1 /* pkclist.c - create a list of public keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
30 #include "../common/status.h"
32 #include "../common/util.h"
35 #include "../common/ttyio.h"
36 #include "../common/status.h"
38 #include "../common/i18n.h"
41 #define CONTROL_D ('D' - 'A' + 1)
44 send_status_inv_recp (int reason, const char *name)
48 snprintf (buf, sizeof buf, "%d ", reason);
49 write_status_text_and_buffer (STATUS_INV_RECP, buf,
56 * Show the revocation reason as it is stored with the given signature
59 do_show_revocation_reason( PKT_signature *sig )
66 while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
69 continue; /* invalid - just skip it */
72 text = _("No reason specified");
74 text = _("Key is superseded");
76 text = _("Key has been compromised");
78 text = _("Key is no longer used");
80 text = _("User ID is no longer valid");
84 log_info ( _("reason for revocation: "));
86 log_printf ("%s\n", text);
88 log_printf ("code=%02x\n", *p );
92 /* We don't want any empty lines, so skip them */
93 while( n && *p == '\n' ) {
98 pp = memchr( p, '\n', n );
100 log_info ( _("revocation comment: ") );
101 es_write_sanitized (log_get_stream(), p, nn, NULL, NULL);
109 /* Mode 0: try and find the revocation based on the pk (i.e. check
110 subkeys, etc.) Mode 1: use only the revocation on the main pk */
113 show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode)
115 /* Hmmm, this is not so easy because we have to duplicate the code
116 * used in the trustbd to calculate the keyflags. We need to find
117 * a clean way to check revocation certificates on keys and
118 * signatures. And there should be no duplicate code. Because we
119 * enter this function only when the trustdb told us that we have
120 * a revoked key, we could simply look for a revocation cert and
121 * display this one, when there is only one. Let's try to do this
122 * until we have a better solution. */
123 KBNODE node, keyblock = NULL;
124 byte fingerprint[MAX_FINGERPRINT_LEN];
128 /* get the keyblock */
129 fingerprint_from_pk( pk, fingerprint, &fingerlen );
130 rc = get_pubkey_byfprint (ctrl, NULL, &keyblock, fingerprint, fingerlen);
131 if( rc ) { /* that should never happen */
132 log_debug( "failed to get the keyblock\n");
136 for( node=keyblock; node; node = node->next ) {
137 if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
138 ( ( node->pkt->pkttype == PKT_PUBLIC_KEY
139 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
140 && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
144 log_debug("Oops, PK not in keyblock\n");
145 release_kbnode( keyblock );
148 /* now find the revocation certificate */
149 for( node = node->next; node ; node = node->next ) {
150 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
152 if( node->pkt->pkttype == PKT_SIGNATURE
153 && (node->pkt->pkt.signature->sig_class == 0x20
154 || node->pkt->pkt.signature->sig_class == 0x28 ) ) {
155 /* FIXME: we should check the signature here */
156 do_show_revocation_reason ( node->pkt->pkt.signature );
161 /* We didn't find it, so check if the whole key is revoked */
163 show_revocation_reason (ctrl, pk, 1);
165 release_kbnode( keyblock );
171 * 1 = Without key info and additional menu option 'm'
172 * this does also add an option to set the key to ultimately trusted.
174 * -2 = nothing changed - caller should show some additional info
175 * -1 = quit operation
176 * 0 = nothing changed
177 * 1 = new ownertrust now in new_trust
179 #ifndef NO_TRUST_MODELS
181 do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
182 unsigned *new_trust, int defer_help )
190 int did_help=defer_help;
191 unsigned int minimum = tdb_get_min_ownertrust (ctrl, pk, 0);
196 case TRUST_UNDEFINED: min_num=1; break;
197 case TRUST_NEVER: min_num=2; break;
198 case TRUST_MARGINAL: min_num=3; break;
199 case TRUST_FULLY: min_num=4; break;
202 keyid_from_pk (pk, keyid);
204 /* A string with valid answers.
206 TRANSLATORS: These are the allowed answers in lower and
207 uppercase. Below you will find the matching strings which
208 should be translated accordingly and the letter changed to
209 match the one in the answer string.
