![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to keymaint.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / src|
Return to keymaint.c CVS log | Up to [PGP] / pgp / src |
1.1 root 1: /* keymaint.c - Keyring maintenance pass routines for PGP.
2: PGP: Pretty Good(tm) Privacy - public key cryptography for the masses.
3:
4: (c) Copyright 1990-1992 by Philip Zimmermann. All rights reserved.
5: The author assumes no liability for damages resulting from the use
6: of this software, even if the damage results from defects in this
7: software. No warranty is expressed or implied.
8:
9: All the source code Philip Zimmermann wrote for PGP is available for
10: free under the "Copyleft" General Public License from the Free
11: Software Foundation. A copy of that license agreement is included in
12: the source release package of PGP. Code developed by others for PGP
13: is also freely available. Other code that has been incorporated into
14: PGP from other sources was either originally published in the public
15: domain or was used with permission from the various authors. See the
16: PGP User's Guide for more complete information about licensing,
17: patent restrictions on certain algorithms, trademarks, copyrights,
18: and export controls.
19:
20: keymaint.c implemented by Branko Lankester.
21: */
22:
23: #include <stdio.h>
24: #include <time.h>
25: #include "mpilib.h"
26: #include "random.h"
27: #include "crypto.h"
28: #include "fileio.h"
29: #include "keymgmt.h"
30: #include "mpiio.h"
31: #include "language.h"
32: #include "pgp.h"
33:
34:
35: void setup_trust();
36: int maint_pass1(FILE *f);
37: int maint_trace_chain(FILE *f);
38: int maint_cmpfiles(FILE *f, FILE *g);
39: int trace_sig_chain(FILE *f, byte *fromID, int owner_trust, int depth);
40: int check_secretkey(FILE *f, long keypos);
41: int set_legit(FILE *f, long trustpos, int trust_count);
42: long lookup_by_keyID(FILE *f, byte *srch_keyID);
43: void show_userid(FILE *f, byte *keyID);
44: int show_trust(byte, byte);
45: int show_legit(byte, byte);
46: void write_trust_pos(FILE *f, byte keyctrl, long pos);
47:
48: /* returned when trying to do a maintenance pass on a secret keyring or keyfile */
49: #define ERR_NOTRUST -7
50:
51: #define TRUST_MASK 7 /* mask for userid/signature trust bytes */
52: #define SET_TRUST(b,v) (*(b) = (*(b) & ~TRUST_MASK) | (v))
53: #define TRUST_LEV(b) ((b) & TRUST_MASK)
54:
55: #define TRUST_FAC(x) (trust_tbl[TRUST_LEV(x)])
56:
57: /*
58: * table for tuning user paranoia index.
59: * values represent contribution of one signature indexed by the
60: * SIGTRUST of a signature
61: */
62: int trust_tbl[8];
63:
64: static int marginal_min;
65: static int complete_min; /* total count needed for a fully legit key */
66:
67: int marg_min = 2; /* number of marginally trusted signatures needed for
68: a fully legit key (can be set in config.pgp). */
69: int compl_min = 1; /* number of fully trusted signatures needed */
70:
71: char trust_lst[8][16] = {
72: "undefined", /* PSTR("undefined") */
73: "unknown", /* PSTR("unknown") */
74: "untrusted", /* PSTR("untrusted") */
75: "<3>", /* unused */
76: "<4>", /* unused */
77: "marginal", /* PSTR("marginal") */
78: "complete", /* PSTR("complete") */
79: "ultimate", /* PSTR("ultimate") */
80: };
81:
82: char legit_lst[4][16] = {
83: "undefined",
84: "untrusted",
85: "marginal",
86: "complete"
87: };
88:
89: int trustlst_len = 9; /* length of longest trust word */
90: int legitlst_len = 9; /* length of longest legit word */
91:
92: char floppyring[MAX_PATH] = "";
