diff options
Diffstat (limited to 'lib/openpgp')
-rw-r--r-- | lib/openpgp/compat.c | 253 | ||||
-rw-r--r-- | lib/openpgp/extras.c | 365 | ||||
-rw-r--r-- | lib/openpgp/gnutls_openpgp.c | 896 | ||||
-rw-r--r-- | lib/openpgp/gnutls_openpgp.h | 68 | ||||
-rw-r--r-- | lib/openpgp/openpgp_int.h | 71 | ||||
-rw-r--r-- | lib/openpgp/output.c | 934 | ||||
-rw-r--r-- | lib/openpgp/pgp.c | 2143 | ||||
-rw-r--r-- | lib/openpgp/pgpverify.c | 133 | ||||
-rw-r--r-- | lib/openpgp/privkey.c | 1725 |
9 files changed, 3254 insertions, 3334 deletions
diff --git a/lib/openpgp/compat.c b/lib/openpgp/compat.c index 56472967e3..7c7bd698e4 100644 --- a/lib/openpgp/compat.c +++ b/lib/openpgp/compat.c @@ -44,73 +44,69 @@ * may use GnuPG for that purpose, or any other external PGP application. -*/ int -_gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, - const char* hostname, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int *status) +_gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t cred, + const char *hostname, + const gnutls_datum_t * cert_list, + int cert_list_length, unsigned int *status) { - int ret = 0; - gnutls_openpgp_crt_t key = NULL; - unsigned int verify = 0, verify_self = 0; - - if (!cert_list || cert_list_length != 1) - { - gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = - gnutls_openpgp_crt_import (key, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - goto leave; - } - - if (cred->keyring != NULL) - { - ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify); - if (ret < 0) - { - gnutls_assert (); - goto leave; - } - } - - /* Now try the self signature. */ - ret = gnutls_openpgp_crt_verify_self (key, 0, &verify_self); - if (ret < 0) - { - gnutls_assert (); - goto leave; - } - - *status = verify_self | verify; - - /* If we only checked the self signature. */ - if (!cred->keyring) - *status |= GNUTLS_CERT_SIGNER_NOT_FOUND; - - if (hostname) - { - ret = gnutls_openpgp_crt_check_hostname(key, hostname); - if (ret == 0) - *status |= GNUTLS_CERT_UNEXPECTED_OWNER; - } - - ret = 0; - -leave: - gnutls_openpgp_crt_deinit (key); - - return ret; + int ret = 0; + gnutls_openpgp_crt_t key = NULL; + unsigned int verify = 0, verify_self = 0; + + if (!cert_list || cert_list_length != 1) { + gnutls_assert(); + return GNUTLS_E_NO_CERTIFICATE_FOUND; + } + + ret = gnutls_openpgp_crt_init(&key); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = + gnutls_openpgp_crt_import(key, &cert_list[0], + GNUTLS_OPENPGP_FMT_RAW); + if (ret < 0) { + gnutls_assert(); + goto leave; + } + + if (cred->keyring != NULL) { + ret = + gnutls_openpgp_crt_verify_ring(key, cred->keyring, 0, + &verify); + if (ret < 0) { + gnutls_assert(); + goto leave; + } + } + + /* Now try the self signature. */ + ret = gnutls_openpgp_crt_verify_self(key, 0, &verify_self); + if (ret < 0) { + gnutls_assert(); + goto leave; + } + + *status = verify_self | verify; + + /* If we only checked the self signature. */ + if (!cred->keyring) + *status |= GNUTLS_CERT_SIGNER_NOT_FOUND; + + if (hostname) { + ret = gnutls_openpgp_crt_check_hostname(key, hostname); + if (ret == 0) + *status |= GNUTLS_CERT_UNEXPECTED_OWNER; + } + + ret = 0; + + leave: + gnutls_openpgp_crt_deinit(key); + + return ret; } /*- @@ -123,35 +119,32 @@ leave: * the fingerprint can be 16 or 20 bytes. -*/ int -_gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, - unsigned char *fpr, size_t * fprlen) +_gnutls_openpgp_fingerprint(const gnutls_datum_t * cert, + unsigned char *fpr, size_t * fprlen) { - gnutls_openpgp_crt_t key; - int ret; - - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_crt_get_fingerprint (key, fpr, fprlen); - gnutls_openpgp_crt_deinit (key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; + gnutls_openpgp_crt_t key; + int ret; + + ret = gnutls_openpgp_crt_init(&key); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = gnutls_openpgp_crt_get_fingerprint(key, fpr, fprlen); + gnutls_openpgp_crt_deinit(key); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; } /*- @@ -161,31 +154,29 @@ _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, * Returns the timestamp when the OpenPGP key was created. -*/ time_t -_gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert) +_gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * cert) { - gnutls_openpgp_crt_t key; - int ret; - time_t tim; + gnutls_openpgp_crt_t key; + int ret; + time_t tim; - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_init(&key); + if (ret < 0) { + gnutls_assert(); + return ret; + } - ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW); + if (ret < 0) { + gnutls_assert(); + return ret; + } - tim = gnutls_openpgp_crt_get_creation_time (key); + tim = gnutls_openpgp_crt_get_creation_time(key); - gnutls_openpgp_crt_deinit (key); + gnutls_openpgp_crt_deinit(key); - return tim; + return tim; } @@ -197,29 +188,27 @@ _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert) * that the key doesn't expire at all. -*/ time_t -_gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * cert) +_gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t * cert) { - gnutls_openpgp_crt_t key; - int ret; - time_t tim; + gnutls_openpgp_crt_t key; + int ret; + time_t tim; - ret = gnutls_openpgp_crt_init (&key); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_init(&key); + if (ret < 0) { + gnutls_assert(); + return ret; + } - ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_import(key, cert, GNUTLS_OPENPGP_FMT_RAW); + if (ret < 0) { + gnutls_assert(); + return ret; + } - tim = gnutls_openpgp_crt_get_expiration_time (key); + tim = gnutls_openpgp_crt_get_expiration_time(key); - gnutls_openpgp_crt_deinit (key); + gnutls_openpgp_crt_deinit(key); - return tim; + return tim; } diff --git a/lib/openpgp/extras.c b/lib/openpgp/extras.c index d7b342c017..65bb488172 100644 --- a/lib/openpgp/extras.c +++ b/lib/openpgp/extras.c @@ -42,14 +42,13 @@ * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ -int -gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring) +int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * keyring) { - *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int)); + *keyring = gnutls_calloc(1, sizeof(gnutls_openpgp_keyring_int)); - if (*keyring) - return 0; /* success */ - return GNUTLS_E_MEMORY_ERROR; + if (*keyring) + return 0; /* success */ + return GNUTLS_E_MEMORY_ERROR; } @@ -59,19 +58,17 @@ gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring) * * This function will deinitialize a keyring structure. **/ -void -gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring) +void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring) { - if (!keyring) - return; + if (!keyring) + return; - if (keyring->db) - { - cdk_keydb_free (keyring->db); - keyring->db = NULL; - } + if (keyring->db) { + cdk_keydb_free(keyring->db); + keyring->db = NULL; + } - gnutls_free (keyring); + gnutls_free(keyring); } /** @@ -86,24 +83,24 @@ gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring) * negative error code on failure. **/ int -gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, - const gnutls_openpgp_keyid_t keyid, - unsigned int flags) +gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring, + const gnutls_openpgp_keyid_t keyid, + unsigned int flags) { - cdk_pkt_pubkey_t pk; - uint32_t id[2]; + cdk_pkt_pubkey_t pk; + uint32_t id[2]; - id[0] = _gnutls_read_uint32 (keyid); - id[1] = _gnutls_read_uint32 (&keyid[4]); + id[0] = _gnutls_read_uint32(keyid); + id[1] = _gnutls_read_uint32(&keyid[4]); - if (!cdk_keydb_get_pk (ring->db, id, &pk)) - { - cdk_pk_release (pk); - return 0; - } + if (!cdk_keydb_get_pk(ring->db, id, &pk)) { + cdk_pk_release(pk); + return 0; + } - _gnutls_debug_log ("PGP: key not found %08lX\n", (unsigned long) id[1]); - return GNUTLS_E_NO_CERTIFICATE_FOUND; + _gnutls_debug_log("PGP: key not found %08lX\n", + (unsigned long) id[1]); + return GNUTLS_E_NO_CERTIFICATE_FOUND; } /** @@ -119,87 +116,84 @@ gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format) +gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format) { - cdk_error_t err; - cdk_stream_t input = NULL; - size_t raw_len = 0; - uint8_t *raw_data = NULL; - - if (data->data == NULL || data->size == 0) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - _gnutls_debug_log ("PGP: keyring import format '%s'\n", - format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64"); - - /* Create a new stream from the given data, decode it, and import - * the raw database. This to avoid using opencdk streams which are - * not thread safe. - */ - if (format == GNUTLS_OPENPGP_FMT_BASE64) - { - size_t written = 0; - - err = cdk_stream_tmp_from_mem (data->data, data->size, &input); - if (err == 0) - err = cdk_stream_set_armor_flag (input, 0); - if (err) - { - gnutls_assert (); - err = _gnutls_map_cdk_rc (err); - goto error; - } - - raw_len = cdk_stream_get_length (input); - if (raw_len == 0) - { - gnutls_assert (); - err = GNUTLS_E_BASE64_DECODING_ERROR; - goto error; - } - - raw_data = gnutls_malloc (raw_len); - if (raw_data == NULL) - { - gnutls_assert (); - err = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - do - { - err = - cdk_stream_read (input, raw_data + written, raw_len - written); - - if (err > 0) - written += err; - } - while (written < raw_len && err != EOF && err > 0); - - raw_len = written; - } - else - { /* RAW */ - raw_len = data->size; - raw_data = data->data; - } - - err = cdk_keydb_new_from_mem (&keyring->db, 0, 0, raw_data, raw_len); - if (err) - gnutls_assert (); - - return _gnutls_map_cdk_rc (err); - -error: - gnutls_free (raw_data); - cdk_stream_close (input); - - return err; + cdk_error_t err; + cdk_stream_t input = NULL; + size_t raw_len = 0; + uint8_t *raw_data = NULL; + + if (data->data == NULL || data->size == 0) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + _gnutls_debug_log("PGP: keyring import format '%s'\n", + format == + GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64"); + + /* Create a new stream from the given data, decode it, and import + * the raw database. This to avoid using opencdk streams which are + * not thread safe. + */ + if (format == GNUTLS_OPENPGP_FMT_BASE64) { + size_t written = 0; + + err = + cdk_stream_tmp_from_mem(data->data, data->size, + &input); + if (err == 0) + err = cdk_stream_set_armor_flag(input, 0); + if (err) { + gnutls_assert(); + err = _gnutls_map_cdk_rc(err); + goto error; + } + + raw_len = cdk_stream_get_length(input); + if (raw_len == 0) { + gnutls_assert(); + err = GNUTLS_E_BASE64_DECODING_ERROR; + goto error; + } + + raw_data = gnutls_malloc(raw_len); + if (raw_data == NULL) { + gnutls_assert(); + err = GNUTLS_E_MEMORY_ERROR; + goto error; + } + + do { + err = + cdk_stream_read(input, raw_data + written, + raw_len - written); + + if (err > 0) + written += err; + } + while (written < raw_len && err != EOF && err > 0); + + raw_len = written; + } else { /* RAW */ + raw_len = data->size; + raw_data = data->data; + } + + err = + cdk_keydb_new_from_mem(&keyring->db, 0, 0, raw_data, raw_len); + if (err) + gnutls_assert(); + + return _gnutls_map_cdk_rc(err); + + error: + gnutls_free(raw_data); + cdk_stream_close(input); + + return err; } #define knode_is_pkey(node) \ @@ -214,41 +208,38 @@ error: * * Returns: the number of subkeys, or a negative error code on error. **/ -int -gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring) +int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t ring) { - cdk_kbnode_t knode; - cdk_error_t err; - cdk_keydb_search_t st; - int ret = 0; - - err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL); - if (err != CDK_Success) - { - gnutls_assert (); - return _gnutls_map_cdk_rc (err); - } - - do - { - err = cdk_keydb_search (st, ring->db, &knode); - if (err != CDK_Error_No_Key && err != CDK_Success) - { - gnutls_assert (); - cdk_keydb_search_release (st); - return _gnutls_map_cdk_rc (err); - } - - if (knode_is_pkey (knode)) - ret++; - - cdk_kbnode_release (knode); - - } - while (err != CDK_Error_No_Key); - - cdk_keydb_search_release (st); - return ret; + cdk_kbnode_t knode; + cdk_error_t err; + cdk_keydb_search_t st; + int ret = 0; + + err = + cdk_keydb_search_start(&st, ring->db, CDK_DBSEARCH_NEXT, NULL); + if (err != CDK_Success) { + gnutls_assert(); + return _gnutls_map_cdk_rc(err); + } + + do { + err = cdk_keydb_search(st, ring->db, &knode); + if (err != CDK_Error_No_Key && err != CDK_Success) { + gnutls_assert(); + cdk_keydb_search_release(st); + return _gnutls_map_cdk_rc(err); + } + + if (knode_is_pkey(knode)) + ret++; + + cdk_kbnode_release(knode); + + } + while (err != CDK_Error_No_Key); + + cdk_keydb_search_release(st); + return ret; } /** @@ -265,49 +256,47 @@ gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring) * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring, - unsigned int idx, gnutls_openpgp_crt_t * cert) +gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t ring, + unsigned int idx, + gnutls_openpgp_crt_t * cert) { - cdk_kbnode_t knode; - cdk_error_t err; - int ret = 0; - unsigned int count = 0; - cdk_keydb_search_t st; - - err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL); - if (err != CDK_Success) - { - gnutls_assert (); - return _gnutls_map_cdk_rc (err); - } - - do - { - err = cdk_keydb_search (st, ring->db, &knode); - if (err != CDK_EOF && err != CDK_Success) - { - gnutls_assert (); - cdk_keydb_search_release (st); - return _gnutls_map_cdk_rc (err); - } - - if (idx == count && err == CDK_Success) - { - ret = gnutls_openpgp_crt_init (cert); - if (ret == 0) - (*cert)->knode = knode; - cdk_keydb_search_release (st); - return ret; - } - - if (knode_is_pkey (knode)) - count++; - - cdk_kbnode_release (knode); - - } - while (err != CDK_EOF); - - cdk_keydb_search_release (st); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + cdk_kbnode_t knode; + cdk_error_t err; + int ret = 0; + unsigned int count = 0; + cdk_keydb_search_t st; + + err = + cdk_keydb_search_start(&st, ring->db, CDK_DBSEARCH_NEXT, NULL); + if (err != CDK_Success) { + gnutls_assert(); + return _gnutls_map_cdk_rc(err); + } + + do { + err = cdk_keydb_search(st, ring->db, &knode); + if (err != CDK_EOF && err != CDK_Success) { + gnutls_assert(); + cdk_keydb_search_release(st); + return _gnutls_map_cdk_rc(err); + } + + if (idx == count && err == CDK_Success) { + ret = gnutls_openpgp_crt_init(cert); + if (ret == 0) + (*cert)->knode = knode; + cdk_keydb_search_release(st); + return ret; + } + + if (knode_is_pkey(knode)) + count++; + + cdk_kbnode_release(knode); + + } + while (err != CDK_EOF); + + cdk_keydb_search_release(st); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c index cbc0da7a98..7c05e1fbfc 100644 --- a/lib/openpgp/gnutls_openpgp.c +++ b/lib/openpgp/gnutls_openpgp.c @@ -35,32 +35,30 @@ #include <sys/stat.h> /* Map an OpenCDK error type to a GnuTLS error type. */ -int -_gnutls_map_cdk_rc (int rc) +int _gnutls_map_cdk_rc(int rc) { - switch (rc) - { - case CDK_Success: - return 0; - case CDK_EOF: - return GNUTLS_E_PARSING_ERROR; - case CDK_Too_Short: - return GNUTLS_E_SHORT_MEMORY_BUFFER; - case CDK_General_Error: - return GNUTLS_E_INTERNAL_ERROR; - case CDK_File_Error: - return GNUTLS_E_FILE_ERROR; - case CDK_MPI_Error: - return GNUTLS_E_MPI_SCAN_FAILED; - case CDK_Error_No_Key: - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - case CDK_Armor_Error: - return GNUTLS_E_BASE64_DECODING_ERROR; - case CDK_Inv_Value: - return GNUTLS_E_INVALID_REQUEST; - default: - return GNUTLS_E_INTERNAL_ERROR; - } + switch (rc) { + case CDK_Success: + return 0; + case CDK_EOF: + return GNUTLS_E_PARSING_ERROR; + case CDK_Too_Short: + return GNUTLS_E_SHORT_MEMORY_BUFFER; + case CDK_General_Error: + return GNUTLS_E_INTERNAL_ERROR; + case CDK_File_Error: + return GNUTLS_E_FILE_ERROR; + case CDK_MPI_Error: + return GNUTLS_E_MPI_SCAN_FAILED; + case CDK_Error_No_Key: + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + case CDK_Armor_Error: + return GNUTLS_E_BASE64_DECODING_ERROR; + case CDK_Inv_Value: + return GNUTLS_E_INVALID_REQUEST; + default: + return GNUTLS_E_INTERNAL_ERROR; + } } /** @@ -82,95 +80,90 @@ _gnutls_map_cdk_rc (int rc) * otherwise a negative error code is returned. **/ int -gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, - gnutls_openpgp_crt_t crt, - gnutls_openpgp_privkey_t pkey) +gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials_t res, + gnutls_openpgp_crt_t crt, + gnutls_openpgp_privkey_t pkey) { - int ret, ret2, i; - gnutls_privkey_t privkey; - gnutls_pcert_st *ccert = NULL; - char name[MAX_CN]; - size_t max_size; - gnutls_str_array_t names; - - _gnutls_str_array_init(&names); - - /* this should be first */ - - ret = gnutls_privkey_init (&privkey); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = - gnutls_privkey_import_openpgp (privkey, pkey, - GNUTLS_PRIVKEY_IMPORT_COPY); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ccert = gnutls_calloc (1, sizeof (gnutls_pcert_st)); - if (ccert == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - max_size = sizeof(name); - ret = 0; - for (i = 0; !(ret < 0); i++) - { - ret = gnutls_openpgp_crt_get_name(crt, i, name, &max_size); - if (ret >= 0) - { - ret2 = _gnutls_str_array_append(&names, name, max_size); - if (ret2 < 0) - { - gnutls_assert(); - ret = ret2; - goto cleanup; - } - } - } - - ret = gnutls_pcert_import_openpgp (ccert, crt, 0); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = certificate_credentials_append_pkey (res, privkey); - if (ret >= 0) - ret = certificate_credential_append_crt_list (res, names, ccert, 1); - - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - res->ncerts++; - - ret = _gnutls_check_key_cert_match (res); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; - -cleanup: - gnutls_privkey_deinit (privkey); - gnutls_free (ccert); - _gnutls_str_array_clear(&names); - return ret; + int ret, ret2, i; + gnutls_privkey_t privkey; + gnutls_pcert_st *ccert = NULL; + char name[MAX_CN]; + size_t max_size; + gnutls_str_array_t names; + + _gnutls_str_array_init(&names); + + /* this should be first */ + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = + gnutls_privkey_import_openpgp(privkey, pkey, + GNUTLS_PRIVKEY_IMPORT_COPY); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ccert = gnutls_calloc(1, sizeof(gnutls_pcert_st)); + if (ccert == NULL) { + gnutls_assert(); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + max_size = sizeof(name); + ret = 0; + for (i = 0; !