1 /* pkclist.c - create a list of public keys
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
41 #define CONTROL_D ('D' - 'A' + 1)
44 send_status_inv_recp (int reason, const char *name)
48 snprintf (buf, sizeof buf, "%d ", reason);
49 write_status_text_and_buffer (STATUS_INV_RECP, buf,
56 * Show the revocation reason as it is stored with the given signature
59 do_show_revocation_reason( PKT_signature *sig )
66 while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
69 continue; /* invalid - just skip it */
72 text = _("No reason specified");
74 text = _("Key is superseded");
76 text = _("Key has been compromised");
78 text = _("Key is no longer used");
80 text = _("User ID is no longer valid");
84 log_info ( _("reason for revocation: "));
86 log_printf ("%s\n", text);
88 log_printf ("code=%02x\n", *p );
92 /* We don't want any empty lines, so skip them */
93 while( n && *p == '\n' ) {
98 pp = memchr( p, '\n', n );
100 log_info ( _("revocation comment: ") );
101 es_write_sanitized (log_get_stream(), p, nn, NULL, NULL);
109 /* Mode 0: try and find the revocation based on the pk (i.e. check
110 subkeys, etc.) Mode 1: use only the revocation on the main pk */
113 show_revocation_reason( PKT_public_key *pk, int mode )
115 /* Hmmm, this is not so easy becuase we have to duplicate the code
116 * used in the trustbd to calculate the keyflags. We need to find
117 * a clean way to check revocation certificates on keys and
118 * signatures. And there should be no duplicate code. Because we
119 * enter this function only when the trustdb told us that we have
120 * a revoked key, we could simply look for a revocation cert and
121 * display this one, when there is only one. Let's try to do this
122 * until we have a better solution. */
123 KBNODE node, keyblock = NULL;
124 byte fingerprint[MAX_FINGERPRINT_LEN];
128 /* get the keyblock */
129 fingerprint_from_pk( pk, fingerprint, &fingerlen );
130 rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
131 if( rc ) { /* that should never happen */
132 log_debug( "failed to get the keyblock\n");
136 for( node=keyblock; node; node = node->next ) {
137 if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
138 ( ( node->pkt->pkttype == PKT_PUBLIC_KEY
139 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
140 && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
144 log_debug("Oops, PK not in keyblock\n");
145 release_kbnode( keyblock );
148 /* now find the revocation certificate */
149 for( node = node->next; node ; node = node->next ) {
150 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
152 if( node->pkt->pkttype == PKT_SIGNATURE
153 && (node->pkt->pkt.signature->sig_class == 0x20
154 || node->pkt->pkt.signature->sig_class == 0x28 ) ) {
155 /* FIXME: we should check the signature here */
156 do_show_revocation_reason ( node->pkt->pkt.signature );
161 /* We didn't find it, so check if the whole key is revoked */
163 show_revocation_reason(pk,1);
165 release_kbnode( keyblock );
171 * 1 = Without key info and additional menu option 'm'
172 * this does also add an option to set the key to ultimately trusted.
174 * -2 = nothing changed - caller should show some additional info
175 * -1 = quit operation
176 * 0 = nothing changed
177 * 1 = new ownertrust now in new_trust
179 #ifndef NO_TRUST_MODELS
181 do_edit_ownertrust (PKT_public_key *pk, int mode,
182 unsigned *new_trust, int defer_help )
190 int did_help=defer_help;
191 unsigned int minimum = tdb_get_min_ownertrust (pk);
192 char pkstrbuf[PUBKEY_STRING_SIZE];
197 case TRUST_UNDEFINED: min_num=1; break;
198 case TRUST_NEVER: min_num=2; break;
199 case TRUST_MARGINAL: min_num=3; break;
200 case TRUST_FULLY: min_num=4; break;
203 keyid_from_pk (pk, keyid);
205 /* A string with valid answers.
207 TRANSLATORS: These are the allowed answers in lower and
208 uppercase. Below you will find the matching strings which
209 should be translated accordingly and the letter changed to
210 match the one in the answer string.
