cleankey.c

   1 /*
   2  * cleankey.c - Routines to look for common key problems and clean them up.
   3  *
   4  * Copyright 2004,2012 Jonathan McDowell <noodles@earth.li>
   5  *
   6  * This program is free software: you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the Free
   8  * Software Foundation; version 2 of the License.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  13  * more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along with
  16  * this program.  If not, see <https://www.gnu.org/licenses/>.
  17  */
  18
  19 #include <stdbool.h>
  20 #include <stdio.h>
  21 #include <stdlib.h>
  22
  23 #include "cleankey.h"
  24 #include "keyid.h"
  25 #include "keystructs.h"
  26 #include "log.h"
  27 #include "mem.h"
  28 #include "merge.h"
  29 #include "openpgp.h"
  30 #include "sigcheck.h"
  31
  32 /**
  33  *      dedupuids - Merge duplicate uids on a key.
  34  *      @key: The key to de-dup uids on.
  35  *
  36  *      This function attempts to merge duplicate IDs on a key. It returns 0
  37  *      if the key is unchanged, otherwise the number of dups merged.
  38  */
  39 int dedupuids(struct openpgp_publickey *key)
  40 {
  41         struct openpgp_signedpacket_list *curuid = NULL;
  42         struct openpgp_signedpacket_list *dup = NULL;
  43         struct openpgp_signedpacket_list *tmp = NULL;
  44         int                               merged = 0;
  45
  46         log_assert(key != NULL);
  47         curuid = key->uids;
  48         while (curuid != NULL) {
  49                 dup = find_signed_packet(curuid->next, curuid->packet);
  50                 while (dup != NULL) {
  51                         logthing(LOGTHING_INFO, "Found duplicate uid: %.*s",
  52                                         curuid->packet->length,
  53                                         curuid->packet->data);
  54                         merged++;
  55                         merge_packet_sigs(curuid, dup);
  56                         /*
  57                          * Remove the duplicate uid.
  58                          */
  59                         tmp = curuid;
  60                         while (tmp != NULL && tmp->next != dup) {
  61                                 tmp = tmp->next;
  62                         }
  63                         log_assert(tmp != NULL);
  64                         tmp->next = dup->next;
  65                         dup->next = NULL;
  66                         free_signedpacket_list(dup);
  67
  68                         dup = find_signed_packet(curuid->next, curuid->packet);
  69                 }
  70                 curuid = curuid->next;
  71         }
  72
  73         return merged;
  74 }
  75
  76 /**
  77  *      dedupsubkeys - Merge duplicate subkeys on a key.
  78  *      @key: The key to de-dup subkeys on.
  79  *
  80  *      This function attempts to merge duplicate subkeys on a key. It returns
  81  *      0 if the key is unchanged, otherwise the number of dups merged.
  82  */
  83 int dedupsubkeys(struct openpgp_publickey *key)
  84 {
  85         struct openpgp_signedpacket_list *cursubkey = NULL;
  86         struct openpgp_signedpacket_list *dup = NULL;
  87         struct openpgp_signedpacket_list *tmp = NULL;
  88         int                               merged = 0;
  89         uint64_t                          subkeyid;
  90
  91         log_assert(key != NULL);
  92         cursubkey = key->subkeys;
  93         while (cursubkey != NULL) {
  94                 dup = find_signed_packet(cursubkey->next, cursubkey->packet);
  95                 while (dup != NULL) {
  96                         get_packetid(cursubkey->packet, &subkeyid);
  97                         logthing(LOGTHING_INFO,
  98                                 "Found duplicate subkey: 0x%016" PRIX64,
  99                                 subkeyid);
 100                         merged++;
 101                         merge_packet_sigs(cursubkey, dup);
 102                         /*
 103                          * Remove the duplicate uid.
 104                          */
 105                         tmp = cursubkey;
 106                         while (tmp != NULL && tmp->next != dup) {
 107                                 tmp = tmp->next;
 108                         }
 109                         log_assert(tmp != NULL);
 110                         tmp->next = dup->next;
 111                         dup->next = NULL;
 112                         free_signedpacket_list(dup);
 113
 114                         dup = find_signed_packet(cursubkey->next,
 115                                 cursubkey->packet);
 116                 }
 117                 cursubkey = cursubkey->next;
 118         }
 119
 120         return merged;
 121 }
 122
 123 /**
 124  *      check_sighashes - Check that sig hashes are correct.
 125  *      @key - the check to check the sig hashes of.
 126  *
 127  *      Given an OpenPGP key confirm that all of the sigs on it have the
 128  *      appropriate 2 octet hash beginning, as stored as part of the sig.
 129  *      This is a simple way to remove junk sigs and, for example, catches
 130  *      subkey sig corruption as produced by old pksd implementations.
 131  *      Any sig that has an incorrect hash is removed from the key. If the
 132  *      hash cannot be checked (eg we don't support that hash type) we err
 133  *      on the side of caution and keep it.
