diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-03 11:14:57 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-03 11:14:57 +0000 |
commit | ed1d22b9fd875d4af17bfe7efe096526a8ae030a (patch) | |
tree | 7e0578c02b03eece0341c334115201328e5c740a | |
parent | 8b99a69401e62d6e8721875fc9900bc887e4099f (diff) | |
download | gnutls-ed1d22b9fd875d4af17bfe7efe096526a8ae030a.tar.gz |
Converted the pgp verification functions to the new API.
-rw-r--r-- | configure.in | 6 | ||||
-rw-r--r-- | includes/gnutls/openpgp.h | 10 | ||||
-rw-r--r-- | libextra/Makefile.am | 1 | ||||
-rw-r--r-- | libextra/openpgp/Makefile.am | 4 | ||||
-rw-r--r-- | libextra/openpgp/gnutls_openpgp.c | 181 | ||||
-rw-r--r-- | libextra/openpgp/gnutls_openpgp.h (renamed from libextra/gnutls_openpgp.h) | 59 | ||||
-rw-r--r-- | libextra/openpgp/openpgp.c | 4 | ||||
-rw-r--r-- | libextra/openpgp/openpgp.h | 11 |
8 files changed, 46 insertions, 230 deletions
diff --git a/configure.in b/configure.in index d6380848cc..e822d8f649 100644 --- a/configure.in +++ b/configure.in @@ -277,10 +277,10 @@ AC_ARG_ENABLE( openpgp-authentication, [ --disable-openpgp-authentication disab ) if test x$ac_enable_openpgp != xno; then AC_MSG_RESULT(no) - AM_PATH_LIBOPENCDK( 0.4.0, AC_DEFINE(HAVE_LIBOPENCDK, 1, [have libopencdk]), + AM_PATH_LIBOPENCDK( 0.5.2, AC_DEFINE(HAVE_LIBOPENCDK, 1, [have libopencdk]), AC_MSG_WARN([[ *** -*** libopencdk 0.4.0 was not found. You will not be able to use OpenPGP keys with gnutls. +*** libopencdk 0.5.2 was not found. You will not be able to use OpenPGP keys with gnutls. ]])) else AC_MSG_RESULT(yes) @@ -459,7 +459,7 @@ AC_CONFIG_COMMANDS([includes/gnutls/gnutls.h],[[ ]],[[]]) AC_CONFIG_FILES([Makefile src/Makefile libextra/Makefile lib/Makefile \ -lib/libgnutls-config libextra/libgnutls-extra-config \ +libextra/openpgp/Makefile lib/libgnutls-config libextra/libgnutls-extra-config \ doc/Makefile src/x509/Makefile src/srp/Makefile src/openpgp/Makefile \ doc/tex/Makefile doc/tex/cover.tex doc/scripts/Makefile \ doc/examples/Makefile lib/minitasn1/Makefile lib/x509/Makefile \ diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h index 6767796a75..6fce2e5b05 100644 --- a/includes/gnutls/openpgp.h +++ b/includes/gnutls/openpgp.h @@ -79,11 +79,11 @@ int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring ring, */ struct gnutls_openpgp_trustdb; -int gnutls_openpgp_trustdb_init( gnutls_openpgp_trustdb* ring); -void gnutls_openpgp_trustdb_deinit(gnutls_openpgp_trustdb ring); +int gnutls_openpgp_trustdb_init( gnutls_openpgp_trustdb* db); +void gnutls_openpgp_trustdb_deinit(gnutls_openpgp_trustdb db); -int gnutls_openpgp_trustdb_import(gnutls_openpgp_trustdb ring, - const gnutls_datum* data, gnutls_openpgp_key_fmt format); +int gnutls_openpgp_trustdb_import(gnutls_openpgp_trustdb db, + const char* file); int gnutls_openpgp_key_verify_ring( @@ -92,7 +92,7 @@ int gnutls_openpgp_key_verify_ring( unsigned int flags /* if not used reserved for future use, unsigned int * verify /* the output of the verification */); -int gnutls_openpgp_key_verify_db( +int gnutls_openpgp_key_verify_trustdb( gnutls_openpgp_key key, gnutls_openpgp_trustdb db, unsigned