2 * Copyright (C) 1998 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
28 #include <sys/types.h>
45 #if MAX_FINGERPRINT_LEN > 20
46 #error Must change structure of trustdb
50 struct keyid_list *next;
54 struct local_id_item {
55 struct local_id_item *next;
60 struct local_id_table {
61 struct local_id_table *next; /* only used to keep a list of unused tables */
62 struct local_id_item *items[16];
66 typedef struct local_id_table *LOCAL_ID_TABLE;
69 typedef struct trust_info TRUST_INFO;
72 byte otrust; /* ownertrust (assigned trust) */
73 byte trust; /* calculated trust (validity) */
76 typedef struct trust_seg_list *TRUST_SEG_LIST;
77 struct trust_seg_list {
84 struct enum_cert_paths_ctx {
86 TRUST_SEG_LIST tsl_head;
92 struct recno_list_struct {
93 struct recno_list_struct *next;
97 typedef struct recno_list_struct *RECNO_LIST;
100 static int walk_sigrecs( SIGREC_CONTEXT *c );
102 static LOCAL_ID_TABLE new_lid_table(void);
103 static void release_lid_table( LOCAL_ID_TABLE tbl );
104 static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
105 static int qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag );
107 static void print_user_id( const char *text, u32 *keyid );
108 static void sort_tsl_list( TRUST_SEG_LIST *trust_seg_list );
109 static int list_sigs( ulong pubkey_id );
110 static int do_check( TRUSTREC *drec, unsigned *trustlevel );
111 static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec );
113 static void upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig );
114 static void upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
115 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck,
116 TRUSTREC *urec, const byte *uidhash, int revoke );
118 static struct keyid_list *trusted_key_list;
120 /* a table used to keep track of ultimately trusted keys
121 * which are the ones from our secrings and the trusted keys */
122 static LOCAL_ID_TABLE ultikey_table;
124 /* list of unused lid items and tables */
125 static LOCAL_ID_TABLE unused_lid_tables;
126 static struct local_id_item *unused_lid_items;
129 #define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \
130 (a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10))
134 /**********************************************
135 *********** record read write **************
136 **********************************************/
142 "The trustdb is corrupted; please run \"gpgm --fix-trustdb\".\n") );
147 * Read a record but die if it does not exist
150 read_record( ulong recno, TRUSTREC *rec, int rectype )
152 int rc = tdbio_read_record( recno, rec, rectype );
155 log_error(_("trust record %lu, req type %d: read failed: %s\n"),
156 recno, rectype, g10_errstr(rc) );
162 * Wirte a record but die on error
165 write_record( TRUSTREC *rec )
167 int rc = tdbio_write_record( rec );
170 log_error(_("trust record %lu, type %d: write failed: %s\n"),
171 rec->recnum, rec->rectype, g10_errstr(rc) );
176 * Delete a record but die on error
179 delete_record( ulong recno )
181 int rc = tdbio_delete_record( recno );
184 log_error(_("trust record %lu: delete failed: %s\n"),
185 recno, g10_errstr(rc) );
195 int rc = tdbio_sync();
198 log_error(_("trustdb: sync failed: %s\n"), g10_errstr(rc) );
204 /**********************************************
205 ************* list helpers *******************
206 **********************************************/
209 * Insert a new item into a recno list
212 ins_recno_list( RECNO_LIST *head, ulong recno, int type )
214 RECNO_LIST item = m_alloc( sizeof *item );
223 qry_recno_list( RECNO_LIST list, ulong recno, int type )
225 for( ; list; list = list->next ) {
226 if( list->recno == recno && (!type || list->type == type) )
234 rel_recno_list( RECNO_LIST *head )
238 for(r = *head; r; r = r2 ) {
245 static LOCAL_ID_TABLE
250 a = unused_lid_tables;
252 unused_lid_tables = a->next;
253 memset( a, 0, sizeof *a );
256 a = m_alloc_clear( sizeof *a );
261 release_lid_table( LOCAL_ID_TABLE tbl )
263 struct local_id_item *a, *a2;
266 for(i=0; i < 16; i++ ) {
267 for(a=tbl->items[i]; a; a = a2 ) {
269 a->next = unused_lid_items;
270 unused_lid_items = a;
273 tbl->next = unused_lid_tables;
274 unused_lid_tables = tbl;
278 * Add a new item to the table or return 1 if we already have this item
281 ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag )
283 struct local_id_item *a;
285 for( a = tbl->items[lid & 0x0f]; a; a = a->next )
288 a = unused_lid_items;
290 unused_lid_items = a->next;
292 a = m_alloc( sizeof *a );
295 a->next = tbl->items[lid & 0x0f];
296 tbl->items[lid & 0x0f] = a;
301 qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag )
303 struct local_id_item *a;
305 for( a = tbl->items[lid & 0x0f]; a; a = a->next )
306 if( a->lid == lid ) {
317 * Return the keyid from the primary key identified by LID.
320 keyid_from_lid( ulong lid, u32 *keyid )
325 rc = tdbio_read_record( lid, &rec, 0 );
327 log_error(_("error reading dir record for LID %lu: %s\n"),
328 lid, g10_errstr(rc));
329 return G10ERR_TRUSTDB;
331 if( rec.rectype == RECTYPE_SDIR )
333 if( rec.rectype != RECTYPE_DIR ) {
334 log_error(_("lid %lu: expected dir record, got type %d\n"),
336 return G10ERR_TRUSTDB;
338 if( !rec.r.dir.keylist ) {
339 log_error(_("no primary key for LID %lu\n"), lid );
340 return G10ERR_TRUSTDB;
342 rc = tdbio_read_record( rec.r.dir.keylist, &rec, RECTYPE_KEY );
344 log_error(_("error reading primary key for LID %lu: %s\n"),
345 lid, g10_errstr(rc));
346 return G10ERR_TRUSTDB;
348 keyid_from_fingerprint( rec.r.key.fingerprint, rec.r.key.fingerprint_len,
356 lid_from_keyblock( KBNODE keyblock )
358 KBNODE node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
362 pk = node->pkt->pkt.public_key;
363 if( !pk->local_id ) {
366 get_dir_record( pk, &rec );
374 * Walk through the signatures of a public key.
375 * The caller must provide a context structure, with all fields set
376 * to zero, but the local_id field set to the requested key;
377 * This function does not change this field. On return the context
378 * is filled with the local-id of the signature and the signature flag.
379 * No fields should be changed (clearing all fields and setting
380 * pubkeyid is okay to continue with an other pubkey)
381 * Returns: 0 - okay, -1 for eof (no more sigs) or any other errorcode
384 walk_sigrecs( SIGREC_CONTEXT *c )
392 if( !c->ctl.init_done ) {
393 c->ctl.init_done = 1;
394 read_record( c->lid, r, 0 );
395 if( r->rectype != RECTYPE_DIR ) {
397 return -1; /* return eof */
399 c->ctl.nextuid = r->r.dir.uidlist;
401 c->ctl.index = SIGS_PER_RECORD;
405 /* need a loop to skip over deleted sigs */
407 if( c->ctl.index >= SIGS_PER_RECORD ) { /* read the record */
408 rnum = r->r.sig.next;
409 if( !rnum && c->ctl.nextuid ) { /* read next uid record */
410 read_record( c->ctl.nextuid, r, RECTYPE_UID );
411 c->ctl.nextuid = r->r.uid.next;
412 rnum = r->r.uid.siglist;
416 return -1; /* return eof */
418 read_record( rnum, r, RECTYPE_SIG );
419 if( r->r.sig.lid != c->lid ) {
420 log_error(_("chained sigrec %lu has a wrong owner\n"), rnum );
426 } while( !r->r.sig.sig[c->ctl.index++].lid );
428 c->sig_lid = r->r.sig.sig[c->ctl.index-1].lid;
429 c->sig_flag = r->r.sig.sig[c->ctl.index-1].flag;
436 /***********************************************
437 ************* Trust stuff ******************
438 ***********************************************/
441 trust_letter( unsigned value )
444 case TRUST_UNKNOWN: return '-';
445 case TRUST_EXPIRED: return 'e';
446 case TRUST_UNDEFINED: return 'q';
447 case TRUST_NEVER: return 'n';
448 case TRUST_MARGINAL: return 'm';
449 case TRUST_FULLY: return 'f';
450 case TRUST_ULTIMATE: return 'u';
457 register_trusted_key( const char *string )
460 struct keyid_list *r;
462 if( classify_user_id( string, keyid, NULL, NULL, NULL ) != 11 ) {
463 log_error(_("'%s' is not a valid long keyID\n"), string );
467 for( r = trusted_key_list; r; r = r->next )
468 if( r->keyid[0] == keyid[0] && r->keyid[1] == keyid[1] )
470 r = m_alloc( sizeof *r );
471 r->keyid[0] = keyid[0];
472 r->keyid[1] = keyid[1];
473 r->next = trusted_key_list;
474 trusted_key_list = r;
478 * Verify that all our public keys are in the trustdb.