211 i = please show me more information
212 m = back to the main menu
216 const char *ans = _("iImMqQsS");
224 tty_printf (_("No trust value assigned to:\n"));
225 print_key_line (ctrl, NULL, pk, 0);
227 p = get_user_id_native (ctrl, keyid);
228 tty_printf (_(" \"%s\"\n"),p);
231 keyblock = get_pubkeyblock (ctrl, keyid);
234 for (un=keyblock; un; un = un->next)
236 if (un->pkt->pkttype != PKT_USER_ID )
238 if (un->pkt->pkt.user_id->flags.revoked)
240 if (un->pkt->pkt.user_id->flags.expired)
242 /* Only skip textual primaries */
243 if (un->pkt->pkt.user_id->flags.primary
244 && !un->pkt->pkt.user_id->attrib_data )
247 if((opt.verify_options&VERIFY_SHOW_PHOTOS)
248 && un->pkt->pkt.user_id->attrib_data)
250 un->pkt->pkt.user_id->attribs,
251 un->pkt->pkt.user_id->numattribs, pk,
252 un->pkt->pkt.user_id);
254 p=utf8_to_native(un->pkt->pkt.user_id->name,
255 un->pkt->pkt.user_id->len,0);
257 tty_printf(_(" aka \"%s\"\n"),p);
260 print_fingerprint (ctrl, NULL, pk, 2);
262 release_kbnode (keyblock);
265 if(opt.trust_model==TM_DIRECT)
267 tty_printf(_("How much do you trust that this key actually "
268 "belongs to the named user?\n"));
273 /* This string also used in keyedit.c:trustsig_prompt */
274 tty_printf(_("Please decide how far you trust this user to"
275 " correctly verify other users' keys\n"
276 "(by looking at passports, checking fingerprints from"
277 " different sources, etc.)\n"));
282 tty_printf (_(" %d = I don't know or won't say\n"), 1);
284 tty_printf (_(" %d = I do NOT trust\n"), 2);
286 tty_printf (_(" %d = I trust marginally\n"), 3);
288 tty_printf (_(" %d = I trust fully\n"), 4);
290 tty_printf (_(" %d = I trust ultimately\n"), 5);
292 /* not yet implemented */
293 tty_printf (" i = please show me more information\n");
296 tty_printf(_(" m = back to the main menu\n"));
299 tty_printf(_(" s = skip this key\n"));
300 tty_printf(_(" q = quit\n"));
304 tty_printf(_("The minimum trust level for this key is: %s\n\n"),
305 trust_value_to_string(minimum));
308 if( strlen(ans) != 8 )
310 p = cpr_get("edit_ownertrust.value",_("Your decision? "));
315 else if( *p && p[1] )
317 else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
322 case '1': trust = TRUST_UNDEFINED; break;
323 case '2': trust = TRUST_NEVER ; break;
324 case '3': trust = TRUST_MARGINAL ; break;
325 case '4': trust = TRUST_FULLY ; break;
326 case '5': trust = TRUST_ULTIMATE ; break;
329 if (trust == TRUST_ULTIMATE
330 && !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay",
331 _("Do you really want to set this key"
332 " to ultimate trust? (y/N) ")))
342 /* not yet implemented */
343 else if( *p == ans[0] || *p == ans[1] )
345 tty_printf(_("Certificates leading to an ultimately trusted key:\n"));
350 else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) )
352 break ; /* back to the menu */
354 else if( !mode && (*p == ans[6] || *p == ans[7] ) )
358 else if( !mode && (*p == ans[4] || *p == ans[5] ) )
361 break ; /* back to the menu */
366 return show? -2: quit? -1 : changed;
368 #endif /*!NO_TRUST_MODELS*/
372 * Display a menu to change the ownertrust of the key PK (which should
374 * For mode values see do_edit_ownertrust ()
376 #ifndef NO_TRUST_MODELS
378 edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode )
380 unsigned int trust = 0;
385 switch ( do_edit_ownertrust (ctrl, pk, mode, &trust, no_help ) )
389 case -2: /* show info */
392 case 1: /* trust value set */
393 trust &= ~TRUST_FLAG_DISABLED;
394 trust |= get_ownertrust (ctrl, pk) & TRUST_FLAG_DISABLED;
395 update_ownertrust (ctrl, pk, trust );
402 #endif /*!NO_TRUST_MODELS*/
406 * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
407 * Returns: true if we trust.
410 do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
412 /* We should not be able to get here with a revoked or expired
414 if(trustlevel & TRUST_FLAG_REVOKED
415 || trustlevel & TRUST_FLAG_SUB_REVOKED
416 || (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
419 if( opt.trust_model==TM_ALWAYS )
422 log_info("No trust check due to '--trust-model always' option\n");
426 switch(trustlevel & TRUST_MASK)
429 log_error ("invalid trustlevel %u returned from validation layer\n",
433 case TRUST_UNDEFINED:
434 log_info(_("%s: There is no assurance this key belongs"
435 " to the named user\n"),keystr_from_pk(pk));
439 log_info(_("%s: There is limited assurance this key belongs"
440 " to the named user\n"),keystr_from_pk(pk));
445 log_info(_("This key probably belongs to the named user\n"));
450 log_info(_("This key belongs to us\n"));
454 /* This can be returned by TOFU, which can return negative
456 log_info(_("%s: This key is bad! It has been marked as untrusted!\n"),
461 return 1; /*NOTREACHED*/
466 * wrapper around do_we_trust, so we can ask whether to use the
470 do_we_trust_pre (ctrl_t ctrl, PKT_public_key *pk, unsigned int trustlevel )
474 rc = do_we_trust( pk, trustlevel );
476 if( !opt.batch && !rc )
478 print_pubkey_info (ctrl, NULL,pk);
479 print_fingerprint (ctrl, NULL, pk, 2);
482 if ((trustlevel & TRUST_MASK) == TRUST_NEVER)
484 _("This key is bad! It has been marked as untrusted! If you\n"
485 "*really* know what you are doing, you may answer the next\n"
486 "question with yes.\n"));
489 _("It is NOT certain that the key belongs to the person named\n"
490 "in the user ID. If you *really* know what you are doing,\n"
491 "you may answer the next question with yes.\n"));
496 if (is_status_enabled ())
501 keyid_from_pk (pk, kid);
502 hint_str = get_long_user_id_string (ctrl, kid);
503 write_status_text ( STATUS_USERID_HINT, hint_str );
507 if( cpr_get_answer_is_yes("untrusted_key.override",
508 _("Use this key anyway? (y/N) ")) )
511 /* Hmmm: Should we set a flag to tell the user about
512 * his decision the next time he encrypts for this recipient?
