2
* Copyright (C) 1998, 1999, 2000, 2001, 2002
3
* 2003 Free Software Foundation, Inc.
5
* This file is part of GnuPG.
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
43
#define CONTROL_D ('D' - 'A' + 1)
47
* Show the revocation reason as it is stored with the given signature
50
do_show_revocation_reason( PKT_signature *sig )
57
while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
60
continue; /* invalid - just skip it */
63
text = _("No reason specified");
65
text = _("Key is superseded");
67
text = _("Key has been compromised");
69
text = _("Key is no longer used");
71
text = _("User ID is no longer valid");
75
log_info( _("reason for revocation: ") );
77
fputs( text, log_get_stream () );
79
fprintf( log_get_stream (), "code=%02x", *p );
80
putc( '\n', log_get_stream () );
84
/* We don't want any empty lines, so skip them */
85
while( n && *p == '\n' ) {
90
pp = memchr( p, '\n', n );
92
log_info( _("revocation comment: ") );
93
print_string( log_get_stream(), p, nn, 0 );
94
putc( '\n', log_get_stream() );
101
/* Mode 0: try and find the revocation based on the pk (i.e. check
102
subkeys, etc.) Mode 1: use only the revocation on the main pk */
105
show_revocation_reason( PKT_public_key *pk, int mode )
107
/* Hmmm, this is not so easy becuase we have to duplicate the code
108
* used in the trustbd to calculate the keyflags. We need to find
109
* a clean way to check revocation certificates on keys and
110
* signatures. And there should be no duplicate code. Because we
111
* enter this function only when the trustdb told us that we have
112
* a revoked key, we could simply look for a revocation cert and
113
* display this one, when there is only one. Let's try to do this
114
* until we have a better solution. */
115
KBNODE node, keyblock = NULL;
116
byte fingerprint[MAX_FINGERPRINT_LEN];
120
/* get the keyblock */
121
fingerprint_from_pk( pk, fingerprint, &fingerlen );
122
rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
123
if( rc ) { /* that should never happen */
124
log_debug( "failed to get the keyblock\n");
128
for( node=keyblock; node; node = node->next ) {
129
if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
130
( ( node->pkt->pkttype == PKT_PUBLIC_KEY
131
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
132
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
136
log_debug("Oops, PK not in keyblock\n");
137
release_kbnode( keyblock );
140
/* now find the revocation certificate */
141
for( node = node->next; node ; node = node->next ) {
142
if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
144
if( node->pkt->pkttype == PKT_SIGNATURE
145
&& (node->pkt->pkt.signature->sig_class == 0x20
146
|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
147
/* FIXME: we should check the signature here */
148
do_show_revocation_reason ( node->pkt->pkt.signature );
153
/* We didn't find it, so check if the whole key is revoked */
155
show_revocation_reason(pk,1);
157
release_kbnode( keyblock );
162
show_paths (const PKT_public_key *pk, int only_first )
164
log_debug("not yet implemented\n");
166
void *context = NULL;
167
unsigned otrust, validity;
168
int last_level, level;
171
while( (level=enum_cert_paths( &context, &lid, &otrust, &validity)) != -1){
178
if( level < last_level && only_first )
182
rc = keyid_from_lid( lid, keyid );
185
log_error("ooops: can't get keyid for lid %lu\n", lid);
189
pk = xcalloc (1, sizeof *pk );
190
rc = get_pubkey( pk, keyid );
192
log_error("key %08lX: public key not found: %s\n",
193
(ulong)keyid[1], gpg_strerror (rc) );
197
tty_printf("%*s%4u%c/%08lX.%lu %s \"",
199
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
200
(ulong)keyid[1], lid, datestr_from_pk( pk ) );
202
c = trust_letter(otrust);
206
printf( "%02x", otrust );
208
c = trust_letter(validity);
212
printf( "%02x", validity );
215
p = get_user_id( keyid, &n );
216
tty_print_utf8_string( p, n ),
219
free_public_key( pk );
221
enum_cert_paths( &context, NULL, NULL, NULL ); /* release context */
231
* 1 = Without key info and additional menu option 'm'
232
* this does also add an option to set the key to ultimately trusted.
