summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Schulz <twoaday@gnutls.org>2002-05-20 18:21:28 +0000
committerTimo Schulz <twoaday@gnutls.org>2002-05-20 18:21:28 +0000
commitb49e8d157bd182d9c94931fb23bd35a04b542204 (patch)
treebaf2e4a35279ce4ccc6aae4bdd72cc0ca69e26ea
parent1cd0553a0424534b5f0bbaea6cabea27093b1c53 (diff)
downloadgnutls-b49e8d157bd182d9c94931fb23bd35a04b542204.tar.gz
Modifications for the new OpenCDK version and some minor fixes.
Diffstat
-rw-r--r--libextra/gnutls_openpgp.c1910
-rw-r--r--libextra/gnutls_openpgp.h113
2 files changed, 994 insertions, 1029 deletions
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index 2056ca09c8..93cd8ff277 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -43,150 +43,142 @@
#define OPENPGP_NAME_SIZE GNUTLS_X509_CN_SIZE
typedef struct {
- int type;
- int armored;
- size_t size;
- byte *data;
+ int type;
+ int armored;
+ size_t size;
+ byte *data;
} keybox_blob;
typedef enum {
- KBX_BLOB_FILE = 0x00,
- KBX_BLOB_DATA = 0x01
+ KBX_BLOB_FILE = 0x00,
+ KBX_BLOB_DATA = 0x01
} keyring_blob_types;
static void
-release_mpi_array(GNUTLS_MPI *arr, size_t n)
+release_mpi_array( GNUTLS_MPI *arr, size_t n )
{
- GNUTLS_MPI x;
+ GNUTLS_MPI x;
- while ( arr && n-- )
- {
- x = *arr;
- _gnutls_mpi_release(&x);
- *arr = NULL; arr++;
+ while ( arr && n-- ) {
+ x = *arr;
+ _gnutls_mpi_release( &x );
+ *arr = NULL; arr++;
}
}
static u32
buffer_to_u32( const byte *buffer )
{
- u32 u;
+ const byte *p = buffer;
- if (!buffer)
- return 0;
- u = (buffer[0] << 24) | (buffer[1] << 16) | (buffer[2] << 8) | buffer[3];
- return u;
+ if ( !p )
+ return 0;
+ return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
}
static int
file_exist(const char *file)
{
- FILE *fp;
+ FILE *fp;
- if (!file)
- return 0;
-
- fp = fopen(file, "r");
- if (fp)
- {
- fclose(fp);
- return 1;
+ if (!file)
+ return 0;
+
+ fp = fopen(file, "r");
+ if ( fp ) {
+ fclose(fp);
+ return 1;
}
-
- return 0;
-}
+
+ return 0;
+}
static int
kbx_blob_new( keybox_blob **r_ctx )
{
- keybox_blob *c;
+ keybox_blob *c;
- if ( !r_ctx )
- return GNUTLS_E_INVALID_PARAMETERS;
+ if ( !r_ctx )
+ return GNUTLS_E_INVALID_PARAMETERS;
- c = cdk_alloc_clear( sizeof * c);
- if ( !c )
- return GNUTLS_E_MEMORY_ERROR;
- *r_ctx = c;
-
- return 0;
+ c = cdk_alloc_clear( sizeof * c);
+ if ( !c )
+ return GNUTLS_E_MEMORY_ERROR;
+ *r_ctx = c;
+
+ return 0;
} /* kbx_blob_new */
static void
kbx_blob_release( keybox_blob *ctx )
{
- if (!ctx)
- return;
- cdk_free(ctx->data);
- cdk_free(ctx);
+ if ( ctx ) {
+ cdk_free( ctx->data );
+ cdk_free( ctx );
+ }
} /* kbx_blob_release */
static KEYDB_HD
kbx_to_keydb( keybox_blob *blob )
{
- KEYDB_HD khd = NULL;
-
- if (!blob)
- return NULL;
-
- khd = cdk_alloc_clear(sizeof *khd);
- if ( !khd )
- return NULL;
- khd->used = 1;
- if ( blob->type == KBX_BLOB_FILE ) /* file */
- {
- khd->name = cdk_strdup( blob->data );
- khd->type = blob->armored? KEYDB_TYPE_ARMORED: KEYDB_TYPE_KEYRING;
+ KEYDB_HD khd = NULL;
+
+ if ( !blob )
+ return NULL;
+
+ khd = cdk_alloc_clear( sizeof *khd );
+ if ( !khd )
+ return NULL;
+ khd->used = 1;
+ if ( blob->type == KBX_BLOB_FILE ) { /* file */
+ khd->name = cdk_strdup( blob->data );
+ khd->type = blob->armored? KEYDB_TYPE_ARMORED: KEYDB_TYPE_KEYRING;
}
- else if ( blob->type == KBX_BLOB_DATA ) /* data */
- {
- cdk_iobuf_new( &khd->buf, blob->size );
- cdk_iobuf_write( khd->buf, blob->data, blob->size );
- khd->type = KEYDB_TYPE_DATA;
+ else if ( blob->type == KBX_BLOB_DATA ) { /* data */
+ cdk_iobuf_new( &khd->buf, blob->size );
+ cdk_iobuf_write( khd->buf, blob->data, blob->size );
+ khd->type = KEYDB_TYPE_DATA;
}
- else /* error */
- {
- cdk_free( khd );
- khd = NULL;
+ else { /* error */
+ cdk_free( khd );
+ khd = NULL;
}
- return khd;
+ return khd;
} /* kbx_to_keydb */
/* Extract a keybox blob from the given position. */
static keybox_blob*
kbx_read_blob( const gnutls_datum* keyring, size_t pos )
{
- keybox_blob *blob = NULL;
+ keybox_blob *blob = NULL;
- if ( !keyring || !keyring->data )
- return NULL;
+ if ( !keyring || !keyring->data )
+ return NULL;
- if (pos > keyring->size)
- return NULL;
+ if ( pos > keyring->size )
+ return NULL;
- kbx_blob_new( &blob );
- blob->type = keyring->data[pos];
- if ( blob->type != KBX_BLOB_FILE &&
- blob->type != KBX_BLOB_DATA )
- {
- kbx_blob_release( blob );
- return NULL;
+ kbx_blob_new( &blob );
+ blob->type = keyring->data[pos];
+ if ( blob->type != KBX_BLOB_FILE &&
+ blob->type != KBX_BLOB_DATA ) {
+ kbx_blob_release( blob );
+ return NULL;
}
- blob->armored = keyring->data[pos+1];
- blob->size = buffer_to_u32( keyring->data+pos+2 );
- if (!blob->size)
- {
- kbx_blob_release( blob );
- return NULL;
+ blob->armored = keyring->data[pos+1];
+ blob->size = buffer_to_u32( keyring->data+pos+2 );
+ if ( !blob->size ) {
+ kbx_blob_release( blob );
+ return NULL;
}
- blob->data = cdk_alloc_clear(blob->size + 1);
- if ( !blob->data )
- return NULL;
- memcpy(blob->data, keyring->data+(pos+6), blob->size);
- blob->data[blob->size] = '\0';
+ blob->data = cdk_alloc_clear( blob->size + 1 );
+ if ( !blob->data )
+ return NULL;
+ memcpy( blob->data, keyring->data+(pos+6), blob->size );
+ blob->data[blob->size] = '\0';
- return blob;
+ return blob;
} /* kbx_read_blob */
/* Creates a keyring blob from raw data
@@ -201,207 +193,206 @@ static byte*
kbx_data_to_keyring( int type, int enc, const char *data,
size_t size, size_t *r_size )
{
- byte *p = NULL;
-
- if (!data)
- return NULL;
-
- p = gnutls_malloc( 1+4+size );
- if ( !p )
- return NULL;
- p[0] = type; /* type: {keyring,name} */
- p[1] = enc; /* encoded: {plain, armored} */
- p[2] = (size >> 24) & 0xff;
- p[3] = (size >> 16) & 0xff;
- p[4] = (size >> 8) & 0xff;
- p[5] = (size ) & 0xff;
- memcpy( p+6, data, size );
- if ( r_size )
- *r_size = 6+size;
-
- return p;
+ byte *p = NULL;
+
+ if ( !data )
+ return NULL;
+
+ p = gnutls_malloc( 1+4+size );
+ if ( !p )
+ return NULL;
+ p[0] = type; /* type: {keyring,name} */
+ p[1] = enc; /* encoded: {plain, armored} */
+ p[2] = (size >> 24) & 0xff;
+ p[3] = (size >> 16) & 0xff;
+ p[4] = (size >> 8) & 0xff;
+ p[5] = (size ) & 0xff;
+ memcpy( p+6, data, size );
+ if ( r_size )
+ *r_size = 6+size;
+
+ return p;
} /* kbx_data_to_keyring */
static int
-kbnode_to_datum( KBNODE kb_pk, gnutls_datum *raw )
+kbnode_to_datum( CDK_KBNODE kb_pk, gnutls_datum *raw )
{
- KBNODE p = NULL;
- byte *data = NULL;
- size_t n = 0;
- int rc = 0;
- PACKET pkt = {0};
- IOBUF a;
-
- if (!kb_pk || !raw)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- /* fixme: conver the whole key */
- for (p=kb_pk; p && p->pkt->pkttype; p=p->next)
- {
- if (p->pkt->pkttype == PKT_PUBLIC_KEY)
- {
- a = cdk_iobuf_temp();
- pkt.pkttype = PKT_PUBLIC_KEY;
- pkt.pkt.public_key = p->pkt->pkt.public_key;
- rc = cdk_pkt_build( a, &pkt );
- if (rc)
- return GNUTLS_E_UNKNOWN_ERROR;
- data = cdk_iobuf_getdata(a, &n);
- if (data && n)
- {
- rc = gnutls_set_datum(raw, data, n);
- if (rc < 0)
- return GNUTLS_E_MEMORY_ERROR;
+ CDK_KBNODE p = NULL;
+ CDK_BSTRING dat = NULL;
+ CDK_IOBUF a = NULL;
+ PACKET pkt = {0};
+ int rc = 0;
+
+ if ( !kb_pk || !raw )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ /* fixme: conver the whole key */
+ for (p=kb_pk; p && p->pkt->pkttype; p=p->next) {
+ if (p->pkt->pkttype == PKT_PUBLIC_KEY) {
+ a = cdk_iobuf_temp();
+ pkt.pkttype = PKT_PUBLIC_KEY;
+ pkt.pkt.public_key = p->pkt->pkt.public_key;
+ rc = cdk_pkt_build( a, &pkt );
+ if ( rc ) {
+ rc = GNUTLS_E_UNKNOWN_ERROR;
+ goto fail;
+ }
+ dat = cdk_iobuf_read_mem( a, 0 );
+ if ( dat ) {
+ rc = gnutls_set_datum( raw, dat->d, dat->len );
+ if ( rc < 0 ) {
+ gnutls_assert();
+ rc = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
}
- cdk_free(data);
- cdk_iobuf_close(a);
}
}
- return 0;
+fail:
