diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-02 07:51:17 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-02 07:51:17 +0000 |
| commit | 3930c5dabaea8c863ee04b751f6a097e54d4b375 (patch) | |
| tree | 6f89a81d356d0d317b3f6af7a2b67fc6ad19c14e /libextra | |
| parent | 705f86f2177fb479726d3541bf319b8c02b10e4f (diff) | |
| download | gnutls-3930c5dabaea8c863ee04b751f6a097e54d4b375.tar.gz | |
*** empty log message ***
Diffstat (limited to 'libextra')
| -rw-r--r-- | libextra/openpgp/compat.c | 61 | ||||
| -rw-r--r-- | libextra/openpgp/openpgp.h | 7 | ||||
| -rw-r--r-- | libextra/openpgp/verify.c | 27 |
3 files changed, 63 insertions, 32 deletions
diff --git a/libextra/openpgp/compat.c b/libextra/openpgp/compat.c index 6e956cc962..9ee39f78ca 100644 --- a/libextra/openpgp/compat.c +++ b/libextra/openpgp/compat.c @@ -57,9 +57,9 @@ int gnutls_openpgp_verify_key(const char *trustdb, gnutls_openpgp_key key = NULL; gnutls_openpgp_keyring ring = NULL; gnutls_openpgp_trustdb tdb = NULL; - unsigned int verify; + unsigned int verify_ring, verify_db, verify_self; - if (!cert_list || cert_list_length != 1 || !keyring) { + if (!cert_list || cert_list_length != 1) { gnutls_assert(); return GNUTLS_E_NO_CERTIFICATE_FOUND; } @@ -76,58 +76,59 @@ int gnutls_openpgp_verify_key(const char *trustdb, goto leave; } + if (keyring && keyring->data && keyring->size != 0) { - if (trustdb) { /* Use the trustDB */ - ret = gnutls_openpgp_trustdb_init( &tdb); + /* use the keyring + */ + ret = gnutls_openpgp_keyring_init( &ring); if (ret < 0) { gnutls_assert(); goto leave; } - ret = gnutls_openpgp_trustdb_import_file( tdb, trustdb); + ret = gnutls_openpgp_keyring_import( ring, keyring, 0); if (ret < 0) { gnutls_assert(); goto leave; } - ret = gnutls_openpgp_key_verify_trustdb( key, tdb, 0, &verify); + ret = gnutls_openpgp_key_verify_ring( key, ring, 0, &verify_ring); if (ret < 0) { gnutls_assert(); goto leave; } - - ret = verify; - goto leave; } - - if (!keyring || !keyring->data || keyring->size == 0) { - ret = GNUTLS_CERT_INVALID | - GNUTLS_CERT_SIGNER_NOT_FOUND; -#warning CHECK SELF SIGNATURE HERE - goto leave; + + if (trustdb) { /* Use the trustDB */ + ret = gnutls_openpgp_trustdb_init( &tdb); + if (ret < 0) { + gnutls_assert(); + goto leave; + } + + ret = gnutls_openpgp_trustdb_import_file( tdb, trustdb); + if (ret < 0) { + gnutls_assert(); + goto leave; + } + + ret = gnutls_openpgp_key_verify_trustdb( key, tdb, 0, &verify_db); } - /* use the keyring + /* now try the self signature. */ - ret = gnutls_openpgp_keyring_init( &ring); + ret = gnutls_openpgp_key_verify_self( key, 0, &verify_self); if (ret < 0) { gnutls_assert(); goto leave; } - ret = gnutls_openpgp_keyring_import( ring, keyring, 0); - if (ret < 0) { - gnutls_assert(); - goto leave; - } - - ret = gnutls_openpgp_key_verify_ring( key, ring, 0, &verify); - if (ret < 0) { - gnutls_assert(); - goto leave; - } - - ret = verify; + ret = verify_self | verify_ring | verify_db; + + /* If we only checked the self signature. + */ + if (!trustdb && (!keyring || !keyring->data)) + ret |= GNUTLS_CERT_SIGNER_NOT_FOUND; goto leave; leave: diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h index c8a92ab88e..d31be8f9bf 100644 --- a/libextra/openpgp/openpgp.h +++ b/libextra/openpgp/openpgp.h @@ -60,13 +60,16 @@ int gnutls_openpgp_trustdb_import_file(gnutls_openpgp_trustdb trustdb, const char * file); int gnutls_openpgp_key_verify_ring( gnutls_openpgp_key key, - gnutls_openpgp_keyring keyring, - unsigned int flags, unsigned int *verify); + gnutls_openpgp_keyring keyring, + unsigned int flags, unsigned int *verify); int gnutls_openpgp_key_verify_trustdb( gnutls_openpgp_key key, gnutls_openpgp_trustdb trustdb, unsigned int flags, unsigned int *verify); +int gnutls_openpgp_key_verify_self( gnutls_openpgp_key key, + unsigned int flags, unsigned int *verify); + #endif #endif /* HAVE_LIBOPENCDK */ diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c index bddf9a60e1..70dfdf8423 100644 --- a/libextra/openpgp/verify.c +++ b/libextra/openpgp/verify.c @@ -132,6 +132,33 @@ int gnutls_openpgp_key_verify_ring( gnutls_openpgp_key key, } /** + * gnutls_openpgp_key_verify_self - Verify the self signature on the key + * @key: the structure that holds the key. + * @flags: unused (should be 0) + * @verify: will hold the key verification output. + * + * Verify the self signature in the key. + * + * The certificate verification output will be put in 'verify' and will be + * one or more of the gnutls_certificate_status enumerated elements bitwise or'd. + * + * GNUTLS_CERT_INVALID\: The signature on the key is invalid. + * + * GNUTLS_CERT_REVOKED\: The key has been revoked. + * + * Returns 0 on success. + **/ +int gnutls_openpgp_key_verify_self( gnutls_openpgp_key key, + unsigned int flags, unsigned int *verify) +{ + *verify = 0; + +#warning PUT SOME ACTUAL CODE + + return 0; +} + +/** * gnutls_openpgp_key_verify_trustdb - Verify all signatures on the key * @key: the structure that holds the key. * @trustdb: holds the trustdb to check against |