Line | Count | Source |
1 | | /* pkclist.c - create a list of public keys |
2 | | * Copyright (C) 1998-2020 Free Software Foundation, Inc. |
3 | | * Copyright (C) 1997-2019 Werner Koch |
4 | | * Copyright (C) 2015-2020 g10 Code GmbH |
5 | | * |
6 | | * This file is part of GnuPG. |
7 | | * |
8 | | * GnuPG is free software; you can redistribute it and/or modify |
9 | | * it under the terms of the GNU General Public License as published by |
10 | | * the Free Software Foundation; either version 3 of the License, or |
11 | | * (at your option) any later version. |
12 | | * |
13 | | * GnuPG is distributed in the hope that it will be useful, |
14 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | | * GNU General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU General Public License |
19 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
20 | | * SPDX-License-Identifier: GPL-3.0-or-later |
21 | | */ |
22 | | |
23 | | #include <config.h> |
24 | | #include <stdio.h> |
25 | | #include <stdlib.h> |
26 | | #include <string.h> |
27 | | #include <errno.h> |
28 | | |
29 | | #include "gpg.h" |
30 | | #include "options.h" |
31 | | #include "packet.h" |
32 | | #include "../common/status.h" |
33 | | #include "keydb.h" |
34 | | #include "../common/util.h" |
35 | | #include "main.h" |
36 | | #include "trustdb.h" |
37 | | #include "../common/ttyio.h" |
38 | | #include "../common/status.h" |
39 | | #include "photoid.h" |
40 | | #include "../common/i18n.h" |
41 | | #include "../common/mbox-util.h" |
42 | | #include "tofu.h" |
43 | | |
44 | 0 | #define CONTROL_D ('D' - 'A' + 1) |
45 | | |
46 | | static void |
47 | | send_status_inv_recp (int reason, const char *name) |
48 | 0 | { |
49 | 0 | char buf[40]; |
50 | |
|
51 | 0 | snprintf (buf, sizeof buf, "%d ", reason); |
52 | 0 | write_status_text_and_buffer (STATUS_INV_RECP, buf, |
53 | 0 | name, strlen (name), |
54 | 0 | -1); |
55 | 0 | } |
56 | | |
57 | | |
58 | | /**************** |
59 | | * Show the revocation reason as it is stored with the given signature |
60 | | */ |
61 | | static void |
62 | | do_show_revocation_reason( PKT_signature *sig ) |
63 | 0 | { |
64 | 0 | size_t n, nn; |
65 | 0 | const byte *p, *pp; |
66 | 0 | int seq = 0; |
67 | 0 | const char *text; |
68 | |
|
69 | 0 | while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON, |
70 | 0 | &n, &seq, NULL)) ) { |
71 | 0 | if( !n ) |
72 | 0 | continue; /* invalid - just skip it */ |
73 | | |
74 | 0 | if( *p == 0 ) |
75 | 0 | text = _("No reason specified"); |
76 | 0 | else if( *p == 0x01 ) |
77 | 0 | text = _("Key is superseded"); |
78 | 0 | else if( *p == 0x02 ) |
79 | 0 | text = _("Key has been compromised"); |
80 | 0 | else if( *p == 0x03 ) |
81 | 0 | text = _("Key is no longer used"); |
82 | 0 | else if( *p == 0x20 ) |
83 | 0 | text = _("User ID is no longer valid"); |
84 | 0 | else |
85 | 0 | text = NULL; |
86 | |
|
87 | 0 | log_info ( _("reason for revocation: ")); |
88 | 0 | if (text) |
89 | 0 | log_printf ("%s\n", text); |
90 | 0 | else |
91 | 0 | log_printf ("code=%02x\n", *p ); |
92 | 0 | n--; p++; |
93 | 0 | pp = NULL; |
94 | 0 | do { |
95 | | /* We don't want any empty lines, so skip them */ |
96 | 0 | while( n && *p == '\n' ) { |
97 | 0 | p++; |
98 | 0 | n--; |
99 | 0 | } |
100 | 0 | if( n ) { |
101 | 0 | pp = memchr( p, '\n', n ); |
102 | 0 | nn = pp? pp - p : n; |
103 | 0 | log_info ( _("revocation comment: ") ); |
104 | 0 | es_write_sanitized (log_get_stream(), p, nn, NULL, NULL); |
105 | 0 | log_printf ("\n"); |
106 | 0 | p += nn; n -= nn; |
107 | 0 | } |
108 | 0 | } while( pp ); |
109 | 0 | } |
110 | 0 | } |
111 | | |
112 | | /* Mode 0: try and find the revocation based on the pk (i.e. check |
113 | | subkeys, etc.) Mode 1: use only the revocation on the main pk */ |
114 | | |
115 | | void |
116 | | show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode) |
117 | 0 | { |
118 | | /* Hmmm, this is not so easy because we have to duplicate the code |
119 | | * used in the trustdb to calculate the keyflags. We need to find |
120 | | * a clean way to check revocation certificates on keys and |
121 | | * signatures. And there should be no duplicate code. Because we |
122 | | * enter this function only when the trustdb told us that we have |
123 | | * a revoked key, we could simply look for a revocation cert and |
124 | | * display this one, when there is only one. Let's try to do this |
125 | | * until we have a better solution. */ |
126 | 0 | KBNODE node, keyblock = NULL; |
127 | 0 | byte fingerprint[MAX_FINGERPRINT_LEN]; |
128 | 0 | size_t fingerlen; |
129 | 0 | int rc; |
130 | | |
131 | | /* get the keyblock */ |
132 | 0 | fingerprint_from_pk (pk, fingerprint, &fingerlen); |
133 | 0 | rc = get_pubkey_byfpr (ctrl, NULL, &keyblock, fingerprint, fingerlen); |
134 | 0 | if( rc ) { /* that should never happen */ |
135 | 0 | log_debug( "failed to get the keyblock\n"); |
136 | 0 | return; |
137 | 0 | } |
138 | | |
139 | 0 | for( node=keyblock; node; node = node->next ) { |
140 | 0 | if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) || |
141 | 0 | ( ( node->pkt->pkttype == PKT_PUBLIC_KEY |
142 | 0 | || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) |
143 | 0 | && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) ) |
144 | 0 | break; |
145 | 0 | } |
146 | 0 | if( !node ) { |
147 | 0 | log_debug("Oops, PK not in keyblock\n"); |
148 | 0 | release_kbnode( keyblock ); |
149 | 0 | return; |
150 | 0 | } |
151 | | /* now find the revocation certificate */ |
152 | 0 | for( node = node->next; node ; node = node->next ) { |
153 | 0 | if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) |
154 | 0 | break; |
155 | 0 | if( node->pkt->pkttype == PKT_SIGNATURE |
156 | 0 | && (node->pkt->pkt.signature->sig_class == 0x20 |
157 | 0 | || node->pkt->pkt.signature->sig_class == 0x28 ) ) { |
158 | | /* FIXME: we should check the signature here */ |
159 | 0 | do_show_revocation_reason ( node->pkt->pkt.signature ); |
160 | 0 | break; |
161 | 0 | } |
162 | 0 | } |
163 | | |
164 | | /* We didn't find it, so check if the whole key is revoked */ |
165 | 0 | if(!node && !mode) |
166 | 0 | show_revocation_reason (ctrl, pk, 1); |
167 | |
|
168 | 0 | release_kbnode( keyblock ); |
169 | 0 | } |
170 | | |
171 | | |
172 | | /**************** |
173 | | * mode: 0 = standard |
174 | | * 1 = Without key info and additional menu option 'm' |
175 | | * this does also add an option to set the key to ultimately trusted. |
176 | | * Returns: |
177 | | * -2 = nothing changed - caller should show some additional info |
178 | | * -1 = quit operation |
179 | | * 0 = nothing changed |
180 | | * 1 = new ownertrust now in new_trust |
181 | | */ |
182 | | #ifndef NO_TRUST_MODELS |
183 | | static int |
184 | | do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode, |
185 | | unsigned *new_trust, int defer_help ) |
186 | 0 | { |
187 | 0 | char *p; |
188 | 0 | u32 keyid[2]; |
189 | 0 | int changed=0; |
190 | 0 | int quit=0; |
191 | 0 | int show=0; |
192 | 0 | int min_num; |
193 | 0 | int did_help=defer_help; |
194 | 0 | unsigned int minimum = tdb_get_min_ownertrust (ctrl, pk, 0); |
195 | |
|
196 | 0 | switch(minimum) |
197 | 0 | { |
198 | 0 | default: |
199 | 0 | case TRUST_UNDEFINED: min_num=1; break; |
200 | 0 | case TRUST_NEVER: min_num=2; break; |
201 | 0 | case TRUST_MARGINAL: min_num=3; break; |
202 | 0 | case TRUST_FULLY: min_num=4; break; |
203 | 0 | } |
204 | | |
205 | 0 | keyid_from_pk (pk, keyid); |
206 | 0 | for(;;) { |
207 | | /* A string with valid answers. |
208 | | |
209 | | TRANSLATORS: These are the allowed answers in lower and |
210 | | uppercase. Below you will find the matching strings which |
211 | | should be translated accordingly and the letter changed to |
212 | | match the one in the answer string. |
213 | | |
214 | | i = please show me more information |
215 | | m = back to the main menu |
216 | | s = skip this key |
217 | | q = quit |
218 | | */ |
219 | 0 | const char *ans = _("iImMqQsS"); |
220 | |
|
221 | 0 | if( !did_help ) |
