diff options
author | Simon Josefsson <simon@josefsson.org> | 2008-01-15 08:42:58 +0100 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2008-01-15 08:42:58 +0100 |
commit | 08d25eff9129f5014b570a5a9b75584c0ab4cfc6 (patch) | |
tree | 5d7c5e5788654d000e7905ac8b97d2ebb2194852 /libextra | |
parent | 965b369c4eb1bd2c0ed2cfdb41dceed75e108674 (diff) | |
download | gnutls-08d25eff9129f5014b570a5a9b75584c0ab4cfc6.tar.gz |
Remove openpgp files moved to lib/openpgp/.
Diffstat (limited to 'libextra')
-rw-r--r-- | libextra/openpgp/Makefile.am | 50 | ||||
-rw-r--r-- | libextra/openpgp/compat.c | 247 | ||||
-rw-r--r-- | libextra/openpgp/extras.c | 172 | ||||
-rw-r--r-- | libextra/openpgp/gnutls_openpgp.h | 98 | ||||
-rw-r--r-- | libextra/openpgp/openpgp.h | 87 | ||||
-rw-r--r-- | libextra/openpgp/pgp.c | 550 | ||||
-rw-r--r-- | libextra/openpgp/pgpverify.c | 144 | ||||
-rw-r--r-- | libextra/openpgp/privkey.c | 135 |
8 files changed, 0 insertions, 1483 deletions
diff --git a/libextra/openpgp/Makefile.am b/libextra/openpgp/Makefile.am deleted file mode 100644 index 512aeb65ae..0000000000 --- a/libextra/openpgp/Makefile.am +++ /dev/null @@ -1,50 +0,0 @@ -## Process this file with automake to produce Makefile.in -# Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation -# -# Author: Nikos Mavrogiannopoulos -# -# This file is part of GNUTLS-EXTRA. -# -# GNUTLS-EXTRA is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 3 of the -# License, or (at your option) any later version. -# -# GNUTLS-EXTRA is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GNUTLS-EXTRA; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. - -AM_CPPFLAGS = -I$(top_srcdir)/lgl -I$(top_builddir)/lgl \ - -I$(top_srcdir)/crypto -I$(top_srcdir)/lib \ - -I$(top_srcdir)/includes -I../../includes \ - -I$(top_srcdir)/libextra/opencdk - -if ENABLE_MINITASN1 -AM_CPPFLAGS += -I$(top_srcdir)/lib/minitasn1 -else -AM_CPPFLAGS += $(LIBTASN1_CFLAGS) -endif - -noinst_LTLIBRARIES = libgnutls_openpgp.la - -COBJECTS = pgp.c pgpverify.c extras.c compat.c privkey.c - -libgnutls_openpgp_la_SOURCES = $(COBJECTS) openpgp.h gnutls_openpgp.h - -EXTRA_DIST = pgp-api.texi - -pgp-api.texi: $(COBJECTS) - @echo "" > pgp-api.texi - @for i in ../gnutls_openpgp.c $(COBJECTS); do \ - echo -n "Creating documentation for file $$i... " && \ - $(top_srcdir)/doc/scripts/gdoc -texinfo $$i >> pgp-api.texi && \ - echo "ok"; \ - done - -dist-hook: pgp-api.texi diff --git a/libextra/openpgp/compat.c b/libextra/openpgp/compat.c deleted file mode 100644 index c04d861ab7..0000000000 --- a/libextra/openpgp/compat.c +++ /dev/null @@ -1,247 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Timo Schulz, Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS-EXTRA. - * - * GNUTLS-EXTRA is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GNUTLS-EXTRA is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -/* Compatibility functions on OpenPGP key parsing. - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_openpgp.h> -#include <openpgp.h> - -/*- - * gnutls_openpgp_verify_key - Verify all signatures on the key - * @cert_list: the structure that holds the certificates. - * @cert_list_lenght: the items in the cert_list. - * @status: the output of the verification function - * - * Verify all signatures in the certificate list. When the key - * is not available, the signature is skipped. - * - * The return value is one of the CertificateStatus entries. - * - * NOTE: this function does not verify using any "web of trust". You - * may use GnuPG for that purpose, or any other external PGP application. - -*/ -int -_gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int *status) -{ - int ret = 0; - gnutls_openpgp_crt_t key = NULL; - unsigned int verify = 0, verify_self = 0; - - if (!cert_list || cert_list_length != 1) - { - gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_crt_import (key, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - goto leave; - } - -#ifndef KEYRING_HACK - if (cred->keyring != NULL) - { - ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify); - if (ret < 0) - { - gnutls_assert (); - goto leave; - } - } -#else - { - gnutls_openpgp_keyring_t kring; - - ret = gnutls_openpgp_keyring_init( &kring); - if ( ret < 0) { - gnutls_assert(); - return ret; - } - - ret = gnutls_openpgp_keyring_import( kring, &cred->keyring, cred->keyring_format); - if ( ret < 