(ret < 0); i++) { + ret = gnutls_openpgp_crt_get_name(crt, i, name, &max_size); + if (ret >= 0) { + ret2 = + _gnutls_str_array_append(&names, name, + max_size); + if (ret2 < 0) { + gnutls_assert(); + ret = ret2; + goto cleanup; + } + } + } + + ret = gnutls_pcert_import_openpgp(ccert, crt, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = certificate_credentials_append_pkey(res, privkey); + if (ret >= 0) + ret = + certificate_credential_append_crt_list(res, names, + ccert, 1); + + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + res->ncerts++; + + ret = _gnutls_check_key_cert_match(res); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; + + cleanup: + gnutls_privkey_deinit(privkey); + gnutls_free(ccert); + _gnutls_str_array_clear(&names); + return ret; } /*- @@ -184,67 +177,60 @@ cleanup: * from a binary or a file keyring. -*/ int -gnutls_openpgp_get_key (gnutls_datum_t * key, - gnutls_openpgp_keyring_t keyring, key_attr_t by, - uint8_t * pattern) +gnutls_openpgp_get_key(gnutls_datum_t * key, + gnutls_openpgp_keyring_t keyring, key_attr_t by, + uint8_t * pattern) { - cdk_kbnode_t knode = NULL; - unsigned long keyid[2]; - unsigned char *buf; - void *desc; - size_t len; - int rc = 0; - cdk_keydb_search_t st; - - if (!key || !keyring || by == KEY_ATTR_NONE) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - memset (key, 0, sizeof *key); - - if (by == KEY_ATTR_SHORT_KEYID) - { - keyid[0] = _gnutls_read_uint32 (pattern); - desc = keyid; - } - else if (by == KEY_ATTR_KEYID) - { - keyid[0] = _gnutls_read_uint32 (pattern); - keyid[1] = _gnutls_read_uint32 (pattern + 4); - desc = keyid; - } - else - desc = pattern; - rc = cdk_keydb_search_start (&st, keyring->db, by, desc); - if (!rc) - rc = cdk_keydb_search (st, keyring->db, &knode); - - cdk_keydb_search_release (st); - - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - goto leave; - } - - if (!cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY)) - { - rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; - goto leave; - } - - /* We let the function allocate the buffer to avoid - to call the function twice. */ - rc = cdk_kbnode_write_to_mem_alloc (knode, &buf, &len); - if (!rc) - _gnutls_datum_append (key, buf, len); - gnutls_free (buf); - -leave: - cdk_kbnode_release (knode); - return rc; + cdk_kbnode_t knode = NULL; + unsigned long keyid[2]; + unsigned char *buf; + void *desc; + size_t len; + int rc = 0; + cdk_keydb_search_t st; + + if (!key || !keyring || by == KEY_ATTR_NONE) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + memset(key, 0, sizeof *key); + + if (by == KEY_ATTR_SHORT_KEYID) { + keyid[0] = _gnutls_read_uint32(pattern); + desc = keyid; + } else if (by == KEY_ATTR_KEYID) { + keyid[0] = _gnutls_read_uint32(pattern); + keyid[1] = _gnutls_read_uint32(pattern + 4); + desc = keyid; + } else + desc = pattern; + rc = cdk_keydb_search_start(&st, keyring->db, by, desc); + if (!rc) + rc = cdk_keydb_search(st, keyring->db, &knode); + + cdk_keydb_search_release(st); + + if (rc) { + rc = _gnutls_map_cdk_rc(rc); + goto leave; + } + + if (!cdk_kbnode_find(knode, CDK_PKT_PUBLIC_KEY)) { + rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; + goto leave; + } + + /* We let the function allocate the buffer to avoid + to call the function twice. */ + rc = cdk_kbnode_write_to_mem_alloc(knode, &buf, &len); + if (!rc) + _gnutls_datum_append(key, buf, len); + gnutls_free(buf); + + leave: + cdk_kbnode_release(knode); + return rc; } /** @@ -261,13 +247,13 @@ leave: * negative error value. **/ int -gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res, - const gnutls_datum_t * cert, - const gnutls_datum_t * key, - gnutls_openpgp_crt_fmt_t format) +gnutls_certificate_set_openpgp_key_mem(gnutls_certificate_credentials_t + res, const gnutls_datum_t * cert, + const gnutls_datum_t * key, + gnutls_openpgp_crt_fmt_t format) { - return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key, - NULL, format); + return gnutls_certificate_set_openpgp_key_mem2(res, cert, key, + NULL, format); } /** @@ -284,34 +270,33 @@ gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res, * negative error value. **/ int -gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res, - const char *certfile, - const char *keyfile, - gnutls_openpgp_crt_fmt_t format) +gnutls_certificate_set_openpgp_key_file(gnutls_certificate_credentials_t + res, const char *certfile, + const char *keyfile, + gnutls_openpgp_crt_fmt_t format) { - return gnutls_certificate_set_openpgp_key_file2 (res, certfile, - keyfile, NULL, format); + return gnutls_certificate_set_openpgp_key_file2(res, certfile, + keyfile, NULL, + format); } -static int -get_keyid (gnutls_openpgp_keyid_t keyid, const char *str) +static int get_keyid(gnutls_openpgp_keyid_t keyid, const char *str) { - size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE; - - if (strlen (str) != 16) - { - _gnutls_debug_log - ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n"); - return GNUTLS_E_INVALID_REQUEST; - } - - if (_gnutls_hex2bin (str, strlen (str), keyid, &keyid_size) < 0) - { - _gnutls_debug_log ("Error converting hex string: %s.\n", str); - return GNUTLS_E_INVALID_REQUEST; - } - - return 0; + size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE; + + if (strlen(str) != 16) { + _gnutls_debug_log + ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n"); + return GNUTLS_E_INVALID_REQUEST; + } + + if (_gnutls_hex2bin(str, strlen(str), keyid, &keyid_size) < 0) { + _gnutls_debug_log("Error converting hex string: %s.\n", + str); + return GNUTLS_E_INVALID_REQUEST; + } + + return 0; } /** @@ -335,81 +320,80 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str) * Since: 2.4.0 **/ int -gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, - const gnutls_datum_t * cert, - const gnutls_datum_t * key, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t format) +gnutls_certificate_set_openpgp_key_mem2(gnutls_certificate_credentials_t + res, const gnutls_datum_t * cert, + const gnutls_datum_t * key, + const char *subkey_id, + gnutls_openpgp_crt_fmt_t format) { - gnutls_openpgp_privkey_t pkey; - gnutls_openpgp_crt_t crt; - int ret; - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - - ret = gnutls_openpgp_privkey_init (&pkey); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0); - if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_privkey_deinit (pkey); - return ret; - } - - ret = gnutls_openpgp_crt_init (&crt); - if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_privkey_deinit (pkey); - return ret; - } - - ret = gnutls_openpgp_crt_import (crt, cert, format); - if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_privkey_deinit (pkey); - gnutls_openpgp_crt_deinit (crt); - return ret; - } - - if (subkey_id != NULL) - { - if (strcasecmp (subkey_id, "auto") == 0) - ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); - else - ret = get_keyid (keyid, subkey_id); - - if (ret < 0) - gnutls_assert (); - - if (ret >= 0) - { - ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); - if (ret >= 0) - ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); - } - - if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_privkey_deinit (pkey); - gnutls_openpgp_crt_deinit (crt); - return ret; - } - } - - ret = gnutls_certificate_set_openpgp_key (res, crt, pkey); - - gnutls_openpgp_crt_deinit (crt); - gnutls_openpgp_privkey_deinit (pkey); - - return ret; + gnutls_openpgp_privkey_t pkey; + gnutls_openpgp_crt_t crt; + int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + + ret = gnutls_openpgp_privkey_init(&pkey); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = gnutls_openpgp_privkey_import(pkey, key, format, NULL, 0); + if (ret < 0) { + gnutls_assert(); + gnutls_openpgp_privkey_deinit(pkey); + return ret; + } + + ret = gnutls_openpgp_crt_init(&crt); + if (ret < 0) { + gnutls_assert(); + gnutls_openpgp_privkey_deinit(pkey); + return ret; + } + + ret = gnutls_openpgp_crt_import(crt, cert, format); + if (ret < 0) { + gnutls_assert(); + gnutls_openpgp_privkey_deinit(pkey); + gnutls_openpgp_crt_deinit(crt); + return ret; + } + + if (subkey_id != NULL) { + if (strcasecmp(subkey_id, "auto") == 0) + ret = + gnutls_openpgp_crt_get_auth_subkey(crt, keyid, + 1); + else + ret = get_keyid(keyid, subkey_id); + + if (ret < 0) + gnutls_assert(); + + if (ret >= 0) { + ret = + gnutls_openpgp_crt_set_preferred_key_id(crt, + keyid); + if (ret >= 0) + ret = + gnutls_openpgp_privkey_set_preferred_key_id + (pkey, keyid); + } + + if (ret < 0) { + gnutls_assert(); + gnutls_openpgp_privkey_deinit(pkey); + gnutls_openpgp_crt_deinit(crt); + return ret; + } + } + + ret = gnutls_certificate_set_openpgp_key(res, crt, pkey); + + gnutls_openpgp_crt_deinit(crt); + gnutls_openpgp_privkey_deinit(pkey); + + return ret; } /** @@ -433,95 +417,85 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, * Since: 2.4.0 **/ int -gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t - res, const char *certfile, - const char *keyfile, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t format) +gnutls_certificate_set_openpgp_key_file2(gnutls_certificate_credentials_t + res, const char *certfile, + const char *keyfile, + const char *subkey_id, + gnutls_openpgp_crt_fmt_t format) { - struct stat statbuf; - gnutls_datum_t key, cert; - int rc; - size_t size; - - if (!res || !keyfile || !certfile) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (stat (certfile, &statbuf) || stat (keyfile, &statbuf)) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - cert.data = (void*)read_binary_file (certfile, &size); - cert.size = (unsigned int) size; - if (cert.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - key.data = (void*)read_binary_file (keyfile, &size); - key.size = (unsigned int) size; - if (key.data == NULL) - { - gnutls_assert (); - free (cert.data); - return GNUTLS_E_FILE_ERROR; - } - - rc = - gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id, - format); - - free (cert.data); - free (key.data); - - if (rc < 0) - { - gnutls_assert (); - return rc; - } - - return 0; + struct stat statbuf; + gnutls_datum_t key, cert; + int rc; + size_t size; + + if (!res || !keyfile || !certfile) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (stat(certfile, &statbuf) || stat(keyfile, &statbuf)) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + cert.data = (void *) read_binary_file(certfile, &size); + cert.size = (unsigned int) size; + if (cert.data == NULL) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + key.data = (void *) read_binary_file(keyfile, &size); + key.size = (unsigned int) size; + if (key.data == NULL) { + gnutls_assert(); + free(cert.data); + return GNUTLS_E_FILE_ERROR; + } + + rc = gnutls_certificate_set_openpgp_key_mem2(res, &cert, &key, + subkey_id, format); + + free(cert.data); + free(key.data); + + if (rc < 0) { + gnutls_assert(); + return rc; + } + + return 0; } -int -gnutls_openpgp_count_key_names (const gnutls_datum_t * cert) +int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert) { - cdk_kbnode_t knode, p, ctx; - cdk_packet_t pkt; - int nuids; - - if (cert == NULL) - { - gnutls_assert (); - return 0; - } - - if (cdk_kbnode_read_from_mem (&knode, 0, cert->data, cert->size)) - { - gnutls_assert (); - return 0; - } - - ctx = NULL; - for (nuids = 0;;) - { - p = cdk_kbnode_walk (knode, &ctx, 0); - if (!p) - break; - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_USER_ID) - nuids++; - } - - cdk_kbnode_release (knode); - return nuids; + cdk_kbnode_t knode, p, ctx; + cdk_packet_t pkt; + int nuids; + + if (cert == NULL) { + gnutls_assert(); + return 0; + } + + if (cdk_kbnode_read_from_mem(&knode, 0, cert->data, cert->size)) { + gnutls_assert(); + return 0; + } + + ctx = NULL; + for (nuids = 0;;) { + p = cdk_kbnode_walk(knode, &ctx, 0); + if (!p) + break; + pkt = cdk_kbnode_get_packet(p); + if (pkt->pkttype == CDK_PKT_USER_ID) + nuids++; + } + + cdk_kbnode_release(knode); + return nuids; } /** @@ -539,35 +513,32 @@ gnutls_openpgp_count_key_names (const gnutls_datum_t * cert) * negative error value. **/ int -gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c, - const char *file, - gnutls_openpgp_crt_fmt_t format) +gnutls_certificate_set_openpgp_keyring_file +(gnutls_certificate_credentials_t c, const char *file, + gnutls_openpgp_crt_fmt_t format) { - gnutls_datum_t ring; - size_t size; - int rc; - - if (!c || !file) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ring.data = (void*)read_binary_file (file, &size); - ring.size = (unsigned int) size; - if (ring.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - rc = - gnutls_certificate_set_openpgp_keyring_mem (c, ring.data, ring.size, - format); - - free (ring.data); - - return rc; + gnutls_datum_t ring; + size_t size; + int rc; + + if (!c || !file) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ring.data = (void *) read_binary_file(file, &size); + ring.size = (unsigned int) size; + if (ring.data == NULL) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; + } + + rc = gnutls_certificate_set_openpgp_keyring_mem(c, ring.data, + ring.size, format); + + free(ring.data); + + return rc; } /** @@ -586,39 +557,36 @@ gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t c, * negative error value. **/ int -gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t - c, const uint8_t * data, - size_t dlen, - gnutls_openpgp_crt_fmt_t format) +gnutls_certificate_set_openpgp_keyring_mem(gnutls_certificate_credentials_t + c, const uint8_t * data, + size_t dlen, + gnutls_openpgp_crt_fmt_t format) { - gnutls_datum_t ddata; - int rc; - - ddata.data = (void *) data; - ddata.size = dlen; - - if (!c || !data || !dlen) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - rc = gnutls_openpgp_keyring_init (&c->keyring); - if (rc < 0) - { - gnutls_assert (); - return rc; - } - - rc = gnutls_openpgp_keyring_import (c->keyring, &ddata, format); - if (rc < 0) - { - gnutls_assert (); - gnutls_openpgp_keyring_deinit (c->keyring); - return rc; - } - - return 0; + gnutls_datum_t ddata; + int rc; + + ddata.data = (void *) data; + ddata.size = dlen; + + if (!c || !data || !dlen) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + rc = gnutls_openpgp_keyring_init(&c->keyring); + if (rc < 0) { + gnutls_assert(); + return rc; + } + + rc = gnutls_openpgp_keyring_import(c->keyring, &ddata, format); + if (rc < 0) { + gnutls_assert(); + gnutls_openpgp_keyring_deinit(c->keyring); + return rc; + } + + return 0; } /*- @@ -633,48 +601,45 @@ gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t * -*/ int -_gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret, - const gnutls_certificate_credentials_t cred, - uint8_t * key_fpr, int key_fpr_size) +_gnutls_openpgp_request_key(gnutls_session_t session, gnutls_datum_t * ret, + const gnutls_certificate_credentials_t cred, + uint8_t * key_fpr, int key_fpr_size) { - int rc = 0; - - if (!ret || !cred || !key_fpr) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key_fpr_size != 16 && key_fpr_size != 20) - return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */ - - rc = gnutls_openpgp_get_key (ret, cred->keyring, KEY_ATTR_FPR, key_fpr); - - if (rc >= 0) /* key was found */ - { - rc = 0; - goto error; - } - else - rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; - - /* If the callback function was set, then try this one. */ - if (session->internals.openpgp_recv_key_func != NULL) - { - rc = session->internals.openpgp_recv_key_func (session, - key_fpr, - key_fpr_size, ret); - if (rc < 0) - { - gnutls_assert (); - rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; - goto error; - } - } - -error: - - return rc; + int rc = 0; + + if (!ret || !cred || !key_fpr) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key_fpr_size != 16 && key_fpr_size != 20) + return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */ + + rc = gnutls_openpgp_get_key(ret, cred->keyring, KEY_ATTR_FPR, + key_fpr); + + if (rc >= 0) { /* key was found */ + rc = 0; + goto error; + } else + rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; + + /* If the callback function was set, then try this one. */ + if (session->internals.openpgp_recv_key_func != NULL) { + rc = session->internals.openpgp_recv_key_func(session, + key_fpr, + key_fpr_size, + ret); + if (rc < 0) { + gnutls_assert(); + rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; + goto error; + } + } + + error: + + return rc; } /** @@ -690,9 +655,8 @@ error: * **/ void -gnutls_openpgp_set_recv_key_function (gnutls_session_t session, - gnutls_openpgp_recv_key_func func) +gnutls_openpgp_set_recv_key_function(gnutls_session_t session, + gnutls_openpgp_recv_key_func func) { - session->internals.openpgp_recv_key_func = func; + session->internals.openpgp_recv_key_func = func; } - diff --git a/lib/openpgp/gnutls_openpgp.h b/lib/openpgp/gnutls_openpgp.h index 49027e3e5d..8bd04dd735 100644 --- a/lib/openpgp/gnutls_openpgp.h +++ b/lib/openpgp/gnutls_openpgp.h @@ -32,53 +32,53 @@ #include <gnutls/abstract.h> /* OpenCDK compatible */ -typedef enum -{ - KEY_ATTR_NONE = 0, - KEY_ATTR_SHORT_KEYID = 3, - KEY_ATTR_KEYID = 4, - KEY_ATTR_FPR = 5 +typedef enum { + KEY_ATTR_NONE = 0, + KEY_ATTR_SHORT_KEYID = 3, + KEY_ATTR_KEYID = 4, + KEY_ATTR_FPR = 5 } key_attr_t; -int gnutls_openpgp_count_key_names (const gnutls_datum_t * cert); +int gnutls_openpgp_count_key_names(const gnutls_datum_t * cert); -int gnutls_openpgp_get_key (gnutls_datum_t * key, - gnutls_openpgp_keyring_t keyring, - key_attr_t by, uint8_t * pattern); +int gnutls_openpgp_get_key(gnutls_datum_t * key, + gnutls_openpgp_keyring_t keyring, + key_attr_t by, uint8_t * pattern); /* internal */ int -_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src); +_gnutls_openpgp_privkey_cpy(gnutls_openpgp_privkey_t dest, + gnutls_openpgp_privkey_t src); int -_gnutls_openpgp_request_key (gnutls_session_t, - gnutls_datum_t * ret, - const gnutls_certificate_credentials_t cred, - uint8_t * key_fpr, int key_fpr_size); +_gnutls_openpgp_request_key(gnutls_session_t, + gnutls_datum_t * ret, + const gnutls_certificate_credentials_t cred, + uint8_t * key_fpr, int key_fpr_size); -int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t, - const char* hostname, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int *status); -int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, - unsigned char *fpr, size_t * fprlen); -time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * - cert); -time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * - cert); +int _gnutls_openpgp_verify_key(const gnutls_certificate_credentials_t, + const char *hostname, + const gnutls_datum_t * cert_list, + int cert_list_length, unsigned int *status); +int _gnutls_openpgp_fingerprint(const gnutls_datum_t * cert, + unsigned char *fpr, size_t * fprlen); +time_t _gnutls_openpgp_get_raw_key_creation_time(const gnutls_datum_t * + cert); +time_t _gnutls_openpgp_get_raw_key_expiration_time(const gnutls_datum_t * + cert); int -_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); +_gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature); int -_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); +_gnutls_openpgp_privkey_decrypt_data(gnutls_openpgp_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); -#endif /*GNUTLS_OPENPGP_LOCAL_H */ +#endif /*GNUTLS_OPENPGP_LOCAL_H */ -#endif /*ENABLE_OPENPGP */ +#endif /*ENABLE_OPENPGP */ diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h index 952e965591..fa55e3e28f 100644 --- a/lib/openpgp/openpgp_int.h +++ b/lib/openpgp/openpgp_int.h @@ -37,61 +37,60 @@ dst[1] = _gnutls_read_uint32( src+4); } /* Internal context to store the OpenPGP key. */ -typedef struct gnutls_openpgp_crt_int -{ - cdk_kbnode_t knode; - uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int preferred_set; +typedef struct gnutls_openpgp_crt_int { + cdk_kbnode_t knode; + uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int preferred_set; } gnutls_openpgp_crt_int; /* Internal context to store the private OpenPGP key. */ -typedef struct gnutls_openpgp_privkey_int -{ - cdk_kbnode_t