+ cdk_free( dat );
+ cdk_iobuf_close( a );
+ return rc;
}
static int
-datum_to_kbnode( const gnutls_datum *raw, KBNODE *r_pkt )
+datum_to_kbnode( const gnutls_datum *raw, CDK_KBNODE *r_pkt )
{
- IOBUF buf;
- KBNODE pkt = NULL;
- int dummy = 0;
- int rc = 0;
-
- if (!raw || !r_pkt)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- cdk_iobuf_new( &buf, raw->size );
- cdk_iobuf_write( buf, raw->data, raw->size );
- rc = cdk_keydb_get_keyblock( buf, &pkt, &dummy );
- if ( rc && rc != CDKERR_EOF )
- {
- rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto leave;
+ CDK_IOBUF buf;
+ CDK_KBNODE pkt = NULL;
+ int dummy = 0;
+ int rc = 0;
+
+ if ( !raw || !r_pkt )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ cdk_iobuf_new( &buf, raw->size );
+ cdk_iobuf_write( buf, raw->data, raw->size );
+ rc = cdk_keydb_get_keyblock( buf, &pkt, &dummy );
+ if ( rc && rc != CDKERR_EOF ) {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto fail;
}
- else
- rc = 0;
+ else
+ rc = 0;
-leave:
- cdk_iobuf_close( buf );
- *r_pkt = (!rc)? pkt : NULL;
+fail:
+ cdk_iobuf_close( buf );
+ *r_pkt = (!rc)? pkt : NULL;
- return rc;
+ return rc;
}
static int
-iobuf_to_datum(IOBUF buf, gnutls_datum *raw)
+iobuf_to_datum( CDK_IOBUF buf, gnutls_datum *raw )
{
- byte *data = NULL;
- size_t nbytes = 0;
- int rc = 0;
-
- if (!buf || !raw)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- data = cdk_iobuf_getdata(buf, &nbytes);
- if (data && nbytes)
- {
- rc = gnutls_set_datum(raw, data, nbytes);
- if (rc < 0)
- return GNUTLS_E_MEMORY_ERROR;
- cdk_free(data);
+ CDK_BSTRING a = NULL;
+ int rc = 0;
+
+ if ( !buf || !raw )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ a = cdk_iobuf_read_mem( buf, 0 );
+ if ( a ) {
+ rc = gnutls_set_datum( raw, a->d, a->len );
+ if ( rc < 0 ) {
+ rc = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
}
- else
- rc = GNUTLS_E_UNKNOWN_ERROR;
-
- return rc;
+ else
+ rc = GNUTLS_E_UNKNOWN_ERROR;
+
+fail:
+ cdk_free( a );
+ return rc;
}
static int
openpgp_pk_to_gnutls_cert(gnutls_cert *cert, PKT_public_key *pk)
{
- int algo, i;
- int rc = 0;
- size_t nbytes = 0;
-
- if (!cert || !pk)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- if ( is_ELG(pk->pubkey_algo) ) /* GnuTLS OpenPGP doesn't support ELG keys */
- return GNUTLS_E_UNWANTED_ALGORITHM;
-
- algo = is_DSA(pk->pubkey_algo)? GNUTLS_PK_DSA : GNUTLS_PK_RSA;
- cert->subject_pk_algorithm = algo;
- cert->version = pk->version;
- cert->valid = 0; /* fixme: should set after the verification */
- cert->cert_type = GNUTLS_CRT_OPENPGP;
-
- if (is_DSA(pk->pubkey_algo) || pk->pubkey_algo == GCRY_PK_RSA_S)
- cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE;
- else if (pk->pubkey_algo == GCRY_PK_RSA_E)
- cert->keyUsage = GNUTLS_X509KEY_ENCIPHER_ONLY;
- else if (pk->pubkey_algo == GCRY_PK_RSA)
- cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE
- | GNUTLS_X509KEY_ENCIPHER_ONLY;
-
- cert->params_size = cdk_pk_get_npkey( pk->pubkey_algo );
- for (i=0; i<cert->params_size; i++)
- {
- nbytes = pk->mpi[i].bytes+2;
- rc = _gnutls_mpi_scan_pgp(&cert->params[i],
- pk->mpi[i].data, &nbytes);
- if (rc)
- {
- rc = GNUTLS_E_MPI_SCAN_FAILED;
- goto leave;
+ size_t nbytes = 0;
+ int algo, i;
+ int rc = 0;
+
+ if (!cert || !pk)
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ /* GnuTLS OpenPGP doesn't support ELG keys */
+ if ( is_ELG(pk->pubkey_algo) )
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+
+ algo = is_DSA(pk->pubkey_algo)? GNUTLS_PK_DSA : GNUTLS_PK_RSA;
+ cert->subject_pk_algorithm = algo;
+ cert->version = pk->version;
+ cert->valid = 0; /* fixme: should set after the verification */
+ cert->cert_type = GNUTLS_CRT_OPENPGP;
+
+ if (is_DSA(pk->pubkey_algo) || pk->pubkey_algo == GCRY_PK_RSA_S)
+ cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE;
+ else if (pk->pubkey_algo == GCRY_PK_RSA_E)
+ cert->keyUsage = GNUTLS_X509KEY_ENCIPHER_ONLY;
+ else if (pk->pubkey_algo == GCRY_PK_RSA)
+ cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE
+ | GNUTLS_X509KEY_ENCIPHER_ONLY;
+
+ cert->params_size = cdk_pk_get_npkey( pk->pubkey_algo );
+ for (i=0; i<cert->params_size; i++) {
+ nbytes = pk->mpi[i].bytes+2;
+ rc = _gnutls_mpi_scan_pgp( &cert->params[i],
+ pk->mpi[i].data, &nbytes );
+ if ( rc ) {
+ rc = GNUTLS_E_MPI_SCAN_FAILED;
+ goto fail;
}
}
- cert->expiration_time = pk->expiredate;
- cert->activation_time = pk->timestamp;
+ cert->expiration_time = pk->expiredate;
+ cert->activation_time = pk->timestamp;
-leave:
- if (rc)
- release_mpi_array(cert->params, i-1);
+fail:
+ if ( rc )
+ release_mpi_array(cert->params, i-1);
- return rc;
+ return rc;
}
static int
openpgp_sig_to_gnutls_cert(gnutls_cert *cert, PKT_signature *sig)
{
- IOBUF buf = NULL;
- int rc = 0;
- size_t nbytes = 0;
- size_t sigsize = 0;
- byte *data = NULL;
- PACKET pkt;
-
- if (!cert || !sig)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- sigsize = 20 + sig->hashed_size + sig->unhashed_size + 2*MAX_MPI_BYTES;
- cdk_iobuf_new(&buf, sigsize);
- memset( &pkt, 0, sizeof pkt );
- pkt.pkttype = PKT_SIGNATURE;
- pkt.pkt.signature = sig;
- rc = cdk_pkt_build( buf, &pkt );
- if (rc)
- goto leave;
- data = cdk_iobuf_getdata(buf, &nbytes);
- if (data && nbytes)
- {
- rc = gnutls_datum_append( &cert->signature, data, nbytes);
- if (rc < 0)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ CDK_IOBUF buf = NULL;
+ CDK_BSTRING a = NULL;
+ PACKET pkt;
+ size_t sigsize = 0;
+ int rc = 0;
+
+ if (!cert || !sig)
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ sigsize = 20 + sig->hashed_size + sig->unhashed_size + 2*MAX_MPI_BYTES;
+ cdk_iobuf_new( &buf, sigsize );
+ memset( &pkt, 0, sizeof pkt );
+ pkt.pkttype = PKT_SIGNATURE;
+ pkt.pkt.signature = sig;
+ rc = cdk_pkt_build( buf, &pkt );
+ if ( rc )
+ goto fail;
+ a = cdk_iobuf_read_mem( buf, 0 );
+ if ( a ) {
+ rc = gnutls_datum_append( &cert->signature, a->d, a->len );
+ if (rc < 0) {
+ gnutls_assert();
+ rc = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
}
- cdk_free(data);
}
- else
- rc = GNUTLS_E_UNKNOWN_ERROR;
+ else
+ rc = GNUTLS_E_UNKNOWN_ERROR;
-leave:
- cdk_iobuf_close(buf);
+fail:
+ cdk_free( a );
+ cdk_iobuf_close( buf );
- return rc;
+ return rc;
}
/*-
@@ -416,78 +407,71 @@ int
_gnutls_openpgp_key2gnutls_key( gnutls_private_key *pkey,
gnutls_datum raw_key )
{
- KBNODE p = NULL, kb_sk;
- PKT_secret_key *sk = NULL;
- IOBUF buf;
- int pke_algo, i, j, eof = 0;
- size_t nbytes = 0;
- int rc = 0;
-
- if (!pkey || raw_key.size <= 0)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- cdk_secmem_init( 16384 );
- cdk_iobuf_new(&buf, raw_key.size);
- cdk_iobuf_write(buf, raw_key.data, raw_key.size);
-
- rc = cdk_keydb_get_keyblock( buf, &kb_sk, &eof );
- if ( !kb_sk || rc )
- {
- rc = GNUTLS_E_UNKNOWN_ERROR;
- goto leave;
+ CDK_KBNODE p = NULL, kb_sk;
+ CDK_IOBUF buf;
+ PKT_secret_key *sk = NULL;
+ int pke_algo, i, j, eof = 0;
+ size_t nbytes = 0;
+ int rc = 0;
+
+ if ( !pkey || raw_key.size <= 0 )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ cdk_secmem_init( 16384 );
+ cdk_iobuf_new( &buf, raw_key.size );
+ cdk_iobuf_write( buf, raw_key.data, raw_key.size );
+
+ rc = cdk_keydb_get_keyblock( buf, &kb_sk, &eof );
+ if ( !kb_sk || rc ) {
+ rc = GNUTLS_E_UNKNOWN_ERROR;
+ goto leave;
}
- p = cdk_kbnode_find( kb_sk, PKT_SECRET_KEY );
- if ( !p )
- {
- rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto leave;
+ p = cdk_kbnode_find( kb_sk, PKT_SECRET_KEY );
+ if ( !p ) {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto leave;
}
- sk = p->pkt->pkt.secret_key;
- pke_algo = sk->pk->pubkey_algo;
- pkey->params_size = cdk_pk_get_npkey( pke_algo );
- for (i=0; i<pkey->params_size; i++)
- {
- nbytes = sk->pk->mpi[i].bytes+2;
- rc = _gnutls_mpi_scan_pgp(&pkey->params[i],
- sk->pk->mpi[i].data, &nbytes);