222 | 0 | { |
223 | 0 | if( !mode ) |
224 | 0 | { |
225 | 0 | KBNODE keyblock, un; |
226 | |
|
227 | 0 | tty_printf (_("No trust value assigned to:\n")); |
228 | 0 | print_key_line (ctrl, NULL, pk, 0); |
229 | |
|
230 | 0 | p = get_user_id_native (ctrl, keyid); |
231 | 0 | tty_printf (_(" \"%s\"\n"),p); |
232 | 0 | xfree (p); |
233 | |
|
234 | 0 | keyblock = get_pubkeyblock (ctrl, keyid); |
235 | 0 | if (!keyblock) |
236 | 0 | BUG (); |
237 | 0 | for (un=keyblock; un; un = un->next) |
238 | 0 | { |
239 | 0 | if (un->pkt->pkttype != PKT_USER_ID ) |
240 | 0 | continue; |
241 | 0 | if (un->pkt->pkt.user_id->flags.revoked) |
242 | 0 | continue; |
243 | 0 | if (un->pkt->pkt.user_id->flags.expired) |
244 | 0 | continue; |
245 | | /* Only skip textual primaries */ |
246 | 0 | if (un->pkt->pkt.user_id->flags.primary |
247 | 0 | && !un->pkt->pkt.user_id->attrib_data ) |
248 | 0 | continue; |
249 | | |
250 | 0 | if((opt.verify_options&VERIFY_SHOW_PHOTOS) |
251 | 0 | && un->pkt->pkt.user_id->attrib_data) |
252 | 0 | show_photos (ctrl, |
253 | 0 | un->pkt->pkt.user_id->attribs, |
254 | 0 | un->pkt->pkt.user_id->numattribs, pk, |
255 | 0 | un->pkt->pkt.user_id); |
256 | |
|
257 | 0 | p=utf8_to_native(un->pkt->pkt.user_id->name, |
258 | 0 | un->pkt->pkt.user_id->len,0); |
259 | |
|
260 | 0 | tty_printf(_(" aka \"%s\"\n"),p); |
261 | 0 | } |
262 | |
|
263 | 0 | print_fingerprint (ctrl, NULL, pk, 2); |
264 | 0 | tty_printf("\n"); |
265 | 0 | release_kbnode (keyblock); |
266 | 0 | } |
267 | | |
268 | 0 | if(opt.trust_model==TM_DIRECT) |
269 | 0 | { |
270 | 0 | tty_printf(_("How much do you trust that this key actually " |
271 | 0 | "belongs to the named user?\n")); |
272 | 0 | tty_printf("\n"); |
273 | 0 | } |
274 | 0 | else |
275 | 0 | { |
276 | | /* This string also used in keyedit.c:trustsig_prompt */ |
277 | 0 | tty_printf(_("Please decide how far you trust this user to" |
278 | 0 | " correctly verify other users' keys\n" |
279 | 0 | "(by looking at passports, checking fingerprints from" |
280 | 0 | " different sources, etc.)\n")); |
281 | 0 | tty_printf("\n"); |
282 | 0 | } |
283 | |
|
284 | 0 | if(min_num<=1) |
285 | 0 | tty_printf (_(" %d = I don't know or won't say\n"), 1); |
286 | 0 | if(min_num<=2) |
287 | 0 | tty_printf (_(" %d = I do NOT trust\n"), 2); |
288 | 0 | if(min_num<=3) |
289 | 0 | tty_printf (_(" %d = I trust marginally\n"), 3); |
290 | 0 | if(min_num<=4) |
291 | 0 | tty_printf (_(" %d = I trust fully\n"), 4); |
292 | 0 | if (mode) |
293 | 0 | tty_printf (_(" %d = I trust ultimately\n"), 5); |
294 | | #if 0 |
295 | | /* not yet implemented */ |
296 | | tty_printf (" i = please show me more information\n"); |
297 | | #endif |
298 | 0 | if( mode ) |
299 | 0 | tty_printf(_(" m = back to the main menu\n")); |
300 | 0 | else |
301 | 0 | { |
302 | 0 | tty_printf(_(" s = skip this key\n")); |
303 | 0 | tty_printf(_(" q = quit\n")); |
304 | 0 | } |
305 | 0 | tty_printf("\n"); |
306 | 0 | if(minimum) |
307 | 0 | tty_printf(_("The minimum trust level for this key is: %s\n\n"), |
308 | 0 | trust_value_to_string(minimum)); |
309 | 0 | did_help = 1; |
310 | 0 | } |
311 | 0 | if( strlen(ans) != 8 ) |
312 | 0 | BUG(); |
313 | 0 | p = cpr_get("edit_ownertrust.value",_("Your decision? ")); |
314 | 0 | trim_spaces(p); |
315 | 0 | cpr_kill_prompt(); |
316 | 0 | if( !*p ) |
317 | 0 | did_help = 0; |
318 | 0 | else if( *p && p[1] ) |
319 | 0 | ; |
320 | 0 | else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) ) |
321 | 0 | { |
322 | 0 | unsigned int trust; |
323 | 0 | switch( *p ) |
324 | 0 | { |
325 | 0 | case '1': trust = TRUST_UNDEFINED; break; |
326 | 0 | case '2': trust = TRUST_NEVER ; break; |
327 | 0 | case '3': trust = TRUST_MARGINAL ; break; |
328 | 0 | case '4': trust = TRUST_FULLY ; break; |
329 | 0 | case '5': trust = TRUST_ULTIMATE ; break; |
330 | 0 | default: BUG(); |
331 | 0 | } |
332 | 0 | if (trust == TRUST_ULTIMATE |
333 | 0 | && !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay", |
334 | 0 | _("Do you really want to set this key" |
335 | 0 | " to ultimate trust? (y/N) "))) |
336 | 0 | ; /* no */ |
337 | 0 | else |
338 | 0 | { |
339 | 0 | *new_trust = trust; |
340 | 0 | changed = 1; |
341 | 0 | break; |
342 | 0 | } |
343 | 0 | } |
344 | | #if 0 |
345 | | /* not yet implemented */ |
346 | | else if( *p == ans[0] || *p == ans[1] ) |
347 | | { |
348 | | tty_printf(_("Certificates leading to an ultimately trusted key:\n")); |
349 | | show = 1; |
350 | | break; |
351 | | } |
352 | | #endif |
353 | 0 | else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) ) |
354 | 0 | { |
355 | 0 | break ; /* back to the menu */ |
356 | 0 | } |
357 | 0 | else if( !mode && (*p == ans[6] || *p == ans[7] ) ) |
358 | 0 | { |
359 | 0 | break; /* skip */ |
360 | 0 | } |
361 | 0 | else if( !mode && (*p == ans[4] || *p == ans[5] ) ) |
362 | 0 | { |
363 | 0 | quit = 1; |
364 | 0 | break ; /* back to the menu */ |
365 | 0 | } |
366 | 0 | xfree(p); p = NULL; |
367 | 0 | } |
368 | 0 | xfree(p); |
369 | 0 | return show? -2: quit? -1 : changed; |
370 | 0 | } |
371 | | #endif /*!NO_TRUST_MODELS*/ |
372 | | |
373 | | |
374 | | /* |
375 | | * Display a menu to change the ownertrust of the key PK (which should |
376 | | * be a primary key). |
377 | | * For mode values see do_edit_ownertrust () |
378 | | */ |
379 | | #ifndef NO_TRUST_MODELS |
380 | | int |
381 | | edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode ) |
382 | 0 | { |
383 | 0 | unsigned int trust = 0; |
384 | 0 | int no_help = 0; |
385 | |
|
386 | 0 | for(;;) |
387 | 0 | { |
388 | 0 | switch ( do_edit_ownertrust (ctrl, pk, mode, &trust, no_help ) ) |
389 | 0 | { |
390 | 0 | case -1: /* quit */ |
391 | 0 | return -1; |
392 | 0 | case -2: /* show info */ |
393 | 0 | no_help = 1; |
394 | 0 | break; |
395 | 0 | case 1: /* trust value set */ |
396 | 0 | trust &= ~TRUST_FLAG_DISABLED; |
397 | 0 | trust |= get_ownertrust (ctrl, pk) & TRUST_FLAG_DISABLED; |
398 | 0 | update_ownertrust (ctrl, pk, trust ); |
399 | 0 | return 1; |
400 | 0 | default: |
401 | 0 | return 0; |
402 | 0 | } |
403 | 0 | } |
404 | 0 | } |
405 | | #endif /*!NO_TRUST_MODELS*/ |
406 | | |
407 | | |
408 | | /**************** |
409 | | * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL |
410 | | * Returns: true if we trust. |
411 | | */ |
412 | | static int |
413 | | do_we_trust( PKT_public_key *pk, unsigned int trustlevel ) |
414 | 0 | { |
415 | | /* We should not be able to get here with a revoked or expired |
416 | | key */ |
417 | 0 | if(trustlevel & TRUST_FLAG_REVOKED |
418 | 0 | || trustlevel & TRUST_FLAG_SUB_REVOKED |
419 | 0 | || (trustlevel & TRUST_MASK) == TRUST_EXPIRED) |
420 | 0 | { |
421 | 0 | if (opt.ignore_expiration) |
422 | 0 | return 0; |
423 | 0 | BUG (); |
424 | 0 | } |
425 | | |
426 | 0 | if( opt.trust_model==TM_ALWAYS ) |
427 | 0 | { |
428 | 0 | if( opt.verbose ) |
429 | 0 | log_info("No trust check due to '--trust-model always' option\n"); |
430 | 0 | return 1; |
431 | 0 | } |
432 | | |
433 | 0 | switch(trustlevel & TRUST_MASK) |
434 | 0 | { |
435 | 0 | default: |
436 | 0 | log_error ("invalid trustlevel %u returned from validation layer\n", |
437 | 0 | trustlevel); |
438 | | /* fall through */ |
439 | 0 | case TRUST_UNKNOWN: |
440 | 0 | case TRUST_UNDEFINED: |
441 | 0 | log_info(_("%s: There is no assurance this key belongs" |
442 | 0 | " to the named user\n"),keystr_from_pk(pk)); |
443 | 0 | return 0; /* no */ |
444 | | |
445 | 0 | case TRUST_MARGINAL: |
446 | 0 | log_info(_("%s: There is limited assurance this key belongs" |
447 | 0 | " to the named user\n"),keystr_from_pk(pk)); |
448 | 0 | return 1; /* yes */ |
449 | | |
450 | 0 | case TRUST_FULLY: |
451 | 0 | if( opt.verbose ) |
452 | 0 | log_info(_("This key probably belongs to the named user\n")); |
453 | 0 | return 1; /* yes */ |
454 | | |
455 | 0 | case TRUST_ULTIMATE: |
456 | 0 | if( opt.verbose ) |
457 | 0 | log_info(_("This key belongs to us\n")); |
458 | 0 | return 1; /* yes */ |
459 | | |
460 | 0 | case TRUST_NEVER: |