484 void *enum_context = NULL;
485 PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
486 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
488 struct keyid_list *kl;
490 /* put the trusted keys into the trusted key table */
491 for( kl = trusted_key_list; kl; kl = kl->next ) {
492 keyid[0] = kl->keyid[0];
493 keyid[1] = kl->keyid[1];
494 /* get the public key */
495 memset( pk, 0, sizeof *pk );
496 rc = get_pubkey( pk, keyid );
498 log_info(_("key %08lX: no public key for trusted key - skipped\n"),
502 /* make sure that the pubkey is in the trustdb */
503 rc = query_trust_record( pk );
504 if( rc == -1 ) { /* put it into the trustdb */
505 rc = insert_trust_record( pk );
507 log_error(_("key %08lX: can't put it into the trustdb\n"),
512 log_error(_("key %08lX: query record failed\n"),
516 if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
517 log_error(_("key %08lX: already in trusted key table\n"),
519 else if( opt.verbose > 1 )
520 log_info(_("key %08lX: accepted as trusted key.\n"),
524 release_public_key_parts( pk );
527 while( !(rc=enum_secret_keys( &enum_context, sk, 0 ) ) ) {
530 keyid_from_sk( sk, keyid );
533 log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] );
535 if( is_secret_key_protected( sk ) < 1 )
536 log_info(_("NOTE: secret key %08lX is NOT protected.\n"),
539 for( kl = trusted_key_list; kl; kl = kl->next ) {
540 if( kl->keyid[0] == keyid[0] && kl->keyid[1] == keyid[1] )
541 goto skip; /* already in trusted key table */
544 /* see whether we can access the public key of this secret key */
545 memset( pk, 0, sizeof *pk );
546 rc = get_pubkey( pk, keyid );
548 log_info(_("key %08lX: secret key without public key - skipped\n"),
554 if( cmp_public_secret_key( pk, sk ) ) {
555 log_info(_("key %08lX: secret and public key don't match\n"),
560 /* make sure that the pubkey is in the trustdb */
561 rc = query_trust_record( pk );
562 if( rc == -1 ) { /* put it into the trustdb */
563 rc = insert_trust_record( pk );
565 log_error(_("key %08lX: can't put it into the trustdb\n"),
571 log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] );
577 log_debug("key %08lX.%lu: stored into ultikey_table\n",
578 (ulong)keyid[1], pk->local_id );
579 if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
580 log_error(_("key %08lX: already in trusted key table\n"),
582 else if( opt.verbose > 1 )
583 log_info(_("key %08lX: accepted as trusted key.\n"),
586 release_secret_key_parts( sk );
588 release_public_key_parts( pk );
591 log_error(_("enumerate secret keys failed: %s\n"), g10_errstr(rc) );
595 /* release the trusted keyid table */
596 { struct keyid_list *kl2;
597 for( kl = trusted_key_list; kl; kl = kl2 ) {
601 trusted_key_list = NULL;
604 enum_secret_keys( &enum_context, NULL, 0 ); /* free context */
605 free_secret_key( sk );
606 free_public_key( pk );
612 print_user_id( const char *text, u32 *keyid )
617 p = get_user_id( keyid, &n );
619 fputs( text, stdout);
623 print_string( stdout, p, n, 0 );
631 print_keyid( FILE *fp, ulong lid )
634 if( keyid_from_lid( lid, ki ) )
635 return fprintf(fp, "????????.%lu", lid );
637 return fprintf(fp, "%08lX.%lu", (ulong)ki[1], lid );
641 print_trust( FILE *fp, unsigned trust )
645 case TRUST_UNKNOWN: c = 'o'; break;
646 case TRUST_EXPIRED: c = 'e'; break;
647 case TRUST_UNDEFINED: c = 'q'; break;
648 case TRUST_NEVER: c = 'n'; break;
649 case TRUST_MARGINAL: c = 'm'; break;
650 case TRUST_FULLY: c = 'f'; break;
651 case TRUST_ULTIMATE: c = 'u'; break;
652 default: fprintf(fp, "%02x", trust ); return 2;
660 print_sigflags( FILE *fp, unsigned flags )
662 if( flags & SIGF_CHECKED ) {
664 (flags & SIGF_VALID) ? 'V':'-',
665 (flags & SIGF_EXPIRED) ? 'E':'-',
666 (flags & SIGF_REVOKED) ? 'R':'-');
668 else if( flags & SIGF_NOPUBKEY)
675 /* (a non-recursive algorithm would be easier) */
677 do_list_sigs( ulong root, ulong pk_lid, int depth,
678 LOCAL_ID_TABLE lids, unsigned *lineno )
684 memset( &sx, 0, sizeof sx );
687 rc = walk_sigrecs( &sx ); /* should we replace it and use */
688 if( rc ) /* use a loop like in collect_paths ??*/
690 rc = keyid_from_lid( sx.sig_lid, keyid );
692 printf("%6u: %*s????????.%lu:", *lineno, depth*4, "", sx.sig_lid );
693 print_sigflags( stdout, sx.sig_flag );
698 printf("%6u: %*s%08lX.%lu:", *lineno, depth*4, "",
699 (ulong)keyid[1], sx.sig_lid );
700 print_sigflags( stdout, sx.sig_flag );
702 /* check whether we already checked this pk_lid */
703 if( !qry_lid_table_flag( ultikey_table, sx.sig_lid, NULL ) ) {
704 print_user_id("[ultimately trusted]", keyid);
707 else if( sx.sig_lid == pk_lid ) {
708 printf("[self-signature]\n");
711 else if( sx.sig_lid == root ) {
712 printf("[closed]\n");
715 else if( ins_lid_table_item( lids, sx.sig_lid, *lineno ) ) {
717 qry_lid_table_flag( lids, sx.sig_lid, &refline );
718 printf("[see line %u]\n", refline);
721 else if( depth+1 >= MAX_LIST_SIGS_DEPTH ) {
722 print_user_id( "[too deeply nested]", keyid );
726 print_user_id( "", keyid );
728 rc = do_list_sigs( root, sx.sig_lid, depth+1, lids, lineno );
734 return rc==-1? 0 : rc;
738 * List all signatures of a public key
741 list_sigs( ulong pubkey_id )
748 rc = keyid_from_lid( pubkey_id, keyid );
751 printf("Signatures of %08lX.%lu ", (ulong)keyid[1], pubkey_id );
752 print_user_id("", keyid);
753 printf("----------------------\n");
755 lids = new_lid_table();
756 rc = do_list_sigs( pubkey_id, pubkey_id, 0, lids, &lineno );
758 release_lid_table(lids);
763 * List all records of a public key
766 list_records( ulong lid )
769 TRUSTREC dr, ur, rec;
772 rc = tdbio_read_record( lid, &dr, RECTYPE_DIR );
774 log_error(_("lid %lu: read dir record failed: %s\n"),
775 lid, g10_errstr(rc));
778 tdbio_dump_record( &dr, stdout );
780 for( recno=dr.r.dir.keylist; recno; recno = rec.r.key.next ) {
781 rc = tdbio_read_record( recno, &rec, 0 );
783 log_error(_("lid %lu: read key record failed: %s\n"),
784 lid, g10_errstr(rc));
787 tdbio_dump_record( &rec, stdout );
790 for( recno=dr.r.dir.uidlist; recno; recno = ur.r.uid.next ) {
791 rc = tdbio_read_record( recno, &ur, RECTYPE_UID );
793 log_error(_("lid %lu: read uid record failed: %s\n"),
794 lid, g10_errstr(rc));
797 tdbio_dump_record( &ur, stdout );
798 /* preference records */
799 for(recno=ur.r.uid.prefrec; recno; recno = rec.r.pref.next ) {
800 rc = tdbio_read_record( recno, &rec, RECTYPE_PREF );
802 log_error(_("lid %lu: read pref record failed: %s\n"),
803 lid, g10_errstr(rc));
806 tdbio_dump_record( &rec, stdout );
809 for(recno=ur.r.uid.siglist; recno; recno = rec.r.sig.next ) {
810 rc = tdbio_read_record( recno, &rec, RECTYPE_SIG );
812 log_error(_("lid %lu: read sig record failed: %s\n"),
813 lid, g10_errstr(rc));
816 tdbio_dump_record( &rec, stdout );
820 /* add cache record dump here */
831 * stack is an array of (max_path+1) elements. If trust_seg_head is not
832 * NULL it is a pointer to a variable which will receive a linked list
833 * of trust paths - The caller has to free the memory.
836 collect_paths( int depth, int max_depth, int all, TRUSTREC *drec,
837 TRUST_INFO *stack, TRUST_SEG_LIST *trust_seg_head )
842 LOCAL_ID_TABLE sigs_seen = NULL;
844 if( depth >= max_depth ) /* max cert_depth reached */
845 return TRUST_UNDEFINED;
847 stack[depth].lid = drec->r.dir.lid;
848 stack[depth].otrust = drec->r.dir.ownertrust;
849 stack[depth].trust = 0;
852 for(i=0; i < depth; i++ )
853 if( stack[i].lid == drec->r.dir.lid )
854 return TRUST_UNDEFINED; /* closed (we already visited this lid) */
856 if( !qry_lid_table_flag( ultikey_table, drec->r.dir.lid, NULL ) ) {
857 /* we are at the end of a path */
861 stack[depth].trust = TRUST_ULTIMATE;
862 stack[depth].otrust = TRUST_ULTIMATE;
863 if( trust_seg_head ) {
864 /* we can now put copy our current stack to the trust_seg_list */
865 tsl = m_alloc( sizeof *tsl + (depth+1)*sizeof( TRUST_INFO ) );
866 for(i=0; i <= depth; i++ )
867 tsl->path[i] = stack[i];
869 tsl->next = *trust_seg_head;
870 *trust_seg_head = tsl;
872 return TRUST_ULTIMATE;
875 /* loop over all user-ids */
877 sigs_seen = new_lid_table();
878 for( rn = drec->r.dir.uidlist; rn; rn = uidrn ) {
879 TRUSTREC rec; /* used for uids and sigs */
882 read_record( rn, &rec, RECTYPE_UID );
883 uidrn = rec.r.uid.next;
884 if( !(rec.r.uid.uidflags & UIDF_CHECKED) )
885 continue; /* user id has not been checked */
886 if( !(rec.r.uid.uidflags & UIDF_VALID) )
887 continue; /* user id is not valid */
888 if( (rec.r.uid.uidflags & UIDF_REVOKED) )
889 continue; /* user id has been revoked */
891 /* loop over all signature records */
892 for( rn = rec.r.uid.siglist; rn; rn = sigrn ) {
895 read_record( rn, &rec, RECTYPE_SIG );
896 sigrn = rec.r.sig.next;
898 for(i=0; i < SIGS_PER_RECORD; i++ ) {
903 if( !rec.r.sig.sig[i].lid )
904 continue; /* skip deleted sigs */
905 if( !(rec.r.sig.sig[i].flag & SIGF_CHECKED) ) {
907 continue; /* skip unchecked signatures */
911 if( !(rec.r.sig.sig[i].flag & SIGF_VALID) )
912 continue; /* skip invalid signatures */
913 if( (rec.r.sig.sig[i].flag & SIGF_EXPIRED) )
914 continue; /* skip expired signatures */
915 if( (rec.r.sig.sig[i].flag & SIGF_REVOKED) )
916 continue; /* skip revoked signatures */
919 /* visit every signer only once (a signer may have
920 * signed more than one user ID) */
921 if( sigs_seen && ins_lid_table_item( sigs_seen,
922 rec.r.sig.sig[i].lid, 0) )
923 continue; /* we already have this one */
925 read_record( rec.r.sig.sig[i].lid, &tmp, 0 );
926 if( tmp.rectype != RECTYPE_DIR ) {
927 if( tmp.rectype != RECTYPE_SDIR )
928 log_info("oops: lid %lu: sig %lu has rectype %d"
930 drec->r.dir.lid, tmp.recnum, tmp.rectype );
933 ot = tmp.r.dir.ownertrust & TRUST_MASK;
934 if( ot >= TRUST_FULLY )
935 ot = TRUST_FULLY; /* just in case */
936 nt = collect_paths( depth+1, max_depth, all, &tmp, stack,
940 if( nt < TRUST_MARGINAL || unchecked ) {
944 if( nt == TRUST_ULTIMATE ) {
945 /* we have signed this key and only in this special case
946 * we assume that this one is fully trusted */
949 release_lid_table( sigs_seen );
950 return (stack[depth].trust = TRUST_FULLY);
957 if( nt >= TRUST_FULLY )
959 if( nt >= TRUST_MARGINAL )
962 if( fully >= opt.completes_needed
963 || marginal >= opt.marginals_needed ) {
966 release_lid_table( sigs_seen );
967 return (stack[depth].trust = TRUST_FULLY);
974 release_lid_table( sigs_seen );
975 if( all && ( fully >= opt.completes_needed
976 || marginal >= opt.marginals_needed ) ) {
977 return (stack[depth].trust = TRUST_FULLY );
980 return (stack[depth].trust = TRUST_MARGINAL);
982 return (stack[depth].trust=TRUST_UNDEFINED);
987 * Given the directory record of a key, check whether we can
988 * find a path to an ultimately trusted key. We do this by
989 * checking all key signatures up to a some depth.