0) { - gnutls_assert(); - gnutls_openpgp_keyring_deinit( kring); - return ret; - } - - ret = gnutls_openpgp_crt_verify_ring (key, kring, 0, &verify); - if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_keyring_deinit( kring); - return ret; - } - gnutls_openpgp_keyring_deinit( kring); - } -#endif - - /* Now try the self signature. */ - ret = gnutls_openpgp_crt_verify_self (key, 0, &verify_self); - if (ret < 0) - { - gnutls_assert (); - goto leave; - } - - *status = verify_self | verify; - -#ifndef KEYRING_HACK - /* If we only checked the self signature. */ - if (!cred->keyring) -#else - if (!cred->keyring.data || !cred->keyring.size) -#endif - *status |= GNUTLS_CERT_SIGNER_NOT_FOUND; - - - ret = 0; - -leave: - gnutls_openpgp_crt_deinit (key); - - return ret; -} - -/*- - * gnutls_openpgp_fingerprint - Gets the fingerprint - * @cert: the raw data that contains the OpenPGP public key. - * @fpr: the buffer to save the fingerprint. - * @fprlen: the integer to save the length of the fingerprint. - * - * Returns the fingerprint of the OpenPGP key. Depence on the algorithm, - * the fingerprint can be 16 or 20 bytes. - -*/ -int -_gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, - unsigned char *fpr, size_t * fprlen) -{ - gnutls_openpgp_crt_t key; - int ret; - - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_crt_get_fingerprint (key, fpr, fprlen); - gnutls_openpgp_crt_deinit (key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; -} - -/*- - * gnutls_openpgp_get_raw_key_creation_time - Extract the timestamp - * @cert: the raw data that contains the OpenPGP public key. - * - * Returns the timestamp when the OpenPGP key was created. - -*/ -time_t -_gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert) -{ - gnutls_openpgp_crt_t key; - int ret; - time_t tim; - - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - tim = gnutls_openpgp_crt_get_creation_time (key); - - gnutls_openpgp_crt_deinit (key); - - return tim; -} - - -/*- - * gnutls_openpgp_get_raw_key_expiration_time - Extract the expire date - * @cert: the raw data that contains the OpenPGP public key. - * - * Returns the time when the OpenPGP key expires. A value of '0' means - * that the key doesn't expire at all. - -*/ -time_t -_gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * cert) -{ - gnutls_openpgp_crt_t key; - int ret; - time_t tim; - - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - tim = gnutls_openpgp_crt_get_expiration_time (key); - - gnutls_openpgp_crt_deinit (key); - - return tim; -} diff --git a/libextra/openpgp/extras.c b/libextra/openpgp/extras.c deleted file mode 100644 index 1ba873c496..0000000000 --- a/libextra/openpgp/extras.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos, Timo Schulz - * - * This file is part of GNUTLS-EXTRA. - * - * GNUTLS-EXTRA is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GNUTLS-EXTRA is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -/* Functions on OpenPGP keyring parsing - */ - -#include <gnutls_int.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <gnutls_openpgp.h> -#include <gnutls_num.h> -#include <openpgp.h> - -/* Keyring stuff. - */ - -/** - * gnutls_openpgp_keyring_init - This function initializes a gnutls_openpgp_keyring_t structure - * @keyring: The structure to be initialized - * - * This function will initialize an OpenPGP keyring structure. - * - * Returns 0 on success. - * - **/ -int -gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring) -{ - *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int)); - - if (*keyring) - return 0; /* success */ - return GNUTLS_E_MEMORY_ERROR; -} - - -/** - * gnutls_openpgp_keyring_deinit - This function deinitializes memory used by a gnutls_openpgp_keyring_t structure - * @keyring: The structure to be initialized - * - * This function will deinitialize a keyring structure. - * - **/ -void -gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring) -{ - if (!keyring) - return; - - if (keyring->db) - { - cdk_keydb_free (keyring->db); - keyring->db = NULL; - } - - /* In some cases the stream is also stored outside the keydb context - and we need to close it here then. */ - if (keyring->db_stream) - { - cdk_stream_close (keyring->db_stream); - keyring->db_stream = NULL; - } - - gnutls_free (keyring); -} - -/** - * gnutls_openpgp_keyring_check_id - Check if a key id exists in the keyring - * @ring: holds the keyring