461 | | /* This can be returned by TOFU, which can return negative |
462 | | assertions. */ |
463 | 0 | log_info(_("%s: This key is bad! It has been marked as untrusted!\n"), |
464 | 0 | keystr_from_pk(pk)); |
465 | 0 | return 0; /* no */ |
466 | 0 | } |
467 | | |
468 | 0 | return 1; /*NOTREACHED*/ |
469 | 0 | } |
470 | | |
471 | | |
472 | | /**************** |
473 | | * wrapper around do_we_trust, so we can ask whether to use the |
474 | | * key anyway. |
475 | | */ |
476 | | static int |
477 | | do_we_trust_pre (ctrl_t ctrl, PKT_public_key *pk, unsigned int trustlevel ) |
478 | 0 | { |
479 | 0 | int rc; |
480 | |
|
481 | 0 | rc = do_we_trust( pk, trustlevel ); |
482 | |
|
483 | 0 | if( !opt.batch && !rc ) |
484 | 0 | { |
485 | 0 | print_key_info (ctrl, NULL, 0, pk, 0); |
486 | 0 | print_fingerprint (ctrl, NULL, pk, 2); |
487 | 0 | tty_printf("\n"); |
488 | |
|
489 | 0 | if ((trustlevel & TRUST_MASK) == TRUST_NEVER) |
490 | 0 | tty_printf( |
491 | 0 | _("This key is bad! It has been marked as untrusted! If you\n" |
492 | 0 | "*really* know what you are doing, you may answer the next\n" |
493 | 0 | "question with yes.\n")); |
494 | 0 | else |
495 | 0 | tty_printf( |
496 | 0 | _("It is NOT certain that the key belongs to the person named\n" |
497 | 0 | "in the user ID. If you *really* know what you are doing,\n" |
498 | 0 | "you may answer the next question with yes.\n")); |
499 | |
|
500 | 0 | tty_printf("\n"); |
501 | | |
502 | |
|
503 | 0 | if (is_status_enabled ()) |
504 | 0 | { |
505 | 0 | u32 kid[2]; |
506 | 0 | char *hint_str; |
507 | |
|
508 | 0 | keyid_from_pk (pk, kid); |
509 | 0 | hint_str = get_long_user_id_string (ctrl, kid); |
510 | 0 | write_status_text ( STATUS_USERID_HINT, hint_str ); |
511 | 0 | xfree (hint_str); |
512 | 0 | } |
513 | |
|
514 | 0 | if( cpr_get_answer_is_yes("untrusted_key.override", |
515 | 0 | _("Use this key anyway? (y/N) ")) ) |
516 | 0 | rc = 1; |
517 | | |
518 | | /* Hmmm: Should we set a flag to tell the user about |
519 | | * his decision the next time he encrypts for this recipient? |
520 | | */ |
521 | 0 | } |
522 | |
|
523 | 0 | return rc; |
524 | 0 | } |
525 | | |
526 | | |
527 | | /* Write a TRUST_foo status line including the validation model and if |
528 | | * MBOX is not NULL the targeted User ID's mbox. */ |
529 | | static void |
530 | | write_trust_status (int statuscode, int trustlevel, const char *mbox) |
531 | 0 | { |
532 | | #ifdef NO_TRUST_MODELS |
533 | | write_status (statuscode); |
534 | | #else /* NO_TRUST_MODELS */ |
535 | 0 | int tm; |
536 | | |
537 | | /* For the combined tofu+pgp method, we return the trust model which |
538 | | * was responsible for the trustlevel. */ |
539 | 0 | if (opt.trust_model == TM_TOFU_PGP) |
540 | 0 | tm = (trustlevel & TRUST_FLAG_TOFU_BASED)? TM_TOFU : TM_PGP; |
541 | 0 | else |
542 | 0 | tm = opt.trust_model; |
543 | |
|
544 | 0 | if (mbox) |
545 | 0 | { |
546 | 0 | char *escmbox = percent_escape (mbox, NULL); |
547 | |
|
548 | 0 | write_status_strings (statuscode, "0 ", trust_model_string (tm), |
549 | 0 | " ", escmbox? escmbox : "?", NULL); |
550 | 0 | xfree (escmbox); |
551 | 0 | } |
552 | 0 | else |
553 | 0 | write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL); |
554 | |
|
555 | 0 | #endif /* NO_TRUST_MODELS */ |
556 | 0 | } |
557 | | |
558 | | |
559 | | /* Return true if MBOX matches one of the names in opt.sender_list. */ |
560 | | static int |
561 | | is_in_sender_list (const char *mbox) |
562 | 0 | { |
563 | 0 | strlist_t sl; |
564 | |
|
565 | 0 | for (sl = opt.sender_list; sl; sl = sl->next) |
566 | 0 | if (!strcmp (mbox, sl->d)) |
567 | 0 | return 1; |
568 | 0 | return 0; |
569 | 0 | } |
570 | | |
571 | | |
572 | | /* Check whether we can trust this signature. KEYBLOCK contains the |
573 | | * key PK used to check the signature SIG. We need PK here in |
574 | | * addition to KEYBLOCK so that we know the subkey used for |
575 | | * verification. Returns an error code if we should not trust this |
576 | | * signature (i.e. done by an not trusted key). */ |
577 | | gpg_error_t |
578 | | check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk, |
579 | | PKT_signature *sig) |
580 | 0 | { |
581 | 0 | gpg_error_t err = 0; |
582 | 0 | int uidbased = 0; /* 1 = signer's UID, 2 = use --sender option. */ |
583 | 0 | unsigned int trustlevel = TRUST_UNKNOWN; |
584 | 0 | PKT_public_key *mainpk; |
585 | 0 | PKT_user_id *targetuid; |
586 | 0 | const char *testedtarget = NULL; |
587 | 0 | const char *statusmbox = NULL; |
588 | 0 | kbnode_t n; |
589 | |
|
590 | 0 | if (opt.trust_model == TM_ALWAYS) |
591 | 0 | { |
592 | 0 | if (!opt.quiet) |
593 | 0 | log_info(_("WARNING: Using untrusted key!\n")); |
594 | 0 | if (opt.with_fingerprint) |
595 | 0 | print_fingerprint (ctrl, NULL, pk, 1); |
596 | 0 | goto leave; |
597 | 0 | } |
598 | | |
599 | 0 | log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); |
600 | 0 | mainpk = keyblock->pkt->pkt.public_key; |
601 | |
|
602 | 0 | if ((pk->flags.maybe_revoked && !pk->flags.revoked) |
603 | 0 | || (mainpk->flags.maybe_revoked && !mainpk->flags.revoked)) |
604 | 0 | log_info(_("WARNING: this key might be revoked (revocation key" |
605 | 0 | " not present)\n")); |
606 | | |
607 | | /* Figure out the user ID which was used to create the signature. |
608 | | * Note that the Signer's UID may be not a valid addr-spec but the |
609 | | * plain value from the sub-packet; thus we need to check this |
610 | | * before looking for the matching User ID (our parser makes sure |
611 | | * that signers_uid has only the mbox if there is an mbox). */ |
612 | 0 | if (is_valid_mailbox (sig->signers_uid)) |
613 | 0 | uidbased = 1; /* We got the signer's UID and it is an addr-spec. */ |
614 | 0 | else if (opt.sender_list) |
615 | 0 | uidbased = 2; |
616 | 0 | else |
617 | 0 | uidbased = 0; |
618 | 0 | targetuid = NULL; |
619 | 0 | if (uidbased) |
620 | 0 | { |
621 | 0 | u32 tmpcreated = 0; /* Helper to find the latest user ID. */ |
622 | 0 | PKT_user_id *tmpuid; |
623 | |
|
624 | 0 | for (n=keyblock; n; n = n->next) |
625 | 0 | if (n->pkt->pkttype == PKT_USER_ID |
626 | 0 | && !(tmpuid = n->pkt->pkt.user_id)->attrib_data |
627 | 0 | && tmpuid->created /* (is valid) */ |
628 | 0 | && !tmpuid->flags.revoked |
629 | 0 | && !tmpuid->flags.expired) |
630 | 0 | { |
631 | 0 | if (!tmpuid->mbox) |
632 | 0 | tmpuid->mbox = mailbox_from_userid (tmpuid->name, 0); |
633 | 0 | if (!tmpuid->mbox) |
634 | 0 | continue; |
635 | | |
636 | 0 | if (uidbased == 1) |
637 | 0 | { |
638 | 0 | if (!strcmp (tmpuid->mbox, sig->signers_uid) |
639 | 0 | && tmpuid->created > tmpcreated) |
640 | 0 | { |
641 | 0 | tmpcreated = tmpuid->created; |
642 | 0 | targetuid = tmpuid; |
643 | 0 | } |
644 | 0 | } |
645 | 0 | else |
646 | 0 | { |
647 | 0 | if (is_in_sender_list (tmpuid->mbox) |
648 | 0 | && tmpuid->created > tmpcreated) |
649 | 0 | { |
650 | 0 | tmpcreated = tmpuid->created; |
651 | 0 | targetuid = tmpuid; |
652 | 0 | } |
653 | 0 | } |
654 | 0 | } |
655 | | |
656 | | /* In addition restrict based on --sender. */ |
657 | 0 | if (uidbased == 1 && opt.sender_list |
658 | 0 | && targetuid && !is_in_sender_list (targetuid->mbox)) |
659 | 0 | { |
660 | 0 | testedtarget = targetuid->mbox; |
661 | 0 | targetuid = NULL; |
662 | 0 | } |
663 | 0 | } |
664 | |
|
665 | 0 | if (uidbased && !targetuid) |
666 | 0 | statusmbox = testedtarget? testedtarget : sig->signers_uid; |
667 | 0 | else if (uidbased) |
668 | 0 | statusmbox = targetuid->mbox; |
669 | 0 | else |
670 | 0 | statusmbox = NULL; |
671 | |
|
672 | 0 | if (opt.verbose && statusmbox) |
673 | 0 | log_info (_("checking User ID \"%s\"\n"), statusmbox); |
674 | |
|
675 | 0 | trustlevel = get_validity (ctrl, NULL, pk, targetuid, sig, 1); |
676 | 0 | if (uidbased && !targetuid) |
677 | 0 | { |
678 | | /* No user ID given but requested - force an undefined |
679 | | * trustlevel but keep the trust flags. */ |
680 | 0 | trustlevel &= ~TRUST_MASK; |
681 | 0 | trustlevel |= TRUST_UNDEFINED; |
682 | 0 | if (!opt.quiet) |
683 | 0 | { |
684 | 0 | if (testedtarget) |
