2 * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2010 Free Software
5 * Author: Timo Schulz, Nikos Mavrogiannopoulos
7 * This file is part of GNUTLS.
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 /* Functions on OpenPGP key parsing
29 #include <gnutls_int.h>
30 #include <openpgp_int.h>
31 #include <gnutls_errors.h>
32 #include <gnutls_openpgp.h>
33 #include <gnutls_num.h>
36 * gnutls_openpgp_crt_verify_ring - Verify all signatures in the key
37 * @key: the structure that holds the key.
38 * @keyring: holds the keyring to check against
39 * @flags: unused (should be 0)
40 * @verify: will hold the certificate verification output.
42 * Verify all signatures in the key, using the given set of keys
45 * The key verification output will be put in @verify and will be one
46 * or more of the #gnutls_certificate_status_t enumerated elements
49 * %GNUTLS_CERT_INVALID: A signature on the key is invalid.
51 * %GNUTLS_CERT_REVOKED: The key has been revoked.
53 * Note that this function does not verify using any "web of trust".
54 * You may use GnuPG for that purpose, or any other external PGP
57 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
60 gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key
,
61 gnutls_openpgp_keyring_t keyring
,
62 unsigned int flags
, unsigned int *verify
)
64 gnutls_openpgp_keyid_t id
;
71 return GNUTLS_E_NO_CERTIFICATE_FOUND
;
76 rc
= cdk_pk_check_sigs (key
->knode
, keyring
->db
, &status
);
77 if (rc
== CDK_Error_No_Key
)
79 rc
= GNUTLS_E_NO_CERTIFICATE_FOUND
;
83 else if (rc
!= CDK_Success
)
85 _gnutls_x509_log ("cdk_pk_check_sigs: error %d\n", rc
);
86 rc
= _gnutls_map_cdk_rc (rc
);
90 _gnutls_x509_log ("status: %x\n", status
);
92 if (status
& CDK_KEY_INVALID
)
93 *verify
|= GNUTLS_CERT_INVALID
;
94 if (status
& CDK_KEY_REVOKED
)
95 *verify
|= GNUTLS_CERT_REVOKED
;
96 if (status
& CDK_KEY_NOSIGNER
)
97 *verify
|= GNUTLS_CERT_SIGNER_NOT_FOUND
;
99 /* Check if the key is included in the ring. */
100 if (!(flags
& GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
))
102 rc
= gnutls_openpgp_crt_get_key_id (key
, id
);
109 rc
= gnutls_openpgp_keyring_check_id (keyring
, id
, 0);
110 /* If it exists in the keyring don't treat it as unknown. */
111 if (rc
== 0 && *verify
& GNUTLS_CERT_SIGNER_NOT_FOUND
)
112 *verify
^= GNUTLS_CERT_SIGNER_NOT_FOUND
;
120 * gnutls_openpgp_crt_verify_self - Verify the self signature on the key
121 * @key: the structure that holds the key.
122 * @flags: unused (should be 0)
123 * @verify: will hold the key verification output.
125 * Verifies the self signature in the key. The key verification
126 * output will be put in @verify and will be one or more of the
127 * gnutls_certificate_status_t enumerated elements bitwise or'd.
129 * %GNUTLS_CERT_INVALID: The self signature on the key is invalid.
131 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
134 gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key
,
135 unsigned int flags
, unsigned int *verify
)
140 rc
= cdk_pk_check_self_sig (key
->knode
, &status
);
141 if (rc
|| status
!= CDK_KEY_VALID
)
142 *verify
|= GNUTLS_CERT_INVALID
;