992 verify_key( int max_depth, TRUSTREC *drec )
994 TRUST_INFO *tmppath = m_alloc_clear( (max_depth+1)* sizeof *tmppath );
997 tr = collect_paths( 0, max_depth, 0, drec, tmppath, NULL );
1006 * we have the pubkey record and all needed informations are in the trustdb
1007 * but nothing more is known.
1010 do_check( TRUSTREC *dr, unsigned *validity )
1012 if( !dr->r.dir.keylist ) {
1013 log_error(_("Ooops, no keys\n"));
1014 return G10ERR_TRUSTDB;
1016 if( !dr->r.dir.uidlist ) {
1017 log_error(_("Ooops, no user ids\n"));
1018 return G10ERR_TRUSTDB;
1021 if( tdbio_db_matches_options()
1022 && (dr->r.dir.dirflags & DIRF_VALVALID)
1023 && dr->r.dir.validity )
1024 *validity = dr->r.dir.validity;
1026 *validity = verify_key( opt.max_cert_depth, dr );
1027 if( (*validity & TRUST_MASK) >= TRUST_UNDEFINED
1028 && tdbio_db_matches_options() ) {
1029 /* update the cached validity value */
1030 dr->r.dir.validity = (*validity & TRUST_MASK);
1031 dr->r.dir.dirflags |= DIRF_VALVALID;
1036 if( dr->r.dir.dirflags & DIRF_REVOKED )
1037 *validity |= TRUST_FLAG_REVOKED;
1044 * Perform some checks over the trustdb
1045 * level 0: only open the db
1046 * 1: used for initial program startup
1049 init_trustdb( int level, const char *dbname )
1053 if( !ultikey_table )
1054 ultikey_table = new_lid_table();
1056 if( !level || level==1 ) {
1057 rc = tdbio_set_dbname( dbname, !!level );
1063 /* verify that our own keys are in the trustDB
1064 * or move them to the trustdb. */
1065 rc = verify_own_keys();
1067 /* should we check whether there is no other ultimately trusted
1068 * key in the database? */
1079 list_trustdb( const char *username )
1083 if( username && *username == '#' ) {
1085 ulong lid = atoi(username+1);
1087 if( (rc = list_records( lid)) )
1088 log_error(_("user '%s' read problem: %s\n"),
1089 username, g10_errstr(rc));
1090 else if( (rc = list_sigs( lid )) )
1091 log_error(_("user '%s' list problem: %s\n"),
1092 username, g10_errstr(rc));
1094 else if( username ) {
1095 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
1098 if( (rc = get_pubkey_byname( NULL, pk, username, NULL )) )
1099 log_error(_("user '%s' not found: %s\n"), username, g10_errstr(rc) );
1100 else if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 )
1101 log_error(_("problem finding '%s' in trustdb: %s\n"),
1102 username, g10_errstr(rc));
1104 log_error(_("user '%s' not in trustdb\n"), username);
1105 else if( (rc = list_records( pk->local_id)) )
1106 log_error(_("user '%s' read problem: %s\n"),
1107 username, g10_errstr(rc));
1108 else if( (rc = list_sigs( pk->local_id )) )
1109 log_error(_("user '%s' list problem: %s\n"),
1110 username, g10_errstr(rc));
1111 free_public_key( pk );
1117 printf("TrustDB: %s\n", tdbio_get_dbname() );
1118 for(i=9+strlen(tdbio_get_dbname()); i > 0; i-- )
1121 for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ )
1122 tdbio_dump_record( &rec, stdout );
1127 * Print a list of all defined owner trust value.
1139 printf(_("# List of assigned trustvalues, created %s\n"
1140 "# (Use \"gpgm --import-ownertrust\" to restore them)\n"),
1141 asctimestamp( make_timestamp() ) );
1142 for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
1143 if( rec.rectype == RECTYPE_DIR ) {
1144 if( !rec.r.dir.keylist ) {
1145 log_error(_("directory record w/o primary key\n"));
1148 if( !rec.r.dir.ownertrust )
1150 rc = tdbio_read_record( rec.r.dir.keylist, &rec2, RECTYPE_KEY);
1152 log_error(_("error reading key record: %s\n"), g10_errstr(rc));
1155 p = rec2.r.key.fingerprint;
1156 for(i=0; i < rec2.r.key.fingerprint_len; i++, p++ )
1157 printf("%02X", *p );
1158 printf(":%u:\n", (unsigned)rec.r.dir.ownertrust );
1165 import_ownertrust( const char *fname )
1174 if( !fname || (*fname == '-' && !fname[1]) ) {
1179 else if( !(fp = fopen( fname, "r" )) ) {
1180 log_error_f(fname, _("can't open file: %s\n"), strerror(errno) );
1184 while( fgets( line, DIM(line)-1, fp ) ) {
1188 if( !*line || *line == '#' )
1191 if( line[n-1] != '\n' ) {
1192 log_error_f(fname, _("line too long\n") );
1193 /* ... or last line does not have a LF */
1194 break; /* can't continue */
1196 for(p = line; *p && *p != ':' ; p++ )
1200 log_error_f(fname, _("error: missing colon\n") );
1204 if( fprlen != 32 && fprlen != 40 ) {
1205 log_error_f(fname, _("error: invalid fingerprint\n") );
1208 if( sscanf(p, ":%u:", &otrust ) != 1 ) {
1209 log_error_f(fname, _("error: no ownertrust value\n") );
1213 continue; /* no otrust defined - no need to update or insert */
1214 /* convert the ascii fingerprint to binary */
1215 for(p=line, fprlen=0; *p != ':'; p += 2 )
1216 line[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
1220 rc = tdbio_search_dir_byfpr( line, fprlen, 0, &rec );
1221 if( !rc ) { /* found: update */
1222 if( rec.r.dir.ownertrust )
1223 log_info("LID %lu: changing trust from %u to %u\n",
1224 rec.r.dir.lid, rec.r.dir.ownertrust, otrust );
1226 log_info("LID %lu: setting trust to %u\n",
1227 rec.r.dir.lid, otrust );
1228 rec.r.dir.ownertrust = otrust;
1229 write_record( &rec );
1231 else if( rc == -1 ) { /* not found; get the key from the ring */
1232 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
1234 log_info_f(fname, _("key not in trustdb, searching ring.\n"));
1235 rc = get_pubkey_byfprint( pk, line, fprlen );
1237 log_info_f(fname, _("key not in ring: %s\n"), g10_errstr(rc));
1239 rc = query_trust_record( pk ); /* only as assertion */
1241 log_error_f(fname, _("Oops: key is now in trustdb???\n"));
1243 rc = insert_trust_record( pk );
1245 goto repeat; /* update the ownertrust */
1246 log_error_f(fname, _("insert trust record failed: %s\n"),
1252 log_error_f(fname, _("error finding dir record: %s\n"),
1256 log_error_f(fname, _("read error: %s\n"), strerror(errno) );
1266 print_path( int pathlen, TRUST_INFO *path, FILE *fp, ulong highlight )
1273 for( i = 0; i < pathlen; i++ ) {
1275 fputs(highlight == path[i].lid? "* ":" ", fp );
1276 rc = keyid_from_lid( path[i].lid, keyid );
1278 fprintf(fp, "????????.%lu:", path[i].lid );
1280 fprintf(fp,"%08lX.%lu:", (ulong)keyid[1], path[i].lid );
1281 c = trust_letter(path[i].otrust);
1285 fprintf( fp, "%02x", path[i].otrust );
1287 c = trust_letter(path[i].trust);
1291 fprintf( fp, "%02x", path[i].trust );
1293 p = get_user_id( keyid, &n );
1296 print_string( fp, p, n > 40? 40:n, 0 );
1305 cmp_tsl_array( const void *xa, const void *xb )
1307 TRUST_SEG_LIST a = *(TRUST_SEG_LIST*)xa;
1308 TRUST_SEG_LIST b = *(TRUST_SEG_LIST*)xb;
1309 return a->pathlen - b->pathlen;
1314 sort_tsl_list( TRUST_SEG_LIST *trust_seg_list )
1316 TRUST_SEG_LIST *array, *tail, tsl;
1319 for(n=0, tsl = *trust_seg_list; tsl; tsl = tsl->next )
1321 array = m_alloc( (n+1) * sizeof *array );
1322 for(n=0, tsl = *trust_seg_list; tsl; tsl = tsl->next )
1325 qsort( array, n, sizeof *array, cmp_tsl_array );
1326 *trust_seg_list = NULL;
1327 tail = trust_seg_list;
1328 for(n=0; (tsl=array[n]); n++ ) {
1337 list_trust_path( const char *username )
1341 TRUST_INFO *tmppath;
1342 TRUST_SEG_LIST trust_seg_list, tsl, tsl2;
1343 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
1345 if( (rc = get_pubkey_byname(NULL, pk, username, NULL )) )
1346 log_error(_("user '%s' not found: %s\n"), username, g10_errstr(rc) );
1347 else if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 )
1348 log_error(_("problem finding '%s' in trustdb: %s\n"),
1349 username, g10_errstr(rc));
1350 else if( rc == -1 ) {
1351 log_info(_("user '%s' not in trustdb - inserting\n"), username);
1352 rc = insert_trust_record( pk );
1354 log_error(_("failed to put '%s' into trustdb: %s\n"),
1355 username, g10_errstr(rc));
1357 assert( pk->local_id );
1360 free_public_key( pk );
1362 /* collect the paths */
1363 tmppath = m_alloc_clear( (opt.max_cert_depth+1)* sizeof *tmppath );
1364 trust_seg_list = NULL;
1365 collect_paths( 0, opt.max_cert_depth, 1, &rec, tmppath, &trust_seg_list );
1367 sort_tsl_list( &trust_seg_list );
1368 /* and now print them */
1369 for(tsl = trust_seg_list; tsl; tsl = tsl->next ) {
1370 print_path( tsl->pathlen, tsl->path, stdout, 0 );
1375 /* release the list */
1376 for(tsl = trust_seg_list; tsl; tsl = tsl2 ) {
1380 trust_seg_list = NULL;
1385 * Check the complete trustdb or only the entries for the given username.