to check against - * @keyid: will hold the keyid to check for. - * @flags: unused (should be 0) - * - * Check if a given key ID exists in the keyring. - * - * Returns 0 on success (if keyid exists) and a negative error code - * on failure. - **/ -int -gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, - const unsigned char keyid[8], - unsigned int flags) -{ - cdk_pkt_pubkey_t pk; - uint32_t id[2]; - - id[0] = _gnutls_read_uint32 (keyid); - id[1] = _gnutls_read_uint32 (&keyid[4]); - - if (!cdk_keydb_get_pk (ring->db, id, &pk)) - { - cdk_pk_release (pk); - return 0; - } - - _gnutls_debug_log ("PGP: key not found %08lX\n", (unsigned long)id[1]); - return GNUTLS_E_NO_CERTIFICATE_FOUND; -} - -/** - * gnutls_openpgp_keyring_import - Import a raw- or Base64-encoded OpenPGP keyring - * @keyring: The structure to store the parsed key. - * @data: The RAW or BASE64 encoded keyring. - * @format: One of #gnutls_openpgp_keyring_fmt elements. - * - * This function will convert the given RAW or Base64 encoded keyring to the - * native #gnutls_openpgp_keyring_t format. The output will be stored in - * 'keyring'. - * - * Returns 0 on success. - * - **/ -int -gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t *data, - gnutls_openpgp_crt_fmt_t format) -{ - cdk_error_t err; - cdk_stream_t input; - - _gnutls_debug_log ("PGP: keyring import format '%s'\n", - format == GNUTLS_OPENPGP_FMT_RAW? "raw" : "base64"); - - if (format == GNUTLS_OPENPGP_FMT_RAW) - { - err = cdk_keydb_new (&keyring->db, CDK_DBTYPE_DATA, - data->data, data->size); - if (err) - gnutls_assert (); - return _gnutls_map_cdk_rc (err); - } - - /* Create a new stream from the given data, which means to - allocate a new stream and to write the data in the stream. - Then push the armor filter to decode the data and to store - it in the raw format. */ - err = cdk_stream_tmp_from_mem (data->data, data->size, &input); - if (!err) - err = cdk_stream_set_armor_flag (input, 0); - if (!err) - err = cdk_keydb_new_from_stream (&keyring->db, 0, input); - if (err) - { - cdk_stream_close (input); - gnutls_assert (); - } - else - /* The keydb function will not close the stream itself, so we need to - store it separately to close it later. */ - keyring->db_stream = input; - - return _gnutls_map_cdk_rc (err); -} - diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h deleted file mode 100644 index 9894b084ba..0000000000 --- a/libextra/openpgp/gnutls_openpgp.h +++ /dev/null @@ -1,98 +0,0 @@ -#include <config.h> - -#ifdef ENABLE_OPENPGP - -#ifndef GNUTLS_OPENPGP_H -#define GNUTLS_OPENPGP_H - -#include <auth_cert.h> -#include <opencdk.h> - -typedef struct -{ - int type; - size_t size; - uint8_t *data; -} keybox_blob; - -typedef enum -{ - KBX_BLOB_FILE = 0x00, - KBX_BLOB_DATA = 0x01 -} keyring_blob_types; - -/* OpenCDK compatible */ -typedef enum -{ - KEY_ATTR_NONE = 0, - KEY_ATTR_SHORT_KEYID = 3, - KEY_ATTR_KEYID = 4, - KEY_ATTR_FPR = 5 -} key_attr_t; - -int -gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t - res, const char *CERTFILE, - const char *KEYFILE, gnutls_openpgp_crt_fmt_t); - -int gnutls_openpgp_count_key_names (const gnutls_datum_t * cert); - -int gnutls_certificate_set_openpgp_keyring_file - (gnutls_certificate_credentials_t c, const char *file, gnutls_openpgp_crt_fmt_t); - -int -gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t - c, const opaque * data, - size_t dlen, gnutls_openpgp_crt_fmt_t); - -int gnutls_openpgp_get_key (gnutls_datum_t * key, - gnutls_openpgp_keyring_t keyring, - key_attr_t by, opaque * pattern); - -int gnutls_openpgp_recv_key (const char *host, - short port, uint32_t keyid, - gnutls_datum_t * key); - -/* internal */ -int _gnutls_openpgp_raw_key_to_gcert (gnutls_cert * cert, - const gnutls_datum_t * raw); - -int -_gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey * pkey, - const gnutls_datum_t * raw_key, - gnutls_openpgp_crt_fmt_t format); - -int -_gnutls_openpgp_request_key (gnutls_session_t, - gnutls_datum_t * ret, - const gnutls_certificate_credentials_t cred, - opaque * key_fpr, int key_fpr_size); - -int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int *status); -int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, - unsigned char *fpr, size_t * fprlen); -time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * - cert); -time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * - cert); - -int -gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key); - -int -gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key); - -void -gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key); - -int -gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const char *pass, unsigned int flags); - -#endif /*GNUTLS_OPENPGP_H */ - -#endif /*ENABLE_OPENPGP */ diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h deleted file mode 100644 index ecdee694cc..0000000000 --- a/libextra/openpgp/openpgp.h +++ /dev/null @@ -1,87 +0,0 @@ -#ifndef OPENPGP_H -# define OPENPGP_H - -#if HAVE_CONFIG_H -# include <config.h> -#endif - -#ifdef ENABLE_OPENPGP - -#include <opencdk.h> - -/* Internal context to store the OpenPGP key. */ -typedef struct gnutls_openpgp_crt_int -{ - cdk_kbnode_t knode; -} gnutls_openpgp_crt_int; - - -/* Internal context to store the private OpenPGP key. */ -typedef struct gnutls_openpgp_privkey_int -{ - gnutls_privkey pkey; -} gnutls_openpgp_privkey_int; - - -typedef struct gnutls_openpgp_keyring_int -{ - cdk_keydb_hd_t db; - cdk_stream_t db_stream; -} gnutls_openpgp_keyring_int; - - -typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t; - -int _gnutls_map_cdk_rc (int rc); -int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, - int idx, char *buf, size_t * sizeof_buf); -int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, - void *fpr, size_t * fprlen); -gnutls_pk_algorithm_t -gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int *bits); -int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key); -time_t gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key); -time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key); -int gnutls_openpgp_crt_get_id (gnutls_openpgp_crt_t key, - unsigned char keyid[8]); - -int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key); -void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key); -int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format); -int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - void *output_data, size_t * output_data_size); - -void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring); -int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring); -int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format); -int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, - const unsigned char keyid[8], - unsigned int flags); - -int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyring_t keyring, - unsigned int flags, unsigned int *verify); - -int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key, - unsigned int flags, unsigned int *verify); - -int _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, - gnutls_openpgp_crt_t cert); -int _gnutls_openpgp_privkey_to_gkey (gnutls_privkey * dest, - gnutls_openpgp_privkey_t src); - -void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key); - -#else /* no opencdk */ - -typedef void *gnutls_openpgp_keyring_t; - -#endif /* ENABLE_OPENPGP */ - -#endif /* OPENPGP_H */ diff --git a/libextra/openpgp/pgp.c b/libextra/openpgp/pgp.c deleted file mode 100644 index 6ca76f6595..0000000000 --- a/libextra/openpgp/pgp.c +++ /dev/null @@ -1,550 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Timo Schulz, Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS-EXTRA. - * - * GNUTLS-EXTRA is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GNUTLS-EXTRA is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -/* Functions on OpenPGP key parsing - */ - -#include <gnutls_int.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <openpgp.h> -#include <x509/rfc2818.h> - - -/** - * gnutls_openpgp_crt_init - This function initializes a gnutls_openpgp_crt_t structure - * @key: The structure to be initialized - * - * This function will initialize an OpenPGP key structure. - * - * Returns 0 on success. - * - **/ -int -gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key) -{ - *key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int)); - - if (*key) - return 0; /* success */ - return GNUTLS_E_MEMORY_ERROR; -} - -/** - * gnutls_openpgp_crt_deinit - This function deinitializes memory used by a gnutls_openpgp_crt_t structure - * @key: The structure to be initialized - * - * This function will deinitialize a key structure. - **/ -void -gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key) -{ - if (!key) - return; - - if (key->knode) - { - cdk_kbnode_release (key->knode); - key->knode = NULL; - } - - gnutls_free (key); -} - -/** - * gnutls_openpgp_crt_import - This function will import a RAW or BASE64 encoded key - * @key: The structure to store the parsed key. - * @data: The RAW or BASE64 encoded key. - * @format: One of gnutls_openpgp_crt_fmt_t elements. - * - * This function will convert the given RAW or Base64 encoded key - * to the native gnutls_openpgp_crt_t format. The output will be stored in 'key'. - * - * Returns 0 on success. - **/ -int -gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format) -{ - cdk_stream_t inp; - int rc; - - if (format == GNUTLS_OPENPGP_FMT_RAW) - rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); - else - { - rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - if (cdk_armor_filter_use (inp)) - rc = cdk_stream_set_armor_flag (inp, 0); - if (!rc) - rc = cdk_keydb_get_keyblock (inp, &key->knode); - cdk_stream_close (inp); - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - } - - return 0; -} - -/** - * gnutls_openpgp_crt_export - This function will export a RAW or BASE64 encoded key - * @key: Holds the key. - * @format: One of gnutls_openpgp_crt_fmt_t elements. - * @output_data: will contain the key base64 encoded or raw - * @output_data_size: holds the size of output_data (and will be replaced by the actual size of parameters) - * - * This function will convert the given key to RAW or Base64 format. - * If the buffer provided is not long enough to hold the output, then - * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. - * - * Returns 0 on success. - * - **/ -int -gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - void *output_data, size_t * output_data_size) -{ - size_t input_data_size = *output_data_size; - size_t calc_size; - int rc; - - rc = cdk_kbnode_write_to_mem (key->knode, output_data, output_data_size); - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - - /* FIXME: The first call of this function is with output_data == NULL - to figure out the size and the caller expects this error here. */ - if (!output_data) - return GNUTLS_E_SHORT_MEMORY_BUFFER; - - if (format == GNUTLS_OPENPGP_FMT_BASE64) - { - unsigned char *in = cdk_calloc (1, *output_data_size); - memcpy (in, output_data, *output_data_size); - - /* Calculate the size of the encoded data and check if the provided - buffer is large enough. */ - rc = cdk_armor_encode_buffer (in, input_data_size, - NULL, 0, &calc_size, CDK_ARMOR_PUBKEY); - if (rc || calc_size > input_data_size) - { - cdk_free (in); - *output_data_size = calc_size; - rc = _gnutls_map_cdk_rc (CDK_Too_Short); - gnutls_assert (); - return rc; - } - - rc = cdk_armor_encode_buffer (in, input_data_size, - output_data, input_data_size, &calc_size, - CDK_ARMOR_PUBKEY); - cdk_free (in); - *output_data_size = calc_size; - } - - return 0; -} - - -/** - * gnutls_openpgp_crt_get_fingerprint - Gets the fingerprint - * @key: the raw data that contains the OpenPGP public key. - * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes. - * @fprlen: the integer to save the length of the fingerprint. - * - * Returns the fingerprint of the OpenPGP key. Depends on the algorithm, - * the fingerprint can be 16 or 20 bytes. - **/ -int -gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, - void *fpr, size_t * fprlen) -{ - cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; - - if (!fpr || !fprlen) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - *fprlen = 0; - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - - pk = pkt->pkt.public_key; - *fprlen = 20; - - /* FIXME: Check if the draft allows old PGP keys. */ - if (is_RSA (pk->pubkey_algo) && pk->version < 4) - *fprlen = 16; - cdk_pk_get_fingerprint (pk, fpr); - - return 0; -} - -int -_gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key) -{ - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - int nuids; - - if (key == NULL) - { - gnutls_assert (); - return 0; - } - - ctx = NULL; - nuids = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_USER_ID) - nuids++; - } - - return nuids; -} - - -/** - * gnutls_openpgp_crt_get_name - Extracts the userID - * @key: the structure that contains the OpenPGP public key. - * @idx: the index of the ID to extract - * @buf: a pointer to a structure to hold the name - * @sizeof_buf: holds the maximum size of @buf, on return hold the - * actual/required size of @buf. - * - * Extracts