93: int max_cert_depth = 4; /* maximum nesting of signatures */
94:
95: static boolean check_only = FALSE;
96: static boolean mverbose;
97: static FILE *sec_fp;
98: static FILE *floppy_fp = NULL;
99: static int undefined_trust; /* number of legit keys with undef. trust */
100:
101: int
102: maintenance(char *ringfile, int options)
103: {
104: FILE *f, *g;
105: int status;
106: char *tmpring;
107: char secretkeyring[MAX_PATH];
108:
109: check_only = (options & MAINT_CHECK) != 0;
110: mverbose = (options & MAINT_VERBOSE) != 0;
111: undefined_trust = 0;
112:
113: if ((tmpring = tempfile(TMP_TMPDIR)) == NULL)
114: return(-1);
115: if ((g = fopenbin(tmpring, "w+")) == NULL)
116: return(-1);
117:
118: if ((f = fopenbin(ringfile,"r")) == NULL)
119: { fprintf(pgpout,PSTR("\n\007Can't open key ring file '%s'\n"),ringfile);
120: fclose(g);
121: return(-1);
122: }
123:
124: buildfilename(secretkeyring, SECRET_KEYRING_FILENAME);
125: if ((sec_fp = fopenbin(secretkeyring, "r")) == NULL)
126: fprintf(pgpout,PSTR("\nCan't open secret key ring file '%s'\n"),
127: secretkeyring);
128:
129: if (!(options & MAINT_SILENT) && *floppyring != '\0' &&
130: (floppy_fp = fopenbin(floppyring, "r")) == NULL)
131: fprintf(pgpout,PSTR("\nCan't open backup key ring file '%s'\n"),
132: floppyring);
133:
134: if ((status = copyfile(f, g, -1L)) < 0)
135: { fprintf(pgpout,PSTR("\n\007Could not read key from file '%s'.\n"), ringfile);
136: goto failed;
137: }
138:
139: setup_trust();
140: if (mverbose)
141: fprintf(pgpout, PSTR("\nPass 1: Looking for the \"ultimately-trusted\" keys...\n"));
142: rewind(g);
143: if ((status = maint_pass1(g)) < 0)
144: goto failed;
145:
146: if (mverbose)
147: fprintf(pgpout, PSTR("\nPass 2: Tracing signature chains...\n"));
148: rewind(g);
149: if ((status = maint_trace_chain(g)) < 0)
150: goto failed;
151:
152: if (!(options & MAINT_SILENT))
153: { if (mverbose)
154: fprintf(pgpout, PSTR("\nPass 3: Comparing with original keyring...\n"));
155: rewind(f);
156: rewind(g);
157: if ((status = maint_cmpfiles(f, g)) < 0)
158: goto failed;
159: } else
160: status = 1;
161:
162: fflush(g);
163: if (ferror(g))
164: { status = -1;
165: goto failed;
166: }
167: fclose(f);
168: fclose(g);
169: if (sec_fp)
170: fclose(sec_fp);
171: if (floppy_fp)
172: { fclose(floppy_fp);
173: floppy_fp = NULL;
174: }
175:
176: #ifdef DEBUG
177: if (check_only)
178: {
179: if (undefined_trust)
180: fprintf(pgpout, "\nKeyring contains %d fully validated key(s) with undefined trust.\n", undefined_trust);
181: else
182: if (status == 0)
183: fprintf(pgpout, "\nMaintenance check OK.\n");
184: rmtemp(tmpring);
185: return(0);
186: }
187: #endif
188:
189: if (status > 0) /* keyring is changed */
190: {
191: if (options & MAINT_SILENT)
192: { /* implicit maintenance pass (after pgp -ka, -kr, -ks) */
193: remove(ringfile);
194: if (savetemp(tmpring, ringfile) == NULL)
195: return(-1);
196: }
197: else
198: { /* explicit maintenance pass */
199: fprintf(pgpout, PSTR("Update public keyring '%s' (Y/n)? "), ringfile);
200: if (!getyesno('y'))
201: {
202: rmtemp(tmpring);
203: return(0);
204: }
205: if (savetempbak(tmpring, ringfile))
206: return(-1);
207: }
208: }
209: else
210: rmtemp(tmpring);
211:
212: return(0);
213:
214: failed:
215: if (sec_fp)
216: fclose(sec_fp);
217: if (floppy_fp)
218: { fclose(floppy_fp);
219: floppy_fp = NULL;
220: }
221: fclose(f);
222: fclose(g);
223: #ifdef DEBUG
224: savetempbak(tmpring, "tmpring.pub");
225: #else
226: rmtemp(tmpring);
227: #endif
228: return(status);
229: }
230:
231:
232: /*
233: * check if axiomatic keys are present in the secret keyring and