1386 * We check the complete database. If a username is given or the special
1387 * username "*" is used, a complete recheck is done. With no user ID
1388 * only the records which are not yet checkd are now checked.
1391 check_trustdb( const char *username )
1394 KBNODE keyblock = NULL;
1397 int recheck = username && *username == '*' && !username[1];
1399 if( username && !recheck ) {
1400 rc = find_keyblock_byname( &kbpos, username );
1402 rc = read_keyblock( &kbpos, &keyblock );
1404 log_error(_("%s: keyblock read problem: %s\n"),
1405 username, g10_errstr(rc));
1410 rc = update_trust_record( keyblock, 1, &modified );
1411 if( rc == -1 ) { /* not yet in trustdb: insert */
1412 rc = insert_trust_record(
1413 find_kbnode( keyblock, PKT_PUBLIC_KEY
1414 ) ->pkt->pkt.public_key );
1418 log_error(_("%s: update failed: %s\n"),
1419 username, g10_errstr(rc) );
1421 log_info(_("%s: updated\n"), username );
1423 log_info(_("%s: okay\n"), username );
1426 release_kbnode( keyblock ); keyblock = NULL;
1430 ulong count=0, upd_count=0, err_count=0, skip_count=0;
1432 for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
1433 if( rec.rectype == RECTYPE_DIR ) {
1437 if( !rec.r.dir.keylist ) {
1438 log_info(_("lid %lu: dir record w/o key - skipped\n"),
1445 read_record( rec.r.dir.keylist, &tmp, RECTYPE_KEY );
1447 rc = get_keyblock_byfprint( &keyblock,
1448 tmp.r.key.fingerprint,
1449 tmp.r.key.fingerprint_len );
1451 log_error(_("lid %lu: keyblock not found: %s\n"),
1452 recnum, g10_errstr(rc) );
1458 rc = update_trust_record( keyblock, recheck, &modified );
1460 log_error(_("lid %lu: update failed: %s\n"),
1461 recnum, g10_errstr(rc) );
1464 else if( modified ) {
1466 log_info(_("lid %lu: updated\n"), recnum );
1469 else if( opt.verbose > 1 )
1470 log_info(_("lid %lu: okay\n"), recnum );
1472 release_kbnode( keyblock ); keyblock = NULL;
1473 if( !(++count % 100) )
1474 log_info(_("%lu keys so far processed\n"), count);
1477 log_info(_("%lu keys processed\n"), count);
1479 log_info(_("\t%lu keys skipped\n"), skip_count);
1481 log_info(_("\t%lu keys with errors\n"), err_count);
1483 log_info(_("\t%lu keys updated\n"), upd_count);
1489 * Put new entries from the pubrings into the trustdb.
1490 * This function honors the sig flags to speed up the check.
1495 KBNODE keyblock = NULL;
1499 rc = enum_keyblocks( 0, &kbpos, &keyblock );
1501 ulong count=0, upd_count=0, err_count=0, new_count=0;
1503 while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
1506 rc = update_trust_record( keyblock, 1, &modified );
1507 if( rc == -1 ) { /* not yet in trustdb: insert */
1508 PKT_public_key *pk =
1509 find_kbnode( keyblock, PKT_PUBLIC_KEY
1510 ) ->pkt->pkt.public_key;
1511 rc = insert_trust_record( pk );
1512 if( rc && !pk->local_id ) {
1513 log_error(_("lid ?: insert failed: %s\n"),
1518 log_error(_("lid %lu: insert failed: %s\n"),
1519 pk->local_id, g10_errstr(rc) );
1524 log_info(_("lid %lu: inserted\n"), pk->local_id );
1529 log_error(_("lid %lu: update failed: %s\n"),
1530 lid_from_keyblock(keyblock), g10_errstr(rc) );
1533 else if( modified ) {
1535 log_info(_("lid %lu: updated\n"), lid_from_keyblock(keyblock));
1538 else if( opt.verbose > 1 )
1539 log_info(_("lid %lu: okay\n"), lid_from_keyblock(keyblock) );
1541 release_kbnode( keyblock ); keyblock = NULL;
1542 if( !(++count % 100) )
1543 log_info(_("%lu keys so far processed\n"), count);
1545 log_info(_("%lu keys processed\n"), count);
1547 log_info(_("\t%lu keys with errors\n"), err_count);
1549 log_info(_("\t%lu keys updated\n"), upd_count);
1551 log_info(_("\t%lu keys inserted\n"), new_count);
1553 if( rc && rc != -1 )
1554 log_error(_("enumerate keyblocks failed: %s\n"), g10_errstr(rc));
1556 enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
1557 release_kbnode( keyblock );
1563 * Get the trustlevel for this PK.
1564 * Note: This does not ask any questions
1565 * Returns: 0 okay of an errorcode
1567 * It operates this way:
1568 * locate the pk in the trustdb
1570 * Do we have a valid cache record for it?
1571 * yes: return trustlevel from cache
1572 * no: make a cache record and all the other stuff
1574 * try to insert the pubkey into the trustdb and check again
1576 * Problems: How do we get the complete keyblock to check that the
1577 * cache record is actually valid? Think we need a clever
1578 * cache in getkey.c to keep track of this stuff. Maybe it
1579 * is not necessary to check this if we use a local pubring. Hmmmm.
1582 check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
1585 unsigned trustlevel = TRUST_UNKNOWN;
1591 keyid_from_pk( pk, keyid );
1593 /* get the pubkey record */
1594 if( pk->local_id ) {
1595 read_record( pk->local_id, &rec, RECTYPE_DIR );
1597 else { /* no local_id: scan the trustdb */
1598 if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 ) {
1599 log_error(_("check_trust: search dir record failed: %s\n"),
1603 else if( rc == -1 ) { /* not found - insert */
1604 rc = insert_trust_record( pk );
1606 log_error(_("key %08lX: insert trust record failed: %s\n"),
1607 (ulong)keyid[1], g10_errstr(rc));
1610 log_info(_("key %08lX.%lu: inserted into trustdb\n"),
1611 (ulong)keyid[1], pk->local_id );
1612 /* and re-read the dir record */
1613 read_record( pk->local_id, &rec, RECTYPE_DIR );
1616 cur_time = make_timestamp();
1617 if( pk->timestamp > cur_time ) {
1618 log_info(_("key %08lX.%lu: created in future "
1619 "(time warp or clock problem)\n"),
1620 (ulong)keyid[1], pk->local_id );
1621 return G10ERR_TIME_CONFLICT;
1624 if( pk->expiredate && pk->expiredate <= cur_time ) {
1625 log_info(_("key %08lX.%lu: expired at %s\n"),
1626 (ulong)keyid[1], pk->local_id,
1627 asctimestamp( pk->expiredate) );
1628 trustlevel = TRUST_EXPIRED;
1631 rc = do_check( &rec, &trustlevel );
1633 log_error(_("key %08lX.%lu: trust check failed: %s\n"),
1634 (ulong)keyid[1], pk->local_id, g10_errstr(rc));
1642 log_debug("check_trust() returns trustlevel %04x.\n", trustlevel);
1643 *r_trustlevel = trustlevel;
1651 query_trust_info( PKT_public_key *pk )
1653 unsigned trustlevel;
1656 if( check_trust( pk, &trustlevel ) )
1658 if( trustlevel & TRUST_FLAG_REVOKED )
1660 c = trust_letter( (trustlevel & TRUST_MASK) );
1669 * Enumerate all keys, which are needed to build all trust paths for
1670 * the given key. This function does not return the key itself or
1671 * the ultimate key (the last point in cerificate chain). Only
1672 * certificate chains which ends up at an ultimately trusted key
1673 * are listed. If ownertrust or validity is not NULL, the corresponding
1674 * value for the returned LID is also returned in these variable(s).
1676 * 1) create a void pointer and initialize it to NULL
1677 * 2) pass this void pointer by reference to this function.
1678 * Set lid to the key you want to enumerate and pass it by reference.
1679 * 3) call this function as long as it does not return -1
1680 * to indicate EOF. LID does contain the next key used to build the web
1681 * 4) Always call this function a last time with LID set to NULL,
1682 * so that it can free its context.
1684 * Returns: -1 on EOF or the level of the returned LID
1687 enum_cert_paths( void **context, ulong *lid,
1688 unsigned *ownertrust, unsigned *validity )
1690 struct enum_cert_paths_ctx *ctx;
1693 if( !lid ) { /* release the context */
1695 TRUST_SEG_LIST tsl2;
1698 for(tsl = ctx->tsl_head; tsl; tsl = tsl2 ) {
1708 TRUST_INFO *tmppath;
1714 ctx = m_alloc_clear( sizeof *ctx );
1716 /* collect the paths */
1717 read_record( *lid, &rec, RECTYPE_DIR );
1718 tmppath = m_alloc_clear( (opt.max_cert_depth+1)* sizeof *tmppath );
1720 collect_paths( 0, opt.max_cert_depth, 1, &rec, tmppath, &tsl );
1722 sort_tsl_list( &tsl );
1723 /* setup the context */
1724 ctx->tsl_head = tsl;
1725 ctx->tsl = ctx->tsl_head;
1731 while( ctx->tsl && ctx->idx >= ctx->tsl->pathlen ) {
1732 ctx->tsl = ctx->tsl->next;
1737 return -1; /* eof */
1740 *ownertrust = tsl->path[ctx->idx].otrust;
1742 *validity = tsl->path[ctx->idx].trust;
1743 *lid = tsl->path[ctx->idx].lid;
1750 * Print the current path
1753 enum_cert_paths_print( void **context, FILE *fp,
1754 int refresh, ulong selected_lid )
1756 struct enum_cert_paths_ctx *ctx;
1769 if( refresh ) { /* update the ownertrust and if possible the validity */
1771 int match = tdbio_db_matches_options();
1773 for( i = 0; i < tsl->pathlen; i++ ) {
1776 read_record( tsl->path[i].lid, &rec, RECTYPE_DIR );
1777 tsl->path[i].otrust = rec.r.dir.ownertrust;
1778 /* update validity only if we have it in the cache
1779 * calculation is too time consuming */
1780 if( match && (rec.r.dir.dirflags & DIRF_VALVALID)
1781 && rec.r.dir.validity ) {
1782 tsl->path[i].trust = rec.r.dir.validity;
1783 if( rec.r.dir.dirflags & DIRF_REVOKED )
1784 tsl->path[i].trust = TRUST_FLAG_REVOKED;
1789 print_path( tsl->pathlen, tsl->path, fp, selected_lid );
1794 * Return the assigned ownertrust value for the given LID
1797 get_ownertrust( ulong lid )
1801 read_record( lid, &rec, RECTYPE_DIR );
1802 return rec.r.dir.ownertrust;
1806 get_ownertrust_info( ulong lid )
1811 otrust = get_ownertrust( lid );
1812 c = trust_letter( (otrust & TRUST_MASK) );
1819 * Return an allocated buffer with the preference values for
1820 * the key with LID and the userid which is identified by the
1821 * HAMEHASH or the firstone if namehash is NULL. ret_n receives
1822 * the length of the allcoated buffer. Structure of the buffer is
1823 * a repeated sequences of 2 bytes; where the first byte describes the
1824 * type of the preference and the second one the value. The constants
1825 * PREFTYPE_xxxx should be used to reference a type.