- if (rc)
- {
- rc = GNUTLS_E_MPI_SCAN_FAILED;
- release_mpi_array(pkey->params, i-1);
- goto leave;
+ sk = p->pkt->pkt.secret_key;
+ pke_algo = sk->pk->pubkey_algo;
+ pkey->params_size = cdk_pk_get_npkey( pke_algo );
+ for ( i = 0; i < pkey->params_size; i++ ) {
+ nbytes = sk->pk->mpi[i].bytes+2;
+ rc = _gnutls_mpi_scan_pgp( &pkey->params[i],
+ sk->pk->mpi[i].data, &nbytes );
+ if ( rc ) {
+ rc = GNUTLS_E_MPI_SCAN_FAILED;
+ release_mpi_array( pkey->params, i-1 );
+ goto leave;
}
}
- pkey->params_size += cdk_pk_get_nskey( pke_algo );
- for (j=0; j<cdk_pk_get_nskey( pke_algo ); j++, i++)
- {
- nbytes = sk->mpi[j]->bytes+2;
- rc = _gnutls_mpi_scan_pgp(&pkey->params[i],
- sk->mpi[j]->data, &nbytes);
- if (rc)
- {
- rc = GNUTLS_E_MPI_SCAN_FAILED;
- release_mpi_array(pkey->params, i-1);
- goto leave;
+ pkey->params_size += cdk_pk_get_nskey( pke_algo );
+ for (j=0; j<cdk_pk_get_nskey( pke_algo ); j++, i++) {
+ nbytes = sk->mpi[j]->bytes+2;
+ rc = _gnutls_mpi_scan_pgp(&pkey->params[i],
+ sk->mpi[j]->data, &nbytes);
+ if ( rc ) {
+ rc = GNUTLS_E_MPI_SCAN_FAILED;
+ release_mpi_array(pkey->params, i-1);
+ goto leave;
}
}
- if ( is_ELG(pke_algo) )
- return GNUTLS_E_UNWANTED_ALGORITHM;
- else if ( is_DSA(pke_algo) )
- pkey->pk_algorithm = GNUTLS_PK_DSA;
- else if ( is_RSA(pke_algo) )
- pkey->pk_algorithm = GNUTLS_PK_RSA;
- rc = gnutls_set_datum(&pkey->raw, raw_key.data, raw_key.size);
- if (rc < 0)
- {
- release_mpi_array(pkey->params, i);
- rc = GNUTLS_E_MEMORY_ERROR;
+ if ( is_ELG(pke_algo) )
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+ else if ( is_DSA(pke_algo) )
+ pkey->pk_algorithm = GNUTLS_PK_DSA;
+ else if ( is_RSA(pke_algo) )
+ pkey->pk_algorithm = GNUTLS_PK_RSA;
+ rc = gnutls_set_datum( &pkey->raw, raw_key.data, raw_key.size );
+ if ( rc < 0 ) {
+ release_mpi_array(pkey->params, i);
+ rc = GNUTLS_E_MEMORY_ERROR;
}
leave:
- cdk_iobuf_close(buf);
- cdk_kbnode_release( kb_sk );
+ cdk_iobuf_close( buf );
+ cdk_kbnode_release( kb_sk );
- return rc;
+ return rc;
}
/*-
@@ -501,36 +485,34 @@ leave:
int
_gnutls_openpgp_cert2gnutls_cert(gnutls_cert *cert, gnutls_datum raw)
{
- KBNODE p, kb_pk = NULL;
- PKT_public_key *pk = NULL;
- int rc = 0;
-
- if (!cert)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- memset(cert, 0, sizeof *cert);
- rc = datum_to_kbnode( &raw, &kb_pk );
- if ( rc )
- return rc;
- p = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( !p )
- {
- rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto leave;
+ CDK_KBNODE p, kb_pk = NULL;
+ PKT_public_key *pk = NULL;
+ int rc = 0;
+
+ if ( !cert )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ memset( cert, 0, sizeof *cert );
+ rc = datum_to_kbnode( &raw, &kb_pk );
+ if ( rc )
+ return rc;
+ p = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( !p ) {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto fail;
}
- pk = p->pkt->pkt.public_key;
- rc = gnutls_set_datum( &cert->raw, raw.data, raw.size );
- if (rc < 0)
- {
- rc = GNUTLS_E_MEMORY_ERROR;
- goto leave;
+ pk = p->pkt->pkt.public_key;
+ rc = gnutls_set_datum( &cert->raw, raw.data, raw.size );
+ if ( rc < 0 ) {
+ rc = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
}
- rc = openpgp_pk_to_gnutls_cert( cert, pk );
+ rc = openpgp_pk_to_gnutls_cert( cert, pk );
-leave:
- cdk_kbnode_release( kb_pk );
+fail:
+ cdk_kbnode_release( kb_pk );
- return rc;
+ return rc;
}
/**
@@ -547,141 +529,132 @@ int
gnutls_openpgp_get_key(gnutls_datum *key, const gnutls_datum *keyring,
key_attr_t by, opaque *pattern)
{
- int rc = 0;
- keybox_blob *blob = NULL;
- KEYDB_HD khd = NULL;
- KBNODE pk = NULL;
- KEYDB_SEARCH ks;
+ keybox_blob *blob = NULL;
+ KEYDB_HD khd = NULL;
+ CDK_KBNODE pk = NULL;
+ KEYDB_SEARCH ks;
+ int rc = 0;
- if (!key || !keyring || by == KEY_ATTR_NONE)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- blob = kbx_read_blob( keyring, 0 );
- if (!blob)
- return GNUTLS_E_MEMORY_ERROR;
- khd = kbx_to_keydb( blob );
- ks.type = by;
- switch (by)
- {
+ if ( !key || !keyring || by == KEY_ATTR_NONE )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ blob = kbx_read_blob( keyring, 0 );
+ if (!blob)
+ return GNUTLS_E_MEMORY_ERROR;
+ khd = kbx_to_keydb( blob );
+ ks.type = by;
+ switch (by) {
case KEY_ATTR_SHORT_KEYID:
- ks.u.keyid[1] = buffer_to_u32(pattern);
- break;
+ ks.u.keyid[1] = buffer_to_u32(pattern);
+ break;
case KEY_ATTR_KEYID:
- ks.u.keyid[0] = buffer_to_u32(pattern);
- ks.u.keyid[1] = buffer_to_u32(pattern+4);
- break;
+ ks.u.keyid[0] = buffer_to_u32(pattern);
+ ks.u.keyid[1] = buffer_to_u32(pattern+4);
+ break;
case KEY_ATTR_FPR:
- memcpy(ks.u.fpr, pattern, 20);
- break;
+ memcpy(ks.u.fpr, pattern, 20);
+ break;
default:
- goto leave;
+ goto leave;
}
- rc = cdk_keydb_search( khd, &ks, &pk );
- if (rc)
- {
- rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto leave;
+ rc = cdk_keydb_search( khd, &ks, &pk );
+ if ( rc ) {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto leave;
}
- if ( !cdk_kbnode_find( pk, PKT_PUBLIC_KEY ) )
- {
- rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto leave;
+ if ( !cdk_kbnode_find( pk, PKT_PUBLIC_KEY ) ) {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto leave;
}
- rc = kbnode_to_datum( pk, key );
+ rc = kbnode_to_datum( pk, key );
leave:
- cdk_free( khd );
- cdk_kbnode_release( pk );
- kbx_blob_release( blob );
+ cdk_free( khd );
+ cdk_kbnode_release( pk );
+ kbx_blob_release( blob );
- return rc;
+ return rc;
}
int
-gnutls_certificate_set_openpgp_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res,
- gnutls_datum *cert,
- gnutls_datum *key)
+gnutls_certificate_set_openpgp_key_mem( GNUTLS_CERTIFICATE_CREDENTIALS res,
+ gnutls_datum *cert,
+ gnutls_datum *key )
{
- gnutls_datum raw;
- KBNODE kb_pk = NULL, pkt;
- int rc = 0;
- int i;
-
- if (!res || !key || !cert)
- return GNUTLS_E_INVALID_PARAMETERS;
+ gnutls_datum raw;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ int i = 0;
+ int rc = 0;
+
+ if ( !res || !key || !cert )
+ return GNUTLS_E_INVALID_PARAMETERS;
- rc = datum_to_kbnode( cert, &kb_pk );
- if (rc)
- goto leave;
+ rc = datum_to_kbnode( cert, &kb_pk );
+ if ( rc )
+ goto leave;
- /* fixme: too much duplicated code from (set_openpgp_key_file) */
- res->cert_list = gnutls_realloc(res->cert_list,
- (1+res->ncerts)*sizeof(gnutls_cert*));
- if (res->cert_list == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ /* fixme: too much duplicated code from (set_openpgp_key_file) */
+ res->cert_list = gnutls_realloc(res->cert_list,
+ (1+res->ncerts)*sizeof(gnutls_cert*));
+ if (res->cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- res->cert_list_length = gnutls_realloc(res->cert_list_length,
- (1+res->ncerts)*sizeof(int));
- if (res->cert_list_length == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ res->cert_list_length = gnutls_realloc(res->cert_list_length,
+ (1+res->ncerts)*sizeof(int));
+ if (res->cert_list_length == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- res->cert_list[res->ncerts] = gnutls_calloc(1, sizeof(gnutls_cert));
- if (res->cert_list[res->ncerts] == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ res->cert_list[res->ncerts] = gnutls_calloc(1, sizeof(gnutls_cert));
+ if (res->cert_list[res->ncerts] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- for (i=1, pkt=kb_pk; pkt && pkt->pkt->pkttype; pkt=pkt->next)
- {
- if (i > MAX_PARAMS_SIZE)
- break;
- if (pkt->pkt->pkttype == PKT_PUBLIC_KEY)
- {
- int n = res->ncerts;
- PKT_public_key *pk = pkt->pkt->pkt.public_key;
- res->cert_list_length[n] = 1;
- gnutls_set_datum(&res->cert_list[n][0].raw, cert->data, cert->size);
- openpgp_pk_to_gnutls_cert( &res->cert_list[n][0], pk );
- i++;
+ for (i=1, pkt=kb_pk; pkt && pkt->pkt->pkttype; pkt=pkt->next) {
+ if (i > MAX_PARAMS_SIZE)