234
* -2 = nothing changed - caller should show some additional info
235
* -1 = quit operation
236
* 0 = nothing changed
237
* 1 = new ownertrust now in new_trust
240
do_edit_ownertrust (PKT_public_key *pk, int mode,
241
unsigned *new_trust, int defer_help )
250
int did_help=defer_help;
251
unsigned int minimum=get_min_ownertrust(pk);
255
default: min_num=0; break;
256
case TRUST_UNDEFINED: min_num=1; break;
257
case TRUST_NEVER: min_num=2; break;
258
case TRUST_MARGINAL: min_num=3; break;
259
case TRUST_FULLY: min_num=4; break;
262
keyid_from_pk (pk, keyid);
264
/* a string with valid answers */
265
const char *ans = _("iImMqQsS");
273
tty_printf(_("No trust value assigned to:\n"
274
"%4u%c/%08lX %s \""),
275
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
276
(ulong)keyid[1], datestr_from_pk( pk ) );
277
p = get_user_id( keyid, &n );
278
tty_print_utf8_string( p, n ),
282
keyblock = get_pubkeyblock (keyid);
285
for (un=keyblock; un; un = un->next) {
286
if (un->pkt->pkttype != PKT_USER_ID )
288
if (un->pkt->pkt.user_id->is_revoked )
290
if (un->pkt->pkt.user_id->is_expired )
292
/* Only skip textual primaries */
293
if (un->pkt->pkt.user_id->is_primary &&
294
!un->pkt->pkt.user_id->attrib_data )
297
if((opt.verify_options&VERIFY_SHOW_PHOTOS)
298
&& un->pkt->pkt.user_id->attrib_data)
299
show_photos(un->pkt->pkt.user_id->attribs,
300
un->pkt->pkt.user_id->numattribs,pk,NULL);
302
tty_printf (" %s", _(" aka \""));
303
tty_print_utf8_string (un->pkt->pkt.user_id->name,
304
un->pkt->pkt.user_id->len );
308
print_fingerprint (pk, NULL, 2);
311
/* This string also used in keyedit.c:sign_uids */
313
"Please decide how far you trust this user to correctly\n"
314
"verify other users' keys (by looking at passports,\n"
315
"checking fingerprints from different sources...)?\n\n"));
317
tty_printf (_(" %d = I don't know\n"), 1);
319
tty_printf (_(" %d = I do NOT trust\n"), 2);
321
tty_printf (_(" %d = I trust marginally\n"), 3);
323
tty_printf (_(" %d = I trust fully\n"), 4);
325
tty_printf (_(" %d = I trust ultimately\n"), 5);
327
/* not yet implemented */
328
tty_printf (_(" i = please show me more information\n") );
331
tty_printf(_(" m = back to the main menu\n"));
334
tty_printf(_(" s = skip this key\n"));
335
tty_printf(_(" q = quit\n"));
339
tty_printf(_("The minimum trust level for this key is: %s\n\n"),
340
trust_value_to_string(minimum));
343
if( strlen(ans) != 8 )
345
p = cpr_get("edit_ownertrust.value",_("Your decision? "));
350
else if( *p && p[1] )
352
else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
357
case '1': trust = TRUST_UNDEFINED; break;
358
case '2': trust = TRUST_NEVER ; break;
359
case '3': trust = TRUST_MARGINAL ; break;
360
case '4': trust = TRUST_FULLY ; break;
361
case '5': trust = TRUST_ULTIMATE ; break;
364
if (trust == TRUST_ULTIMATE
365
&& !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay",
366
_("Do you really want to set this key"
367
" to ultimate trust? ")))
377
/* not yet implemented */
378
else if( *p == ans[0] || *p == ans[1] )
380
tty_printf(_("Certificates leading to an ultimately trusted key:\n"));
385
else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) )
387
break ; /* back to the menu */
389
else if( !mode && (*p == ans[6] || *p == ans[7] ) )
393
else if( !mode && (*p == ans[4] || *p == ans[5] ) )
396
break ; /* back to the menu */
401
return show? -2: quit? -1 : changed;
405
* Display a menu to change the ownertrust of the key PK (which should
407
* For mode values see do_edit_ownertrust ()
410
edit_ownertrust (PKT_public_key *pk, int mode )
417
switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) )
421
case -2: /* show info */
425
case 1: /* trust value set */
426
trust &= ~TRUST_FLAG_DISABLED;
427
trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED;
428
update_ownertrust (pk, trust );
438
* Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
439
* Returns: true if we trust.
