[PATCH] gpg: Allow to set TOFU policy in the key editor.

Damien Goutte-Gattat dgouttegattat at incenp.org
Tue Jan 26 23:17:26 CET 2016


* g10/keydit.c (keyedit_menu): Add a tofu command.
(tofu_policy_prompt): New.

--
Currently, the only way to explicitly assign a TOFU policy is
through the --tofu-policy option on the command line.

This patch allows to set TOFU policy through the interactive
key editor.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 g10/keyedit.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/g10/keyedit.c b/g10/keyedit.c
index 30f52a4..35da1ef 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -448,6 +448,47 @@ sign_mk_attrib (PKT_signature * sig, void *opaque)
 }
 
 
+#ifdef USE_TOFU
+static enum tofu_policy
+tofu_policy_prompt (void)
+{
+  char *p;
+  enum tofu_policy policy = TOFU_POLICY_NONE;
+
+  tty_printf (_("Please assign a TOFU policy to this key\n"));
+  tty_printf ("\n");
+  tty_printf (_("  %d = Use the default policy\n"), 1);
+  tty_printf (_("  %d = This key belongs to the stated owner\n"), 2);
+  tty_printf (_("  %d = I do not know\n"), 3);
+  tty_printf (_("  %d = This key is a forgery\n"), 4);
+  tty_printf (_("  %d = Ask me next time\n"), 5);
+  tty_printf ("\n");
+
+  while (policy == TOFU_POLICY_NONE)
+    {
+      p = cpr_get ("tofu_policy_prompt.policy", _("Your selection? "));
+      trim_spaces (p);
+      cpr_kill_prompt ();
+      if (*p && !p[1])
+        {
+	  switch (*p)
+	    {
+	    case '1': policy = TOFU_POLICY_AUTO   ; break;
+	    case '2': policy = TOFU_POLICY_GOOD   ; break;
+	    case '3': policy = TOFU_POLICY_UNKNOWN; break;
+	    case '4': policy = TOFU_POLICY_BAD    ; break;
+	    case '5': policy = TOFU_POLICY_ASK    ; break;
+	    }
+	}
+
+      xfree (p);
+    }
+
+  return policy;
+}
+#endif /*!USE_TOFU*/
+
+
 static void
 trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp)
 {
@@ -1366,6 +1407,9 @@ enum cmdids
 #ifndef NO_TRUST_MODELS
   cmdENABLEKEY, cmdDISABLEKEY,
 #endif /*!NO_TRUST_MODELS*/
+#ifdef USE_TOFU
+  cmdTOFUPOLICY,
+#endif /*!USE_TOFU*/
   cmdSHOWPREF,
   cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
   cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD,
@@ -1447,6 +1491,9 @@ static struct
 #ifndef NO_TRUST_MODELS
   { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")},
 #endif /*!NO_TRUST_MODELS*/
+#ifdef USE_TOFU
+  { "tofu", cmdTOFUPOLICY, 0, N_("set TOFU policy")},
+#endif /*!USE_TOFU*/
   { "revsig", cmdREVSIG, KEYEDIT_NOT_SK,
     N_("revoke signatures on the selected user IDs")},
   { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
@@ -2167,6 +2214,27 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	  break;
 #endif /*!NO_TRUST_MODELS*/
 
+#ifdef USE_TOFU
+	case cmdTOFUPOLICY:
+	  if (opt.trust_model != TM_TOFU && opt.trust_model != TM_TOFU_PGP)
+	    {
+	      tty_printf (_("TOFU policy can only be set while "
+			    "using a TOFU-enabled trust model\n"));
+	      break;
+	    }
+
+	  {
+	    enum tofu_policy policy = tofu_policy_prompt ();
+	    err = tofu_set_policy (keyblock, policy);
+	    if (err)
+	      {
+		tty_printf (_("Error setting TOFU policy: %s\n"),
+			    gpg_strerror (err));
+	      }
+	  }
+	  break;
+#endif /*!USE_TOFU*/
+
 	case cmdPREF:
 	  {
 	    int count = count_selected_uids (keyblock);
-- 
1.8.4




More information about the Gnupg-devel mailing list