+ break;
+ if (pkt->pkt->pkttype == PKT_PUBLIC_KEY) {
+ int n = res->ncerts;
+ PKT_public_key *pk = pkt->pkt->pkt.public_key;
+ res->cert_list_length[n] = 1;
+ gnutls_set_datum(&res->cert_list[n][0].raw,
+ cert->data, cert->size);
+ openpgp_pk_to_gnutls_cert( &res->cert_list[n][0], pk );
+ i++;
}
- else if (pkt->pkt->pkttype == PKT_SIGNATURE)
- {
- int n = res->ncerts;
- PKT_signature *sig = pkt->pkt->pkt.signature;
- openpgp_sig_to_gnutls_cert( &res->cert_list[n][0], sig );
+ else if (pkt->pkt->pkttype == PKT_SIGNATURE) {
+ int n = res->ncerts;
+ PKT_signature *sig = pkt->pkt->pkt.signature;
+ openpgp_sig_to_gnutls_cert( &res->cert_list[n][0], sig );
}
}
- res->ncerts++;
- res->pkey = gnutls_realloc(res->pkey,
- (res->ncerts)*sizeof(gnutls_private_key));
- if (res->pkey == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ res->ncerts++;
+ res->pkey = gnutls_realloc(res->pkey,
+ (res->ncerts)*sizeof(gnutls_private_key));
+ if (res->pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- /* ncerts has been incremented before */
- gnutls_set_datum(&raw, key->data, key->size);
- rc =_gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], raw);
- gnutls_free_datum(&raw);
+ /* ncerts has been incremented before */
+ gnutls_set_datum(&raw, key->data, key->size);
+ rc =_gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], raw);
+ gnutls_free_datum(&raw);
leave:
- cdk_kbnode_release( kb_pk );
+ cdk_kbnode_release( kb_pk );
- return rc;
+ return rc;
}
/**
@@ -699,147 +672,135 @@ gnutls_certificate_set_openpgp_key_file(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* CERTFILE,
char* KEYFILE)
{
- IOBUF inp = NULL;
- KBNODE kb_pk = NULL, pkt;
- armor_filter_s afx;
- gnutls_datum raw;
- int eof = 0, i = 0;
- int rc = 0;
-
- if (!res || !KEYFILE || !CERTFILE)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- if ( !file_exist(CERTFILE) || !file_exist(KEYFILE) )
- return GNUTLS_E_FILE_ERROR;
-
- rc = cdk_iobuf_open(&inp, CERTFILE, IOBUF_MODE_RD);
- if ( rc )
- return GNUTLS_E_FILE_ERROR;
- if ( cdk_armor_filter_use( inp ) )
- {
- memset( &afx, 0, sizeof afx );
- rc = cdk_iobuf_push_filter( inp, &afx, cdk_armor_filter );
- if ( rc )
- {
- cdk_iobuf_close( inp );
- rc = GNUTLS_E_ASCII_ARMOR_ERROR;
- goto leave;
+ CDK_IOBUF inp = NULL;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ armor_filter_s afx;
+ gnutls_datum raw;
+ int eof = 0, i = 0;
+ int rc = 0;
+
+ if ( !res || !KEYFILE || !CERTFILE )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ if ( !file_exist(CERTFILE) || !file_exist(KEYFILE) )
+ return GNUTLS_E_FILE_ERROR;
+
+ rc = cdk_iobuf_open(&inp, CERTFILE, IOBUF_MODE_RD);
+ if ( rc )
+ return GNUTLS_E_FILE_ERROR;
+ if ( cdk_armor_filter_use( inp ) ) {
+ memset( &afx, 0, sizeof afx );
+ rc = cdk_armor_filter( &afx, IOBUF_CTRL_UNDERFLOW, inp );
+ if ( rc ) {
+ cdk_iobuf_close( inp );
+ rc = GNUTLS_E_ASCII_ARMOR_ERROR;
+ goto leave;
}
- /*cdk_iobuf_close( inp );*/
+ /*cdk_iobuf_close( inp );*/
}
- res->cert_list = gnutls_realloc(res->cert_list,
- (1+res->ncerts)*sizeof(gnutls_cert*));
- if (res->cert_list == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ res->cert_list = gnutls_realloc(res->cert_list,
+ (1+res->ncerts)*sizeof(gnutls_cert*));
+ if (res->cert_list == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- res->cert_list_length = gnutls_realloc(res->cert_list_length,
- (1+res->ncerts)*sizeof(int));
- if (res->cert_list_length == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ res->cert_list_length = gnutls_realloc(res->cert_list_length,
+ (1+res->ncerts)*sizeof(int));
+ if (res->cert_list_length == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- res->cert_list[res->ncerts] = gnutls_calloc(1, sizeof(gnutls_cert));
- if (res->cert_list[res->ncerts] == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ res->cert_list[res->ncerts] = gnutls_calloc(1, sizeof(gnutls_cert));
+ if (res->cert_list[res->ncerts] == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- do {
- rc = cdk_keydb_get_keyblock( inp, &kb_pk, &eof );
- if ( !kb_pk || rc )
- break;
- for (i=1, pkt=kb_pk; pkt && pkt->pkt->pkttype; pkt=pkt->next)
- {
- if (i > MAX_PARAMS_SIZE)
- break;
- if (pkt->pkt->pkttype == PKT_PUBLIC_KEY)
- {
- int n = res->ncerts;
- PKT_public_key *pk = pkt->pkt->pkt.public_key;
- res->cert_list_length[n] = 1;
- iobuf_to_datum(inp, &res->cert_list[n][0].raw);
- openpgp_pk_to_gnutls_cert( &res->cert_list[n][0], pk );
- i++;
- }
- else if (pkt->pkt->pkttype == PKT_SIGNATURE)
- {
- int n = res->ncerts;
- PKT_signature *sig = pkt->pkt->pkt.signature;
- openpgp_sig_to_gnutls_cert( &res->cert_list[n][0], sig );
- }
- }
- } while (!eof && !rc);
+ do {
+ rc = cdk_keydb_get_keyblock( inp, &kb_pk, &eof );
+ if ( !kb_pk || rc )
+ break;
+ for (i=1, pkt=kb_pk; pkt && pkt->pkt->pkttype; pkt=pkt->next) {
+ if (i > MAX_PARAMS_SIZE)
+ break;
+ if (pkt->pkt->pkttype == PKT_PUBLIC_KEY) {
+ int n = res->ncerts;
+ PKT_public_key *pk = pkt->pkt->pkt.public_key;
+ res->cert_list_length[n] = 1;
+ iobuf_to_datum(inp, &res->cert_list[n][0].raw);
+ openpgp_pk_to_gnutls_cert( &res->cert_list[n][0], pk );
+ i++;
+ }
+ else if (pkt->pkt->pkttype == PKT_SIGNATURE) {
+ int n = res->ncerts;
+ PKT_signature *sig = pkt->pkt->pkt.signature;
+ openpgp_sig_to_gnutls_cert( &res->cert_list[n][0], sig );
+ }
+ }
+ } while (!eof && !rc);
- cdk_iobuf_close(inp);
- if ( rc )
- {
- cdk_kbnode_release( kb_pk );
- rc = GNUTLS_E_UNKNOWN_ERROR;
- goto leave;
+ cdk_iobuf_close(inp);
+ if ( rc ) {
+ cdk_kbnode_release( kb_pk );
+ rc = GNUTLS_E_UNKNOWN_ERROR;
+ goto leave;
}
- cdk_kbnode_release( kb_pk );
-
- rc = cdk_iobuf_open( &inp, KEYFILE, IOBUF_MODE_RD );
- if ( rc )
- return GNUTLS_E_FILE_ERROR;
- if ( cdk_armor_filter_use( inp ) )
- {
- memset( &afx, 0, sizeof afx );
- rc = cdk_iobuf_push_filter( inp, &afx, cdk_armor_filter );
- if ( rc )
- {
- cdk_iobuf_close( inp );
- rc = GNUTLS_E_ASCII_ARMOR_ERROR;
- goto leave;
+ cdk_kbnode_release( kb_pk );
+
+ rc = cdk_iobuf_open( &inp, KEYFILE, IOBUF_MODE_RD );
+ if ( rc )
+ return GNUTLS_E_FILE_ERROR;
+ if ( cdk_armor_filter_use( inp ) ) {
+ memset( &afx, 0, sizeof afx );
+ rc = cdk_armor_filter( &afx, IOBUF_CTRL_UNDERFLOW, inp );
+ if ( rc ) {
+ cdk_iobuf_close( inp );
+ rc = GNUTLS_E_ASCII_ARMOR_ERROR;
+ goto leave;
}
- /*cdk_iobuf_close( inp );*/
+ /*cdk_iobuf_close( inp );*/
}
- iobuf_to_datum( inp, &raw );
- cdk_iobuf_close( inp );
+ iobuf_to_datum( inp, &raw );
+ cdk_iobuf_close( inp );
- res->pkey = gnutls_realloc(res->pkey,
- (res->ncerts+1)*sizeof(gnutls_private_key));
- if (res->pkey == NULL)
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ res->pkey = gnutls_realloc(res->pkey,
+ (res->ncerts+1)*sizeof(gnutls_private_key));
+ if (res->pkey == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- res->ncerts++;
+ res->ncerts++;
- /* ncerts has been incremented before */
- rc =_gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], raw);
+ /* ncerts has been incremented before */
+ rc =_gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], raw);
leave:
- return rc;
+ return rc;
}
int
gnutls_openpgp_count_key_names( const gnutls_datum *cert )
{
- KBNODE kb_pk = NULL, pkt;
- int nuids = 0;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ int nuids = 0;
- if ( !cert )
- return 0;
+ if ( !cert )
+ return 0;
- if ( datum_to_kbnode( cert, &kb_pk ) )
- return 0;
- for ( pkt=kb_pk; pkt; pkt=pkt->next )
- {
- if ( pkt->pkt->pkttype == PKT_USER_ID )
- nuids++;
+ if ( datum_to_kbnode( cert, &kb_pk ) )
+ return 0;
+ for ( pkt=kb_pk; pkt; pkt=pkt->next ) {
+ if ( pkt->pkt->pkttype == PKT_USER_ID )
+ nuids++;
}
- return nuids;
+
+ return nuids;
} /* gnutls_openpgp_count_key_names */
/**
@@ -854,74 +815,69 @@ gnutls_openpgp_extract_key_name( const gnutls_datum *cert,