442
do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
444
unsigned int trustmask = 0;
446
/* FIXME: get_pubkey_byname already checks the validity and won't
447
* return keys which are either expired or revoked - so these
448
* question here won't get triggered. We have to find a solution
449
* for this. It might make sense to have a function in getkey.c
450
* which does only the basic checks and returns even revoked and
451
* expired keys. This fnction could then also returhn a list of
452
* keys if the speicified name is ambiguous
454
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
455
log_info(_("key %08lX: key has been revoked!\n"),
456
(ulong)keyid_from_pk( pk, NULL) );
457
show_revocation_reason( pk, 0 );
461
if( !cpr_get_answer_is_yes("revoked_key.override",
462
_("Use this key anyway? ")) )
464
trustmask |= TRUST_FLAG_REVOKED;
466
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
467
log_info(_("key %08lX: subkey has been revoked!\n"),
468
(ulong)keyid_from_pk( pk, NULL) );
469
show_revocation_reason( pk, 0 );
473
if( !cpr_get_answer_is_yes("revoked_key.override",
474
_("Use this key anyway? ")) )
476
trustmask |= TRUST_FLAG_SUB_REVOKED;
478
*trustlevel &= ~trustmask;
480
if( opt.trust_model==TM_ALWAYS ) {
482
log_info("No trust check due to --trust-model always option\n");
486
switch( (*trustlevel & TRUST_MASK) ) {
488
log_info(_("%08lX: key has expired\n"),
489
(ulong)keyid_from_pk( pk, NULL) );
493
log_error ("invalid trustlevel %u returned from validation layer\n",
497
case TRUST_UNDEFINED:
498
log_info(_("%08lX: There is no assurance this key belongs "
499
"to the named user\n"),(ulong)keyid_from_pk( pk, NULL) );
502
/* No way to get here? */
504
log_info(_("%08lX: We do NOT trust this key\n"),
505
(ulong)keyid_from_pk( pk, NULL) );
509
log_info(_("%08lX: There is limited assurance this key belongs "
510
"to the named user\n"),(ulong)keyid_from_pk(pk,NULL));
515
log_info(_("This key probably belongs to the named user\n"));
520
log_info(_("This key belongs to us\n"));
530
* wrapper around do_we_trust, so we can ask whether to use the
534
do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
538
rc = do_we_trust( pk, &trustlevel );
540
if( (trustlevel & TRUST_FLAG_REVOKED) && !rc )
542
if( (trustlevel & TRUST_FLAG_SUB_REVOKED) && !rc )
545
if( !opt.batch && !rc ) {
548
keyid_from_pk( pk, keyid);
549
tty_printf( "%4u%c/%08lX %s \"",
550
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
551
(ulong)keyid[1], datestr_from_pk( pk ) );
552
/* If the pk was chosen by a particular user ID, this is the
555
tty_print_utf8_string(pk->user_id->name,pk->user_id->len);
559
char *p = get_user_id( keyid, &n );
560
tty_print_utf8_string( p, n );
564
print_fingerprint (pk, NULL, 2);
568
"It is NOT certain that the key belongs to the person named\n"
569
"in the user ID. If you *really* know what you are doing,\n"
570
"you may answer the next question with yes\n\n"));
572
if( cpr_get_answer_is_yes("untrusted_key.override",
573
_("Use this key anyway? ")) )
576
/* Hmmm: Should we set a flag to tell the user about
577
* his decision the next time he encrypts for this recipient?
580
else if( opt.trust_model==TM_ALWAYS && !rc ) {
582
log_info(_("WARNING: Using untrusted key!\n"));
591
* Check whether we can trust this signature.