 134  */
 135 int clean_sighashes(struct openpgp_publickey *key,
 136                 struct openpgp_packet *sigdata,
 137                 struct openpgp_packet_list **sigs)
 138 {
 139         struct openpgp_packet_list *tmpsig;
 140         onak_status_t ret;
 141         uint8_t hashtype;
 142         uint8_t hash[64];
 143         uint8_t *sighash;
 144         int removed = 0;
 145         uint64_t keyid;
 146
 147         while (*sigs != NULL) {
 148                 ret = calculate_packet_sighash(key, sigdata, (*sigs)->packet,
 149                                 &hashtype, hash, &sighash);
 150
 151                 if (ret == ONAK_E_UNSUPPORTED_FEATURE) {
 152                         get_keyid(key, &keyid);
 153                         logthing(LOGTHING_ERROR,
 154                                 "Unsupported signature hash type %d on 0x%016"
 155                                 PRIX64,
 156                                 hashtype,
 157                                 keyid);
 158                         sigs = &(*sigs)->next;
 159                 } else if (ret != ONAK_E_OK ||
 160                                 !(hash[0] == sighash[0] &&
 161                                         hash[1] == sighash[1])) {
 162                         tmpsig = *sigs;
 163                         *sigs = (*sigs)->next;
 164                         tmpsig->next = NULL;
 165                         free_packet_list(tmpsig);
 166                         removed++;
 167                 } else {
 168                         sigs = &(*sigs)->next;
 169                 }
 170         }
 171
 172         return removed;
 173 }
 174
 175 int clean_list_sighashes(struct openpgp_publickey *key,
 176                         struct openpgp_signedpacket_list *siglist)
 177 {
 178         int removed = 0;
 179
 180         while (siglist != NULL) {
 181                 removed += clean_sighashes(key, siglist->packet,
 182                         &siglist->sigs);
 183                 siglist = siglist->next;
 184         }
 185
 186         return removed;
 187 }
 188
 189 int clean_key_sighashes(struct openpgp_publickey *key)
 190 {
 191         int removed;
 192
 193         removed = clean_sighashes(key, NULL, &key->sigs);
 194         removed += clean_list_sighashes(key, key->uids);
 195         removed += clean_list_sighashes(key, key->subkeys);
 196
 197         return removed;
 198 }
 199
 200 #define UAT_LIMIT       0xFFFF
 201 #define UID_LIMIT       1024
 202 #define PACKET_LIMIT    8383            /* Fits in 2 byte packet length */
 203 int clean_large_packets(struct openpgp_publickey *key)
 204 {
 205         struct openpgp_signedpacket_list **curuid = NULL;
 206         struct openpgp_signedpacket_list *tmp = NULL;
 207         bool                              drop;
 208         int                               dropped = 0;
 209
 210         log_assert(key != NULL);
 211         curuid = &key->uids;
 212         while (*curuid != NULL) {
 213                 drop = false;
 214                 switch ((*curuid)->packet->tag) {
 215                 case OPENPGP_PACKET_UID:
 216                         if ((*curuid)->packet->length > UID_LIMIT)
 217                                 drop = true;
 218                         break;
 219                 case OPENPGP_PACKET_UAT:
 220                         if ((*curuid)->packet->length > UAT_LIMIT)
 221                                 drop = true;
 222                         break;
 223                 default:
 224                         if ((*curuid)->packet->length > PACKET_LIMIT)
 225                                 drop = true;
 226                         break;
 227                 }
 228
 229                 if (drop) {
 230                         logthing(LOGTHING_INFO,
 231                                         "Dropping large (%d) packet, type %d",
 232                                         (*curuid)->packet->length,
 233                                         (*curuid)->packet->tag);
 234                         /* Remove the entire large signed packet list */
 235                         tmp = *curuid;
 236                         *curuid = (*curuid)->next;
 237                         tmp->next = NULL;
 238                         free_signedpacket_list(tmp);
 239                         dropped++;
 240                 } else {
 241                         curuid = &(*curuid)->next;
 242                 }
 243         }
 244
 245         return dropped;
 246 }
 247
 248 /**
 249  *      cleankeys - Apply all available cleaning options on a list of keys.
 250  *      @policies: The cleaning policies to apply.
 251  *
 252  *      Applies the requested cleaning policies to a list of keys. These are
 253  *      specified from the ONAK_CLEAN_* set of flags, or ONAK_CLEAN_ALL to
 254  *      apply all available cleaning options. Returns 0 if no changes were
 255  *      made, otherwise the number of keys cleaned. Note that some options
 256  *      may result in keys being removed entirely from the list.
 257  */
 258 int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
 259 {
 260         struct openpgp_publickey **curkey, *tmp;
 261         int changed = 0, count = 0;
 262
 263         if (keys == NULL)
 264                 return 0;
 265
 266         curkey = keys;
 267         while (*curkey != NULL) {
 268                 if (policies & ONAK_CLEAN_DROP_V3_KEYS) {
 269                         if ((*curkey)->publickey->data[0] < 4) {
 270                                 /* Remove the key from the list */
 271                                 tmp = *curkey;
 272                                 *curkey = tmp->next;
 273                                 tmp->next = NULL;
 274                                 free_publickey(tmp);
 275                                 changed++;
 276                                 continue;
 277                         }
 278                 }
 279                 if (policies & ONAK_CLEAN_LARGE_PACKETS) {
 280                         count += clean_large_packets(*curkey);
 281                 }
 282                 count += dedupuids(*curkey);
 283                 count += dedupsubkeys(*curkey);
 284                 if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
 285                         count += clean_key_sighashes(*curkey);
 286                 }
 287                 if (count > 0) {
 288                         changed++;
 289                 }
 290                 curkey = &(*curkey)->next;
 291         }
 292
 293         return changed;
 294 }