diff options
Diffstat (limited to 'libextra/openpgp/pgpverify.c')
| -rw-r--r-- | libextra/openpgp/pgpverify.c | 163 |
1 files changed, 28 insertions, 135 deletions
diff --git a/libextra/openpgp/pgpverify.c b/libextra/openpgp/pgpverify.c index f3b272dbe5..df22bd77aa 100644 --- a/libextra/openpgp/pgpverify.c +++ b/libextra/openpgp/pgpverify.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation + * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation * * Author: Timo Schulz, Nikos Mavroyanopoulos * @@ -36,11 +36,10 @@ static int openpgp_get_key_trust (gnutls_openpgp_trustdb_t trustdb, gnutls_openpgp_key_t key, unsigned int *r_trustval) { - cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; - int flags = 0, ot = 0; - int rc = 0; + int rc; + /* FIXME: This operation is not supported any longer. */ + if (!trustdb || !key || !r_trustval) { gnutls_assert (); @@ -48,40 +47,12 @@ openpgp_get_key_trust (gnutls_openpgp_trustdb_t trustdb, } *r_trustval = 0; - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - { - rc = GNUTLS_E_NO_CERTIFICATE_FOUND; - goto leave; - } - pk = pkt->pkt.public_key; - - rc = cdk_trustdb_get_ownertrust (trustdb->st, pk, &ot, &flags); - - if (rc) - { /* no ownertrust record was found */ - rc = 0; - goto leave; - } - - if (flags & CDK_TFLAG_DISABLED) - { - *r_trustval |= GNUTLS_CERT_INVALID; - goto leave; - } - - if (flags & CDK_TFLAG_REVOKED) - { - *r_trustval |= GNUTLS_CERT_REVOKED; - } - rc = 0; - -leave: + return rc; } + /** * gnutls_openpgp_key_verify_ring - Verify all signatures in the key * @key: the structure that holds the key. @@ -109,9 +80,9 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, gnutls_openpgp_keyring_t keyring, unsigned int flags, unsigned int *verify) { - int rc = 0; - int status = 0; opaque id[8]; + cdk_error_t rc; + int status; if (!key || !keyring) { @@ -120,16 +91,15 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, } *verify = 0; - - rc = cdk_pk_check_sigs (key->knode, keyring->hd, &status); + + rc = cdk_pk_check_sigs (key->knode, keyring->db, &status); if (rc == CDK_Error_No_Key) { rc = GNUTLS_E_NO_CERTIFICATE_FOUND; gnutls_assert (); return rc; } - - if (rc) + else if (rc) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); @@ -143,8 +113,7 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, if (status & CDK_KEY_NOSIGNER) *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND; - /* Check if the key is included in the ring. - */ + /* Check if the key is included in the ring. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) { rc = gnutls_openpgp_key_get_id (key, id); @@ -155,23 +124,15 @@ gnutls_openpgp_key_verify_ring (gnutls_openpgp_key_t key, } rc = gnutls_openpgp_keyring_check_id (keyring, id, 0); - - /* if it exists in the keyring don't treat it - * as unknown. - */ + /* If it exists in the keyring don't treat it as unknown. */ if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; } - + return 0; } -int _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig, - cdk_md_hd_t digest, int *r_expired); -cdk_md_hd_t cdk_md_open (int algo, unsigned int flags); -void cdk_md_close (cdk_md_hd_t hd); - /** * gnutls_openpgp_key_verify_self - Verify the self signature on the key * @key: the structure that holds the key. @@ -190,81 +151,19 @@ int gnutls_openpgp_key_verify_self (gnutls_openpgp_key_t key, unsigned int flags, unsigned int *verify) { - opaque key_id[8]; - cdk_kbnode_t k; - int rc, expired; - cdk_packet_t packet = NULL; - cdk_md_hd_t md = NULL; - cdk_packet_t pk = NULL; - - *verify = 0; - - pk = cdk_kbnode_get_packet (key->knode); - if (!pk) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - rc = gnutls_openpgp_key_get_id (key, key_id); - if (rc < 0) - { - gnutls_assert (); - goto leave; - } - - k = key->knode; - - while ((k = cdk_kbnode_find_next (k, CDK_PKT_SIGNATURE)) != NULL) - { - - packet = cdk_kbnode_get_packet (k); - if (!packet) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (memcmp (key_id, packet->pkt.signature->keyid, 8) == 0) - { - /* found the self signature. - */ - md = cdk_md_open (packet->pkt.signature->digest_algo, 0); - if (!md) - { - gnutls_assert (); - rc = GNUTLS_E_INTERNAL_ERROR; - goto leave; - } - - cdk_kbnode_hash (key->knode, md, 0, 0, 0); - - rc = _cdk_sig_check (pk->pkt.public_key, packet->pkt.signature, - md, &expired); - - if (rc != 0) - { - *verify |= GNUTLS_CERT_INVALID; - } - - break; - } - - cdk_pkt_free (packet); - packet = NULL; + int status; + cdk_error_t rc; - } - - rc = 0; - -leave: + rc = cdk_pk_check_self_sig (key->knode, &status); + if (rc || status != CDK_KEY_VALID) + *verify |= GNUTLS_CERT_INVALID; + else + *verify = 0; - cdk_pkt_free (packet); - cdk_pkt_free (pk); - cdk_md_close (md); - return rc; + return 0; } + /** * gnutls_openpgp_key_verify_trustdb - Verify all signatures in the key * @key: the structure that holds the key. @@ -291,8 +190,10 @@ gnutls_openpgp_key_verify_trustdb (gnutls_openpgp_key_t key, gnutls_openpgp_trustdb_t trustdb, unsigned int flags, unsigned int *verify) { - int rc = 0; - + int rc; + + /* FIXME: The code currently does nothing. */ + if (!key) { gnutls_assert (); @@ -307,14 +208,6 @@ gnutls_openpgp_key_verify_trustdb (gnutls_openpgp_key_t key, rc = openpgp_get_key_trust (trustdb, key, verify); if (rc) - goto leave; - - rc = 0; - -leave: - if (rc) - { - gnutls_assert (); - } + gnutls_assert (); return rc; } |