520 /* Write a TRUST_foo status line inclduing the validation model. */
522 write_trust_status (int statuscode, int trustlevel)
524 #ifdef NO_TRUST_MODELS
525 write_status (statuscode);
526 #else /* NO_TRUST_MODELS */
529 /* For the combined tofu+pgp method, we return the trust model which
530 * was responsible for the trustlevel. */
531 if (opt.trust_model == TM_TOFU_PGP)
532 tm = (trustlevel & TRUST_FLAG_TOFU_BASED)? TM_TOFU : TM_PGP;
534 tm = opt.trust_model;
535 write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
536 #endif /* NO_TRUST_MODELS */
541 * Check whether we can trust this signature.
542 * Returns an error code if we should not trust this signature.
545 check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
547 PKT_public_key *pk = xmalloc_clear( sizeof *pk );
548 unsigned int trustlevel = TRUST_UNKNOWN;
551 rc = get_pubkey (ctrl, pk, sig->keyid );
553 { /* this should not happen */
554 log_error("Ooops; the key vanished - can't check the trust\n");
555 rc = GPG_ERR_NO_PUBKEY;
559 if ( opt.trust_model==TM_ALWAYS )
562 log_info(_("WARNING: Using untrusted key!\n"));
563 if (opt.with_fingerprint)
564 print_fingerprint (ctrl, NULL, pk, 1);
568 if(pk->flags.maybe_revoked && !pk->flags.revoked)
569 log_info(_("WARNING: this key might be revoked (revocation key"
572 trustlevel = get_validity (ctrl, NULL, pk, NULL, sig, 1);
574 if ( (trustlevel & TRUST_FLAG_REVOKED) )
576 write_status( STATUS_KEYREVOKED );
577 if(pk->flags.revoked == 2)
578 log_info(_("WARNING: This key has been revoked by its"
579 " designated revoker!\n"));
581 log_info(_("WARNING: This key has been revoked by its owner!\n"));
582 log_info(_(" This could mean that the signature is forged.\n"));
583 show_revocation_reason (ctrl, pk, 0);
585 else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
587 write_status( STATUS_KEYREVOKED );
588 log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
589 show_revocation_reason (ctrl, pk, 0);
592 if ((trustlevel & TRUST_FLAG_DISABLED))
593 log_info (_("Note: This key has been disabled.\n"));
595 /* If we have PKA information adjust the trustlevel. */
596 if (sig->pka_info && sig->pka_info->valid)
598 unsigned char fpr[MAX_FINGERPRINT_LEN];
599 PKT_public_key *primary_pk;
604 primary_pk = xmalloc_clear (sizeof *primary_pk);
605 get_pubkey (ctrl, primary_pk, pk->main_keyid);
606 fingerprint_from_pk (primary_pk, fpr, &fprlen);
607 free_public_key (primary_pk);
609 if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
612 write_status_text (STATUS_PKA_TRUST_GOOD, sig->pka_info->email);
613 log_info (_("Note: Verified signer's address is '%s'\n"),
614 sig->pka_info->email);
619 write_status_text (STATUS_PKA_TRUST_BAD, sig->pka_info->email);
620 log_info (_("Note: Signer's address '%s' "
621 "does not match DNS entry\n"), sig->pka_info->email);
624 switch ( (trustlevel & TRUST_MASK) )
627 case TRUST_UNDEFINED:
629 if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
631 trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
632 log_info (_("trustlevel adjusted to FULL"
633 " due to valid PKA info\n"));
639 trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_NEVER);
640 log_info (_("trustlevel adjusted to NEVER"
641 " due to bad PKA info\n"));
647 /* Now let the user know what up with the trustlevel. */
648 switch ( (trustlevel & TRUST_MASK) )
651 log_info(_("Note: This key has expired!\n"));
652 print_fingerprint (ctrl, NULL, pk, 1);
656 log_error ("invalid trustlevel %u returned from validation layer\n",
660 case TRUST_UNDEFINED:
661 write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel);
662 log_info(_("WARNING: This key is not certified with"
663 " a trusted signature!\n"));
664 log_info(_(" There is no indication that the "
665 "signature belongs to the owner.\n" ));
666 print_fingerprint (ctrl, NULL, pk, 1);
670 /* This level can be returned by TOFU, which supports negative
672 write_trust_status (STATUS_TRUST_NEVER, trustlevel);
673 log_info(_("WARNING: We do NOT trust this key!\n"));
674 log_info(_(" The signature is probably a FORGERY.\n"));
675 if (opt.with_fingerprint)
676 print_fingerprint (ctrl, NULL, pk, 1);
677 rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
681 write_trust_status (STATUS_TRUST_MARGINAL, trustlevel);
682 log_info(_("WARNING: This key is not certified with"
683 " sufficiently trusted signatures!\n"));
684 log_info(_(" It is not certain that the"
685 " signature belongs to the owner.\n" ));
686 print_fingerprint (ctrl, NULL, pk, 1);
690 write_trust_status (STATUS_TRUST_FULLY, trustlevel);
691 if (opt.with_fingerprint)
692 print_fingerprint (ctrl, NULL, pk, 1);
696 write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel);
697 if (opt.with_fingerprint)
698 print_fingerprint (ctrl, NULL, pk, 1);
703 free_public_key( pk );
709 release_pk_list (pk_list_t pk_list)
713 for ( ; pk_list; pk_list = pk_rover)
715 pk_rover = pk_list->next;
716 free_public_key ( pk_list->pk );
723 key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk)
725 for( ; pk_list; pk_list = pk_list->next)
726 if (cmp_public_keys(pk_list->pk, pk) == 0)
734 * Return a malloced string with a default recipient if there is any
735 * Fixme: We don't distinguish between malloc failure and no-default-recipient.