the userID from the parsed OpenPGP key. - * - * Returns 0 on success, and GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - * if the index of the ID does not exist. - * - **/ -int -gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, - int idx, char *buf, size_t * sizeof_buf) -{ - cdk_kbnode_t ctx = NULL, p; - cdk_packet_t pkt = NULL; - cdk_pkt_userid_t uid = NULL; - int pos = 0; - - if (!key || !buf) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (idx < 0 || idx > _gnutls_openpgp_count_key_names (key)) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - - if (!idx) - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_USER_ID); - else - { - pos = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_USER_ID && ++pos == idx) - break; - } - } - - if (!pkt) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - uid = pkt->pkt.user_id; - if (uid->len >= *sizeof_buf) - { - gnutls_assert (); - *sizeof_buf = uid->len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - memcpy (buf, uid->name, uid->len); - buf[uid->len] = '\0'; /* make sure it's a string */ - *sizeof_buf = uid->len + 1; - - if (uid->is_revoked) - return GNUTLS_E_OPENPGP_UID_REVOKED; - - return 0; -} - -/** - * gnutls_openpgp_crt_get_pk_algorithm - This function returns the key's PublicKey algorithm - * @key: is an OpenPGP key - * @bits: if bits is non null it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of an OpenPGP - * certificate. - * - * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public exponent. - * - * Returns a member of the GNUTLS_PKAlgorithm enumeration on success, - * or a negative value on error. - * - **/ -gnutls_pk_algorithm_t -gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int *bits) -{ - cdk_packet_t pkt; - int algo; - - if (!key) - return GNUTLS_PK_UNKNOWN; - - algo = 0; - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) - { - if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.public_key); - algo = pkt->pkt.public_key->pubkey_algo; - if (is_RSA (algo)) - algo = GNUTLS_PK_RSA; - else if (is_DSA (algo)) - algo = GNUTLS_PK_DSA; - else - algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM; - } - - return algo; -} - - -/** - * gnutls_openpgp_crt_get_version - Extracts the version of the key. - * @key: the structure that contains the OpenPGP public key. - * - * Extract the version of the OpenPGP key. - **/ -int -gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key) -{ - cdk_packet_t pkt; - int version; - - if (!key) - return -1; - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt) - version = pkt->pkt.public_key->version; - else - version = 0; - - return version; -} - - -/** - * gnutls_openpgp_crt_get_creation_time - Extract the timestamp - * @key: the structure that contains the OpenPGP public key. - * - * Returns the timestamp when the OpenPGP key was created. - **/ -time_t -gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key) -{ - cdk_packet_t pkt; - time_t timestamp; - - if (!key) - return (time_t) - 1; - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt) - timestamp = pkt->pkt.public_key->timestamp; - else - timestamp = 0; - - return timestamp; -} - - -/** - * gnutls_openpgp_crt_get_expiration_time - Extract the expire date - * @key: the structure that contains the OpenPGP public key. - * - * Returns the time when the OpenPGP key expires. A value of '0' means - * that the key doesn't expire at all. - **/ -time_t -gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key) -{ - cdk_packet_t pkt; - time_t expiredate; - - if (!key) - return (time_t) - 1; - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt) - expiredate = pkt->pkt.public_key->expiredate; - else - expiredate = 0; - - return expiredate; -} - -/** - * gnutls_openpgp_crt_get_id - Gets the keyID - * @key: the structure that contains the OpenPGP public key. - * @keyid: the buffer to save the keyid. - * - * Returns the 64-bit keyID of the OpenPGP key. - **/ -int -gnutls_openpgp_crt_get_id (gnutls_openpgp_crt_t key, unsigned char keyid[8]) -{ - cdk_packet_t pkt; - uint32_t kid[2]; - - if (!key || !keyid) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - - cdk_pk_get_keyid (pkt->pkt.public_key, kid); - keyid[0] = kid[0] >> 24; - keyid[1] = kid[0] >> 16; - keyid[2] = kid[0] >> 8; - keyid[3] = kid[0]; - keyid[4] = kid[1] >> 24; - keyid[5] = kid[1] >> 16; - keyid[6] = kid[1] >> 