int idx,
gnutls_openpgp_name *dn )
{
- KBNODE kb_pk = NULL, pkt;
- PKT_user_id *uid = NULL;
- char *email;
- int rc = 0;
- int pos1 = 0, pos2 = 0;
- size_t size = 0;
- int pos = 0;
-
- if (!cert || !dn)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- if ( idx < 0 || idx > gnutls_openpgp_count_key_names( cert ) )
- return GNUTLS_E_UNKNOWN_ERROR;
-
- memset(dn, 0, sizeof *dn);
- rc = datum_to_kbnode( cert, &kb_pk );
- if ( rc )
- return rc;
- if ( !idx )
- pkt = cdk_kbnode_find( kb_pk, PKT_USER_ID );
- else
- {
- for ( pos=0, pkt=kb_pk; pkt; pkt=pkt->next )
- {
- if ( pkt->pkt->pkttype == PKT_USER_ID && ++pos == idx )
- break;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ PKT_user_id *uid = NULL;
+ char *email;
+ int pos = 0, pos1 = 0, pos2 = 0;
+ size_t size = 0;
+ int rc = 0;
+
+ if (!cert || !dn)
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ if ( idx < 0 || idx > gnutls_openpgp_count_key_names( cert ) )
+ return GNUTLS_E_UNKNOWN_ERROR;
+
+ memset(dn, 0, sizeof *dn);
+ rc = datum_to_kbnode( cert, &kb_pk );
+ if ( rc )
+ return rc;
+ if ( !idx )
+ pkt = cdk_kbnode_find( kb_pk, PKT_USER_ID );
+ else {
+ for ( pos=0, pkt=kb_pk; pkt; pkt=pkt->next ) {
+ if ( pkt->pkt->pkttype == PKT_USER_ID && ++pos == idx )
+ break;
}
}
- if ( pkt )
- uid = pkt->pkt->pkt.user_id;
- if ( !uid )
- {
- rc = GNUTLS_E_UNKNOWN_ERROR;
- goto leave;
+ if ( pkt )
+ uid = pkt->pkt->pkt.user_id;
+ if ( !uid ) {
+ rc = GNUTLS_E_UNKNOWN_ERROR;
+ goto leave;
}
- size = uid->len < OPENPGP_NAME_SIZE? uid->len : OPENPGP_NAME_SIZE-1;
- memcpy(dn->name, uid->name, size);
- dn->name[size] = '\0'; /* make sure it's a string */
-
- /* Extract the email address from the userID string and save
- it to the email field. */
- email = strchr(uid->name, '<');
- if ( email )
- pos1 = email-uid->name+1;
- email = strchr(uid->name, '>');
- if ( email )
- pos2 = email-uid->name+1;
- if (pos1 && pos2)
- {
- pos2 -= pos1;
- size = pos2 < OPENPGP_NAME_SIZE? pos2 : OPENPGP_NAME_SIZE-1;
- memcpy(dn->email, uid->name+pos1, size);
- dn->email[size-1] = '\0'; /* make sure it's a string */
+ size = uid->len < OPENPGP_NAME_SIZE? uid->len : OPENPGP_NAME_SIZE-1;
+ memcpy(dn->name, uid->name, size);
+ dn->name[size] = '\0'; /* make sure it's a string */
+
+ /* Extract the email address from the userID string and save
+ it to the email field. */
+ email = strchr(uid->name, '<');
+ if ( email )
+ pos1 = email-uid->name+1;
+ email = strchr(uid->name, '>');
+ if ( email )
+ pos2 = email-uid->name+1;
+ if (pos1 && pos2) {
+ pos2 -= pos1;
+ size = pos2 < OPENPGP_NAME_SIZE? pos2 : OPENPGP_NAME_SIZE-1;
+ memcpy(dn->email, uid->name+pos1, size);
+ dn->email[size-1] = '\0'; /* make sure it's a string */
}
- if ( uid->is_revoked )
- {
- rc = GNUTLS_E_OPENPGP_UID_REVOKED;
- goto leave;
+ if ( uid->is_revoked ) {
+ rc = GNUTLS_E_OPENPGP_UID_REVOKED;
+ goto leave;
}
leave:
- cdk_kbnode_release( kb_pk );
+ cdk_kbnode_release( kb_pk );
- return rc;
+ return rc;
}
/**
- * gnutls_openpgp_extract_key_pk_algorithm - This function returns the key's PublicKey algorithm
+ * gnutls_openpgp_extract_key_pk_algorithm - This function returns the
+ * key's PublicKey algorithm
* @cert: is an OpenPGP key
* @bits: if bits is non null it will hold the size of the parameters' in bits
*
@@ -939,27 +895,27 @@ leave:
int
gnutls_openpgp_extract_key_pk_algorithm(const gnutls_datum *cert, int *r_bits)
{
- KBNODE kb_pk = NULL, pkt;
- int algo = 0;
-
- if ( !cert )
- return GNUTLS_E_INVALID_PARAMETERS;
-
- if ( datum_to_kbnode( cert, &kb_pk ) )
- return 0;
- pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( pkt && r_bits)
- *r_bits = cdk_pk_get_nbits( pkt->pkt->pkt.public_key );
- algo = pkt->pkt->pkt.public_key->pubkey_algo;
- if ( is_RSA( algo ) )
- algo = GNUTLS_PK_RSA;
- else if ( is_DSA( algo ) )
- algo = GNUTLS_PK_DSA;
- else
- algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
- cdk_kbnode_release( kb_pk );
-
- return algo;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ int algo = 0;
+
+ if ( !cert )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ if ( datum_to_kbnode( cert, &kb_pk ) )
+ return 0;
+ pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( pkt && r_bits)
+ *r_bits = cdk_pk_get_nbits( pkt->pkt->pkt.public_key );
+ algo = pkt->pkt->pkt.public_key->pubkey_algo;
+ if ( is_RSA( algo ) )
+ algo = GNUTLS_PK_RSA;
+ else if ( is_DSA( algo ) )
+ algo = GNUTLS_PK_DSA;
+ else
+ algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ cdk_kbnode_release( kb_pk );
+
+ return algo;
}
@@ -972,20 +928,20 @@ gnutls_openpgp_extract_key_pk_algorithm(const gnutls_datum *cert, int *r_bits)
int
gnutls_openpgp_extract_key_version( const gnutls_datum *cert )
{
- KBNODE kb_pk = NULL, pkt;
- int version = 0;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ int version = 0;
- if (!cert)
- return GNUTLS_E_INVALID_PARAMETERS;
+ if (!cert)
+ return GNUTLS_E_INVALID_PARAMETERS;
- if ( datum_to_kbnode( cert, &kb_pk ) )
- return 0;
- pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( pkt )
- version = pkt->pkt->pkt.public_key->version;
- cdk_kbnode_release( kb_pk );
+ if ( datum_to_kbnode( cert, &kb_pk ) )
+ return 0;
+ pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( pkt )
+ version = pkt->pkt->pkt.public_key->version;
+ cdk_kbnode_release( kb_pk );
- return version;
+ return version;
}
/**
@@ -997,20 +953,20 @@ gnutls_openpgp_extract_key_version( const gnutls_datum *cert )
time_t
gnutls_openpgp_extract_key_creation_time( const gnutls_datum *cert )
{
- KBNODE kb_pk = NULL, pkt;
- time_t timestamp = 0;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ time_t timestamp = 0;
- if (!cert)
- return GNUTLS_E_INVALID_PARAMETERS;
+ if (!cert)
+ return GNUTLS_E_INVALID_PARAMETERS;
- if ( datum_to_kbnode( cert, &kb_pk ) )
- return 0;
- pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( pkt )
- timestamp = pkt->pkt->pkt.public_key->timestamp;
- cdk_kbnode_release( kb_pk );
+ if ( datum_to_kbnode( cert, &kb_pk ) )
+ return 0;
+ pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( pkt )
+ timestamp = pkt->pkt->pkt.public_key->timestamp;
+ cdk_kbnode_release( kb_pk );
- return timestamp;
+ return timestamp;
}
/**
@@ -1023,20 +979,20 @@ gnutls_openpgp_extract_key_creation_time( const gnutls_datum *cert )
time_t
gnutls_openpgp_extract_key_expiration_time( const gnutls_datum *cert )
{
- KBNODE kb_pk = NULL, pkt;
- time_t expiredate = 0;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ time_t expiredate = 0;
- if (!cert)
- return GNUTLS_E_INVALID_PARAMETERS;
+ if (!cert)
+ return GNUTLS_E_INVALID_PARAMETERS;
- if ( datum_to_kbnode( cert, &kb_pk ) )
- return 0;
- pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( pkt )
- expiredate = pkt->pkt->pkt.public_key->expiredate;
- cdk_kbnode_release( kb_pk );
+ if ( datum_to_kbnode( cert, &kb_pk ) )
+ return 0;
+ pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( pkt )
+ expiredate = pkt->pkt->pkt.public_key->expiredate;
+ cdk_kbnode_release( kb_pk );
- return expiredate;
+ return expiredate;
}
int
@@ -1044,58 +1000,52 @@ _gnutls_openpgp_get_key_trust(const char *trustdb,
const gnutls_datum *key,
int *r_success)
{
- int flags = 0;
- int ot = 0, trustval = 0;
- int rc = 0;
- KBNODE kb_pk = NULL, pkt;
- PKT_public_key *pk = NULL;
- IOBUF buf;
-
- if (!trustdb || !key || !r_success)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- *r_success = 0;
- rc = datum_to_kbnode( key, &kb_pk );
- if ( rc )
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( pkt )
- pk = pkt->pkt->pkt.public_key;
- if ( !pk )
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- rc = cdk_iobuf_open( &buf, trustdb, IOBUF_MODE_RD );
- if ( rc )
- {
- trustval = GNUTLS_E_NO_CERTIFICATE_FOUND;