234: * clear userid and signature trust bytes
235: */
236: int
237: maint_pass1(FILE *f)
238: {
239: int status;
240: char userid[256];
241: byte keyID[KEYFRAGSIZE];
242: byte ctb;
243: byte keyctrl;
244: boolean buckstop = FALSE, show_user = FALSE;
245: boolean compromised = FALSE;
246: int buckstopcount = 0;
247: int usercount = 0;
248: long keypos = 0;
249:
250: while ((status = readkpacket(f, &ctb, userid, keyID, NULL)) != -1)
251: {
252: if (status < 0)
253: return(status);
254:
255: if (is_ctb_type(ctb, CTB_COMMENT_TYPE))
256: continue;
257: if (compromised && is_ctb_type(ctb, CTB_SKE_TYPE) && !usercount)
258: continue; /* compromise certificate */
259:
260: /* other packets should have trust byte */
261: if (read_trust(f, &keyctrl) < 0)
262: return(ERR_NOTRUST); /* not a public keyring */
263:
264: if (is_ctb_type(ctb, CTB_CERT_PUBKEY_TYPE))
265: {
266: if (compromised = is_compromised(f))
267: keyctrl = KC_OWNERTRUST_NEVER;
268: if ((keyctrl & KC_BUCKSTOP))
269: {
270: if (check_secretkey(f, keypos) == 0)
271: {
272: ++buckstopcount;
273: buckstop = TRUE;
274: if (mverbose)
275: fprintf(pgpout, "* %s",keyIDstring(keyID));
276: }
277: else
278: { /* not in secret keyring */
279: keyctrl &= ~KC_BUCKSTOP;
280: if (TRUST_LEV(keyctrl) == KC_OWNERTRUST_ULTIMATE)
281: keyctrl = KC_OWNERTRUST_ALWAYS;
282: if (mverbose)
283: fprintf(pgpout, ". %s",keyIDstring(keyID));
284: }
285: show_user = mverbose;
286: }
287: else
288: {
289: buckstop = FALSE;
290: show_user = FALSE;
291: }
292: usercount = 0;
293: keyctrl &= ~KC_VISITED;
294:
295: }
296: else if (ctb == CTB_USERID)
297: {
298: if (show_user)
299: {
300: if (usercount) /* more than one user ID */
301: fprintf(pgpout, " ");
302: fprintf(pgpout, " %s\n", EXTERNAL(userid));
303: }
304: if (buckstop)
305: keyctrl = KC_LEGIT_COMPLETE;
306: else
307: keyctrl = KC_LEGIT_UNKNOWN;
308: ++usercount;
309: }
310: else if (is_ctb_type(ctb, CTB_SKE_TYPE))
311: {
312: keyctrl = KC_SIGTRUST_UNDEFINED;
313: }
314: fseek(f, -1L, SEEK_CUR);
315: fwrite(&keyctrl, 1, 1, f);
316: fseek(f, 0L, SEEK_CUR);
317: keypos = ftell(f);
318: }
319: if (buckstopcount == 0 && mverbose)
320: {
321: fprintf(pgpout, PSTR("No ultimately-trusted keys.\n"));
322: }
323: return(0);
324: }
325:
326:
327: /*
328: * scan keyring for buckstop keys and start the recursive trace_sig_chain()
329: * on them
330: */
331: int
332: maint_trace_chain(FILE *f)
333: {
334: int status;
335: char userid[256];
336: byte keyID[KEYFRAGSIZE];
337: long trustpos = 0;
338: byte ctb;
339: byte own_trust;
340: boolean buckstop = FALSE;
341:
342: while ((status = readkpacket(f, &ctb, userid, keyID, NULL)) != -1)
343: {
344: if (status < 0)
345: return status;
346:
347: if (is_ctb_type(ctb, CTB_CERT_PUBKEY_TYPE))
348: {
349: trustpos = ftell(f);
350: if ((status = read_trust(f, &own_trust)) < 0)
351: return(status);
352: buckstop = (own_trust & KC_BUCKSTOP) != 0;
353: userid[0] = '\0';
354: }
355: else if (ctb == CTB_USERID)
356: {
357: if (buckstop)
358: {
359: buckstop = FALSE; /* only for first user id */
360: if (mverbose)
361: fprintf(pgpout, "* %s\n", EXTERNAL(userid));
362:
363: if (TRUST_LEV(own_trust) == KC_OWNERTRUST_UNDEFINED)
364: { SET_TRUST(&own_trust, ask_owntrust(userid, own_trust));
365: write_trust_pos(f, own_trust, trustpos);
366: }
367: if (trace_sig_chain(f, keyID, TRUST_LEV(own_trust), 0) < 0)
368: return(-1);
369: }
370: }
371: }
372: return(0);
373: }
374:
375:
376: /*
377: * check if the maintenance pass changed anything
378: * returns 0 if files f and g are equal.