1828 get_pref_data( ulong lid, const byte *namehash, size_t *ret_n )
1833 read_record( lid, &rec, RECTYPE_DIR );
1834 for( recno=rec.r.dir.uidlist; recno; recno = rec.r.uid.next ) {
1835 read_record( recno, &rec, RECTYPE_UID );
1836 if( rec.r.uid.prefrec
1837 && ( !namehash || !memcmp(namehash, rec.r.uid.namehash, 20) )) {
1839 /* found the correct one or the first one */
1840 read_record( rec.r.uid.prefrec, &rec, RECTYPE_PREF );
1841 if( rec.r.pref.next )
1842 log_info(_("WARNING: can't yet handle long pref records\n"));
1843 buf = m_alloc( ITEMS_PER_PREF_RECORD );
1844 memcpy( buf, rec.r.pref.data, ITEMS_PER_PREF_RECORD );
1845 *ret_n = ITEMS_PER_PREF_RECORD;
1855 * Check whether the algorithm is in one of the pref records
1858 is_algo_in_prefs( ulong lid, int preftype, int algo )
1865 read_record( lid, &rec, RECTYPE_DIR );
1866 for( recno=rec.r.dir.uidlist; recno; recno = rec.r.uid.next ) {
1867 read_record( recno, &rec, RECTYPE_UID );
1868 if( rec.r.uid.prefrec ) {
1869 read_record( rec.r.uid.prefrec, &rec, RECTYPE_PREF );
1870 if( rec.r.pref.next )
1871 log_info(_("WARNING: can't yet handle long pref records\n"));
1872 pref = rec.r.pref.data;
1873 for(i=0; i+1 < ITEMS_PER_PREF_RECORD; i+=2 ) {
1874 if( pref[i] == preftype && pref[i+1] == algo )
1884 get_dir_record( PKT_public_key *pk, TRUSTREC *rec )
1888 if( pk->local_id ) {
1889 read_record( pk->local_id, rec, RECTYPE_DIR );
1891 else { /* no local_id: scan the trustdb */
1892 if( (rc=tdbio_search_dir_bypk( pk, rec )) && rc != -1 )
1893 log_error(_("get_dir_record: search_record failed: %s\n"),
1902 * This function simply looks for the key in the trustdb
1903 * and makes sure that pk->local_id is set to the correct value.
1909 query_trust_record( PKT_public_key *pk )
1912 return get_dir_record( pk, &rec );
1917 clear_trust_checked_flag( PKT_public_key *pk )
1922 rc = get_dir_record( pk, &rec );
1926 /* check whether they are already reset */
1927 if( !(rec.r.dir.dirflags & DIRF_CHECKED)
1928 && !(rec.r.dir.dirflags & DIRF_VALVALID) )
1931 /* reset the flag */
1932 rec.r.dir.dirflags &= ~DIRF_CHECKED;
1933 rec.r.dir.dirflags &= ~DIRF_VALVALID;
1934 write_record( &rec );
1943 check_hint_sig( ulong lid, KBNODE keyblock, u32 *keyid, byte *uidrec_hash,
1944 TRUSTREC *sigrec, int sigidx, ulong hint_owner )
1950 PKT_signature *sigpkt = NULL;
1955 if( sigrec->r.sig.sig[sigidx].flag & SIGF_CHECKED )
1956 log_info(_("NOTE: sig rec %lu[%d] in hintlist "
1957 "of %lu but marked as checked\n"),
1958 sigrec->recnum, sigidx, hint_owner );
1959 if( !(sigrec->r.sig.sig[sigidx].flag & SIGF_NOPUBKEY) )
1960 log_info(_("NOTE: sig rec %lu[%d] in hintlist "
1961 "of %lu but not marked\n"),
1962 sigrec->recnum, sigidx, hint_owner );
1964 read_record( sigrec->r.sig.sig[sigidx].lid, &tmp, 0 );
1965 if( tmp.rectype != RECTYPE_DIR ) {
1966 /* we need the dir record */
1967 log_error(_("sig rec %lu[%d] in hintlist "
1968 "of %lu does not point to a dir record\n"),
1969 sigrec->recnum, sigidx, hint_owner );
1972 if( !tmp.r.dir.keylist ) {
1973 log_error(_("lid %lu: no primary key\n"), tmp.r.dir.lid );
1976 read_record(tmp.r.dir.keylist, &tmp, RECTYPE_KEY );
1977 keyid_from_fingerprint( tmp.r.key.fingerprint,
1978 tmp.r.key.fingerprint_len, sigkid );
1981 /* find the correct signature packet */
1983 for( node=keyblock; node; node = node->next ) {
1984 if( node->pkt->pkttype == PKT_USER_ID ) {
1985 PKT_user_id *uidpkt = node->pkt->pkt.user_id;
1989 rmd160_hash_buffer( uhash, uidpkt->name, uidpkt->len );
1990 if( !memcmp( uhash, uidrec_hash, 20 ) )
1993 else if( state && node->pkt->pkttype == PKT_SIGNATURE ) {
1994 sigpkt = node->pkt->pkt.signature;
1995 if( sigpkt->keyid[0] == sigkid[0]
1996 && sigpkt->keyid[1] == sigkid[1]
1997 && ( (sigpkt->sig_class&~3) == 0x10
1998 || ( revoke = (sigpkt->sig_class == 0x30)) ) ) {
2006 log_info(_("lid %lu: user id not found in keyblock\n"), lid );
2010 log_info(_("lid %lu: user id without signature\n"), lid );
2014 /* and check the sig */
2015 rc = check_key_signature( keyblock, node, &is_selfsig );
2017 log_error(_("lid %lu: self-signature in hintlist\n"), lid );
2021 /* FiXME: handling fo SIGF_REVOKED is not correct! */
2023 if( !rc ) { /* valid signature */
2025 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2026 (ulong)keyid[1], lid, uhash[18], uhash[19],
2027 (ulong)sigpkt->keyid[1],
2028 revoke? _("Valid certificate revocation")
2029 : _("Good certificate") );
2030 sigrec->r.sig.sig[sigidx].flag = SIGF_CHECKED | SIGF_VALID;
2032 sigrec->r.sig.sig[sigidx].flag |= SIGF_REVOKED;
2034 else if( rc == G10ERR_NO_PUBKEY ) {
2035 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2036 (ulong)keyid[1], lid, uhash[18], uhash[19],
2037 (ulong)sigpkt->keyid[1],
2038 _("very strange: no public key\n") );
2039 sigrec->r.sig.sig[sigidx].flag = SIGF_NOPUBKEY;
2042 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2043 (ulong)keyid[1], lid, uhash[18], uhash[19],
2044 (ulong)sigpkt->keyid[1], g10_errstr(rc) );
2045 sigrec->r.sig.sig[sigidx].flag = SIGF_CHECKED;
2052 * Process a hintlist.
2053 * Fixme: this list is not anymore anchored to another
2054 * record, so it should be put elsewehere in case of an error
2057 process_hintlist( ulong hintlist, ulong hint_owner )
2062 for( hlst_rn = hintlist; hlst_rn; ) {
2066 read_record( hlst_rn, &hlstrec, RECTYPE_HLST );
2068 for( hlst_idx=0; hlst_idx < ITEMS_PER_HLST_RECORD; hlst_idx++ ) {
2072 KBNODE keyblock = NULL;
2077 lid = hlstrec.r.hlst.rnum[hlst_idx];
2081 read_record( lid, &dirrec, 0 );
2082 /* make sure it points to a dir record:
2083 * this should be true because it only makes sense to
2084 * call this function if the dir record is available */
2085 if( dirrec.rectype != RECTYPE_DIR ) {
2086 log_error(_("hintlist %lu[%d] of %lu "
2087 "does not point to a dir record\n"),
2088 hlst_rn, hlst_idx, hint_owner );
2091 if( !dirrec.r.dir.keylist ) {
2092 log_error(_("lid %lu does not have a key\n"), lid );
2096 /* get the keyblock */
2097 read_record( dirrec.r.dir.keylist, &tmprec, RECTYPE_KEY );
2098 rc = get_keyblock_byfprint( &keyblock,
2099 tmprec.r.key.fingerprint,
2100 tmprec.r.key.fingerprint_len );
2102 log_error(_("lid %lu: can't get keyblock: %s\n"),
2103 lid, g10_errstr(rc) );
2106 keyid_from_fingerprint( tmprec.r.key.fingerprint,
2107 tmprec.r.key.fingerprint_len, keyid );
2109 /* Walk over all user ids and their signatures and check all
2110 * the signature which are created by hint_owner */
2111 for( r1 = dirrec.r.dir.uidlist; r1; r1 = uidrec.r.uid.next ) {
2114 read_record( r1, &uidrec, RECTYPE_UID );
2115 for( r2 = uidrec.r.uid.siglist; r2; r2 = sigrec.r.sig.next ) {
2118 read_record( r2, &sigrec, RECTYPE_SIG );
2120 for(i=0; i < SIGS_PER_RECORD; i++ ) {
2121 if( !sigrec.r.sig.sig[i].lid )
2122 continue; /* skip deleted sigs */
2123 if( sigrec.r.sig.sig[i].lid != hint_owner )
2124 continue; /* not for us */
2125 /* some diagnostic messages */
2126 /* and do the signature check */
2127 check_hint_sig( lid, keyblock, keyid,
2128 uidrec.r.uid.namehash,
2129 &sigrec, i, hint_owner );
2132 write_record( &sigrec );
2135 release_kbnode( keyblock );
2136 } /* loop over hlst entries */
2138 /* delete this hlst record */
2139 hlst_rn = hlstrec.r.hlst.next;
2140 delete_record( hlstrec.recnum );
2141 } /* loop over hintlist */
2146 * Create or update shadow dir record and return the LID of the record
2149 create_shadow_dir( PKT_signature *sig, ulong lid )
2151 TRUSTREC sdir, hlst, tmphlst;
2152 ulong recno, newlid;
2153 int tmpidx=0; /* avoids gcc warnign - this is controlled by tmphlst */
2156 /* first see whether we already have such a record */
2157 rc = tdbio_search_sdir( sig->keyid, sig->pubkey_algo, &sdir );
2158 if( rc && rc != -1 ) {
2159 log_error(_("tdbio_search_dir failed: %s\n"), g10_errstr(rc));
2162 if( rc == -1 ) { /* not found: create */
2163 memset( &sdir, 0, sizeof sdir );
2164 sdir.recnum = tdbio_new_recnum();
2165 sdir.rectype= RECTYPE_SDIR;
2166 sdir.r.sdir.lid = sdir.recnum;
2167 sdir.r.sdir.keyid[0] = sig->keyid[0];
2168 sdir.r.sdir.keyid[1] = sig->keyid[1];
2169 sdir.r.sdir.pubkey_algo = sig->pubkey_algo;
2170 sdir.r.sdir.hintlist = 0;
2171 write_record( &sdir );
2173 newlid = sdir.recnum;
2174 /* Put the record number into the hintlist.