knode; - uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int preferred_set; +typedef struct gnutls_openpgp_privkey_int { + cdk_kbnode_t knode; + uint8_t preferred_keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int preferred_set; } gnutls_openpgp_privkey_int; -typedef struct gnutls_openpgp_keyring_int -{ - cdk_keydb_hd_t db; +typedef struct gnutls_openpgp_keyring_int { + cdk_keydb_hd_t db; } gnutls_openpgp_keyring_int; -int _gnutls_map_cdk_rc (int rc); +int _gnutls_map_cdk_rc(int rc); -int _gnutls_openpgp_export (cdk_kbnode_t node, - gnutls_openpgp_crt_fmt_t format, - void *output_data, size_t * output_data_size, - int priv); +int _gnutls_openpgp_export(cdk_kbnode_t node, + gnutls_openpgp_crt_fmt_t format, + void *output_data, size_t * output_data_size, + int priv); -int _gnutls_openpgp_export2 (cdk_kbnode_t node, - gnutls_openpgp_crt_fmt_t format, - gnutls_datum_t* out, int priv); +int _gnutls_openpgp_export2(cdk_kbnode_t node, + gnutls_openpgp_crt_fmt_t format, + gnutls_datum_t * out, int priv); -cdk_packet_t _gnutls_get_valid_subkey (cdk_kbnode_t knode, int key_type); +cdk_packet_t _gnutls_get_valid_subkey(cdk_kbnode_t knode, int key_type); -unsigned int _gnutls_get_pgp_key_usage (unsigned int pgp_usage); +unsigned int _gnutls_get_pgp_key_usage(unsigned int pgp_usage); int -_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, uint32_t keyid[2], - gnutls_pk_params_st * params); +_gnutls_openpgp_crt_get_mpis(gnutls_openpgp_crt_t cert, uint32_t keyid[2], + gnutls_pk_params_st * params); int -_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, - uint32_t keyid[2], gnutls_pk_params_st* params); +_gnutls_openpgp_privkey_get_mpis(gnutls_openpgp_privkey_t pkey, + uint32_t keyid[2], + gnutls_pk_params_st * params); -cdk_packet_t _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv); +cdk_packet_t _gnutls_openpgp_find_key(cdk_kbnode_t knode, + uint32_t keyid[2], + unsigned int priv); -int _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx, - bigint_t * m); +int _gnutls_read_pgp_mpi(cdk_packet_t pkt, unsigned int priv, size_t idx, + bigint_t * m); -int _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv); +int _gnutls_openpgp_find_subkey_idx(cdk_kbnode_t knode, uint32_t keyid[2], + unsigned int priv); -int _gnutls_openpgp_get_algo (int cdk_algo); +int _gnutls_openpgp_get_algo(int cdk_algo); -#endif /* ENABLE_OPENPGP */ +#endif /* ENABLE_OPENPGP */ -#endif /* OPENPGP_LOCAL_H */ +#endif /* OPENPGP_LOCAL_H */ diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c index 9b0a16d259..5ac9031696 100644 --- a/lib/openpgp/output.c +++ b/lib/openpgp/output.c @@ -32,59 +32,60 @@ #define adds _gnutls_buffer_append_str static void -print_key_usage (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, - unsigned int idx) +print_key_usage(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, + unsigned int idx) { - unsigned int key_usage; - int err; - - adds (str, _("\t\tKey Usage:\n")); - - - if (idx == (unsigned int) -1) - err = gnutls_openpgp_crt_get_key_usage (cert, &key_usage); - else - err = gnutls_openpgp_crt_get_subkey_usage (cert, idx, &key_usage); - if (err < 0) - { - addf (str, _("error: get_key_usage: %s\n"), gnutls_strerror (err)); - return; - } - - if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE) - adds (str, _("\t\t\tDigital signatures.\n")); - if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) - adds (str, _("\t\t\tCommunications encipherment.\n")); - if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT) - adds (str, _("\t\t\tStorage data encipherment.\n")); - if (key_usage & GNUTLS_KEY_KEY_AGREEMENT) - adds (str, _("\t\t\tAuthentication.\n")); - if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN) - adds (str, _("\t\t\tCertificate signing.\n")); + unsigned int key_usage; + int err; + + adds(str, _("\t\tKey Usage:\n")); + + + if (idx == (unsigned int) -1) + err = gnutls_openpgp_crt_get_key_usage(cert, &key_usage); + else + err = + gnutls_openpgp_crt_get_subkey_usage(cert, idx, + &key_usage); + if (err < 0) { + addf(str, _("error: get_key_usage: %s\n"), + gnutls_strerror(err)); + return; + } + + if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE) + adds(str, _("\t\t\tDigital signatures.\n")); + if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) + adds(str, _("\t\t\tCommunications encipherment.\n")); + if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT) + adds(str, _("\t\t\tStorage data encipherment.\n")); + if (key_usage & GNUTLS_KEY_KEY_AGREEMENT) + adds(str, _("\t\t\tAuthentication.\n")); + if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN) + adds(str, _("\t\t\tCertificate signing.\n")); } /* idx == -1 indicates main key * otherwise the subkey. */ static void -print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) +print_key_id(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) { - gnutls_openpgp_keyid_t id; - int err; - - if (idx < 0) - err = gnutls_openpgp_crt_get_key_id (cert, id); - else - err = gnutls_openpgp_crt_get_subkey_id (cert, idx, id); - - if (err < 0) - addf (str, "error: get_key_id: %s\n", gnutls_strerror (err)); - else - { - adds (str, _("\tID (hex): ")); - _gnutls_buffer_hexprint (str, id, sizeof (id)); - addf (str, "\n"); - } + gnutls_openpgp_keyid_t id; + int err; + + if (idx < 0) + err = gnutls_openpgp_crt_get_key_id(cert, id); + else + err = gnutls_openpgp_crt_get_subkey_id(cert, idx, id); + + if (err < 0) + addf(str, "error: get_key_id: %s\n", gnutls_strerror(err)); + else { + adds(str, _("\tID (hex): ")); + _gnutls_buffer_hexprint(str, id, sizeof(id)); + addf(str, "\n"); + } } @@ -92,387 +93,451 @@ print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) * otherwise the subkey. */ static void -print_key_fingerprint (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) +print_key_fingerprint(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) { - uint8_t fpr[128]; - size_t fpr_size = sizeof (fpr); - int err; - const char* name; - char* p; - unsigned int bits; - - err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size); - if (err < 0) - addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err)); - else - { - adds (str, _("\tFingerprint (hex): ")); - _gnutls_buffer_hexprint (str, fpr, fpr_size); - addf (str, "\n"); - } - - err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits); - if (err < 0) - return; - - name = gnutls_pk_get_name(err); - if (name == NULL) - return; - - p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits, "\t\t"); - if (p == NULL) - return; - - adds (str, _("\tFingerprint's random art:\n")); - adds (str, p); - adds (str, "\n"); - - gnutls_free(p); + uint8_t fpr[128]; + size_t fpr_size = sizeof(fpr); + int err; + const char *name; + char *p; + unsigned int bits; + + err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size); + if (err < 0) + addf(str, "error: get_fingerprint: %s\n", + gnutls_strerror(err)); + else { + adds(str, _("\tFingerprint (hex): ")); + _gnutls_buffer_hexprint(str, fpr, fpr_size); + addf(str, "\n"); + } + + err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits); + if (err < 0) + return; + + name = gnutls_pk_get_name(err); + if (name == NULL) + return; + + p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits, + "\t\t"); + if (p == NULL) + return; + + adds(str, _("\tFingerprint's random art:\n")); + adds(str, p); + adds(str, "\n"); + + gnutls_free(p); } static void -print_key_revoked (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) +print_key_revoked(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, + int idx) { - int err; - - if (idx < 0) - err = gnutls_openpgp_crt_get_revoked_status (cert); - else - err = gnutls_openpgp_crt_get_subkey_revoked_status (cert, idx); - - if (err != 0) - adds (str, _("\tRevoked: True\n")); - else - adds (str, _("\tRevoked: False\n")); + int err; + + if (idx < 0) + err = gnutls_openpgp_crt_get_revoked_status(cert); + else + err = + gnutls_openpgp_crt_get_subkey_revoked_status(cert, + idx); + + if (err != 0) + adds(str, _("\tRevoked: True\n")); + else + adds(str, _("\tRevoked: False\n")); } static void -print_key_times (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) +print_key_times(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) { - time_t tim; - - adds (str, _("\tTime stamps:\n")); - - if (idx == -1) - tim = gnutls_openpgp_crt_get_creation_time (cert); - else - tim = gnutls_openpgp_crt_get_subkey_creation_time (cert, idx); - - { - char s[42]; - size_t max = sizeof (s); - struct tm t; - - if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); - else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); - else - addf (str, _("\t\tCreation: %s\n"), s); - } - - if (idx == -1) - tim = gnutls_openpgp_crt_get_expiration_time (cert); - else - tim = gnutls_openpgp_crt_get_subkey_expiration_time (cert, idx); - { - char s[42]; - size_t max = sizeof (s); - struct tm t; - - if (tim == 0) - { - adds (str, _("\t\tExpiration: Never\n")); - } - else - { - if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); - else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); - else - addf (str, _("\t\tExpiration: %s\n"), s); - } - } + time_t tim; + + adds(str, _("\tTime stamps:\n")); + + if (idx == -1) + tim = gnutls_openpgp_crt_get_creation_time(cert); + else + tim = + gnutls_openpgp_crt_get_subkey_creation_time(cert, idx); + + { + char s[42]; + size_t max = sizeof(s); + struct tm t; + + if (gmtime_r(&tim, &t) == NULL) + addf(str, "error: gmtime_r (%ld)\n", + (unsigned long) tim); + else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) + == 0) + addf(str, "error: strftime (%ld)\n", + (unsigned long) tim); + else + addf(str, _("\t\tCreation: %s\n"), s); + } + + if (idx == -1) + tim = gnutls_openpgp_crt_get_expiration_time(cert); + else + tim = + gnutls_openpgp_crt_get_subkey_expiration_time(cert, + idx); + { + char s[42]; + size_t max = sizeof(s); + struct tm t; + + if (tim == 0) { + adds(str, _("\t\tExpiration: Never\n")); + } else { + if (gmtime_r(&tim, &t) == NULL) + addf(str, "error: gmtime_r (%ld)\n", + (unsigned long) tim); + else if (strftime + (s, max, "%a %b %d %H:%M:%S UTC %Y", + &t) == 0) + addf(str, "error: strftime (%ld)\n", + (unsigned long) tim); + else + addf(str, _("\t\tExpiration: %s\n"), s); + } + } } static void -print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) +print_key_info(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) { - int err; - unsigned int bits; - - if (idx == -1) - err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits); - else - err = gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, &bits); - - if (err < 0) - addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err)); - else - { - const char *name = gnutls_pk_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); - - addf (str, _("\tPublic Key Algorithm: %s\n"), name); - addf (str, _("\tKey Security Level: %s\n"), - gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param - (err, bits))); - - switch (err) - { - case GNUTLS_PK_RSA: - { - gnutls_datum_t m, e; - - if (idx == -1) - err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e); - else - err = - gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e); - - if (err < 0) - addf (str, "error: get_pk_rsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tModulus (bits %d):\n"), bits); - _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t"); - adds (str, _("\t\tExponent:\n")); - _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t"); - - gnutls_free (m.data); - gnutls_free (e.data); - } - - } - break; - - case GNUTLS_PK_DSA: - { - gnutls_datum_t p, q, g, y; - - if (idx == -1) - err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y); - else - err = - gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q, - &g, &y); - if (err < 0) - addf (str, "error: get_pk_dsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tPublic key (bits %d):\n"), bits); - _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t"); - adds (str, _("\t\tP:\n")); - _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t"); - adds (str, _("\t\tQ:\n")); - _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t"); - adds (str, _("\t\tG:\n")); - _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t"); - - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - } - } - break; - - default: - break; - } - } + int err; + unsigned int bits; + + if (idx == -1) + err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits); + else + err = + gnutls_openpgp_crt_get_subkey_pk_algorithm(cert, idx, + &bits); + + if (err < 0) + addf(str, "error: get_pk_algorithm: %s\n", + gnutls_strerror(err)); + else { + const char *name = gnutls_pk_algorithm_get_name(err); + if (name == NULL) + name = _("unknown"); + + addf(str, _("\tPublic Key Algorithm: %s\n"), name); + addf(str, _("\tKey Security Level: %s\n"), + gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param + (err, bits))); + + switch (err) { + case GNUTLS_PK_RSA: + { + gnutls_datum_t m, e; + + if (idx == -1) + err = + gnutls_openpgp_crt_get_pk_rsa_raw + (cert, &m, &e); + else + err = + gnutls_openpgp_crt_get_subkey_pk_rsa_raw + (cert, idx, &m, &e); + + if (err < 0) + addf(str, + "error: get_pk_rsa_raw: %s\n", + gnutls_strerror(err)); + else { + addf(str, + _("\t\tModulus (bits %d):\n"), + bits); + _gnutls_buffer_hexdump(str, m.data, + m.size, + "\t\t\t"); + adds(str, _("\t\tExponent:\n")); + _gnutls_buffer_hexdump(str, e.data, + e.size, + "\t\t\t"); + + gnutls_free(m.data); + gnutls_free(e.data); + } + + } + break; + + case GNUTLS_PK_DSA: + { + gnutls_datum_t p, q, g, y; + + if (idx == -1) + err = + gnutls_openpgp_crt_get_pk_dsa_raw + (cert, &p, &q, &g, &y); + else + err = + gnutls_openpgp_crt_get_subkey_pk_dsa_raw + (cert, idx, &p, &q, &g, &y); + if (err < 0) + addf(str, + "error: get_pk_dsa_raw: %s\n", + gnutls_strerror(err)); + else { + addf(str, + _ + ("\t\tPublic key (bits %d):\n"), + bits); + _gnutls_buffer_hexdump(str, y.data, + y.size, + "\t\t\t"); + adds(str, _("\t\tP:\n")); + _gnutls_buffer_hexdump(str, p.data, + p.size, + "\t\t\t"); + adds(str, _("\t\tQ:\n")); + _gnutls_buffer_hexdump(str, q.data, + q.size, + "\t\t\t"); + adds(str, _("\t\tG:\n")); + _gnutls_buffer_hexdump(str, g.data, + g.size, + "\t\t\t"); + + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + } + } + break; + + default: + break; + } + } } -static void -print_cert (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) +static void print_cert(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) { - int i, subkeys; - int err; - - print_key_revoked (str, cert, -1); - - /* Version. */ - { - int version = gnutls_openpgp_crt_get_version (cert); - if (version < 0) - addf (str, "error: get_version: %s\n", gnutls_strerror (version)); - else - addf (str, _("\tVersion: %d\n"), version); - } - - /* ID. */ - print_key_id (str, cert, -1); - - print_key_fingerprint (str, cert); - - /* Names. */ - i = 0; - do - { - char *dn; - size_t dn_size = 0; - - err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size); - if (err != GNUTLS_E_SHORT_MEMORY_BUFFER - && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "error: get_name: %s\n", gnutls_strerror (err)); - else - { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "error: malloc (%d): %s\n", (int) dn_size, - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size); - if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && - err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "error: get_name: %s\n", gnutls_strerror (err)); - else if (err >= 0) - addf (str, _("\tName[%d]: %s\n"), i, dn); - else if (err == GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn); - - gnutls_free (dn); - } - } - - i++; - } - while (err >= 0); - - print_key_times (str, cert, -1); - - print_key_info (str, cert, -1); - print_key_usage (str, cert, -1); - - subkeys = gnutls_openpgp_crt_get_subkey_count (cert); - if (subkeys < 0) - return; - - for (i = 0; i < subkeys; i++) - { - addf (str, _("\n\tSubkey[%d]:\n"), i); - - print_key_revoked (str, cert, i); - print_key_id (str, cert, i); - print_key_times (str, cert, i); - print_key_info (str, cert, i); - print_key_usage (str, cert, i); - } + int i, subkeys; + int err; + + print_key_revoked(str, cert, -1); + + /* Version. */ + { + int version = gnutls_openpgp_crt_get_version(cert); + if (version < 0) + addf(str, "error: get_version: %s\n", + gnutls_strerror(version)); + else + addf(str, _("\tVersion: %d\n"), version); + } + + /* ID. */ + print_key_id(str, cert, -1); + + print_key_fingerprint(str, cert); + + /* Names. */ + i = 0; + do { + char *dn; + size_t dn_size = 0; + + err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size); + if (err != GNUTLS_E_SHORT_MEMORY_BUFFER + && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + && err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf(str, "error: get_name: %s\n", + gnutls_strerror(err)); + else { + dn = gnutls_malloc(dn_size); + if (!dn) + addf(str, "error: malloc (%d): %s\n", + (int) dn_size, + gnutls_strerror + (GNUTLS_E_MEMORY_ERROR)); + else { + err = + gnutls_openpgp_crt_get_name(cert, i, + dn, + &dn_size); + if (err < 0 + && err != + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + && err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf(str, "error: get_name: %s\n", + gnutls_strerror(err)); + else if (err >= 0) + addf(str, _("\tName[%d]: %s\n"), i, + dn); + else if (err == + GNUTLS_E_OPENPGP_UID_REVOKED) + addf(str, + _("\tRevoked Name[%d]: %s\n"), + i, dn); + + gnutls_free(dn); + } + } + + i++; + } + while (err >= 0); + + print_key_times(str, cert, -1); + + print_key_info(str, cert, -1); + print_key_usage(str, cert, -1); + + subkeys = gnutls_openpgp_crt_get_subkey_count(cert); + if (subkeys < 0) + return; + + for (i = 0; i < subkeys; i++) { + addf(str, _("\n\tSubkey[%d]:\n"), i); + + print_key_revoked(str, cert, i); + print_key_id(str, cert, i); + print_key_times(str, cert, i); + print_key_info(str, cert, i); + print_key_usage(str, cert, i); + } } static void -print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) +print_oneline(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) { - int err, i; - - i = 0; - do - { - char *dn; - size_t dn_size = 0; - - err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size); - if (err != GNUTLS_E_SHORT_MEMORY_BUFFER - && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "unknown name (%s), ", gnutls_strerror (err)); - else - { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "unknown name (%s), ", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size); - if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && - err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "unknown name (%s), ", gnutls_strerror (err)); - else if (err >= 0) - addf (str, _("name[%d]: %s, "), i, dn); - else if (err == GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, _("revoked name[%d]: %s, "), i, dn); - - gnutls_free (dn); - } - } - - i++; - } - while (err >= 0); - - { - char fpr[128]; - size_t fpr_size = sizeof (fpr); - int err; - - err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size); - if (err < 0) - addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err)); - else - { - adds (str, _("fingerprint: ")); - _gnutls_buffer_hexprint (str, fpr, fpr_size); - addf (str, ", "); - } - } - - { - time_t tim; - - tim = gnutls_openpgp_crt_get_creation_time (cert); - { - char s[42]; - size_t max = sizeof (s); - struct tm t; - - if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim); - else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) - addf (str, "error: strftime (%ld), ", (unsigned long) tim); - else - addf (str, _("created: %s, "), s); - } - - tim = gnutls_openpgp_crt_get_expiration_time (cert); - { - char s[42]; - size_t max = sizeof (s); - struct tm t; - - if (tim == 0) - adds (str, _("never expires, ")); - else - { - if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim); - else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) - addf (str, "error: strftime (%ld), ", (unsigned long) tim); - else - addf (str, _("expires: %s, "), s); - } - } - } - - { - unsigned int bits = 0; - gnutls_pk_algorithm_t algo = - gnutls_openpgp_crt_get_pk_algorithm (cert, &bits); - const char *algostr = gnutls_pk_algorithm_get_name (algo); - - if (algostr) - addf (str, _("key algorithm %s (%d bits)"), algostr, bits); - else - addf (str, _("unknown key algorithm (%d)"), algo); - } + int err, i; + + i = 0; + do { + char *dn; + size_t dn_size = 0; + + err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size); + if (err != GNUTLS_E_SHORT_MEMORY_BUFFER + && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + && err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf(str, "unknown name (%s), ", + gnutls_strerror(err)); + else { + dn = gnutls_malloc(dn_size); + if (!dn) + addf(str, "unknown name (%s), ", + gnutls_strerror + (GNUTLS_E_MEMORY_ERROR)); + else { + err = + gnutls_openpgp_crt_get_name(cert, i, + dn, + &dn_size); + if (err < 0 + && err != + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + && err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf(str, "unknown name (%s), ", + gnutls_strerror(err)); + else if (err >= 0) + addf(str, _("name[%d]: %s, "), i, + dn); + else if (err == + GNUTLS_E_OPENPGP_UID_REVOKED) + addf(str, + _("revoked name[%d]: %s, "), + i, dn); + + gnutls_free(dn); + } + } + + i++; + } + while (err >= 0); + + { + char fpr[128]; + size_t fpr_size = sizeof(fpr); + int err; + + err = + gnutls_openpgp_crt_get_fingerprint(cert, fpr, + &fpr_size); + if (err < 0) + addf(str, "error: get_fingerprint: %s\n", + gnutls_strerror(err)); + else { + adds(str, _("fingerprint: ")); + _gnutls_buffer_hexprint(str, fpr, fpr_size); + addf(str, ", "); + } + } + + { + time_t tim; + + tim = gnutls_openpgp_crt_get_creation_time(cert); + { + char s[42]; + size_t max = sizeof(s); + struct tm t; + + if (gmtime_r(&tim, &t) == NULL) + addf(str, "error: gmtime_r (%ld), ", + (unsigned long) tim); + else if (strftime + (s, max, "%Y-%m-%d %H:%M:%S UTC", + &t) == 0) + addf(str, "error: strftime (%ld), ", + (unsigned long) tim); + else + addf(str, _("created: %s, "), s); + } + + tim = gnutls_openpgp_crt_get_expiration_time(cert); + { + char s[42]; + size_t max = sizeof(s); + struct tm t; + + if (tim == 0) + adds(str, _("never expires, ")); + else { + if (gmtime_r(&tim, &t) == NULL) + addf(str, + "error: gmtime_r (%ld), ", + (unsigned long) tim); + else if (strftime + (s, max, "%Y-%m-%d %H:%M:%S UTC", + &t) == 0) + addf(str, + "error: strftime (%ld), ", + (unsigned long) tim); + else + addf(str, _("expires: %s, "), s); + } + } + } + + { + unsigned int bits = 0; + gnutls_pk_algorithm_t algo = + gnutls_openpgp_crt_get_pk_algorithm(cert, &bits); + const char *algostr = gnutls_pk_algorithm_get_name(algo); + + if (algostr) + addf(str, _("key algorithm %s (%d bits)"), algostr, + bits); + else + addf(str, _("unknown key algorithm (%d)"), algo); + } } /** @@ -491,35 +556,34 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) +gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) { - gnutls_buffer_st str; - int ret; - - _gnutls_buffer_init (&str); - - if (format == GNUTLS_CRT_PRINT_ONELINE) - print_oneline (&str, cert); - else if (format == GNUTLS_CRT_PRINT_COMPACT) - { - print_oneline (&str, cert); - - _gnutls_buffer_append_data (&str, "\n", 1); - print_key_fingerprint (&str, cert); - } - else - { - _gnutls_buffer_append_str (&str, - _("OpenPGP Certificate Information:\n")); - print_cert (&str, cert); - } - - _gnutls_buffer_append_data (&str, "\0", 1); - - ret = _gnutls_buffer_to_datum( &str, out); - if (out->size > 0) out->size--; - - return ret; + gnutls_buffer_st str; + int ret; + + _gnutls_buffer_init(&str); + + if (format == GNUTLS_CRT_PRINT_ONELINE) + print_oneline(&str, cert); + else if (format == GNUTLS_CRT_PRINT_COMPACT) { + print_oneline(&str, cert); + + _gnutls_buffer_append_data(&str, "\n", 1); + print_key_fingerprint(&str, cert); + } else { + _gnutls_buffer_append_str(&str, + _ + ("OpenPGP Certificate Information:\n")); + print_cert(&str, cert); + } + + _gnutls_buffer_append_data(&str, "\0", 1); + + ret = _gnutls_buffer_to_datum(&str, out); + if (out->size > 0) + out->size--; + + return ret; } diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index 38cab4f417..0c714e8e4c 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -40,14 +40,13 @@ * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ -int -gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key) +int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key) { - *key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int)); + *key = gnutls_calloc(1, sizeof(gnutls_openpgp_crt_int)); - if (*key) - return 0; /* success */ - return GNUTLS_E_MEMORY_ERROR; + if (*key) + return 0; /* success */ + return GNUTLS_E_MEMORY_ERROR; } /** @@ -56,19 +55,17 @@ gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key) * * This function will deinitialize a key structure. **/ -void -gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key) +void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key) { - if (!key) - return; + if (!key) + return; - if (key->knode) - { - cdk_kbnode_release (key->knode); - key->knode = NULL; - } + if (key->knode) { + cdk_kbnode_release(key->knode); + key->knode = NULL; + } - gnutls_free (key); + gnutls_free(key); } /** @@ -84,130 +81,125 @@ gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key) * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format) +gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format) { - cdk_packet_t pkt; - int rc, armor; - - if (data->data == NULL || data->size == 0) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - if (format == GNUTLS_OPENPGP_FMT_RAW) armor = 0; - else armor = 1; - - rc = cdk_kbnode_read_from_mem (&key->knode, armor, data->data, data->size); - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - - /* Test if the import was successful. */ - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - return 0; + cdk_packet_t pkt; + int rc, armor; + + if (data->data == NULL || data->size == 0) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + if (format == GNUTLS_OPENPGP_FMT_RAW) + armor = 0; + else + armor = 1; + + rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data, + data->size); + if (rc) { + rc = _gnutls_map_cdk_rc(rc); + gnutls_assert(); + return rc; + } + + /* Test if the import was successful. */ + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + return 0; } -int _gnutls_openpgp_export2 (cdk_kbnode_t node, - gnutls_openpgp_crt_fmt_t format, - gnutls_datum_t* out, int priv) +int _gnutls_openpgp_export2(cdk_kbnode_t node, + gnutls_openpgp_crt_fmt_t format, + gnutls_datum_t * out, int priv) { -int ret; -size_t size = 0; - - ret = _gnutls_openpgp_export(node, format, NULL, &size, priv); - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - out->data = gnutls_malloc(size); - - ret = _gnutls_openpgp_export(node, format, out->data, &size, priv); - if (ret < 0) - { - gnutls_free(out->data); - return gnutls_assert_val(ret); - } - out->size = size; - } - else if (ret < 0) - return gnutls_assert_val(ret); - - return 0; + int ret; + size_t size = 0; + + ret = _gnutls_openpgp_export(node, format, NULL, &size, priv); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { + out->data = gnutls_malloc(size); + + ret = + _gnutls_openpgp_export(node, format, out->data, &size, + priv); + if (ret < 0) { + gnutls_free(out->data); + return gnutls_assert_val(ret); + } + out->size = size; + } else if (ret < 0) + return gnutls_assert_val(ret); + + return 0; } /* internal version of export */ int -_gnutls_openpgp_export (cdk_kbnode_t node, - gnutls_openpgp_crt_fmt_t format, - void *output_data, - size_t * output_data_size, int priv) +_gnutls_openpgp_export(cdk_kbnode_t node, + gnutls_openpgp_crt_fmt_t format, + void *output_data, + size_t * output_data_size, int priv) { - size_t input_data_size = *output_data_size; - size_t calc_size; - int rc; - - rc = cdk_kbnode_write_to_mem (node, output_data, output_data_size); - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - - /* If the caller uses output_data == NULL then return what he expects. - */ - if (!output_data && format != GNUTLS_OPENPGP_FMT_BASE64) - { - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - if (format == GNUTLS_OPENPGP_FMT_BASE64) - { - unsigned char *in = gnutls_calloc (1, *output_data_size); - memcpy (in, output_data, *output_data_size); - - /* Calculate the size of the encoded data and check if the provided - buffer is large enough. */ - rc = cdk_armor_encode_buffer (in, *output_data_size, - NULL, 0, &calc_size, - priv ? CDK_ARMOR_SECKEY : - CDK_ARMOR_PUBKEY); - if (rc || calc_size > input_data_size) - { - gnutls_free (in); - *output_data_size = calc_size; - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - rc = cdk_armor_encode_buffer (in, *output_data_size, - output_data, input_data_size, &calc_size, - priv ? CDK_ARMOR_SECKEY : - CDK_ARMOR_PUBKEY); - gnutls_free (in); - *output_data_size = calc_size; - - if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - } - - return 0; + size_t input_data_size = *output_data_size; + size_t calc_size; + int rc; + + rc = cdk_kbnode_write_to_mem(node, output_data, output_data_size); + if (rc) { + rc = _gnutls_map_cdk_rc(rc); + gnutls_assert(); + return rc; + } + + /* If the caller uses output_data == NULL then return what he expects. + */ + if (!output_data && format != GNUTLS_OPENPGP_FMT_BASE64) { + gnutls_assert(); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + if (format == GNUTLS_OPENPGP_FMT_BASE64) { + unsigned char *in = gnutls_calloc(1, *output_data_size); + memcpy(in, output_data, *output_data_size); + + /* Calculate the size of the encoded data and check if the provided + buffer is large enough. */ + rc = cdk_armor_encode_buffer(in, *output_data_size, + NULL, 0, &calc_size, + priv ? CDK_ARMOR_SECKEY : + CDK_ARMOR_PUBKEY); + if (rc || calc_size > input_data_size) { + gnutls_free(in); + *output_data_size = calc_size; + gnutls_assert(); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + rc = cdk_armor_encode_buffer(in, *output_data_size, + output_data, input_data_size, + &calc_size, + priv ? CDK_ARMOR_SECKEY : + CDK_ARMOR_PUBKEY); + gnutls_free(in); + *output_data_size = calc_size; + + if (rc) { + rc = _gnutls_map_cdk_rc(rc); + gnutls_assert(); + return rc; + } + } + + return 0; } @@ -226,12 +218,12 @@ _gnutls_openpgp_export (cdk_kbnode_t node, * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - void *output_data, size_t * output_data_size) +gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key, + gnutls_openpgp_crt_fmt_t format, + void *output_data, size_t * output_data_size) { - return _gnutls_openpgp_export (key->knode, format, output_data, - output_data_size, 0); + return _gnutls_openpgp_export(key->knode, format, output_data, + output_data_size, 0); } /** @@ -248,11 +240,11 @@ gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, * Since: 3.1.3 **/ int -gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - gnutls_datum_t *out) +gnutls_openpgp_crt_export2(gnutls_openpgp_crt_t key, + gnutls_openpgp_crt_fmt_t format, + gnutls_datum_t * out) { - return _gnutls_openpgp_export2 (key->knode, format, out, 0); + return _gnutls_openpgp_export2(key->knode, format, out, 0); } /** @@ -267,58 +259,54 @@ gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key, * Returns: On success, 0 is returned. Otherwise, an error code. **/ int -gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, - void *fpr, size_t * fprlen) +gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key, + void *fpr, size_t * fprlen) { - cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; + cdk_packet_t pkt; + cdk_pkt_pubkey_t pk = NULL; - if (!fpr || !fprlen) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!fpr || !fprlen) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - *fprlen = 0; + *fprlen = 0; - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - pk = pkt->pkt.public_key; - *fprlen = 20; + pk = pkt->pkt.public_key; + *fprlen = 20; - /* FIXME: Check if the draft allows old PGP keys. */ - if (is_RSA (pk->pubkey_algo) && pk->version < 4) - *fprlen = 16; - cdk_pk_get_fingerprint (pk, fpr); + /* FIXME: Check if the draft allows old PGP keys. */ + if (is_RSA(pk->pubkey_algo) && pk->version < 4) + *fprlen = 16; + cdk_pk_get_fingerprint(pk, fpr); - return 0; + return 0; } -static int -_gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key) +static int _gnutls_openpgp_count_key_names(gnutls_openpgp_crt_t key) { - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - int nuids; - - if (key == NULL) - { - gnutls_assert (); - return 0; - } - - ctx = NULL; - nuids = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_USER_ID) - nuids++; - } - - return nuids; + cdk_kbnode_t p, ctx; + cdk_packet_t pkt; + int nuids; + + if (key == NULL) { + gnutls_assert(); + return 0; + } + + ctx = NULL; + nuids = 0; + while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + if (pkt->pkttype == CDK_PKT_USER_ID) + nuids++; + } + + return nuids; } @@ -338,60 +326,54 @@ _gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key) * error code. **/ int -gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, - int idx, char *buf, size_t * sizeof_buf) +gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key, + int idx, char *buf, size_t * sizeof_buf) { - cdk_kbnode_t ctx = NULL, p; - cdk_packet_t pkt = NULL; - cdk_pkt_userid_t uid = NULL; - int pos = 0; - - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (idx < 0 || idx >= _gnutls_openpgp_count_key_names (key)) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - - pos = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_USER_ID) - { - if (pos == idx) - break; - pos++; - } - } - - if (!pkt) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - uid = pkt->pkt.user_id; - if (uid->len >= *sizeof_buf) - { - gnutls_assert (); - *sizeof_buf = uid->len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - if (buf) - { - memcpy (buf, uid->name, uid->len); - buf[uid->len] = '\0'; /* make sure it's a string */ - } - *sizeof_buf = uid->len + 1; - - if (uid->is_revoked) - return GNUTLS_E_OPENPGP_UID_REVOKED; - - return 0; + cdk_kbnode_t ctx = NULL, p; + cdk_packet_t pkt = NULL; + cdk_pkt_userid_t uid = NULL; + int pos = 0; + + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (idx < 0 || idx >= _gnutls_openpgp_count_key_names(key)) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + + pos = 0; + while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + if (pkt->pkttype == CDK_PKT_USER_ID) { + if (pos == idx) + break; + pos++; + } + } + + if (!pkt) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + + uid = pkt->pkt.user_id; + if (uid->len >= *sizeof_buf) { + gnutls_assert(); + *sizeof_buf = uid->len + 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + if (buf) { + memcpy(buf, uid->name, uid->len); + buf[uid->len] = '\0'; /* make sure it's a string */ + } + *sizeof_buf = uid->len + 1; + + if (uid->is_revoked) + return GNUTLS_E_OPENPGP_UID_REVOKED; + + return 0; } /** @@ -410,42 +392,42 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, * success, or GNUTLS_PK_UNKNOWN on error. **/ gnutls_pk_algorithm_t -gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int *bits) +gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key, + unsigned int *bits) { - cdk_packet_t pkt; - int algo = 0, ret; - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - - if (!key) - { - gnutls_assert (); - return GNUTLS_PK_UNKNOWN; - } - - ret = gnutls_openpgp_crt_get_preferred_key_id (key, keyid); - if (ret == 0) - { - int idx; - - idx = gnutls_openpgp_crt_get_subkey_idx (key, keyid); - if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) - { - algo = - gnutls_openpgp_crt_get_subkey_pk_algorithm (key, idx, bits); - return algo; - } - } - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt) - { - if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.public_key); - algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo); - } - - return algo; + cdk_packet_t pkt; + int algo = 0, ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + + if (!key) { + gnutls_assert(); + return GNUTLS_PK_UNKNOWN; + } + + ret = gnutls_openpgp_crt_get_preferred_key_id(key, keyid); + if (ret == 0) { + int idx; + + idx = gnutls_openpgp_crt_get_subkey_idx(key, keyid); + if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) { + algo = + gnutls_openpgp_crt_get_subkey_pk_algorithm(key, + idx, + bits); + return algo; + } + } + + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (pkt) { + if (bits) + *bits = cdk_pk_get_nbits(pkt->pkt.public_key); + algo = + _gnutls_openpgp_get_algo(pkt->pkt.public_key-> + pubkey_algo); + } + + return algo; } @@ -457,22 +439,21 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, * * Returns: the version number is returned, or a negative error code on errors. **/ -int -gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key) +int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key) { - cdk_packet_t pkt; - int version; + cdk_packet_t pkt; + int version; - if (!key) - return -1; + if (!key) + return -1; - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt) - version = pkt->pkt.public_key->version; - else - version = 0; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (pkt) + version = pkt->pkt.public_key->version; + else + version = 0; - return version; + return version; } @@ -484,22 +465,21 @@ gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key) * * Returns: the timestamp when the OpenPGP key was created. **/ -time_t -gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key) +time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key) { - cdk_packet_t pkt; - time_t timestamp; + cdk_packet_t pkt; + time_t timestamp; - if (!key) - return (time_t) - 1; + if (!key) + return (time_t) - 1; - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt) - timestamp = pkt->pkt.public_key->timestamp; - else - timestamp = 0; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (pkt) + timestamp = pkt->pkt.public_key->timestamp; + else + timestamp = 0; - return timestamp; + return timestamp; } @@ -512,22 +492,21 @@ gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key) * * Returns: the time when the OpenPGP key expires. **/ -time_t -gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key) +time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key) { - cdk_packet_t pkt; - time_t expiredate; + cdk_packet_t pkt; + time_t expiredate; - if (!key) - return (time_t) - 1; + if (!key) + return (time_t) - 1; - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (pkt) - expiredate = pkt->pkt.public_key->expiredate; - else - expiredate = 0; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (pkt) + expiredate = pkt->pkt.public_key->expiredate; + else + expiredate = 0; - return expiredate; + return expiredate; } /** @@ -542,27 +521,26 @@ gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key) * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key, + gnutls_openpgp_keyid_t keyid) { - cdk_packet_t pkt; - uint32_t kid[2]; + cdk_packet_t pkt; + uint32_t kid[2]; - if (!key || !keyid) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key || !keyid) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - cdk_pk_get_keyid (pkt->pkt.public_key, kid); - _gnutls_write_uint32 (kid[0], keyid); - _gnutls_write_uint32 (kid[1], keyid + 4); + cdk_pk_get_keyid(pkt->pkt.public_key, kid); + _gnutls_write_uint32(kid[0], keyid); + _gnutls_write_uint32(kid[1], keyid + 4); - return 0; + return 0; } /** @@ -576,24 +554,22 @@ gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key, * * Since: 2.4.0 **/ -int -gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key) +int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t key) { - cdk_packet_t pkt; + cdk_packet_t pkt; - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - if (pkt->pkt.public_key->is_revoked != 0) - return 1; - return 0; + if (pkt->pkt.public_key->is_revoked != 0) + return 1; + return 0; } /** @@ -608,52 +584,52 @@ gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key) * Returns: non-zero for a successful match, and zero on failure. **/ int -gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, - const char *hostname) +gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key, + const char *hostname) { - char dnsname[MAX_CN]; - size_t dnsnamesize; - int ret = 0; - int i; - - /* Check through all included names. */ - for (i = 0; !