379: */
380: int
381: maint_cmpfiles(FILE *f, FILE *g)
382: {
383: int status;
384: char userid[256];
385: byte keyID[KEYFRAGSIZE];
386: byte sigkeyID[KEYFRAGSIZE];
387: byte ctb;
388: byte kc_orig, kc_new;
389: int usercount = 0;
390: int changed = 0;
391:
392: fprintf(pgpout, PSTR(" KeyID Trust Validity User ID\n"));
393: while ((status = readkpacket(f, &ctb, userid, keyID, sigkeyID)) == 0)
394: {
395: if (is_ctb_type(ctb, CTB_COMMENT_TYPE))
396: continue;
397: /* other packets should have trust byte */
398:
399: fseek(g, ftell(f), SEEK_SET);
400: if (read_trust(f, &kc_orig) < 0 || read_trust(g, &kc_new) < 0)
401: { status = ERR_NOTRUST;
402: break;
403: }
404:
405: if (is_ctb_type(ctb, CTB_CERT_PUBKEY_TYPE))
406: {
407: if (is_compromised(f))
408: {
409: fprintf(pgpout, "# ");
410: nextkeypacket(f, &ctb); /* skip compromise certificate */
411: nextkeypacket(g, &ctb);
412: }
413: else if ((kc_new & KC_BUCKSTOP))
414: fprintf(pgpout, "* ");
415: else
416: fprintf(pgpout, " ");
417:
418: fprintf(pgpout, "%s ",keyIDstring(keyID));
419: changed += show_trust(kc_new, kc_orig);
420: usercount = 0;
421: userid[0] = '\0';
422: }
423: else if (ctb == CTB_USERID)
424: {
425: if (usercount) /* more than one user ID */
426: fprintf(pgpout, " %*s", trustlst_len, "");
427: ++usercount;
428: changed += show_legit(kc_new, kc_orig);
429: fprintf(pgpout, "%s\n", EXTERNAL(userid));
430: }
431: else if (is_ctb_type(ctb, CTB_SKE_TYPE))
432: {
433: if (kc_new & KC_CONTIG)
434: fprintf(pgpout, "c ");
435: else
436: fprintf(pgpout, " ");
437: changed += show_trust(kc_new, kc_orig);
438: fprintf(pgpout, " %*s", legitlst_len, "");
439: show_userid(f, sigkeyID);
440: }
441: }
442: if (status >= -1 && changed)
443: fprintf(pgpout, PSTR("\n%d \"trust byte(s)\" changed.\n"), changed);
444: if (status < -1) /* -1 is OK, EOF */
445: return(status);
446: return(changed);
447: }
448:
449:
450: void
451: init_trust_lst()
452: {
453: static int initialized = 0;
454: int i, len;
455: char *s;
456:
457: if (initialized)
458: return;
459: for (i = 0; i < 8; ++i)
460: { if (trust_lst[i][0])
461: { s = PSTR (trust_lst[i]);
462: if (s != trust_lst[i])
463: strncpy(trust_lst[i], s, sizeof(trust_lst[0]) - 1);
464: len = strlen(s);
465: if (len > trustlst_len)
466: trustlst_len = len;
467: }
468: }
469: for (i = 0; i < 4; ++i)
470: { s = PSTR (legit_lst[i]);
471: if (s != legit_lst[i])
472: strncpy(legit_lst[i], s, sizeof(legit_lst[0]) - 1);
473: len = strlen(s);
474: if (len > legitlst_len)
475: legitlst_len = len;
476: }
477: ++trustlst_len;
478: ++legitlst_len;
479: initialized = 1;
480: }
481:
482: int
483: show_trust(byte kc_new, byte kc_orig)
484: {
485: #ifdef DEBUG
486: fprintf(pgpout, " %02x", kc_new);
487: if (kc_new != kc_orig)
488: {
489: fprintf(pgpout, " (%02x) ", kc_orig);
490: return(1);
491: }
492: fprintf(pgpout, " ");
493: return(0);
494: #else
495: init_trust_lst();
496: fprintf(pgpout, "%c%-*s", (kc_new == kc_orig ? ' ' : '!'),
497: trustlst_len, trust_lst[TRUST_LEV(kc_new)]);
498: return(kc_new != kc_orig);
499: #endif
500: }
501:
502: int
503: show_legit(byte kc_new, byte kc_orig)
504: {
505: #ifdef DEBUG
506: return(show_trust(kc_new, kc_orig));
507: #else
508: init_trust_lst();
509: kc_new &= KC_LEGIT_MASK;
510: kc_orig &= KC_LEGIT_MASK;
511: fprintf(pgpout, "%c%-*s", (kc_new == kc_orig ? ' ' : '!'),
512: legitlst_len, legit_lst[kc_new]);
513: return(kc_new != kc_orig);
514: #endif
515: }
516:
517:
518: /*
519: * Find all signatures made with a key, fromID is the keyID of this key
520: * owner_trust is the trust level of this key.
521: * If a trusted signature makes a key fully legit then signatures made
522: * with this key are also recursively traced on down the tree.