685 | 0 | log_info (_("option %s given but issuer \"%s\" does not match\n"), |
686 | 0 | "--sender", testedtarget); |
687 | 0 | else if (uidbased == 1) |
688 | 0 | log_info (_("issuer \"%s\" does not match any User ID\n"), |
689 | 0 | sig->signers_uid); |
690 | 0 | else if (opt.sender_list) |
691 | 0 | log_info (_("option %s given but no matching User ID found\n"), |
692 | 0 | "--sender"); |
693 | 0 | } |
694 | 0 | } |
695 | |
|
696 | 0 | if ( (trustlevel & TRUST_FLAG_REVOKED) ) |
697 | 0 | { |
698 | 0 | write_status (STATUS_KEYREVOKED); |
699 | 0 | if (pk->flags.revoked == 2 || mainpk->flags.revoked == 2) |
700 | 0 | log_info(_("WARNING: This key has been revoked by its" |
701 | 0 | " designated revoker!\n")); |
702 | 0 | else |
703 | 0 | log_info(_("WARNING: This key has been revoked by its owner!\n")); |
704 | 0 | log_info(_(" This could mean that the signature is forged.\n")); |
705 | 0 | show_revocation_reason (ctrl, pk, 0); |
706 | 0 | } |
707 | 0 | else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) ) |
708 | 0 | { |
709 | 0 | write_status( STATUS_KEYREVOKED ); |
710 | 0 | log_info(_("WARNING: This subkey has been revoked by its owner!\n")); |
711 | 0 | show_revocation_reason (ctrl, pk, 0); |
712 | 0 | } |
713 | |
|
714 | 0 | if ((trustlevel & TRUST_FLAG_DISABLED)) |
715 | 0 | log_info (_("Note: This key has been disabled.\n")); |
716 | | |
717 | | /* Now let the user know what up with the trustlevel. */ |
718 | 0 | switch ( (trustlevel & TRUST_MASK) ) |
719 | 0 | { |
720 | 0 | case TRUST_EXPIRED: |
721 | 0 | log_info(_("Note: This key has expired!\n")); |
722 | 0 | print_fingerprint (ctrl, NULL, pk, 1); |
723 | 0 | break; |
724 | | |
725 | 0 | default: |
726 | 0 | log_error ("invalid trustlevel %u returned from validation layer\n", |
727 | 0 | trustlevel); |
728 | | /* fall through */ |
729 | 0 | case TRUST_UNKNOWN: |
730 | 0 | case TRUST_UNDEFINED: |
731 | 0 | write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel, statusmbox); |
732 | 0 | if (uidbased) |
733 | 0 | log_info(_("WARNING: The key's User ID is not certified with" |
734 | 0 | " a trusted signature!\n")); |
735 | 0 | else |
736 | 0 | log_info(_("WARNING: This key is not certified with" |
737 | 0 | " a trusted signature!\n")); |
738 | 0 | log_info(_(" There is no indication that the " |
739 | 0 | "signature belongs to the owner.\n" )); |
740 | 0 | print_fingerprint (ctrl, NULL, pk, 1); |
741 | 0 | break; |
742 | | |
743 | 0 | case TRUST_NEVER: |
744 | | /* This level can be returned by TOFU, which supports negative |
745 | | * assertions. */ |
746 | 0 | write_trust_status (STATUS_TRUST_NEVER, trustlevel, statusmbox); |
747 | 0 | log_info(_("WARNING: We do NOT trust this key!\n")); |
748 | 0 | log_info(_(" The signature is probably a FORGERY.\n")); |
749 | 0 | if (opt.with_fingerprint) |
750 | 0 | print_fingerprint (ctrl, NULL, pk, 1); |
751 | 0 | err = gpg_error (GPG_ERR_BAD_SIGNATURE); |
752 | 0 | break; |
753 | | |
754 | 0 | case TRUST_MARGINAL: |
755 | 0 | write_trust_status (STATUS_TRUST_MARGINAL, trustlevel, statusmbox); |
756 | 0 | if (uidbased) |
757 | 0 | log_info(_("WARNING: The key's User ID is not certified with" |
758 | 0 | " sufficiently trusted signatures!\n")); |
759 | 0 | else |
760 | 0 | log_info(_("WARNING: This key is not certified with" |
761 | 0 | " sufficiently trusted signatures!\n")); |
762 | 0 | log_info(_(" It is not certain that the" |
763 | 0 | " signature belongs to the owner.\n" )); |
764 | 0 | print_fingerprint (ctrl, NULL, pk, 1); |
765 | 0 | break; |
766 | | |
767 | 0 | case TRUST_FULLY: |
768 | 0 | write_trust_status (STATUS_TRUST_FULLY, trustlevel, statusmbox); |
769 | 0 | if (opt.with_fingerprint) |
770 | 0 | print_fingerprint (ctrl, NULL, pk, 1); |
771 | 0 | break; |
772 | | |
773 | 0 | case TRUST_ULTIMATE: |
774 | 0 | write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel, statusmbox); |
775 | 0 | if (opt.with_fingerprint) |
776 | 0 | print_fingerprint (ctrl, NULL, pk, 1); |
777 | 0 | break; |
778 | 0 | } |
779 | | |
780 | 0 | leave: |
781 | 0 | return err; |
782 | 0 | } |
783 | | |
784 | | |
785 | | void |
786 | | release_pk_list (pk_list_t pk_list) |
787 | 0 | { |
788 | 0 | PK_LIST pk_rover; |
789 | |
|
790 | 0 | for ( ; pk_list; pk_list = pk_rover) |
791 | 0 | { |
792 | 0 | pk_rover = pk_list->next; |
793 | 0 | free_public_key ( pk_list->pk ); |
794 | 0 | xfree ( pk_list ); |
795 | 0 | } |
796 | 0 | } |
797 | | |
798 | | |
799 | | static int |
800 | | key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk) |
801 | 0 | { |
802 | 0 | for( ; pk_list; pk_list = pk_list->next) |
803 | 0 | if (cmp_public_keys(pk_list->pk, pk) == 0) |
804 | 0 | return 0; |
805 | | |
806 | 0 | return -1; |
807 | 0 | } |
808 | | |
809 | | |
810 | | /* |
811 | | * Return a malloced string with a default recipient if there is any |
812 | | * Fixme: We don't distinguish between malloc failure and no-default-recipient. |
813 | | */ |
814 | | static char * |
815 | | default_recipient (ctrl_t ctrl) |
816 | 0 | { |
817 | 0 | PKT_public_key *pk; |
818 | 0 | char *result; |
819 | |
|
820 | 0 | if (opt.def_recipient) |
821 | 0 | return xtrystrdup (opt.def_recipient); |
822 | | |
823 | 0 | if (!opt.def_recipient_self) |
824 | 0 | return NULL; |
825 | 0 | pk = xtrycalloc (1, sizeof *pk ); |
826 | 0 | if (!pk) |
827 | 0 | return NULL; |
828 | 0 | if (get_seckey_default (ctrl, pk)) |
829 | 0 | { |
830 | 0 | free_public_key (pk); |
831 | 0 | return NULL; |
832 | 0 | } |
833 | 0 | result = hexfingerprint (pk, NULL, 0); |
834 | 0 | free_public_key (pk); |
835 | 0 | return result; |
836 | 0 | } |
837 | | |
838 | | |
839 | | /* Helper for build_pk_list to find and check one key. This helper is |
840 | | * also used directly in server mode by the RECIPIENTS command. On |
841 | | * success the new key is added to PK_LIST_ADDR. NAME is the user id |
842 | | * of the key. USE the requested usage and a set MARK_HIDDEN will |
843 | | * mark the key in the updated list as a hidden recipient. If |
844 | | * FROM_FILE is true, NAME is not a user ID but the name of a file |
845 | | * holding a key. */ |
846 | | gpg_error_t |
847 | | find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, |
848 | | int mark_hidden, int from_file, pk_list_t *pk_list_addr) |
849 | 0 | { |
850 | 0 | int rc; |
851 | 0 | PKT_public_key *pk; |
852 | 0 | kbnode_t keyblock = NULL; |
853 | 0 | kbnode_t node; |
854 | |
|
855 | 0 | if (!name || !*name) |
856 | 0 | return gpg_error (GPG_ERR_INV_USER_ID); |
857 | | |
858 | 0 | pk = xtrycalloc (1, sizeof *pk); |
859 | 0 | if (!pk) |
860 | 0 | return gpg_error_from_syserror (); |
861 | 0 | pk->req_usage = use; |
862 | |
|
863 | 0 | if (from_file) |
864 | 0 | rc = get_pubkey_fromfile (ctrl, pk, name, &keyblock); |
865 | 0 | else |
866 | 0 | rc = get_best_pubkey_byname (ctrl, GET_PUBKEY_NORMAL, |
867 | 0 | NULL, pk, name, &keyblock, 0); |
868 | 0 | if (rc) |
869 | 0 | { |
870 | 0 | int code; |
871 | | |
872 | | /* Key not found or other error. */ |
873 | 0 | log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) ); |
874 | 0 | switch (gpg_err_code (rc)) |
875 | 0 | { |
876 | 0 | case GPG_ERR_NO_SECKEY: |
877 | 0 | case GPG_ERR_NO_PUBKEY: code = 1; break; |
878 | 0 | case GPG_ERR_INV_USER_ID: code = 14; break; |
879 | 0 | default: code = 0; break; |
880 | 0 | } |
881 | 0 | send_status_inv_recp (code, name); |
882 | 0 | free_public_key (pk); |
883 | 0 | return rc; |
884 | 0 | } |
885 | | |
886 | 0 | rc = openpgp_pk_test_algo2 (pk->pubkey_algo, use); |
887 | 0 | if (rc) |
888 | 0 | { |
889 | | /* Key found but not usable for us (e.g. sign-only key). */ |
890 | 0 | release_kbnode (keyblock); |
891 | 0 | send_status_inv_recp (3, name); /* Wrong key usage */ |
892 | 0 | log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) ); |
893 | 0 | free_public_key (pk); |
894 | 0 | return rc; |
895 | 0 | } |
896 | | |
897 | | /* Key found and usable. Check validity. */ |
898 | 0 | if (!from_file) |
899 | 0 | { |
900 | 0 | int trustlevel; |
901 | |
