2 * cleankey.c - Routines to look for common key problems and clean them up.
4 * Copyright 2004,2012 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
22 #include "build-config.h"
24 #include "decodekey.h"
26 #include "keystructs.h"
34 * dedupuids - Merge duplicate uids on a key.
35 * @key: The key to de-dup uids on.
37 * This function attempts to merge duplicate IDs on a key. It returns 0
38 * if the key is unchanged, otherwise the number of dups merged.
40 int dedupuids(struct openpgp_publickey *key)
42 struct openpgp_signedpacket_list *curuid = NULL;
43 struct openpgp_signedpacket_list *dup = NULL;
44 struct openpgp_signedpacket_list *tmp = NULL;
47 log_assert(key != NULL);
49 while (curuid != NULL) {
50 dup = find_signed_packet(curuid->next, curuid->packet);
52 logthing(LOGTHING_INFO, "Found duplicate uid: %.*s",
53 curuid->packet->length,
54 curuid->packet->data);
56 merge_packet_sigs(curuid, dup);
58 * Remove the duplicate uid.
61 while (tmp != NULL && tmp->next != dup) {
64 log_assert(tmp != NULL);
65 tmp->next = dup->next;
67 free_signedpacket_list(dup);
69 dup = find_signed_packet(curuid->next, curuid->packet);
71 curuid = curuid->next;
78 * dedupsubkeys - Merge duplicate subkeys on a key.
79 * @key: The key to de-dup subkeys on.
81 * This function attempts to merge duplicate subkeys on a key. It returns
82 * 0 if the key is unchanged, otherwise the number of dups merged.
84 int dedupsubkeys(struct openpgp_publickey *key)
86 struct openpgp_signedpacket_list *cursubkey = NULL;
87 struct openpgp_signedpacket_list *dup = NULL;
88 struct openpgp_signedpacket_list *tmp = NULL;
92 log_assert(key != NULL);
93 cursubkey = key->subkeys;
94 while (cursubkey != NULL) {
95 dup = find_signed_packet(cursubkey->next, cursubkey->packet);
97 get_packetid(cursubkey->packet, &subkeyid);
98 logthing(LOGTHING_INFO,
99 "Found duplicate subkey: 0x%016" PRIX64,
102 merge_packet_sigs(cursubkey, dup);
104 * Remove the duplicate uid.
107 while (tmp != NULL && tmp->next != dup) {
110 log_assert(tmp != NULL);
111 tmp->next = dup->next;
113 free_signedpacket_list(dup);
115 dup = find_signed_packet(cursubkey->next,
118 cursubkey = cursubkey->next;
125 * check_sighashes - Check that sig hashes are correct.
126 * @key - the check to check the sig hashes of.
128 * Given an OpenPGP key confirm that all of the sigs on it have the
129 * appropriate 2 octet hash beginning, as stored as part of the sig.
130 * This is a simple way to remove junk sigs and, for example, catches
131 * subkey sig corruption as produced by old pksd implementations.
132 * Any sig that has an incorrect hash is removed from the key. If the
133 * hash cannot be checked (eg we don't support that hash type) we err
134 * on the side of caution and keep it.
136 int clean_sighashes(struct onak_dbctx *dbctx,
137 struct openpgp_publickey *key,
138 struct openpgp_packet *sigdata,
139 struct openpgp_packet_list **sigs,
141 bool *selfsig, bool *othersig)
143 struct openpgp_packet_list *tmpsig;
144 struct openpgp_publickey *sigkeys = NULL, *curkey;
150 uint64_t keyid, sigid;
153 get_keyid(key, &keyid);
154 if (selfsig != NULL) {
157 while (*sigs != NULL) {
159 ret = calculate_packet_sighash(key, sigdata, (*sigs)->packet,
160 &hashtype, hash, &sighash);
162 if (ret == ONAK_E_UNSUPPORTED_FEATURE) {
163 get_keyid(key, &keyid);
164 logthing(LOGTHING_ERROR,
165 "Unsupported signature hash type %d on 0x%016"
172 } else if (ret != ONAK_E_OK || (!fullverify &&
173 !(hash[0] == sighash[0] &&
174 hash[1] == sighash[1]))) {
179 if (fullverify && !remove) {
180 sig_info((*sigs)->packet, &sigid, NULL);
182 /* Start by assuming it's a bad sig */
185 if (sigid == keyid) {
186 ret = onak_check_hash_sig(key, (*sigs)->packet,
189 /* We have a valid self signature */
190 if (ret == ONAK_E_OK) {
192 if (selfsig != NULL) {
199 dbctx->fetch_key_id(dbctx, sigid,
204 * A 64 bit collision is probably a sign of something
205 * sneaky happening, but if the signature verifies we
208 for (curkey = sigkeys; curkey != NULL;
209 curkey = curkey->next) {
211 ret = onak_check_hash_sig(curkey,
215 /* Got a valid signature */
216 if (ret == ONAK_E_OK) {
218 if (othersig != NULL) {
225 free_publickey(sigkeys);
232 *sigs = (*sigs)->next;
234 free_packet_list(tmpsig);
237 sigs = &(*sigs)->next;
244 int clean_list_sighashes(struct onak_dbctx *dbctx,
245 struct openpgp_publickey *key,
246 struct openpgp_signedpacket_list **siglist,
247 bool fullverify, bool needother)
249 struct openpgp_signedpacket_list **orig, *tmp = NULL;
250 bool selfsig, othersig;
255 while (siglist != NULL && *siglist != NULL) {
258 removed += clean_sighashes(dbctx, key, (*siglist)->packet,
259 &(*siglist)->sigs, fullverify, &selfsig, &othersig);
261 if (fullverify && !selfsig) {
262 /* Remove the UID/subkey if there's no selfsig */
264 *siglist = (*siglist)->next;
266 free_signedpacket_list(tmp);
268 siglist = &(*siglist)->next;
273 * We need at least one UID to have a signature from another key,
274 * otherwise we remove all of them if needother is set.