738 default_recipient (ctrl_t ctrl)
743 if (opt.def_recipient)
744 return xtrystrdup (opt.def_recipient);
746 if (!opt.def_recipient_self)
748 pk = xtrycalloc (1, sizeof *pk );
751 if (get_seckey_default (ctrl, pk))
753 free_public_key (pk);
756 result = hexfingerprint (pk, NULL, 0);
757 free_public_key (pk);
763 expand_id(const char *id,strlist_t *into,unsigned int flags)
765 struct groupitem *groups;
768 for(groups=opt.grouplist;groups;groups=groups->next)
770 /* need strcasecmp() here, as this should be localized */
771 if(strcasecmp(groups->name,id)==0)
775 /* this maintains the current utf8-ness */
776 for(each=groups->values;each;each=each->next)
778 sl=add_to_strlist(into,each->d);
790 /* For simplicity, and to avoid potential loops, we only expand once -
791 * you can't make an alias that points to an alias. */
793 expand_group (strlist_t input)
795 strlist_t output = NULL;
798 for (rover = input; rover; rover = rover->next)
799 if (!(rover->flags & PK_LIST_FROM_FILE)
800 && !expand_id(rover->d,&output,rover->flags))
802 /* Didn't find any groups, so use the existing string */
803 sl=add_to_strlist(&output,rover->d);
804 sl->flags=rover->flags;
811 /* Helper for build_pk_list to find and check one key. This helper is
812 * also used directly in server mode by the RECIPIENTS command. On
813 * success the new key is added to PK_LIST_ADDR. NAME is the user id
814 * of the key. USE the requested usage and a set MARK_HIDDEN will
815 * mark the key in the updated list as a hidden recipient. If
816 * FROM_FILE is true, NAME is not a user ID but the name of a file
819 find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
820 int mark_hidden, int from_file, pk_list_t *pk_list_addr)
824 KBNODE keyblock = NULL;
827 return gpg_error (GPG_ERR_INV_USER_ID);
829 pk = xtrycalloc (1, sizeof *pk);
831 return gpg_error_from_syserror ();
835 rc = get_pubkey_fromfile (ctrl, pk, name);
837 rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0, 0);
842 /* Key not found or other error. */
843 log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
844 switch (gpg_err_code (rc))
846 case GPG_ERR_NO_SECKEY:
847 case GPG_ERR_NO_PUBKEY: code = 1; break;
848 case GPG_ERR_INV_USER_ID: code = 14; break;
849 default: code = 0; break;
851 send_status_inv_recp (code, name);
852 free_public_key (pk);
856 rc = openpgp_pk_test_algo2 (pk->pubkey_algo, use);
859 /* Key found but not usable for us (e.g. sign-only key). */
860 release_kbnode (keyblock);
861 send_status_inv_recp (3, name); /* Wrong key usage */
862 log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
863 free_public_key (pk);
867 /* Key found and usable. Check validity. */
872 trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1);
873 release_kbnode (keyblock);
874 if ( (trustlevel & TRUST_FLAG_DISABLED) )
876 /* Key has been disabled. */
877 send_status_inv_recp (13, name);
878 log_info (_("%s: skipped: public key is disabled\n"), name);
879 free_public_key (pk);
880 return GPG_ERR_UNUSABLE_PUBKEY;
883 if ( !do_we_trust_pre (ctrl, pk, trustlevel) )
885 /* We don't trust this key. */
886 send_status_inv_recp (10, name);
887 free_public_key (pk);
888 return GPG_ERR_UNUSABLE_PUBKEY;
892 /* Skip the actual key if the key is already present in the
894 if (!key_present_in_pk_list (*pk_list_addr, pk))
897 log_info (_("%s: skipped: public key already present\n"), name);
898 free_public_key (pk);
904 r = xtrymalloc (sizeof *r);
907 rc = gpg_error_from_syserror ();
908 free_public_key (pk);
912 r->next = *pk_list_addr;
913 r->flags = mark_hidden? 1:0;
922 /* This is the central function to collect the keys for recipients.
923 * It is thus used to prepare a public key encryption. encrypt-to
924 * keys, default keys and the keys for the actual recipients are all
925 * collected here. When not in batch mode and no recipient has been
926 * passed on the commandline, the function will also ask for
929 * RCPTS is a string list with the recipients; NULL is an allowed
930 * value but not very useful. Group expansion is done on these names;
931 * they may be in any of the user Id formats we can handle. The flags
932 * bits for each string in the string list are used for:
934 * - PK_LIST_ENCRYPT_TO :: This is an encrypt-to recipient.