- goto leave;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ CDK_IOBUF buf;
+ PKT_public_key *pk = NULL;
+ int flags = 0, ot = 0, trustval = 0;
+ int rc = 0;
+
+ if ( !trustdb || !key || !r_success )
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ *r_success = 0;
+ rc = datum_to_kbnode( key, &kb_pk );
+ if ( rc )
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( pkt )
+ pk = pkt->pkt->pkt.public_key;
+ if ( !pk )
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ rc = cdk_iobuf_open( &buf, trustdb, IOBUF_MODE_RD );
+ if ( rc ) {
+ trustval = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ goto leave;
}
- rc = cdk_trustdb_get_ownertrust( buf, pk, &ot, &flags );
- cdk_iobuf_close( buf );
- if ( rc ) /* no ownertrust record was found */
- {
- trustval = 0;
- *r_success = 1;
- goto leave;
+ rc = cdk_trustdb_get_ownertrust( buf, pk, &ot, &flags );
+ cdk_iobuf_close( buf );
+ if ( rc ) { /* no ownertrust record was found */
+ trustval = 0;
+ *r_success = 1;
+ goto leave;
}
- if (flags & TRUST_FLAG_DISABLED)
- {
- trustval |= GNUTLS_CERT_NOT_TRUSTED;
- trustval |= GNUTLS_CERT_INVALID;
- goto leave;
+ if (flags & TRUST_FLAG_DISABLED) {
+ trustval |= GNUTLS_CERT_NOT_TRUSTED;
+ trustval |= GNUTLS_CERT_INVALID;
+ goto leave;
}
- if (flags & TRUST_FLAG_REVOKED)
- {
- trustval |= GNUTLS_CERT_NOT_TRUSTED;
- trustval |= GNUTLS_CERT_REVOKED;
- }
- switch (ot)
- {
+ if (flags & TRUST_FLAG_REVOKED) {
+ trustval |= GNUTLS_CERT_NOT_TRUSTED;
+ trustval |= GNUTLS_CERT_REVOKED;
+ }
+ switch (ot) {
case TRUST_NEVER:
- trustval |= GNUTLS_CERT_NOT_TRUSTED;
- break;
+ trustval |= GNUTLS_CERT_NOT_TRUSTED;
+ break;
case TRUST_UNKNOWN:
case TRUST_UNDEFINED:
@@ -1103,14 +1053,14 @@ _gnutls_openpgp_get_key_trust(const char *trustdb,
case TRUST_FULLY:
case TRUST_ULTIMATE:
- trustval |= 1; /* means okay */
- *r_success = 1;
- break;
+ trustval |= 1; /* means okay */
+ *r_success = 1;
+ break;
}
leave:
- cdk_kbnode_release( kb_pk );
- return trustval;
+ cdk_kbnode_release( kb_pk );
+ return trustval;
}
/**
@@ -1128,65 +1078,61 @@ gnutls_openpgp_verify_key( const char *trustdb,
const gnutls_datum* cert_list,
int cert_list_length )
{
- KBNODE kb_pk = NULL;
- KEYDB_HD khd = NULL;
- keybox_blob *blob = NULL;
- int rc = 0;
- int status = 0;
-
- if (!cert_list || !cert_list_length || !keyring)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- if (cert_list_length != 1 || !keyring->size)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- blob = kbx_read_blob(keyring, 0);
- if (!blob)
- return GNUTLS_CERT_INVALID|GNUTLS_CERT_NOT_TRUSTED;
- khd = kbx_to_keydb(blob);
- if (!khd)
- {
- rc = GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED;
- goto leave;
+ CDK_KBNODE kb_pk = NULL;
+ KEYDB_HD khd = NULL;
+ keybox_blob *blob = NULL;
+ int rc = 0;
+ int status = 0;
+
+ if (!cert_list || !cert_list_length || !keyring)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ if (cert_list_length != 1 || !keyring->size)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ blob = kbx_read_blob(keyring, 0);
+ if (!blob)
+ return GNUTLS_CERT_INVALID|GNUTLS_CERT_NOT_TRUSTED;
+ khd = kbx_to_keydb(blob);
+ if (!khd) {
+ rc = GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED;
+ goto leave;
}
- if ( trustdb )
- {
- int success = 0;
- rc = _gnutls_openpgp_get_key_trust(trustdb, cert_list, &success);
- if (!success)
- goto leave;
+ if ( trustdb ) {
+ int success = 0;
+ rc = _gnutls_openpgp_get_key_trust(trustdb, cert_list, &success);
+ if (!success)
+ goto leave;
}
- rc = datum_to_kbnode( cert_list, &kb_pk );
- if (rc)
- {
- goto leave;
- return GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED;
+ rc = datum_to_kbnode( cert_list, &kb_pk );
+ if ( rc ) {
+ goto leave;
+ return GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED;
}
- rc = cdk_key_check_sigs( kb_pk, khd, &status );
- if (rc == CDKERR_NOKEY)
- rc = 0; /* fixme */
+ rc = cdk_key_check_sigs( kb_pk, khd, &status );
+ if (rc == CDKERR_NOKEY)
+ rc = 0; /* fixme */
- switch (status)
- {
+ switch (status) {
case CDK_KEY_INVALID:
- rc = GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED;
- break;
+ rc = GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED;
+ break;
case CDK_KEY_REVOKED:
- rc = GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_TRUSTED;
- break;
+ rc = GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_TRUSTED;
+ break;
}
leave:
- kbx_blob_release( blob );
- cdk_free( khd );
- cdk_kbnode_release( kb_pk );
+ kbx_blob_release( blob );
+ cdk_free( khd );
+ cdk_kbnode_release( kb_pk );
- return rc;
+ return rc;
}
/**
@@ -1201,29 +1147,29 @@ leave:
int
gnutls_openpgp_fingerprint(const gnutls_datum *cert, byte *fpr, size_t *fprlen)
{
- KBNODE kb_pk = NULL, pkt;
- PKT_public_key *pk = NULL;
- int rc = 0;
-
- if (!cert || !fpr || !fprlen)
- return GNUTLS_E_UNKNOWN_ERROR;
-
- *fprlen = 0;
- rc = datum_to_kbnode( cert, &kb_pk );
- if (rc)
- return rc;
- pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( pkt )
- pk = pkt->pkt->pkt.public_key;
- if ( !pk )
- return GNUTLS_E_UNKNOWN_ERROR;
-
- *fprlen = 20;
- if ( is_RSA(pk->pubkey_algo) && pk->version < 4 )
- *fprlen = 16;
- cdk_pk_get_fingerprint( pk, fpr );
+ CDK_KBNODE kb_pk = NULL, pkt;
+ PKT_public_key *pk = NULL;
+ int rc = 0;
+
+ if (!cert || !fpr || !fprlen)
+ return GNUTLS_E_UNKNOWN_ERROR;
+
+ *fprlen = 0;
+ rc = datum_to_kbnode( cert, &kb_pk );
+ if (rc)
+ return rc;
+ pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( pkt )
+ pk = pkt->pkt->pkt.public_key;
+ if ( !pk )
+ return GNUTLS_E_UNKNOWN_ERROR;
+
+ *fprlen = 20;
+ if ( is_RSA(pk->pubkey_algo) && pk->version < 4 )
+ *fprlen = 16;
+ cdk_pk_get_fingerprint( pk, fpr );
- return 0;
+ return 0;
}
/**
@@ -1236,25 +1182,25 @@ gnutls_openpgp_fingerprint(const gnutls_datum *cert, byte *fpr, size_t *fprlen)
int
gnutls_openpgp_keyid( const gnutls_datum *cert, uint32 *keyid )
{
- KBNODE kb_pk = NULL, pkt;
- PKT_public_key *pk = NULL;
- int rc = 0;
+ CDK_KBNODE kb_pk = NULL, pkt;
+ PKT_public_key *pk = NULL;
+ int rc = 0;
- if (!cert || !keyid)
- return GNUTLS_E_UNKNOWN_ERROR;
+ if (!cert || !keyid)
+ return GNUTLS_E_UNKNOWN_ERROR;
- rc = datum_to_kbnode( cert, &kb_pk );
- if (rc)
- return rc;
+ rc = datum_to_kbnode( cert, &kb_pk );
+ if (rc)
+ return rc;
- pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
- if ( pkt )
- pk = pkt->pkt->pkt.public_key;
- if ( !pk )
- return GNUTLS_E_UNKNOWN_ERROR;
- cdk_pk_get_keyid( pk, (u32 *)keyid );
+ pkt = cdk_kbnode_find( kb_pk, PKT_PUBLIC_KEY );
+ if ( pkt )
+ pk = pkt->pkt->pkt.public_key;
+ if ( !pk )
+ return GNUTLS_E_UNKNOWN_ERROR;
+ cdk_pk_get_keyid( pk, (u32 *)keyid );
- return 0;
+ return 0;
}
/**
@@ -1269,33 +1215,32 @@ gnutls_openpgp_keyid( const gnutls_datum *cert, uint32 *keyid )
int
gnutls_openpgp_add_keyring_file(gnutls_datum *keyring, const char *name)
{
- byte *blob;
- size_t nbytes;
- IOBUF inp = NULL;
- int enc = 0;
- int rc = 0;
-
- if (!keyring || !name)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- rc = cdk_iobuf_open( &inp, name, IOBUF_MODE_RD );
- if ( rc )
- return GNUTLS_E_FILE_ERROR;
- enc = cdk_armor_filter_use( inp );
- cdk_iobuf_close( inp );
-
- blob = kbx_data_to_keyring( KBX_BLOB_FILE, enc, name, strlen(name), &nbytes);
- if (blob && nbytes)
- {
- if ( gnutls_datum_append( keyring, blob, nbytes ) < 0 )
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ CDK_IOBUF inp = NULL;
+ byte *blob;
+ size_t nbytes;
+ int enc = 0;
+ int rc = 0;
+
+ if (!keyring || !name)
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ rc = cdk_iobuf_open( &inp, name, IOBUF_MODE_RD );
+ if ( rc )
+ return GNUTLS_E_FILE_ERROR;
+ enc = cdk_armor_filter_use( inp );
+ cdk_iobuf_close( inp );
+
+ blob = kbx_data_to_keyring( KBX_BLOB_FILE, enc, name,
+ strlen(name), &nbytes);