592
* Returns: Error if we shall not trust this signatures.
595
check_signatures_trust( PKT_signature *sig )
597
PKT_public_key *pk = xcalloc (1, sizeof *pk );
598
unsigned int trustlevel;
601
rc = get_pubkey( pk, sig->keyid );
603
{ /* this should not happen */
604
log_error("Ooops; the key vanished - can't check the trust\n");
605
rc = GPG_ERR_NO_PUBKEY;
609
if ( opt.trust_model==TM_ALWAYS )
612
log_info(_("WARNING: Using untrusted key!\n"));
613
if (opt.with_fingerprint)
614
print_fingerprint (pk, NULL, 1);
618
trustlevel = get_validity (pk, NULL);
620
if ( (trustlevel & TRUST_FLAG_REVOKED) )
622
write_status( STATUS_KEYREVOKED );
623
log_info(_("WARNING: This key has been revoked by its owner!\n"));
624
log_info(_(" This could mean that the signature is forgery.\n"));
625
show_revocation_reason( pk, 0 );
627
else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
629
write_status( STATUS_KEYREVOKED );
630
log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
631
show_revocation_reason( pk, 0 );
634
if ((trustlevel & TRUST_FLAG_DISABLED))
635
log_info (_("Note: This key has been disabled.\n"));
637
switch ( (trustlevel & TRUST_MASK) )
640
log_info(_("Note: This key has expired!\n"));
641
print_fingerprint (pk, NULL, 1);
645
log_error ("invalid trustlevel %u returned from validation layer\n",
649
case TRUST_UNDEFINED:
650
write_status( STATUS_TRUST_UNDEFINED );
651
log_info(_("WARNING: This key is not certified with"
652
" a trusted signature!\n"));
653
log_info(_(" There is no indication that the "
654
"signature belongs to the owner.\n" ));
655
print_fingerprint (pk, NULL, 1);
659
/* currently we won't get that status */
660
write_status( STATUS_TRUST_NEVER );
661
log_info(_("WARNING: We do NOT trust this key!\n"));
662
log_info(_(" The signature is probably a FORGERY.\n"));
663
if (opt.with_fingerprint)
664
print_fingerprint (pk, NULL, 1);
665
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
669
write_status( STATUS_TRUST_MARGINAL );
670
log_info(_("WARNING: This key is not certified with"
671
" sufficiently trusted signatures!\n"));
672
log_info(_(" It is not certain that the"
673
" signature belongs to the owner.\n" ));
674
print_fingerprint (pk, NULL, 1);
678
write_status( STATUS_TRUST_FULLY );
679
if (opt.with_fingerprint)
680
print_fingerprint (pk, NULL, 1);
684
write_status( STATUS_TRUST_ULTIMATE );
685
if (opt.with_fingerprint)
686
print_fingerprint (pk, NULL, 1);
691
free_public_key( pk );
697
release_pk_list( PK_LIST pk_list )
701
for( ; pk_list; pk_list = pk_rover ) {
702
pk_rover = pk_list->next;
703
free_public_key( pk_list->pk );
710
key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk)
712
for( ; pk_list; pk_list = pk_list->next)
713
if (cmp_public_keys(pk_list->pk, pk) == 0)
721
* Return a malloced string with a default reciepient if there is any
724
default_recipient(void)
727
byte fpr[MAX_FINGERPRINT_LEN+1];
732
if( opt.def_recipient )
733
return xstrdup ( opt.def_recipient );
734
if( !opt.def_recipient_self )
736
sk = xcalloc (1, sizeof *sk );
737
i = get_seckey_byname( sk, NULL, 0 );
739
free_secret_key( sk );
742
n = MAX_FINGERPRINT_LEN;
743
fingerprint_from_sk( sk, fpr, &n );
744
free_secret_key( sk );
745
p = xmalloc ( 2*n+3 );
748
for(i=0; i < n; i++ )
749
sprintf( p+2*i, "%02X", fpr[i] );
755
expand_id(const char *id,STRLIST *into,unsigned int flags)
757
struct groupitem *groups;
760
for(groups=opt.grouplist;groups;groups=groups->next)
762
/* need strcasecmp() here, as this should be localized */
763
if(strcasecmp(groups->name,id)==0)
767
/* this maintains the current utf8-ness */
768
for(each=groups->values;each;each=each->next)
770
sl=add_to_strlist(into,each->d);
782
/* For simplicity, and to avoid potential loops, we only expand once -