212 i = please show me more information
213 m = back to the main menu
217 const char *ans = _("iImMqQsS");
225 tty_printf(_("No trust value assigned to:\n"));
226 tty_printf("%s/%s %s\n",
227 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
228 keystr(keyid), datestr_from_pk( pk ) );
229 p=get_user_id_native(keyid);
230 tty_printf(_(" \"%s\"\n"),p);
233 keyblock = get_pubkeyblock (keyid);
236 for (un=keyblock; un; un = un->next)
238 if (un->pkt->pkttype != PKT_USER_ID )
240 if (un->pkt->pkt.user_id->is_revoked )
242 if (un->pkt->pkt.user_id->is_expired )
244 /* Only skip textual primaries */
245 if (un->pkt->pkt.user_id->is_primary
246 && !un->pkt->pkt.user_id->attrib_data )
249 if((opt.verify_options&VERIFY_SHOW_PHOTOS)
250 && un->pkt->pkt.user_id->attrib_data)
251 show_photos (un->pkt->pkt.user_id->attribs,
252 un->pkt->pkt.user_id->numattribs, pk,
253 un->pkt->pkt.user_id);
255 p=utf8_to_native(un->pkt->pkt.user_id->name,
256 un->pkt->pkt.user_id->len,0);
258 tty_printf(_(" aka \"%s\"\n"),p);
261 print_fingerprint (NULL, pk, 2);
263 release_kbnode (keyblock);
266 if(opt.trust_model==TM_DIRECT)
268 tty_printf(_("How much do you trust that this key actually "
269 "belongs to the named user?\n"));
274 /* This string also used in keyedit.c:trustsig_prompt */
275 tty_printf(_("Please decide how far you trust this user to"
276 " correctly verify other users' keys\n"
277 "(by looking at passports, checking fingerprints from"
278 " different sources, etc.)\n"));
283 tty_printf (_(" %d = I don't know or won't say\n"), 1);
285 tty_printf (_(" %d = I do NOT trust\n"), 2);
287 tty_printf (_(" %d = I trust marginally\n"), 3);
289 tty_printf (_(" %d = I trust fully\n"), 4);
291 tty_printf (_(" %d = I trust ultimately\n"), 5);
293 /* not yet implemented */
294 tty_printf (" i = please show me more information\n");
297 tty_printf(_(" m = back to the main menu\n"));
300 tty_printf(_(" s = skip this key\n"));
301 tty_printf(_(" q = quit\n"));
305 tty_printf(_("The minimum trust level for this key is: %s\n\n"),
306 trust_value_to_string(minimum));
309 if( strlen(ans) != 8 )
311 p = cpr_get("edit_ownertrust.value",_("Your decision? "));
316 else if( *p && p[1] )
318 else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
323 case '1': trust = TRUST_UNDEFINED; break;
324 case '2': trust = TRUST_NEVER ; break;
325 case '3': trust = TRUST_MARGINAL ; break;
326 case '4': trust = TRUST_FULLY ; break;
327 case '5': trust = TRUST_ULTIMATE ; break;
330 if (trust == TRUST_ULTIMATE
331 && !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay",
332 _("Do you really want to set this key"
333 " to ultimate trust? (y/N) ")))
343 /* not yet implemented */
344 else if( *p == ans[0] || *p == ans[1] )
346 tty_printf(_("Certificates leading to an ultimately trusted key:\n"));
351 else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) )
353 break ; /* back to the menu */
355 else if( !mode && (*p == ans[6] || *p == ans[7] ) )
359 else if( !mode && (*p == ans[4] || *p == ans[5] ) )
362 break ; /* back to the menu */
367 return show? -2: quit? -1 : changed;
369 #endif /*!NO_TRUST_MODELS*/
373 * Display a menu to change the ownertrust of the key PK (which should
375 * For mode values see do_edit_ownertrust ()
377 #ifndef NO_TRUST_MODELS
379 edit_ownertrust (PKT_public_key *pk, int mode )
381 unsigned int trust = 0;
386 switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) )
390 case -2: /* show info */
393 case 1: /* trust value set */
394 trust &= ~TRUST_FLAG_DISABLED;
395 trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED;
396 update_ownertrust (pk, trust );
403 #endif /*!NO_TRUST_MODELS*/
407 * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
408 * Returns: true if we trust.
411 do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
413 /* We should not be able to get here with a revoked or expired
415 if(trustlevel & TRUST_FLAG_REVOKED
416 || trustlevel & TRUST_FLAG_SUB_REVOKED
417 || (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
420 if( opt.trust_model==TM_ALWAYS )
423 log_info("No trust check due to '--trust-model always' option\n");
427 switch(trustlevel & TRUST_MASK)
430 log_error ("invalid trustlevel %u returned from validation layer\n",
434 case TRUST_UNDEFINED:
435 log_info(_("%s: There is no assurance this key belongs"
436 " to the named user\n"),keystr_from_pk(pk));
440 log_info(_("%s: There is limited assurance this key belongs"
441 " to the named user\n"),keystr_from_pk(pk));
446 log_info(_("This key probably belongs to the named user\n"));
451 log_info(_("This key belongs to us\n"));
455 return 1; /*NOTREACHED*/
460 * wrapper around do_we_trust, so we can ask whether to use the
464 do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
468 rc = do_we_trust( pk, trustlevel );
470 if( !opt.batch && !rc )
472 print_pubkey_info(NULL,pk);
473 print_fingerprint (NULL, pk, 2);
477 _("It is NOT certain that the key belongs to the person named\n"
478 "in the user ID. If you *really* know what you are doing,\n"
479 "you may answer the next question with yes.\n"));
484 if (is_status_enabled ())
489 keyid_from_pk (pk, kid);
490 hint_str = get_long_user_id_string ( kid );
491 write_status_text ( STATUS_USERID_HINT, hint_str );
495 if( cpr_get_answer_is_yes("untrusted_key.override",
496 _("Use this key anyway? (y/N) ")) )
499 /* Hmmm: Should we set a flag to tell the user about
500 * his decision the next time he encrypts for this recipient?