|
902 | 0 | trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1); |
903 | 0 | if ( (trustlevel & TRUST_FLAG_DISABLED) ) |
904 | 0 | { |
905 | | /* Key has been disabled. */ |
906 | 0 | release_kbnode (keyblock); |
907 | 0 | send_status_inv_recp (13, name); |
908 | 0 | log_info (_("%s: skipped: public key is disabled\n"), name); |
909 | 0 | free_public_key (pk); |
910 | 0 | return GPG_ERR_UNUSABLE_PUBKEY; |
911 | 0 | } |
912 | | |
913 | 0 | if ( !do_we_trust_pre (ctrl, pk, trustlevel) ) |
914 | 0 | { |
915 | | /* We don't trust this key. */ |
916 | 0 | release_kbnode (keyblock); |
917 | 0 | send_status_inv_recp (10, name); |
918 | 0 | free_public_key (pk); |
919 | 0 | return GPG_ERR_UNUSABLE_PUBKEY; |
920 | 0 | } |
921 | 0 | } |
922 | | |
923 | | /* Skip the actual key if the key is already present in the |
924 | | list. */ |
925 | 0 | if (!key_present_in_pk_list (*pk_list_addr, pk)) |
926 | 0 | { |
927 | 0 | if (!opt.quiet) |
928 | 0 | log_info (_("%s: skipped: public key already present\n"), name); |
929 | 0 | free_public_key (pk); |
930 | 0 | } |
931 | 0 | else |
932 | 0 | { |
933 | 0 | pk_list_t r; |
934 | |
|
935 | 0 | r = xmalloc (sizeof *r); |
936 | 0 | r->pk = pk; |
937 | 0 | r->next = *pk_list_addr; |
938 | 0 | r->flags = mark_hidden? 1:0; |
939 | 0 | *pk_list_addr = r; |
940 | 0 | } |
941 | |
|
942 | 0 | for (node = keyblock; node; node = node->next) |
943 | 0 | if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY |
944 | 0 | && ((pk=node->pkt->pkt.public_key)->pubkey_usage & PUBKEY_USAGE_RENC) |
945 | 0 | && pk->flags.valid |
946 | 0 | && !pk->flags.revoked |
947 | 0 | && !pk->flags.disabled |
948 | 0 | && !pk->has_expired |
949 | 0 | && key_present_in_pk_list (*pk_list_addr, pk)) |
950 | 0 | { |
951 | 0 | pk_list_t r; |
952 | |
|
953 | 0 | r = xmalloc (sizeof *r); |
954 | 0 | r->pk = copy_public_key (NULL, pk); |
955 | 0 | r->next = *pk_list_addr; |
956 | 0 | r->flags = mark_hidden? 1:0; /* FIXME: Use PK_LIST_HIDDEN ? */ |
957 | 0 | *pk_list_addr = r; |
958 | 0 | } |
959 | | |
960 | |
|
961 | 0 | release_kbnode (keyblock); |
962 | 0 | return 0; |
963 | 0 | } |
964 | | |
965 | | |
966 | | |
967 | | /* This is the central function to collect the keys for recipients. |
968 | | * It is thus used to prepare a public key encryption. encrypt-to |
969 | | * keys, default keys and the keys for the actual recipients are all |
970 | | * collected here. When not in batch mode and no recipient has been |
971 | | * passed on the commandline, the function will also ask for |
972 | | * recipients. |
973 | | * |
974 | | * RCPTS is a string list with the recipients; NULL is an allowed |
975 | | * value but not very useful. Group expansion is done on these names; |
976 | | * they may be in any of the user Id formats we can handle. The flags |
977 | | * bits for each string in the string list are used for: |
978 | | * |
979 | | * - PK_LIST_ENCRYPT_TO :: This is an encrypt-to recipient. |
980 | | * - PK_LIST_HIDDEN :: This is a hidden recipient. |
981 | | * - PK_LIST_FROM_FILE :: The argument is a file with a key. |
982 | | * |
983 | | * On success a list of keys is stored at the address RET_PK_LIST; the |
984 | | * caller must free this list. On error the value at this address is |
985 | | * not changed. |
986 | | */ |
987 | | int |
988 | | build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list) |
989 | 0 | { |
990 | 0 | PK_LIST pk_list = NULL; |
991 | 0 | PKT_public_key *pk=NULL; |
992 | 0 | int rc=0; |
993 | 0 | int any_recipients=0; |
994 | 0 | strlist_t rov,remusr; |
995 | 0 | char *def_rec = NULL; |
996 | 0 | char pkstrbuf[PUBKEY_STRING_SIZE]; |
997 | | |
998 | | /* Try to expand groups if any have been defined. */ |
999 | 0 | if (opt.grouplist) |
1000 | 0 | remusr = expand_group (rcpts, 0); |
1001 | 0 | else |
1002 | 0 | remusr = rcpts; |
1003 | | |
1004 | | /* XXX: Change this function to use get_pubkeys instead of |
1005 | | get_pubkey_byname to detect ambiguous key specifications and warn |
1006 | | about duplicate keyblocks. For ambiguous key specifications on |
1007 | | the command line or provided interactively, prompt the user to |
1008 | | select the best key. If a key specification is ambiguous and we |
1009 | | are in batch mode, die. */ |
1010 | |
|
1011 | 0 | if (opt.encrypt_to_default_key) |
1012 | 0 | { |
1013 | 0 | static int warned; |
1014 | |
|
1015 | 0 | const char *default_key = parse_def_secret_key (ctrl); |
1016 | 0 | if (default_key) |
1017 | 0 | { |
1018 | 0 | PK_LIST r = xmalloc_clear (sizeof *r); |
1019 | |
|
1020 | 0 | r->pk = xmalloc_clear (sizeof *r->pk); |
1021 | 0 | r->pk->req_usage = PUBKEY_USAGE_ENC; |
1022 | |
|
1023 | 0 | rc = get_pubkey_byname (ctrl, GET_PUBKEY_NO_AKL, |
1024 | 0 | NULL, r->pk, default_key, NULL, NULL, 0); |
1025 | 0 | if (rc) |
1026 | 0 | { |
1027 | 0 | xfree (r->pk); |
1028 | 0 | xfree (r); |
1029 | |
|
1030 | 0 | log_error (_("can't encrypt to '%s'\n"), default_key); |
1031 | 0 | if (!opt.quiet) |
1032 | 0 | log_info (_("(check argument of option '%s')\n"), |
1033 | 0 | "--default-key"); |
1034 | 0 | } |
1035 | 0 | else |
1036 | 0 | { |
1037 | 0 | r->next = pk_list; |
1038 | 0 | r->flags = 0; |
1039 | 0 | pk_list = r; |
1040 | 0 | } |
1041 | 0 | } |
1042 | 0 | else if (opt.def_secret_key) |
1043 | 0 | { |
1044 | 0 | if (! warned) |
1045 | 0 | log_info (_("option '%s' given, but no valid default keys given\n"), |
1046 | 0 | "--encrypt-to-default-key"); |
1047 | 0 | warned = 1; |
1048 | 0 | } |
1049 | 0 | else |
1050 | 0 | { |
1051 | 0 | if (! warned) |
1052 | 0 | log_info (_("option '%s' given, but option '%s' not given\n"), |
1053 | 0 | "--encrypt-to-default-key", "--default-key"); |
1054 | 0 | warned = 1; |
1055 | 0 | } |
1056 | 0 | } |
1057 | | |
1058 | | /* Check whether there are any recipients in the list and build the |
1059 | | * list of the encrypt-to ones (we always trust them). */ |
1060 | 0 | for ( rov = remusr; rov; rov = rov->next ) |
1061 | 0 | { |
1062 | 0 | if ( !(rov->flags & PK_LIST_ENCRYPT_TO) ) |
1063 | 0 | { |
1064 | | /* This is a regular recipient; i.e. not an encrypt-to |
1065 | | one. */ |
1066 | 0 | any_recipients = 1; |
1067 | | |
1068 | | /* Hidden recipients are not allowed while in PGP mode, |
1069 | | issue a warning and switch into GnuPG mode. */ |
1070 | 0 | if ((rov->flags & PK_LIST_HIDDEN) && (PGP7 || PGP8)) |
1071 | 0 | { |
1072 | 0 | log_info(_("option '%s' may not be used in %s mode\n"), |
1073 | 0 | "--hidden-recipient", |
1074 | 0 | gnupg_compliance_option_string (opt.compliance)); |
1075 | |
|
1076 | 0 | compliance_failure(); |
1077 | 0 | } |
1078 | 0 | } |
1079 | 0 | else if (!opt.no_encrypt_to) |
1080 | 0 | { |
1081 | | /* --encrypt-to has not been disabled. Check this |
1082 | | encrypt-to key. */ |
1083 | 0 | pk = xmalloc_clear( sizeof *pk ); |
1084 | 0 | pk->req_usage = PUBKEY_USAGE_ENC; |
1085 | | |
1086 | | /* We explicitly allow encrypt-to to an disabled key; thus |
1087 | | we pass 1 for the second last argument and 1 as the last |
1088 | | argument to disable AKL. */ |
1089 | 0 | if ((rc = get_pubkey_byname (ctrl, GET_PUBKEY_NO_AKL, |
1090 | 0 | NULL, pk, rov->d, NULL, NULL, 1))) |
1091 | 0 | { |
1092 | 0 | free_public_key ( pk ); pk = NULL; |
1093 | 0 | log_error (_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) ); |
1094 | 0 | send_status_inv_recp (0, rov->d); |
1095 | 0 | goto fail; |
1096 | 0 | } |
1097 | 0 | else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, |
1098 | 0 | PUBKEY_USAGE_ENC)) ) |
1099 | 0 | { |
1100 | | /* Skip the actual key if the key is already present |
1101 | | * in the list. Add it to our list if not. */ |
1102 | 0 | if (key_present_in_pk_list(pk_list, pk) == 0) |
1103 | 0 | { |
1104 | 0 | free_public_key (pk); pk = NULL; |
1105 | 0 | if (!opt.quiet) |
1106 | 0 | log_info (_("%s: skipped: public key already present\n"), |
1107 | 0 | rov->d); |
1108 | 0 | } |
1109 | 0 | else |
1110 | 0 | { |
1111 | 0 | PK_LIST r; |
1112 | 0 | r = xmalloc( sizeof *r ); |
1113 | 0 | r->pk = pk; pk = NULL; |