int flags /* if not used reserved for future use, diff --git a/libextra/Makefile.am b/libextra/Makefile.am index c0999fd79a..2f9651df4b 100644 --- a/libextra/Makefile.am +++ b/libextra/Makefile.am @@ -1,6 +1,5 @@ INCLUDES = -I../lib -I../includes -I../lib/minitasn1/ bin_SCRIPTS = libgnutls-extra-config -DIST_SUBDIRS = openpgp SUBDIRS = openpgp m4datadir = $(datadir)/aclocal diff --git a/libextra/openpgp/Makefile.am b/libextra/openpgp/Makefile.am index db5f86ec4f..787a84ae54 100644 --- a/libextra/openpgp/Makefile.am +++ b/libextra/openpgp/Makefile.am @@ -1,9 +1,9 @@ INCLUDES = -I../ -I../../includes/ -I../../lib -EXTRA_DIST = openpgp.h +EXTRA_DIST = openpgp.h gnutls_openpgp.h noinst_LTLIBRARIES = libpgp.la -COBJECTS = openpgp.c xml.c gnutls_openpgp.c +COBJECTS = openpgp.c xml.c gnutls_openpgp.c verify.c extras.c libpgp_la_SOURCES = $(COBJECTS) diff --git a/libextra/openpgp/gnutls_openpgp.c b/libextra/openpgp/gnutls_openpgp.c index b10364dfb4..9930f9c51e 100644 --- a/libextra/openpgp/gnutls_openpgp.c +++ b/libextra/openpgp/gnutls_openpgp.c @@ -45,17 +45,6 @@ #define datum_append(x, y, z) _gnutls_datum_append_m( x, y, z, gnutls_realloc ) -typedef struct { - int type; - int armored; - size_t size; - uint8 *data; -} keybox_blob; - -typedef enum { - KBX_BLOB_FILE = 0x00, - KBX_BLOB_DATA = 0x01 -} keyring_blob_types; static void @@ -122,7 +111,7 @@ kbx_blob_new( keybox_blob **r_ctx ) } -static void +void kbx_blob_release( keybox_blob *ctx ) { if( ctx ) { @@ -132,7 +121,7 @@ kbx_blob_release( keybox_blob *ctx ) } -static cdk_keydb_hd_t +cdk_keydb_hd_t kbx_to_keydb( keybox_blob *blob ) { cdk_keydb_hd_t hd; @@ -164,7 +153,7 @@ kbx_to_keydb( keybox_blob *blob ) /* Extract a keybox blob from the given position. */ -static keybox_blob* +keybox_blob* kbx_read_blob( const gnutls_datum* keyring, size_t pos ) { keybox_blob *blob = NULL; @@ -749,170 +738,6 @@ gnutls_openpgp_count_key_names( const gnutls_datum *cert ) -int -_gnutls_openpgp_get_key_trust( const char *trustdb, - const gnutls_datum *key, - int *r_trustval ) -{ - cdk_kbnode_t knode = NULL; - cdk_stream_t inp; - CDK_PACKET *pkt; - cdk_pkt_pubkey_t pk = NULL; - int flags = 0, ot = 0; - int rc = 0; - - if( !trustdb || !key || !r_trustval ) { - gnutls_assert( ); - return GNUTLS_E_INVALID_REQUEST; - } - - *r_trustval = 0; - - rc = cdk_kbnode_read_from_mem( &knode, key->data, key->size ); - if( (rc = _gnutls_map_cdk_rc( rc )) ) - return rc; - - pkt = cdk_kbnode_find_packet( knode, CDK_PKT_PUBLIC_KEY ); - if( !pkt ) { - rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; - goto leave; - } - pk = pkt->pkt.public_key; - - rc = cdk_stream_open( trustdb, &inp ); - if( rc ) { - rc = _gnutls_map_cdk_rc( rc ); - goto leave; - } - - rc = cdk_trustdb_get_ownertrust( inp, pk, &ot, &flags ); - cdk_stream_close( inp ); - if ( rc ) { /* no ownertrust record was found */ - rc = 0; - *r_trustval = 0; - goto leave; - } - - if( flags & CDK_TFLAG_DISABLED ) { - *r_trustval |= GNUTLS_CERT_NOT_TRUSTED; - *r_trustval |= GNUTLS_CERT_INVALID; - goto leave; - } - - if( flags & CDK_TFLAG_REVOKED ) { - *r_trustval |= GNUTLS_CERT_NOT_TRUSTED; - *r_trustval |= GNUTLS_CERT_REVOKED; - } - - switch( ot ) { - case CDK_TRUST_NEVER: - *r_trustval |= GNUTLS_CERT_NOT_TRUSTED; - break; - case CDK_TRUST_UNKNOWN: - case CDK_TRUST_UNDEFINED: - case CDK_TRUST_MARGINAL: - case CDK_TRUST_FULLY: - case CDK_TRUST_ULTIMATE: - *r_trustval |= 1; /* means okay */ - rc = 0; - break; - } - -leave: - if( rc ) - *r_trustval |= GNUTLS_CERT_NOT_TRUSTED; - cdk_kbnode_release( knode ); - return rc; -} - - -/** - * gnutls_openpgp_verify_key - Verify all signatures on the key - * @cert_list: the structure that holds the certificates. - * @cert_list_lenght: the items in the cert_list. - * - * Verify all signatures in the certificate list. When the key - * is not available, the signature is skipped. - * - * When the trustdb parameter is used, the function checks the - * ownertrust of the key before the signatures are checked. It - * is possible that the key was disabled or the owner is not trusted - * at all. Then we don't check the signatures because it makes no sense. - * - * The return value is one of the CertificateStatus entries. - * - * NOTE: this function does not verify using any "web of trust". You - * may use GnuPG for that purpose, or any other external PGP application. - **/ -int -gnutls_openpgp_verify_key( const char *trustdb, - const gnutls_datum* keyring, - const gnutls_datum* cert_list, - int cert_list_length ) -{ - cdk_kbnode_t knode = NULL; - cdk_keydb_hd_t hd = NULL; - keybox_blob *blob = NULL; - int rc = 0; - int status = 0; - - if( !cert_list || cert_list_length != 1 || !keyring ) { - gnutls_assert(); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - if( !keyring->size && !trustdb ) { - gnutls_assert( ); - return GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED; - } - - blob = kbx_read_blob( keyring, 0 ); - if( !blob ) { - gnutls_assert(); - return GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED; - } - hd = kbx_to_keydb( blob ); - if( !hd ) { - rc = GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED; - goto leave; - } - - if( trustdb ) { - int ktrust; - rc = _gnutls_openpgp_get_key_trust( trustdb, cert_list, &ktrust ); - if( rc || !ktrust ) - goto leave; - } - - rc = cdk_kbnode_read_from_mem( &knode, cert_list->data, cert_list->size ); - if( (rc = _gnutls_map_cdk_rc( rc )) ) { - goto leave; - return GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED; - } - - rc = cdk_pk_check_sigs( knode, hd, &status ); - if( rc == CDK_Error_No_Key ) - rc = 0; /* fixme */ - - switch( status ) { - case CDK_KEY_INVALID: - rc = GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED; - break; - - case CDK_KEY_REVOKED: - rc = GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_TRUSTED; - break; - } - -leave: - kbx_blob_release( blob ); - cdk_free( hd ); - cdk_kbnode_release( knode ); - if( rc ) { - gnutls_assert(); - } - return rc; -} /*- diff --git a/libextra/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h index 7f3b08f2df..e89708d10e 100644 --- a/libextra/gnutls_openpgp.h +++ b/libextra/openpgp/gnutls_openpgp.h @@ -3,6 +3,19 @@ #include <gnutls/compat8.h> #include <auth_cert.h> +#include <opencdk.h> + +typedef struct { + int type; + int armored; + size_t size; + uint8 *data; +} keybox_blob; + +typedef