509 * Check whether we can trust this signature.
510 * Returns: Error if we shall not trust this signatures.
513 check_signatures_trust( PKT_signature *sig )
515 PKT_public_key *pk = xmalloc_clear( sizeof *pk );
516 unsigned int trustlevel;
519 rc = get_pubkey( pk, sig->keyid );
521 { /* this should not happen */
522 log_error("Ooops; the key vanished - can't check the trust\n");
523 rc = GPG_ERR_NO_PUBKEY;
527 if ( opt.trust_model==TM_ALWAYS )
530 log_info(_("WARNING: Using untrusted key!\n"));
531 if (opt.with_fingerprint)
532 print_fingerprint (NULL, pk, 1);
536 if(pk->flags.maybe_revoked && !pk->flags.revoked)
537 log_info(_("WARNING: this key might be revoked (revocation key"
540 trustlevel = get_validity (pk, NULL);
542 if ( (trustlevel & TRUST_FLAG_REVOKED) )
544 write_status( STATUS_KEYREVOKED );
545 if(pk->flags.revoked == 2)
546 log_info(_("WARNING: This key has been revoked by its"
547 " designated revoker!\n"));
549 log_info(_("WARNING: This key has been revoked by its owner!\n"));
550 log_info(_(" This could mean that the signature is forged.\n"));
551 show_revocation_reason( pk, 0 );
553 else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
555 write_status( STATUS_KEYREVOKED );
556 log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
557 show_revocation_reason( pk, 0 );
560 if ((trustlevel & TRUST_FLAG_DISABLED))
561 log_info (_("Note: This key has been disabled.\n"));
563 /* If we have PKA information adjust the trustlevel. */
564 if (sig->pka_info && sig->pka_info->valid)
566 unsigned char fpr[MAX_FINGERPRINT_LEN];
567 PKT_public_key *primary_pk;
572 primary_pk = xmalloc_clear (sizeof *primary_pk);
573 get_pubkey (primary_pk, pk->main_keyid);
574 fingerprint_from_pk (primary_pk, fpr, &fprlen);
575 free_public_key (primary_pk);
577 if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
580 write_status_text (STATUS_PKA_TRUST_GOOD, sig->pka_info->email);
581 log_info (_("Note: Verified signer's address is '%s'\n"),
582 sig->pka_info->email);
587 write_status_text (STATUS_PKA_TRUST_BAD, sig->pka_info->email);
588 log_info (_("Note: Signer's address '%s' "
589 "does not match DNS entry\n"), sig->pka_info->email);
592 switch ( (trustlevel & TRUST_MASK) )
595 case TRUST_UNDEFINED:
597 if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
599 trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
600 log_info (_("trustlevel adjusted to FULL"
601 " due to valid PKA info\n"));
607 trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_NEVER);
608 log_info (_("trustlevel adjusted to NEVER"
609 " due to bad PKA info\n"));
615 /* Now let the user know what up with the trustlevel. */
616 switch ( (trustlevel & TRUST_MASK) )
619 log_info(_("Note: This key has expired!\n"));
620 print_fingerprint (NULL, pk, 1);
624 log_error ("invalid trustlevel %u returned from validation layer\n",
628 case TRUST_UNDEFINED:
629 write_status( STATUS_TRUST_UNDEFINED );
630 log_info(_("WARNING: This key is not certified with"
631 " a trusted signature!\n"));
632 log_info(_(" There is no indication that the "
633 "signature belongs to the owner.\n" ));
634 print_fingerprint (NULL, pk, 1);
638 /* currently we won't get that status */
639 write_status( STATUS_TRUST_NEVER );
640 log_info(_("WARNING: We do NOT trust this key!\n"));
641 log_info(_(" The signature is probably a FORGERY.\n"));
642 if (opt.with_fingerprint)
643 print_fingerprint (NULL, pk, 1);
644 rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
648 write_status( STATUS_TRUST_MARGINAL );
649 log_info(_("WARNING: This key is not certified with"
650 " sufficiently trusted signatures!\n"));
651 log_info(_(" It is not certain that the"
652 " signature belongs to the owner.\n" ));
653 print_fingerprint (NULL, pk, 1);
657 write_status( STATUS_TRUST_FULLY );
658 if (opt.with_fingerprint)
659 print_fingerprint (NULL, pk, 1);
663 write_status( STATUS_TRUST_ULTIMATE );
664 if (opt.with_fingerprint)
665 print_fingerprint (NULL, pk, 1);
