug ("%s:%d: strtoul failed for TOFU DB data; returned string" " (string='%.10s%s'; tail='%.10s%s'): %s\n", __FILE__, line, string, string && strlen(string) > 10 ? "..." : "", tail, tail && strlen(tail) > 10 ? "..." : "", gpg_strerror (err)); *r_value = fallback; } else err = 0; return err; } /* Collect results of a select count (*) ...; style query. Aborts if the argument is not a valid integer (or real of the form X.0). */ static int get_single_unsigned_long_cb (void *cookie, int argc, char **argv, char **azColName) { unsigned long int *count = cookie; (void) azColName; log_assert (argc == 1); if (string_to_ulong (count, argv[0], 0, __LINE__)) return 1; /* Abort. */ return 0; } static int get_single_unsigned_long_cb2 (void *cookie, int argc, char **argv, char **azColName, sqlite3_stmt *stmt) { (void) stmt; return get_single_unsigned_long_cb (cookie, argc, argv, azColName); } /* We expect a single integer column whose name is "version". COOKIE must point to an int. This function always aborts. On error or a if the version is bad, sets *VERSION to -1. */ static int version_check_cb (void *cookie, int argc, char **argv, char **azColName) { int *version = cookie; if (argc != 1 || strcmp (azColName[0], "version") != 0) { *version = -1; return 1; } if (strcmp (argv[0], "1") == 0) *version = 1; else { log_error (_("unsupported TOFU database version: %s\n"), argv[0]); *version = -1; } /* Don't run again. */ return 1; } static int check_utks (sqlite3 *db) { int rc; char *err = NULL; struct key_item *utks; struct key_item *ki; int utk_count; char *utks_string = NULL; char keyid_str[16+1]; long utks_unchanged = 0; /* An early version of the v1 format did not include the list of * known ultimately trusted keys. * * This list is used to detect when the set of ultimately trusted * keys changes. We need to detect this to invalidate the effective * policy, which can change if an ultimately trusted key is added or * removed. */ rc = sqlite3_exec (db, "create table if not exists ultimately_trusted_keys" " (keyid);\n", NULL, NULL, &err); if (rc) { log_error (_("error creating 'ultimately_trusted_keys' TOFU table: %s\n"), err); sqlite3_free (err); goto out; } utks = tdb_utks (); for (ki = utks, utk_count = 0; ki; ki = ki->next, utk_count ++) ; if (utk_count) { /* Build a list of keyids of the form "XXX","YYY","ZZZ". */ int len = (1 + 16 + 1 + 1) * utk_count; int o = 0; utks_string = xmalloc (len); *utks_string = 0; for (ki = utks, utk_count = 0; ki; ki = ki->next, utk_count ++) { utks_string[o ++] = '\''; format_keyid (ki->kid, KF_LONG, keyid_str, sizeof (keyid_str)); memcpy (&utks_string[o], keyid_str, 16); o += 16; utks_string[o ++] = '\''; utks_string[o ++] = ','; } utks_string[o - 1] = 0; log_assert (o == len); } rc = gpgsql_exec_printf (db, get_single_unsigned_long_cb, &utks_unchanged, &err, "select" /* Removed UTKs? (Known UTKs in current UTKs.) */ " ((select count(*) from ultimately_trusted_keys" " where (keyid in (%s))) == %d)" " and" /* New UTKs? */ " ((select count(*) from ultimately_trusted_keys" " where keyid not in (%s)) == 0);", utks_string ? utks_string : "", utk_count, utks_string ? utks_string : ""); xfree (utks_string); if (rc) { log_error (_("TOFU DB error")); print_further_info ("checking if ultimately trusted keys changed: %s", err); sqlite3_free (err); goto out; } if (utks_unchanged) goto out; if (DBG_TRUST) log_debug ("TOFU: ultimately trusted keys changed.\n"); /* Given that the set of ultimately trusted keys * changed, clear any cached policies. */ rc = gpgsql_exec_printf (db, NULL, NULL, &err, "update bindings set effective_policy = %d;", TOFU_POLICY_NONE); if (rc) { log_error (_("TOFU DB error")); print_further_info ("clearing cached policies: %s", err); sqlite3_free (err); goto out; } /* Now, update the UTK table. */ rc = sqlite3_exec (db, "drop table ultimately_trusted_keys;", NULL, NULL, &err); if (rc) { log_error (_("TOFU DB error")); print_further_info ("dropping ultimately_trusted_keys: %s", err); sqlite3_free (err); goto out; } rc = sqlite3_exec (db, "create table if not exists" " ultimately_trusted_keys (keyid);\n", NULL, NULL, &err); if (rc) { log_error (_("TOFU DB error")); print_further_info ("creating ultimately_trusted_keys: %s", err); sqlite3_free (err); goto out; } for (ki = utks; ki; ki = ki->next) { format_keyid (ki->kid, KF_LONG, keyid_str, sizeof (keyid_str)); rc = gpgsql_exec_printf (db, NULL, NULL, &err, "insert into ultimately_trusted_keys values ('%s');", keyid_str); if (rc) { log_error (_("TOFU DB error")); print_further_info ("updating ultimately_trusted_keys: %s", err); sqlite3_free (err); goto out; } } out: return rc; } /* If the DB is new, initialize it. Otherwise, check the DB's version. Return 0 if the database is okay and 1 otherwise. */ static int initdb (sqlite3 *db) { char *err = NULL; int rc; unsigned long int count; int version = -1; rc = sqlite3_exec (db, "begin transaction;", NULL, NULL, &err); if (rc) { log_error (_("error beginning transaction on TOFU database: %s\n"), err); sqlite3_free (err); return 1; } /* If the DB has no tables, then assume this is a new DB that needs to be initialized. */ rc = sqlite3_exec (db, "select count(*) from sqlite_master where type='table';", get_single_unsigned_long_cb, &count, &err); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("query available tables"); sqlite3_free (err); goto out; } else if (count != 0) /* Assume that the DB is already initialized. Make sure the version is okay. */ { rc = sqlite3_exec (db, "select version from version;", version_check_cb, &version, &err); if (rc == SQLITE_ABORT && version == 1) /* Happy, happy, joy, joy. */ { sqlite3_free (err); rc = 0; goto out; } else if (rc == SQLITE_ABORT && version == -1) /* Unsupported version. */ { /* An error message was already displayed. */ sqlite3_free (err); goto out; } else if (rc) /* Some error. */ { log_error (_("error determining TOFU database's version: %s\n"), err); sqlite3_free (err); goto out; } else { /* Unexpected success. This can only happen if there are no rows. (select returned 0, but expected ABORT.) */ log_error (_("error determining TOFU database's version: %s\n"), gpg_strerror (GPG_ERR_NO_DATA)); rc = 1; goto out; } } /* Create the version table. */ rc = sqlite3_exec (db, "create table version (version INTEGER);", NULL, NULL, &err); if (rc) { log_error (_("error initializing TOFU database: %s\n"), err); print_further_info ("create version"); sqlite3_free (err); goto out; } /* Initialize the version table, which contains a single integer value. */ rc = sqlite3_exec (db, "insert into version values (1);", NULL, NULL, &err); if (rc) { log_error (_("error initializing TOFU database: %s\n"), err); print_further_info ("insert version"); sqlite3_free (err); goto out; } /* The list of bindings and auxiliary data. * * OID is a unique ID identifying this binding (and used by the * signatures table, see below). Note: OIDs will never be * reused. * * FINGERPRINT: The key's fingerprint. * * EMAIL: The normalized email address. * * USER_ID: The unmodified user id from which EMAIL was extracted. * * TIME: The time this binding was first observed. * * POLICY: The trust policy (TOFU_POLICY_BAD, etc. as an integer). * * CONFLICT is either NULL or a fingerprint. Assume that we have * a binding <0xdeadbeef, foo@example.com> and then we observe * <0xbaddecaf, foo@example.com>. There two bindings conflict * (they have the same email address). When we observe the * latter binding, we warn the user about the conflict and ask * for a policy decision about the new binding. We also change * the old binding's policy to ask if it was auto. So that we * know why this occurred, we also set conflict to 0xbaddecaf. */ rc = gpgsql_exec_printf (db, NULL, NULL, &err, "create table bindings\n" " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n" " fingerprint TEXT, email TEXT, user_id TEXT, time INTEGER,\n" " policy INTEGER CHECK (policy in (%d, %d, %d, %d, %d)),\n" " conflict STRING,\n" " unique (fingerprint, email));\n" "create index bindings_fingerprint_email\n" " on bindings (fingerprint, email);\n" "create index bindings_email on bindings (email);\n", TOFU_POLICY_AUTO, TOFU_POLICY_GOOD, TOFU_POLICY_UNKNOWN, TOFU_POLICY_BAD, TOFU_POLICY_ASK); if (rc) { log_error (_("error initializing TOFU database: %s\n"), err); print_further_info ("create bindings"); sqlite3_free (err); goto out; } /* The signatures that we have observed. * * BINDING refers to a record in the bindings table, which * describes the binding (i.e., this is a foreign key that * references bindings.oid). * * SIG_DIGEST is the digest stored in the signature. * * SIG_TIME is the timestamp stored in the signature. * * ORIGIN is a free-form string that describes who fed this * signature to GnuPG (e.g., email:claws). * * TIME is the time this signature was registered. */ rc = sqlite3_exec (db, "create table signatures " " (binding INTEGER NOT NULL, sig_digest TEXT," " origin TEXT, sig_time INTEGER, time INTEGER," " primary key (binding, sig_digest, origin));", NULL, NULL, &err); if (rc) { log_error (_("error initializing TOFU database: %s\n"), err); print_further_info ("create signatures"); sqlite3_free (err); goto out; } out: if (! rc) { /* Early version of the v1 format did not include the encryption table. Add it. */ rc = sqlite3_exec (db, "create table if not exists encryptions" " (binding INTEGER NOT NULL," " time INTEGER);" "create index if not exists encryptions_binding" " on encryptions (binding);\n", NULL, NULL, &err); if (rc) { log_error (_("error creating 'encryptions' TOFU table: %s\n"), err); sqlite3_free (err); } } if (! rc) { /* The effective policy for a binding. If a key is ultimately * trusted, then the effective policy of all of its bindings is * good. Likewise if a key is signed by an ultimately trusted * key, etc. If the effective policy is NONE, then we need to * recompute the effective policy. Otherwise, the effective * policy is considered to be up to date, i.e., effective_policy * is a cache of the computed policy. */ rc = gpgsql_exec_printf (db, NULL, NULL, &err, "alter table bindings" " add column effective_policy INTEGER" " DEFAULT %d" " CHECK (effective_policy in (%d, %d, %d, %d, %d, %d));", TOFU_POLICY_NONE, TOFU_POLICY_NONE, TOFU_POLICY_AUTO, TOFU_POLICY_GOOD, TOFU_POLICY_UNKNOWN, TOFU_POLICY_BAD, TOFU_POLICY_ASK); if (rc) { if (rc == SQLITE_ERROR) /* Almost certainly "duplicate column name", which we can * safely ignore. */ rc = 0; else log_error (_("adding column effective_policy to bindings DB: %s\n"), err); sqlite3_free (err); } } if (! rc) rc = check_utks (db); if (rc) { rc = sqlite3_exec (db, "rollback;", NULL, NULL, &err); if (rc) { log_error (_("error rolling back transaction on TOFU database: %s\n"), err); sqlite3_free (err); } return 1; } else { rc = sqlite3_exec (db, "end transaction;", NULL, NULL, &err); if (rc) { log_error (_("error committing transaction on TOFU database: %s\n"), err); sqlite3_free (err); return 1; } return 0; } } static int busy_handler (void *cookie, int call_count) { ctrl_t ctrl = cookie; tofu_dbs_t dbs = ctrl->tofu.dbs; (void) call_count; /* Update the want-lock-file time stamp (specifically, the ctime) so * that the current owner knows that we (well, someone) want the * lock. */ if (dbs) { /* Note: we don't fail if we can't create the lock file: this * process will have to wait a bit longer, but otherwise nothing * horrible should happen. */ estream_t fp; fp = es_fopen (dbs->want_lock_file, "w"); if (! fp) log_debug ("TOFU: Error opening '%s': %s\n", dbs->want_lock_file, strerror (errno)); else es_fclose (fp); } /* Call again. */ return 1; } /* Create a new DB handle. Returns NULL on error. */ /* FIXME: Change to return an error code for better reporting by the caller. */ static tofu_dbs_t opendbs (ctrl_t ctrl) { char *filename; sqlite3 *db; int rc; if (!ctrl->tofu.dbs) { filename = make_filename (gnupg_homedir (), "tofu.db", NULL); rc = sqlite3_open (filename, &db); if (rc) { log_error (_("error opening TOFU database '%s': %s\n"), filename, sqlite3_errmsg (db)); /* Even if an error occurs, DB is guaranteed to be valid. */ sqlite3_close (db); db = NULL; } /* If a DB is locked wait up to 5 seconds for the lock to be cleared before failing. */ if (db) { sqlite3_busy_timeout (db, 5 * 1000); sqlite3_busy_handler (db, busy_handler, ctrl); } if (db && initdb (db)) { sqlite3_close (db); db = NULL; } if (db) { ctrl->tofu.dbs = xmalloc_clear (sizeof *ctrl->tofu.dbs); ctrl->tofu.dbs->db = db; ctrl->tofu.dbs->want_lock_file = xasprintf ("%s-want-lock", filename); } xfree (filename); } else log_assert (ctrl->tofu.dbs->db); return ctrl->tofu.dbs; } /* Release all of the resources associated with the DB handle. */ void tofu_closedbs (ctrl_t ctrl) { tofu_dbs_t dbs; sqlite3_stmt **statements; dbs = ctrl->tofu.dbs; if (!dbs) return; /* Not initialized. */ log_assert (dbs->in_transaction == 0); end_transaction (ctrl, 2); /* Arghh, that is a surprising use of the struct. */ for (statements = (void *) &dbs->s; (void *) statements < (void *) &(&dbs->s)[1]; statements ++) sqlite3_finalize (*statements); sqlite3_close (dbs->db); xfree (dbs->want_lock_file); xfree (dbs); ctrl->tofu.dbs = NULL; } /* Collect results of a select min (foo) ...; style query. Aborts if the argument is not a valid integer (or real of the form X.0). */ static int get_single_long_cb (void *cookie, int argc, char **argv, char **azColName) { long *count = cookie; (void) azColName; log_assert (argc == 1); if (string_to_long (count, argv[0], 0, __LINE__)) return 1; /* Abort. */ return 0; } static int get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName, sqlite3_stmt *stmt) { (void) stmt; return get_single_long_cb (cookie, argc, argv, azColName); } /* Record (or update) a trust policy about a (possibly new) binding. If SHOW_OLD is set, the binding's old policy is displayed. */ static gpg_error_t record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email, const char *user_id, enum tofu_policy policy, enum tofu_policy effective_policy, const char *conflict, int set_conflict, int show_old, time_t now) { char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); gpg_error_t rc; char *err = NULL; if (! (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_GOOD || policy == TOFU_POLICY_UNKNOWN || policy == TOFU_POLICY_BAD || policy == TOFU_POLICY_ASK)) log_bug ("%s: Bad value for policy (%d)!\n", __func__, policy); if (DBG_TRUST || show_old) { /* Get the old policy. Since this is just for informational * purposes, there is no need to start a transaction or to die * if there is a failure. */ /* policy_old needs to be a long and not an enum tofu_policy, because we pass it by reference to get_single_long_cb2, which expects a long. */ long policy_old = TOFU_POLICY_NONE; rc = gpgsql_stepx (dbs->db, &dbs->s.record_binding_get_old_policy, get_single_long_cb2, &policy_old, &err, "select policy from bindings where fingerprint = ? and email = ?", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_END); if (rc) { log_debug ("TOFU: Error reading from binding database" " (reading policy for ): %s\n", fingerprint, email, err); sqlite3_free (err); } if (policy_old != TOFU_POLICY_NONE) (show_old ? log_info : log_debug) ("Changing TOFU trust policy for binding" " from %s to %s.\n", fingerprint, show_old ? user_id : email, tofu_policy_str (policy_old), tofu_policy_str (policy)); else (show_old ? log_info : log_debug) ("Setting TOFU trust policy for new binding" " to %s.\n", fingerprint, show_old ? user_id : email, tofu_policy_str (policy)); } if (opt.dry_run) { log_info ("TOFU database update skipped due to --dry-run\n"); rc = 0; goto leave; } rc = gpgsql_stepx (dbs->db, &dbs->s.record_binding_update, NULL, NULL, &err, "insert or replace into bindings\n" " (oid, fingerprint, email, user_id, time," " policy, conflict, effective_policy)\n" " values (\n" /* If we don't explicitly reuse the OID, then SQLite will * reallocate a new one. We just need to search for the OID * based on the fingerprint and email since they are unique. */ " (select oid from bindings where fingerprint = ? and email = ?),\n" " ?, ?, ?, ?, ?," /* If SET_CONFLICT is 0, then preserve conflict's current value. */ " case ?" " when 0 then" " (select conflict from bindings where fingerprint = ? and email = ?)" " else ?" " end," " ?);", /* oid subquery. */ GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, /* values 2 through 6. */ GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, user_id, GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_INT, (int) policy, /* conflict subquery. */ GPGSQL_ARG_INT, set_conflict ? 1 : 0, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, conflict ? conflict : "", GPGSQL_ARG_INT, (int) effective_policy, GPGSQL_ARG_END); if (rc) { log_error (_("error updating TOFU database: %s\n"), err); print_further_info (" insert bindings = %s", fingerprint, email, tofu_policy_str (policy)); sqlite3_free (err); goto leave; } leave: xfree (fingerprint_pp); return rc; } /* Collect the strings returned by a query in a simple string list. Any NULL values are converted to the empty string. If a result has 3 rows and each row contains two columns, then the results are added to the list as follows (the value is parentheses is the 1-based index in the final list): row 1, col 2 (6) row 1, col 1 (5) row 2, col 2 (4) row 2, col 1 (3) row 3, col 2 (2) row 3, col 1 (1) This is because add_to_strlist pushes the results onto the front of the list. The end result is that the rows are backwards, but the columns are in the expected order. */ static int strings_collect_cb (void *cookie, int argc, char **argv, char **azColName) { int i; strlist_t *strlist = cookie; (void) azColName; for (i = argc - 1; i >= 0; i --) add_to_strlist (strlist, argv[i] ? argv[i] : ""); return 0; } static int strings_collect_cb2 (void *cookie, int argc, char **argv, char **azColName, sqlite3_stmt *stmt) { (void) stmt; return strings_collect_cb (cookie, argc, argv, azColName); } /* Auxiliary data structure to collect statistics about signatures. */ struct signature_stats { struct signature_stats *next; /* The user-assigned policy for this binding. */ enum tofu_policy policy; /* How long ago the signature was created (rounded to a multiple of TIME_AGO_UNIT_SMALL, etc.). */ long time_ago; /* Number of signatures during this time. */ unsigned long count; /* If the corresponding key/user id has been expired / revoked. */ int is_expired; int is_revoked; /* The key that generated this signature. */ char fingerprint[1]; }; static void signature_stats_free (struct signature_stats *stats) { while (stats) { struct signature_stats *next = stats->next; xfree (stats); stats = next; } } static void signature_stats_prepend (struct signature_stats **statsp, const char *fingerprint, enum tofu_policy policy, long time_ago, unsigned long count) { struct signature_stats *stats = xmalloc_clear (sizeof (*stats) + strlen (fingerprint)); stats->next = *statsp; *statsp = stats; strcpy (stats->fingerprint, fingerprint); stats->policy = policy; stats->time_ago = time_ago; stats->count = count; } /* Process rows that contain the four columns: . */ static int signature_stats_collect_cb (void *cookie, int argc, char **argv, char **azColName, sqlite3_stmt *stmt) { struct signature_stats **statsp = cookie; int i = 0; enum tofu_policy policy; long time_ago; unsigned long count; long along; (void) azColName; (void) stmt; i ++; if (string_to_long (&along, argv[i], 0, __LINE__)) return 1; /* Abort */ policy = along; i ++; if (! argv[i]) time_ago = 0; else { if (string_to_long (&time_ago, argv[i], 0, __LINE__)) return 1; /* Abort. */ } i ++; /* If time_ago is NULL, then we had no messages, but we still have a single row, which count(*) turns into 1. */ if (! argv[i - 1]) count = 0; else { if (string_to_ulong (&count, argv[i], 0, __LINE__)) return 1; /* Abort */ } i ++; log_assert (argc == i); signature_stats_prepend (statsp, argv[0], policy, time_ago, count); return 0; } /* Format the first part of a conflict message and return that as a * malloced string. Returns NULL on error. */ static char * format_conflict_msg_part1 (int policy, strlist_t conflict_set, const char *email) { estream_t fp; char *fingerprint; char *tmpstr, *text; log_assert (conflict_set); fingerprint = conflict_set->d; fp = es_fopenmem (0, "rw,samethread"); if (!fp) log_fatal ("error creating memory stream: %s\n", gpg_strerror (gpg_error_from_syserror())); if (policy == TOFU_POLICY_NONE) { es_fprintf (fp, _("This is the first time the email address \"%s\" is " "being used with key %s."), email, fingerprint); es_fputs (" ", fp); } else if (policy == TOFU_POLICY_ASK && conflict_set->next) { int conflicts = strlist_length (conflict_set); es_fprintf (fp, ngettext("The email address \"%s\" is associated with %d key!", "The email address \"%s\" is associated with %d keys!", conflicts), email, conflicts); if (opt.verbose) es_fprintf (fp, _(" Since this binding's policy was 'auto', it has been " "changed to 'ask'.")); es_fputs (" ", fp); } es_fprintf (fp, _("Please indicate whether this email address should" " be associated with key %s or whether you think someone" " is impersonating \"%s\"."), fingerprint, email); es_fputc ('\n', fp); es_fputc (0, fp); if (es_fclose_snatch (fp, (void **)&tmpstr, NULL)) log_fatal ("error snatching memory stream\n"); text = format_text (tmpstr, 72, 80); es_free (tmpstr); return text; } /* Return 1 if A signed B and B signed A. */ static int cross_sigs (const char *email, kbnode_t a, kbnode_t b) { int i; PKT_public_key *a_pk = a->pkt->pkt.public_key; PKT_public_key *b_pk = b->pkt->pkt.public_key; char a_keyid[33]; char b_keyid[33]; if (DBG_TRUST) { format_keyid (pk_main_keyid (a_pk), KF_LONG, a_keyid, sizeof (a_keyid)); format_keyid (pk_main_keyid (b_pk), KF_LONG, b_keyid, sizeof (b_keyid)); } for (i = 0; i < 2; i ++) { /* See if SIGNER signed SIGNEE. */ kbnode_t signer = i == 0 ? a : b; kbnode_t signee = i == 0 ? b : a; PKT_public_key *signer_pk = signer->pkt->pkt.public_key; u32 *signer_kid = pk_main_keyid (signer_pk); kbnode_t n; int saw_email = 0; /* Iterate over SIGNEE's keyblock and see if there is a valid signature from SIGNER. */ for (n = signee; n; n = n->next) { PKT_signature *sig; if (n->pkt->pkttype == PKT_USER_ID) { if (saw_email) /* We're done: we've processed all signatures on the user id. */ break; else { /* See if this is the matching user id. */ PKT_user_id *user_id = n->pkt->pkt.user_id; char *email2 = email_from_user_id (user_id->name); if (strcmp (email, email2) == 0) saw_email = 1; xfree (email2); } } if (! saw_email) continue; if (n->pkt->pkttype != PKT_SIGNATURE) continue; sig = n->pkt->pkt.signature; if (! (sig->sig_class == 0x10 || sig->sig_class == 0x11 || sig->sig_class == 0x12 || sig->sig_class == 0x13)) /* Not a signature over a user id. */ continue; /* SIG is on SIGNEE's keyblock. If SIG was generated by the signer, then it's a match. */ if (keyid_cmp (sig->keyid, signer_kid) == 0) /* Match! */ break; } if (! n) /* We didn't find a signature from signer over signee. */ { if (DBG_TRUST) log_debug ("No cross sig between %s and %s\n", a_keyid, b_keyid); return 0; } } /* A signed B and B signed A. */ if (DBG_TRUST) log_debug ("Cross sig between %s and %s\n", a_keyid, b_keyid); return 1; } /* Return whether the key was signed by an ultimately trusted key. */ static int signed_by_utk (const char *email, kbnode_t a) { kbnode_t n; int saw_email = 0; for (n = a; n; n = n->next) { PKT_signature *sig; if (n->pkt->pkttype == PKT_USER_ID) { if (saw_email) /* We're done: we've processed all signatures on the user id. */ break; else { /* See if this is the matching user id. */ PKT_user_id *user_id = n->pkt->pkt.user_id; char *email2 = email_from_user_id (user_id->name); if (strcmp (email, email2) == 0) saw_email = 1; xfree (email2); } } if (! saw_email) continue; if (n->pkt->pkttype != PKT_SIGNATURE) continue; sig = n->pkt->pkt.signature; if (! (sig->sig_class == 0x10 || sig->sig_class == 0x11 || sig->sig_class == 0x12 || sig->sig_class == 0x13)) /* Not a signature over a user id. */ continue; /* SIG is on SIGNEE's keyblock. If SIG was generated by the signer, then it's a match. */ if (tdb_keyid_is_utk (sig->keyid)) { /* Match! */ if (DBG_TRUST) log_debug ("TOFU: %s is signed by an ultimately trusted key.\n", pk_keyid_str (a->pkt->pkt.public_key)); return 1; } } if (DBG_TRUST) log_debug ("TOFU: %s is NOT signed by an ultimately trusted key.\n", pk_keyid_str (a->pkt->pkt.public_key)); return 0; } enum { BINDING_NEW = 1 << 0, BINDING_CONFLICT = 1 << 1, BINDING_EXPIRED = 1 << 2, BINDING_REVOKED = 1 << 3 }; /* Ask the user about the binding. There are three ways we could end * up here: * * - This is a new binding and there is a conflict * (policy == TOFU_POLICY_NONE && conflict_set_count > 1), * * - This is a new binding and opt.tofu_default_policy is set to * ask. (policy == TOFU_POLICY_NONE && opt.tofu_default_policy == * TOFU_POLICY_ASK), or, * * - The policy is ask (the user deferred last time) (policy == * TOFU_POLICY_ASK). * * Note: this function must not be called while in a transaction! * * CONFLICT_SET includes all of the conflicting bindings * with FINGERPRINT first. FLAGS is a bit-wise or of * BINDING_NEW, etc. */ static void ask_about_binding (ctrl_t ctrl, enum tofu_policy *policy, int *trust_level, strlist_t conflict_set, const char *fingerprint, const char *email, const char *user_id, time_t now) { tofu_dbs_t dbs; strlist_t iter; int conflict_set_count = strlist_length (conflict_set); char *sqerr = NULL; int rc; estream_t fp; strlist_t other_user_ids = NULL; struct signature_stats *stats = NULL; struct signature_stats *stats_iter = NULL; char *prompt = NULL; const char *choices; dbs = ctrl->tofu.dbs; log_assert (dbs); log_assert (dbs->in_transaction == 0); fp = es_fopenmem (0, "rw,samethread"); if (!fp) log_fatal ("error creating memory stream: %s\n", gpg_strerror (gpg_error_from_syserror())); { char *text = format_conflict_msg_part1 (*policy, conflict_set, email); if (!text) /* FIXME: Return the error all the way up. */ log_fatal ("format failed: %s\n", gpg_strerror (gpg_error_from_syserror())); es_fputs (text, fp); es_fputc ('\n', fp); xfree (text); } begin_transaction (ctrl, 0); /* Find other user ids associated with this key and whether the * bindings are marked as good or bad. */ rc = gpgsql_stepx (dbs->db, &dbs->s.get_trust_gather_other_user_ids, strings_collect_cb2, &other_user_ids, &sqerr, "select user_id, policy from bindings where fingerprint = ?;", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_END); if (rc) { log_error (_("error gathering other user IDs: %s\n"), sqerr); sqlite3_free (sqerr); sqerr = NULL; rc = gpg_error (GPG_ERR_GENERAL); } if (other_user_ids) { strlist_t strlist_iter; es_fprintf (fp, _("This key's user IDs:\n")); for (strlist_iter = other_user_ids; strlist_iter; strlist_iter = strlist_iter->next) { char *other_user_id = strlist_iter->d; char *other_thing; enum tofu_policy other_policy; log_assert (strlist_iter->next); strlist_iter = strlist_iter->next; other_thing = strlist_iter->d; other_policy = atoi (other_thing); es_fprintf (fp, " %s (", other_user_id); es_fprintf (fp, _("policy: %s"), tofu_policy_str (other_policy)); es_fprintf (fp, ")\n"); } es_fprintf (fp, "\n"); free_strlist (other_user_ids); } /* Get the stats for all the keys in CONFLICT_SET. */ strlist_rev (&conflict_set); for (iter = conflict_set; iter && ! rc; iter = iter->next) { #define STATS_SQL(table, time, sign) \ "select fingerprint, policy, time_ago, count(*)\n" \ " from\n" \ " (select bindings.*,\n" \ " "sign" case\n" \ " when delta ISNULL then 1\n" \ /* From the future (but if its just a couple of hours in the \ * future don't turn it into a warning)? Or should we use \ * small, medium or large units? (Note: whatever we do, we \ * keep the value in seconds. Then when we group, everything \ * that rounds to the same number of seconds is grouped.) */ \ " when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then 2\n" \ " when delta < ("STRINGIFY (TIME_AGO_SMALL_THRESHOLD)")\n" \ " then 3\n" \ " when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n" \ " then 4\n" \ " when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n" \ " then 5\n" \ " else 6\n" \ " end time_ago,\n" \ " delta time_ago_raw\n" \ " from bindings\n" \ " left join\n" \ " (select *,\n" \ " cast(? - " time " as real) delta\n" \ " from " table ") ss\n" \ " on ss.binding = bindings.oid)\n" \ " where email = ? and fingerprint = ?\n" \ " group by time_ago\n" \ /* Make sure the current key is first. */ \ " order by time_ago desc;\n" /* Use the time when we saw the signature, not when the signature was created as that can be forged. */ rc = gpgsql_stepx (dbs->db, &dbs->s.get_trust_gather_signature_stats, signature_stats_collect_cb, &stats, &sqerr, STATS_SQL ("signatures", "time", ""), GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_END); if (rc) { rc = gpg_error (GPG_ERR_GENERAL); break; } if (!stats || strcmp (iter->d, stats->fingerprint) != 0) /* No stats for this binding. Add a dummy entry. */ signature_stats_prepend (&stats, iter->d, TOFU_POLICY_AUTO, 1, 1); rc = gpgsql_stepx (dbs->db, &dbs->s.get_trust_gather_encryption_stats, signature_stats_collect_cb, &stats, &sqerr, STATS_SQL ("encryptions", "time", "-"), GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, iter->d, GPGSQL_ARG_END); if (rc) { rc = gpg_error (GPG_ERR_GENERAL); break; } #undef STATS_SQL if (!stats || strcmp (iter->d, stats->fingerprint) != 0 || stats->time_ago > 0) /* No stats for this binding. Add a dummy entry. */ signature_stats_prepend (&stats, iter->d, TOFU_POLICY_AUTO, -1, 1); } end_transaction (ctrl, 0); strlist_rev (&conflict_set); if (rc) { strlist_t strlist_iter; log_error (_("error gathering signature stats: %s\n"), sqerr); sqlite3_free (sqerr); sqerr = NULL; es_fprintf (fp, ngettext("The email address \"%s\" is" " associated with %d key:\n", "The email address \"%s\" is" " associated with %d keys:\n", conflict_set_count), email, conflict_set_count); for (strlist_iter = conflict_set; strlist_iter; strlist_iter = strlist_iter->next) es_fprintf (fp, " %s\n", strlist_iter->d); } else { char *key = NULL; strlist_t binding; int seen_in_past = 0; int encrypted = 1; es_fprintf (fp, _("Statistics for keys" " with the email address \"%s\":\n"), email); for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next) { #if 0 log_debug ("%s: time_ago: %ld; count: %ld\n", stats_iter->fingerprint, stats_iter->time_ago, stats_iter->count); #endif if (stats_iter->time_ago > 0 && encrypted) { /* We've change from the encrypted stats to the verified * stats. Reset SEEN_IN_PAST. */ encrypted = 0; seen_in_past = 0; } if (! key || strcmp (key, stats_iter->fingerprint)) { int this_key; char *key_pp; key = stats_iter->fingerprint; this_key = strcmp (key, fingerprint) == 0; key_pp = format_hexfingerprint (key, NULL, 0); es_fprintf (fp, " %s (", key_pp); /* Find the associated binding. */ for (binding = conflict_set; binding; binding = binding->next) if (strcmp (key, binding->d) == 0) break; log_assert (binding); if ((binding->flags & BINDING_REVOKED)) { es_fprintf (fp, _("revoked")); es_fprintf (fp, ", "); } else if ((binding->flags & BINDING_EXPIRED)) { es_fprintf (fp, _("expired")); es_fprintf (fp, ", "); } if (this_key) es_fprintf (fp, _("this key")); else es_fprintf (fp, _("policy: %s"), tofu_policy_str (stats_iter->policy)); es_fputs ("):\n", fp); xfree (key_pp); seen_in_past = 0; show_statistics (dbs, stats_iter->fingerprint, email, TOFU_POLICY_ASK, NULL, 1, now); } if (labs(stats_iter->time_ago) == 1) { /* The 1 in this case is the NULL entry. */ log_assert (stats_iter->count == 1); stats_iter->count = 0; } seen_in_past += stats_iter->count; es_fputs (" ", fp); if (!stats_iter->count) { if (stats_iter->time_ago > 0) es_fprintf (fp, ngettext("Verified %d message.", "Verified %d messages.", seen_in_past), seen_in_past); else es_fprintf (fp, ngettext("Encrypted %d message.", "Encrypted %d messages.", seen_in_past), seen_in_past); } else if (labs(stats_iter->time_ago) == 2) { if (stats_iter->time_ago > 0) es_fprintf (fp, ngettext("Verified %d message in the future.", "Verified %d messages in the future.", seen_in_past), seen_in_past); else es_fprintf (fp, ngettext("Encrypted %d message in the future.", "Encrypted %d messages in the future.", seen_in_past), seen_in_past); /* Reset it. */ seen_in_past = 0; } else { if (labs(stats_iter->time_ago) == 3) { int days = 1 + stats_iter->time_ago / TIME_AGO_UNIT_SMALL; if (stats_iter->time_ago > 0) es_fprintf (fp, ngettext("Messages verified over the past %d day: %d.", "Messages verified over the past %d days: %d.", days), days, seen_in_past); else es_fprintf (fp, ngettext("Messages encrypted over the past %d day: %d.", "Messages encrypted over the past %d days: %d.", days), days, seen_in_past); } else if (labs(stats_iter->time_ago) == 4) { int months = 1 + stats_iter->time_ago / TIME_AGO_UNIT_MEDIUM; if (stats_iter->time_ago > 0) es_fprintf (fp, ngettext("Messages verified over the past %d month: %d.", "Messages verified over the past %d months: %d.", months), months, seen_in_past); else es_fprintf (fp, ngettext("Messages encrypted over the past %d month: %d.", "Messages encrypted over the past %d months: %d.", months), months, seen_in_past); } else if (labs(stats_iter->time_ago) == 5) { int years = 1 + stats_iter->time_ago / TIME_AGO_UNIT_LARGE; if (stats_iter->time_ago > 0) es_fprintf (fp, ngettext("Messages verified over the past %d year: %d.", "Messages verified over the past %d years: %d.", years), years, seen_in_past); else es_fprintf (fp, ngettext("Messages encrypted over the past %d year: %d.", "Messages encrypted over the past %d years: %d.", years), years, seen_in_past); } else if (labs(stats_iter->time_ago) == 6) { if (stats_iter->time_ago > 0) es_fprintf (fp, _("Messages verified in the past: %d."), seen_in_past); else es_fprintf (fp, _("Messages encrypted in the past: %d."), seen_in_past); } else log_assert (! "Broken SQL.