783
you can't make an alias that points to an alias. */
785
expand_group(STRLIST input)
787
STRLIST sl,output=NULL,rover;
789
for(rover=input;rover;rover=rover->next)
790
if(expand_id(rover->d,&output,rover->flags)==0)
792
/* Didn't find any groups, so use the existing string */
793
sl=add_to_strlist(&output,rover->d);
794
sl->flags=rover->flags;
801
build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
803
PK_LIST pk_list = NULL;
804
PKT_public_key *pk=NULL;
806
int any_recipients=0;
808
char *def_rec = NULL;
811
remusr=expand_group(rcpts);
815
/* check whether there are any recipients in the list and build the
816
* list of the encrypt-to ones (we always trust them) */
817
for( rov = remusr; rov; rov = rov->next ) {
818
if( !(rov->flags & 1) )
822
if((rov->flags&2) && (PGP2 || PGP6 || PGP7 || PGP8))
824
log_info(_("you may not use %s while in %s mode\n"),
825
"--hidden-recipient",
826
compliance_option_string());
828
compliance_failure();
831
else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) {
832
pk = xcalloc (1, sizeof *pk );
834
/* We can encrypt-to a disabled key */
835
if( (rc = get_pubkey_byname( pk, rov->d, NULL, NULL, 1 )) ) {
836
free_public_key( pk ); pk = NULL;
837
log_error(_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
838
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
839
rov->d, strlen (rov->d), -1);
842
else if( !(rc=openpgp_pk_test_algo (pk->pubkey_algo, use )) ) {
843
/* Skip the actual key if the key is already present
845
if (key_present_in_pk_list(pk_list, pk) == 0) {
846
free_public_key(pk); pk = NULL;
847
log_info(_("%s: skipped: public key already present\n"),
852
r = xmalloc ( sizeof *r );
853
r->pk = pk; pk = NULL;
855
r->flags = (rov->flags&2)?1:0;
858
if(r->flags&1 && (PGP2 || PGP6 || PGP7 || PGP8))
860
log_info(_("you may not use %s while in %s mode\n"),
861
"--hidden-encrypt-to",
862
compliance_option_string());
864
compliance_failure();
869
free_public_key( pk ); pk = NULL;
870
log_error(_("%s: skipped: %s\n"), rov->d, gpg_strerror (rc) );
871
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
872
rov->d, strlen (rov->d), -1);
878
if( !any_recipients && !opt.batch ) { /* ask */
881
STRLIST backlog=NULL;
883
def_rec = default_recipient();
884
have_def_rec = !!def_rec;
887
"You did not specify a user ID. (you may use \"-r\")\n"));
896
answer = strlist_pop (&backlog);
899
answer = cpr_get_utf8("pklist.user_id.enter",
900
_("\nEnter the user ID. End with an empty line: "));
904
if( !answer || !*answer ) {
908
if(expand_id(answer,&backlog,0))
911
free_public_key( pk );
912
pk = xcalloc (1, sizeof *pk );
914
rc = get_pubkey_byname( pk, answer, NULL, NULL, 0 );
916
tty_printf(_("No such user ID.\n"));
917
else if( !(rc=openpgp_pk_test_algo (pk->pubkey_algo, use)) ) {
919
if (key_present_in_pk_list(pk_list, pk) == 0) {
920
free_public_key(pk); pk = NULL;
921
log_info(_("skipped: public key "
922
"already set as default recipient\n") );
925
PK_LIST r = xmalloc ( sizeof *r );
926
r->pk = pk; pk = NULL;
928
r->flags = 0; /* no throwing default ids */
937
trustlevel = get_validity (pk, pk->user_id);
938
if( (trustlevel & TRUST_FLAG_DISABLED) ) {
939
tty_printf(_("Public key is disabled.\n") );
941
else if( do_we_trust_pre( pk, trustlevel ) ) {
942
/* Skip the actual key if the key is already present
944
if (key_present_in_pk_list(pk_list, pk) == 0) {
945
free_public_key(pk); pk = NULL;
946
log_info(_("skipped: public key already set\n") );
952
keyid_from_pk( pk, keyid);
953
tty_printf("Added %4u%c/%08lX %s \"",
955
pubkey_letter( pk->pubkey_algo ),
957
datestr_from_pk( pk ) );
959
tty_print_utf8_string(pk->user_id->name,
964
char *p = get_user_id( keyid, &n );
965
tty_print_utf8_string( p, n );
970
r = xmalloc ( sizeof *r );
971