935 * - PK_LIST_HIDDEN :: This is a hidden recipient.
936 * - PK_LIST_FROM_FILE :: The argument is a file with a key.
938 * On success a list of keys is stored at the address RET_PK_LIST; the
939 * caller must free this list. On error the value at this address is
943 build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
945 PK_LIST pk_list = NULL;
946 PKT_public_key *pk=NULL;
948 int any_recipients=0;
949 strlist_t rov,remusr;
950 char *def_rec = NULL;
951 char pkstrbuf[PUBKEY_STRING_SIZE];
953 /* Try to expand groups if any have been defined. */
955 remusr = expand_group (rcpts);
959 /* XXX: Change this function to use get_pubkeys instead of
960 get_pubkey_byname to detect ambiguous key specifications and warn
961 about duplicate keyblocks. For ambiguous key specifications on
962 the command line or provided interactively, prompt the user to
963 select the best key. If a key specification is ambiguous and we
964 are in batch mode, die. */
966 if (opt.encrypt_to_default_key)
970 const char *default_key = parse_def_secret_key (ctrl);
973 PK_LIST r = xmalloc_clear (sizeof *r);
975 r->pk = xmalloc_clear (sizeof *r->pk);
976 r->pk->req_usage = PUBKEY_USAGE_ENC;
978 rc = get_pubkey_byname (ctrl, NULL, r->pk, default_key,
985 log_error (_("can't encrypt to '%s'\n"), default_key);
987 log_info (_("(check argument of option '%s')\n"),
997 else if (opt.def_secret_key)
1000 log_info (_("option '%s' given, but no valid default keys given\n"),
1001 "--encrypt-to-default-key");
1007 log_info (_("option '%s' given, but option '%s' not given\n"),
1008 "--encrypt-to-default-key", "--default-key");
1013 /* Check whether there are any recipients in the list and build the
1014 * list of the encrypt-to ones (we always trust them). */
1015 for ( rov = remusr; rov; rov = rov->next )
1017 if ( !(rov->flags & PK_LIST_ENCRYPT_TO) )
1019 /* This is a regular recipient; i.e. not an encrypt-to
1023 /* Hidden recipients are not allowed while in PGP mode,
1024 issue a warning and switch into GnuPG mode. */
1025 if ((rov->flags & PK_LIST_HIDDEN) && (PGP6 || PGP7 || PGP8))
1027 log_info(_("option '%s' may not be used in %s mode\n"),
1028 "--hidden-recipient",
1029 gnupg_compliance_option_string (opt.compliance));
1031 compliance_failure();
1034 else if (!opt.no_encrypt_to)
1036 /* --encrypt-to has not been disabled. Check this
1038 pk = xmalloc_clear( sizeof *pk );
1039 pk->req_usage = PUBKEY_USAGE_ENC;
1041 /* We explicitly allow encrypt-to to an disabled key; thus
1042 we pass 1 for the second last argument and 1 as the last
1043 argument to disable AKL. */
1044 if ( (rc = get_pubkey_byname (ctrl,
1045 NULL, pk, rov->d, NULL, NULL, 1, 1)) )
1047 free_public_key ( pk ); pk = NULL;
1048 log_error (_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
1049 send_status_inv_recp (0, rov->d);
1052 else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo,
1053 PUBKEY_USAGE_ENC)) )
1055 /* Skip the actual key if the key is already present
1056 * in the list. Add it to our list if not. */
1057 if (key_present_in_pk_list(pk_list, pk) == 0)
1059 free_public_key (pk); pk = NULL;
1061 log_info (_("%s: skipped: public key already present\n"),
1067 r = xmalloc( sizeof *r );
1068 r->pk = pk; pk = NULL;
1070 r->flags = (rov->flags&PK_LIST_HIDDEN)?1:0;
1073 /* Hidden encrypt-to recipients are not allowed while
1074 in PGP mode, issue a warning and switch into
1076 if ((r->flags&PK_LIST_ENCRYPT_TO) && (PGP6 || PGP7 || PGP8))
1078 log_info(_("option '%s' may not be used in %s mode\n"),
1079 "--hidden-encrypt-to",
1080 gnupg_compliance_option_string (opt.compliance));
1082 compliance_failure();
1088 /* The public key is not usable for encryption. */
1089 free_public_key( pk ); pk = NULL;
1090 log_error(_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
1091 send_status_inv_recp (3, rov->d); /* Wrong key usage */
1097 /* If we don't have any recipients yet and we are not in batch mode
1098 drop into interactive selection mode. */
1099 if ( !any_recipients && !opt.batch )
1102 char *answer = NULL;
1103 strlist_t backlog = NULL;
1107 def_rec = default_recipient(ctrl);
1108 have_def_rec = !!def_rec;
1109 if ( !have_def_rec )
1110 tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n"));
1118 /* A default recipient is taken as the first entry. */
1124 /* This is part of our trick to expand and display groups. */
1125 answer = strlist_pop (&backlog);
1129 /* Show the list of already collected recipients and ask
1134 tty_printf(_("Current recipients:\n"));
1135 for (iter=pk_list;iter;iter=iter->next)
1139 keyid_from_pk(iter->pk,keyid);
1140 tty_printf ("%s/%s %s \"",
1141 pubkey_string (iter->pk,
1142 pkstrbuf, sizeof pkstrbuf),
1144 datestr_from_pk (iter->pk));
1146 if (iter->pk->user_id)
1147 tty_print_utf8_string(iter->pk->user_id->name,
1148 iter->pk->user_id->len);