670 free_public_key( pk );
676 release_pk_list (pk_list_t pk_list)
680 for ( ; pk_list; pk_list = pk_rover)
682 pk_rover = pk_list->next;
683 free_public_key ( pk_list->pk );
690 key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk)
692 for( ; pk_list; pk_list = pk_list->next)
693 if (cmp_public_keys(pk_list->pk, pk) == 0)
701 * Return a malloced string with a default recipient if there is any
704 default_recipient(void)
707 byte fpr[MAX_FINGERPRINT_LEN+1];
712 if( opt.def_recipient )
713 return xstrdup( opt.def_recipient );
714 if( !opt.def_recipient_self )
716 pk = xmalloc_clear( sizeof *pk );
717 i = get_seckey_byname (pk, NULL);
719 free_public_key( pk );
722 n = MAX_FINGERPRINT_LEN;
723 fingerprint_from_pk( pk, fpr, &n );
724 free_public_key( pk );
725 p = xmalloc( 2*n+3 );
728 for(i=0; i < n; i++ )
729 sprintf( p+2*i, "%02X", fpr[i] );
735 expand_id(const char *id,strlist_t *into,unsigned int flags)
737 struct groupitem *groups;
740 for(groups=opt.grouplist;groups;groups=groups->next)
742 /* need strcasecmp() here, as this should be localized */
743 if(strcasecmp(groups->name,id)==0)
747 /* this maintains the current utf8-ness */
748 for(each=groups->values;each;each=each->next)
750 sl=add_to_strlist(into,each->d);
762 /* For simplicity, and to avoid potential loops, we only expand once -
763 you can't make an alias that points to an alias. */
765 expand_group(strlist_t input)
767 strlist_t sl,output=NULL,rover;
769 for(rover=input;rover;rover=rover->next)
770 if(expand_id(rover->d,&output,rover->flags)==0)
772 /* Didn't find any groups, so use the existing string */
773 sl=add_to_strlist(&output,rover->d);
774 sl->flags=rover->flags;
781 /* Helper for build_pk_list to find and check one key. This helper is
782 also used directly in server mode by the RECIPIENTS command. On
783 success the new key is added to PK_LIST_ADDR. NAME is the user id
784 of the key. USE the requested usage and a set MARK_HIDDEN will mark
785 the key in the updated list as a hidden recipient. */
787 find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
788 int mark_hidden, pk_list_t *pk_list_addr)
795 return gpg_error (GPG_ERR_INV_USER_ID);
797 pk = xtrycalloc (1, sizeof *pk);
799 return gpg_error_from_syserror ();
802 rc = get_pubkey_byname (ctrl, NULL, pk, name, NULL, NULL, 0, 0);
807 /* Key not found or other error. */
808 log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
809 switch (gpg_err_code (rc))
811 case GPG_ERR_NO_SECKEY:
812 case GPG_ERR_NO_PUBKEY: code = 1; break;
813 case GPG_ERR_INV_USER_ID: code = 14; break;
814 default: code = 0; break;
816 send_status_inv_recp (code, name);
817 free_public_key (pk);
821 rc = openpgp_pk_test_algo2 (pk->pubkey_algo, use);
824 /* Key found but not usable for us (e.g. sign-only key). */
825 send_status_inv_recp (3, name); /* Wrong key usage */
826 log_error (_("%s: skipped: %s\n"), name, gpg_strerror (rc) );
827 free_public_key (pk);
831 /* Key found and usable. Check validity. */
832 trustlevel = get_validity (pk, pk->user_id);
833 if ( (trustlevel & TRUST_FLAG_DISABLED) )
835 /* Key has been disabled. */
836 send_status_inv_recp (13, name);
837 log_info (_("%s: skipped: public key is disabled\n"), name);
838 free_public_key (pk);
839 return GPG_ERR_UNUSABLE_PUBKEY;
842 if ( !do_we_trust_pre (pk, trustlevel) )
844 /* We don't trust this key. */
845 send_status_inv_recp (10, name);
846 free_public_key (pk);
847 return GPG_ERR_UNUSABLE_PUBKEY;
849 /* Note: do_we_trust may have changed the trustlevel. */
851 /* Skip the actual key if the key is already present in the
853 if (!key_present_in_pk_list (*pk_list_addr, pk))
856 log_info (_("%s: skipped: public key already present\n"), name);
857 free_public_key (pk);
863 r = xtrymalloc (sizeof *r);
866 rc = gpg_error_from_syserror ();
867 free_public_key (pk);
871 r->next = *pk_list_addr;
872 r->flags = mark_hidden? 1:0;
881 /* This is the central function to collect the keys for recipients.