(ret < 0); i++) - { - dnsnamesize = sizeof (dnsname); - ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize); - - if (ret == 0) - { - /* Length returned by gnutls_openpgp_crt_get_name includes - the terminating (0). */ - dnsnamesize--; - - if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname, 0)) - return 1; - } - } - - /* not found a matching name */ - return 0; + char dnsname[MAX_CN]; + size_t dnsnamesize; + int ret = 0; + int i; + + /* Check through all included names. */ + for (i = 0; !(ret < 0); i++) { + dnsnamesize = sizeof(dnsname); + ret = + gnutls_openpgp_crt_get_name(key, i, dnsname, + &dnsnamesize); + + if (ret == 0) { + /* Length returned by gnutls_openpgp_crt_get_name includes + the terminating (0). */ + dnsnamesize--; + + if (_gnutls_hostname_compare + (dnsname, dnsnamesize, hostname, 0)) + return 1; + } + } + + /* not found a matching name */ + return 0; } -unsigned int -_gnutls_get_pgp_key_usage (unsigned int cdk_usage) +unsigned int _gnutls_get_pgp_key_usage(unsigned int cdk_usage) { - unsigned int usage = 0; - - if (cdk_usage & CDK_KEY_USG_CERT_SIGN) - usage |= GNUTLS_KEY_KEY_CERT_SIGN; - if (cdk_usage & CDK_KEY_USG_DATA_SIGN) - usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; - if (cdk_usage & CDK_KEY_USG_COMM_ENCR) - usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; - if (cdk_usage & CDK_KEY_USG_STORAGE_ENCR) - usage |= GNUTLS_KEY_DATA_ENCIPHERMENT; - if (cdk_usage & CDK_KEY_USG_AUTH) - usage |= GNUTLS_KEY_KEY_AGREEMENT; - - return usage; + unsigned int usage = 0; + + if (cdk_usage & CDK_KEY_USG_CERT_SIGN) + usage |= GNUTLS_KEY_KEY_CERT_SIGN; + if (cdk_usage & CDK_KEY_USG_DATA_SIGN) + usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; + if (cdk_usage & CDK_KEY_USG_COMM_ENCR) + usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; + if (cdk_usage & CDK_KEY_USG_STORAGE_ENCR) + usage |= GNUTLS_KEY_DATA_ENCIPHERMENT; + if (cdk_usage & CDK_KEY_USG_AUTH) + usage |= GNUTLS_KEY_KEY_AGREEMENT; + + return usage; } /** @@ -668,24 +644,24 @@ _gnutls_get_pgp_key_usage (unsigned int cdk_usage) * Returns: %GNUTLS_E_SUCCESS on success, or an error code. */ int -gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, - unsigned int *key_usage) +gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key, + unsigned int *key_usage) { - cdk_packet_t pkt; + cdk_packet_t pkt; - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage); + *key_usage = + _gnutls_get_pgp_key_usage(pkt->pkt.public_key->pubkey_usage); - return 0; + return 0; } /** @@ -699,55 +675,51 @@ gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, * * Since: 2.4.0 **/ -int -gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key) +int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key) { - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - int subkeys; - - if (key == NULL) - { - gnutls_assert (); - return 0; - } - - ctx = NULL; - subkeys = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) - subkeys++; - } - - return subkeys; + cdk_kbnode_t p, ctx; + cdk_packet_t pkt; + int subkeys; + + if (key == NULL) { + gnutls_assert(); + return 0; + } + + ctx = NULL; + subkeys = 0; + while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) + subkeys++; + } + + return subkeys; } /* returns the subkey with the given index */ static cdk_packet_t -_get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx) +_get_public_subkey(gnutls_openpgp_crt_t key, unsigned int indx) { - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - unsigned int subkeys; - - if (key == NULL) - { - gnutls_assert (); - return NULL; - } - - ctx = NULL; - subkeys = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY && indx == subkeys++) - return pkt; - } - - return NULL; + cdk_kbnode_t p, ctx; + cdk_packet_t pkt; + unsigned int subkeys; + + if (key == NULL) { + gnutls_assert(); + return NULL; + } + + ctx = NULL; + subkeys = 0; + while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY + && indx == subkeys++) + return pkt; + } + + return NULL; } /* returns the key with the given keyid. It can be either key or subkey. @@ -756,41 +728,39 @@ _get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx) * pkt->pkt.public_key; */ cdk_packet_t -_gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv) +_gnutls_openpgp_find_key(cdk_kbnode_t knode, uint32_t keyid[2], + unsigned int priv) { - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - uint32_t local_keyid[2]; - - ctx = NULL; - while ((p = cdk_kbnode_walk (knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - - if ((priv == 0 - && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY - || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0 - && (pkt->pkttype == - CDK_PKT_SECRET_SUBKEY - || pkt->pkttype - == - CDK_PKT_SECRET_KEY))) - { - if (priv == 0) - cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid); - else - cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); - - if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) - { - return pkt; - } - } - } - - gnutls_assert (); - return NULL; + cdk_kbnode_t p, ctx; + cdk_packet_t pkt; + uint32_t local_keyid[2]; + + ctx = NULL; + while ((p = cdk_kbnode_walk(knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + + if ((priv == 0 + && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY + || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) + || (priv != 0 + && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY + || pkt->pkttype == CDK_PKT_SECRET_KEY))) { + if (priv == 0) + cdk_pk_get_keyid(pkt->pkt.public_key, + local_keyid); + else + cdk_pk_get_keyid(pkt->pkt.secret_key->pk, + local_keyid); + + if (local_keyid[0] == keyid[0] + && local_keyid[1] == keyid[1]) { + return pkt; + } + } + } + + gnutls_assert(); + return NULL; } /* returns the key with the given keyid @@ -799,41 +769,42 @@ _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2], * pkt->pkt.public_key; */ int -_gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv) +_gnutls_openpgp_find_subkey_idx(cdk_kbnode_t knode, uint32_t keyid[2], + unsigned int priv) { - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - int i = 0; - uint32_t local_keyid[2]; - - _gnutls_hard_log ("Looking keyid: %x.%x\n", keyid[0], keyid[1]); - - ctx = NULL; - while ((p = cdk_kbnode_walk (knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - - if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)) || - (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY))) - { - if (priv == 0) - cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid); - else - cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); - - _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0], - local_keyid[1]); - if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) - { - return i; - } - i++; - } - } - - gnutls_assert (); - return GNUTLS_E_OPENPGP_SUBKEY_ERROR; + cdk_kbnode_t p, ctx; + cdk_packet_t pkt; + int i = 0; + uint32_t local_keyid[2]; + + _gnutls_hard_log("Looking keyid: %x.%x\n", keyid[0], keyid[1]); + + ctx = NULL; + while ((p = cdk_kbnode_walk(knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + + if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)) + || (priv != 0 + && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY))) { + if (priv == 0) + cdk_pk_get_keyid(pkt->pkt.public_key, + local_keyid); + else + cdk_pk_get_keyid(pkt->pkt.secret_key->pk, + local_keyid); + + _gnutls_hard_log("Found keyid: %x.%x\n", + local_keyid[0], local_keyid[1]); + if (local_keyid[0] == keyid[0] + && local_keyid[1] == keyid[1]) { + return i; + } + i++; + } + } + + gnutls_assert(); + return GNUTLS_E_OPENPGP_SUBKEY_ERROR; } /** @@ -849,27 +820,26 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key, - unsigned int idx) +gnutls_openpgp_crt_get_subkey_revoked_status(gnutls_openpgp_crt_t key, + unsigned int idx) { - cdk_packet_t pkt; + cdk_packet_t pkt; - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_revoked_status(key); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_revoked_status(key); - pkt = _get_public_subkey (key, idx); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = _get_public_subkey(key, idx); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - if (pkt->pkt.public_key->is_revoked != 0) - return 1; - return 0; + if (pkt->pkt.public_key->is_revoked != 0) + return 1; + return 0; } /** @@ -891,33 +861,33 @@ gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key, * Since: 2.4.0 **/ gnutls_pk_algorithm_t -gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *bits) +gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t key, + unsigned int idx, + unsigned int *bits) { - cdk_packet_t pkt; - int algo; + cdk_packet_t pkt; + int algo; - if (!key) - { - gnutls_assert (); - return GNUTLS_PK_UNKNOWN; - } + if (!key) { + gnutls_assert(); + return GNUTLS_PK_UNKNOWN; + } - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_pk_algorithm(key, bits); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_pk_algorithm(key, bits); - pkt = _get_public_subkey (key, idx); + pkt = _get_public_subkey(key, idx); - algo = 0; - if (pkt) - { - if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.public_key); - algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo); - } + algo = 0; + if (pkt) { + if (bits) + *bits = cdk_pk_get_nbits(pkt->pkt.public_key); + algo = + _gnutls_openpgp_get_algo(pkt->pkt.public_key-> + pubkey_algo); + } - return algo; + return algo; } /** @@ -932,25 +902,25 @@ gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key, * Since: 2.4.0 **/ time_t -gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key, - unsigned int idx) +gnutls_openpgp_crt_get_subkey_creation_time(gnutls_openpgp_crt_t key, + unsigned int idx) { - cdk_packet_t pkt; - time_t timestamp; + cdk_packet_t pkt; + time_t timestamp; - if (!key) - return (time_t) - 1; + if (!key) + return (time_t) - 1; - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_creation_time(key); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_creation_time(key); - pkt = _get_public_subkey (key, idx); - if (pkt) - timestamp = pkt->pkt.public_key->timestamp; - else - timestamp = 0; + pkt = _get_public_subkey(key, idx); + if (pkt) + timestamp = pkt->pkt.public_key->timestamp; + else + timestamp = 0; - return timestamp; + return timestamp; } @@ -967,25 +937,25 @@ gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key, * Since: 2.4.0 **/ time_t -gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key, - unsigned int idx) +gnutls_openpgp_crt_get_subkey_expiration_time(gnutls_openpgp_crt_t key, + unsigned int idx) { - cdk_packet_t pkt; - time_t expiredate; + cdk_packet_t pkt; + time_t expiredate; - if (!key) - return (time_t) - 1; + if (!key) + return (time_t) - 1; - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_expiration_time(key); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_expiration_time(key); - pkt = _get_public_subkey (key, idx); - if (pkt) - expiredate = pkt->pkt.public_key->expiredate; - else - expiredate = 0; + pkt = _get_public_subkey(key, idx); + if (pkt) + expiredate = pkt->pkt.public_key->expiredate; + else + expiredate = 0; - return expiredate; + return expiredate; } /** @@ -999,31 +969,30 @@ gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key, * Returns: the 64-bit keyID of the OpenPGP key. **/ int -gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t key, + unsigned int idx, + gnutls_openpgp_keyid_t keyid) { - cdk_packet_t pkt; - uint32_t kid[2]; - - if (!key || !keyid) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_key_id(key, keyid); - - pkt = _get_public_subkey (key, idx); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - - cdk_pk_get_keyid (pkt->pkt.public_key, kid); - _gnutls_write_uint32 (kid[0], keyid); - _gnutls_write_uint32 (kid[1], keyid + 4); - - return 0; + cdk_packet_t pkt; + uint32_t kid[2]; + + if (!key || !keyid) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_key_id(key, keyid); + + pkt = _get_public_subkey(key, idx); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + + cdk_pk_get_keyid(pkt->pkt.public_key, kid); + _gnutls_write_uint32(kid[0], keyid); + _gnutls_write_uint32(kid[1], keyid + 4); + + return 0; } /** @@ -1041,37 +1010,37 @@ gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key, * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, - unsigned int idx, - void *fpr, size_t * fprlen) +gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t key, + unsigned int idx, + void *fpr, size_t * fprlen) { - cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; + cdk_packet_t pkt; + cdk_pkt_pubkey_t pk = NULL; + + if (!fpr || !fprlen) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (!fpr || !fprlen) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_fingerprint(key, fpr, fprlen); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_fingerprint(key, fpr, + fprlen); - *fprlen = 0; + *fprlen = 0; - pkt = _get_public_subkey (key, idx); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = _get_public_subkey(key, idx); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - pk = pkt->pkt.public_key; - *fprlen = 20; + pk = pkt->pkt.public_key; + *fprlen = 20; - /* FIXME: Check if the draft allows old PGP keys. */ - if (is_RSA (pk->pubkey_algo) && pk->version < 4) - *fprlen = 16; - cdk_pk_get_fingerprint (pk, fpr); + /* FIXME: Check if the draft allows old PGP keys. */ + if (is_RSA(pk->pubkey_algo) && pk->version < 4) + *fprlen = 16; + cdk_pk_get_fingerprint(pk, fpr); - return 0; + return 0; } /** @@ -1086,34 +1055,32 @@ gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key, + const gnutls_openpgp_keyid_t keyid) { - int ret; - uint32_t kid[2]; - uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE]; - - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gnutls_openpgp_crt_get_key_id (key, master_id); - if (ret < 0) - return gnutls_assert_val(ret); - if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE)==0) - return GNUTLS_OPENPGP_MASTER_KEYID_IDX; - - KEYID_IMPORT (kid, keyid); - ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 0); - - if (ret < 0) - { - gnutls_assert (); - } - - return ret; + int ret; + uint32_t kid[2]; + uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE]; + + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = gnutls_openpgp_crt_get_key_id(key, master_id); + if (ret < 0) + return gnutls_assert_val(ret); + if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE) == 0) + return GNUTLS_OPENPGP_MASTER_KEYID_IDX; + + KEYID_IMPORT(kid, keyid); + ret = _gnutls_openpgp_find_subkey_idx(key->knode, kid, 0); + + if (ret < 0) { + gnutls_assert(); + } + + return ret; } /** @@ -1133,326 +1100,310 @@ gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key, * Since: 2.4.0 */ int -gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *key_usage) +gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t key, + unsigned int idx, + unsigned int *key_usage) { - cdk_packet_t pkt; + cdk_packet_t pkt; - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_key_usage(key, key_usage); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_key_usage(key, key_usage); - pkt = _get_public_subkey (key, idx); - if (!pkt) - return GNUTLS_E_OPENPGP_SUBKEY_ERROR; + pkt = _get_public_subkey(key, idx); + if (!pkt) + return GNUTLS_E_OPENPGP_SUBKEY_ERROR; - *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage); + *key_usage = + _gnutls_get_pgp_key_usage(pkt->pkt.public_key->pubkey_usage); - return 0; + return 0; } int -_gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx, - bigint_t * m) +_gnutls_read_pgp_mpi(cdk_packet_t pkt, unsigned int priv, size_t idx, + bigint_t * m) { - size_t buf_size = 512; - uint8_t *buf = gnutls_malloc (buf_size); - int err; - unsigned int max_pub_params = 0; - - if (priv != 0) - max_pub_params = cdk_pk_get_npkey (pkt->pkt.secret_key->pk->pubkey_algo); - - if (buf == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - /* FIXME: Note that opencdk doesn't like the buf to be NULL. - */ - if (priv == 0) - err = - cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size, - NULL); - else - { - if (idx < max_pub_params) - err = - cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size, - &buf_size, NULL); - else - { - err = - cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf, - buf_size, &buf_size, NULL); - } - } - - if (err == CDK_Too_Short) - { - buf = gnutls_realloc_fast (buf, buf_size); - if (buf == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - if (priv == 0) - err = - cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size, - NULL); - else - { - if (idx < max_pub_params) - err = - cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size, - &buf_size, NULL); - else - { - err = - cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, - buf, buf_size, &buf_size, NULL); - } - } - } - - if (err != CDK_Success) - { - gnutls_assert (); - gnutls_free (buf); - return _gnutls_map_cdk_rc (err); - } - - err = _gnutls_mpi_scan (m, buf, buf_size); - gnutls_free (buf); - - if (err < 0) - { - gnutls_assert (); - return err; - } - - return 0; + size_t buf_size = 512; + uint8_t *buf = gnutls_malloc(buf_size); + int err; + unsigned int max_pub_params = 0; + + if (priv != 0) + max_pub_params = + cdk_pk_get_npkey(pkt->pkt.secret_key->pk->pubkey_algo); + + if (buf == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + /* FIXME: Note that opencdk doesn't like the buf to be NULL. + */ + if (priv == 0) + err = + cdk_pk_get_mpi(pkt->pkt.public_key, idx, buf, buf_size, + &buf_size, NULL); + else { + if (idx < max_pub_params) + err = + cdk_pk_get_mpi(pkt->pkt.secret_key->pk, idx, + buf, buf_size, &buf_size, NULL); + else { + err = + cdk_sk_get_mpi(pkt->pkt.secret_key, + idx - max_pub_params, buf, + buf_size, &buf_size, NULL); + } + } + + if (err == CDK_Too_Short) { + buf = gnutls_realloc_fast(buf, buf_size); + if (buf == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + if (priv == 0) + err = + cdk_pk_get_mpi(pkt->pkt.public_key, idx, buf, + buf_size, &buf_size, NULL); + else { + if (idx < max_pub_params) + err = + cdk_pk_get_mpi(pkt->pkt.secret_key->pk, + idx, buf, buf_size, + &buf_size, NULL); + else { + err = + cdk_sk_get_mpi(pkt->pkt.secret_key, + idx - max_pub_params, + buf, buf_size, + &buf_size, NULL); + } + } + } + + if (err != CDK_Success) { + gnutls_assert(); + gnutls_free(buf); + return _gnutls_map_cdk_rc(err); + } + + err = _gnutls_mpi_scan(m, buf, buf_size); + gnutls_free(buf); + + if (err < 0) { + gnutls_assert(); + return err; + } + + return 0; } /* Extracts DSA and RSA parameters from a certificate. */ int -_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, - uint32_t * keyid /* [2] */ , - gnutls_pk_params_st * params) +_gnutls_openpgp_crt_get_mpis(gnutls_openpgp_crt_t cert, + uint32_t * keyid /* [2] */ , + gnutls_pk_params_st * params) { - int result, i; - int pk_algorithm, local_params; - cdk_packet_t pkt; - - if (keyid == NULL) - pkt = cdk_kbnode_find_packet (cert->knode, CDK_PKT_PUBLIC_KEY); - else - pkt = _gnutls_openpgp_find_key (cert->knode, keyid, 0); - - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo); - - switch (pk_algorithm) - { - case GNUTLS_PK_RSA: - local_params = RSA_PUBLIC_PARAMS; - break; - case GNUTLS_PK_DSA: - local_params = DSA_PUBLIC_PARAMS; - break; - default: - gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - } - - gnutls_pk_params_init(params); - - for (i = 0; i < local_params; i++) - { - result = _gnutls_read_pgp_mpi (pkt, 0, i, ¶ms->params[i]); - if (result < 0) - { - gnutls_assert (); - goto error; - } - params->params_nr++; - } - - return 0; - -error: - gnutls_pk_params_release(params); - - return result; + int result, i; + int pk_algorithm, local_params; + cdk_packet_t pkt; + + if (keyid == NULL) + pkt = + cdk_kbnode_find_packet(cert->knode, + CDK_PKT_PUBLIC_KEY); + else + pkt = _gnutls_openpgp_find_key(cert->knode, keyid, 0); + + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + pk_algorithm = + _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo); + + switch (pk_algorithm) { + case GNUTLS_PK_RSA: + local_params = RSA_PUBLIC_PARAMS; + break; + case GNUTLS_PK_DSA: + local_params = DSA_PUBLIC_PARAMS; + break; + default: + gnutls_assert(); + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } + + gnutls_pk_params_init(params); + + for (i = 0; i < local_params; i++) { + result = + _gnutls_read_pgp_mpi(pkt, 0, i, ¶ms->params[i]); + if (result < 0) { + gnutls_assert(); + goto error; + } + params->params_nr++; + } + + return 0; + + error: + gnutls_pk_params_release(params); + + return result; } /* The internal version of export */ static int -_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * m, gnutls_datum_t * e) +_get_pk_rsa_raw(gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid, + gnutls_datum_t * m, gnutls_datum_t * e) { - int pk_algorithm, ret; - cdk_packet_t pkt; - uint32_t kid32[2]; - gnutls_pk_params_st params; - - gnutls_pk_params_init(¶ms); - - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - KEYID_IMPORT (kid32, keyid); - - pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0); - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo); - - if (pk_algorithm != GNUTLS_PK_RSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = _gnutls_mpi_dprint (params.params[0], m); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = _gnutls_mpi_dprint (params.params[1], e); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (m); - goto cleanup; - } - - ret = 0; - -cleanup: - gnutls_pk_params_release(¶ms); - return ret; + int pk_algorithm, ret; + cdk_packet_t pkt; + uint32_t kid32[2]; + gnutls_pk_params_st params; + + gnutls_pk_params_init(¶ms); + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + KEYID_IMPORT(kid32, keyid); + + pkt = _gnutls_openpgp_find_key(crt->knode, kid32, 0); + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + pk_algorithm = + _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo); + + if (pk_algorithm != GNUTLS_PK_RSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_openpgp_crt_get_mpis(crt, kid32, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = _gnutls_mpi_dprint(params.params[0], m); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(params.params[1], e); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + goto cleanup; + } + + ret = 0; + + cleanup: + gnutls_pk_params_release(¶ms); + return ret; } static int -_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) +_get_pk_dsa_raw(gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { - int pk_algorithm, ret; - cdk_packet_t pkt; - uint32_t kid32[2]; - gnutls_pk_params_st params; - - gnutls_pk_params_init(¶ms); - - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - KEYID_IMPORT (kid32, keyid); - - pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0); - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo); - - if (pk_algorithm != GNUTLS_PK_DSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* P */ - ret = _gnutls_mpi_dprint (params.params[0], p); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - /* Q */ - ret = _gnutls_mpi_dprint (params.params[1], q); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - goto cleanup; - } - - - /* G */ - ret = _gnutls_mpi_dprint (params.params[2], g); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (q); - goto cleanup; - } - - - /* Y */ - ret = _gnutls_mpi_dprint (params.params[3], y); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (g); - _gnutls_free_datum (q); - goto cleanup; - } - - ret = 0; - -cleanup: - gnutls_pk_params_release(¶ms); - return ret; + int pk_algorithm, ret; + cdk_packet_t pkt; + uint32_t kid32[2]; + gnutls_pk_params_st params; + + gnutls_pk_params_init(¶ms); + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + KEYID_IMPORT(kid32, keyid); + + pkt = _gnutls_openpgp_find_key(crt->knode, kid32, 0); + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + pk_algorithm = + _gnutls_openpgp_get_algo(pkt->pkt.public_key->pubkey_algo); + + if (pk_algorithm != GNUTLS_PK_DSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_openpgp_crt_get_mpis(crt, kid32, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + /* P */ + ret = _gnutls_mpi_dprint(params.params[0], p); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* Q */ + ret = _gnutls_mpi_dprint(params.params[1], q); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + goto cleanup; + } + + + /* G */ + ret = _gnutls_mpi_dprint(params.params[2], g); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(q); + goto cleanup; + } + + + /* Y */ + ret = _gnutls_mpi_dprint(params.params[3], y); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(g); + _gnutls_free_datum(q); + goto cleanup; + } + + ret = 0; + + cleanup: + gnutls_pk_params_release(¶ms); + return ret; } @@ -1471,20 +1422,19 @@ cleanup: * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e) +gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t crt, + gnutls_datum_t * m, gnutls_datum_t * e) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; - ret = gnutls_openpgp_crt_get_key_id (crt, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_get_key_id(crt, keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return _get_pk_rsa_raw (crt, keyid, m, e); + return _get_pk_rsa_raw(crt, keyid, m, e); } /** @@ -1504,21 +1454,20 @@ gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) +gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t crt, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; - ret = gnutls_openpgp_crt_get_key_id (crt, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_get_key_id(crt, keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return _get_pk_dsa_raw (crt, keyid, p, q, g, y); + return _get_pk_dsa_raw(crt, keyid, p, q, g, y); } /** @@ -1537,25 +1486,24 @@ gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e) +gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t crt, + unsigned int idx, + gnutls_datum_t * m, + gnutls_datum_t * e) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_pk_rsa_raw(crt, m, e); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_pk_rsa_raw(crt, m, e); - ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return _get_pk_rsa_raw (crt, keyid, m, e); + return _get_pk_rsa_raw(crt, keyid, m, e); } /** @@ -1576,27 +1524,26 @@ gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt, * Since: 2.4.0 **/ int -gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y) +gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t crt, + unsigned int idx, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_crt_get_pk_dsa_raw(crt, p,q, g, y); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_crt_get_pk_dsa_raw(crt, p, q, g, y); - ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return _get_pk_dsa_raw (crt, keyid, p, q, g, y); + return _get_pk_dsa_raw(crt, keyid, p, q, g, y); } /** @@ -1610,21 +1557,22 @@ gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt, * Returns: the 64-bit preferred keyID of the OpenPGP key. **/ int -gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t key, + gnutls_openpgp_keyid_t keyid) { - if (!key->preferred_set) - return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); + if (!key->preferred_set) + return + gnutls_assert_val + (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); - if (!key || !keyid) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key || !keyid) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE); + memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE); - return 0; + return 0; } /** @@ -1642,44 +1590,42 @@ gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key, * otherwise a negative error code is returned. **/ int -gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t key, + const gnutls_openpgp_keyid_t keyid) { - int ret; - - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (keyid == NULL) /* set the master as preferred */ - { - uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE]; - - ret = gnutls_openpgp_crt_get_key_id (key, tmp); - if (ret < 0) - return gnutls_assert_val(ret); - - key->preferred_set = 1; - memcpy (key->preferred_keyid, tmp, GNUTLS_OPENPGP_KEYID_SIZE); - - return 0; - } - - /* check if the id is valid */ - ret = gnutls_openpgp_crt_get_subkey_idx (key, keyid); - if (ret < 0) - { - _gnutls_debug_log ("the requested subkey does not exist\n"); - gnutls_assert (); - return ret; - } - - key->preferred_set = 1; - memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE); - - return 0; + int ret; + + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (keyid == NULL) { /* set the master as preferred */ + uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE]; + + ret = gnutls_openpgp_crt_get_key_id(key, tmp); + if (ret < 0) + return gnutls_assert_val(ret); + + key->preferred_set = 1; + memcpy(key->preferred_keyid, tmp, + GNUTLS_OPENPGP_KEYID_SIZE); + + return 0; + } + + /* check if the id is valid */ + ret = gnutls_openpgp_crt_get_subkey_idx(key, keyid); + if (ret < 0) { + _gnutls_debug_log("the requested subkey does not exist\n"); + gnutls_assert(); + return ret; + } + + key->preferred_set = 1; + memcpy(key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE); + + return 0; } /** @@ -1696,67 +1642,66 @@ gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key, * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flag) +gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t crt, + gnutls_openpgp_keyid_t keyid, + unsigned int flag) { - int ret, subkeys, i; - unsigned int usage; - unsigned int keyid_init = 0; - - subkeys = gnutls_openpgp_crt_get_subkey_count (crt); - if (subkeys <= 0) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_SUBKEY_ERROR; - } - - /* Try to find a subkey with the authentication flag set. - * if none exists use the last one found - */ - for (i = 0; i < subkeys; i++) - { - ret = gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i, NULL); - if (ret == GNUTLS_PK_UNKNOWN) - continue; - - ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i); - if (ret != 0) /* it is revoked. ignore it */ - continue; - - if (keyid_init == 0) - { /* keep the first valid subkey */ - ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - keyid_init = 1; - } - - ret = gnutls_openpgp_crt_get_subkey_usage (crt, i, &usage); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (usage & GNUTLS_KEY_KEY_AGREEMENT) - { - ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - return 0; - } - } - - if (flag && keyid_init) - return 0; - else - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + int ret, subkeys, i; + unsigned int usage; + unsigned int keyid_init = 0; + + subkeys = gnutls_openpgp_crt_get_subkey_count(crt); + if (subkeys <= 0) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_SUBKEY_ERROR; + } + + /* Try to find a subkey with the authentication flag set. + * if none exists use the last one found + */ + for (i = 0; i < subkeys; i++) { + ret = + gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i, + NULL); + if (ret == GNUTLS_PK_UNKNOWN) + continue; + + ret = gnutls_openpgp_crt_get_subkey_revoked_status(crt, i); + if (ret != 0) /* it is revoked. ignore it */ + continue; + + if (keyid_init == 0) { /* keep the first valid subkey */ + ret = + gnutls_openpgp_crt_get_subkey_id(crt, i, + keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + keyid_init = 1; + } + + ret = gnutls_openpgp_crt_get_subkey_usage(crt, i, &usage); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + if (usage & GNUTLS_KEY_KEY_AGREEMENT) { + ret = + gnutls_openpgp_crt_get_subkey_id(crt, i, + keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } + return 0; + } + } + + if (flag && keyid_init) + return 0; + else + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } diff --git a/lib/openpgp/pgpverify.c b/lib/openpgp/pgpverify.c index 1e48de4b0d..b1748daf7e 100644 --- a/lib/openpgp/pgpverify.c +++ b/lib/openpgp/pgpverify.c @@ -50,65 +50,59 @@ * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyring_t keyring, - unsigned int flags, unsigned int *verify) +gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t key, + gnutls_openpgp_keyring_t keyring, + unsigned int flags, unsigned int *verify) { - uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE]; - cdk_error_t rc; - int status; - - if (!key || !keyring) - { - gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - *verify = 0; - - rc = cdk_pk_check_sigs (key->knode, keyring->db, &status); - if (rc == CDK_Error_No_Key) - { - rc = GNUTLS_E_NO_CERTIFICATE_FOUND; - gnutls_assert (); - return rc; - } - else if (rc != CDK_Success) - { - _gnutls_debug_log ("cdk_pk_check_sigs: error %d\n", rc); - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - _gnutls_debug_log ("status: %x\n", status); - - if (status & CDK_KEY_INVALID) - *verify |= GNUTLS_CERT_SIGNATURE_FAILURE; - if (status & CDK_KEY_REVOKED) - *verify |= GNUTLS_CERT_REVOKED; - if (status & CDK_KEY_NOSIGNER) - *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND; - - /* Check if the key is included in the ring. */ - if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - { - rc = gnutls_openpgp_crt_get_key_id (key, id); - if (rc < 0) - { - gnutls_assert (); - return rc; - } - - rc = gnutls_openpgp_keyring_check_id (keyring, id, 0); - /* If it exists in the keyring don't treat it as unknown. */ - if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) - *verify &= ~GNUTLS_CERT_SIGNER_NOT_FOUND; - } - - if (*verify != 0) - *verify |= GNUTLS_CERT_INVALID; - - return 0; + uint8_t id[GNUTLS_OPENPGP_KEYID_SIZE]; + cdk_error_t rc; + int status; + + if (!key || !keyring) { + gnutls_assert(); + return GNUTLS_E_NO_CERTIFICATE_FOUND; + } + + *verify = 0; + + rc = cdk_pk_check_sigs(key->knode, keyring->db, &status); + if (rc == CDK_Error_No_Key) { + rc = GNUTLS_E_NO_CERTIFICATE_FOUND; + gnutls_assert(); + return rc; + } else if (rc != CDK_Success) { + _gnutls_debug_log("cdk_pk_check_sigs: error %d\n", rc); + rc = _gnutls_map_cdk_rc(rc); + gnutls_assert(); + return rc; + } + _gnutls_debug_log("status: %x\n", status); + + if (status & CDK_KEY_INVALID) + *verify |= GNUTLS_CERT_SIGNATURE_FAILURE; + if (status & CDK_KEY_REVOKED) + *verify |= GNUTLS_CERT_REVOKED; + if (status & CDK_KEY_NOSIGNER) + *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND; + + /* Check if the key is included in the ring. */ + if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) { + rc = gnutls_openpgp_crt_get_key_id(key, id); + if (rc < 0) { + gnutls_assert(); + return rc; + } + + rc = gnutls_openpgp_keyring_check_id(keyring, id, 0); + /* If it exists in the keyring don't treat it as unknown. */ + if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) + *verify &= ~GNUTLS_CERT_SIGNER_NOT_FOUND; + } + + if (*verify != 0) + *verify |= GNUTLS_CERT_INVALID; + + return 0; } @@ -125,19 +119,20 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key, - unsigned int flags, unsigned int *verify) +gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t key, + unsigned int flags, unsigned int *verify) { - int status; - cdk_error_t rc; + int status; + cdk_error_t rc; - *verify = 0; + *verify = 0; - rc = cdk_pk_check_self_sig (key->knode, &status); - if (rc || status != CDK_KEY_VALID) - *verify |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE; - else - *verify = 0; + rc = cdk_pk_check_self_sig(key->knode, &status); + if (rc || status != CDK_KEY_VALID) + *verify |= + GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE; + else + *verify = 0; - return 0; + return 0; } diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index 5318412180..58581128b4 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -41,14 +41,13 @@ * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ -int -gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key) +int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * key) { - *key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int)); + *key = gnutls_calloc(1, sizeof(gnutls_openpgp_privkey_int)); - if (*key) - return 0; /* success */ - return GNUTLS_E_MEMORY_ERROR; + if (*key) + return 0; /* success */ + return GNUTLS_E_MEMORY_ERROR; } /** @@ -57,19 +56,17 @@ gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key) * * This function will deinitialize a key structure. **/ -void -gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key) +void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key) { - if (!key) - return; + if (!key) + return; - if (key->knode) - { - cdk_kbnode_release (key->knode); - key->knode = NULL; - } + if (key->knode) { + cdk_kbnode_release(key->knode); + key->knode = NULL; + } - gnutls_free (key); + gnutls_free(key); } /*- @@ -83,42 +80,49 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key) * negative error value. -*/ int -_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src) +_gnutls_openpgp_privkey_cpy(gnutls_openpgp_privkey_t dest, + gnutls_openpgp_privkey_t src) { - int ret; - size_t raw_size=0; - uint8_t *der; - gnutls_datum_t tmp; - - ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, NULL, &raw_size); - if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - return gnutls_assert_val(ret); - - der = gnutls_malloc (raw_size); - if (der == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - - ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, der, &raw_size); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (der); - return ret; - } - - tmp.data = der; - tmp.size = raw_size; - ret = gnutls_openpgp_privkey_import (dest, &tmp, GNUTLS_OPENPGP_FMT_RAW, NULL, 0); - - gnutls_free (der); - - if (ret < 0) - return gnutls_assert_val(ret); - - memcpy(dest->preferred_keyid, src->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE); - dest->preferred_set = src->preferred_set; - - return 0; + int ret; + size_t raw_size = 0; + uint8_t *der; + gnutls_datum_t tmp; + + ret = + gnutls_openpgp_privkey_export(src, GNUTLS_OPENPGP_FMT_RAW, + NULL, 0, NULL, &raw_size); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + return gnutls_assert_val(ret); + + der = gnutls_malloc(raw_size); + if (der == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + ret = + gnutls_openpgp_privkey_export(src, GNUTLS_OPENPGP_FMT_RAW, + NULL, 0, der, &raw_size); + if (ret < 0) { + gnutls_assert(); + gnutls_free(der); + return ret; + } + + tmp.data = der; + tmp.size = raw_size; + ret = + gnutls_openpgp_privkey_import(dest, &tmp, + GNUTLS_OPENPGP_FMT_RAW, NULL, 0); + + gnutls_free(der); + + if (ret < 0) + return gnutls_assert_val(ret); + + memcpy(dest->preferred_keyid, src->preferred_keyid, + GNUTLS_OPENPGP_KEYID_SIZE); + dest->preferred_set = src->preferred_set; + + return 0; } /** @@ -134,19 +138,18 @@ _gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privk * Since: 2.12.0 **/ gnutls_sec_param_t -gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key) +gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t key) { - gnutls_pk_algorithm_t algo; - unsigned int bits; + gnutls_pk_algorithm_t algo; + unsigned int bits; - algo = gnutls_openpgp_privkey_get_pk_algorithm (key, &bits); - if (algo == GNUTLS_PK_UNKNOWN) - { - gnutls_assert (); - return GNUTLS_SEC_PARAM_UNKNOWN; - } + algo = gnutls_openpgp_privkey_get_pk_algorithm(key, &bits); + if (algo == GNUTLS_PK_UNKNOWN) { + gnutls_assert(); + return GNUTLS_SEC_PARAM_UNKNOWN; + } - return gnutls_pk_bits_to_sec_param (algo, bits); + return gnutls_pk_bits_to_sec_param(algo, bits); } /** @@ -164,41 +167,40 @@ gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key) * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int -gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const char *password, unsigned int flags) +gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format, + const char *password, unsigned int flags) { - cdk_packet_t pkt; - int rc, armor; - - if (data->data == NULL || data->size == 0) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - if (format == GNUTLS_OPENPGP_FMT_RAW) - armor = 0; - else armor = 1; - - rc = cdk_kbnode_read_from_mem (&key->knode, armor, data->data, data->size); - if (rc != 0) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } - - /* Test if the import was successful. */ - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - return 0; + cdk_packet_t pkt; + int rc, armor; + + if (data->data == NULL || data->size == 0) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + if (format == GNUTLS_OPENPGP_FMT_RAW) + armor = 0; + else + armor = 1; + + rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data, + data->size); + if (rc != 0) { + rc = _gnutls_map_cdk_rc(rc); + gnutls_assert(); + return rc; + } + + /* Test if the import was successful. */ + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY); + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + return 0; } /** @@ -220,14 +222,14 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key, - gnutls_openpgp_crt_fmt_t format, - const char *password, unsigned int flags, - void *output_data, size_t * output_data_size) +gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t key, + gnutls_openpgp_crt_fmt_t format, + const char *password, unsigned int flags, + void *output_data, size_t * output_data_size) { - /* FIXME for now we do not export encrypted keys */ - return _gnutls_openpgp_export (key->knode, format, output_data, - output_data_size, 1); + /* FIXME for now we do not export encrypted keys */ + return _gnutls_openpgp_export(key->knode, format, output_data, + output_data_size, 1); } /** @@ -246,13 +248,13 @@ gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key, * Since: 3.1.3 **/ int -gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key, - gnutls_openpgp_crt_fmt_t format, - const char *password, unsigned int flags, - gnutls_datum_t *out) +gnutls_openpgp_privkey_export2(gnutls_openpgp_privkey_t key, + gnutls_openpgp_crt_fmt_t format, + const char *password, unsigned int flags, + gnutls_datum_t * out) { - /* FIXME for now we do not export encrypted keys */ - return _gnutls_openpgp_export2 (key->knode, format, out, 1); + /* FIXME for now we do not export encrypted keys */ + return _gnutls_openpgp_export2(key->knode, format, out, 1); } @@ -274,60 +276,58 @@ gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key, * Since: 2.4.0 **/ gnutls_pk_algorithm_t -gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, - unsigned int *bits) +gnutls_openpgp_privkey_get_pk_algorithm(gnutls_openpgp_privkey_t key, + unsigned int *bits) { - cdk_packet_t pkt; - int algo = 0, ret; - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - - if (!key) - { - gnutls_assert (); - return GNUTLS_PK_UNKNOWN; - } - - ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid); - if (ret == 0) - { - int idx; - - idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); - if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) - { - algo = - gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, bits); - return algo; - } - } - - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); - if (pkt) - { - if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk); - algo = _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo); - } - - return algo; + cdk_packet_t pkt; + int algo = 0, ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + + if (!key) { + gnutls_assert(); + return GNUTLS_PK_UNKNOWN; + } + + ret = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid); + if (ret == 0) { + int idx; + + idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid); + if (idx != GNUTLS_OPENPGP_MASTER_KEYID_IDX) { + algo = + gnutls_openpgp_privkey_get_subkey_pk_algorithm + (key, idx, bits); + return algo; + } + } + + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY); + if (pkt) { + if (bits) + *bits = cdk_pk_get_nbits(pkt->pkt.secret_key->pk); + algo = + _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk-> + pubkey_algo); + } + + return algo; } -int -_gnutls_openpgp_get_algo (int cdk_algo) +int _gnutls_openpgp_get_algo(int cdk_algo) { - int algo; - - if (is_RSA (cdk_algo)) - algo = GNUTLS_PK_RSA; - else if (is_DSA (cdk_algo)) - algo = GNUTLS_PK_DSA; - else - { - _gnutls_debug_log ("Unknown OpenPGP algorithm %d\n", cdk_algo); - algo = GNUTLS_PK_UNKNOWN; - } - - return algo; + int algo; + + if (is_RSA(cdk_algo)) + algo = GNUTLS_PK_RSA; + else if (is_DSA(cdk_algo)) + algo = GNUTLS_PK_DSA; + else { + _gnutls_debug_log("Unknown OpenPGP algorithm %d\n", + cdk_algo); + algo = GNUTLS_PK_UNKNOWN; + } + + return algo; } /** @@ -341,24 +341,22 @@ _gnutls_openpgp_get_algo (int cdk_algo) * * Since: 2.4.0 **/ -int -gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key) +int gnutls_openpgp_privkey_get_revoked_status(gnutls_openpgp_privkey_t key) { - cdk_packet_t pkt; + cdk_packet_t pkt; - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - if (pkt->pkt.secret_key->is_revoked != 0) - return 1; - return 0; + if (pkt->pkt.secret_key->is_revoked != 0) + return 1; + return 0; } /** @@ -375,36 +373,34 @@ gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key) * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key, - void *fpr, size_t * fprlen) +gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t key, + void *fpr, size_t * fprlen) { - cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; + cdk_packet_t pkt; + cdk_pkt_pubkey_t pk = NULL; - if (!fpr || !fprlen) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!fpr || !fprlen) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - *fprlen = 0; + *fprlen = 0; - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); - if (!pkt) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY); + if (!pkt) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } - pk = pkt->pkt.secret_key->pk; - *fprlen = 20; + pk = pkt->pkt.secret_key->pk; + *fprlen = 20; - if (is_RSA (pk->pubkey_algo) && pk->version < 4) - *fprlen = 16; + if (is_RSA(pk->pubkey_algo) && pk->version < 4) + *fprlen = 16; - cdk_pk_get_fingerprint (pk, fpr); + cdk_pk_get_fingerprint(pk, fpr); - return 0; + return 0; } /** @@ -419,27 +415,26 @@ gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key, * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, - gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t key, + gnutls_openpgp_keyid_t keyid) { - cdk_packet_t pkt; - uint32_t kid[2]; + cdk_packet_t pkt; + uint32_t kid[2]; - if (!key || !keyid) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key || !keyid) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - cdk_sk_get_keyid (pkt->pkt.secret_key, kid); - _gnutls_write_uint32 (kid[0], keyid); - _gnutls_write_uint32 (kid[1], keyid + 4); + cdk_sk_get_keyid(pkt->pkt.secret_key, kid); + _gnutls_write_uint32(kid[0], keyid); + _gnutls_write_uint32(kid[1], keyid + 4); - return 0; + return 0; } /** @@ -453,49 +448,46 @@ gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, * * Since: 2.4.0 **/ -int -gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key) +int gnutls_openpgp_privkey_get_subkey_count(gnutls_openpgp_privkey_t key) { - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - int subkeys; - - if (key == NULL) - { - gnutls_assert (); - return 0; - } - - ctx = NULL; - subkeys = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY) - subkeys++; - } - - return subkeys; + cdk_kbnode_t p, ctx; + cdk_packet_t pkt; + int subkeys; + + if (key == NULL) { + gnutls_assert(); + return 0; + } + + ctx = NULL; + subkeys = 0; + while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY) + subkeys++; + } + + return subkeys; } /* returns the subkey with the given index */ static cdk_packet_t -_get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx) +_get_secret_subkey(gnutls_openpgp_privkey_t key, unsigned int indx) { - cdk_kbnode_t p, ctx; - cdk_packet_t pkt; - unsigned int subkeys; - - ctx = NULL; - subkeys = 0; - while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (p); - if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY && indx == subkeys++) - return pkt; - } - - return NULL; + cdk_kbnode_t p, ctx; + cdk_packet_t pkt; + unsigned int subkeys; + + ctx = NULL; + subkeys = 0; + while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) { + pkt = cdk_kbnode_get_packet(p); + if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY + && indx == subkeys++) + return pkt; + } + + return NULL; } /** @@ -511,27 +503,26 @@ _get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx) * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t - key, unsigned int idx) +gnutls_openpgp_privkey_get_subkey_revoked_status(gnutls_openpgp_privkey_t + key, unsigned int idx) { - cdk_packet_t pkt; + cdk_packet_t pkt; - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_privkey_get_revoked_status(key); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_privkey_get_revoked_status(key); - pkt = _get_secret_subkey (key, idx); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = _get_secret_subkey(key, idx); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - if (pkt->pkt.secret_key->is_revoked != 0) - return 1; - return 0; + if (pkt->pkt.secret_key->is_revoked != 0) + return 1; + return 0; } /** @@ -553,39 +544,37 @@ gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t * Since: 2.4.0 **/ gnutls_pk_algorithm_t -gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key, - unsigned int idx, - unsigned int *bits) +gnutls_openpgp_privkey_get_subkey_pk_algorithm(gnutls_openpgp_privkey_t + key, unsigned int idx, + unsigned int *bits) { - cdk_packet_t pkt; - int algo; - - if (!key) - { - gnutls_assert (); - return GNUTLS_PK_UNKNOWN; - } - - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_privkey_get_pk_algorithm(key, bits); - - pkt = _get_secret_subkey (key, idx); - - algo = 0; - if (pkt) - { - if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk); - algo = pkt->pkt.secret_key->pubkey_algo; - if (is_RSA (algo)) - algo = GNUTLS_PK_RSA; - else if (is_DSA (algo)) - algo = GNUTLS_PK_DSA; - else - algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM; - } - - return algo; + cdk_packet_t pkt; + int algo; + + if (!key) { + gnutls_assert(); + return GNUTLS_PK_UNKNOWN; + } + + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_privkey_get_pk_algorithm(key, bits); + + pkt = _get_secret_subkey(key, idx); + + algo = 0; + if (pkt) { + if (bits) + *bits = cdk_pk_get_nbits(pkt->pkt.secret_key->pk); + algo = pkt->pkt.secret_key->pubkey_algo; + if (is_RSA(algo)) + algo = GNUTLS_PK_RSA; + else if (is_DSA(algo)) + algo = GNUTLS_PK_DSA; + else + algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM; + } + + return algo; } /** @@ -600,34 +589,32 @@ gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key, * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t key, + const gnutls_openpgp_keyid_t keyid) { - int ret; - uint32_t kid[2]; - uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE]; - - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gnutls_openpgp_privkey_get_key_id (key, master_id); - if (ret < 0) - return gnutls_assert_val(ret); - if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE)==0) - return GNUTLS_OPENPGP_MASTER_KEYID_IDX; - - KEYID_IMPORT (kid, keyid); - ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 1); - - if (ret < 0) - { - gnutls_assert (); - } - - return ret; + int ret; + uint32_t kid[2]; + uint8_t master_id[GNUTLS_OPENPGP_KEYID_SIZE]; + + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = gnutls_openpgp_privkey_get_key_id(key, master_id); + if (ret < 0) + return gnutls_assert_val(ret); + if (memcmp(master_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE) == 0) + return GNUTLS_OPENPGP_MASTER_KEYID_IDX; + + KEYID_IMPORT(kid, keyid); + ret = _gnutls_openpgp_find_subkey_idx(key->knode, kid, 1); + + if (ret < 0) { + gnutls_assert(); + } + + return ret; } /** @@ -642,26 +629,27 @@ gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, * Since: 2.4.0 **/ time_t -gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key, - unsigned int idx) +gnutls_openpgp_privkey_get_subkey_creation_time(gnutls_openpgp_privkey_t + key, unsigned int idx) { - cdk_packet_t pkt; - time_t timestamp; + cdk_packet_t pkt; + time_t timestamp; - if (!key) - return (time_t) - 1; + if (!key) + return (time_t) - 1; - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); - else - pkt = _get_secret_subkey (key, idx); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + pkt = + cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY); + else + pkt = _get_secret_subkey(key, idx); - if (pkt) - timestamp = pkt->pkt.secret_key->pk->timestamp; - else - timestamp = 0; + if (pkt) + timestamp = pkt->pkt.secret_key->pk->timestamp; + else + timestamp = 0; - return timestamp; + return timestamp; } /** @@ -677,26 +665,27 @@ gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key, * Since: 2.4.0 **/ time_t -gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t - key, unsigned int idx) +gnutls_openpgp_privkey_get_subkey_expiration_time(gnutls_openpgp_privkey_t + key, unsigned int idx) { - cdk_packet_t pkt; - time_t timestamp; + cdk_packet_t pkt; + time_t timestamp; - if (!key) - return (time_t) - 1; + if (!key) + return (time_t) - 1; - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); - else - pkt = _get_secret_subkey (key, idx); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + pkt = + cdk_kbnode_find_packet(key->knode, CDK_PKT_SECRET_KEY); + else + pkt = _get_secret_subkey(key, idx); - if (pkt) - timestamp = pkt->pkt.secret_key->pk->expiredate; - else - timestamp = 0; + if (pkt) + timestamp = pkt->pkt.secret_key->pk->expiredate; + else + timestamp = 0; - return timestamp; + return timestamp; } /** @@ -712,31 +701,30 @@ gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t key, + unsigned int idx, + gnutls_openpgp_keyid_t keyid) { - cdk_packet_t pkt; - uint32_t kid[2]; + cdk_packet_t pkt; + uint32_t kid[2]; - if (!key || !keyid) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key || !keyid) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_privkey_get_key_id(key, keyid); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_privkey_get_key_id(key, keyid); - pkt = _get_secret_subkey (key, idx); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = _get_secret_subkey(key, idx); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - cdk_sk_get_keyid (pkt->pkt.secret_key, kid); - _gnutls_write_uint32 (kid[0], keyid); - _gnutls_write_uint32 (kid[1], keyid + 4); + cdk_sk_get_keyid(pkt->pkt.secret_key, kid); + _gnutls_write_uint32(kid[0], keyid); + _gnutls_write_uint32(kid[1], keyid + 4); - return 0; + return 0; } /** @@ -754,320 +742,300 @@ gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key, * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key, - unsigned int idx, - void *fpr, size_t * fprlen) +gnutls_openpgp_privkey_get_subkey_fingerprint(gnutls_openpgp_privkey_t key, + unsigned int idx, + void *fpr, size_t * fprlen) { - cdk_packet_t pkt; - cdk_pkt_pubkey_t pk = NULL; + cdk_packet_t pkt; + cdk_pkt_pubkey_t pk = NULL; - if (!fpr || !fprlen) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!fpr || !fprlen) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - return gnutls_openpgp_privkey_get_fingerprint(key, fpr, fprlen); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + return gnutls_openpgp_privkey_get_fingerprint(key, fpr, + fprlen); - *fprlen = 0; + *fprlen = 0; - pkt = _get_secret_subkey (key, idx); - if (!pkt) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + pkt = _get_secret_subkey(key, idx); + if (!pkt) + return GNUTLS_E_OPENPGP_GETKEY_FAILED; - pk = pkt->pkt.secret_key->pk; - *fprlen = 20; + pk = pkt->pkt.secret_key->pk; + *fprlen = 20; - if (is_RSA (pk->pubkey_algo) && pk->version < 4) - *fprlen = 16; + if (is_RSA(pk->pubkey_algo) && pk->version < 4) + *fprlen = 16; - cdk_pk_get_fingerprint (pk, fpr); + cdk_pk_get_fingerprint(pk, fpr); - return 