1152 char *p = get_user_id (ctrl, keyid, &n );
1153 tty_print_utf8_string ( p, n );
1159 answer = cpr_get_utf8("pklist.user_id.enter",
1160 _("\nEnter the user ID. "
1161 "End with an empty line: "));
1162 trim_spaces(answer);
1166 if ( !answer || !*answer )
1169 break; /* No more recipients entered - get out of loop. */
1172 /* Do group expand here too. The trick here is to continue
1173 the loop if any expansion occurred. The code above will
1174 then list all expanded keys. */
1175 if (expand_id(answer,&backlog,0))
1178 /* Get and check key for the current name. */
1179 free_public_key (pk);
1180 pk = xmalloc_clear( sizeof *pk );
1181 pk->req_usage = PUBKEY_USAGE_ENC;
1182 rc = get_pubkey_byname (ctrl, NULL, pk, answer, NULL, NULL, 0, 0 );
1184 tty_printf(_("No such user ID.\n"));
1185 else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo,
1186 PUBKEY_USAGE_ENC)) )
1190 /* No validation for a default recipient. */
1191 if (!key_present_in_pk_list(pk_list, pk))
1193 free_public_key (pk);
1195 log_info (_("skipped: public key "
1196 "already set as default recipient\n") );
1200 PK_LIST r = xmalloc (sizeof *r);
1201 r->pk = pk; pk = NULL;
1203 r->flags = 0; /* No throwing default ids. */
1210 { /* Check validity of this key. */
1214 get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
1215 if ( (trustlevel & TRUST_FLAG_DISABLED) )
1217 tty_printf (_("Public key is disabled.\n") );
1219 else if ( do_we_trust_pre (ctrl, pk, trustlevel) )
1221 /* Skip the actual key if the key is already
1222 * present in the list */
1223 if (!key_present_in_pk_list(pk_list, pk))
1225 free_public_key (pk);
1227 log_info(_("skipped: public key already set\n") );
1232 r = xmalloc( sizeof *r );
1233 r->pk = pk; pk = NULL;
1235 r->flags = 0; /* No throwing interactive ids. */
1243 xfree(def_rec); def_rec = NULL;
1248 free_public_key( pk );
1252 else if ( !any_recipients && (def_rec = default_recipient(ctrl)) )
1254 /* We are in batch mode and have only a default recipient. */
1255 pk = xmalloc_clear( sizeof *pk );
1256 pk->req_usage = PUBKEY_USAGE_ENC;
1258 /* The default recipient is allowed to be disabled; thus pass 1
1259 as second last argument. We also don't want an AKL. */
1260 rc = get_pubkey_byname (ctrl, NULL, pk, def_rec, NULL, NULL, 1, 1);
1262 log_error(_("unknown default recipient \"%s\"\n"), def_rec );
1263 else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo,
1264 PUBKEY_USAGE_ENC)) )
1266 /* Mark any_recipients here since the default recipient
1267 would have been used if it wasn't already there. It
1268 doesn't really matter if we got this key from the default
1269 recipient or an encrypt-to. */
1271 if (!key_present_in_pk_list(pk_list, pk))
1272 log_info (_("skipped: public key already set "
1273 "as default recipient\n"));
1276 PK_LIST r = xmalloc( sizeof *r );
1277 r->pk = pk; pk = NULL;
1279 r->flags = 0; /* No throwing default ids. */
1285 free_public_key( pk );
1288 xfree(def_rec); def_rec = NULL;
1292 /* General case: Check all keys. */
1294 for (; remusr; remusr = remusr->next )
1296 if ( (remusr->flags & PK_LIST_ENCRYPT_TO) )
1297 continue; /* encrypt-to keys are already handled. */
1299 rc = find_and_check_key (ctrl, remusr->d, PUBKEY_USAGE_ENC,
1300 !!(remusr->flags&PK_LIST_HIDDEN),
1301 !!(remusr->flags&PK_LIST_FROM_FILE),
1309 if ( !rc && !any_recipients )
1311 log_error(_("no valid addressees\n"));
1312 write_status_text (STATUS_NO_RECP, "0");
1313 rc = GPG_ERR_NO_USER_ID;
1317 if (! rc && (opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
1320 for (iter = pk_list; iter; iter = iter->next)
1324 /* Note: we already resolved any conflict when looking up
1325 the key. Don't annoy the user again if she selected
1327 rc2 = tofu_register_encryption (ctrl, iter->pk, NULL, 0);
1329 log_info ("WARNING: Failed to register encryption to %s"
1330 " with TOFU engine\n",
1331 keystr (pk_main_keyid (iter->pk)));
1333 log_debug ("Registered encryption to %s with TOFU DB.\n",
1334 keystr (pk_main_keyid (iter->pk)));
1342 release_pk_list( pk_list );
1344 *ret_pk_list = pk_list;
1346 free_strlist(remusr);
1351 /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
1352 CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
1353 and all compressions except none (0) and ZIP (1). pgp7 and pgp8
1354 mode expands the cipher list to include AES128 (7), AES192 (8),
1355 AES256 (9), and TWOFISH (10). pgp8 adds the SHA-256 hash (8). For
1356 a true PGP key all of this is unneeded as they are the only items
1357 present in the preferences subpacket, but checking here covers the
1358 weird case of encrypting to a key that had preferences from a
1359 different implementation which was then used with PGP. I am not
1360 completely comfortable with this as the right thing to do, as it
1361 slightly alters the list of what the user is supposedly requesting.