\n"); } es_fputs ("\n", fp); } } if (conflict_set_count > 1 || (conflict_set->flags & BINDING_CONFLICT)) { /* This is a conflict. */ /* TRANSLATORS: Please translate the text found in the source * file below. We don't directly internationalize that text so * that we can tweak it without breaking translations. */ const char *text = _("TOFU detected a binding conflict"); char *textbuf; if (!strcmp (text, "TOFU detected a binding conflict")) { /* No translation. Use the English text. */ text = "Normally, an email address is associated with a single key. " "However, people sometimes generate a new key if " "their key is too old or they think it might be compromised. " "Alternatively, a new key may indicate a man-in-the-middle " "attack! Before accepting this association, you should talk to or " "call the person to make sure this new key is legitimate."; } textbuf = format_text (text, 72, 80); es_fprintf (fp, "\n%s\n", textbuf? textbuf : "[OUT OF CORE!]"); xfree (textbuf); } es_fputc ('\n', fp); /* Add a NUL terminator. */ es_fputc (0, fp); if (es_fclose_snatch (fp, (void **) &prompt, NULL)) log_fatal ("error snatching memory stream\n"); /* I think showing the large message once is sufficient. If we * would move it right before the cpr_get many lines will scroll * away and the user might not realize that he merely entered a * wrong choice (because he does not see that either). As a small * benefit we allow C-L to redisplay everything. */ tty_printf ("%s", prompt); /* Suspend any transaction: it could take a while until the user responds. */ tofu_suspend_batch_transaction (ctrl); while (1) { char *response; /* TRANSLATORS: Two letters (normally the lower and upper case * version of the hotkey) for each of the five choices. If * there is only one choice in your language, repeat it. */ choices = _("gG" "aA" "uU" "rR" "bB"); if (strlen (choices) != 10) log_bug ("Bad TOFU conflict translation! Please report."); response = cpr_get ("tofu.conflict", _("(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? ")); trim_spaces (response); cpr_kill_prompt (); if (*response == CONTROL_L) tty_printf ("%s", prompt); else if (!response[0]) /* Default to unknown. Don't save it. */ { tty_printf (_("Defaulting to unknown.\n")); *policy = TOFU_POLICY_UNKNOWN; break; } else if (!response[1]) { char *choice = strchr (choices, *response); if (choice) { int c = ((size_t) choice - (size_t) choices) / 2; switch (c) { case 0: /* Good. */ *policy = TOFU_POLICY_GOOD; *trust_level = tofu_policy_to_trust_level (*policy); break; case 1: /* Accept once. */ *policy = TOFU_POLICY_ASK; *trust_level = tofu_policy_to_trust_level (TOFU_POLICY_GOOD); break; case 2: /* Unknown. */ *policy = TOFU_POLICY_UNKNOWN; *trust_level = tofu_policy_to_trust_level (*policy); break; case 3: /* Reject once. */ *policy = TOFU_POLICY_ASK; *trust_level = tofu_policy_to_trust_level (TOFU_POLICY_BAD); break; case 4: /* Bad. */ *policy = TOFU_POLICY_BAD; *trust_level = tofu_policy_to_trust_level (*policy); break; default: log_bug ("c should be between 0 and 4 but it is %d!", c); } if (record_binding (dbs, fingerprint, email, user_id, *policy, TOFU_POLICY_NONE, NULL, 0, 0, now)) { /* If there's an error registering the * binding, don't save the signature. */ *trust_level = _tofu_GET_TRUST_ERROR; } break; } } xfree (response); } tofu_resume_batch_transaction (ctrl); xfree (prompt); signature_stats_free (stats); } /* Return the set of keys that conflict with the binding (including the binding itself, which will be first in the list). For each returned key also sets BINDING_NEW, etc. */ static strlist_t build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs, PKT_public_key *pk, const char *fingerprint, const char *email) { gpg_error_t rc; char *sqerr; strlist_t conflict_set = NULL; int conflict_set_count; strlist_t iter; kbnode_t *kb_all; KEYDB_HANDLE hd; int i; /* Get the fingerprints of any bindings that share the email address * and whether the bindings have a known conflict. * * Note: if the binding in question is in the DB, it will also be * returned. Thus, if the result set is empty, then is a new binding. */ rc = gpgsql_stepx (dbs->db, &dbs->s.get_trust_bindings_with_this_email, strings_collect_cb2, &conflict_set, &sqerr, "select" /* A binding should only appear once, but try not to break in the * case of corruption. */ " fingerprint || case sum(conflict NOTNULL) when 0 then '' else '!' end" " from bindings where email = ?" " group by fingerprint" /* Make sure the current key comes first in the result list (if it is present). */ " order by fingerprint = ? asc, fingerprint desc;", GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_END); if (rc) { log_error (_("error reading TOFU database: %s\n"), sqerr); print_further_info ("listing fingerprints"); sqlite3_free (sqerr); rc = gpg_error (GPG_ERR_GENERAL); return NULL; } /* Set BINDING_CONFLICT if the binding has a known conflict. This * allows us to distinguish between bindings where the user * explicitly set the policy to ask and bindings where we set the * policy to ask due to a conflict. */ for (iter = conflict_set; iter; iter = iter->next) { int l = strlen (iter->d); if (!(l == 2 * MAX_FINGERPRINT_LEN || l == 2 * MAX_FINGERPRINT_LEN + 1)) { log_error (_("TOFU db corruption detected.\n")); print_further_info ("fingerprint '%s' is not %d characters long", iter->d, 2 * MAX_FINGERPRINT_LEN); } if (l >= 1 && iter->d[l - 1] == '!') { iter->flags |= BINDING_CONFLICT; /* Remove the !. */ iter->d[l - 1] = 0; } } /* If the current binding has not yet been recorded, add it to the * list. (The order by above ensures that if it is present, it will * be first.) */ if (! (conflict_set && strcmp (conflict_set->d, fingerprint) == 0)) { add_to_strlist (&conflict_set, fingerprint); conflict_set->flags |= BINDING_NEW; } conflict_set_count = strlist_length (conflict_set); /* Eliminate false conflicts. */ if (conflict_set_count == 1) /* We only have a single key. There are no false conflicts to eliminate. But, we do need to set the flags. */ { if (pk->has_expired) conflict_set->flags |= BINDING_EXPIRED; if (pk->flags.revoked) conflict_set->flags |= BINDING_REVOKED; return conflict_set; } /* If two keys have cross signatures, then they are controlled by * the same person and thus are not in conflict. */ kb_all = xcalloc (sizeof (kb_all[0]), conflict_set_count); hd = keydb_new (); for (i = 0, iter = conflict_set; i < conflict_set_count; i ++, iter = iter->next) { char *fp = iter->d; KEYDB_SEARCH_DESC desc; kbnode_t kb; PKT_public_key *binding_pk; kbnode_t n; int found_user_id; rc = keydb_search_reset (hd); if (rc) { log_error (_("resetting keydb: %s\n"), gpg_strerror (rc)); continue; } rc = classify_user_id (fp, &desc, 0); if (rc) { log_error (_("error parsing key specification '%s': %s\n"), fp, gpg_strerror (rc)); continue; } rc = keydb_search (hd, &desc, 1, NULL); if (rc) { /* Note: it is entirely possible that we don't have the key corresponding to an entry in the TOFU DB. This can happen if we merge two TOFU DBs, but not the key rings. */ log_info (_("key \"%s\" not found: %s\n"), fp, gpg_strerror (rc)); continue; } rc = keydb_get_keyblock (hd, &kb); if (rc) { log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc)); print_further_info ("fingerprint: %s", fp); continue; } merge_keys_and_selfsig (ctrl, kb); log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY); kb_all[i] = kb; /* Since we have the key block, use this opportunity to figure * out if the binding is expired or revoked. */ binding_pk = kb->pkt->pkt.public_key; /* The binding is always expired/revoked if the key is * expired/revoked. */ if (binding_pk->has_expired) iter->flags |= BINDING_EXPIRED; if (binding_pk->flags.revoked) iter->flags |= BINDING_REVOKED; /* The binding is also expired/revoked if the user id is * expired/revoked. */ n = kb; found_user_id = 0; while ((n = find_next_kbnode (n, PKT_USER_ID)) && ! found_user_id) { PKT_user_id *user_id2 = n->pkt->pkt.user_id; char *email2; if (user_id2->attrib_data) continue; email2 = email_from_user_id (user_id2->name); if (strcmp (email, email2) == 0) { found_user_id = 1; if (user_id2->flags.revoked) iter->flags |= BINDING_REVOKED; if (user_id2->flags.expired) iter->flags |= BINDING_EXPIRED; } xfree (email2); } if (! found_user_id) { log_info (_("TOFU db corruption detected.