2175 * (It is easier to use the lid and not the record number of the
2176 * key to save some space (assuming that a signator has
2177 * signed more than one user id - and it is easier to implement.)
2180 for( recno=sdir.r.sdir.hintlist; recno; recno = hlst.r.hlst.next) {
2182 read_record( recno, &hlst, RECTYPE_HLST );
2183 for( i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
2184 if( !hlst.r.hlst.rnum[i] ) {
2185 if( !tmphlst.recnum ) {
2190 else if( hlst.r.hlst.rnum[i] == lid )
2191 return newlid; /* the signature is already in the hintlist */
2194 /* not yet in the hint list, write it */
2195 if( tmphlst.recnum ) { /* we have an empty slot */
2196 tmphlst.r.hlst.rnum[tmpidx] = lid;
2197 write_record( &tmphlst );
2199 else { /* must append a new hlst record */
2200 memset( &hlst, 0, sizeof hlst );
2201 hlst.recnum = tdbio_new_recnum();
2202 hlst.rectype = RECTYPE_HLST;
2203 hlst.r.hlst.next = sdir.r.sdir.hintlist;
2204 hlst.r.hlst.rnum[0] = lid;
2205 write_record( &hlst );
2206 sdir.r.sdir.hintlist = hlst.recnum;
2207 write_record( &sdir );
2215 * This function checks the given public key and inserts or updates
2216 * the keyrecord from the trustdb. Revocation certificates
2217 * are handled here and the keybinding of subkeys is checked.
2218 * Hmmm: Should we check here, that the key has at least one valid
2219 * user ID or do we allow keys w/o user ID?
2221 * keyblock points to the first node in the keyblock,
2222 * keynode is the node with the public key to check
2223 * (either primary or secondary), keyid is the keyid of
2224 * the primary key, drec is the directory record and recno_list
2225 * is a list used to keep track of visited records.
2226 * Existing keyflags are recalculated if recheck is true.
2229 upd_key_record( KBNODE keyblock, KBNODE keynode, u32 *keyid,
2230 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck )
2234 PKT_public_key *pk = keynode->pkt->pkt.public_key;
2235 ulong lid = drec->recnum;
2236 byte fpr[MAX_FINGERPRINT_LEN];
2238 ulong recno, newrecno;
2239 int keybind_seen = 0;
2240 int revoke_seen = 0;
2243 fingerprint_from_pk( pk, fpr, &fprlen );
2244 /* do we already have this key? */
2245 for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) {
2246 read_record( recno, &krec, RECTYPE_KEY );
2247 if( krec.r.key.fingerprint_len == fprlen
2248 && !memcmp( krec.r.key.fingerprint, fpr, fprlen ) )
2251 if( recno ) { /* yes */
2252 ins_recno_list( recno_list, recno, RECTYPE_KEY );
2254 else { /* no: insert this new key */
2256 memset( &krec, 0, sizeof(krec) );
2257 krec.rectype = RECTYPE_KEY;
2258 krec.r.key.lid = lid;
2259 krec.r.key.pubkey_algo = pk->pubkey_algo;
2260 krec.r.key.fingerprint_len = fprlen;
2261 memcpy(krec.r.key.fingerprint, fpr, fprlen );
2262 krec.recnum = newrecno = tdbio_new_recnum();
2263 write_record( &krec );
2264 ins_recno_list( recno_list, newrecno, RECTYPE_KEY );
2265 /* and put this new record at the end of the keylist */
2266 if( !(recno=drec->r.dir.keylist) ) {
2267 /* this is the first key */
2268 drec->r.dir.keylist = newrecno;
2271 else { /* we already have a key, append the new one */
2272 TRUSTREC save = krec;
2273 for( ; recno; recno = krec.r.key.next )
2274 read_record( recno, &krec, RECTYPE_KEY );
2275 krec.r.key.next = newrecno;
2276 write_record( &krec );
2281 if( !recheck && (krec.r.key.keyflags & KEYF_CHECKED) )
2284 /* check keybindings and revocations */
2285 krec.r.key.keyflags = 0;
2286 if( keynode->pkt->pkttype == PKT_PUBLIC_KEY ) {
2287 /* we assume that a primary key is always valid
2288 * and check later whether we have a revocation */
2289 krec.r.key.keyflags |= KEYF_CHECKED | KEYF_VALID;
2292 for( node=keynode->next; node; node = node->next ) {
2295 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2297 else if( node->pkt->pkttype != PKT_SIGNATURE )
2300 sig = node->pkt->pkt.signature;
2302 if( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
2303 continue; /* not a self signature */
2304 if( sig->sig_class == 0x18 && !keybind_seen ) { /* a keybinding */
2305 if( keynode->pkt->pkttype == PKT_PUBLIC_KEY )
2306 continue; /* oops, not for a main key */
2307 /* we check until we find a valid keybinding */
2308 rc = check_key_signature( keyblock, node, NULL );
2312 "key %08lX.%lu: Good subkey binding\n"),
2313 (ulong)keyid_from_pk(pk,NULL), lid );
2314 krec.r.key.keyflags |= KEYF_CHECKED | KEYF_VALID;
2318 "key %08lX.%lu: Invalid subkey binding: %s\n"),
2319 (ulong)keyid_from_pk(pk,NULL), lid, g10_errstr(rc) );
2320 krec.r.key.keyflags |= KEYF_CHECKED;
2321 krec.r.key.keyflags &= ~KEYF_VALID;
2325 else if( sig->sig_class == 0x20 && !revoke_seen ) {
2326 if( keynode->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2327 continue; /* a subkey is not expected here */
2328 /* This is a key revocation certificate: check it */
2329 rc = check_key_signature( keyblock, node, NULL );
2333 "key %08lX.%lu: Valid key revocation\n"),
2334 (ulong)keyid_from_pk(pk,NULL), lid );
2335 krec.r.key.keyflags |= KEYF_REVOKED;
2339 "key %08lX.%lu: Invalid key revocation: %s\n"),
2340 (ulong)keyid_from_pk(pk,NULL), lid, g10_errstr(rc) );
2344 else if( sig->sig_class == 0x28 && !revoke_seen ) {
2345 if( keynode->pkt->pkttype == PKT_PUBLIC_KEY )
2346 continue; /* a mainkey is not expected here */
2347 /* This is a subkey revocation certificate: check it */
2348 /* fixme: we should also check the revocation
2349 * is newer than the key (OpenPGP) */
2350 rc = check_key_signature( keyblock, node, NULL );
2354 "key %08lX.%lu: Valid subkey revocation\n"),
2355 (ulong)keyid_from_pk(pk,NULL), lid );
2356 krec.r.key.keyflags |= KEYF_REVOKED;
2360 "key %08lX.%lu: Invalid subkey binding: %s\n"),
2361 (ulong)keyid_from_pk(pk,NULL), lid, g10_errstr(rc) );
2367 write_record( &krec );
2372 * This function checks the given user ID and inserts or updates
2373 * the uid record of the trustdb. Revocation certificates
2376 * keyblock points to the first node in the keyblock,
2377 * uidnode is the node with the user id to check
2378 * keyid is the keyid of
2379 * the primary key, drec is the directory record and recno_list
2380 * is a list used to keep track of visited records.
2381 * Existing uidflags are recalculated if recheck is true.
