search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correctly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasm...
[gnutls.git] / lib / openpgp / compat.c
blob7612d3f4c6fa915ced4d9e0612fbce05eaa9a73f
1 /*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
3 *
4 * Author: Timo Schulz, Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* Compatibility functions on OpenPGP key parsing.
24 */
25
26 #include <gnutls_int.h>
27 #include <gnutls_errors.h>
28 #include <gnutls_openpgp.h>
29 #include <openpgp_int.h>
30
31 /*-
32 * gnutls_openpgp_verify_key:
33 * @cert_list: the structure that holds the certificates.
34 * @cert_list_lenght: the items in the cert_list.
35 * @status: the output of the verification function
36 *
37 * Verify all signatures in the certificate list. When the key
38 * is not available, the signature is skipped.
39 *
40 * The return value is one of the CertificateStatus entries.
41 *
42 * NOTE: this function does not verify using any "web of trust". You
43 * may use GnuPG for that purpose, or any other external PGP application.
44 -*/
45 int
46 _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
47 const gnutls_datum_t * cert_list,
48 int cert_list_length, unsigned int *status)
49 {
50 int ret = 0;
51 gnutls_openpgp_crt_t key = NULL;
52 unsigned int verify = 0, verify_self = 0;
53
54 if (!cert_list || cert_list_length != 1)
55 {
56 gnutls_assert ();
57 return GNUTLS_E_NO_CERTIFICATE_FOUND;
58 }
59
60 ret = gnutls_openpgp_crt_init (&key);
61 if (ret < 0)
62 {
63 gnutls_assert ();
64 return ret;
65 }
66
67 ret =
68 gnutls_openpgp_crt_import (key, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
69 if (ret < 0)
70 {
71 gnutls_assert ();
72 goto leave;
73 }
74
75 if (cred->keyring != NULL)
76 {
77 ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify);
78 if (ret < 0)
79 {
80 gnutls_assert ();
81 goto leave;
82 }
83 }
84
85 /* Now try the self signature. */
86 ret = gnutls_openpgp_crt_verify_self (key, 0, &verify_self);
87 if (ret < 0)
88 {
89 gnutls_assert ();
90 goto leave;
91 }
92
93 *status = verify_self | verify;
94
95 /* If we only checked the self signature. */
96 if (!cred->keyring)
97 *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
98
99 ret = 0;
100
101 leave:
102 gnutls_openpgp_crt_deinit (key);
103
104 return ret;
105 }
106
107 /*-
108 * gnutls_openpgp_fingerprint:
109 * @cert: the raw data that contains the OpenPGP public key.
110 * @fpr: the buffer to save the fingerprint.
111 * @fprlen: the integer to save the length of the fingerprint.
112 *
113 * Returns the fingerprint of the OpenPGP key. Depence on the algorithm,
114 * the fingerprint can be 16 or 20 bytes.
115 -*/
116 int
117 _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
118 unsigned char *fpr, size_t * fprlen)
119 {
120 gnutls_openpgp_crt_t key;
121 int ret;
122
123 ret = gnutls_openpgp_crt_init (&key);
124 if (ret < 0)
125 {
126 gnutls_assert ();
127 return ret;
128 }
129
130 ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
131 if (ret < 0)
132 {
133 gnutls_assert ();
134 return ret;
135 }
136
137 ret = gnutls_openpgp_crt_get_fingerprint (key, fpr, fprlen);
138 gnutls_openpgp_crt_deinit (key);
139 if (ret < 0)
140 {
141 gnutls_assert ();
142 return ret;
143 }
144
145 return 0;
146 }
147
148 /*-
149 * gnutls_openpgp_get_raw_key_creation_time:
150 * @cert: the raw data that contains the OpenPGP public key.
151 *
152 * Returns the timestamp when the OpenPGP key was created.
153 -*/
154 time_t
155 _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert)
156 {
157 gnutls_openpgp_crt_t key;
158 int ret;
159 time_t tim;
160
161 ret = gnutls_openpgp_crt_init (&key);
162 if (ret < 0)
163 {
164 gnutls_assert ();
165 return ret;
166 }
167
168 ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
169 if (ret < 0)
170 {
171 gnutls_assert ();
172 return ret;
173 }
174
175 tim = gnutls_openpgp_crt_get_creation_time (key);
176
177 gnutls_openpgp_crt_deinit (key);
178
179 return tim;
180 }
181
182
183 /*-
184 * gnutls_openpgp_get_raw_key_expiration_time:
185 * @cert: the raw data that contains the OpenPGP public key.
186 *
187 * Returns the time when the OpenPGP key expires. A value of '0' means
188 * that the key doesn't expire at all.
189 -*/
190 time_t
191 _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * cert)
192 {
193 gnutls_openpgp_crt_t key;
194 int ret;
195 time_t tim;
196
197 ret = gnutls_openpgp_crt_init (&key);
198 if (ret < 0)
199 {
200 gnutls_assert ();
201 return ret;
202 }
203
204 ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
205 if (ret < 0)
206 {
207 gnutls_assert ();
208 return ret;
209 }
210
211 tim = gnutls_openpgp_crt_get_expiration_time (key);
212
213 gnutls_openpgp_crt_deinit (key);
214
215 return tim;
216 }
Implementation of the SSL/TLS protocol