523: */
524: int
525: trace_sig_chain(FILE *f, byte *fromID, int owner_trust, int depth)
526: {
527: long filepos;
528: int status;
529: int trust_count = 0;
530: byte keyID[KEYFRAGSIZE];
531: byte sigkeyID[KEYFRAGSIZE];
532: byte ctb;
533: byte own_trust, sig_trust;
534: char userid[256];
535: int sig_count = 0;
536: int compromised = 0;
537: long usertrustpos = 0;
538: long ownt_pos = 0;
539:
540: if (max_cert_depth > 8)
541: max_cert_depth = 8;
542: if (depth > max_cert_depth)
543: return(0);
544: filepos = ftell(f);
545: rewind(f);
546: userid[0] = '\0';
547: while ((status = readkpacket(f, &ctb, userid, keyID, sigkeyID)) != -1)
548: {
549: if (status < 0)
550: return status;
551:
552: if (is_ctb_type(ctb, CTB_CERT_PUBKEY_TYPE))
553: {
554: compromised = is_compromised(f);
555: ownt_pos = ftell(f);
556: if (read_trust(f, &own_trust))
557: return(ERR_NOTRUST);
558: userid[0] = '\0';
559: }
560: else if (ctb == CTB_USERID)
561: {
562: usertrustpos = ftell(f);
563: trust_count = 0;
564: }
565: else if (is_ctb_type(ctb, CTB_SKE_TYPE))
566: {
567: if (compromised)
568: continue;
569: read_trust(f, &sig_trust);
570: if (memcmp(sigkeyID, fromID, sizeof(sigkeyID)) == 0)
571: {
572: ++sig_count;
573: if (mverbose)
574: fprintf(pgpout, "%*s > %s\n", 2*depth, "", EXTERNAL(userid));
575: if (TRUST_LEV(sig_trust) != owner_trust)
576: {
577: SET_TRUST(&sig_trust, owner_trust);
578: }
579: sig_trust |= KC_CONTIG;
580: fseek(f, -1L, SEEK_CUR);
581: fwrite(&sig_trust, 1, 1, f);
582: fseek(f, 0L, SEEK_CUR);
583: }
584:
585: if (sig_trust & KC_CONTIG)
586: {
587: trust_count += TRUST_FAC(sig_trust);
588:
589: switch (set_legit(f, usertrustpos, trust_count))
590: {
591: case -1: return(-1);
592: case 1:
593: if ((own_trust & (KC_BUCKSTOP|KC_VISITED)) == 0)
594: {
595: if (TRUST_LEV(own_trust) == KC_OWNERTRUST_UNDEFINED)
596: SET_TRUST(&own_trust, ask_owntrust(userid, own_trust));
597: own_trust |= KC_VISITED;
598: write_trust_pos(f, own_trust, ownt_pos);
599: trace_sig_chain(f, keyID, TRUST_LEV(own_trust), depth+1);
600: }
601: }
602: }
603: }
604: }
605: if (mverbose && sig_count == 0) /* no signatures from this user */
606: fprintf(pgpout, PSTR("%*s (No signatures)\n"), 2*depth, "");
607: fseek(f, filepos, SEEK_SET);
608: return(0);
609: }
610:
611:
612: int
613: check_secretkey(FILE *f, long keypos)
614: {
615: int status = -1;
616: unit n[MAX_UNIT_PRECISION], e[MAX_UNIT_PRECISION];
617: unit nsec[MAX_UNIT_PRECISION], esec[MAX_UNIT_PRECISION];
618: char userid[256];
619: byte keyID[KEYFRAGSIZE];
620: long savepos, pktlen;
621: byte ctb;
622:
623: if (sec_fp == NULL)
624: return(-1);
625:
626: savepos = ftell(f);
627: fseek(f, keypos, SEEK_SET);
628: if (readkeypacket(f, FALSE, &ctb, NULL, NULL, n, e,
629: NULL, NULL, NULL, NULL, NULL, NULL) < 0)
630: goto ex;
631: extract_keyID(keyID, n);
632:
633: do /* get userid */
634: { if (readkpacket(f, &ctb, userid, NULL, NULL) < 0)
635: goto ex;
636: } while (ctb != CTB_USERID);
637:
638: if (lookup_by_keyID(sec_fp, keyID) < 0)
639: {
640: #if 0
641: if (!check_only)
642: {
643: fprintf(pgpout, PSTR (
644: "\nAn \"axiomatic\" key is one which does not need certifying by\n\
645: anyone else. Usually this special status is reserved only for your\n\
646: own keys, which should also appear on your secret keyring. The owner\n\
647: of an axiomatic key (who is typically yourself) is \"ultimately trusted\"\n\
648: by you to certify any or all other keys.\n"));
649: fprintf(pgpout, PSTR ("\nKey for user ID: \"%s\"\n\
650: is designated as an \"ultimately-trusted\" introducer, but the key\n\
651: does not appear in the secret keyring.\n\
652: Use this key as an ultimately-trusted introducer (y/N)? "), EXTERNAL(userid));
653: status = (getyesno('n') ? 0 : 1);
654: }
655: #else
656: status = 1;
657: #endif
658: }
659: else
660: {
661: long kpos = ftell(sec_fp);
662: if (readkeypacket(sec_fp, FALSE, &ctb, NULL, NULL, nsec, esec,