882 It is thus used to prepare a public key encryption. encrypt-to
883 keys, default keys and the keys for the actual recipients are all
884 collected here. When not in batch mode and no recipient has been
885 passed on the commandline, the function will also ask for
888 RCPTS is a string list with the recipients; NULL is an allowed
889 value but not very useful. Group expansion is done on these names;
890 they may be in any of the user Id formats we can handle. The flags
891 bits for each string in the string list are used for:
892 Bit 0: This is an encrypt-to recipient.
893 Bit 1: This is a hidden recipient.
895 USE is the desired use for the key - usually PUBKEY_USAGE_ENC.
897 On success a list of keys is stored at the address RET_PK_LIST; the
898 caller must free this list. On error the value at this address is
902 build_pk_list (ctrl_t ctrl,
903 strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
905 PK_LIST pk_list = NULL;
906 PKT_public_key *pk=NULL;
908 int any_recipients=0;
909 strlist_t rov,remusr;
910 char *def_rec = NULL;
911 char pkstrbuf[PUBKEY_STRING_SIZE];
913 /* Try to expand groups if any have been defined. */
915 remusr = expand_group (rcpts);
919 /* Check whether there are any recipients in the list and build the
920 * list of the encrypt-to ones (we always trust them). */
921 for ( rov = remusr; rov; rov = rov->next )
923 if ( !(rov->flags & 1) )
925 /* This is a regular recipient; i.e. not an encrypt-to
929 /* Hidden recipients are not allowed while in PGP mode,
930 issue a warning and switch into GnuPG mode. */
931 if ((rov->flags&2) && (PGP6 || PGP7 || PGP8))
933 log_info(_("you may not use %s while in %s mode\n"),
934 "--hidden-recipient",
935 compliance_option_string());
937 compliance_failure();
940 else if ( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to )
942 /* Encryption has been requested and --encrypt-to has not
943 been disabled. Check this encrypt-to key. */
944 pk = xmalloc_clear( sizeof *pk );
947 /* We explicitly allow encrypt-to to an disabled key; thus
948 we pass 1 for the second last argument and 1 as the last
949 argument to disable AKL. */
950 if ( (rc = get_pubkey_byname (ctrl,
951 NULL, pk, rov->d, NULL, NULL, 1, 1)) )
953 free_public_key ( pk ); pk = NULL;
954 log_error (_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
955 send_status_inv_recp (0, rov->d);
958 else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
960 /* Skip the actual key if the key is already present
961 * in the list. Add it to our list if not. */
962 if (key_present_in_pk_list(pk_list, pk) == 0)
964 free_public_key (pk); pk = NULL;
966 log_info (_("%s: skipped: public key already present\n"),
972 r = xmalloc( sizeof *r );
973 r->pk = pk; pk = NULL;
975 r->flags = (rov->flags&2)?1:0;
978 /* Hidden encrypt-to recipients are not allowed while
979 in PGP mode, issue a warning and switch into
981 if ((r->flags&1) && (PGP6 || PGP7 || PGP8))
983 log_info(_("you may not use %s while in %s mode\n"),
984 "--hidden-encrypt-to",
985 compliance_option_string());
987 compliance_failure();
993 /* The public key is not usable for encryption. */
994 free_public_key( pk ); pk = NULL;
995 log_error(_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
996 send_status_inv_recp (3, rov->d); /* Wrong key usage */
1002 /* If we don't have any recipients yet and we are not in batch mode
1003 drop into interactive selection mode. */
1004 if ( !any_recipients && !opt.batch )
1007 char *answer = NULL;
1008 strlist_t backlog = NULL;
1012 def_rec = default_recipient();
1013 have_def_rec = !!def_rec;
1014 if ( !have_def_rec )
1015 tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n"));
1023 /* A default recipient is taken as the first entry. */
1029 /* This is part of our trick to expand and display groups. */
1030 answer = strlist_pop (&backlog);
1034 /* Show the list of already collected recipients and ask
1039 tty_printf(_("Current recipients:\n"));
1040 for (iter=pk_list;iter;iter=iter->next)
1044 keyid_from_pk(iter->pk,keyid);
1045 tty_printf ("%s/%s %s \"",
1046 pubkey_string (iter->pk,
1047 pkstrbuf, sizeof pkstrbuf),
1049 datestr_from_pk (iter->pk));
1051 if (iter->pk->user_id)
