Drop v3 keys by default when cleaning keys

v3 keys have long been considered insecure. While we want to retain
support for them there's no reason most keyservers should actually store
them these days. So drop them by default when running cleankeys()

diff --git a/cleankey.c b/cleankey.c
index fe24c3b6a31a7502de8554ce12bf692b3d18dbb5..c7a69be28e78d2f124acb6a880573ccdcc429e32 100644 (file)
--- a/cleankey.c
+++ b/cleankey.c
@@ -239,26 +239,37 @@ int clean_large_packets(struct openpgp_publickey *key)
  */
 int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
 {
-       struct openpgp_publickey *curkey;
+       struct openpgp_publickey **curkey, *tmp;
        int changed = 0, count = 0;
 
        if (keys == NULL)
                return 0;
 
-       curkey = *keys;
-       while (curkey != NULL) {
+       curkey = keys;
+       while (*curkey != NULL) {
+               if (policies & ONAK_CLEAN_DROP_V3_KEYS) {
+                       if ((*curkey)->publickey->data[0] < 4) {
+                               /* Remove the key from the list */
+                               tmp = *curkey;
+                               *curkey = tmp->next;
+                               tmp->next = NULL;
+                               free_publickey(tmp);
+                               changed++;
+                               continue;
+                       }
+               }
                if (policies & ONAK_CLEAN_LARGE_PACKETS) {
-                       count += clean_large_packets(curkey);
+                       count += clean_large_packets(*curkey);
                }
-               count += dedupuids(curkey);
-               count += dedupsubkeys(curkey);
+               count += dedupuids(*curkey);
+               count += dedupsubkeys(*curkey);
                if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
-                       count += clean_key_sighashes(curkey);
+                       count += clean_key_sighashes(*curkey);
                }
                if (count > 0) {
                        changed++;
                }
-               curkey = curkey->next;
+               curkey = &(*curkey)->next;
        }
 
        return changed;

diff --git a/cleankey.h b/cleankey.h
index 350e75df329bebc585ec1fc3468683f0804dffa0..834b6225766b57f4edebb6c7bf1cae7a8fe5e941 100644 (file)
--- a/cleankey.h
+++ b/cleankey.h
@@ -23,6 +23,7 @@
 
 #define ONAK_CLEAN_CHECK_SIGHASH       (1 << 0)
 #define ONAK_CLEAN_LARGE_PACKETS       (1 << 1)
+#define ONAK_CLEAN_DROP_V3_KEYS                (1 << 2)
 #define ONAK_CLEAN_ALL                 (uint64_t) -1
 
 /**

diff --git a/onak-conf.c b/onak-conf.c
index c30260fd6318cbb2d47d5792fe34a8adbf9f0943..8925dbcb6a970d94ae5ab7a12a6865ff182d1c71 100644 (file)
--- a/onak-conf.c
+++ b/onak-conf.c
@@ -58,7 +58,7 @@ struct onak_config config = {
        .dbinit = NULL,
 #endif
 
-       .clean_policies = ONAK_CLEAN_CHECK_SIGHASH,
+       .clean_policies = ONAK_CLEAN_DROP_V3_KEYS | ONAK_CLEAN_CHECK_SIGHASH,
 
        .bin_dir = NULL,
        .mail_dir = NULL,
@@ -284,6 +284,15 @@ static bool parseconfigline(char *line)
                        config.syncsites = lladd(config.syncsites,
                                strdup(value));
                /* [verification] section */
+               } else if (MATCH("verification", "drop_v3")) {
+                       if (parsebool(value, config.clean_policies &
+                                       ONAK_CLEAN_DROP_V3_KEYS)) {
+                               config.clean_policies |=
+                                       ONAK_CLEAN_DROP_V3_KEYS;
+                       } else {
+                               config.clean_policies &=
+                                       ~ONAK_CLEAN_DROP_V3_KEYS;
+                       }
                } else if (MATCH("verification", "check_sighash")) {
                        if (parsebool(value, config.clean_policies &
                                        ONAK_CLEAN_CHECK_SIGHASH)) {

diff --git a/onak.ini.in b/onak.ini.in
index 4dbf8305d516cf73fbf7a7447ac02efa96148c56..8989f0704a28832ed4685c8671b562bf1fd32c98 100644 (file)
--- a/onak.ini.in
+++ b/onak.ini.in
@@ -19,6 +19,9 @@ max_reply_keys=128
 ; Verify signature hashes - verify that the hash a signature claims to be
 ; over matches the hash of the data. Does not actually verify the signature.
 check_sighash=true
+; Drop v3 (and older) keys. These are long considered insecure, so unless there
+; is a good reason you should accept this default.
+drop_v3=true
 
 ; Settings related to the email interface to onak.
 [mail]