2 * cleankey.c - Routines to look for common key problems and clean them up.
4 * Copyright 2004,2012 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
25 #include "keystructs.h"
33 * dedupuids - Merge duplicate uids on a key.
34 * @key: The key to de-dup uids on.
36 * This function attempts to merge duplicate IDs on a key. It returns 0
37 * if the key is unchanged, otherwise the number of dups merged.
39 int dedupuids(struct openpgp_publickey *key)
41 struct openpgp_signedpacket_list *curuid = NULL;
42 struct openpgp_signedpacket_list *dup = NULL;
43 struct openpgp_signedpacket_list *tmp = NULL;
46 log_assert(key != NULL);
48 while (curuid != NULL) {
49 dup = find_signed_packet(curuid->next, curuid->packet);
51 logthing(LOGTHING_INFO, "Found duplicate uid: %.*s",
52 curuid->packet->length,
53 curuid->packet->data);
55 merge_packet_sigs(curuid, dup);
57 * Remove the duplicate uid.
60 while (tmp != NULL && tmp->next != dup) {
63 log_assert(tmp != NULL);
64 tmp->next = dup->next;
66 free_signedpacket_list(dup);
68 dup = find_signed_packet(curuid->next, curuid->packet);
70 curuid = curuid->next;
77 * dedupsubkeys - Merge duplicate subkeys on a key.
78 * @key: The key to de-dup subkeys on.
80 * This function attempts to merge duplicate subkeys on a key. It returns
81 * 0 if the key is unchanged, otherwise the number of dups merged.
83 int dedupsubkeys(struct openpgp_publickey *key)
85 struct openpgp_signedpacket_list *cursubkey = NULL;
86 struct openpgp_signedpacket_list *dup = NULL;
87 struct openpgp_signedpacket_list *tmp = NULL;
91 log_assert(key != NULL);
92 cursubkey = key->subkeys;
93 while (cursubkey != NULL) {
94 dup = find_signed_packet(cursubkey->next, cursubkey->packet);
96 get_packetid(cursubkey->packet, &subkeyid);
97 logthing(LOGTHING_INFO,
98 "Found duplicate subkey: 0x%016" PRIX64,
101 merge_packet_sigs(cursubkey, dup);
103 * Remove the duplicate uid.
106 while (tmp != NULL && tmp->next != dup) {
109 log_assert(tmp != NULL);
110 tmp->next = dup->next;
112 free_signedpacket_list(dup);
114 dup = find_signed_packet(cursubkey->next,
117 cursubkey = cursubkey->next;
124 * check_sighashes - Check that sig hashes are correct.
125 * @key - the check to check the sig hashes of.
127 * Given an OpenPGP key confirm that all of the sigs on it have the
128 * appropriate 2 octet hash beginning, as stored as part of the sig.
129 * This is a simple way to remove junk sigs and, for example, catches
130 * subkey sig corruption as produced by old pksd implementations.
131 * Any sig that has an incorrect hash is removed from the key. If the
132 * hash cannot be checked (eg we don't support that hash type) we err
133 * on the side of caution and keep it.
135 int clean_sighashes(struct openpgp_publickey *key,
136 struct openpgp_packet *sigdata,
137 struct openpgp_packet_list **sigs)
139 struct openpgp_packet_list *tmpsig;
147 while (*sigs != NULL) {
148 ret = calculate_packet_sighash(key, sigdata, (*sigs)->packet,
149 &hashtype, hash, &sighash);
151 if (ret == ONAK_E_UNSUPPORTED_FEATURE) {
152 get_keyid(key, &keyid);
153 logthing(LOGTHING_ERROR,
154 "Unsupported signature hash type %d on 0x%016"
158 sigs = &(*sigs)->next;
159 } else if (ret != ONAK_E_OK ||
160 !(hash[0] == sighash[0] &&
161 hash[1] == sighash[1])) {
163 *sigs = (*sigs)->next;
165 free_packet_list(tmpsig);
168 sigs = &(*sigs)->next;
175 int clean_list_sighashes(struct openpgp_publickey *key,
176 struct openpgp_signedpacket_list *siglist)
180 while (siglist != NULL) {
181 removed += clean_sighashes(key, siglist->packet,
183 siglist = siglist->next;
189 int clean_key_sighashes(struct openpgp_publickey *key)
193 removed = clean_sighashes(key, NULL, &key->sigs);
194 removed += clean_list_sighashes(key, key->uids);
195 removed += clean_list_sighashes(key, key->subkeys);
200 #define UAT_LIMIT 0xFFFF
201 #define UID_LIMIT 1024
202 #define PACKET_LIMIT 8383 /* Fits in 2 byte packet length */
203 int clean_large_packets(struct openpgp_publickey *key)
205 struct openpgp_signedpacket_list **curuid = NULL;
206 struct openpgp_signedpacket_list *tmp = NULL;
210 log_assert(key != NULL);
212 while (*curuid != NULL) {
214 switch ((*curuid)->packet->tag) {
215 case OPENPGP_PACKET_UID:
216 if ((*curuid)->packet->length > UID_LIMIT)
219 case OPENPGP_PACKET_UAT:
220 if ((*curuid)->packet->length > UAT_LIMIT)
224 if ((*curuid)->packet->length > PACKET_LIMIT)
230 logthing(LOGTHING_INFO,
231 "Dropping large (%d) packet, type %d",
232 (*curuid)->packet->length,
233 (*curuid)->packet->tag);
234 /* Remove the entire large signed packet list */
236 *curuid = (*curuid)->next;
238 free_signedpacket_list(tmp);
241 curuid = &(*curuid)->next;
249 * cleankeys - Apply all available cleaning options on a list of keys.
250 * @policies: The cleaning policies to apply.
252 * Applies the requested cleaning policies to a list of keys. These are
253 * specified from the ONAK_CLEAN_* set of flags, or ONAK_CLEAN_ALL to
254 * apply all available cleaning options. Returns 0 if no changes were
255 * made, otherwise the number of keys cleaned. Note that some options
256 * may result in keys being removed entirely from the list.
258 int cleankeys(struct onak_dbctx *dbctx, struct openpgp_publickey **keys,
261 struct openpgp_publickey **curkey, *tmp;
262 int changed = 0, count = 0;
268 while (*curkey != NULL) {
269 if (policies & ONAK_CLEAN_DROP_V3_KEYS) {
270 if ((*curkey)->publickey->data[0] < 4) {
271 /* Remove the key from the list */
280 if (policies & ONAK_CLEAN_LARGE_PACKETS) {
281 count += clean_large_packets(*curkey);
283 count += dedupuids(*curkey);
284 count += dedupsubkeys(*curkey);
285 if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
286 count += clean_key_sighashes(*curkey);
291 curkey = &(*curkey)->next;