enum { + KBX_BLOB_FILE = 0x00, + KBX_BLOB_DATA = 0x01 +} keyring_blob_types; /* OpenCDK compatible */ typedef enum { @@ -20,39 +33,6 @@ int gnutls_certificate_set_openpgp_key_file( int gnutls_openpgp_count_key_names( const gnutls_datum *cert ); -int gnutls_openpgp_extract_key_name( - const gnutls_datum *cert, - int idx, - gnutls_openpgp_name *dn ); - -int gnutls_openpgp_extract_key_pk_algorithm( - const gnutls_datum *cert, - int *r_bits ); - -int gnutls_openpgp_extract_key_version( - const gnutls_datum *cert ); - -time_t gnutls_openpgp_extract_key_creation_time( - const gnutls_datum *cert ); - -time_t gnutls_openpgp_extract_key_expiration_time( - const gnutls_datum *cert ); - -int gnutls_openpgp_verify_key( - const char *trustdb, - const gnutls_datum *keyring, - const gnutls_datum* cert_list, - int cert_list_length ); - -int gnutls_openpgp_fingerprint( - const gnutls_datum *cert, - unsigned char *fpr, - size_t *fprlen ); - -int gnutls_openpgp_extract_key_id( - const gnutls_datum *cert, - unsigned char keyid[8] ); - int gnutls_openpgp_add_keyring_mem( gnutls_datum *keyring, const opaque *data, @@ -77,20 +57,12 @@ int gnutls_openpgp_get_key( key_attr_t by, opaque *pattern ); -int gnutls_openpgp_get_key_trust( - const char *trustdb, - gnutls_datum *key ); - int gnutls_openpgp_recv_key( const char *host, short port, uint32 keyid, gnutls_datum *key ); -int gnutls_openpgp_key_to_xml( - const gnutls_datum *cert, - gnutls_datum *xmlkey, int ext ); - /* internal */ int _gnutls_openpgp_cert2gnutls_cert( gnutls_cert *cert, @@ -104,4 +76,9 @@ _gnutls_openpgp_request_key( opaque* key_fpr, int key_fpr_size ); +keybox_blob* kbx_read_blob( const gnutls_datum* keyring, size_t pos ); +cdk_keydb_hd_t kbx_to_keydb( keybox_blob *blob ); +void kbx_blob_release( keybox_blob *ctx ); + + #endif /*GNUTLS_OPENPGP_H*/ diff --git a/libextra/openpgp/openpgp.c b/libextra/openpgp/openpgp.c index f41962ef3a..c24c8a14f9 100644 --- a/libextra/openpgp/openpgp.c +++ b/libextra/openpgp/openpgp.c @@ -24,6 +24,9 @@ */ #include <gnutls_int.h> + +#ifdef HAVE_LIBOPENCDK + #include <gnutls_datum.h> #include <gnutls_global.h> #include <gnutls_errors.h> @@ -412,3 +415,4 @@ int gnutls_openpgp_key_check_hostname(gnutls_openpgp_key key, return 0; } +#endif diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h index 424a0a5b1d..b559522da7 100644 --- a/libextra/openpgp/openpgp.h +++ b/libextra/openpgp/openpgp.h @@ -7,10 +7,20 @@ typedef struct gnutls_openpgp_key_int { cdk_kbnode_t knode; } gnutls_openpgp_key_int; +typedef struct gnutls_openpgp_keyring_int { + cdk_keydb_hd_t hd; +} gnutls_openpgp_keyring_int; + +typedef struct gnutls_openpgp_trustdb_int { + cdk_stream_t st; +} gnutls_openpgp_trustdb_int; + typedef enum gnutls_openpgp_key_fmt { GNUTLS_X509_FMT_RAW, GNUTLS_X509_FMT_BASE64 } gnutls_openpgp_key_fmt; typedef struct gnutls_openpgp_key_int *gnutls_openpgp_key; +typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring; +typedef struct gnutls_openpgp_trustdb_int *gnutls_openpgp_trustdb; int _gnutls_map_cdk_rc( int rc); @@ -19,4 +29,5 @@ gnutls_openpgp_key_get_name( gnutls_openpgp_key key, int idx, char *buf, size_t *sizeof_buf); + #endif |