1052 tty_print_utf8_string(iter->pk->user_id->name,
1053 iter->pk->user_id->len);
1057 char *p = get_user_id( keyid, &n );
1058 tty_print_utf8_string( p, n );
1064 answer = cpr_get_utf8("pklist.user_id.enter",
1065 _("\nEnter the user ID. "
1066 "End with an empty line: "));
1067 trim_spaces(answer);
1071 if ( !answer || !*answer )
1074 break; /* No more recipients entered - get out of loop. */
1077 /* Do group expand here too. The trick here is to continue
1078 the loop if any expansion occured. The code above will
1079 then list all expanded keys. */
1080 if (expand_id(answer,&backlog,0))
1083 /* Get and check key for the current name. */
1084 free_public_key (pk);
1085 pk = xmalloc_clear( sizeof *pk );
1086 pk->req_usage = use;
1087 rc = get_pubkey_byname (ctrl, NULL, pk, answer, NULL, NULL, 0, 0 );
1089 tty_printf(_("No such user ID.\n"));
1090 else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo, use)) )
1094 /* No validation for a default recipient. */
1095 if (!key_present_in_pk_list(pk_list, pk))
1097 free_public_key (pk);
1099 log_info (_("skipped: public key "
1100 "already set as default recipient\n") );
1104 PK_LIST r = xmalloc (sizeof *r);
1105 r->pk = pk; pk = NULL;
1107 r->flags = 0; /* No throwing default ids. */
1114 { /* Check validity of this key. */
1117 trustlevel = get_validity (pk, pk->user_id);
1118 if ( (trustlevel & TRUST_FLAG_DISABLED) )
1120 tty_printf (_("Public key is disabled.\n") );
1122 else if ( do_we_trust_pre (pk, trustlevel) )
1124 /* Skip the actual key if the key is already
1125 * present in the list */
1126 if (!key_present_in_pk_list(pk_list, pk))
1128 free_public_key (pk);
1130 log_info(_("skipped: public key already set\n") );
1135 r = xmalloc( sizeof *r );
1136 r->pk = pk; pk = NULL;
1138 r->flags = 0; /* No throwing interactive ids. */
1146 xfree(def_rec); def_rec = NULL;
1151 free_public_key( pk );
1155 else if ( !any_recipients && (def_rec = default_recipient()) )
1157 /* We are in batch mode and have only a default recipient. */
1158 pk = xmalloc_clear( sizeof *pk );
1159 pk->req_usage = use;
1161 /* The default recipient is allowed to be disabled; thus pass 1
1162 as second last argument. We also don't want an AKL. */
1163 rc = get_pubkey_byname (ctrl, NULL, pk, def_rec, NULL, NULL, 1, 1);
1165 log_error(_("unknown default recipient \"%s\"\n"), def_rec );
1166 else if ( !(rc=openpgp_pk_test_algo2(pk->pubkey_algo, use)) )
1168 /* Mark any_recipients here since the default recipient
1169 would have been used if it wasn't already there. It
1170 doesn't really matter if we got this key from the default
1171 recipient or an encrypt-to. */
1173 if (!key_present_in_pk_list(pk_list, pk))
1174 log_info (_("skipped: public key already set "
1175 "as default recipient\n"));
1178 PK_LIST r = xmalloc( sizeof *r );
1179 r->pk = pk; pk = NULL;
1181 r->flags = 0; /* No throwing default ids. */
1187 free_public_key( pk );
1190 xfree(def_rec); def_rec = NULL;
1194 /* General case: Check all keys. */
1196 for (; remusr; remusr = remusr->next )
1198 if ( (remusr->flags & 1) )
1199 continue; /* encrypt-to keys are already handled. */
1201 rc = find_and_check_key (ctrl, remusr->d, use, !!(remusr->flags&2),
1209 if ( !rc && !any_recipients )
1211 log_error(_("no valid addressees\n"));
1212 write_status_text (STATUS_NO_RECP, "0");
1213 rc = GPG_ERR_NO_USER_ID;
1219 release_pk_list( pk_list );
1221 *ret_pk_list = pk_list;
1223 free_strlist(remusr);
1228 /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
1229 CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
1230 and all compressions except none (0) and ZIP (1). pgp7 and pgp8
1231 mode expands the cipher list to include AES128 (7), AES192 (8),
1232 AES256 (9), and TWOFISH (10). pgp8 adds the SHA-256 hash (8). For
1233 a true PGP key all of this is unneeded as they are the only items
1234 present in the preferences subpacket, but checking here covers the
1235 weird case of encrypting to a key that had preferences from a
1236 different implementation which was then used with PGP. I am not
1237 completely comfortable with this as the right thing to do, as it
1238 slightly alters the list of what the user is supposedly requesting.
