diff options
| author | Timo Schulz <twoaday@gnutls.org> | 2007-04-20 12:34:51 +0000 |
|---|---|---|
| committer | Timo Schulz <twoaday@gnutls.org> | 2007-04-20 12:34:51 +0000 |
| commit | 422b5542de3fed09c254b5d6f92f286ee2ad0ca2 (patch) | |
| tree | 53c142c44471bf04d23aa7f387d0ad9338724025 /libextra | |
| parent | c72948ceb5b04cfc04dd8145dd88729be933e803 (diff) | |
| download | gnutls-422b5542de3fed09c254b5d6f92f286ee2ad0ca2.tar.gz | |
First bunch of patches for the opencdk migration.
Diffstat (limited to 'libextra')
| -rw-r--r-- | libextra/openpgp/compat.c | 15 | ||||
| -rw-r--r-- | libextra/openpgp/extras.c | 104 | ||||
| -rw-r--r-- | libextra/openpgp/gnutls_openpgp.h | 1 | ||||
| -rw-r--r-- | libextra/openpgp/openpgp.h | 19 | ||||
| -rw-r--r-- | libextra/openpgp/pgp.c | 240 | ||||
| -rw-r--r-- | libextra/openpgp/pgpverify.c | 163 | ||||
| -rw-r--r-- | libextra/openpgp/privkey.c | 95 | ||||
| -rw-r--r-- | libextra/openpgp/xml.c | 40 |
8 files changed, 271 insertions, 406 deletions
diff --git a/libextra/openpgp/compat.c b/libextra/openpgp/compat.c index 0bad2fbabb..462eadfe86 100644 --- a/libextra/openpgp/compat.c +++ b/libextra/openpgp/compat.c @@ -82,9 +82,7 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, if (cred->keyring.data && cred->keyring.size != 0) { - - /* use the keyring - */ + /* use the keyring */ ret = gnutls_openpgp_keyring_init (&ring); if (ret < 0) { @@ -98,7 +96,7 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, gnutls_assert (); goto leave; } - + ret = gnutls_openpgp_key_verify_ring (key, ring, 0, &verify_ring); if (ret < 0) { @@ -108,7 +106,7 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, } if (cred->pgp_trustdb) - { /* Use the trustDB */ + { /* Use the trustDB */ ret = gnutls_openpgp_trustdb_init (&tdb); if (ret < 0) { @@ -126,8 +124,7 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, ret = gnutls_openpgp_key_verify_trustdb (key, tdb, 0, &verify_db); } - /* now try the self signature. - */ + /* Now try the self signature. */ ret = gnutls_openpgp_key_verify_self (key, 0, &verify_self); if (ret < 0) { @@ -137,8 +134,7 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, *status = verify_self | verify_ring | verify_db; - /* If we only checked the self signature. - */ + /* If we only checked the self signature. */ if (!cred->pgp_trustdb && !cred->keyring.data) *status |= GNUTLS_CERT_SIGNER_NOT_FOUND; @@ -183,7 +179,6 @@ _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, } ret = gnutls_openpgp_key_get_fingerprint (key, fpr, fprlen); - gnutls_openpgp_key_deinit (key); if (ret < 0) { diff --git a/libextra/openpgp/extras.c b/libextra/openpgp/extras.c index dabd14f498..9952c05311 100644 --- a/libextra/openpgp/extras.c +++ b/libextra/openpgp/extras.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation * - * Author: Nikos Mavroyanopoulos + * Author: Nikos Mavroyanopoulos, Timo Schulz * * This file is part of GNUTLS-EXTRA. * @@ -37,43 +37,42 @@ */ /** - * gnutls_openpgp_keyring_init - This function initializes a gnutls_openpgp_keyring_t structure - * @keyring: The structure to be initialized - * - * This function will initialize an OpenPGP keyring structure. - * - * Returns 0 on success. - * - **/ + * gnutls_openpgp_keyring_init - This function initializes a gnutls_openpgp_keyring_t structure + * @keyring: The structure to be initialized + * + * This function will initialize an OpenPGP keyring structure. + * + * Returns 0 on success. + * + **/ int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring) { *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int)); if (*keyring) - { - return 0; /* success */ - } + return 0; /* success */ return GNUTLS_E_MEMORY_ERROR; } + /** - * gnutls_openpgp_keyring_deinit - This function deinitializes memory used by a gnutls_openpgp_keyring_t structure - * @keyring: The structure to be initialized - * - * This function will deinitialize a CRL structure. - * - **/ + * gnutls_openpgp_keyring_deinit - This function deinitializes memory used by a gnutls_openpgp_keyring_t structure + * @keyring: The structure to be initialized + * + * This function will deinitialize a keyring structure. + * + **/ void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring) { if (!keyring) return; - if (keyring->hd) + if (keyring->db) { - cdk_free (keyring->hd); - keyring->hd = NULL; + cdk_keydb_free (keyring->db); + keyring->db = NULL; } gnutls_free (keyring); @@ -89,57 +88,57 @@ gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring) * * Returns 0 on success (if keyid exists) and a negative error code * on failure. - */ + **/ int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, const unsigned char keyid[8], unsigned int flags) { - int rc; - cdk_pkt_pubkey_t sig_pk; + cdk_pkt_pubkey_t pk; uint32_t id[2]; id[0] = _gnutls_read_uint32 (keyid); id[1] = _gnutls_read_uint32 (&keyid[4]); - rc = cdk_keydb_get_pk (ring->hd, id, &sig_pk); - if (!rc) - return 0; - else - return GNUTLS_E_NO_CERTIFICATE_FOUND; + if (!cdk_keydb_get_pk (ring->db, id, &pk)) + { + cdk_pk_release (pk); + return 0; + } + + return GNUTLS_E_NO_CERTIFICATE_FOUND; } /** - * gnutls_openpgp_keyring_import - This function will import a RAW or BASE64 encoded key - * @keyring: The structure to store the parsed key. - * @data: The RAW or BASE64 encoded keyring. - * @format: One of gnutls_openpgp_keyring_fmt elements. - * - * This function will convert the given RAW or Base64 encoded keyring - * to the native gnutls_openpgp_keyring_t format. The output will be - * stored in 'keyring'. - * - * Returns 0 on success. - * - **/ + * gnutls_openpgp_keyring_import - This function will import a RAW or BASE64 encoded key + * @keyring: The structure to store the parsed key. + * @data: The RAW or BASE64 encoded keyring. + * @format: One of gnutls_openpgp_keyring_fmt elements. + * + * This function will convert the given RAW or Base64 encoded keyring + * to the native gnutls_openpgp_keyring_t format. The output will be stored in 'keyring'. + * + * Returns 0 on success. + * + **/ int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t * data, + const gnutls_datum_t *data, gnutls_openpgp_key_fmt_t format) { int rc; - cdk_error_t err; + keybox_blob *blob = NULL; + - if (format != GNUTLS_OPENPGP_FMT_RAW) + blob = kbx_read_blob (data, 0); + if (!blob) { - /* FIXME: `cdk_keydb_new ()' currently only supports raw keyrings. */ - rc = GNUTLS_E_UNIMPLEMENTED_FEATURE; - goto leave; + gnutls_assert (); + return GNUTLS_E_OPENPGP_KEYRING_ERROR; } - err = cdk_keydb_new (&keyring->hd, CDK_DBTYPE_DATA, - data->data, data->size); - if (err) + keyring->db = kbx_to_keydb (blob); + if (!keyring->db) { gnutls_assert (); rc = GNUTLS_E_OPENPGP_KEYRING_ERROR; @@ -149,6 +148,7 @@ gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, rc = 0; leave: + kbx_blob_release (blob); return rc; } @@ -171,9 +171,7 @@ gnutls_openpgp_trustdb_init (gnutls_openpgp_trustdb_t * trustdb) *trustdb = gnutls_calloc (1, sizeof (gnutls_openpgp_trustdb_int)); if (*trustdb) - { - return 0; /* success */ - } + return 0; /* success */ return GNUTLS_E_MEMORY_ERROR; } diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h index 4385a43fe3..790359ecad 100644 --- a/libextra/openpgp/gnutls_openpgp.h +++ b/libextra/openpgp/gnutls_openpgp.h @@ -11,7 +11,6 @@ typedef struct { int type; - int armored; size_t size; uint8_t *data; } keybox_blob; diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h index 9bc8b246c3..b4fb3e83c7 100644 --- a/libextra/openpgp/openpgp.h +++ b/libextra/openpgp/openpgp.h @@ -5,31 +5,37 @@ # include <config.h> #endif +/* The format the OpenPGP key is stored in. */ typedef enum gnutls_openpgp_key_fmt_t { - GNUTLS_OPENPGP_FMT_RAW, GNUTLS_OPENPGP_FMT_BASE64 + GNUTLS_OPENPGP_FMT_RAW, + GNUTLS_OPENPGP_FMT_BASE64 } gnutls_openpgp_key_fmt_t; #ifdef ENABLE_OPENPGP -# include <opencdk.h> +#include <opencdk.h> +/* Internal context to store the OpenPGP key. */ typedef struct gnutls_openpgp_key_int { cdk_kbnode_t knode; - cdk_stream_t inp; } gnutls_openpgp_key_int; + +/* Internal context to store the private OpenPGP key. */ typedef struct gnutls_openpgp_privkey_int { gnutls_privkey pkey; } gnutls_openpgp_privkey_int; + typedef struct gnutls_openpgp_keyring_int { - cdk_keydb_hd_t hd; + cdk_keydb_hd_t db; } gnutls_openpgp_keyring_int; + typedef struct gnutls_openpgp_trustdb_int { cdk_stream_t st; @@ -39,9 +45,8 @@ typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t; typedef struct gnutls_openpgp_trustdb_int *gnutls_openpgp_trustdb_t; int _gnutls_map_cdk_rc (int rc); -int -gnutls_openpgp_key_get_name (gnutls_openpgp_key_t key, - int idx, char *buf, size_t * sizeof_buf); +int gnutls_openpgp_key_get_name (gnutls_openpgp_key_t key, + int idx, char *buf, size_t * sizeof_buf); int gnutls_openpgp_key_get_fingerprint (gnutls_openpgp_key_t key, void *fpr, size_t * fprlen); gnutls_pk_algorithm_t diff --git a/libextra/openpgp/pgp.c b/libextra/openpgp/pgp.c index 5a14dec910..5c3a149bb2 100644 --- a/libextra/openpgp/pgp.c +++ b/libextra/openpgp/pgp.