+ if ( blob && nbytes ) {
+ if ( gnutls_datum_append( keyring, blob, nbytes ) < 0 ) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- gnutls_free(blob);
+ gnutls_free(blob);
}
- return 0;
+ return 0;
}
/**
@@ -1311,80 +1256,74 @@ int
gnutls_openpgp_add_keyring_mem(gnutls_datum *keyring,
const char *data, size_t len)
{
- byte *blob;
- size_t nbytes = 0;
+ byte *blob;
+ size_t nbytes = 0;
- if (!keyring || !data || !len)
- return GNUTLS_E_INVALID_PARAMETERS;
+ if (!keyring || !data || !len)
+ return GNUTLS_E_INVALID_PARAMETERS;
- blob = kbx_data_to_keyring( KBX_BLOB_DATA, 0, data, len, &nbytes );
- if ( blob && nbytes )
- {
- if ( gnutls_datum_append( keyring, blob, nbytes ) < 0 )
- {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ blob = kbx_data_to_keyring( KBX_BLOB_DATA, 0, data, len, &nbytes );
+ if ( blob && nbytes ) {
+ if ( gnutls_datum_append( keyring, blob, nbytes ) < 0 ) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
}
- gnutls_free(blob);
+ gnutls_free(blob);
}
- return 0;
+ return 0;
}
int
gnutls_certificate_set_openpgp_keyring_file(GNUTLS_CERTIFICATE_CREDENTIALS c,
const char *file)
{
- if (!c || !file)
- return GNUTLS_E_INVALID_PARAMETERS;
+ if (!c || !file)
+ return GNUTLS_E_INVALID_PARAMETERS;
- if ( !file_exist(file) )
- return GNUTLS_E_FILE_ERROR;
+ if ( !file_exist(file) )
+ return GNUTLS_E_FILE_ERROR;
- return gnutls_openpgp_add_keyring_file(&c->keyring, file);
+ return gnutls_openpgp_add_keyring_file(&c->keyring, file);
}
int
gnutls_certificate_set_openpgp_keyring_mem(GNUTLS_CERTIFICATE_CREDENTIALS c,
const char *file)
{
- IOBUF inp = NULL;
- byte *data = NULL;
- size_t nbytes = 0;
- armor_filter_s afx;
- int rc = 0;
-
- if (!c || !file)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- if ( !file_exist(file) )
- return GNUTLS_E_FILE_ERROR;
-
- rc = cdk_iobuf_open(&inp, file, IOBUF_MODE_RD);
- if ( rc )
- return GNUTLS_E_FILE_ERROR;
- if ( cdk_armor_filter_use( inp ) )
- {
- memset( &afx, 0, sizeof afx );
- rc = cdk_iobuf_push_filter( inp, &afx, cdk_armor_filter );
- if ( rc )
- {
- cdk_iobuf_close( inp );
- return GNUTLS_E_ASCII_ARMOR_ERROR;
+ CDK_IOBUF inp = NULL;
+ CDK_BSTRING a = NULL;
+ armor_filter_s afx;
+ int rc = 0;
+
+ if (!c || !file)
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ if ( !file_exist(file) )
+ return GNUTLS_E_FILE_ERROR;
+
+ rc = cdk_iobuf_open(&inp, file, IOBUF_MODE_RD);
+ if ( rc )
+ return GNUTLS_E_FILE_ERROR;
+ if ( cdk_armor_filter_use( inp ) ) {
+ memset( &afx, 0, sizeof afx );
+ rc = cdk_armor_filter( &afx, IOBUF_CTRL_UNDERFLOW, inp );
+ if ( rc ) {
+ cdk_iobuf_close( inp );
+ return GNUTLS_E_ASCII_ARMOR_ERROR;
}
}
- data = cdk_iobuf_getdata( inp, &nbytes );
- if (data && nbytes)
- {
- rc = gnutls_openpgp_add_keyring_mem( &c->keyring, data, nbytes );
- cdk_free(data);
+ a = cdk_iobuf_read_mem( inp, 0 );
+ if ( a ) {
+ rc = gnutls_openpgp_add_keyring_mem( &c->keyring, a->d, a->len );
+ cdk_free( a );
}
- else
- rc = GNUTLS_E_UNKNOWN_ERROR;
- cdk_iobuf_close(inp);
+ else
+ rc = GNUTLS_E_UNKNOWN_ERROR;
+ cdk_iobuf_close( inp );
- return rc;
+ return rc;
}
/**
@@ -1400,94 +1339,93 @@ int
gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid,
gnutls_datum *key)
{
- int rc = 0, state = 0;
- struct hostent *hp;
- struct sockaddr_in sock;
- armor_filter_s afx;
- char *request = NULL;
- char buffer[4096];
- IOBUF buf = NULL;
- int fd = -1;
- byte *data;
- ssize_t n = 0, nbytes = 0;
-
- if (!host || !key)
- return GNUTLS_E_INVALID_PARAMETERS;
-
- if (!port)
- port = 11371; /* standard service port */
-
- hp = gethostbyname(host);
- if (hp == NULL)
- return -1;
-
- memset(&sock, 0, sizeof sock);
- memcpy(&sock.sin_addr, hp->h_addr, hp->h_length);
- sock.sin_family = hp->h_addrtype;
- sock.sin_port = htons(port);
-
- fd = socket(AF_INET, SOCK_STREAM, 0);
- if (fd == -1)
- return -1;
- setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)1, 1);
- if ( connect(fd, (struct sockaddr*)&sock, sizeof(sock)) == -1 )
- {
- close(fd);
- return -1;
+ CDK_IOBUF buf = NULL;
+ CDK_BSTRING a = NULL;
+ struct hostent *hp;
+ struct sockaddr_in sock;
+ armor_filter_s afx;
+ char *request = NULL;
+ char buffer[4096];
+ int fd = -1;
+ int rc = 0, state = 0;
+ ssize_t nbytes = 0, n = 0;
+
+ if ( !host || !key )
+ return GNUTLS_E_INVALID_PARAMETERS;
+
+ if ( !port )
+ port = 11371; /* standard service port */
+
+ hp = gethostbyname( host );
+ if ( hp == NULL )
+ return -1;
+
+ memset( &sock, 0, sizeof sock );
+ memcpy( &sock.sin_addr, hp->h_addr, hp->h_length );
+ sock.sin_family = hp->h_addrtype;
+ sock.sin_port = htons( port );
+
+ fd = socket(AF_INET, SOCK_STREAM, 0);
+ if ( fd == -1 )
+ return -1;
+ setsockopt( fd, SOL_SOCKET, SO_REUSEADDR, (char *)1, 1 );
+ if ( connect( fd, (struct sockaddr*)&sock, sizeof(sock) ) == -1 ) {
+ close(fd);
+ return -1;
}
-
- request = cdk_alloc_clear(strlen(host)+100);
- if ( request == NULL )
- {
- close( fd );
- return -1;
+
+ n = strlen(host)+100;
+ request = cdk_alloc_clear( n + 1 );
+ if ( request == NULL ) {
+ close( fd );
+ return -1;
}
- sprintf(request, "GET /pks/lookup?op=get&search=0x%08X HTTP/1.0\r\n"
- "Host: %s:%d\r\n", (u32)keyid, host, port);
- if ( write(fd, request, strlen(request)) == -1 )
- {
- cdk_free(request);
- close(fd);
- return -1;
+ snprintf( request, n,
+ "GET /pks/lookup?op=get&search=0x%08X HTTP/1.0\r\n"
+ "Host: %s:%d\r\n", (u32)keyid, host, port );
+
+ if ( write( fd, request, strlen(request) ) == -1 ) {
+ cdk_free( request );
+ close( fd );
+ return -1;
}
- cdk_free(request);
+ cdk_free( request );
- buf = cdk_iobuf_temp();
- while ( (n = read(fd, buffer, sizeof(buffer)-1)) > 0 )
+ buf = cdk_iobuf_temp();
+ while ( (n = read(fd, buffer, sizeof(buffer)-1)) > 0 )
{
- buffer[n] = '\0';
- nbytes += n;
- if ( nbytes > cdk_iobuf_getsize( buf ) )
- cdk_iobuf_expand(buf, n);
- cdk_iobuf_write(buf, buffer, n);
- if ( strstr(buffer, "<pre>") || strstr(buffer, "</pre>") )
- state++;
+ buffer[n] = '\0';
+ nbytes += n;
+ if ( nbytes > cdk_iobuf_get_length( buf ) )
+ cdk_iobuf_expand(buf, n);
+ cdk_iobuf_write(buf, buffer, n);
+ if ( strstr(buffer, "<pre>") || strstr(buffer, "</pre>") )
+ state++;
}
- if (state != 2)
- {
- rc = GNUTLS_E_UNKNOWN_ERROR;
- goto leave;
+ if ( state != 2 ) {
+ rc = GNUTLS_E_UNKNOWN_ERROR;
+ goto leave;
}
- memset(&afx, 0, sizeof afx);
- rc = cdk_iobuf_push_filter(buf, &afx, cdk_armor_filter);
- if (rc)
- {
- rc = GNUTLS_E_ASCII_ARMOR_ERROR;
- goto leave;
+ memset( &afx, 0, sizeof afx );
+ rc = cdk_armor_filter( &afx, IOBUF_CTRL_UNDERFLOW, buf );
+ if ( rc ) {
+ rc = GNUTLS_E_ASCII_ARMOR_ERROR;
+ goto leave;
}
- data = cdk_iobuf_getdata(buf, &n);
- if (data && n)
- {
- gnutls_set_datum(key, data, n);
- cdk_free(data);
+ a = cdk_iobuf_read_mem(buf, 0 );
+ if ( a ) {
+ rc = gnutls_set_datum( key, a->d, a->len );
+ if ( rc < 0 )
+ rc = GNUTLS_E_MEMORY_ERROR;
+ cdk_free( a );
}
leave:
- cdk_iobuf_close(buf);
- close(fd);
+ cdk_iobuf_close(buf);
+ close(fd);
- return 0;
+ return 0;
}
/*-
@@ -1507,26 +1445,26 @@ _gnutls_openpgp_request_key( gnutls_datum* ret,
opaque* key_fpr,
int key_fpr_size)
{
- int rc = 0;
- uint32 keyid;
+ uint32 keyid;
+ int rc = 0;
- if (!ret || !cred || !key_fpr)
- return GNUTLS_E_INVALID_PARAMETERS;
+ if (!ret || !cred || !key_fpr)
+ return GNUTLS_E_INVALID_PARAMETERS;
- if (key_fpr_size != 16 && key_fpr_size != 20)
- return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
+ if ( key_fpr_size != 16 && key_fpr_size != 20 )
+ return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
- rc = gnutls_openpgp_get_key(ret, &cred->keyring, KEY_ATTR_FPR, key_fpr);
- if (rc >= 0)
- goto leave;
-
- keyid = buffer_to_u32(key_fpr+16);
- rc = gnutls_openpgp_recv_key(cred->pgp_key_server,
- cred->pgp_key_server_port,
- keyid, ret);