1114 | 0 | r->next = pk_list; |
1115 | 0 | r->flags = (rov->flags&PK_LIST_HIDDEN)?1:0; |
1116 | 0 | pk_list = r; |
1117 | | |
1118 | | /* Hidden encrypt-to recipients are not allowed while |
1119 | | in PGP mode, issue a warning and switch into |
1120 | | GnuPG mode. */ |
1121 | 0 | if ((r->flags&PK_LIST_ENCRYPT_TO) && (PGP7 || PGP8)) |
1122 | 0 | { |
1123 | 0 | log_info(_("option '%s' may not be used in %s mode\n"), |
1124 | 0 | "--hidden-encrypt-to", |
1125 | 0 | gnupg_compliance_option_string (opt.compliance)); |
1126 | |
|
1127 | 0 | compliance_failure(); |
1128 | 0 | } |
1129 | 0 | } |
1130 | 0 | } |
1131 | 0 | else |
1132 | 0 | { |
1133 | | /* The public key is not usable for encryption. */ |
1134 | 0 | free_public_key( pk ); pk = NULL; |
1135 | 0 | log_error(_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) ); |
1136 | 0 | send_status_inv_recp (3, rov->d); /* Wrong key usage */ |
1137 | 0 | goto fail; |
1138 | 0 | } |
1139 | 0 | } |
1140 | 0 | } |
1141 | | |
1142 | | /* If we don't have any recipients yet and we are not in batch mode |
1143 | | drop into interactive selection mode. */ |
1144 | 0 | if ( !any_recipients && !opt.batch ) |
1145 | 0 | { |
1146 | 0 | int have_def_rec; |
1147 | 0 | char *answer = NULL; |
1148 | 0 | strlist_t backlog = NULL; |
1149 | |
|
1150 | 0 | if (pk_list) |
1151 | 0 | any_recipients = 1; |
1152 | 0 | def_rec = default_recipient(ctrl); |
1153 | 0 | have_def_rec = !!def_rec; |
1154 | 0 | if ( !have_def_rec ) |
1155 | 0 | tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n")); |
1156 | |
|
1157 | 0 | for (;;) |
1158 | 0 | { |
1159 | 0 | rc = 0; |
1160 | 0 | xfree(answer); |
1161 | 0 | if ( have_def_rec ) |
1162 | 0 | { |
1163 | | /* A default recipient is taken as the first entry. */ |
1164 | 0 | answer = def_rec; |
1165 | 0 | def_rec = NULL; |
1166 | 0 | } |
1167 | 0 | else if (backlog) |
1168 | 0 | { |
1169 | | /* This is part of our trick to expand and display groups. */ |
1170 | 0 | answer = strlist_pop (&backlog); |
1171 | 0 | } |
1172 | 0 | else |
1173 | 0 | { |
1174 | | /* Show the list of already collected recipients and ask |
1175 | | for more. */ |
1176 | 0 | PK_LIST iter; |
1177 | |
|
1178 | 0 | tty_printf("\n"); |
1179 | 0 | tty_printf(_("Current recipients:\n")); |
1180 | 0 | for (iter=pk_list;iter;iter=iter->next) |
1181 | 0 | { |
1182 | 0 | u32 keyid[2]; |
1183 | |
|
1184 | 0 | keyid_from_pk(iter->pk,keyid); |
1185 | 0 | tty_printf ("%s/%s %s \"", |
1186 | 0 | pubkey_string (iter->pk, |
1187 | 0 | pkstrbuf, sizeof pkstrbuf), |
1188 | 0 | keystr(keyid), |
1189 | 0 | datestr_from_pk (iter->pk)); |
1190 | |
|
1191 | 0 | if (iter->pk->user_id) |
1192 | 0 | tty_print_utf8_string(iter->pk->user_id->name, |
1193 | 0 | iter->pk->user_id->len); |
1194 | 0 | else |
1195 | 0 | { |
1196 | 0 | size_t n; |
1197 | 0 | char *p = get_user_id (ctrl, keyid, &n, NULL); |
1198 | 0 | tty_print_utf8_string ( p, n ); |
1199 | 0 | xfree(p); |
1200 | 0 | } |
1201 | 0 | tty_printf("\"\n"); |
1202 | 0 | } |
1203 | |
|
1204 | 0 | answer = cpr_get_utf8("pklist.user_id.enter", |
1205 | 0 | _("\nEnter the user ID. " |
1206 | 0 | "End with an empty line: ")); |
1207 | 0 | trim_spaces(answer); |
1208 | 0 | cpr_kill_prompt(); |
1209 | 0 | } |
1210 | |
|
1211 | 0 | if ( !answer || !*answer ) |
1212 | 0 | { |
1213 | 0 | xfree(answer); |
1214 | 0 | break; /* No more recipients entered - get out of loop. */ |
1215 | 0 | } |
1216 | | |
1217 | | /* Do group expand here too. The trick here is to continue |
1218 | | the loop if any expansion occurred. The code above will |
1219 | | then list all expanded keys. */ |
1220 | 0 | if (expand_id(answer,&backlog,0)) |
1221 | 0 | continue; |
1222 | | |
1223 | | /* Get and check key for the current name. */ |
1224 | 0 | free_public_key (pk); |
1225 | 0 | pk = xmalloc_clear( sizeof *pk ); |
1226 | 0 | pk->req_usage = PUBKEY_USAGE_ENC; |
1227 | 0 | rc = get_pubkey_byname (ctrl, GET_PUBKEY_NORMAL, |
1228 | 0 | NULL, pk, answer, NULL, NULL, 0); |
1229 | 0 | if (rc) |
1230 | 0 | tty_printf(_("No such user ID.\n")); |
1231 | 0 | else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, |
1232 | 0 | PUBKEY_USAGE_ENC)) ) |
1233 | 0 | { |
1234 | 0 | if ( have_def_rec ) |
1235 | 0 | { |
1236 | | /* No validation for a default recipient. */ |
1237 | 0 | if (!key_present_in_pk_list(pk_list, pk)) |
1238 | 0 | { |
1239 | 0 | free_public_key (pk); |
1240 | 0 | pk = NULL; |
1241 | 0 | log_info (_("skipped: public key " |
1242 | 0 | "already set as default recipient\n") ); |
1243 | 0 | } |
1244 | 0 | else |
1245 | 0 | { |
1246 | 0 | PK_LIST r = xmalloc (sizeof *r); |
1247 | 0 | r->pk = pk; pk = NULL; |
1248 | 0 | r->next = pk_list; |
1249 | 0 | r->flags = 0; /* No throwing default ids. */ |
1250 | 0 | pk_list = r; |
1251 | 0 | } |
1252 | 0 | any_recipients = 1; |
1253 | 0 | continue; |
1254 | 0 | } |
1255 | 0 | else |
1256 | 0 | { /* Check validity of this key. */ |
1257 | 0 | int trustlevel; |
1258 | |
|
1259 | 0 | trustlevel = |
1260 | 0 | get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1); |
1261 | 0 | if ( (trustlevel & TRUST_FLAG_DISABLED) ) |
1262 | 0 | { |
1263 | 0 | tty_printf (_("Public key is disabled.\n") ); |
1264 | 0 | } |
1265 | 0 | else if ( do_we_trust_pre (ctrl, pk, trustlevel) ) |
1266 | 0 | { |
1267 | | /* Skip the actual key if the key is already |
1268 | | * present in the list */ |
1269 | 0 | if (!key_present_in_pk_list(pk_list, pk)) |
1270 | 0 | { |
1271 | 0 | free_public_key (pk); |
1272 | 0 | pk = NULL; |
1273 | 0 | log_info(_("skipped: public key already set\n") ); |
1274 | 0 | } |
1275 | 0 | else |
1276 | 0 | { |
1277 | 0 | PK_LIST r; |
1278 | 0 | r = xmalloc( sizeof *r ); |
1279 | 0 | r->pk = pk; pk = NULL; |
1280 | 0 | r->next = pk_list; |
1281 | 0 | r->flags = 0; /* No throwing interactive ids. */ |
1282 | 0 | pk_list = r; |
1283 | 0 | } |
1284 | 0 | any_recipients = 1; |
1285 | 0 | continue; |
1286 | 0 | } |
1287 | 0 | } |
1288 | 0 | } |
1289 | 0 | xfree(def_rec); def_rec = NULL; |
1290 | 0 | have_def_rec = 0; |
1291 | 0 | } |
1292 | 0 | if ( pk ) |
1293 | 0 | { |
1294 | 0 | free_public_key( pk ); |
1295 | 0 | pk = NULL; |
1296 | 0 | } |
1297 | 0 | } |
1298 | 0 | else if ( !any_recipients && (def_rec = default_recipient(ctrl)) ) |
1299 | 0 | { |
1300 | | /* We are in batch mode and have only a default recipient. */ |
1301 | 0 | pk = xmalloc_clear( sizeof *pk ); |
1302 | 0 | pk->req_usage = PUBKEY_USAGE_ENC; |
1303 | | |
1304 | | /* The default recipient is allowed to be disabled; thus pass 1 |
1305 | | as second last argument. We also don't want an AKL. */ |
1306 | 0 | rc = get_pubkey_byname (ctrl, GET_PUBKEY_NO_AKL, |
1307 | 0 | NULL, pk, def_rec, NULL, NULL, 1); |
1308 | 0 | if (rc) |
1309 | 0 | log_error(_("unknown default recipient \"%s\"\n"), def_rec ); |
1310 | 0 | else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, |
1311 | 0 | PUBKEY_USAGE_ENC)) ) |
1312 | 0 | { |
1313 | | /* Mark any_recipients here since the default recipient |
1314 | | would have been used if it wasn't already there. It |
1315 | | doesn't really matter if we got this key from the default |
1316 | | recipient or an encrypt-to. */ |
1317 | 0 | any_recipients = 1; |
1318 | 0 | if (!key_present_in_pk_list(pk_list, pk)) |
1319 | 0 | log_info (_("skipped: public key already set " |
1320 | 0 | "as default recipient\n")); |
1321 | 0 | else |
1322 | 0 | { |
1323 | 0 | PK_LIST r = xmalloc( sizeof *r ); |
1324 | 0 | r->pk = pk; pk = NULL; |
1325 | 0 | r->next = pk_list; |
1326 | 0 | r->flags = 0; /* No throwing default ids. */ |
1327 | 0 | pk_list = r; |
1328 | 0 | } |
1329 | 0 | } |
1330 | 0 | if ( pk ) |
1331 | 0 | { |
1332 | 0 | free_public_key( pk ); |
1333 | 0 | pk = NULL; |
1334 | 0 | } |
1335 | 0 | xfree(def_rec); def_rec = NULL; |
1336 | 0 | } |
1337 | 0 | else |
1338 | 0 | { |
1339 | | /* General case: Check all keys. */ |
1340 | 0 | any_recipients = 0; |
1341 | 0 | for (; remusr; remusr = remusr->next ) |
1342 | 0 | { |
1343 | 0 | if ( (remusr->flags & PK_LIST_ENCRYPT_TO) ) |