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation + * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation * * Author: Timo Schulz, Nikos Mavroyanopoulos * @@ -32,34 +32,32 @@ #include <openpgp.h> #include <x509/rfc2818.h> + /** - * gnutls_openpgp_key_init - This function initializes a gnutls_openpgp_key_t structure - * @key: The structure to be initialized - * - * This function will initialize an OpenPGP key structure. - * - * Returns 0 on success. - * - **/ + * gnutls_openpgp_key_init - This function initializes a gnutls_openpgp_key_t structure + * @key: The structure to be initialized + * + * This function will initialize an OpenPGP key structure. + * + * Returns 0 on success. + * + **/ int gnutls_openpgp_key_init (gnutls_openpgp_key_t * key) { *key = gnutls_calloc (1, sizeof (gnutls_openpgp_key_int)); if (*key) - { - return 0; /* success */ - } + return 0; /* success */ return GNUTLS_E_MEMORY_ERROR; } /** - * gnutls_openpgp_key_deinit - This function deinitializes memory used by a gnutls_openpgp_key_t structure - * @key: The structure to be initialized - * - * This function will deinitialize a key structure. - * - **/ + * gnutls_openpgp_key_deinit - This function deinitializes memory used by a gnutls_openpgp_key_t structure + * @key: The structure to be initialized + * + * This function will deinitialize a key structure. + **/ void gnutls_openpgp_key_deinit (gnutls_openpgp_key_t key) { @@ -71,9 +69,7 @@ gnutls_openpgp_key_deinit (gnutls_openpgp_key_t key) cdk_kbnode_release (key->knode); key->knode = NULL; } - if (key->inp) - cdk_stream_close (key->inp); - + gnutls_free (key); } @@ -87,43 +83,31 @@ gnutls_openpgp_key_deinit (gnutls_openpgp_key_t key) * to the native gnutls_openpgp_key_t format. The output will be stored in 'key'. * * Returns 0 on success. - * **/ int gnutls_openpgp_key_import (gnutls_openpgp_key_t key, const gnutls_datum_t * data, gnutls_openpgp_key_fmt_t format) { + cdk_stream_t inp; int rc; - + if (format == GNUTLS_OPENPGP_FMT_RAW) - { - rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - } + rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); else - { /* base64 */ - key->inp = cdk_stream_tmp_from_mem (data->data, data->size); - if (key->inp == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - rc = cdk_stream_set_armor_flag (key->inp, 0); + { + rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); if (rc) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; - } - - rc = cdk_keydb_get_keyblock (key->inp, &key->knode); + } + if (cdk_armor_filter_use (inp)) + rc = cdk_stream_set_armor_flag (inp, 0); + if (!rc) + rc = cdk_keydb_get_keyblock (inp, &key->knode); + cdk_stream_close (inp); if (rc) { rc = _gnutls_map_cdk_rc (rc); @@ -131,7 +115,7 @@ gnutls_openpgp_key_import (gnutls_openpgp_key_t key, return rc; } } - + return 0; } @@ -154,8 +138,9 @@ gnutls_openpgp_key_export (gnutls_openpgp_key_t key, gnutls_openpgp_key_fmt_t format, void *output_data, size_t * output_data_size) { - int rc; size_t input_data_size = *output_data_size; + size_t calc_size; + int rc; rc = cdk_kbnode_write_to_mem (key->knode, output_data, output_data_size); if (rc) @@ -164,49 +149,35 @@ gnutls_openpgp_key_export (gnutls_openpgp_key_t key, gnutls_assert (); return rc; } + + /* FIXME: The first call of this function is with output_data == NULL + to figure out the size and the caller expects this error here. */ + if (!output_data) + return GNUTLS_E_SHORT_MEMORY_BUFFER; if (format == GNUTLS_OPENPGP_FMT_BASE64) { - cdk_stream_t s; - - s = cdk_stream_tmp_from_mem (output_data, *output_data_size); - if (s == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - cdk_stream_tmp_set_mode (s, 1); - rc = cdk_stream_set_armor_flag (s, CDK_ARMOR_PUBKEY); - if (rc) + unsigned char *in = cdk_calloc (1, *output_data_size); + memcpy (in, output_data, *output_data_size); + + /* Calculate the size of the encoded data and check if the provided + buffer is large enough. */ + rc = cdk_armor_encode_buffer (in, input_data_size, + NULL, 0, &calc_size, CDK_ARMOR_PUBKEY); + if (rc || calc_size > input_data_size) { - rc = _gnutls_map_cdk_rc (rc); + cdk_free (in); + *output_data_size = calc_size; + rc = _gnutls_map_cdk_rc (CDK_Too_Short); gnutls_assert (); - cdk_stream_close (s); return rc; } - - - *output_data_size = input_data_size; - - rc = cdk_stream_read (s, output_data, *output_data_size); - if (rc == EOF) - { - gnutls_assert (); - cdk_stream_close (s); - return GNUTLS_E_INTERNAL_ERROR; - } - - *output_data_size = rc; - if (*output_data_size != cdk_stream_get_length (s)) - { - *output_data_size = cdk_stream_get_length (s); - cdk_stream_close (s); - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - cdk_stream_close (s); + + rc = cdk_armor_encode_buffer (in, input_data_size, + output_data, input_data_size, &calc_size, + CDK_ARMOR_PUBKEY); + cdk_free (in); + *output_data_size = calc_size; } return 0; @@ -243,7 +214,8 @@ gnutls_openpgp_key_get_fingerprint (gnutls_openpgp_key_t key, pk = pkt->pkt.public_key; *fprlen = 20; - + + /* FIXME: Check if the draft allows old PGP keys. */ if (is_RSA (pk->pubkey_algo) && pk->version < 4) *fprlen = 16; cdk_pk_get_fingerprint (pk, fpr); @@ -254,15 +226,18 @@ gnutls_openpgp_key_get_fingerprint (gnutls_openpgp_key_t key, int _gnutls_openpgp_count_key_names (gnutls_openpgp_key_t key) { - cdk_kbnode_t p, ctx = NULL; + cdk_kbnode_t p, ctx; cdk_packet_t pkt; - int nuids = 0; + int nuids; if (key == NULL) { gnutls_assert (); return 0; } + + ctx = NULL; + nuids = 0; while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) { pkt = cdk_kbnode_get_packet (p); @@ -296,8 +271,6 @@ gnutls_openpgp_key_get_name (gnutls_openpgp_key_t key, cdk_packet_t pkt = NULL; cdk_pkt_userid_t uid = NULL; int pos = 0; - size_t size = 0; - int rc = 0; if (!key || !buf) { @@ -306,9 +279,7 @@ gnutls_openpgp_key_get_name (gnutls_openpgp_key_t key, } if (idx < 0 || idx > _gnutls_openpgp_count_key_names (key)) - { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; if (!idx) pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_USER_ID); @@ -324,33 +295,24 @@ gnutls_openpgp_key_get_name (gnutls_openpgp_key_t key, } if (!pkt) - { - rc = GNUTLS_E_INTERNAL_ERROR; - goto leave; - } + return GNUTLS_E_INTERNAL_ERROR; uid = pkt->pkt.user_id; - if (uid->len >= *sizeof_buf) { gnutls_assert (); *sizeof_buf = uid->len + 1; - rc = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto leave; + return GNUTLS_E_SHORT_MEMORY_BUFFER; } memcpy (buf, uid->name, uid->len); - buf[uid->len] = '\0'; /* make sure it's a string */ + buf[uid->len] = '\0'; /* make sure it's a string */ *sizeof_buf = uid->len + 1; if (uid->is_revoked) - { - rc = GNUTLS_E_OPENPGP_UID_REVOKED; - goto leave; - } + return GNUTLS_E_OPENPGP_UID_REVOKED; -leave: - return rc; + return 0; } /** @@ -374,11 +336,12 @@ gnutls_openpgp_key_get_pk_algorithm (gnutls_openpgp_key_t key, unsigned int *bits) { cdk_packet_t pkt; - int algo = 0; + int algo; if (!key) - return GNUTLS_E_INVALID_REQUEST; - + return GNUTLS_PK_UNKNOWN; + + algo = 0; pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) { @@ -392,7 +355,7 @@ gnutls_openpgp_key_get_pk_algorithm (gnutls_openpgp_key_t key, else algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM; } - + return algo; } @@ -407,7 +370,7 @@ int gnutls_openpgp_key_get_version (gnutls_openpgp_key_t key) { cdk_packet_t pkt; - int version = 0; + int version; if (!key) return -1; @@ -415,6 +378,8 @@ gnutls_openpgp_key_get_version (gnutls_openpgp_key_t key) pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); if (pkt) version = pkt->pkt.public_key->version; + else + version = 0; return version; } @@ -430,7 +395,7 @@ time_t gnutls_openpgp_key_get_creation_time (gnutls_openpgp_key_t key) { cdk_packet_t pkt; - time_t timestamp = 0; + time_t timestamp; if (!key) return (time_t) - 