1362 It is not against the RFC however, as the preference chosen will
1363 never be one that the user didn't specify somewhere ("The
1364 implementation may use any mechanism to pick an algorithm in the
1365 intersection"), and PGP has no mechanism to fix such a broken
1366 preference list, so I'm including it. -dms */
1369 algo_available( preftype_t preftype, int algo, const union pref_hint *hint)
1371 if( preftype == PREFTYPE_SYM )
1373 if(PGP6 && (algo != CIPHER_ALGO_IDEA
1374 && algo != CIPHER_ALGO_3DES
1375 && algo != CIPHER_ALGO_CAST5))
1378 if(PGP7 && (algo != CIPHER_ALGO_IDEA
1379 && algo != CIPHER_ALGO_3DES
1380 && algo != CIPHER_ALGO_CAST5
1381 && algo != CIPHER_ALGO_AES
1382 && algo != CIPHER_ALGO_AES192
1383 && algo != CIPHER_ALGO_AES256
1384 && algo != CIPHER_ALGO_TWOFISH))
1387 /* PGP8 supports all the ciphers we do.. */
1389 return algo && !openpgp_cipher_test_algo ( algo );
1391 else if( preftype == PREFTYPE_HASH )
1393 if (hint && hint->digest_length)
1395 if (hint->digest_length!=20 || opt.flags.dsa2)
1397 /* If --enable-dsa2 is set or the hash isn't 160 bits
1398 (which implies DSA2), then we'll accept a hash that
1399 is larger than we need. Otherwise we won't accept
1400 any hash that isn't exactly the right size. */
1401 if (hint->digest_length > gcry_md_get_algo_dlen (algo))
1404 else if (hint->digest_length != gcry_md_get_algo_dlen (algo))
1408 if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
1409 && algo != DIGEST_ALGO_SHA1
1410 && algo != DIGEST_ALGO_RMD160))
1414 if(PGP8 && (algo != DIGEST_ALGO_MD5
1415 && algo != DIGEST_ALGO_SHA1
1416 && algo != DIGEST_ALGO_RMD160
1417 && algo != DIGEST_ALGO_SHA256))
1420 return algo && !openpgp_md_test_algo (algo);
1422 else if( preftype == PREFTYPE_ZIP )
1424 if((PGP6 || PGP7) && (algo != COMPRESS_ALGO_NONE
1425 && algo != COMPRESS_ALGO_ZIP))
1428 /* PGP8 supports all the compression algos we do */
1430 return !check_compress_algo( algo );
1437 * Return -1 if we could not find an algorithm.
1440 select_algo_from_prefs(PK_LIST pk_list, int preftype,
1441 int request, const union pref_hint *hint)
1445 const prefitem_t *prefs;
1452 memset(bits,0xFF,sizeof(bits));
1453 memset(scores,0,sizeof(scores));
1455 for( pkr = pk_list; pkr; pkr = pkr->next )
1458 int rank=1,implicit=-1;
1460 memset(mask,0,sizeof(mask));
1465 /* IDEA is implicitly there for v3 keys with v3 selfsigs if
1466 --pgp2 mode is on. This was a 2440 thing that was
1467 dropped from 4880 but is still relevant to GPG's 1991
1468 support. All this doesn't mean IDEA is actually
1469 available, of course. */
1470 implicit=CIPHER_ALGO_3DES;
1474 /* No implicit algo. */
1478 /* While I am including this code for completeness, note
1479 that currently --pgp2 mode locks the hash at MD5, so this
1480 code will never even be called. Even if the hash wasn't
1481 locked at MD5, we don't support sign+encrypt in --pgp2
1482 mode, and that's the only time PREFTYPE_HASH is used
1485 implicit=DIGEST_ALGO_SHA1;
1490 /* Uncompressed is always an option. */
1491 implicit=COMPRESS_ALGO_NONE;
1494 if (pkr->pk->user_id) /* selected by user ID */
1495 prefs = pkr->pk->user_id->prefs;
1497 prefs = pkr->pk->prefs;
1501 for (i=0; prefs[i].type; i++ )
1503 if( prefs[i].type == preftype )
1505 /* Make sure all scores don't add up past 0xFFFF
1506 (and roll around) */
1507 if(rank+scores[prefs[i].value]<=0xFFFF)
1508 scores[prefs[i].value]+=rank;
1510 scores[prefs[i].value]=0xFFFF;
1512 mask[prefs[i].value/32] |= 1<<(prefs[i].value%32);
1516 /* We saw the implicit algorithm, so we don't need
1517 tack it on the end ourselves. */
1518 if(implicit==prefs[i].value)
1524 if(rank==1 && preftype==PREFTYPE_ZIP)
1526 /* If the compression preferences are not present, they are
1527 assumed to be ZIP, Uncompressed (RFC4880:13.3.1) */
1528 scores[1]=1; /* ZIP is first choice */
1529 scores[0]=2; /* Uncompressed is second choice */
1533 /* If the key didn't have the implicit algorithm listed
1534 explicitly, add it here at the tail of the list. */
1537 scores[implicit]+=rank;
1538 mask[implicit/32] |= 1<<(implicit%32);