0; + return 0; } /* Extracts DSA and RSA parameters from a certificate. */ int -_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, - uint32_t * keyid /*[2] */ , - gnutls_pk_params_st * params) +_gnutls_openpgp_privkey_get_mpis(gnutls_openpgp_privkey_t pkey, + uint32_t * keyid /*[2] */ , + gnutls_pk_params_st * params) { - int result; - unsigned int i, pk_algorithm; - cdk_packet_t pkt; - unsigned total; - - gnutls_pk_params_init(params); - - if (keyid == NULL) - pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY); - else - pkt = _gnutls_openpgp_find_key (pkey->knode, keyid, 1); - - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - pk_algorithm = - _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo); - - switch (pk_algorithm) - { - case GNUTLS_PK_RSA: - /* openpgp does not hold all parameters as in PKCS #1 - */ - total = RSA_PRIVATE_PARAMS - 2; - break; - case GNUTLS_PK_DSA: - total = DSA_PRIVATE_PARAMS; - break; - default: - gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - } - - for (i = 0; i < total; i++) - { - result = _gnutls_read_pgp_mpi (pkt, 1, i, ¶ms->params[i]); - if (result < 0) - { - gnutls_assert (); - goto error; - } - params->params_nr++; - } - - /* fixup will generate exp1 and exp2 that are not - * available here. - */ - result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - return 0; - -error: - gnutls_pk_params_clear(params); - gnutls_pk_params_release(params); - - return result; + int result; + unsigned int i, pk_algorithm; + cdk_packet_t pkt; + unsigned total; + + gnutls_pk_params_init(params); + + if (keyid == NULL) + pkt = + cdk_kbnode_find_packet(pkey->knode, + CDK_PKT_SECRET_KEY); + else + pkt = _gnutls_openpgp_find_key(pkey->knode, keyid, 1); + + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + pk_algorithm = + _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo); + + switch (pk_algorithm) { + case GNUTLS_PK_RSA: + /* openpgp does not hold all parameters as in PKCS #1 + */ + total = RSA_PRIVATE_PARAMS - 2; + break; + case GNUTLS_PK_DSA: + total = DSA_PRIVATE_PARAMS; + break; + default: + gnutls_assert(); + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } + + for (i = 0; i < total; i++) { + result = + _gnutls_read_pgp_mpi(pkt, 1, i, ¶ms->params[i]); + if (result < 0) { + gnutls_assert(); + goto error; + } + params->params_nr++; + } + + /* fixup will generate exp1 and exp2 that are not + * available here. + */ + result = _gnutls_pk_fixup(pk_algorithm, GNUTLS_IMPORT, params); + if (result < 0) { + gnutls_assert(); + goto error; + } + + return 0; + + error: + gnutls_pk_params_clear(params); + gnutls_pk_params_release(params); + + return result; } /* The internal version of export */ static int -_get_sk_rsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) +_get_sk_rsa_raw(gnutls_openpgp_privkey_t pkey, + gnutls_openpgp_keyid_t keyid, gnutls_datum_t * m, + gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u) { - int pk_algorithm, ret; - cdk_packet_t pkt; - uint32_t kid32[2]; - gnutls_pk_params_st params; - - if (pkey == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - KEYID_IMPORT (kid32, keyid); - - pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1); - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - pk_algorithm = - _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo); - - if (pk_algorithm != GNUTLS_PK_RSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = _gnutls_mpi_dprint (params.params[0], m); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = _gnutls_mpi_dprint (params.params[1], e); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (m); - goto cleanup; - } - - ret = _gnutls_mpi_dprint (params.params[2], d); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (m); - _gnutls_free_datum (e); - goto cleanup; - } - - ret = _gnutls_mpi_dprint (params.params[3], p); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (m); - _gnutls_free_datum (e); - _gnutls_free_datum (d); - goto cleanup; - } - - ret = _gnutls_mpi_dprint (params.params[4], q); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (m); - _gnutls_free_datum (e); - _gnutls_free_datum (d); - _gnutls_free_datum (p); - goto cleanup; - } - - ret = _gnutls_mpi_dprint (params.params[5], u); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (q); - _gnutls_free_datum (m); - _gnutls_free_datum (e); - _gnutls_free_datum (d); - _gnutls_free_datum (p); - goto cleanup; - } - - ret = 0; - -cleanup: - gnutls_pk_params_clear(¶ms); - gnutls_pk_params_release(¶ms); - return ret; + int pk_algorithm, ret; + cdk_packet_t pkt; + uint32_t kid32[2]; + gnutls_pk_params_st params; + + if (pkey == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + KEYID_IMPORT(kid32, keyid); + + pkt = _gnutls_openpgp_find_key(pkey->knode, kid32, 1); + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + pk_algorithm = + _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo); + + if (pk_algorithm != GNUTLS_PK_RSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_openpgp_privkey_get_mpis(pkey, kid32, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = _gnutls_mpi_dprint(params.params[0], m); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(params.params[1], e); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(params.params[2], d); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + _gnutls_free_datum(e); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(params.params[3], p); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + _gnutls_free_datum(e); + _gnutls_free_datum(d); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(params.params[4], q); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + _gnutls_free_datum(e); + _gnutls_free_datum(d); + _gnutls_free_datum(p); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(params.params[5], u); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(q); + _gnutls_free_datum(m); + _gnutls_free_datum(e); + _gnutls_free_datum(d); + _gnutls_free_datum(p); + goto cleanup; + } + + ret = 0; + + cleanup: + gnutls_pk_params_clear(¶ms); + gnutls_pk_params_release(¶ms); + return ret; } static int -_get_sk_dsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x) +_get_sk_dsa_raw(gnutls_openpgp_privkey_t pkey, + gnutls_openpgp_keyid_t keyid, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * g, gnutls_datum_t * y, + gnutls_datum_t * x) { - int pk_algorithm, ret; - cdk_packet_t pkt; - uint32_t kid32[2]; - gnutls_pk_params_st params; - - if (pkey == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - KEYID_IMPORT (kid32, keyid); - - pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1); - if (pkt == NULL) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_GETKEY_FAILED; - } - - pk_algorithm = - _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo); - - if (pk_algorithm != GNUTLS_PK_DSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, ¶ms); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* P */ - ret = _gnutls_mpi_dprint (params.params[0], p); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - /* Q */ - ret = _gnutls_mpi_dprint (params.params[1], q); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - goto cleanup; - } - - - /* G */ - ret = _gnutls_mpi_dprint (params.params[2], g); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (q); - goto cleanup; - } - - - /* Y */ - ret = _gnutls_mpi_dprint (params.params[3], y); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (g); - _gnutls_free_datum (q); - goto cleanup; - } - - ret = _gnutls_mpi_dprint (params.params[4], x); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (y); - _gnutls_free_datum (p); - _gnutls_free_datum (g); - _gnutls_free_datum (q); - goto cleanup; - } - - ret = 0; - -cleanup: - gnutls_pk_params_clear(¶ms); - gnutls_pk_params_release(¶ms); - return ret; + int pk_algorithm, ret; + cdk_packet_t pkt; + uint32_t kid32[2]; + gnutls_pk_params_st params; + + if (pkey == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + KEYID_IMPORT(kid32, keyid); + + pkt = _gnutls_openpgp_find_key(pkey->knode, kid32, 1); + if (pkt == NULL) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + + pk_algorithm = + _gnutls_openpgp_get_algo(pkt->pkt.secret_key->pk->pubkey_algo); + + if (pk_algorithm != GNUTLS_PK_DSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_openpgp_privkey_get_mpis(pkey, kid32, ¶ms); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + /* P */ + ret = _gnutls_mpi_dprint(params.params[0], p); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* Q */ + ret = _gnutls_mpi_dprint(params.params[1], q); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + goto cleanup; + } + + + /* G */ + ret = _gnutls_mpi_dprint(params.params[2], g); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(q); + goto cleanup; + } + + + /* Y */ + ret = _gnutls_mpi_dprint(params.params[3], y); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(g); + _gnutls_free_datum(q); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(params.params[4], x); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(y); + _gnutls_free_datum(p); + _gnutls_free_datum(g); + _gnutls_free_datum(q); + goto cleanup; + } + + ret = 0; + + cleanup: + gnutls_pk_params_clear(¶ms); + gnutls_pk_params_release(¶ms); + return ret; } @@ -1090,22 +1058,24 @@ cleanup: * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) +gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t pkey, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; - ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u); + return _get_sk_rsa_raw(pkey, keyid, m, e, d, p, q, u); } /** @@ -1126,22 +1096,23 @@ gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey, * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, - gnutls_datum_t * x) +gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t pkey, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; - ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x); + return _get_sk_dsa_raw(pkey, keyid, p, q, g, y, x); } /** @@ -1164,29 +1135,29 @@ gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey, * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey, - unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u) +gnutls_openpgp_privkey_export_subkey_rsa_raw(gnutls_openpgp_privkey_t pkey, + unsigned int idx, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; - - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid); - else - ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u); + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; + + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid); + else + ret = + gnutls_openpgp_privkey_get_subkey_id(pkey, idx, keyid); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return _get_sk_rsa_raw(pkey, keyid, m, e, d, p, q, u); } /** @@ -1208,29 +1179,29 @@ gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey, * Since: 2.4.0 **/ int -gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey, - unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x) +gnutls_openpgp_privkey_export_subkey_dsa_raw(gnutls_openpgp_privkey_t pkey, + unsigned int idx, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x) { - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - int ret; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + int ret; - if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) - ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid); - else - ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid); + if (idx == GNUTLS_OPENPGP_MASTER_KEYID_IDX) + ret = gnutls_openpgp_privkey_get_key_id(pkey, keyid); + else + ret = + gnutls_openpgp_privkey_get_subkey_id(pkey, idx, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + if (ret < 0) { + gnutls_assert(); + return ret; + } - return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x); + return _get_sk_dsa_raw(pkey, keyid, p, q, g, y, x); } /** @@ -1244,21 +1215,22 @@ gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey, * hasn't been set it returns %GNUTLS_E_INVALID_REQUEST. **/ int -gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key, - gnutls_openpgp_keyid_t keyid) +gnutls_openpgp_privkey_get_preferred_key_id(gnutls_openpgp_privkey_t key, + gnutls_openpgp_keyid_t keyid) { - if (!key->preferred_set) - return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); + if (!key->preferred_set) + return + gnutls_assert_val + (GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR); - if (!key || !keyid) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (!key || !keyid) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE); + memcpy(keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE); - return 0; + return 0; } /** @@ -1276,45 +1248,43 @@ gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key, * otherwise a negative error code is returned. **/ int -gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t - keyid) +gnutls_openpgp_privkey_set_preferred_key_id(gnutls_openpgp_privkey_t key, + const gnutls_openpgp_keyid_t + keyid) { - int ret; - - if (!key) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (keyid == NULL) /* set the master as preferred */ - { - uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE]; - - ret = gnutls_openpgp_privkey_get_key_id (key, tmp); - if (ret < 0) - return gnutls_assert_val(ret); - - key->preferred_set = 1; - memcpy (key->preferred_keyid, tmp, GNUTLS_OPENPGP_KEYID_SIZE); - - return 0; - } - - /* check if the id is valid */ - ret = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); - if (ret < 0) - { - _gnutls_debug_log ("the requested subkey does not exist\n"); - gnutls_assert (); - return ret; - } - - key->preferred_set = 1; - memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE); - - return 0; + int ret; + + if (!key) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (keyid == NULL) { /* set the master as preferred */ + uint8_t tmp[GNUTLS_OPENPGP_KEYID_SIZE]; + + ret = gnutls_openpgp_privkey_get_key_id(key, tmp); + if (ret < 0) + return gnutls_assert_val(ret); + + key->preferred_set = 1; + memcpy(key->preferred_keyid, tmp, + GNUTLS_OPENPGP_KEYID_SIZE); + + return 0; + } + + /* check if the id is valid */ + ret = gnutls_openpgp_privkey_get_subkey_idx(key, keyid); + if (ret < 0) { + _gnutls_debug_log("the requested subkey does not exist\n"); + gnutls_assert(); + return ret; + } + + key->preferred_set = 1; + memcpy(key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE); + + return 0; } /** @@ -1333,66 +1303,66 @@ gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key, * Deprecated: Use gnutls_privkey_sign_hash() instead. */ int -gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) +gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { - int result; - gnutls_pk_params_st params; - int pk_algorithm; - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1]; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid); - if (result == 0) - { - uint32_t kid[2]; - int idx; - - KEYID_IMPORT (kid, keyid); - - _gnutls_hard_log("Signing using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL)); - - idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); - pk_algorithm = - gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL); - result = - _gnutls_openpgp_privkey_get_mpis (key, kid, ¶ms); - } - else - { - _gnutls_hard_log("Signing using master PGP key\n"); - - pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); - result = _gnutls_openpgp_privkey_get_mpis (key, NULL, ¶ms); - } - - if (result < 0) - { - gnutls_assert (); - return result; - } - - - result = - _gnutls_pk_sign (pk_algorithm, signature, hash, ¶ms); - - gnutls_pk_params_clear(¶ms); - gnutls_pk_params_release(¶ms); - - if (result < 0) - { - gnutls_assert (); - return result; - } - - return 0; + int result; + gnutls_pk_params_st params; + int pk_algorithm; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1]; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + result = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid); + if (result == 0) { + uint32_t kid[2]; + int idx; + + KEYID_IMPORT(kid, keyid); + + _gnutls_hard_log("Signing using PGP key ID %s\n", + _gnutls_bin2hex(keyid, + GNUTLS_OPENPGP_KEYID_SIZE, + buf, sizeof(buf), NULL)); + + idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid); + pk_algorithm = + gnutls_openpgp_privkey_get_subkey_pk_algorithm(key, + idx, + NULL); + result = + _gnutls_openpgp_privkey_get_mpis(key, kid, ¶ms); + } else { + _gnutls_hard_log("Signing using master PGP key\n"); + + pk_algorithm = + gnutls_openpgp_privkey_get_pk_algorithm(key, NULL); + result = + _gnutls_openpgp_privkey_get_mpis(key, NULL, ¶ms); + } + + if (result < 0) { + gnutls_assert(); + return result; + } + + + result = _gnutls_pk_sign(pk_algorithm, signature, hash, ¶ms); + + gnutls_pk_params_clear(¶ms); + gnutls_pk_params_release(¶ms); + + if (result < 0) { + gnutls_assert(); + return result; + } + + return 0; } /*- @@ -1410,61 +1380,66 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, * negative error value. -*/ int -_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) +_gnutls_openpgp_privkey_decrypt_data(gnutls_openpgp_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { - int result, i; - gnutls_pk_params_st params; - int pk_algorithm; - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1]; + int result, i; + gnutls_pk_params_st params; + int pk_algorithm; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + char buf[2 * GNUTLS_OPENPGP_KEYID_SIZE + 1]; - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid); - if (result == 0) - { - uint32_t kid[2]; + result = gnutls_openpgp_privkey_get_preferred_key_id(key, keyid); + if (result == 0) { + uint32_t kid[2]; - KEYID_IMPORT (kid, keyid); + KEYID_IMPORT(kid, keyid); - _gnutls_hard_log("Decrypting using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL)); + _gnutls_hard_log("Decrypting using PGP key ID %s\n", + _gnutls_bin2hex(keyid, + GNUTLS_OPENPGP_KEYID_SIZE, + buf, sizeof(buf), NULL)); - result = _gnutls_openpgp_privkey_get_mpis (key, kid, ¶ms); + result = + _gnutls_openpgp_privkey_get_mpis(key, kid, ¶ms); - i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); + i = gnutls_openpgp_privkey_get_subkey_idx(key, keyid); - pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL); - } - else - { - _gnutls_hard_log("Decrypting using master PGP key\n"); + pk_algorithm = + gnutls_openpgp_privkey_get_subkey_pk_algorithm(key, i, + NULL); + } else { + _gnutls_hard_log("Decrypting using master PGP key\n"); - pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); + pk_algorithm = + gnutls_openpgp_privkey_get_pk_algorithm(key, NULL); - result = _gnutls_openpgp_privkey_get_mpis (key, NULL, ¶ms); + result = + _gnutls_openpgp_privkey_get_mpis(key, NULL, ¶ms); - } + } - if (result < 0) - { - gnutls_assert (); - return result; - } + if (result < 0) { + gnutls_assert(); + return result; + } - result = _gnutls_pk_decrypt (pk_algorithm, plaintext, ciphertext, ¶ms); + result = + _gnutls_pk_decrypt(pk_algorithm, plaintext, ciphertext, + ¶ms); - gnutls_pk_params_clear(¶ms); - gnutls_pk_params_release(¶ms); + gnutls_pk_params_clear(¶ms); + gnutls_pk_params_release(¶ms); - if (result < 0) - return gnutls_assert_val(result); + if (result < 0) + return gnutls_assert_val(result); - return 0; + return 0; } |