1239 It is not against the RFC however, as the preference chosen will
1240 never be one that the user didn't specify somewhere ("The
1241 implementation may use any mechanism to pick an algorithm in the
1242 intersection"), and PGP has no mechanism to fix such a broken
1243 preference list, so I'm including it. -dms */
1246 algo_available( preftype_t preftype, int algo, const union pref_hint *hint)
1248 if( preftype == PREFTYPE_SYM )
1250 if(PGP6 && (algo != CIPHER_ALGO_IDEA
1251 && algo != CIPHER_ALGO_3DES
1252 && algo != CIPHER_ALGO_CAST5))
1255 if(PGP7 && (algo != CIPHER_ALGO_IDEA
1256 && algo != CIPHER_ALGO_3DES
1257 && algo != CIPHER_ALGO_CAST5
1258 && algo != CIPHER_ALGO_AES
1259 && algo != CIPHER_ALGO_AES192
1260 && algo != CIPHER_ALGO_AES256
1261 && algo != CIPHER_ALGO_TWOFISH))
1264 /* PGP8 supports all the ciphers we do.. */
1266 return algo && !openpgp_cipher_test_algo ( algo );
1268 else if( preftype == PREFTYPE_HASH )
1270 if (hint && hint->digest_length)
1272 if (hint->digest_length!=20 || opt.flags.dsa2)
1274 /* If --enable-dsa2 is set or the hash isn't 160 bits
1275 (which implies DSA2), then we'll accept a hash that
1276 is larger than we need. Otherwise we won't accept
1277 any hash that isn't exactly the right size. */
1278 if (hint->digest_length > gcry_md_get_algo_dlen (algo))
1281 else if (hint->digest_length != gcry_md_get_algo_dlen (algo))
1285 if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
1286 && algo != DIGEST_ALGO_SHA1
1287 && algo != DIGEST_ALGO_RMD160))
1291 if(PGP8 && (algo != DIGEST_ALGO_MD5
1292 && algo != DIGEST_ALGO_SHA1
1293 && algo != DIGEST_ALGO_RMD160
1294 && algo != DIGEST_ALGO_SHA256))
1297 return algo && !openpgp_md_test_algo (algo);
1299 else if( preftype == PREFTYPE_ZIP )
1301 if((PGP6 || PGP7) && (algo != COMPRESS_ALGO_NONE
1302 && algo != COMPRESS_ALGO_ZIP))
1305 /* PGP8 supports all the compression algos we do */
1307 return !check_compress_algo( algo );
1314 * Return -1 if we could not find an algorithm.
1317 select_algo_from_prefs(PK_LIST pk_list, int preftype,
1318 int request, const union pref_hint *hint)
1322 const prefitem_t *prefs;
1329 memset(bits,0xFF,sizeof(bits));
1330 memset(scores,0,sizeof(scores));
1332 for( pkr = pk_list; pkr; pkr = pkr->next )
1335 int rank=1,implicit=-1;
1337 memset(mask,0,sizeof(mask));
1342 /* IDEA is implicitly there for v3 keys with v3 selfsigs if
1343 --pgp2 mode is on. This was a 2440 thing that was
1344 dropped from 4880 but is still relevant to GPG's 1991
1345 support. All this doesn't mean IDEA is actually
1346 available, of course. */
1347 implicit=CIPHER_ALGO_3DES;
1352 /* While I am including this code for completeness, note
1353 that currently --pgp2 mode locks the hash at MD5, so this
1354 code will never even be called. Even if the hash wasn't
1355 locked at MD5, we don't support sign+encrypt in --pgp2
1356 mode, and that's the only time PREFTYPE_HASH is used
1359 implicit=DIGEST_ALGO_SHA1;
1364 /* Uncompressed is always an option. */
1365 implicit=COMPRESS_ALGO_NONE;
1368 if (pkr->pk->user_id) /* selected by user ID */
1369 prefs = pkr->pk->user_id->prefs;
1371 prefs = pkr->pk->prefs;
1375 for (i=0; prefs[i].type; i++ )
1377 if( prefs[i].type == preftype )
1379 /* Make sure all scores don't add up past 0xFFFF
1380 (and roll around) */
1381 if(rank+scores[prefs[i].value]<=0xFFFF)
1382 scores[prefs[i].value]+=rank;
1384 scores[prefs[i].value]=0xFFFF;
1386 mask[prefs[i].value/32] |= 1<<(prefs[i].value%32);
1390 /* We saw the implicit algorithm, so we don't need
1391 tack it on the end ourselves. */
1392 if(implicit==prefs[i].value)
1398 if(rank==1 && preftype==PREFTYPE_ZIP)
1400 /* If the compression preferences are not present, they are