663: NULL, NULL, NULL, NULL, NULL, NULL) < 0)
664: {
665: fprintf(pgpout, PSTR("\n\007Cannot read from secret keyring.\n"));
666: goto ex;
667: }
668: if (mp_compare(n, nsec) || mp_compare(e, esec))
669: { /* Red Alert! */
670: fprintf(pgpout, PSTR("\n\007WARNING: Public key for user ID: \"%s\"\n\
671: does not match the corresponding key in the secret keyring.\n"), EXTERNAL(userid));
672: fprintf(pgpout, PSTR("This is a serious condition, indicating possible keyring tampering.\n"));
673: status = -2;
674: }
675: else
676: status = 0;
677:
678: if (floppy_fp)
679: {
680: if (lookup_by_keyID(floppy_fp, keyID) < 0)
681: {
682: fprintf(pgpout, PSTR("Public key for: \"%s\"\n\
683: is not present in the backup keyring '%s'.\n"),
684: EXTERNAL(userid), floppyring);
685: }
686: else
687: {
688: pktlen = ftell(sec_fp) - kpos;
689: fseek(sec_fp, kpos, SEEK_SET);
690: while (--pktlen >= 0 && getc(sec_fp) == getc(floppy_fp)) ;
691: if (pktlen != -1)
692: {
693: fprintf(pgpout, PSTR("\n\007WARNING: Secret key for: \"%s\"\n\
694: does not match the key in the backup keyring '%s'.\n"),
695: EXTERNAL(userid), floppyring);
696: fprintf(pgpout, PSTR("This is a serious condition, indicating possible keyring tampering.\n"));
697: status = -2;
698: }
699: }
700: }
701: }
702: ex:
703: fseek(f, savepos, SEEK_SET);
704: return(status);
705: }
706:
707:
708: void
709: setup_trust()
710: { /* initialize trust table */
711: if (marg_min == 0) /* marginally trusted signatures are ignored */
712: {
713: trust_tbl[5] = 0;
714: trust_tbl[6] = 1;
715: complete_min = compl_min;
716: }
717: else
718: {
719: if (marg_min < compl_min)
720: marg_min = compl_min;
721: trust_tbl[5] = compl_min;
722: trust_tbl[6] = marg_min;
723: complete_min = compl_min * marg_min;
724: }
725: trust_tbl[7] = complete_min; /* ultimate trust */
726: marginal_min = complete_min / 2;
727: }
728:
729:
730: /*
731: * set legit level of a userid
732: * returns 1 if the key/userid pair is fully legit.
733: */
734: int
735: set_legit(FILE *f, long trustpos, int trust_count)
736: {
737: long filepos;
738: byte keyctrl;
739:
740: filepos = ftell(f);
741: fseek(f, trustpos, SEEK_SET); /* user id trust byte */
742: if (read_trust(f, &keyctrl) < 0)
743: return(-1);
744:
745: if (trust_count < marginal_min)
746: keyctrl = KC_LEGIT_UNTRUSTED;
747: else if (trust_count < complete_min)
748: keyctrl = KC_LEGIT_MARGINAL;
749: else
750: keyctrl = KC_LEGIT_COMPLETE;
751:
752: fseek(f, trustpos, SEEK_SET);
753: write_trust(f, keyctrl);
754:
755: fseek(f, filepos, SEEK_SET);
756:
757: if ((keyctrl & KC_LEGIT_MASK) == KC_LEGIT_COMPLETE)
758: return(1);
759: else
760: return(0);
761: }
762:
763:
764: int ask_owntrust(char *userid, byte cur_trust)
765: /* Ask for a wetware decision from the human on how much to trust
766: this key's owner to certify other keys. Returns trust value. */
767: {
768: char buf[8];
769:
770: if (check_only)
771: { ++undefined_trust;
772: return(KC_OWNERTRUST_UNDEFINED);
773: }
774:
775: fprintf(pgpout,
776: PSTR("\nMake a determination in your own mind whether this key actually\n\
777: belongs to the person whom you think it belongs to, based on available\n\
778: evidence. If you think it does, then based on your estimate of\n\
779: that person's integrity and competence in key management, answer\n\
780: the following question:\n"));
781: fprintf(pgpout, PSTR("\nWould you trust \"%s\"\n\
782: to act as an introducer and certify other people's public keys to you?\n\
783: (1=I don't know. 2=No. 3=Usually. 4=Yes, always.) ? "), EXTERNAL(userid));
784: fflush(pgpout);
785: getstring(buf, sizeof(buf)-1, TRUE);
786: switch (buf[0])
787: { case '1': return KC_OWNERTRUST_UNKNOWN;
788: case '2': return KC_OWNERTRUST_NEVER;
789: case '3': return KC_OWNERTRUST_USUALLY;
790: case '4': return KC_OWNERTRUST_ALWAYS;
791: default: return(TRUST_LEV(cur_trust));
792: }
793: } /* ask_owntrust */
794:
795:
796: /*
797: * compare all key packets in keyring file f with file g
798: * XXX: untested
799: */
800: int
801: keyring_cmp(FILE *f, FILE *g)
802: {
803: int status, error = 0, badkeys = 0;
804: byte ctb;
805: byte keyID[KEYFRAGSIZE];
806: char userid[256];
807: long pktlen, keypos = 0;
808:
809: rewind(f);
810: while ((status = readkpacket(f, &ctb, userid, keyID, NULL)) == 0)
811: {
812: if (is_key_ctb(ctb))
813: {
814: pktlen = ftell(f) - keypos;
815: fseek(f, keypos, SEEK_SET);
816: if (lookup_by_keyID(g, keyID) < 0)
817: {
818: error = 1;
819: continue;
820: }
821: while (--pktlen >= 0 && getc(f) == getc(g)) ;
822: if (pktlen != -1)
823: {
824: error = 2;
825: ++badkeys;
826: }
827:
828: }
829: if (error && ctb == CTB_USERID)
830: {
831: switch (error) {
832: case 1: fprintf(pgpout, PSTR("\n\007Key for user ID \"%s\"\n\
833: is not present in backup keyring\n"), EXTERNAL(userid));
834: case 2: fprintf(pgpout, PSTR("\n\007Key for user ID \"%s\"\n\
835: does not match key in backup keyring\n"), EXTERNAL(userid));
836: }
837: error = 0;
838: }
839: keypos = ftell(f);
840: }
841: if (error)
842: status = -5;
843: return(status < 0 ? status : badkeys);
844: }
845:
846:
847: int
848: readkpacket(FILE *f, byte *ctb, char *userid, byte *keyID, byte *sigkeyID)
849: {
850: int status;
851: unit n[MAX_UNIT_PRECISION], e[MAX_UNIT_PRECISION];
852:
853: status = readkeypacket(f, FALSE, ctb, NULL, userid, n, e,
854: NULL, NULL, NULL, NULL, sigkeyID, NULL);
855:
856: if (status < 0)
857: {
858: #ifdef DEBUG
859: if (status < -1)
860: fprintf(stderr, "readkeypacket returned %d\n", status);
861: #endif
862: return(status);
863: }
864:
865: if (keyID && is_key_ctb(*ctb))
866: extract_keyID(keyID, n);
867:
868: if (userid && *ctb == CTB_USERID)
869: PascalToC(userid);
870:
871: return(0);
872: }
873:
874: long
875: lookup_by_keyID(FILE *f, byte *srch_keyID)
876: {
877: int status;
878: long keypos = 0;
879: byte keyID[KEYFRAGSIZE];
880: byte ctb;
881:
882: rewind(f);
883: while ((status = readkpacket(f, &ctb, NULL, keyID, NULL)) == 0)
884: {
885: if (is_key_ctb(ctb) && memcmp(keyID, srch_keyID, KEYFRAGSIZE) == 0)
886: {
887: fseek(f, keypos, SEEK_SET);
888: return(keypos);
889: }
890: keypos = ftell(f);
891: }
892: return(status);
893: }
894:
895:
896: void
897: show_userid(FILE *f, byte *keyID)
898: {
899: long filepos;
900: char userid[256];
901: byte ctb;
902:
903: filepos = ftell(f);
904: if (lookup_by_keyID(f, keyID) >= 0)
905: while (readkpacket(f, &ctb, userid, NULL, NULL) == 0)
906: if (ctb == CTB_USERID)
907: {
908: fprintf(pgpout, "%s\n", EXTERNAL(userid));
909: fseek(f, filepos, SEEK_SET);
910: return;
911: }
912:
913: fprintf(pgpout, "(KeyID: %s)\n",keyIDstring(keyID));
914: fseek(f, filepos, SEEK_SET);
915: }
916:
917: /*
918: * show the key in file f at file position keypos.
919: * 'what' controls the info that will be shown:
920: * SHOW_TRUST: show trust byte info
921: * SHOW_SIGS: show signatures
922: * these constants can be or'ed to get both
923: */
924: int
925: show_key(FILE *f, long keypos, int what)
926: {
927: int status;
928: long filepos;
929: char userid[256];
930: unit n[MAX_UNIT_PRECISION], e[MAX_UNIT_PRECISION];
931: byte sigkeyID[KEYFRAGSIZE];
932: word32 timestamp;
933: byte ctb, keyctrl;
934: int userids = 0;
935: boolean print_trust = FALSE;
936: int precision = global_precision;
937:
938: filepos = ftell(f);
939: fseek(f, keypos, SEEK_SET);
940: while ((status = readkeypacket(f, FALSE, &ctb, (byte *)×tamp, userid,
941: n, e, NULL, NULL, NULL, NULL, sigkeyID, &keyctrl)) == 0)
942: {
943: if (is_key_ctb(ctb))
944: { if (userids)
945: break;
946: }
947: else if (ctb == CTB_KEYCTRL) /* trust bytes only in public keyrings */
948: {
949: if (what & SHOW_TRUST)
950: print_trust = TRUE;
951: }
952: else if (ctb == CTB_USERID)
953: { if (userids == 0)
954: { PascalToC(userid); /* for display */