r->pk = pk; pk = NULL;
973
r->flags = 0; /* no throwing interactive ids */
981
xfree (def_rec); def_rec = NULL;
985
free_public_key( pk );
989
else if( !any_recipients && (def_rec = default_recipient()) ) {
990
pk = xcalloc (1, sizeof *pk );
992
/* The default recipient may be disabled */
993
rc = get_pubkey_byname( pk, def_rec, NULL, NULL, 1 );
995
log_error(_("unknown default recipient `%s'\n"), def_rec );
996
else if( !(rc=openpgp_pk_test_algo (pk->pubkey_algo, use)) ) {
997
/* Mark any_recipients here since the default recipient
998
would have been used if it wasn't already there. It
999
doesn't really matter if we got this key from the default
1000
recipient or an encrypt-to. */
1002
if (key_present_in_pk_list(pk_list, pk) == 0)
1003
log_info(_("skipped: public key already set as default recipient\n"));
1005
PK_LIST r = xmalloc ( sizeof *r );
1006
r->pk = pk; pk = NULL;
1008
r->flags = 0; /* no throwing default ids */
1013
free_public_key( pk );
1016
xfree (def_rec); def_rec = NULL;
1020
for(; remusr; remusr = remusr->next ) {
1021
if( (remusr->flags & 1) )
1022
continue; /* encrypt-to keys are already handled */
1024
pk = xcalloc (1, sizeof *pk );
1025
pk->req_usage = use;
1026
if( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL, 0 )) ) {
1027
free_public_key( pk ); pk = NULL;
1028
log_error(_("%s: skipped: %s\n"), remusr->d, gpg_strerror (rc) );
1029
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
1030
remusr->d, strlen (remusr->d),
1034
else if( !(rc=openpgp_pk_test_algo (pk->pubkey_algo, use )) ) {
1037
trustlevel = get_validity (pk, pk->user_id);
1038
if( (trustlevel & TRUST_FLAG_DISABLED) ) {
1039
free_public_key(pk); pk = NULL;
1040
log_info(_("%s: skipped: public key is disabled\n"),
1042
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
1046
rc = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
1049
else if( do_we_trust_pre( pk, trustlevel ) ) {
1050
/* note: do_we_trust may have changed the trustlevel */
1052
/* We have at least one valid recipient. It doesn't matters
1053
* if this recipient is already present. */
1056
/* Skip the actual key if the key is already present
1058
if (key_present_in_pk_list(pk_list, pk) == 0) {
1059
free_public_key(pk); pk = NULL;
1060
log_info(_("%s: skipped: public key already present\n"),
1065
r = xmalloc ( sizeof *r );
1066
r->pk = pk; pk = NULL;
1068
r->flags = (remusr->flags&2)?1:0;
1072
else { /* we don't trust this pk */
1073
free_public_key( pk ); pk = NULL;
1074
write_status_text_and_buffer (STATUS_INV_RECP, "10 ",
1078
rc = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
1083
free_public_key( pk ); pk = NULL;
1084
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
1088
log_error(_("%s: skipped: %s\n"), remusr->d, gpg_strerror (rc) );
1094
if( !rc && !any_recipients ) {
1095
log_error(_("no valid addressees\n"));
1096
write_status_text (STATUS_NO_RECP, "0");
1097
rc = GPG_ERR_NO_USER_ID;
1103
release_pk_list( pk_list );
1105
*ret_pk_list = pk_list;
1107
free_strlist(remusr);
1112
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
1113
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
1114
and all compressions except none (0) and ZIP (1). pgp7 and pgp8
1115
mode expands the cipher list to include AES128 (7), AES192 (8),
1116
AES256 (9), and TWOFISH (10). pgp8 adds the SHA-256 hash (8). For
1117
a true PGP key all of this is unneeded as they are the only items
1118
present in the preferences subpacket, but checking here covers the
1119
weird case of encrypting to a key that had preferences from a
1120
different implementation which was then used with PGP. I am not
1121
completely comfortable with this as the right thing to do, as it
1122
slightly alters the list of what the user is supposedly requesting.