\n")); print_further_info ("user id '%s' not on key block '%s'", email, fingerprint); } } keydb_release (hd); /* Now that we have the key blocks, check for cross sigs. */ { int j; strlist_t *prevp; strlist_t iter_next; int *die; log_assert (conflict_set_count > 0); die = xtrycalloc (conflict_set_count, sizeof *die); if (!die) { /*err = gpg_error_from_syserror ();*/ xoutofcore (); /* Fixme: Let the function return an error. */ } for (i = 0; i < conflict_set_count; i ++) { /* Look for cross sigs between this key (i == 0) or a key * that has cross sigs with i == 0 (i.e., transitively) */ if (! (i == 0 || die[i])) continue; for (j = i + 1; j < conflict_set_count; j ++) /* Be careful: we might not have a key block for a key. */ if (kb_all[i] && kb_all[j] && cross_sigs (email, kb_all[i], kb_all[j])) die[j] = 1; } /* Free unconflicting bindings (and all of the key blocks). */ for (iter = conflict_set, prevp = &conflict_set, i = 0; iter; iter = iter_next, i ++) { iter_next = iter->next; release_kbnode (kb_all[i]); if (die[i]) { *prevp = iter_next; iter->next = NULL; free_strlist (iter); conflict_set_count --; } else { prevp = &iter->next; } } /* We shouldn't have removed the head. */ log_assert (conflict_set); log_assert (conflict_set_count >= 1); xfree (die); } xfree (kb_all); if (DBG_TRUST) { log_debug ("binding conflicts:\n", fingerprint, email); for (iter = conflict_set; iter; iter = iter->next) { log_debug (" %s:%s%s%s%s\n", iter->d, (iter->flags & BINDING_NEW) ? " new" : "", (iter->flags & BINDING_CONFLICT) ? " known_conflict" : "", (iter->flags & BINDING_EXPIRED) ? " expired" : "", (iter->flags & BINDING_REVOKED) ? " revoked" : ""); } } return conflict_set; } /* Return the effective policy for the binding * (email has already been normalized). Returns * _tofu_GET_POLICY_ERROR if an error occurs. Returns any conflict * information in *CONFLICT_SETP if CONFLICT_SETP is not NULL and the * returned policy is TOFU_POLICY_ASK (consequently, if there is a * conflict, but the user set the policy to good *CONFLICT_SETP will * empty). Note: as per build_conflict_set, which is used to build * the conflict information, the conflict information includes the * current user id as the first element of the linked list. * * This function registers the binding in the bindings table if it has * not yet been registered. */ static enum tofu_policy get_policy (ctrl_t ctrl, tofu_dbs_t dbs, PKT_public_key *pk, const char *fingerprint, const char *user_id, const char *email, strlist_t *conflict_setp, time_t now) { int rc; char *err = NULL; strlist_t results = NULL; enum tofu_policy policy = _tofu_GET_POLICY_ERROR; enum tofu_policy effective_policy_orig = TOFU_POLICY_NONE; enum tofu_policy effective_policy = _tofu_GET_POLICY_ERROR; long along; char *conflict_orig = NULL; char *conflict = NULL; strlist_t conflict_set = NULL; int conflict_set_count; /* Check if the binding is known (TOFU_POLICY_NONE cannot appear in the DB. Thus, if POLICY is still TOFU_POLICY_NONE after executing the query, then the result set was empty.) */ rc = gpgsql_stepx (dbs->db, &dbs->s.get_policy_select_policy_and_conflict, strings_collect_cb2, &results, &err, "select policy, conflict, effective_policy from bindings\n" " where fingerprint = ? and email = ?", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_END); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("reading the policy"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); goto out; } if (strlist_length (results) == 0) { /* No results. Use the defaults. */ policy = TOFU_POLICY_NONE; effective_policy = TOFU_POLICY_NONE; } else if (strlist_length (results) == 3) { /* Parse and sanity check the results. */ if (string_to_long (&along, results->d, 0, __LINE__)) { log_error (_("error reading TOFU database: %s\n"), gpg_strerror (GPG_ERR_BAD_DATA)); print_further_info ("bad value for policy: %s", results->d); goto out; } policy = along; if (! (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_GOOD || policy == TOFU_POLICY_UNKNOWN || policy == TOFU_POLICY_BAD || policy == TOFU_POLICY_ASK)) { log_error (_("error reading TOFU database: %s\n"), gpg_strerror (GPG_ERR_DB_CORRUPTED)); print_further_info ("invalid value for policy (%d)", policy); effective_policy = _tofu_GET_POLICY_ERROR; goto out; } if (*results->next->d) conflict = xstrdup (results->next->d); if (string_to_long (&along, results->next->next->d, 0, __LINE__)) { log_error (_("error reading TOFU database: %s\n"), gpg_strerror (GPG_ERR_BAD_DATA)); print_further_info ("bad value for effective policy: %s", results->next->next->d); goto out; } effective_policy = along; if (! (effective_policy == TOFU_POLICY_NONE || effective_policy == TOFU_POLICY_AUTO || effective_policy == TOFU_POLICY_GOOD || effective_policy == TOFU_POLICY_UNKNOWN || effective_policy == TOFU_POLICY_BAD || effective_policy == TOFU_POLICY_ASK)) { log_error (_("error reading TOFU database: %s\n"), gpg_strerror (GPG_ERR_DB_CORRUPTED)); print_further_info ("invalid value for effective_policy (%d)", effective_policy); effective_policy = _tofu_GET_POLICY_ERROR; goto out; } } else { /* The result has the wrong form. */ log_error (_("error reading TOFU database: %s\n"), gpg_strerror (GPG_ERR_BAD_DATA)); print_further_info ("reading policy: expected 3 columns, got %d\n", strlist_length (results)); goto out; } /* Save the effective policy and conflict so we know if we changed * them. */ effective_policy_orig = effective_policy; conflict_orig = conflict; /* Unless there is a conflict, if the effective policy is cached, * just return it. The reason we don't do this when there is a * conflict is because of the following scenario: assume A and B * conflict and B has signed A's key. Now, later we import A's * signature on B. We need to recheck A, but the signature was on * B, i.e., when B changes, we invalidate B's effective policy, but * we also need to invalidate A's effective policy. Instead, we * assume that conflicts are rare and don't optimize for them, which * would complicate the code. */ if (effective_policy != TOFU_POLICY_NONE && !conflict) goto out; /* If the user explicitly set the policy, then respect that. */ if (policy != TOFU_POLICY_AUTO && policy != TOFU_POLICY_NONE) { effective_policy = policy; goto out; } /* Unless proven wrong, assume the effective policy is 'auto'. */ effective_policy = TOFU_POLICY_AUTO; /* See if the key is ultimately trusted. */ { u32 kid[2]; keyid_from_pk (pk, kid); if (tdb_keyid_is_utk (kid)) { effective_policy = TOFU_POLICY_GOOD; goto out; } } /* See if the key is signed by an ultimately trusted key. */ { int fingerprint_raw_len = strlen (fingerprint) / 2; - char fingerprint_raw[20]; + char fingerprint_raw[MAX_FINGERPRINT_LEN]; int len = 0; - if (fingerprint_raw_len != sizeof fingerprint_raw + /* FIXME(fingerprint) */ + if (fingerprint_raw_len != 20 /*sizeof fingerprint_raw */ || ((len = hex2bin (fingerprint, fingerprint_raw, fingerprint_raw_len)) != strlen (fingerprint))) { if (DBG_TRUST) log_debug ("TOFU: Bad fingerprint: %s (len: %zu, parsed: %d)\n", fingerprint, strlen (fingerprint), len); } else { int lookup_err; kbnode_t kb; lookup_err = get_pubkey_byfprint (ctrl, NULL, &kb, fingerprint_raw, fingerprint_raw_len); if (lookup_err) { if (DBG_TRUST) log_debug ("TOFU: Looking up %s: %s\n", fingerprint, gpg_strerror (lookup_err)); } else { int is_signed_by_utk = signed_by_utk (email, kb); release_kbnode (kb); if (is_signed_by_utk) { effective_policy = TOFU_POLICY_GOOD; goto out; } } } } /* Check for any conflicts / see if a previously discovered conflict * disappeared. The latter can happen if the conflicting bindings * are now cross signed, for instance. */ conflict_set = build_conflict_set (ctrl, dbs, pk, fingerprint, email); conflict_set_count = strlist_length (conflict_set); if (conflict_set_count == 0) { /* build_conflict_set should always at least return the current binding. Something went wrong. */ effective_policy = _tofu_GET_POLICY_ERROR; goto out; } if (conflict_set_count == 1 && (conflict_set->flags & BINDING_NEW)) { /* We've never observed a binding with this email address and we * have a default policy, which is not to ask the user. */ /* If we've seen this binding, then we've seen this email and * policy couldn't possibly be TOFU_POLICY_NONE. */ log_assert (policy == TOFU_POLICY_NONE); if (DBG_TRUST) log_debug ("TOFU: New binding , no conflict.\n", fingerprint, email); effective_policy = TOFU_POLICY_AUTO; goto out; } if (conflict_set_count == 1 && (conflict_set->flags & BINDING_CONFLICT)) { /* No known conflicts now, but there was a conflict. This means * at some point, there was a conflict and we changed this * binding's policy to ask and set the conflicting key. The * conflict can go away if there is not a cross sig between the * two keys. In this case, just silently clear the conflict and * reset the policy to auto. */ if (DBG_TRUST) log_debug ("TOFU: binding had a conflict, but it's been resolved (probably via cross sig).\n", fingerprint, email); effective_policy = TOFU_POLICY_AUTO; conflict = NULL; goto out; } if (conflict_set_count == 1) { /* No conflicts and never marked as conflicting. */ log_assert (!conflict); effective_policy = TOFU_POLICY_AUTO; goto out; } /* There is a conflicting key. */ log_assert (conflict_set_count > 1); effective_policy = TOFU_POLICY_ASK; conflict = xstrdup (conflict_set->next->d); out: log_assert (policy == _tofu_GET_POLICY_ERROR || policy == TOFU_POLICY_NONE || policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_GOOD || policy == TOFU_POLICY_UNKNOWN || policy == TOFU_POLICY_BAD || policy == TOFU_POLICY_ASK); /* Everything but NONE. */ log_assert (effective_policy == _tofu_GET_POLICY_ERROR || effective_policy == TOFU_POLICY_AUTO || effective_policy == TOFU_POLICY_GOOD || effective_policy == TOFU_POLICY_UNKNOWN || effective_policy == TOFU_POLICY_BAD || effective_policy == TOFU_POLICY_ASK); if (effective_policy != TOFU_POLICY_ASK && conflict) conflict = NULL; /* If we don't have a record of this binding, its effective policy * changed, or conflict changed, update the DB. */ if (effective_policy != _tofu_GET_POLICY_ERROR && (/* New binding. */ policy == TOFU_POLICY_NONE /* effective_policy changed. */ || effective_policy != effective_policy_orig /* conflict changed. */ || (conflict != conflict_orig && (!conflict || !conflict_orig || strcmp (conflict, conflict_orig) != 0)))) { if (record_binding (dbs, fingerprint, email, user_id, policy == TOFU_POLICY_NONE ? TOFU_POLICY_AUTO : policy, effective_policy, conflict, 1, 0, now) != 0) log_error (_("error setting TOFU binding's policy" " to %s\n"), tofu_policy_str (policy)); } /* If the caller wants the set of conflicts, return it. */ if (effective_policy == TOFU_POLICY_ASK && conflict_setp) { if (! conflict_set) conflict_set = build_conflict_set (ctrl, dbs, pk, fingerprint, email); *conflict_setp = conflict_set; } else { free_strlist (conflict_set); if (conflict_setp) *conflict_setp = NULL; } xfree (conflict_orig); if (conflict != conflict_orig) xfree (conflict); free_strlist (results); return effective_policy; } /* Return the trust level (TRUST_NEVER, etc.) for the binding * (email is already normalized). If no policy * is registered, returns TOFU_POLICY_NONE. If an error occurs, * returns _tofu_GET_TRUST_ERROR. * * PK is the public key object for FINGERPRINT. * * USER_ID is the unadulterated user id. * * If MAY_ASK is set, then we may interact with the user. This is * necessary if there is a conflict or the binding's policy is * TOFU_POLICY_ASK. In the case of a conflict, we set the new * conflicting binding's policy to TOFU_POLICY_ASK. In either case, * we return TRUST_UNDEFINED. Note: if MAY_ASK is set, then this * function must not be called while in a transaction! */ static enum tofu_policy get_trust (ctrl_t ctrl, PKT_public_key *pk, const char *fingerprint, const char *email, const char *user_id, int may_ask, enum tofu_policy *policyp, strlist_t *conflict_setp, time_t now) { tofu_dbs_t dbs = ctrl->tofu.dbs; int in_transaction = 0; enum tofu_policy policy; int rc; char *sqerr = NULL; strlist_t conflict_set = NULL; int trust_level = TRUST_UNKNOWN; strlist_t iter; log_assert (dbs); if (may_ask) log_assert (dbs->in_transaction == 0); if (opt.batch) may_ask = 0; log_assert (pk_is_primary (pk)); /* Make sure _tofu_GET_TRUST_ERROR isn't equal to any of the trust levels. */ log_assert (_tofu_GET_TRUST_ERROR != TRUST_UNKNOWN && _tofu_GET_TRUST_ERROR != TRUST_EXPIRED && _tofu_GET_TRUST_ERROR != TRUST_UNDEFINED && _tofu_GET_TRUST_ERROR != TRUST_NEVER && _tofu_GET_TRUST_ERROR != TRUST_MARGINAL && _tofu_GET_TRUST_ERROR != TRUST_FULLY && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE); begin_transaction (ctrl, 0); in_transaction = 1; /* We need to call get_policy even if the key is ultimately trusted * to make sure the binding has been registered. */ policy = get_policy (ctrl, dbs, pk, fingerprint, user_id, email, &conflict_set, now); if (policy == TOFU_POLICY_ASK) /* The conflict set should always contain at least one element: * the current key. */ log_assert (conflict_set); else /* If the policy is not TOFU_POLICY_ASK, then conflict_set will be * NULL. */ log_assert (! conflict_set); /* If the key is ultimately trusted, there is nothing to do. */ { u32 kid[2]; keyid_from_pk (pk, kid); if (tdb_keyid_is_utk (kid)) { trust_level = TRUST_ULTIMATE; policy = TOFU_POLICY_GOOD; goto out; } } if (policy == TOFU_POLICY_AUTO) { policy = opt.tofu_default_policy; if (DBG_TRUST) log_debug ("TOFU: binding 's policy is" " auto (default: %s).