1344 | 0 | continue; /* encrypt-to keys are already handled. */ |
1345 | | |
1346 | 0 | rc = find_and_check_key (ctrl, remusr->d, PUBKEY_USAGE_ENC, |
1347 | 0 | !!(remusr->flags&PK_LIST_HIDDEN), |
1348 | 0 | !!(remusr->flags&PK_LIST_FROM_FILE), |
1349 | 0 | &pk_list); |
1350 | 0 | if (rc) |
1351 | 0 | goto fail; |
1352 | 0 | any_recipients = 1; |
1353 | 0 | } |
1354 | 0 | } |
1355 | | |
1356 | 0 | if ( !rc && !any_recipients ) |
1357 | 0 | { |
1358 | 0 | log_error(_("no valid addressees\n")); |
1359 | 0 | write_status_text (STATUS_NO_RECP, "0"); |
1360 | 0 | rc = GPG_ERR_NO_USER_ID; |
1361 | 0 | } |
1362 | |
|
1363 | | #ifdef USE_TOFU |
1364 | | if (! rc && (opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)) |
1365 | | { |
1366 | | PK_LIST iter; |
1367 | | for (iter = pk_list; iter; iter = iter->next) |
1368 | | { |
1369 | | int rc2; |
1370 | | |
1371 | | /* Note: we already resolved any conflict when looking up |
1372 | | the key. Don't annoy the user again if she selected |
1373 | | accept once. */ |
1374 | | rc2 = tofu_register_encryption (ctrl, iter->pk, NULL, 0); |
1375 | | if (rc2) |
1376 | | log_info ("WARNING: Failed to register encryption to %s" |
1377 | | " with TOFU engine\n", |
1378 | | keystr (pk_main_keyid (iter->pk))); |
1379 | | else if (DBG_TRUST) |
1380 | | log_debug ("Registered encryption to %s with TOFU DB.\n", |
1381 | | keystr (pk_main_keyid (iter->pk))); |
1382 | | } |
1383 | | } |
1384 | | #endif /*USE_TOFU*/ |
1385 | |
|
1386 | 0 | fail: |
1387 | |
|
1388 | 0 | if ( rc ) |
1389 | 0 | release_pk_list( pk_list ); |
1390 | 0 | else |
1391 | 0 | *ret_pk_list = pk_list; |
1392 | 0 | if (opt.grouplist) |
1393 | 0 | free_strlist(remusr); |
1394 | 0 | return rc; |
1395 | 0 | } |
1396 | | |
1397 | | |
1398 | | /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and |
1399 | | CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3), |
1400 | | and all compressions except none (0) and ZIP (1). pgp7 and pgp8 |
1401 | | mode expands the cipher list to include AES128 (7), AES192 (8), |
1402 | | AES256 (9), and TWOFISH (10). pgp8 adds the SHA-256 hash (8). For |
1403 | | a true PGP key all of this is unneeded as they are the only items |
1404 | | present in the preferences subpacket, but checking here covers the |
1405 | | weird case of encrypting to a key that had preferences from a |
1406 | | different implementation which was then used with PGP. I am not |
1407 | | completely comfortable with this as the right thing to do, as it |
1408 | | slightly alters the list of what the user is supposedly requesting. |
1409 | | It is not against the RFC however, as the preference chosen will |
1410 | | never be one that the user didn't specify somewhere ("The |
1411 | | implementation may use any mechanism to pick an algorithm in the |
1412 | | intersection"), and PGP has no mechanism to fix such a broken |
1413 | | preference list, so I'm including it. -dms */ |
1414 | | |
1415 | | int |
1416 | | algo_available( preftype_t preftype, int algo, const struct pref_hint *hint) |
1417 | 0 | { |
1418 | 0 | if( preftype == PREFTYPE_SYM ) |
1419 | 0 | { |
1420 | 0 | if (!opt.flags.allow_old_cipher_algos |
1421 | 0 | && openpgp_cipher_blocklen (algo) < 16) |
1422 | 0 | return 0; /* We don't want this one. */ |
1423 | | |
1424 | 0 | if(PGP7 && (algo != CIPHER_ALGO_IDEA |
1425 | 0 | && algo != CIPHER_ALGO_3DES |
1426 | 0 | && algo != CIPHER_ALGO_CAST5 |
1427 | 0 | && algo != CIPHER_ALGO_AES |
1428 | 0 | && algo != CIPHER_ALGO_AES192 |
1429 | 0 | && algo != CIPHER_ALGO_AES256 |
1430 | 0 | && algo != CIPHER_ALGO_TWOFISH)) |
1431 | 0 | return 0; |
1432 | | |
1433 | | /* PGP8 supports all the ciphers we do.. */ |
1434 | | |
1435 | 0 | return algo && !openpgp_cipher_test_algo ( algo ); |
1436 | 0 | } |
1437 | 0 | else if( preftype == PREFTYPE_HASH ) |
1438 | 0 | { |
1439 | 0 | if (hint && hint->digest_length) |
1440 | 0 | { |
1441 | 0 | unsigned int n = gcry_md_get_algo_dlen (algo); |
1442 | |
|
1443 | 0 | if (hint->exact) |
1444 | 0 | { |
1445 | | /* For example ECDSA requires an exact hash value so |
1446 | | * that we do not truncate. For DSA we allow truncation |
1447 | | * and thus exact is not set. */ |
1448 | 0 | if (hint->digest_length != n) |
1449 | 0 | return 0; |
1450 | 0 | } |
1451 | 0 | else if (hint->digest_length!=20 || opt.flags.dsa2) |
1452 | 0 | { |
1453 | | /* If --enable-dsa2 is set or the hash isn't 160 bits |
1454 | | (which implies DSA2), then we'll accept a hash that |
1455 | | is larger than we need. Otherwise we won't accept |
1456 | | any hash that isn't exactly the right size. */ |
1457 | 0 | if (hint->digest_length > n) |
1458 | 0 | return 0; |
1459 | 0 | } |
1460 | 0 | else if (hint->digest_length != n) |
1461 | 0 | return 0; |
1462 | 0 | } |
1463 | | |
1464 | 0 | if (PGP7 && (algo != DIGEST_ALGO_MD5 |
1465 | 0 | && algo != DIGEST_ALGO_SHA1 |
1466 | 0 | && algo != DIGEST_ALGO_RMD160)) |
1467 | 0 | return 0; |
1468 | | |
1469 | | |
1470 | 0 | if(PGP8 && (algo != DIGEST_ALGO_MD5 |
1471 | 0 | && algo != DIGEST_ALGO_SHA1 |
1472 | 0 | && algo != DIGEST_ALGO_RMD160 |
1473 | 0 | && algo != DIGEST_ALGO_SHA256)) |
1474 | 0 | return 0; |
1475 | | |
1476 | 0 | return algo && !openpgp_md_test_algo (algo); |
1477 | 0 | } |
1478 | 0 | else if( preftype == PREFTYPE_ZIP ) |
1479 | 0 | { |
1480 | 0 | if (PGP7 && (algo != COMPRESS_ALGO_NONE |
1481 | 0 | && algo != COMPRESS_ALGO_ZIP)) |
1482 | 0 | return 0; |
1483 | | |
1484 | | /* PGP8 supports all the compression algos we do */ |
1485 | | |
1486 | 0 | return !check_compress_algo( algo ); |
1487 | 0 | } |
1488 | 0 | else |
1489 | 0 | return 0; |
1490 | 0 | } |
1491 | | |
1492 | | /**************** |
1493 | | * Return -1 if we could not find an algorithm. |
1494 | | */ |
1495 | | int |
1496 | | select_algo_from_prefs(PK_LIST pk_list, int preftype, |
1497 | | int request, const struct pref_hint *hint) |
1498 | 0 | { |
1499 | 0 | PK_LIST pkr; |
1500 | 0 | u32 bits[8]; |
1501 | 0 | const prefitem_t *prefs; |
1502 | 0 | int result=-1,i; |
1503 | 0 | u16 scores[256]; |
1504 | |
|
1505 | 0 | if( !pk_list ) |
1506 | 0 | return -1; |
1507 | | |
1508 | 0 | memset(bits,0xFF,sizeof(bits)); |
1509 | 0 | memset(scores,0,sizeof(scores)); |
1510 | |
|
1511 | 0 | for( pkr = pk_list; pkr; pkr = pkr->next ) |
1512 | 0 | { |
1513 | 0 | u32 mask[8]; |
1514 | 0 | int rank=1,implicit=-1; |
1515 | |
|
1516 | 0 | memset(mask,0,sizeof(mask)); |
1517 | |
|
1518 | 0 | switch(preftype) |
1519 | 0 | { |
1520 | 0 | case PREFTYPE_SYM: |
1521 | | /* Historical note: IDEA is implicitly there for v3 keys |
1522 | | with v3 selfsigs if --pgp2 mode is on. This was a 2440 |
1523 | | thing that was dropped from 4880 but is still relevant to |
1524 | | GPG's 1991 support. All this doesn't mean IDEA is |
1525 | | actually available, of course. */ |
1526 | 0 | if (opt.flags.allow_old_cipher_algos) |
1527 | 0 | implicit = CIPHER_ALGO_3DES; |
1528 | 0 | else |
1529 | 0 | implicit = CIPHER_ALGO_AES; |
1530 | 0 | break; |
1531 | | |
1532 | 0 | case PREFTYPE_AEAD: |
1533 | | /* No implicit algo. */ |
1534 | 0 | break; |
1535 | | |
1536 | 0 | case PREFTYPE_HASH: |
1537 | | /* While I am including this code for completeness, note |
1538 | | that currently --pgp2 mode locks the hash at MD5, so this |
1539 | | code will never even be called. Even if the hash wasn't |
1540 | | locked at MD5, we don't support sign+encrypt in --pgp2 |
1541 | | mode, and that's the only time PREFTYPE_HASH is used |
1542 | | anyway. -dms |
1543 | | |
1544 | | Because "de-vs" compliance does not allow SHA-1 it does |
1545 | | not make sense to assign SHA-1 as implicit algorithm. |
1546 | | Instead it is better to use SHA-256 as implicit algorithm |
1547 | | (which will be the case for rfc4880bis anyway). */ |
1548 | |
|
1549 | 0 | if (opt.compliance == CO_DE_VS) |
1550 | 0 | implicit = DIGEST_ALGO_SHA256; |
1551 | 0 | else |
1552 | 0 | implicit = DIGEST_ALGO_SHA1; |
1553 | |
|
1554 | 0 | break; |
1555 | | |
1556 | 0 | case PREFTYPE_ZIP: |
1557 | | /* Uncompressed is always an option. */ |