2384 upd_uid_record( KBNODE keyblock, KBNODE uidnode, u32 *keyid,
2385 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck )
2387 ulong lid = drec->recnum;
2388 PKT_user_id *uid = uidnode->pkt->pkt.user_id;
2390 PKT_signature *selfsig = NULL;
2393 ulong recno, newrecno;
2396 /* see whether we already have an uid record */
2397 rmd160_hash_buffer( uidhash, uid->name, uid->len );
2398 for( recno=drec->r.dir.uidlist; recno; recno = urec.r.uid.next ) {
2399 read_record( recno, &urec, RECTYPE_UID );
2400 if( !memcmp( uidhash, urec.r.uid.namehash, 20 ) )
2403 if( recno ) { /* we already have this record */
2404 ins_recno_list( recno_list, recno, RECTYPE_UID );
2406 else { /* new user id */
2408 memset( &urec, 0 , sizeof(urec) );
2409 urec.rectype = RECTYPE_UID;
2410 urec.r.uid.lid = drec->recnum;
2411 memcpy(urec.r.uid.namehash, uidhash, 20 );
2412 urec.recnum = newrecno = tdbio_new_recnum();
2413 write_record( &urec );
2414 ins_recno_list( recno_list, newrecno, RECTYPE_UID );
2415 /* and put this new record at the end of the uidlist */
2416 if( !(recno=drec->r.dir.uidlist) ) { /* this is the first uid */
2417 drec->r.dir.uidlist = newrecno;
2420 else { /* we already have an uid, append it to the list */
2421 TRUSTREC save = urec;
2422 for( ; recno; recno = urec.r.key.next )
2423 read_record( recno, &urec, RECTYPE_UID );
2424 urec.r.uid.next = newrecno;
2425 write_record( &urec );
2430 if( recheck || !(urec.r.uid.uidflags & UIDF_CHECKED) ) {
2431 /* check self signatures */
2432 urec.r.uid.uidflags = 0;
2433 for( node=uidnode->next; node; node = node->next ) {
2436 if( node->pkt->pkttype == PKT_USER_ID )
2438 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2440 if( node->pkt->pkttype != PKT_SIGNATURE )
2443 sig = node->pkt->pkt.signature;
2445 if( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
2446 continue; /* not a self signature */
2448 if( (sig->sig_class&~3) == 0x10 ) { /* regular self signature */
2449 rc = check_key_signature( keyblock, node, NULL );
2452 log_info( "uid %08lX.%lu/%02X%02X: %s\n",
2453 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2454 _("Good self-signature") );
2455 urec.r.uid.uidflags |= UIDF_CHECKED | UIDF_VALID;
2457 selfsig = sig; /* use the first valid sig */
2458 else if( sig->timestamp > selfsig->timestamp
2459 && sig->sig_class >= selfsig->sig_class )
2460 selfsig = sig; /* but this one is newer */
2463 log_info( "uid %08lX/%02X%02X: %s: %s\n",
2464 (ulong)keyid[1], uidhash[18], uidhash[19],
2465 _("Invalid self-signature"),
2467 urec.r.uid.uidflags |= UIDF_CHECKED;
2470 else if( sig->sig_class == 0x30 ) { /* cert revocation */
2471 rc = check_key_signature( keyblock, node, NULL );
2472 if( !rc && selfsig && selfsig->timestamp > sig->timestamp ) {
2473 log_info( "uid %08lX.%lu/%02X%02X: %s\n",
2474 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2475 _("Valid user ID revocation skipped "
2476 "due to a newer self signature\n") );
2480 log_info( "uid %08lX.%lu/%02X%02X: %s\n",
2481 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2482 _("Valid user ID revocation\n") );
2483 urec.r.uid.uidflags |= UIDF_CHECKED | UIDF_VALID;
2484 urec.r.uid.uidflags |= UIDF_REVOKED;
2487 log_info("uid %08lX/%02X%02X: %s: %s\n",
2488 (ulong)keyid[1], uidhash[18], uidhash[19],
2489 _("Invalid user ID revocation"),
2494 write_record( &urec );
2495 } /* end check self-signatures */
2498 if( (urec.r.uid.uidflags & (UIDF_CHECKED|UIDF_VALID))
2499 != (UIDF_CHECKED|UIDF_VALID) )
2500 return; /* user ID is not valid, so no need to check more things */
2502 /* check the preferences */
2504 upd_pref_record( &urec, keyid, selfsig );
2506 /* check non-self signatures */
2507 for( node=uidnode->next; node; node = node->next ) {
2510 if( node->pkt->pkttype == PKT_USER_ID )
2512 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2514 if( node->pkt->pkttype != PKT_SIGNATURE )
2517 sig = node->pkt->pkt.signature;
2519 if( keyid[0] == sig->keyid[0] || keyid[1] == sig->keyid[1] )
2520 continue; /* skip self signature */
2522 if( (sig->sig_class&~3) == 0x10 ) { /* regular certification */
2523 upd_cert_record( keyblock, node, keyid, drec, recno_list,
2524 recheck, &urec, uidhash, 0 );
2526 else if( sig->sig_class == 0x30 ) { /* cert revocation */
2527 upd_cert_record( keyblock, node, keyid, drec, recno_list,
2528 recheck, &urec, uidhash, 1 );
2530 } /* end check certificates */
2532 write_record( &urec );
2542 upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig )
2545 sigsubpkttype_t subpkttype;
2548 { SIGSUBPKT_PREF_SYM, PREFTYPE_SYM },
2549 { SIGSUBPKT_PREF_HASH, PREFTYPE_HASH },
2550 { SIGSUBPKT_PREF_COMPR, PREFTYPE_COMPR },
2554 ulong lid = urec->r.uid.lid ;
2555 const byte *uidhash = urec->r.uid.namehash;
2560 byte prefs_sig[200];
2561 int n_prefs_sig = 0;
2562 byte prefs_rec[200];
2563 int n_prefs_rec = 0;
2565 /* check for changed preferences */
2566 for(k=0; ptable[k].subpkttype; k++ ) {
2567 s = parse_sig_subpkt2( sig, ptable[k].subpkttype, &n );
2569 for( ; n; n--, s++ ) {
2570 if( n_prefs_sig >= DIM(prefs_sig)-1 ) {
2571 log_info("uid %08lX.%lu/%02X%02X: %s\n",
2572 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2573 _("Too many preferences") );
2576 prefs_sig[n_prefs_sig++] = ptable[k].preftype;
2577 prefs_sig[n_prefs_sig++] = *s;
2581 for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
2582 read_record( recno, &prec, RECTYPE_PREF );
2583 for(i = 0; i < ITEMS_PER_PREF_RECORD; i +=2 ) {
2584 if( n_prefs_rec >= DIM(prefs_rec)-1 ) {
2585 log_info("uid %08lX.%lu/%02X%02X: %s\n",
2586 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2587 _("Too many preference items") );
2590 if( prec.r.pref.data[i] ) {
2591 prefs_rec[n_prefs_rec++] = prec.r.pref.data[i];
2592 prefs_rec[n_prefs_rec++] = prec.r.pref.data[i+1];
2596 if( n_prefs_sig == n_prefs_rec
2597 && !memcmp( prefs_sig, prefs_rec, n_prefs_sig ) )
2598 return; /* not changed */
2600 /* Preferences have changed: Delete all pref records
2601 * This is much simpler than checking whether we have to
2602 * do update the record at all - the record cache may care about it
2604 for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
2605 read_record( recno, &prec, RECTYPE_PREF );
2606 delete_record( recno );
2609 if( n_prefs_sig > ITEMS_PER_PREF_RECORD )
2610 log_info(_("WARNING: can't yet handle long pref records\n"));
2612 memset( &prec, 0, sizeof prec );
2613 prec.recnum = tdbio_new_recnum();
2614 prec.rectype = RECTYPE_PREF;
2615 prec.r.pref.lid = lid;
2616 if( n_prefs_sig <= ITEMS_PER_PREF_RECORD )
2617 memcpy( prec.r.pref.data, prefs_sig, n_prefs_sig );
2618 else { /* need more than one pref record */
2621 int n = n_prefs_sig;
2622 byte *pp = prefs_sig;
2624 memcpy( prec.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
2625 n -= ITEMS_PER_PREF_RECORD;
2626 pp += ITEMS_PER_PREF_RECORD;
2627 nextrn = prec.r.pref.next = tdbio_new_recnum();
2629 memset( &tmp, 0, sizeof tmp );
2630 tmp.recnum = nextrn;
2631 tmp.rectype = RECTYPE_PREF;
2632 tmp.r.pref.lid = lid;
2633 if( n <= ITEMS_PER_PREF_RECORD ) {
2634 memcpy( tmp.r.pref.data, pp, n );
2638 memcpy( tmp.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
2639 n -= ITEMS_PER_PREF_RECORD;
2640 pp += ITEMS_PER_PREF_RECORD;
2641 nextrn = tmp.r.pref.next = tdbio_new_recnum();
2643 write_record( &tmp );
2646 write_record( &prec );
2647 urec->r.uid.prefrec = prec.recnum;
2654 upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
2655 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck,
2656 TRUSTREC *urec, const byte *uidhash, int revoke )
2658 /* We simply insert the signature into the sig records but
2659 * avoid duplicate ones. We do not check them here because
2660 * there is a big chance, that we import required public keys
2661 * later. The problem with this is that we must somewhere store
2662 * the information about this signature (we need a record id).
2663 * We do this by using the record type shadow dir, which will
2664 * be converted to a dir record as soon as a new public key is
2665 * inserted into the trustdb.
2667 ulong lid = drec->recnum;
2668 PKT_signature *sig = signode->pkt->pkt.signature;
2675 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
2678 int found_delrec = 0;
2683 /* get the LID of the pubkey of the signature under verification */
2684 rc = get_pubkey( pk, sig->keyid );
2687 pk_lid = pk->local_id;
2689 rc = tdbio_search_dir_bypk( pk, &rec );
2691 pk_lid = rec.recnum;
2692 else if( rc == -1 ) { /* see whether there is a sdir instead */
2695 keyid_from_pk( pk, akid );
2696 rc = tdbio_search_sdir( akid, pk->pubkey_algo, &rec );
2698 pk_lid = rec.recnum;
2702 free_public_key( pk ); pk = NULL;
2704 /* Loop over all signatures just in case one is not correctly
2705 * marked. If we see the correct signature, set a flag.