\n", fingerprint, email, tofu_policy_str (opt.tofu_default_policy)); if (policy == TOFU_POLICY_ASK) /* The default policy is ASK, but there is no conflict (policy * was 'auto'). In this case, we need to make sure the * conflict set includes at least the current user id. */ { add_to_strlist (&conflict_set, fingerprint); } } switch (policy) { case TOFU_POLICY_AUTO: case TOFU_POLICY_GOOD: case TOFU_POLICY_UNKNOWN: case TOFU_POLICY_BAD: /* The saved judgement is auto -> auto, good, unknown or bad. * We don't need to ask the user anything. */ if (DBG_TRUST) log_debug ("TOFU: Known binding 's policy: %s\n", fingerprint, email, tofu_policy_str (policy)); trust_level = tofu_policy_to_trust_level (policy); goto out; case TOFU_POLICY_ASK: /* We need to ask the user what to do. */ break; case _tofu_GET_POLICY_ERROR: trust_level = _tofu_GET_TRUST_ERROR; goto out; default: log_bug ("%s: Impossible value for policy (%d)\n", __func__, policy); } /* We get here if: * * 1. The saved policy is auto and the default policy is ask * (get_policy() == TOFU_POLICY_AUTO * && opt.tofu_default_policy == TOFU_POLICY_ASK) * * 2. The saved policy is ask (either last time the user selected * accept once or reject once or there was a conflict and this * binding's policy was changed from auto to ask) * (policy == TOFU_POLICY_ASK). */ log_assert (policy == TOFU_POLICY_ASK); if (may_ask) { /* We can't be in a normal transaction in ask_about_binding. */ end_transaction (ctrl, 0); in_transaction = 0; /* If we get here, we need to ask the user about the binding. */ ask_about_binding (ctrl, &policy, &trust_level, conflict_set, fingerprint, email, user_id, now); } else { trust_level = TRUST_UNDEFINED; } /* Mark any conflicting bindings that have an automatic policy as * now requiring confirmation. Note: we do this after we ask for * confirmation so that when the current policy is printed, it is * correct. */ if (! in_transaction) { begin_transaction (ctrl, 0); in_transaction = 1; } /* The conflict set should always contain at least one element: * the current key. */ log_assert (conflict_set); for (iter = conflict_set->next; iter; iter = iter->next) { /* We don't immediately set the effective policy to 'ask, because */ rc = gpgsql_exec_printf (dbs->db, NULL, NULL, &sqerr, "update bindings set effective_policy = %d, conflict = %Q" " where email = %Q and fingerprint = %Q and effective_policy != %d;", TOFU_POLICY_NONE, fingerprint, email, iter->d, TOFU_POLICY_ASK); if (rc) { log_error (_("error changing TOFU policy: %s\n"), sqerr); print_further_info ("binding: ", fingerprint, user_id); sqlite3_free (sqerr); sqerr = NULL; rc = gpg_error (GPG_ERR_GENERAL); } else if (DBG_TRUST) log_debug ("Set %s to conflict with %s\n", iter->d, fingerprint); } out: if (in_transaction) end_transaction (ctrl, 0); if (policyp) *policyp = policy; if (conflict_setp) *conflict_setp = conflict_set; else free_strlist (conflict_set); return trust_level; } /* Return a malloced string of the form * "7~months" * The caller should replace all '~' in the returned string by a space * and also free the returned string. * * This is actually a bad hack which may not work correctly with all * languages. */ static char * time_ago_str (long long int t) { /* It would be nice to use a macro to do this, but gettext works on the unpreprocessed code. */ #define MIN_SECS (60) #define HOUR_SECS (60 * MIN_SECS) #define DAY_SECS (24 * HOUR_SECS) #define WEEK_SECS (7 * DAY_SECS) #define MONTH_SECS (30 * DAY_SECS) #define YEAR_SECS (365 * DAY_SECS) if (t > 2 * YEAR_SECS) { long long int c = t / YEAR_SECS; return xtryasprintf (ngettext("%lld~year", "%lld~years", c), c); } if (t > 2 * MONTH_SECS) { long long int c = t / MONTH_SECS; return xtryasprintf (ngettext("%lld~month", "%lld~months", c), c); } if (t > 2 * WEEK_SECS) { long long int c = t / WEEK_SECS; return xtryasprintf (ngettext("%lld~week", "%lld~weeks", c), c); } if (t > 2 * DAY_SECS) { long long int c = t / DAY_SECS; return xtryasprintf (ngettext("%lld~day", "%lld~days", c), c); } if (t > 2 * HOUR_SECS) { long long int c = t / HOUR_SECS; return xtryasprintf (ngettext("%lld~hour", "%lld~hours", c), c); } if (t > 2 * MIN_SECS) { long long int c = t / MIN_SECS; return xtryasprintf (ngettext("%lld~minute", "%lld~minutes", c), c); } return xtryasprintf (ngettext("%lld~second", "%lld~seconds", t), t); } /* If FP is NULL, write TOFU_STATS status line. If FP is not NULL * write a "tfs" record to that stream. */ static void write_stats_status (estream_t fp, enum tofu_policy policy, unsigned long signature_count, unsigned long signature_first_seen, unsigned long signature_most_recent, unsigned long signature_days, unsigned long encryption_count, unsigned long encryption_first_done, unsigned long encryption_most_recent, unsigned long encryption_days) { int summary; int validity; unsigned long days_sq; /* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the sum of the magnitudes (m = a + b) to ensure a balance between verified signatures and encrypted messages. */ days_sq = signature_days * signature_days + encryption_days * encryption_days; if (days_sq < 1) validity = 1; /* Key without history. */ else if (days_sq < (2 * BASIC_TRUST_THRESHOLD) * (2 * BASIC_TRUST_THRESHOLD)) validity = 2; /* Key with too little history. */ else if (days_sq < (2 * FULL_TRUST_THRESHOLD) * (2 * FULL_TRUST_THRESHOLD)) validity = 3; /* Key with enough history for basic trust. */ else validity = 4; /* Key with a lot of history. */ if (policy == TOFU_POLICY_ASK) summary = 0; /* Key requires attention. */ else summary = validity; if (fp) { es_fprintf (fp, "tfs:1:%d:%lu:%lu:%s:%lu:%lu:%lu:%lu:%d:%lu:%lu:\n", summary, signature_count, encryption_count, tofu_policy_str (policy), signature_first_seen, signature_most_recent, encryption_first_done, encryption_most_recent, validity, signature_days, encryption_days); } else { write_status_printf (STATUS_TOFU_STATS, "%d %lu %lu %s %lu %lu %lu %lu %d %lu %lu", summary, signature_count, encryption_count, tofu_policy_str (policy), signature_first_seen, signature_most_recent, encryption_first_done, encryption_most_recent, validity, signature_days, encryption_days); } } /* Note: If OUTFP is not NULL, this function merely prints a "tfs" record * to OUTFP. * * POLICY is the key's policy (as returned by get_policy). * * Returns 0 if ONLY_STATUS_FD is set. Otherwise, returns whether * the caller should call show_warning after iterating over all user * ids. */ static int show_statistics (tofu_dbs_t dbs, const char *fingerprint, const char *email, enum tofu_policy policy, estream_t outfp, int only_status_fd, time_t now) { char *fingerprint_pp; int rc; strlist_t strlist = NULL; char *err = NULL; unsigned long signature_first_seen = 0; unsigned long signature_most_recent = 0; unsigned long signature_count = 0; unsigned long signature_days = 0; unsigned long encryption_first_done = 0; unsigned long encryption_most_recent = 0; unsigned long encryption_count = 0; unsigned long encryption_days = 0; int show_warning = 0; if (only_status_fd && ! is_status_enabled ()) return 0; fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); /* Get the signature stats. */ rc = gpgsql_exec_printf (dbs->db, strings_collect_cb, &strlist, &err, "select count (*), coalesce (min (signatures.time), 0),\n" " coalesce (max (signatures.time), 0)\n" " from signatures\n" " left join bindings on signatures.binding = bindings.oid\n" " where fingerprint = %Q and email = %Q;", fingerprint, email); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("getting signature statistics"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); goto out; } rc = gpgsql_exec_printf (dbs->db, strings_collect_cb, &strlist, &err, "select count (*) from\n" " (select round(signatures.time / (24 * 60 * 60)) day\n" " from signatures\n" " left join bindings on signatures.binding = bindings.oid\n" " where fingerprint = %Q and email = %Q\n" " group by day);", fingerprint, email); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("getting signature statistics (by day)"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); goto out; } if (strlist) { /* We expect exactly 4 elements. */ log_assert (strlist->next); log_assert (strlist->next->next); log_assert (strlist->next->next->next); log_assert (! strlist->next->next->next->next); string_to_ulong (&signature_days, strlist->d, -1, __LINE__); string_to_ulong (&signature_count, strlist->next->d, -1, __LINE__); string_to_ulong (&signature_first_seen, strlist->next->next->d, -1, __LINE__); string_to_ulong (&signature_most_recent, strlist->next->next->next->d, -1, __LINE__); free_strlist (strlist); strlist = NULL; } /* Get the encryption stats. */ rc = gpgsql_exec_printf (dbs->db, strings_collect_cb, &strlist, &err, "select count (*), coalesce (min (encryptions.time), 0),\n" " coalesce (max (encryptions.time), 0)\n" " from encryptions\n" " left join bindings on encryptions.binding = bindings.oid\n" " where fingerprint = %Q and email = %Q;", fingerprint, email); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("getting encryption statistics"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); goto out; } rc = gpgsql_exec_printf (dbs->db, strings_collect_cb, &strlist, &err, "select count (*) from\n" " (select round(encryptions.time / (24 * 60 * 60)) day\n" " from encryptions\n" " left join bindings on encryptions.binding = bindings.oid\n" " where fingerprint = %Q and email = %Q\n" " group by day);", fingerprint, email); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("getting encryption statistics (by day)"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); goto out; } if (strlist) { /* We expect exactly 4 elements. */ log_assert (strlist->next); log_assert (strlist->next->next); log_assert (strlist->next->next->next); log_assert (! strlist->next->next->next->next); string_to_ulong (&encryption_days, strlist->d, -1, __LINE__); string_to_ulong (&encryption_count, strlist->next->d, -1, __LINE__); string_to_ulong (&encryption_first_done, strlist->next->next->d, -1, __LINE__); string_to_ulong (&encryption_most_recent, strlist->next->next->next->d, -1, __LINE__); free_strlist (strlist); strlist = NULL; } if (!outfp) write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint, email, strlen (email), 0); write_stats_status (outfp, policy, signature_count, signature_first_seen, signature_most_recent, signature_days, encryption_count, encryption_first_done, encryption_most_recent, encryption_days); if (!outfp && !only_status_fd) { estream_t fp; char *msg; fp = es_fopenmem (0, "rw,samethread"); if (! fp) log_fatal ("error creating memory stream: %s\n", gpg_strerror (gpg_error_from_syserror())); if (signature_count == 0 && encryption_count == 0) { es_fprintf (fp, _("%s: Verified 0~signatures and encrypted 0~messages."), email); } else { if (signature_count == 0) es_fprintf (fp, _("%s: Verified 0 signatures."), email); else { /* TRANSLATORS: The final %s is replaced by a string like "7~months". */ char *ago_str = time_ago_str (now - signature_first_seen); es_fprintf (fp, ngettext("%s: Verified %ld~signature in the past %s.", "%s: Verified %ld~signatures in the past %s.", signature_count), email, signature_count, ago_str); xfree (ago_str); } es_fputs (" ", fp); if (encryption_count == 0) es_fprintf (fp, _("Encrypted 0 messages.")); else { char *ago_str = time_ago_str (now - encryption_first_done); /* TRANSLATORS: The final %s is replaced by a string like "7~months". */ es_fprintf (fp, ngettext("Encrypted %ld~message in the past %s.", "Encrypted %ld~messages in the past %s.", encryption_count), encryption_count, ago_str); xfree (ago_str); } } if (opt.verbose) { es_fputs (" ", fp); es_fprintf (fp, _("(policy: %s)"), tofu_policy_str (policy)); } es_fputs ("\n", fp); { char *tmpmsg, *p; es_fputc (0, fp); if (es_fclose_snatch (fp, (void **) &tmpmsg, NULL)) log_fatal ("error snatching memory stream\n"); msg = format_text (tmpmsg, 72, 80); if (!msg) /* FIXME: Return the error all the way up. */ log_fatal ("format failed: %s\n", gpg_strerror (gpg_error_from_syserror())); es_free (tmpmsg); /* Print a status line but suppress the trailing LF. * Spaces are not percent escaped. */ if (*msg) write_status_buffer (STATUS_TOFU_STATS_LONG, msg, strlen (msg)-1, -1); /* Remove the non-breaking space markers. */ for (p=msg; *p; p++) if (*p == '~') *p = ' '; } log_string (GPGRT_LOG_INFO, msg); xfree (msg); if (policy == TOFU_POLICY_AUTO) { if (signature_count == 0) log_info (_("Warning: we have yet to see" " a message signed using this key and user id!\n")); else if (signature_count == 1) log_info (_("Warning: we've only seen one message" " signed using this key and user id!\n")); if (encryption_count == 0) log_info (_("Warning: you have yet to encrypt" " a message to this key!\n")); else if (encryption_count == 1) log_info (_("Warning: you have only encrypted" " one message to this key!\n")); /* Cf. write_stats_status */ if ((encryption_count * encryption_count + signature_count * signature_count) < ((2 * BASIC_TRUST_THRESHOLD) * (2 * BASIC_TRUST_THRESHOLD))) show_warning = 1; } } out: xfree (fingerprint_pp); return show_warning; } static void show_warning (const char *fingerprint, strlist_t user_id_list) { char *set_policy_command; char *text; char *tmpmsg; set_policy_command = xasprintf ("gpg --tofu-policy bad %s", fingerprint); tmpmsg = xasprintf (ngettext ("Warning: if you think you've seen more signatures " "by this key and user id, then this key might be a " "forgery! Carefully examine the email address for small " "variations. If the key is suspect, then use\n" " %s\n" "to mark it as being bad.\n", "Warning: if you think you've seen more signatures " "by this key and these user ids, then this key might be a " "forgery! Carefully examine the email addresses for small " "variations. If the key is suspect, then use\n" " %s\n" "to mark it as being bad.\n", strlist_length (user_id_list)), set_policy_command); text = format_text (tmpmsg, 72, 80); if (!text) /* FIXME: Return the error all the way up. */ log_fatal ("format failed: %s\n", gpg_strerror (gpg_error_from_syserror())); xfree (tmpmsg); log_string (GPGRT_LOG_INFO, text); xfree (text); es_free (set_policy_command); } /* Extract the email address from a user id and normalize it. If the user id doesn't contain an email address, then we use the whole user_id and normalize that. The returned string must be freed. */ static char * email_from_user_id (const char *user_id) { char *email = mailbox_from_userid (user_id); if (! email) { /* Hmm, no email address was provided or we are out of core. Just take the lower-case version of the whole user id. It could be a hostname, for instance. */ email = ascii_strlwr (xstrdup (user_id)); } return email; } /* Register the signature with the bindings , for each USER_ID in USER_ID_LIST. The fingerprint is taken from the primary key packet PK. SIG_DIGEST_BIN is the binary representation of the message's digest. SIG_DIGEST_BIN_LEN is its length. SIG_TIME is the time that the signature was generated. ORIGIN is a free-formed string describing the origin of the signature. If this was from an email and the Claws MUA was used, then this should be something like: "email:claws". If this is NULL, the default is simply "unknown". If MAY_ASK is 1, then this function may interact with the user. This is necessary if there is a conflict or the binding's policy is TOFU_POLICY_ASK. This function returns 0 on success and an error code if an error occurred. */ gpg_error_t tofu_register_signature (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, const byte *sig_digest_bin, int sig_digest_bin_len, time_t sig_time, const char *origin) { time_t now = gnupg_get_time (); gpg_error_t rc; tofu_dbs_t dbs; char *fingerprint = NULL; strlist_t user_id; char *email = NULL; char *err = NULL; char *sig_digest; unsigned long c; dbs = opendbs (ctrl); if (! dbs) { rc = gpg_error (GPG_ERR_GENERAL); log_error (_("error opening TOFU database: %s\n"), gpg_strerror (rc)); return rc; } /* We do a query and then an insert. Make sure they are atomic by wrapping them in a transaction. */ rc = begin_transaction (ctrl, 0); if (rc) return rc; log_assert (pk_is_primary (pk)); sig_digest = make_radix64_string (sig_digest_bin, sig_digest_bin_len); fingerprint = hexfingerprint (pk, NULL, 0); if (! origin) /* The default origin is simply "unknown". */ origin = "unknown"; for (user_id = user_id_list; user_id; user_id = user_id->next) { email = email_from_user_id (user_id->d); if (DBG_TRUST) log_debug ("TOFU: Registering signature %s with binding" " \n", sig_digest, fingerprint, email); /* Make sure the binding exists and record any TOFU conflicts. */ if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, NULL, NULL, now) == _tofu_GET_TRUST_ERROR) { rc = gpg_error (GPG_ERR_GENERAL); xfree (email); break; } /* If we've already seen this signature before, then don't add it again. */ rc = gpgsql_stepx (dbs->db, &dbs->s.register_already_seen, get_single_unsigned_long_cb2, &c, &err, "select count (*)\n" " from signatures left join bindings\n" " on signatures.binding = bindings.oid\n" " where fingerprint = ? and email = ? and sig_time = ?\n" " and sig_digest = ?", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_LONG_LONG, (long long) sig_time, GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_END); if (rc) { log_error (_("error reading TOFU database: %s\n"), err); print_further_info ("checking existence"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); } else if (c > 1) /* Duplicates! This should not happen. In particular, because is the primary key! */ log_debug ("SIGNATURES DB contains duplicate records" " ." " Please report.\n", fingerprint, email, (unsigned long) sig_time, sig_digest, origin); else if (c == 1) { if (DBG_TRUST) log_debug ("Already observed the signature and binding" " \n", fingerprint, email, (unsigned long) sig_time, sig_digest, origin); } else if (opt.dry_run) { log_info ("TOFU database update skipped due to --dry-run\n"); } else /* This is the first time that we've seen this signature and binding. Record it. */ { if (DBG_TRUST) log_debug ("TOFU: Saving signature" " \n", fingerprint, email, sig_digest); log_assert (c == 0); rc = gpgsql_stepx (dbs->db, &dbs->s.register_signature, NULL, NULL, &err, "insert into signatures\n" " (binding, sig_digest, origin, sig_time, time)\n" " values\n" " ((select oid from bindings\n" " where fingerprint = ? and email = ?),\n" " ?, ?, ?, ?);", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_STRING, origin, GPGSQL_ARG_LONG_LONG, (long long) sig_time, GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_END); if (rc) { log_error (_("error updating TOFU database: %s\n"), err); print_further_info ("insert signatures"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); } } xfree (email); if (rc) break; } if (rc) rollback_transaction (ctrl); else rc = end_transaction (ctrl, 0); xfree (fingerprint); xfree (sig_digest); return rc; } gpg_error_t tofu_register_encryption (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, int may_ask) { time_t now = gnupg_get_time (); gpg_error_t rc = 0; tofu_dbs_t dbs; kbnode_t kb = NULL; int free_user_id_list = 0; char *fingerprint = NULL; strlist_t user_id; char *err = NULL; dbs = opendbs (ctrl); if (! dbs) { rc = gpg_error (GPG_ERR_GENERAL); log_error (_("error opening TOFU database: %s\n"), gpg_strerror (rc)); return rc; } if (/* We need the key block to find the primary key. */ ! pk_is_primary (pk) /* We need the key block to find all user ids. */ || ! user_id_list) kb = get_pubkeyblock (ctrl, pk->keyid); /* Make sure PK is a primary key. */ if (! pk_is_primary (pk)) pk = kb->pkt->pkt.public_key; if (! user_id_list) { /* Use all non-revoked user ids. Do use expired user ids. */ kbnode_t n = kb; while ((n = find_next_kbnode (n, PKT_USER_ID))) { PKT_user_id *uid = n->pkt->pkt.user_id; if (uid->flags.revoked) continue; add_to_strlist (&user_id_list, uid->name); } free_user_id_list = 1; if (! user_id_list) log_info (_("WARNING: Encrypting to %s, which has no " "non-revoked user ids\n"), keystr (pk->keyid)); } fingerprint = hexfingerprint (pk, NULL, 0); tofu_begin_batch_update (ctrl); tofu_resume_batch_transaction (ctrl); for (user_id = user_id_list; user_id; user_id = user_id->next) { char *email = email_from_user_id (user_id->d); strlist_t conflict_set = NULL; enum tofu_policy policy; /* Make sure the binding exists and that we recognize any conflicts. */ int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, may_ask, &policy, &conflict_set, now); if (tl == _tofu_GET_TRUST_ERROR) { /* An error. */ rc = gpg_error (GPG_ERR_GENERAL); xfree (email); goto die; } /* If there is a conflict and MAY_ASK is true, we need to show * the TOFU statistics for the current binding and the * conflicting bindings. But, if we are not in batch mode, then * they have already been printed (this is required to make sure * the information is available to the caller before cpr_get is * called). */ if (policy == TOFU_POLICY_ASK && may_ask && opt.batch) { strlist_t iter; /* The conflict set should contain at least the current * key. */ log_assert (conflict_set); for (iter = conflict_set; iter; iter = iter->next) show_statistics (dbs, iter->d, email, TOFU_POLICY_ASK, NULL, 1, now); } free_strlist (conflict_set); rc = gpgsql_stepx (dbs->db, &dbs->s.register_encryption, NULL, NULL, &err, "insert into encryptions\n" " (binding, time)\n" " values\n" " ((select oid from bindings\n" " where fingerprint = ? and email = ?),\n" " ?);", GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email, GPGSQL_ARG_LONG_LONG, (long long) now, GPGSQL_ARG_END); if (rc) { log_error (_("error updating TOFU database: %s\n"), err); print_further_info ("insert encryption"); sqlite3_free (err); rc = gpg_error (GPG_ERR_GENERAL); } xfree (email); } die: tofu_end_batch_update (ctrl); if (kb) release_kbnode (kb); if (free_user_id_list) free_strlist (user_id_list); xfree (fingerprint); return rc; } /* Combine a trust level returned from the TOFU trust model with a trust level returned by the PGP trust model. This is primarily of interest when the trust model is tofu+pgp (TM_TOFU_PGP). This function ors together the upper bits (the values not covered by TRUST_MASK, i.e., TRUST_FLAG_REVOKED, etc.). */ int tofu_wot_trust_combine (int tofu_base, int wot_base) { int tofu = tofu_base & TRUST_MASK; int wot = wot_base & TRUST_MASK; int upper = (tofu_base & ~TRUST_MASK) | (wot_base & ~TRUST_MASK); log_assert (tofu == TRUST_UNKNOWN || tofu == TRUST_EXPIRED || tofu == TRUST_UNDEFINED || tofu == TRUST_NEVER || tofu == TRUST_MARGINAL || tofu == TRUST_FULLY || tofu == TRUST_ULTIMATE); log_assert (wot == TRUST_UNKNOWN || wot == TRUST_EXPIRED || wot == TRUST_UNDEFINED || wot == TRUST_NEVER || wot == TRUST_MARGINAL || wot == TRUST_FULLY || wot == TRUST_ULTIMATE); /* We first consider negative trust policys. These trump positive trust policies. */ if (tofu == TRUST_NEVER || wot == TRUST_NEVER) /* TRUST_NEVER trumps everything else. */ return upper | TRUST_NEVER; if (tofu == TRUST_EXPIRED || wot == TRUST_EXPIRED) /* TRUST_EXPIRED trumps everything but TRUST_NEVER. */ return upper | TRUST_EXPIRED; /* Now we only have positive or neutral trust policies. We take the max. */ if (tofu == TRUST_ULTIMATE) return upper | TRUST_ULTIMATE | TRUST_FLAG_TOFU_BASED; if (wot == TRUST_ULTIMATE) return upper | TRUST_ULTIMATE; if (tofu == TRUST_FULLY) return upper | TRUST_FULLY | TRUST_FLAG_TOFU_BASED; if (wot == TRUST_FULLY) return upper | TRUST_FULLY; if (tofu == TRUST_MARGINAL) return upper | TRUST_MARGINAL | TRUST_FLAG_TOFU_BASED; if (wot == TRUST_MARGINAL) return upper | TRUST_MARGINAL; if (tofu == TRUST_UNDEFINED) return upper | TRUST_UNDEFINED | TRUST_FLAG_TOFU_BASED; if (wot == TRUST_UNDEFINED) return upper | TRUST_UNDEFINED; return upper | TRUST_UNKNOWN; } /* Write a "tfs" record for a --with-colons listing. */ gpg_error_t tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, const char *user_id) { time_t now = gnupg_get_time (); gpg_error_t err; tofu_dbs_t dbs; char *fingerprint; char *email; enum tofu_policy policy; if (!*user_id) return 0; /* No TOFU stats possible for an empty ID. */ dbs = opendbs (ctrl); if (!dbs) { err = gpg_error (GPG_ERR_GENERAL); log_error (_("error opening TOFU database: %s\n"), gpg_strerror (err)); return err; } fingerprint = hexfingerprint (pk, NULL, 0); email = email_from_user_id (user_id); policy = get_policy (ctrl, dbs, pk, fingerprint, user_id, email, NULL, now); show_statistics (dbs, fingerprint, email, policy, fp, 0, now); xfree (email); xfree (fingerprint); return 0; } /* Return the validity (TRUST_NEVER, etc.) of the bindings , for each USER_ID in USER_ID_LIST. If USER_ID_LIST->FLAG is set, then the id is considered to be expired. PK is the primary key packet. If MAY_ASK is 1 and the policy is TOFU_POLICY_ASK, then the user will be prompted to choose a policy. If MAY_ASK is 0 and the policy is TOFU_POLICY_ASK, then TRUST_UNKNOWN is returned. Returns TRUST_UNDEFINED if an error occurs. */ int tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list, int may_ask) { time_t now = gnupg_get_time (); tofu_dbs_t dbs; char *fingerprint = NULL; strlist_t user_id; int trust_level = TRUST_UNKNOWN; int bindings = 0; int bindings_valid = 0; int need_warning = 0; int had_conflict = 0; dbs = opendbs (ctrl); if (! dbs) { log_error (_("error opening TOFU database: %s\n"), gpg_strerror (GPG_ERR_GENERAL)); return TRUST_UNDEFINED; } fingerprint = hexfingerprint (pk, NULL, 0); tofu_begin_batch_update (ctrl); /* Start the batch transaction now. */ tofu_resume_batch_transaction (ctrl); for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++) { char *email = email_from_user_id (user_id->d); strlist_t conflict_set = NULL; enum tofu_policy policy; /* Always call get_trust to make sure the binding is registered. */ int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, may_ask, &policy, &conflict_set, now); if (tl == _tofu_GET_TRUST_ERROR) { /* An error. */ trust_level = TRUST_UNDEFINED; xfree (email); goto die; } if (DBG_TRUST) log_debug ("TOFU: validity for : %s%s.\n", fingerprint, email, trust_value_to_string (tl), user_id->flags ? " (but expired)" : ""); if (user_id->flags) tl = TRUST_EXPIRED; if (tl != TRUST_EXPIRED) bindings_valid ++; if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED) { /* If policy is ask, then we already printed out the * conflict information in ask_about_binding or will do so * in a moment. */ if (policy != TOFU_POLICY_ASK) need_warning |= show_statistics (dbs, fingerprint, email, policy, NULL, 0, now); /* If there is a conflict and MAY_ASK is true, we need to * show the TOFU statistics for the current binding and the * conflicting bindings. But, if we are not in batch mode, * then they have already been printed (this is required to * make sure the information is available to the caller * before cpr_get is called). */ if (policy == TOFU_POLICY_ASK && opt.batch) { strlist_t iter; /* The conflict set should contain at least the current * key. */ log_assert (conflict_set); had_conflict = 1; for (iter = conflict_set; iter; iter = iter->next) show_statistics (dbs, iter->d, email, TOFU_POLICY_ASK, NULL, 1, now); } } free_strlist (conflict_set); if (tl == TRUST_NEVER) trust_level = TRUST_NEVER; else if (tl == TRUST_EXPIRED) /* Ignore expired bindings in the trust calculation. */ ; else if (tl > trust_level) { /* The expected values: */ log_assert (tl == TRUST_UNKNOWN || tl == TRUST_UNDEFINED || tl == TRUST_MARGINAL || tl == TRUST_FULLY || tl == TRUST_ULTIMATE); /* We assume the following ordering: */ log_assert (TRUST_UNKNOWN < TRUST_UNDEFINED); log_assert (TRUST_UNDEFINED < TRUST_MARGINAL); log_assert (TRUST_MARGINAL < TRUST_FULLY); log_assert (TRUST_FULLY < TRUST_ULTIMATE); trust_level = tl; } xfree (email); } if (need_warning && ! had_conflict) show_warning (fingerprint, user_id_list); die: tofu_end_batch_update (ctrl); xfree (fingerprint); if (bindings_valid == 0) { if (DBG_TRUST) log_debug ("no (of %d) valid bindings." " Can't get TOFU validity for this set of user ids.\n", bindings); return TRUST_NEVER; } return trust_level; } /* Set the policy for all non-revoked user ids in the keyblock KB to POLICY. If no key is available with the specified key id, then this function returns GPG_ERR_NO_PUBKEY. Returns 0 on success and an error code otherwise. */ gpg_error_t tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) { gpg_error_t err = 0; time_t now = gnupg_get_time (); tofu_dbs_t dbs; PKT_public_key *pk; char *fingerprint = NULL; log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY); pk = kb->pkt->pkt.public_key; dbs = opendbs (ctrl); if (! dbs) { log_error (_("error opening TOFU database: %s\n"), gpg_strerror (GPG_ERR_GENERAL)); return gpg_error (GPG_ERR_GENERAL); } if (DBG_TRUST) log_debug ("Setting TOFU policy for %s to %s\n", keystr (pk->keyid), tofu_policy_str (policy)); if (! pk_is_primary (pk)) log_bug ("%s: Passed a subkey, but expecting a primary key.\n", __func__); fingerprint = hexfingerprint (pk, NULL, 0); begin_transaction (ctrl, 0); for (; kb; kb = kb->next) { PKT_user_id *user_id; char *email; if (kb->pkt->pkttype != PKT_USER_ID) continue; user_id = kb->pkt->pkt.user_id; if (user_id->flags.revoked) /* Skip revoked user ids. (Don't skip expired user ids, the expiry can be changed.) */ continue; email = email_from_user_id (user_id->name); err = record_binding (dbs, fingerprint, email, user_id->name, policy, TOFU_POLICY_NONE, NULL, 0, 1, now); if (err) { log_error (_("error setting policy for key %s, user id \"%s\": %s"), fingerprint, email, gpg_strerror (err)); xfree (email); break; } xfree (email); } if (err) rollback_transaction (ctrl); else end_transaction (ctrl, 0); xfree (fingerprint); return err; } /* Return the TOFU policy for the specified binding in *POLICY. If no policy has been set for the binding, sets *POLICY to TOFU_POLICY_NONE. PK is a primary public key and USER_ID is a user id. Returns 0 on success and an error code otherwise. */ gpg_error_t tofu_get_policy (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *user_id, enum tofu_policy *policy) { time_t now = gnupg_get_time (); tofu_dbs_t dbs; char *fingerprint; char *email; /* Make sure PK is a primary key. */ log_assert (pk_is_primary (pk)); dbs = opendbs (ctrl); if (! dbs) { log_error (_("error opening TOFU database: %s\n"), gpg_strerror (GPG_ERR_GENERAL)); return gpg_error (GPG_ERR_GENERAL); } fingerprint = hexfingerprint (pk, NULL, 0); email = email_from_user_id (user_id->name); *policy = get_policy (ctrl, dbs, pk, fingerprint, user_id->name, email, NULL, now); xfree (email); xfree (fingerprint); if (*policy == _tofu_GET_POLICY_ERROR) return gpg_error (GPG_ERR_GENERAL); return 0; } gpg_error_t tofu_notice_key_changed (ctrl_t ctrl, kbnode_t kb) { tofu_dbs_t dbs; PKT_public_key *pk; char *fingerprint; char *sqlerr = NULL; int rc; /* Make sure PK is a primary key. */ setup_main_keyids (kb); pk = kb->pkt->pkt.public_key; log_assert (pk_is_primary (pk)); dbs = opendbs (ctrl); if (! dbs) { log_error (_("error opening TOFU database: %s\n"), gpg_strerror (GPG_ERR_GENERAL)); return gpg_error (GPG_ERR_GENERAL); } fingerprint = hexfingerprint (pk, NULL, 0); rc = gpgsql_stepx (dbs->db, NULL, NULL, NULL, &sqlerr, "update bindings set effective_policy = ?" " where fingerprint = ?;", GPGSQL_ARG_INT, (int) TOFU_POLICY_NONE, GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_END); xfree (fingerprint); if (rc == _tofu_GET_POLICY_ERROR) return gpg_error (GPG_ERR_GENERAL); return 0; }