1545 /* We've now scored all of the algorithms, and the usable ones have
1546 bits set. Let's pick the winner. */
1548 /* The caller passed us a request. Can we use it? */
1549 if(request>-1 && (bits[request/32] & (1<<(request%32))) &&
1550 algo_available(preftype,request,hint))
1555 /* If we have personal prefs set, use them. */
1557 if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs)
1558 prefs=opt.personal_cipher_prefs;
1559 else if(preftype==PREFTYPE_AEAD && opt.personal_aead_prefs)
1560 prefs=opt.personal_aead_prefs;
1561 else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs)
1562 prefs=opt.personal_digest_prefs;
1563 else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs)
1564 prefs=opt.personal_compress_prefs;
1567 for(i=0; prefs[i].type; i++ )
1569 if(bits[prefs[i].value/32] & (1<<(prefs[i].value%32))
1570 && algo_available( preftype, prefs[i].value, hint))
1572 result = prefs[i].value;
1580 unsigned int best=-1;
1582 /* At this point, we have not selected an algorithm due to a
1583 special request or via personal prefs. Pick the highest
1584 ranked algorithm (i.e. the one with the lowest score). */
1586 if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5])
1588 /* "If you are building an authentication system, the recipient
1589 may specify a preferred signing algorithm. However, the
1590 signer would be foolish to use a weak algorithm simply
1591 because the recipient requests it." (RFC4880:14). If any
1592 other hash algorithm is available, pretend that MD5 isn't.
1593 Note that if the user intentionally chose MD5 by putting it
1594 in their personal prefs, then we do what the user said (as we
1595 never reach this code). */
1597 for(i=DIGEST_ALGO_MD5+1;i<256;i++)
1600 scores[DIGEST_ALGO_MD5]=0;
1607 /* Note the '<' here. This means in case of a tie, we will
1608 favor the lower algorithm number. We have a choice
1609 between the lower number (probably an older algorithm
1610 with more time in use), or the higher number (probably a
1611 newer algorithm with less time in use). Older is
1612 probably safer here, even though the newer algorithms
1613 tend to be "stronger". */
1614 if(scores[i] && scores[i]<best
1615 && (bits[i/32] & (1<<(i%32)))
1616 && algo_available(preftype,i,hint))
1628 * Select the MDC flag from the pk_list. We can only use MDC if all
1629 * recipients support this feature.
1632 select_mdc_from_pklist (PK_LIST pk_list)
1639 for (pkr = pk_list; pkr; pkr = pkr->next)
1643 if (pkr->pk->user_id) /* selected by user ID */
1644 mdc = pkr->pk->user_id->flags.mdc;
1646 mdc = pkr->pk->flags.mdc;
1648 return 0; /* At least one recipient does not support it. */
1650 return 1; /* Can be used. */
1654 /* Select the AEAD flag from the pk_list. We can only use AEAD if all
1655 * recipients support this feature. Returns the AEAD to be used or 0
1656 * if AEAD shall not be used. */
1658 select_aead_from_pklist (PK_LIST pk_list)
1666 for (pkr = pk_list; pkr; pkr = pkr->next)
1668 if (pkr->pk->user_id) /* selected by user ID */
1669 aead = pkr->pk->user_id->flags.aead;
1671 aead = pkr->pk->flags.aead;
1673 return 0; /* At least one recipient does not support it. */
1676 return default_aead_algo (); /* Yes, AEAD can be used. */
1680 /* Print a warning for all keys in PK_LIST missing the MDC feature. */
1682 warn_missing_mdc_from_pklist (PK_LIST pk_list)
1686 for (pkr = pk_list; pkr; pkr = pkr->next)
1690 if (pkr->pk->user_id) /* selected by user ID */
1691 mdc = pkr->pk->user_id->flags.mdc;
1693 mdc = pkr->pk->flags.mdc;
1695 log_info (_("Note: key %s has no %s feature\n"),
1696 keystr_from_pk (pkr->pk), "MDC");
1701 warn_missing_aes_from_pklist (PK_LIST pk_list)
1705 for (pkr = pk_list; pkr; pkr = pkr->next)
1707 const prefitem_t *prefs;
1711 prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
1714 for (i=0; !gotit && prefs[i].type; i++ )
1715 if (prefs[i].type == PREFTYPE_SYM
1716 && prefs[i].value == CIPHER_ALGO_AES)
1720 log_info (_("Note: key %s has no preference for %s\n"),
1721 keystr_from_pk (pkr->pk), "AES");
projects / gnupg.git / blob