+ rc = gnutls_openpgp_get_key( ret, &cred->keyring, KEY_ATTR_FPR, key_fpr );
+ if ( rc >= 0 )
+ goto leave;
+
+ keyid = buffer_to_u32( key_fpr + (key_fpr_size-4) );
+ rc = gnutls_openpgp_recv_key( cred->pgp_key_server,
+ cred->pgp_key_server_port,
+ keyid, ret );
leave:
- return rc;
+ return rc;
}
/**
@@ -1546,24 +1484,24 @@ gnutls_certificate_set_openpgp_keyserver(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* keyserver,
int port)
{
- if (!res || !keyserver)
- return;
+ if ( !res || !keyserver )
+ return;
- if (!port)
- port = 11371;
+ if (!port)
+ port = 11371;
- res->pgp_key_server = gnutls_strdup( keyserver );
- res->pgp_key_server_port = port;
+ res->pgp_key_server = gnutls_strdup( keyserver );
+ res->pgp_key_server_port = port;
}
void
gnutls_certificate_set_openpgp_trustdb(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* trustdb)
{
- if (!res || !trustdb)
- return;
+ if ( !res || !trustdb )
+ return;
- res->pgp_trustdb = gnutls_strdup(trustdb);
+ res->pgp_trustdb = gnutls_strdup(trustdb);
}
#else /*!HAVE_LIBOPENCDK*/
@@ -1572,13 +1510,13 @@ int
_gnutls_openpgp_key2gnutls_key(gnutls_private_key *pkey,
gnutls_datum raw_key)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
_gnutls_openpgp_cert2gnutls_cert(gnutls_cert *cert, gnutls_datum raw)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
@@ -1586,7 +1524,7 @@ gnutls_certificate_set_openpgp_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res,
gnutls_datum *cert,
gnutls_datum *key)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
@@ -1594,38 +1532,38 @@ gnutls_certificate_set_openpgp_key_file(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* CERTFILE,
char* KEYFILE)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_openpgp_extract_key_name( const gnutls_datum *cert, int idx,
gnutls_openpgp_name *dn )
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_openpgp_extract_key_pk_algorithm(const gnutls_datum *cert, int *r_bits)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_openpgp_extract_key_version( const gnutls_datum *cert )
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
time_t
gnutls_openpgp_extract_key_creation_time( const gnutls_datum *cert )
{
- return (time_t)-1;
+ return (time_t)-1;
}
time_t
gnutls_openpgp_extract_key_expiration_time( const gnutls_datum *cert )
{
- return (time_t)-1;
+ return (time_t)-1;
}
int
@@ -1633,40 +1571,40 @@ gnutls_openpgp_verify_key(const char* ign, const gnutls_datum* keyring,
const gnutls_datum* cert_list,
int cert_list_length)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_openpgp_fingerprint(const gnutls_datum *cert, byte *fpr, size_t *fprlen)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_openpgp_add_keyring_file(gnutls_datum *keyring, const char *name)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_openpgp_add_keyring_mem(gnutls_datum *keyring,
const char *data, size_t len)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_certificate_set_openpgp_keyring_file(GNUTLS_CERTIFICATE_CREDENTIALS c,
const char *file)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
gnutls_certificate_set_openpgp_keyring_mem(GNUTLS_CERTIFICATE_CREDENTIALS c,
const char *file)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
int
@@ -1675,7 +1613,7 @@ _gnutls_openpgp_request_key( gnutls_datum* ret,
opaque* key_fpr,
int key_fpr_size)
{
- return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
void
@@ -1683,14 +1621,14 @@ gnutls_certificate_set_openpgp_keyserver(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* keyserver,
int port)
{
- return;
+ return;
}
void
gnutls_certificate_set_openpgp_trustdb(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* trustdb)
{
- return;
+ return;
}
#endif /* HAVE_LIBOPENCDK */
diff --git a/libextra/gnutls_openpgp.h b/libextra/gnutls_openpgp.h
index a0ec4dd2e1..1a1b29264b 100644
--- a/libextra/gnutls_openpgp.h
+++ b/libextra/gnutls_openpgp.h
@@ -5,69 +5,96 @@
/* OpenCDK compatible */
typedef enum {
- KEY_ATTR_NONE = 0,
- KEY_ATTR_SHORT_KEYID = 3,
- KEY_ATTR_KEYID = 4,
- KEY_ATTR_FPR = 5
+ KEY_ATTR_NONE = 0,
+ KEY_ATTR_SHORT_KEYID = 3,
+ KEY_ATTR_KEYID = 4,
+ KEY_ATTR_FPR = 5
} key_attr_t;
int gnutls_certificate_set_openpgp_key_file(
- GNUTLS_CERTIFICATE_CREDENTIALS res,
- char* CERTFILE,
- char* KEYFILE);
+ GNUTLS_CERTIFICATE_CREDENTIALS res,
+ char* CERTFILE,
+ char* KEYFILE);
-int gnutls_openpgp_count_key_names( const gnutls_datum *cert );
+int gnutls_openpgp_count_key_names(
+ const gnutls_datum *cert );
-int gnutls_openpgp_extract_key_name( const gnutls_datum *cert,
- int idx,
- gnutls_openpgp_name *dn );
+int gnutls_openpgp_extract_key_name(
+ const gnutls_datum *cert,
+ int idx,
+ gnutls_openpgp_name *dn );
-int gnutls_openpgp_extract_key_pk_algorithm(const gnutls_datum *cert,
- int *r_bits);
+int gnutls_openpgp_extract_key_pk_algorithm(
+ const gnutls_datum *cert,
+ int *r_bits );
-int gnutls_openpgp_extract_key_version( const gnutls_datum *cert );
+int gnutls_openpgp_extract_key_version(
+ const gnutls_datum *cert );
-time_t gnutls_openpgp_extract_key_creation_time( const gnutls_datum *cert );
+time_t gnutls_openpgp_extract_key_creation_time(
+ const gnutls_datum *cert );
-time_t gnutls_openpgp_extract_key_expiration_time( const gnutls_datum *cert );
+time_t gnutls_openpgp_extract_key_expiration_time(
+ const gnutls_datum *cert );
-int gnutls_openpgp_verify_key( const char *trustdb,
- const gnutls_datum *keyring,
- const gnutls_datum* cert_list,
- int cert_list_length );
+int gnutls_openpgp_verify_key(
+ const char *trustdb,
+ const gnutls_datum *keyring,
+ const gnutls_datum* cert_list,
+ int cert_list_length );
-int gnutls_openpgp_fingerprint( const gnutls_datum *cert, opaque *fpr,
- size_t *fprlen );
+int gnutls_openpgp_fingerprint(
+ const gnutls_datum *cert,
+ opaque *fpr,
+ size_t *fprlen );
-int gnutls_openpgp_keyid( const gnutls_datum *cert, uint32 *keyid );
+int gnutls_openpgp_keyid(
+ const gnutls_datum *cert,
+ uint32 *keyid );
-int gnutls_openpgp_add_keyring_mem(gnutls_datum *keyring,
- const char *data, size_t len);
+int gnutls_openpgp_add_keyring_mem(
+ gnutls_datum *keyring,
+ const char *data,
+ size_t len );
-int gnutls_openpgp_add_keyring_file(gnutls_datum *keyring, const char *name);
+int gnutls_openpgp_add_keyring_file(
+ gnutls_datum *keyring,
+ const char *name );
int gnutls_certificate_set_openpgp_keyring_file(
- GNUTLS_CERTIFICATE_CREDENTIALS c,
- const char *file);
-int gnutls_certificate_set_openpgp_keyring_mem(
- GNUTLS_CERTIFICATE_CREDENTIALS c,
- const char *file);
-
-int gnutls_openpgp_get_key(gnutls_datum *key, const gnutls_datum *keyring,
- key_attr_t by, opaque *pattern);
+ GNUTLS_CERTIFICATE_CREDENTIALS c,
+ const char *file );
-int gnutls_openpgp_get_key_trust(const char *trustdb, gnutls_datum *key);
-
-
-int gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid,
- gnutls_datum *key);
+int gnutls_certificate_set_openpgp_keyring_mem(
+ GNUTLS_CERTIFICATE_CREDENTIALS c,
+ const char *file );
+
+int gnutls_openpgp_get_key(
+ gnutls_datum *key,
+ const gnutls_datum *keyring,
+ key_attr_t by,
+ opaque *pattern );
+
+int gnutls_openpgp_get_key_trust(
+ const char *trustdb,
+ gnutls_datum *key );
+
+int gnutls_openpgp_recv_key(
+ const char *host,
+ short port,
+ uint32 keyid,
+ gnutls_datum *key );
/* internal */
-int _gnutls_openpgp_cert2gnutls_cert(gnutls_cert *cert, gnutls_datum raw);
+int _gnutls_openpgp_cert2gnutls_cert(
+ gnutls_cert *cert,
+ gnutls_datum raw );
int
-_gnutls_openpgp_request_key( gnutls_datum* ret,
- const GNUTLS_CERTIFICATE_CREDENTIALS cred, opaque* key_fpr,
- int key_fpr_size);
+_gnutls_openpgp_request_key(
+ gnutls_datum* ret,
+ const GNUTLS_CERTIFICATE_CREDENTIALS cred,
+ opaque* key_fpr,
+ int key_fpr_size );
#endif /*GNUTLS_OPENPGP_H*/
View Lorry Controller Status