2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
4 * Author: Timo Schulz, Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Compatibility functions on OpenPGP key parsing.
26 #include <gnutls_int.h>
27 #include <gnutls_errors.h>
28 #include <gnutls_openpgp.h>
29 #include <openpgp_int.h>
32 * gnutls_openpgp_verify_key:
33 * @cert_list: the structure that holds the certificates.
34 * @cert_list_lenght: the items in the cert_list.
35 * @status: the output of the verification function
37 * Verify all signatures in the certificate list. When the key
38 * is not available, the signature is skipped.
40 * The return value is one of the CertificateStatus entries.
42 * NOTE: this function does not verify using any "web of trust". You
43 * may use GnuPG for that purpose, or any other external PGP application.
46 _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred
,
47 const gnutls_datum_t
* cert_list
,
48 int cert_list_length
, unsigned int *status
)
51 gnutls_openpgp_crt_t key
= NULL
;
52 unsigned int verify
= 0, verify_self
= 0;
54 if (!cert_list
|| cert_list_length
!= 1)
57 return GNUTLS_E_NO_CERTIFICATE_FOUND
;
60 ret
= gnutls_openpgp_crt_init (&key
);
68 gnutls_openpgp_crt_import (key
, &cert_list
[0], GNUTLS_OPENPGP_FMT_RAW
);
75 if (cred
->keyring
!= NULL
)
77 ret
= gnutls_openpgp_crt_verify_ring (key
, cred
->keyring
, 0, &verify
);
85 /* Now try the self signature. */
86 ret
= gnutls_openpgp_crt_verify_self (key
, 0, &verify_self
);
93 *status
= verify_self
| verify
;
95 /* If we only checked the self signature. */
97 *status
|= GNUTLS_CERT_SIGNER_NOT_FOUND
;
102 gnutls_openpgp_crt_deinit (key
);
108 * gnutls_openpgp_fingerprint:
109 * @cert: the raw data that contains the OpenPGP public key.
110 * @fpr: the buffer to save the fingerprint.
111 * @fprlen: the integer to save the length of the fingerprint.
113 * Returns the fingerprint of the OpenPGP key. Depence on the algorithm,
114 * the fingerprint can be 16 or 20 bytes.
117 _gnutls_openpgp_fingerprint (const gnutls_datum_t
* cert
,
118 unsigned char *fpr
, size_t * fprlen
)
120 gnutls_openpgp_crt_t key
;
123 ret
= gnutls_openpgp_crt_init (&key
);
130 ret
= gnutls_openpgp_crt_import (key
, cert
, GNUTLS_OPENPGP_FMT_RAW
);
137 ret
= gnutls_openpgp_crt_get_fingerprint (key
, fpr
, fprlen
);
138 gnutls_openpgp_crt_deinit (key
);
149 * gnutls_openpgp_get_raw_key_creation_time:
150 * @cert: the raw data that contains the OpenPGP public key.
152 * Returns the timestamp when the OpenPGP key was created.
155 _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t
* cert
)
157 gnutls_openpgp_crt_t key
;
161 ret
= gnutls_openpgp_crt_init (&key
);
168 ret
= gnutls_openpgp_crt_import (key
, cert
, GNUTLS_OPENPGP_FMT_RAW
);
175 tim
= gnutls_openpgp_crt_get_creation_time (key
);
177 gnutls_openpgp_crt_deinit (key
);
184 * gnutls_openpgp_get_raw_key_expiration_time:
185 * @cert: the raw data that contains the OpenPGP public key.
187 * Returns the time when the OpenPGP key expires. A value of '0' means
188 * that the key doesn't expire at all.
191 _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t
* cert
)
193 gnutls_openpgp_crt_t key
;
197 ret
= gnutls_openpgp_crt_init (&key
);
204 ret
= gnutls_openpgp_crt_import (key
, cert
, GNUTLS_OPENPGP_FMT_RAW
);
211 tim
= gnutls_openpgp_crt_get_expiration_time (key
);
213 gnutls_openpgp_crt_deinit (key
);