1; @@ -438,6 +403,8 @@ gnutls_openpgp_key_get_creation_time (gnutls_openpgp_key_t key) pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); if (pkt) timestamp = pkt->pkt.public_key->timestamp; + else + timestamp = 0; return timestamp; } @@ -454,7 +421,7 @@ time_t gnutls_openpgp_key_get_expiration_time (gnutls_openpgp_key_t key) { cdk_packet_t pkt; - time_t expiredate = 0; + time_t expiredate; if (!key) return (time_t) - 1; @@ -462,6 +429,8 @@ gnutls_openpgp_key_get_expiration_time (gnutls_openpgp_key_t key) pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); if (pkt) expiredate = pkt->pkt.public_key->expiredate; + else + expiredate = 0; return expiredate; } @@ -477,7 +446,6 @@ int gnutls_openpgp_key_get_id (gnutls_openpgp_key_t key, unsigned char keyid[8]) { cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; uint32_t kid[2]; if (!key || !keyid) @@ -490,8 +458,7 @@ gnutls_openpgp_key_get_id (gnutls_openpgp_key_t key, unsigned char keyid[8]) if (!pkt) return GNUTLS_E_OPENPGP_GETKEY_FAILED; - pk = pkt->pkt.public_key; - cdk_pk_get_keyid (pk, kid); + cdk_pk_get_keyid (pkt->pkt.public_key, kid); keyid[0] = kid[0] >> 24; keyid[1] = kid[0] >> 16; keyid[2] = kid[0] >> 8; @@ -520,43 +487,37 @@ int gnutls_openpgp_key_check_hostname (gnutls_openpgp_key_t key, const char *hostname) { - char dnsname[MAX_CN]; size_t dnsnamesize; - int ret = 0; - int i = 0; + int ret; + int i; - /* Check through all included names. - */ + /* Check through all included names. */ for (i = 0; !(ret < 0); i++) { - dnsnamesize = sizeof (dnsname); ret = gnutls_openpgp_key_get_name (key, i, dnsname, &dnsnamesize); - + /* FIXME: ret is not used */ if (_gnutls_hostname_compare (dnsname, hostname)) - { - return 1; - } + return 1; } - /* not found a matching name - */ + /* not found a matching name */ return 0; } /** - * gnutls_openpgp_key_get_key_usage - This function returns the key's usage - * @key: should contain a gnutls_openpgp_key_t structure - * @key_usage: where the key usage bits will be stored - * - * This function will return certificate's key usage, by checking the - * key algorithm. The key usage value will ORed values of the: - * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_KEY_ENCIPHERMENT. - * - * A negative value may be returned in case of parsing error. - * - **/ + * gnutls_openpgp_key_get_key_usage - This function returns the key's usage + * @key: should contain a gnutls_openpgp_key_t structure + * @key_usage: where the key usage bits will be stored + * + * This function will return certificate's key usage, by checking the + * key algorithm. The key usage value will ORed values of the: + * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_KEY_ENCIPHERMENT. + * + * A negative value may be returned in case of parsing error. + * + */ int gnutls_openpgp_key_get_key_usage (gnutls_openpgp_key_t key, unsigned int *key_usage) @@ -573,7 +534,10 @@ gnutls_openpgp_key_get_key_usage (gnutls_openpgp_key_t key, if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) { algo = pkt->pkt.public_key->pubkey_algo; - + + /* FIXME: We need to take a look at the key flags because + RSA-E and RSA-S are obsolete. Only RSA is used + and the flags are used to set the capabilities. */ if (is_DSA (algo) || algo == GCRY_PK_RSA_S) *key_usage |= KEY_DIGITAL_SIGNATURE; else if (algo == GCRY_PK_RSA_E) diff --git a/libextra/openpgp/pgpverify.c b/libextra/openpgp/pgpverify.c index f3b272dbe5..df22bd77aa 100644 --- a/libextra/openpgp/pgpverify.c +++ b/libextra/openpgp/pgpverify.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation + * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation * * Author: Timo Schulz, Nikos Mavroyanopoulos * @@ -36,11 +36,10 @@ static int openpgp_get_key_trust (gnutls_openpgp_trustdb_t trustdb, gnutls_openpgp_key_t key, unsigned int *r_trustval) { - cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; - int flags = 0, ot = 0; - int rc = 0; + int rc; + /* FIXME: This operation is not supported any longer. */ + if (!trustdb || !key || !r_trustval) { gnutls_assert (); @@ -48,40 +47,12 @@ openpgp_get_key_trust (gnutls_openpgp_trustdb_t trustdb, } *r_trustval = 0; - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - { - rc = GNUTLS_E_NO_CERTIFICATE_FOUND; - goto leave; - } - pk = pkt->pkt.public_key; - - rc = cdk_trustdb_get_ownertrust (trustdb->st, pk, &ot, &flags); - - if (rc) - { /* no ownertrust record was found */ - rc = 0; - goto leave; - } - - if (flags & CDK_TFLAG_DISABLED) - { - *r_trustval |= GNUTLS_CERT_INVALID; - goto leave; - } - - if (flags & CDK_TFLAG_REVOKED) - { - *r_trustval |= GNUTLS_CERT_REVOKED; - } - rc = 0; - -leave: + return rc; } + /** * gnutls_openpgp_key_verify_ring - Verify all signatures in the key * @key: the structure that holds the key. @@ -109,9 +80,9 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, gnutls_openpgp_keyring_t keyring, unsigned int flags, unsigned int *verify) { - int rc = 0; - int status = 0; opaque id[8]; + cdk_error_t rc; + int status; if (!key || !keyring) { @@ -120,16 +91,15 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, } *verify = 0; - - rc = cdk_pk_check_sigs (key->knode, keyring->hd, &status); + + rc = cdk_pk_check_sigs (key->knode, keyring->db, &status); if (rc == CDK_Error_No_Key) { rc = GNUTLS_E_NO_CERTIFICATE_FOUND; gnutls_assert (); return rc; } - - if (rc) + else if (rc) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); @@ -143,8 +113,7 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, if (status & CDK_KEY_NOSIGNER) *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND; - /* Check if the key is included in the ring. - */ + /* Check if the key is included in the ring. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) { rc = gnutls_openpgp_key_get_id (key, id); @@ -155,23 +124,15 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, } rc = gnutls_openpgp_keyring_check_id (keyring, id, 0); - - /* if it exists in the keyring don't treat it - * as unknown. - */ + /* If it exists in the keyring don't treat it as unknown. */ if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; } - + return 0; } -int _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig, - cdk_md_hd_t digest, int *r_expired); -cdk_md_hd_t cdk_md_open (int algo, unsigned int flags); -void cdk_md_close (cdk_md_hd_t hd); - /** * gnutls_openpgp_key_verify_self - Verify the self signature on the key * @key: the structure that holds the key. @@ -190,81 +151,19 @@ int gnutls_openpgp_key_verify_self (gnutls_openpgp_key_t key, unsigned int flags, unsigned int *verify) { - opaque key_id[8]; - cdk_kbnode_t k; - int rc, expired; - cdk_packet_t packet = NULL; - cdk_md_hd_t md = NULL; - cdk_packet_t pk = NULL; - - *verify = 0; - - pk = cdk_kbnode_get_packet (key->knode); - if (!pk) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - rc = gnutls_openpgp_key_get_id (key, key_id); - if (rc < 0) - { - gnutls_assert (); - goto leave; - } - - k = key->knode; - - while ((k = cdk_kbnode_find_next (k, CDK_PKT_SIGNATURE)) != NULL) - { - - packet = cdk_kbnode_get_packet (k); - if (!packet) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (memcmp (key_id, packet->pkt.signature->keyid, 8) == 0) - { - /* found the self signature. - */ - md = cdk_md_open (packet->pkt.signature->digest_algo, 0); - if (!md) - { - gnutls_assert (); - rc = GNUTLS_E_INTERNAL_ERROR; - goto leave; - } - - cdk_kbnode_hash (key->knode, md, 0, 0, 0); - - rc = _cdk_sig_check (pk->pkt.public_key, packet->pkt.signature, - md, &expired); - - if (rc != 0) - { - *verify |= GNUTLS_CERT_INVALID; - } - - break; - } - - cdk_pkt_free (packet); - packet = NULL; + int status; + cdk_error_t rc; - } - - rc = 0; - -leave: + rc = cdk_pk_check_self_sig (key->knode, &status); + if (rc || status != CDK_KEY_VALID) + *verify |= GNUTLS_CERT_INVALID; + else + *verify = 0; - cdk_pkt_free (packet); - cdk_pkt_free (pk); - cdk_md_close (md); - return rc; + return 0; } + /** * gnutls_openpgp_key_verify_trustdb - Verify all signatures in the key * @key: the structure that holds the key. @@ -291,8 +190,10 @@ gnutls_openpgp_key_verify_trustdb (gnutls_openpgp_key_t key, gnutls_openpgp_trustdb_t trustdb, unsigned int flags, unsigned int *verify) { - int rc = 0; - + int rc; + + /* FIXME: The code currently does nothing. */ + if (!key) { gnutls_assert (); @@ -307,14 +208,6 @@ gnutls_openpgp_key_verify_trustdb (gnutls_openpgp_key_t key, rc = openpgp_get_key_trust (trustdb, key, verify); if (rc) - goto leave; - - rc = 0; - -leave: - if (rc) - { - gnutls_assert (); - } + gnutls_assert (); return rc; } diff --git a/libextra/openpgp/privkey.c b/libextra/openpgp/privkey.c index 2ba49df140..4865e0557a 100644 --- a/libextra/openpgp/privkey.c +++ b/libextra/openpgp/privkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation + * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation * * Author: Nikos Mavroyanopoulos * @@ -35,33 +35,31 @@ #include <gnutls_cert.h> /** - * gnutls_openpgp_privkey_init - This function initializes a gnutls_openpgp_privkey_t structure - * @key: The structure to be initialized - * - * This function will initialize an OpenPGP key structure. - * - * Returns 0 on success. - * - **/ + * gnutls_openpgp_privkey_init - This function initializes a gnutls_openpgp_privkey_t structure + * @key: The structure to be initialized + * + * This function will initialize an OpenPGP key structure. + * + * Returns 0 on success. + * + **/ int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key) { *key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int)); if (*key) - { - return 0; /* success */ - } + return 0; /* success */ return GNUTLS_E_MEMORY_ERROR; } /** - * gnutls_openpgp_privkey_deinit - This function deinitializes memory used by a gnutls_openpgp_privkey_t structure - * @key: The structure to be initialized - * - * This function will deinitialize a key structure. - * - **/ + * gnutls_openpgp_privkey_deinit - This function deinitializes memory used by a gnutls_openpgp_privkey_t structure + * @key: The structure to be initialized + * + * This function will deinitialize a key structure. + * + **/ void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key) { @@ -73,19 +71,19 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key) } /** - * gnutls_openpgp_privkey_import - This function will import a RAW or BASE64 encoded key - * @key: The structure to store the parsed key. - * @data: The RAW or BASE64 encoded key. - * @format: One of gnutls_openpgp_key_fmt_t elements. - * @pass: Unused for now - * @flags: should be zero - * - * This function will convert the given RAW or Base64 encoded key - * to the native gnutls_openpgp_privkey_t format. The output will be stored in 'key'. - * - * Returns 0 on success. - * - **/ + * gnutls_openpgp_privkey_import - This function will import a RAW or BASE64 encoded key + * @key: The structure to store the parsed key. + * @data: The RAW or BASE64 encoded key. + * @format: One of gnutls_openpgp_key_fmt_t elements. + * @pass: Unused for now + * @flags: should be zero + * + * This function will convert the given RAW or Base64 encoded key + * to the native gnutls_openpgp_privkey_t format. The output will be stored in 'key'. + * + * Returns 0 on success. + * + **/ int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, const gnutls_datum_t * data, @@ -94,8 +92,7 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, { int rc; - rc = _gnutls_openpgp_raw_privkey_to_gkey (&key->pkey, data, - format); + rc = _gnutls_openpgp_raw_privkey_to_gkey (&key->pkey, data, format); if (rc) { gnutls_assert (); @@ -105,22 +102,23 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, return 0; } + /** - * gnutls_openpgp_privkey_get_pk_algorithm - This function returns the key's PublicKey algorithm - * @key: is an OpenPGP key - * @bits: if bits is non null it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of an OpenPGP - * certificate. - * - * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public exponent. - * - * Returns a member of the GNUTLS_PKAlgorithm enumeration on success, - * or a negative value on error. - * - **/ + * gnutls_openpgp_privkey_get_pk_algorithm - This function returns the key's PublicKey algorithm + * @key: is an OpenPGP key + * @bits: if bits is non null it will hold the size of the parameters' in bits + * + * This function will return the public key algorithm of an OpenPGP + * certificate. + * + * If bits is non null, it should have enough size to hold the parameters + * size in bits. For RSA the bits returned is the modulus. + * For DSA the bits returned are of the public exponent. + * + * Returns a member of the GNUTLS_PKAlgorithm enumeration on success, + * or a negative value on error. + * + **/ gnutls_pk_algorithm_t gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, unsigned int *bits) @@ -135,5 +133,6 @@ gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, if (pk == GNUTLS_PK_DSA) *bits = _gnutls_mpi_get_nbits (key->pkey.params[3]); } + return pk; } diff --git a/libextra/openpgp/xml.c b/libextra/openpgp/xml.c index 0c83df2bb9..5c46299f52 100644 --- a/libextra/openpgp/xml.c +++ b/libextra/openpgp/xml.