1123
It is not against the RFC however, as the preference chosen will
1124
never be one that the user didn't specify somewhere ("The
1125
implementation may use any mechanism to pick an algorithm in the
1126
intersection"), and PGP has no mechanism to fix such a broken
1127
preference list, so I'm including it. -dms */
1130
algo_available( preftype_t preftype, int algo, void *hint )
1132
if( preftype == PREFTYPE_SYM )
1134
if(PGP6 && (algo != CIPHER_ALGO_IDEA
1135
&& algo != CIPHER_ALGO_3DES
1136
&& algo != CIPHER_ALGO_CAST5))
1139
if((PGP7 || PGP8) && (algo != CIPHER_ALGO_IDEA
1140
&& algo != CIPHER_ALGO_3DES
1141
&& algo != CIPHER_ALGO_CAST5
1142
&& algo != CIPHER_ALGO_AES
1143
&& algo != CIPHER_ALGO_AES192
1144
&& algo != CIPHER_ALGO_AES256
1145
&& algo != CIPHER_ALGO_TWOFISH))
1148
return algo && !gcry_cipher_test_algo (algo);
1150
else if( preftype == PREFTYPE_HASH )
1152
if(hint && ((*(int *)hint) != gcry_md_get_algo_dlen (algo)))
1155
if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
1156
&& algo != DIGEST_ALGO_SHA1
1157
&& algo != DIGEST_ALGO_RMD160))
1161
if(PGP8 && (algo != DIGEST_ALGO_MD5
1162
&& algo != DIGEST_ALGO_SHA1
1163
&& algo != DIGEST_ALGO_RMD160
1164
&& algo != DIGEST_ALGO_SHA256))
1167
return algo && !gcry_md_test_algo( algo );
1169
else if( preftype == PREFTYPE_ZIP )
1171
if((PGP6 || PGP7 || PGP8) && (algo != COMPRESS_ALGO_NONE
1172
&& algo != COMPRESS_ALGO_ZIP))
1175
return !check_compress_algo( algo );
1184
* Return -1 if we could not find an algorithm.
1187
select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
1191
const prefitem_t *prefs;
1199
memset( bits, ~0, 8 * sizeof *bits );
1200
for( pkr = pk_list; pkr; pkr = pkr->next ) {
1203
memset( mask, 0, 8 * sizeof *mask );
1204
if( preftype == PREFTYPE_SYM ) {
1206
pkr->pk->version < 4 &&
1207
pkr->pk->selfsigversion < 4 )
1208
mask[0] |= (1<<1); /* IDEA is implicitly there for v3 keys
1209
with v3 selfsigs (rfc2440:12.1) if
1210
--pgp2 mode is on. This doesn't
1211
mean it's actually available, of
1214
mask[0] |= (1<<2); /* 3DES is implicitly there for everyone else */
1216
else if( preftype == PREFTYPE_HASH ) {
1217
/* While I am including this code for completeness, note
1218
that currently --pgp2 mode locks the hash at MD5, so this
1219
function will never even be called. Even if the hash
1220
wasn't locked at MD5, we don't support sign+encrypt in
1221
--pgp2 mode, and that's the only time PREFTYPE_HASH is
1222
used anyway. -dms */
1224
pkr->pk->version < 4 &&
1225
pkr->pk->selfsigversion < 4 )
1226
mask[0] |= (1<<1); /* MD5 is there for v3 keys with v3
1227
selfsigs when --pgp2 is on. */
1229
mask[0] |= (1<<2); /* SHA1 is there for everyone else */
1231
else if( preftype == PREFTYPE_ZIP )
1232
mask[0] |= (1<<0); /* Uncompressed is implicit */
1234
if (pkr->pk->user_id) /* selected by user ID */
1235
prefs = pkr->pk->user_id->prefs;
1237
prefs = pkr->pk->prefs;
1241
for (i=0; prefs[i].type; i++ ) {
1242
if( prefs[i].type == preftype ) {
1243
mask[prefs[i].value/32] |= 1 << (prefs[i].value%32);
1249
if( (!prefs || !any) && preftype == PREFTYPE_ZIP ) {