955: fprintf(pgpout,PSTR("\nKey for user ID: %s\n"),EXTERNAL(userid));
956: fprintf(pgpout,PSTR("%d-bit key, Key ID %s, created %s\n"),
957: countbits(n), key2IDstring(n), cdate(×tamp) );
958: if (print_trust)
959: {
960: switch (TRUST_LEV(keyctrl))
961: {
962: case KC_OWNERTRUST_UNDEFINED:
963: case KC_OWNERTRUST_UNKNOWN:
964: /* Just don't say anything in this case */
965: break;
966: case KC_OWNERTRUST_NEVER: /* untrusted */
967: fprintf(pgpout, PSTR("This user is untrusted to certify other keys.\n"));
968: break;
969: case KC_OWNERTRUST_USUALLY: /* marginal trust */
970: fprintf(pgpout, PSTR("This user is generally trusted to certify other keys.\n"));
971: break;
972: case KC_OWNERTRUST_ALWAYS: /* complete trust */
973: fprintf(pgpout, PSTR("This user is completely trusted to certify other keys.\n"));
974: break;
975: case KC_OWNERTRUST_ULTIMATE: /* axiomatic, ultimate trust */
976: fprintf(pgpout, PSTR("This axiomatic key is ultimately trusted to certify other keys.\n"));
977: break;
978: default:
979: break;
980: } /* switch */
981: }
982: ++userids;
983: }
984: else
985: { PascalToC(userid);
986: if (what != 0)
987: fprintf(pgpout, "\n");
988: fprintf(pgpout,PSTR("Also known as: %s\n"), EXTERNAL(userid));
989: }
990: if (print_trust)
991: {
992: read_trust(f, &keyctrl);
993: switch (keyctrl & KC_LEGIT_MASK)
994: {
995: case 0: /* undefined certification level */
996: case 1: /* uncertified */
997: fprintf(pgpout, PSTR("This key/userID association is not certified.\n"));
998: break;
999: case 2: /* marginal certification */
1000: fprintf(pgpout, PSTR("This key/userID association is marginally certified.\n"));
1001: break;
1002: case 3: /* complete certification */
1003: fprintf(pgpout, PSTR("This key/userID association is fully certified.\n"));
1004: break;
1005: default: /* can't get here, right? */
1006: break;
1007: } /* switch */
1008: } /* print_trust */
1009: }
1010: else if ((what & SHOW_SIGS) && is_ctb_type(ctb, CTB_SKE_TYPE))
1011: {
1012: if (print_trust)
1013: {
1014: read_trust(f, &keyctrl);
1015: switch (TRUST_LEV(keyctrl))
1016: {
1017: case KC_SIGTRUST_UNDEFINED: /* undefined trust level */
1018: case KC_SIGTRUST_UNKNOWN:
1019: /* Just don't say anything in this case */
1020: fprintf(pgpout, PSTR(" Questionable certification from:\n "));
1021: break;
1022: case KC_SIGTRUST_UNTRUSTED: /* untrusted */
1023: fprintf(pgpout, PSTR(" Untrusted certification from:\n "));
1024: break;
1025: case KC_SIGTRUST_MARGINAL: /* marginal trust */
1026: fprintf(pgpout, PSTR(" Generally trusted certification from:\n "));
1027: break;
1028: case KC_SIGTRUST_COMPLETE: /* complete trust */
1029: fprintf(pgpout, PSTR(" Completely trusted certification from:\n "));
1030: break;
1031: case KC_SIGTRUST_ULTIMATE: /* axiomatic, ultimate trust */
1032: fprintf(pgpout, PSTR(" Axiomatically trusted certification from:\n "));
1033: break;
1034: default: /* can't get here, right? */
1035: break;
1036: } /* switch */
1037: }
1038: else
1039: fprintf(pgpout, PSTR(" Certified by: "));
1040: show_userid(f, sigkeyID);
1041: }
1042: }
1043: if (status == -1 && userids)
1044: status = 0;
1045: set_precision(precision);
1046: fseek(f, filepos, SEEK_SET);
1047: return(status);
1048: }
1049:
1050:
1051: void
1052: write_trust_pos(FILE *f, byte keyctrl, long pos)
1053: {
1054: long fpos;
1055:
1056: fpos = ftell(f);
1057: fseek(f, pos, SEEK_SET);
1058: write_trust(f, keyctrl);
1059: fseek(f, fpos, SEEK_SET);
1060: }
1061:
1062: int
1063: read_trust(FILE *f, byte *keyctrl)
1064: {
1065: unsigned char buf[3];
1066:
1067: if (fread(buf, 1, 3, f) != 3)
1068: return -1;
1069: if (buf[0] != CTB_KEYCTRL)
1070: {
1071: if (is_ctb(buf[0]))
1072: return(ERR_NOTRUST);
1073: else
1074: return(-3); /* bad data */
1075: }
1076: if (buf[1] != 1) /* length must be 1 */
1077: return(-3);
1078: if (keyctrl)
1079: *keyctrl = buf[2];
1080: return(0);
1081: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.