2706 * delete duplicate signatures (should not happen but...) */
2707 for( recno = urec->r.uid.siglist; recno; recno = rec.r.sig.next ) {
2710 read_record( recno, &rec, RECTYPE_SIG );
2711 for(i=0; i < SIGS_PER_RECORD; i++ ) {
2713 if( !rec.r.sig.sig[i].lid ) {
2714 if( !found_delrec && !delrec.recnum ) {
2719 continue; /* skip deleted sigs */
2721 if( rec.r.sig.sig[i].lid == pk_lid ) {
2723 log_info( "sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2724 (ulong)keyid[1], lid, uidhash[18],
2725 uidhash[19], (ulong)sig->keyid[1],
2726 _("Duplicated certificate - deleted") );
2727 rec.r.sig.sig[i].lid = 0;
2733 if( !recheck && !revoke && (rec.r.sig.sig[i].flag & SIGF_CHECKED) )
2734 continue; /* we already checked this signature */
2735 if( !recheck && (rec.r.sig.sig[i].flag & SIGF_NOPUBKEY) )
2736 continue; /* we do not have the public key */
2738 read_record( rec.r.sig.sig[i].lid, &tmp, 0 );
2739 if( tmp.rectype == RECTYPE_DIR ) {
2740 /* In this case we should now be able to check the signature */
2741 rc = check_key_signature( keyblock, signode, NULL );
2742 if( !rc ) { /* valid signature */
2744 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2745 (ulong)keyid[1], lid, uidhash[18],
2746 uidhash[19], (ulong)sig->keyid[1],
2747 revoke? _("Valid certificate revocation")
2748 : _("Good certificate") );
2749 rec.r.sig.sig[i].flag = SIGF_CHECKED | SIGF_VALID;
2751 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2753 else if( rc == G10ERR_NO_PUBKEY ) {
2754 #if 0 /* fixme: For some reason this really happens? */
2755 if( (rec.r.sig.sig[i].flag & SIGF_CHECKED) )
2756 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2757 (ulong)keyid[1], lid, uidhash[18],
2758 uidhash[19], (ulong)sig->keyid[1],
2759 _("Hmmm, public key lost?") );
2761 rec.r.sig.sig[i].flag = SIGF_NOPUBKEY;
2763 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2766 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s: %s\n",
2767 (ulong)keyid[1], lid, uidhash[18],
2768 uidhash[19], (ulong)sig->keyid[1],
2769 revoke? _("Invalid certificate revocation")
2770 : _("Invalid certificate"),
2772 rec.r.sig.sig[i].flag = SIGF_CHECKED;
2774 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2778 else if( tmp.rectype == RECTYPE_SDIR ) {
2779 /* must check that it is the right one */
2780 if( tmp.r.sdir.keyid[0] == sig->keyid[0]
2781 && tmp.r.sdir.keyid[1] == sig->keyid[1]
2782 && (!tmp.r.sdir.pubkey_algo
2783 || tmp.r.sdir.pubkey_algo == sig->pubkey_algo )) {
2784 if( !(rec.r.sig.sig[i].flag & SIGF_NOPUBKEY) )
2785 log_info(_("uid %08lX.%lu/%02X%02X: "
2786 "has shadow dir %lu but is not yet marked.\n"),
2787 (ulong)keyid[1], lid,
2788 uidhash[18], uidhash[19], tmp.recnum );
2789 rec.r.sig.sig[i].flag = SIGF_NOPUBKEY;
2791 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2793 /* fixme: should we verify that the record is
2794 * in the hintlist? - This case here should anyway
2799 log_error(_("sig record %lu[%d] points to wrong record.\n"),
2800 rec.r.sig.sig[i].lid, i );
2804 if( found_delrec && delrec.recnum ) {
2806 found_delrec = 0; /* we only want the first one */
2809 write_record( &rec );
2817 /* at this point, we have verified, that the signature is not in
2818 * our list of signatures. Add a new record with that signature
2819 * and if the public key is there, check the signature. */
2821 if( !pk_lid ) /* we have already seen that there is no pubkey */
2822 rc = G10ERR_NO_PUBKEY;
2824 rc = check_key_signature( keyblock, signode, NULL );
2826 if( !rc ) { /* valid signature */
2828 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2829 (ulong)keyid[1], lid, uidhash[18],
2830 uidhash[19], (ulong)sig->keyid[1],
2831 revoke? _("Valid certificate revocation")
2832 : _("Good certificate") );
2833 newlid = pk_lid; /* this is the pk of the signature */
2834 newflag = SIGF_CHECKED | SIGF_VALID;
2836 newflag |= SIGF_REVOKED;
2838 else if( rc == G10ERR_NO_PUBKEY ) {
2839 if( opt.verbose > 1 )
2840 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2841 (ulong)keyid[1], lid, uidhash[18],
2842 uidhash[19], (ulong)sig->keyid[1], g10_errstr(rc) );
2843 newlid = create_shadow_dir( sig, lid );
2844 newflag = SIGF_NOPUBKEY;
2846 newflag |= SIGF_REVOKED;
2849 log_info( "sig %08lX.%lu/%02X%02X/%08lX: %s: %s\n",
2850 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2851 (ulong)sig->keyid[1],
2852 revoke? _("Invalid certificate revocation")
2853 : _("Invalid certificate"),
2855 newlid = create_shadow_dir( sig, lid );
2856 newflag = SIGF_CHECKED;
2858 newflag |= SIGF_REVOKED;
2861 if( delrec.recnum ) { /* we can reuse a deleted/unused slot */
2862 delrec.r.sig.sig[delrecidx].lid = newlid;
2863 delrec.r.sig.sig[delrecidx].flag= newflag;
2864 write_record( &delrec );
2866 else { /* must insert a new sig record */
2869 memset( &tmp, 0, sizeof tmp );
2870 tmp.recnum = tdbio_new_recnum();
2871 tmp.rectype = RECTYPE_SIG;
2872 tmp.r.sig.lid = lid;
2873 tmp.r.sig.next = urec->r.uid.siglist;
2874 tmp.r.sig.sig[0].lid = newlid;
2875 tmp.r.sig.sig[0].flag= newflag;
2876 write_record( &tmp );
2877 urec->r.uid.siglist = tmp.recnum;
2884 * Update all the info from the public keyblock.
2885 * The key must already exist in the keydb.
2886 * This function is responsible for checking the signatures in cases
2887 * where the public key is already available. If we do not have the public
2888 * key, the check is done by some special code in insert_trust_record().
2891 update_trust_record( KBNODE keyblock, int recheck, int *modified )
2893 PKT_public_key *primary_pk;
2901 u32 keyid[2]; /* keyid of primary key */
2902 ulong recno, lastrecno;
2903 RECNO_LIST recno_list = NULL; /* list of verified records */
2904 /* fixme: replace recno_list by a lookup on node->recno */
2909 node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
2910 primary_pk = node->pkt->pkt.public_key;
2911 rc = get_dir_record( primary_pk, &drec );
2914 if( !primary_pk->local_id )
2915 primary_pk->local_id = drec.recnum;
2917 keyid_from_pk( primary_pk, keyid );
2919 /* fixme: check that the keyblock has a valid structure */
2921 rc = tdbio_begin_transaction();
2925 /* update the keys */
2926 for( node=keyblock; node; node = node->next ) {
2927 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2928 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2929 upd_key_record( keyblock, node, keyid,
2930 &drec, &recno_list, recheck );
2932 /* update the user IDs */
2933 for( node=keyblock; node; node = node->next ) {
2934 if( node->pkt->pkttype == PKT_USER_ID )
2935 upd_uid_record( keyblock, node, keyid,
2936 &drec, &recno_list, recheck );
2939 /* delete keyrecords from the trustdb which are not anymore used */
2940 /* should we really do this, or is it better to keep them and */
2941 /* mark as unused? */
2942 /* And set the revocation flag into the dir record */
2943 drec.r.dir.dirflags &= ~DIRF_REVOKED;
2945 for( recno=drec.r.dir.keylist; recno; recno = krec.r.key.next ) {
2946 read_record( recno, &krec, RECTYPE_KEY );
2947 if( recno == drec.r.dir.keylist ) { /* this is the primary key */
2948 if( (krec.r.key.keyflags & KEYF_REVOKED) ) {
2949 drec.r.dir.dirflags |= DIRF_REVOKED;
2954 if( !qry_recno_list( recno_list, recno, RECTYPE_KEY ) ) {
2955 /* delete this one */
2957 drec.r.dir.keylist = krec.r.key.next;
2961 read_record( lastrecno, &helprec, RECTYPE_KEY );
2962 helprec.r.key.next = krec.r.key.next;
2963 write_record( &helprec );
2965 delete_record( recno );
2970 /* delete uid records and sig and their pref records from the
2971 * trustdb which are not anymore used */
2973 for( recno=drec.r.dir.uidlist; recno; recno = urec.r.uid.next ) {
2974 read_record( recno, &urec, RECTYPE_UID );
2975 if( !qry_recno_list( recno_list, recno, RECTYPE_UID ) ) {
2977 /* delete this one */
2979 drec.r.dir.uidlist = urec.r.uid.next;
2983 read_record( lastrecno, &helprec, RECTYPE_UID );
2984 helprec.r.uid.next = urec.r.uid.next;
2985 write_record( &helprec );
2987 for(r2=urec.r.uid.prefrec ; r2; r2 = prec.r.pref.next ) {
2988 read_record( r2, &prec, RECTYPE_PREF );
2989 delete_record( r2 );
2991 for(r2=urec.r.uid.siglist ; r2; r2 = helprec.r.sig.next ) {
2992 read_record( r2, &helprec, RECTYPE_SIG );
2993 delete_record( r2 );
2995 delete_record( recno );
3004 rc = tdbio_cancel_transaction();
3006 if( modified && tdbio_is_dirty() )
3008 drec.r.dir.dirflags |= DIRF_CHECKED;
3009 drec.r.dir.dirflags &= ~DIRF_VALVALID;
3010 write_record( &drec );
3011 rc = tdbio_end_transaction();
3013 rel_recno_list( &recno_list );
3019 * Insert a trust record into the TrustDB
3020 * This function assumes that the record does not yet exist.
3023 insert_trust_record( PKT_public_key *pk )
3027 KBNODE keyblock = NULL;
3029 byte fingerprint[MAX_FINGERPRINT_LEN];
3035 log_bug("pk->local_id=%lu\n", pk->local_id );
3037 fingerprint_from_pk( pk, fingerprint, &fingerlen );
3039 /* fixme: assert that we do not have this record.
3040 * we can do this by searching for the primary keyid
3042 * fixme: If there is no such key we should look whether one
3043 * of the subkeys has been used to sign another key and in this case
3044 * we got the key anyway. Because a secondary key can't be used
3045 * without a primary key (it is needed to bind the secondary one
3046 * to the primary one which has the user ids etc.)
3049 /* get the keyblock which has the key */
3050 rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
3051 if( rc ) { /* that should never happen */
3052 log_error( _("insert_trust_record: keyblock not found: %s\n"),
3057 /* check that we used the primary key (we are little bit paranoid) */
3058 { PKT_public_key *a_pk;
3059 u32 akid[2], bkid[2];
3061 node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
3062 a_pk = node->pkt->pkt.public_key;
3064 /* we can't use cmp_public_keys here because some parts (expiredate)
3065 * might not be set in pk <--- but why (fixme) */
3066 keyid_from_pk( a_pk, akid );
3067 keyid_from_pk( pk, bkid );
3069 if( akid[0] != bkid[0] || akid[1] != bkid[1] ) {
3070 log_error(_("did not use primary key for insert_trust_record()\n"));
3071 rc = G10ERR_GENERAL;
3076 /* We have to look for a shadow dir record which must be reused
3077 * as the dir record. And: check all signatures which are listed
3078 * in the hintlist of the shadow dir record.
3080 rc = tdbio_search_sdir( pk->keyid, pk->pubkey_algo, &shadow );
3081 if( rc && rc != -1 ) {
3082 log_error(_("tdbio_search_dir failed: %s\n"), g10_errstr(rc));
3085 memset( &dirrec, 0, sizeof dirrec );
3086 dirrec.rectype = RECTYPE_DIR;
3088 /* hey, great: this key has already signed other keys
3089 * convert this to a real directory entry */
3090 hintlist = shadow.r.sdir.hintlist;
3091 dirrec.recnum = shadow.recnum;
3094 dirrec.recnum = tdbio_new_recnum();
3096 dirrec.r.dir.lid = dirrec.recnum;
3097 write_record( &dirrec );
3100 pk->local_id = dirrec.r.dir.lid;
3101 for( node=keyblock; node; node = node->next ) {
3102 if( node->pkt->pkttype == PKT_PUBLIC_KEY
3103 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
3104 PKT_public_key *pk = node->pkt->pkt.public_key;
3105 pk->local_id = dirrec.r.dir.lid;
3107 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
3108 PKT_signature *sig = node->pkt->pkt.signature;
3109 sig->local_id = dirrec.r.dir.lid;
3113 /* and put all the other stuff into the keydb */
3114 rc = update_trust_record( keyblock, 1, NULL );
3116 process_hintlist( hintlist, dirrec.r.dir.lid );
3119 if( rc && hintlist )
3120 ; /* fixme: the hintlist is not anymore anchored */
3121 release_kbnode( keyblock );
3128 update_ownertrust( ulong lid, unsigned new_trust )
3132 read_record( lid, &rec, RECTYPE_DIR );
3133 rec.r.dir.ownertrust = new_trust;
3134 write_record( &rec );
projects / gnupg.git / blob