276 if (needother && fullverify && !othersig) {
278 while (siglist != NULL && *siglist != NULL) {
280 *siglist = (*siglist)->next;
282 free_signedpacket_list(tmp);
289 int clean_key_signatures(struct onak_dbctx *dbctx,
290 struct openpgp_publickey *key, bool fullverify, bool needother)
294 removed = clean_sighashes(dbctx, key, NULL, &key->sigs, fullverify,
296 removed += clean_list_sighashes(dbctx, key, &key->uids, fullverify,
298 removed += clean_list_sighashes(dbctx, key, &key->subkeys, fullverify,
304 #define UAT_LIMIT 0xFFFF
305 #define UID_LIMIT 1024
306 #define PACKET_LIMIT 8383 /* Fits in 2 byte packet length */
307 int clean_large_packets(struct openpgp_publickey *key)
309 struct openpgp_signedpacket_list **curuid = NULL;
310 struct openpgp_signedpacket_list *tmp = NULL;
314 log_assert(key != NULL);
316 while (*curuid != NULL) {
318 switch ((*curuid)->packet->tag) {
319 case OPENPGP_PACKET_UID:
320 if ((*curuid)->packet->length > UID_LIMIT)
323 case OPENPGP_PACKET_UAT:
324 if ((*curuid)->packet->length > UAT_LIMIT)
328 if ((*curuid)->packet->length > PACKET_LIMIT)
334 logthing(LOGTHING_INFO,
335 "Dropping large (%d) packet, type %d",
336 (*curuid)->packet->length,
337 (*curuid)->packet->tag);
338 /* Remove the entire large signed packet list */
340 *curuid = (*curuid)->next;
342 free_signedpacket_list(tmp);
345 curuid = &(*curuid)->next;
353 * cleankeys - Apply all available cleaning options on a list of keys.
354 * @policies: The cleaning policies to apply.
356 * Applies the requested cleaning policies to a list of keys. These are
357 * specified from the ONAK_CLEAN_* set of flags, or ONAK_CLEAN_ALL to
358 * apply all available cleaning options. Returns 0 if no changes were
359 * made, otherwise the number of keys cleaned. Note that some options
360 * may result in keys being removed entirely from the list.
362 int cleankeys(struct onak_dbctx *dbctx, struct openpgp_publickey **keys,
365 struct openpgp_publickey **curkey, *tmp;
366 struct openpgp_fingerprint fp;
367 int changed = 0, count = 0;
374 while (*curkey != NULL) {
375 if (policies & ONAK_CLEAN_DROP_V3_KEYS) {
376 if ((*curkey)->publickey->data[0] < 4) {
377 /* Remove the key from the list if it's < v4 */
386 if (policies & ONAK_CLEAN_LARGE_PACKETS) {
387 count += clean_large_packets(*curkey);
389 count += dedupuids(*curkey);
390 count += dedupsubkeys(*curkey);
391 if (policies & (ONAK_CLEAN_CHECK_SIGHASH |
392 ONAK_CLEAN_VERIFY_SIGNATURES)) {
394 needother = policies & ONAK_CLEAN_NEED_OTHER_SIG;
397 * Check if we already have the key; if we do
398 * then we can skip the check to make sure we
399 * have signatures from other keys.
401 get_fingerprint((*curkey)->publickey, &fp);
403 needother = dbctx->fetch_key(dbctx, &fp,
408 count += clean_key_signatures(dbctx, *curkey,
409 policies & ONAK_CLEAN_VERIFY_SIGNATURES,
415 if ((*curkey)->uids == NULL) {
416 /* No valid UIDS so remove the key from the list */
422 curkey = &(*curkey)->next;
projects / onak.git / blob