8; - keyid[7] = kid[1]; - - return 0; -} - -/** - * gnutls_openpgp_crt_check_hostname - This function compares the given hostname with the hostname in the key - * @key: should contain an gnutls_openpgp_crt_t structure - * @hostname: A null terminated string that contains a DNS name - * - * This function will check if the given key's owner matches - * the given hostname. This is a basic implementation of the matching - * described in RFC2818 (HTTPS), which takes into account wildcards. - * - * Returns non zero on success, and zero on failure. - * - **/ -int -gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, - const char *hostname) -{ - char dnsname[MAX_CN]; - size_t dnsnamesize; - int ret; - int i; - - /* Check through all included names. */ - for (i = 0; !(ret < 0); i++) - { - dnsnamesize = sizeof (dnsname); - ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize); - /* FIXME: ret is not used */ - if (_gnutls_hostname_compare (dnsname, hostname)) - return 1; - } - - /* not found a matching name */ - return 0; -} - -/** - * gnutls_openpgp_crt_get_key_usage - This function returns the key's usage - * @key: should contain a gnutls_openpgp_crt_t structure - * @key_usage: where the key usage bits will be stored - * - * This function will return certificate's key usage, by checking the - * key algorithm. The key usage value will ORed values of the: - * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_KEY_ENCIPHERMENT. - * - * A negative value may be returned in case of parsing error. - * - */ -int -gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, - unsigned int *key_usage) -{ - cdk_packet_t pkt; - int algo = 0; - - if (!key) - return GNUTLS_E_INVALID_REQUEST; - - *key_usage = 0; - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) - { - algo = pkt->pkt.public_key->pubkey_algo; - - /* FIXME: We need to take a look at the key flags because - RSA-E and RSA-S are obsolete. Only RSA is used - and the flags are used to set the capabilities. */ - if (is_DSA (algo) || algo == GCRY_PK_RSA_S) - *key_usage |= KEY_DIGITAL_SIGNATURE; - else if (algo == GCRY_PK_RSA_E) - *key_usage |= KEY_KEY_ENCIPHERMENT; - else if (algo == GCRY_PK_RSA) - *key_usage |= KEY_DIGITAL_SIGNATURE | KEY_KEY_ENCIPHERMENT; - } - - return 0; -} diff --git a/libextra/openpgp/pgpverify.c b/libextra/openpgp/pgpverify.c deleted file mode 100644 index 9719df89e0..0000000000 --- a/libextra/openpgp/pgpverify.c +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Timo Schulz, Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS-EXTRA. - * - * GNUTLS-EXTRA is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GNUTLS-EXTRA is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -/* Functions on OpenPGP key parsing - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_openpgp.h> -#include <gnutls_num.h> -#include <openpgp.h> -#include <x509/verify.h> /* lib/x509/verify.h */ - - -/** - * gnutls_openpgp_crt_verify_ring - Verify all signatures in the key - * @key: the structure that holds the key. - * @keyring: holds the keyring to check against - * @flags: unused (should be 0) - * @verify: will hold the certificate verification output. - * - * Verify all signatures in the key, using the given set of keys (keyring). - * - * The key verification output will be put in @verify and will be - * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. - * - * GNUTLS_CERT_INVALID: A signature on the key is invalid. - * - * GNUTLS_CERT_REVOKED: The key has been revoked. - * - * Note that this function does not verify using any "web of - * trust". You may use GnuPG for that purpose, or any other external - * PGP application. - * - * Returns 0 on success. - **/ -int -gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyring_t keyring, - unsigned int flags, unsigned int *verify) -{ - opaque id[8]; - cdk_error_t rc; - int status; - - if (!key || !keyring) - { - gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - *verify = 0; - - rc = cdk_pk_check_sigs (key->knode, keyring->db, &status); - if (rc == CDK_Error_No_Key) - { - rc = GNUTLS_E_NO_CERTIFICATE_FOUND; - gnutls_assert (); - return rc; - } - else if (rc != CDK_Success) - { - _gnutls_x509_log("cdk_pk_check_sigs: error %d\n", rc); - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - _gnutls_x509_log("status: %x\n", status); - - if (status & CDK_KEY_INVALID) - *verify |= GNUTLS_CERT_INVALID; - if (status & CDK_KEY_REVOKED) - *verify |= GNUTLS_CERT_REVOKED; - if (status & CDK_KEY_NOSIGNER) - *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND; - - /* Check if the key is included in the ring. */ - if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - { - rc = gnutls_openpgp_crt_get_id (key, id); - if (rc < 0) - { - gnutls_assert (); - return rc; - } - - rc = gnutls_openpgp_keyring_check_id (keyring, id, 0); - /* If it exists in the keyring don't treat it as unknown. */ - if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) - *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; - } - - return 0; -} - - -/** - * gnutls_openpgp_crt_verify_self - Verify the self signature on the key - * @key: the structure that holds the key. - * @flags: unused (should be 0) - * @verify: will hold the key verification output. - * - * Verifies the self signature in the key. - * The key verification output will be put in @verify and will be - * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. - * - * GNUTLS_CERT_INVALID: The self signature on the key is invalid. - * - * Returns 0 on success. - **/ -int -gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key, - unsigned int flags, unsigned int *verify) -{ - int status; - cdk_error_t rc; - - rc = cdk_pk_check_self_sig (key->knode, &status); - if (rc || status != CDK_KEY_VALID) - *verify |= GNUTLS_CERT_INVALID; - else - *verify = 0; - - return 0; -} - diff --git a/libextra/openpgp/privkey.c b/libextra/openpgp/privkey.c deleted file mode 100644 index b29016b3c9..0000000000 --- a/libextra/openpgp/privkey.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS-EXTRA. - * - * GNUTLS-EXTRA is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GNUTLS-EXTRA is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -/* Functions on OpenPGP privkey parsing - */ - -#include <gnutls_int.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <openpgp.h> -#include <gnutls_openpgp.h> -#include <x509/rfc2818.h> -#include <gnutls_cert.h> - -/** - * gnutls_openpgp_privkey_init - This function initializes a gnutls_openpgp_privkey_t structure - * @key: The structure to be initialized - * - * This function will initialize an OpenPGP key structure. - * - * Returns 0 on success. - * - **/ -int -gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key) -{ - *key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int)); - - if (*key) - return 0; /* success */ - return GNUTLS_E_MEMORY_ERROR; -} - -/** - * gnutls_openpgp_privkey_deinit - This function deinitializes memory used by a gnutls_openpgp_privkey_t structure - * @key: The structure to be initialized - * - * This function will deinitialize a key structure. - * - **/ -void -gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key) -{ - if (!key) - return; - - _gnutls_gkey_deinit (&key->pkey); - gnutls_free (key); -} - -/** - * gnutls_openpgp_privkey_import - This function will import a RAW or BASE64 encoded key - * @key: The structure to store the parsed key. - * @data: The RAW or BASE64 encoded key. - * @format: One of gnutls_openpgp_crt_fmt_t elements. - * @pass: Unused for now - * @flags: should be zero - * - * This function will convert the given RAW or Base64 encoded key - * to the native gnutls_openpgp_privkey_t format. The output will be stored in 'key'. - * - * Returns 0 on success. - * - **/ -int -gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const char *pass, unsigned int flags) -{ - int rc; - - rc = _gnutls_openpgp_raw_privkey_to_gkey (&key->pkey, data, format); - if (rc) - { - gnutls_assert (); - return rc; - } - - return 0; -} - - -/** - * gnutls_openpgp_privkey_get_pk_algorithm - This function returns the key's PublicKey algorithm - * @key: is an OpenPGP key - * @bits: if bits is non null it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of an OpenPGP - * certificate. - * - * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public exponent. - * - * Returns a member of the GNUTLS_PKAlgorithm enumeration on success, - * or a negative value on error. - * - **/ -gnutls_pk_algorithm_t -gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, - unsigned int *bits) -{ - int pk = key->pkey.pk_algorithm; - - if (bits) - { - *bits = 0; - if (pk == GNUTLS_PK_RSA) - *bits = _gnutls_mpi_get_nbits (key->pkey.params[0]); - if (pk == GNUTLS_PK_DSA) - *bits = _gnutls_mpi_get_nbits (key->pkey.params[3]); - } - - return pk; -} |