1558 | 0 | implicit=COMPRESS_ALGO_NONE; |
1559 | 0 | } |
1560 | | |
1561 | 0 | if (pkr->pk->user_id) /* selected by user ID */ |
1562 | 0 | prefs = pkr->pk->user_id->prefs; |
1563 | 0 | else |
1564 | 0 | prefs = pkr->pk->prefs; |
1565 | |
|
1566 | 0 | if( prefs ) |
1567 | 0 | { |
1568 | 0 | for (i=0; prefs[i].type; i++ ) |
1569 | 0 | { |
1570 | 0 | if( prefs[i].type == preftype ) |
1571 | 0 | { |
1572 | | /* Make sure all scores don't add up past 0xFFFF |
1573 | | (and roll around) */ |
1574 | 0 | if(rank+scores[prefs[i].value]<=0xFFFF) |
1575 | 0 | scores[prefs[i].value]+=rank; |
1576 | 0 | else |
1577 | 0 | scores[prefs[i].value]=0xFFFF; |
1578 | |
|
1579 | 0 | mask[prefs[i].value/32] |= 1<<(prefs[i].value%32); |
1580 | |
|
1581 | 0 | rank++; |
1582 | | |
1583 | | /* We saw the implicit algorithm, so we don't need |
1584 | | tack it on the end ourselves. */ |
1585 | 0 | if(implicit==prefs[i].value) |
1586 | 0 | implicit=-1; |
1587 | 0 | } |
1588 | 0 | } |
1589 | 0 | } |
1590 | |
|
1591 | 0 | if(rank==1 && preftype==PREFTYPE_ZIP) |
1592 | 0 | { |
1593 | | /* If the compression preferences are not present, they are |
1594 | | assumed to be ZIP, Uncompressed (RFC4880:13.3.1) */ |
1595 | 0 | scores[1]=1; /* ZIP is first choice */ |
1596 | 0 | scores[0]=2; /* Uncompressed is second choice */ |
1597 | 0 | mask[0]|=3; |
1598 | 0 | } |
1599 | | |
1600 | | /* If the key didn't have the implicit algorithm listed |
1601 | | explicitly, add it here at the tail of the list. */ |
1602 | 0 | if(implicit>-1) |
1603 | 0 | { |
1604 | 0 | scores[implicit]+=rank; |
1605 | 0 | mask[implicit/32] |= 1<<(implicit%32); |
1606 | 0 | } |
1607 | |
|
1608 | 0 | for(i=0;i<8;i++) |
1609 | 0 | bits[i]&=mask[i]; |
1610 | 0 | } |
1611 | | |
1612 | | /* We've now scored all of the algorithms, and the usable ones have |
1613 | | bits set. Let's pick the winner. */ |
1614 | | |
1615 | | /* The caller passed us a request. Can we use it? */ |
1616 | 0 | if(request>-1 && (bits[request/32] & (1<<(request%32))) && |
1617 | 0 | algo_available(preftype,request,hint)) |
1618 | 0 | result=request; |
1619 | |
|
1620 | 0 | if(result==-1) |
1621 | 0 | { |
1622 | | /* If we have personal prefs set, use them. */ |
1623 | 0 | prefs=NULL; |
1624 | 0 | if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs) |
1625 | 0 | prefs=opt.personal_cipher_prefs; |
1626 | 0 | else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs) |
1627 | 0 | prefs=opt.personal_digest_prefs; |
1628 | 0 | else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs) |
1629 | 0 | prefs=opt.personal_compress_prefs; |
1630 | |
|
1631 | 0 | if( prefs ) |
1632 | 0 | for(i=0; prefs[i].type; i++ ) |
1633 | 0 | { |
1634 | 0 | if(bits[prefs[i].value/32] & (1<<(prefs[i].value%32)) |
1635 | 0 | && algo_available( preftype, prefs[i].value, hint)) |
1636 | 0 | { |
1637 | 0 | result = prefs[i].value; |
1638 | 0 | break; |
1639 | 0 | } |
1640 | 0 | } |
1641 | 0 | } |
1642 | |
|
1643 | 0 | if(result==-1) |
1644 | 0 | { |
1645 | 0 | unsigned int best=-1; |
1646 | | |
1647 | | /* At this point, we have not selected an algorithm due to a |
1648 | | special request or via personal prefs. Pick the highest |
1649 | | ranked algorithm (i.e. the one with the lowest score). */ |
1650 | |
|
1651 | 0 | if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5]) |
1652 | 0 | { |
1653 | | /* "If you are building an authentication system, the recipient |
1654 | | may specify a preferred signing algorithm. However, the |
1655 | | signer would be foolish to use a weak algorithm simply |
1656 | | because the recipient requests it." (RFC4880:14). If any |
1657 | | other hash algorithm is available, pretend that MD5 isn't. |
1658 | | Note that if the user intentionally chose MD5 by putting it |
1659 | | in their personal prefs, then we do what the user said (as we |
1660 | | never reach this code). */ |
1661 | |
|
1662 | 0 | for(i=DIGEST_ALGO_MD5+1;i<256;i++) |
1663 | 0 | if(scores[i]) |
1664 | 0 | { |
1665 | 0 | scores[DIGEST_ALGO_MD5]=0; |
1666 | 0 | break; |
1667 | 0 | } |
1668 | 0 | } |
1669 | |
|
1670 | 0 | for(i=0;i<256;i++) |
1671 | 0 | { |
1672 | | /* Note the '<' here. This means in case of a tie, we will |
1673 | | favor the lower algorithm number. We have a choice |
1674 | | between the lower number (probably an older algorithm |
1675 | | with more time in use), or the higher number (probably a |
1676 | | newer algorithm with less time in use). Older is |
1677 | | probably safer here, even though the newer algorithms |
1678 | | tend to be "stronger". */ |
1679 | 0 | if(scores[i] && scores[i]<best |
1680 | 0 | && (bits[i/32] & (1<<(i%32))) |
1681 | 0 | && algo_available(preftype,i,hint)) |
1682 | 0 | { |
1683 | 0 | best=scores[i]; |
1684 | 0 | result=i; |
1685 | 0 | } |
1686 | 0 | } |
1687 | 0 | } |
1688 | |
|
1689 | 0 | return result; |
1690 | 0 | } |
1691 | | |
1692 | | /* |
1693 | | * Select the MDC flag from the pk_list. We can only use MDC if all |
1694 | | * recipients support this feature. |
1695 | | */ |
1696 | | int |
1697 | | select_mdc_from_pklist (PK_LIST pk_list) |
1698 | 0 | { |
1699 | 0 | PK_LIST pkr; |
1700 | |
|
1701 | 0 | if ( !pk_list ) |
1702 | 0 | return 0; |
1703 | | |
1704 | 0 | for (pkr = pk_list; pkr; pkr = pkr->next) |
1705 | 0 | { |
1706 | 0 | int mdc; |
1707 | |
|
1708 | 0 | if (pkr->pk->user_id) /* selected by user ID */ |
1709 | 0 | mdc = pkr->pk->user_id->flags.mdc; |
1710 | 0 | else |
1711 | 0 | mdc = pkr->pk->flags.mdc; |
1712 | 0 | if (!mdc) |
1713 | 0 | return 0; /* At least one recipient does not support it. */ |
1714 | 0 | } |
1715 | 0 | return 1; /* Can be used. */ |
1716 | 0 | } |
1717 | | |
1718 | | |
1719 | | /* Select the AEAD flag from the pk_list. We can only use AEAD if all |
1720 | | * recipients support this feature. Returns the AEAD to be used or 0 |
1721 | | * if AEAD shall not be used. */ |
1722 | | aead_algo_t |
1723 | | select_aead_from_pklist (PK_LIST pk_list) |
1724 | 0 | { |
1725 | 0 | pk_list_t pkr; |
1726 | 0 | int aead; |
1727 | |
|
1728 | 0 | if (!pk_list) |
1729 | 0 | return 0; |
1730 | | |
1731 | 0 | for (pkr = pk_list; pkr; pkr = pkr->next) |
1732 | 0 | { |
1733 | 0 | if (pkr->pk->user_id) /* selected by user ID */ |
1734 | 0 | aead = pkr->pk->user_id->flags.aead; |
1735 | 0 | else |
1736 | 0 | aead = pkr->pk->flags.aead; |
1737 | 0 | if (!aead) |
1738 | 0 | return 0; /* At least one recipient does not support it. */ |
1739 | 0 | } |
1740 | | |
1741 | 0 | return AEAD_ALGO_OCB; /* Yes, AEAD can be used. */ |
1742 | 0 | } |
1743 | | |
1744 | | |
1745 | | /* Print a warning for all keys in PK_LIST missing the AEAD feature |
1746 | | * flag or AEAD algorithms. */ |
1747 | | void |
1748 | | warn_missing_aead_from_pklist (PK_LIST pk_list) |
1749 | 0 | { |
1750 | 0 | PK_LIST pkr; |
1751 | |
|
1752 | 0 | for (pkr = pk_list; pkr; pkr = pkr->next) |
1753 | 0 | { |
1754 | 0 | int mdc; |
1755 | |
|
1756 | 0 | if (pkr->pk->user_id) /* selected by user ID */ |
1757 | 0 | mdc = pkr->pk->user_id->flags.aead; |
1758 | 0 | else |
1759 | 0 | mdc = pkr->pk->flags.aead; |
1760 | 0 | if (!mdc) |
1761 | 0 | log_info (_("Note: key %s has no %s feature\n"), |
1762 | 0 | keystr_from_pk (pkr->pk), "AEAD"); |
1763 | 0 | } |
1764 | 0 | } |
1765 | | |
1766 | | void |
1767 | | warn_missing_aes_from_pklist (PK_LIST pk_list) |
1768 | 0 | { |
1769 | 0 | PK_LIST pkr; |
1770 | |
|
1771 | 0 | for (pkr = pk_list; pkr; pkr = pkr->next) |
1772 | 0 | { |
1773 | 0 | const prefitem_t *prefs; |
1774 | 0 | int i; |
1775 | 0 | int gotit = 0; |
1776 | |
|
1777 | 0 | prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs; |
1778 | 0 | if (prefs) |
1779 | 0 | { |
1780 | 0 | for (i=0; !gotit && prefs[i].type; i++ ) |
1781 | 0 | if (prefs[i].type == PREFTYPE_SYM |
1782 | 0 | && prefs[i].value == CIPHER_ALGO_AES) |
1783 | 0 | gotit++; |
1784 | 0 | } |
1785 | 0 | if (!gotit) |
1786 | 0 | log_info (_("Note: key %s has no preference for %s\n"), |
1787 | 0 | keystr_from_pk (pkr->pk), "AES"); |
1788 | 0 | } |
1789 | 0 | } |