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation + * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation * * Author: Timo Schulz, Nikos Mavroyanopoulos * @@ -55,7 +55,7 @@ xml_add_mpi2 (gnutls_string * xmlkey, const uint8_t * data, size_t count, { char *p = NULL; size_t i; - int rc = 0; + int rc; if (!xmlkey || !data || !tag) { @@ -84,11 +84,11 @@ static int xml_add_mpi (gnutls_string * xmlkey, cdk_pkt_pubkey_t pk, int idx, const char *tag) { - uint8_t buf[4096]; + uint8_t buf[4096]; /* Maximal supported MPI of size 32786 bits */ size_t nbytes; - nbytes = sizeof buf - 1; - cdk_pk_get_mpi (pk, idx, buf, &nbytes, NULL); + nbytes = 4096; + cdk_pk_get_mpi (pk, idx, buf, nbytes, &nbytes, NULL); return xml_add_mpi2 (xmlkey, buf, nbytes, tag); } @@ -126,6 +126,7 @@ xml_add_key_mpi (gnutls_string * xmlkey, cdk_pkt_pubkey_t pk) } else if (is_ELG (pk->pubkey_algo)) { + /* FIXME: Does GnuTLS supports ElGamal? */ rc = xml_add_mpi (xmlkey, pk, 0, "ELG-P"); if (!rc) rc = xml_add_mpi (xmlkey, pk, 1, "ELG-G"); @@ -158,7 +159,8 @@ xml_add_key (gnutls_string * xmlkey, int ext, cdk_pkt_pubkey_t pk, int sub) _gnutls_string_append_str (xmlkey, s); cdk_pk_get_keyid (pk, kid); - snprintf (keyid, 16, "%08lX%08lX", kid[0], kid[1]); + snprintf (keyid, 16, "%08lX%08lX", + (unsigned long)kid[0], (unsigned long)kid[1]); rc = xml_add_tag (xmlkey, "KEYID", keyid); if (rc) return rc; @@ -176,7 +178,7 @@ xml_add_key (gnutls_string * xmlkey, int ext, cdk_pkt_pubkey_t pk, int sub) else if (is_RSA (pk->pubkey_algo)) algo = "RSA"; else if (is_ELG (pk->pubkey_algo)) - algo = "ELG"; + algo = "ELG"; /* FIXME: Same here is ElGamal supported? */ else algo = "???"; rc = xml_add_tag (xmlkey, "PKALGO", algo); @@ -188,7 +190,7 @@ xml_add_key (gnutls_string * xmlkey, int ext, cdk_pkt_pubkey_t pk, int sub) if (rc) return rc; - sprintf (tmp, "%lu", pk->timestamp); + sprintf (tmp, "%lu", (unsigned long)pk->timestamp); rc = xml_add_tag (xmlkey, "CREATED", tmp); if (rc) return rc; @@ -226,7 +228,7 @@ xml_add_userid (gnutls_string * xmlkey, int ext, { const char *s; char tmp[32]; - int rc = 0; + int rc; if (!xmlkey || !dn || !id) { @@ -266,7 +268,7 @@ xml_add_sig (gnutls_string * xmlkey, int ext, cdk_pkt_signature_t sig) const char *algo, *s; char tmp[32], keyid[16]; unsigned int kid[2]; - int rc = 0; + int rc; if (!xmlkey || !sig) { @@ -302,7 +304,7 @@ xml_add_sig (gnutls_string * xmlkey, int ext, cdk_pkt_signature_t sig) case GCRY_PK_DSA: algo = "DSA"; break; - case GCRY_PK_ELG: + case GCRY_PK_ELG: /* FIXME: Is ElGamal needed? */ case GCRY_PK_ELG_E: algo = "ELG"; break; @@ -329,6 +331,15 @@ xml_add_sig (gnutls_string * xmlkey, int ext, cdk_pkt_signature_t sig) case GCRY_MD_MD5: algo = "MD5"; break; + case GCRY_MD_SHA256: + algo = "SHA256"; + break; + case GCRY_MD_SHA384: + algo = "SHA384"; + break; + case GCRY_MD_SHA512: + algo = "SHA512"; + break; default: algo = "???"; } @@ -337,13 +348,14 @@ xml_add_sig (gnutls_string * xmlkey, int ext, cdk_pkt_signature_t sig) return rc; } - sprintf (tmp, "%lu", sig->timestamp); + sprintf (tmp, "%lu", (unsigned long)sig->timestamp); rc = xml_add_tag (xmlkey, "CREATED", tmp); if (rc) return rc; cdk_sig_get_keyid (sig, kid); - snprintf (keyid, 16, "%08lX%08lX", kid[0], kid[1]); + snprintf (keyid, 16, "%08lX%08lX", + (unsigned long)kid[0], (unsigned long)kid[1]); rc = xml_add_tag (xmlkey, "KEYID", keyid); if (rc) return rc; @@ -409,7 +421,7 @@ gnutls_openpgp_key_to_xml (gnutls_openpgp_key_t key, break; case CDK_PKT_USER_ID: - name_len = sizeof (name); + name_len = sizeof (name) / sizeof (name[0]); gnutls_openpgp_key_get_name (key, idx, name, &name_len); rc = xml_add_userid (&string_xml_key, ext, name, pkt->pkt.user_id); idx++; |