1250
mask[0] |= 3; /* asume no_compression and old pgp */
1255
log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n",
1256
(ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4],
1257
(ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0]);
1259
for(i=0; i < 8; i++ )
1262
log_debug("pref bits=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n",
1263
(ulong)bits[7], (ulong)bits[6], (ulong)bits[5], (ulong)bits[4],
1264
(ulong)bits[3], (ulong)bits[2], (ulong)bits[1], (ulong)bits[0]);
1267
/* usable algorithms are now in bits
1268
* We now use the last key from pk_list to select
1269
* the algorithm we want to use. there are no
1270
* preferences for the last key, we select the one
1271
* corresponding to first set bit.
1276
/* Can we use the requested algorithm? */
1277
if(request>-1 && (bits[request/32] & (1<<(request%32))) &&
1278
algo_available(preftype,request,hint))
1281
/* If we have personal prefs set, use them instead of the last key */
1282
if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs)
1283
prefs=opt.personal_cipher_prefs;
1284
else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs)
1285
prefs=opt.personal_digest_prefs;
1286
else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs)
1287
prefs=opt.personal_compress_prefs;
1290
for(j=0; prefs[j].type; j++ ) {
1291
if( prefs[j].type == preftype ) {
1292
if( (bits[prefs[j].value/32] & (1<<(prefs[j].value%32))) ) {
1293
if( algo_available( preftype, prefs[j].value, hint ) ) {
1302
if( !prefs || !any ) {
1303
for(j=0; j < 256; j++ )
1304
if( (bits[j/32] & (1<<(j%32))) ) {
1305
if( algo_available( preftype, j, hint ) ) {
1313
log_debug("prefs of type %d: selected %d\n", preftype, i );
1315
if( compr_hack && !i ) {
1316
/* selected no compression, but we should check whether
1317
* algorithm 1 is also available (the ordering is not relevant
1319
if( bits[0] & (1<<1) )
1320
i = 1; /* yep; we can use compression algo 1 */
1323
/* "If you are building an authentication system, the recipient
1324
may specify a preferred signing algorithm. However, the signer
1325
would be foolish to use a weak algorithm simply because the
1326
recipient requests it." RFC2440:13. If we settle on MD5, and
1327
SHA1 is also available, use SHA1 instead. Of course, if the
1328
user intentionally chose MD5 (by putting it in their personal
1329
prefs), then we should do what they say. */
1331
if(preftype==PREFTYPE_HASH &&
1332
i==DIGEST_ALGO_MD5 && (bits[0] & (1<<DIGEST_ALGO_SHA1)))
1336
if(opt.personal_digest_prefs)
1337
for(j=0; prefs[j].type; j++ )
1338
if(opt.personal_digest_prefs[j].type==PREFTYPE_HASH &&
1339
opt.personal_digest_prefs[j].value==DIGEST_ALGO_MD5)
1350
* Select the MDC flag from the pk_list. We can only use MDC if all recipients
1351
* support this feature
1354
select_mdc_from_pklist (PK_LIST pk_list)
1361
for (pkr = pk_list; pkr; pkr = pkr->next) {
1364
if (pkr->pk->user_id) /* selected by user ID */
1365
mdc = pkr->pk->user_id->mdc_feature;
1367
mdc = pkr->pk->mdc_feature;
1369
return 0; /* at least one recipient does not support it */
1371
return 1; /* can be used */