1401 assumed to be ZIP, Uncompressed (RFC4880:13.3.1) */
1402 scores[1]=1; /* ZIP is first choice */
1403 scores[0]=2; /* Uncompressed is second choice */
1407 /* If the key didn't have the implicit algorithm listed
1408 explicitly, add it here at the tail of the list. */
1411 scores[implicit]+=rank;
1412 mask[implicit/32] |= 1<<(implicit%32);
1419 /* We've now scored all of the algorithms, and the usable ones have
1420 bits set. Let's pick the winner. */
1422 /* The caller passed us a request. Can we use it? */
1423 if(request>-1 && (bits[request/32] & (1<<(request%32))) &&
1424 algo_available(preftype,request,hint))
1429 /* If we have personal prefs set, use them. */
1431 if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs)
1432 prefs=opt.personal_cipher_prefs;
1433 else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs)
1434 prefs=opt.personal_digest_prefs;
1435 else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs)
1436 prefs=opt.personal_compress_prefs;
1439 for(i=0; prefs[i].type; i++ )
1441 if(bits[prefs[i].value/32] & (1<<(prefs[i].value%32))
1442 && algo_available( preftype, prefs[i].value, hint))
1444 result = prefs[i].value;
1452 unsigned int best=-1;
1454 /* At this point, we have not selected an algorithm due to a
1455 special request or via personal prefs. Pick the highest
1456 ranked algorithm (i.e. the one with the lowest score). */
1458 if(preftype==PREFTYPE_HASH && scores[DIGEST_ALGO_MD5])
1460 /* "If you are building an authentication system, the recipient
1461 may specify a preferred signing algorithm. However, the
1462 signer would be foolish to use a weak algorithm simply
1463 because the recipient requests it." (RFC4880:14). If any
1464 other hash algorithm is available, pretend that MD5 isn't.
1465 Note that if the user intentionally chose MD5 by putting it
1466 in their personal prefs, then we do what the user said (as we
1467 never reach this code). */
1469 for(i=DIGEST_ALGO_MD5+1;i<256;i++)
1472 scores[DIGEST_ALGO_MD5]=0;
1479 /* Note the '<' here. This means in case of a tie, we will
1480 favor the lower algorithm number. We have a choice
1481 between the lower number (probably an older algorithm
1482 with more time in use), or the higher number (probably a
1483 newer algorithm with less time in use). Older is
1484 probably safer here, even though the newer algorithms
1485 tend to be "stronger". */
1486 if(scores[i] && scores[i]<best
1487 && (bits[i/32] & (1<<(i%32)))
1488 && algo_available(preftype,i,hint))
1500 * Select the MDC flag from the pk_list. We can only use MDC if all
1501 * recipients support this feature.
1504 select_mdc_from_pklist (PK_LIST pk_list)
1511 for (pkr = pk_list; pkr; pkr = pkr->next)
1515 if (pkr->pk->user_id) /* selected by user ID */
1516 mdc = pkr->pk->user_id->flags.mdc;
1518 mdc = pkr->pk->flags.mdc;
1520 return 0; /* At least one recipient does not support it. */
1522 return 1; /* Can be used. */
1526 /* Print a warning for all keys in PK_LIST missing the MDC feature. */
1528 warn_missing_mdc_from_pklist (PK_LIST pk_list)
1532 for (pkr = pk_list; pkr; pkr = pkr->next)
1536 if (pkr->pk->user_id) /* selected by user ID */
1537 mdc = pkr->pk->user_id->flags.mdc;
1539 mdc = pkr->pk->flags.mdc;
1541 log_info (_("Note: key %s has no %s feature\n"),
1542 keystr_from_pk (pkr->pk), "MDC");
1547 warn_missing_aes_from_pklist (PK_LIST pk_list)
1551 for (pkr = pk_list; pkr; pkr = pkr->next)
1553 const prefitem_t *prefs;
1557 prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
1560 for (i=0; !gotit && prefs[i].type; i++ )
1561 if (prefs[i].type == PREFTYPE_SYM
1562 && prefs[i].value == CIPHER_ALGO_AES)
1566 log_info (_("Note: key %s has no preference for %s\n"),
1567 keystr_from_pk (pkr->pk), "AES");
projects / gnupg.git / blob