/** * cdk_stream_verify: * @hd: session handle * @inp: the input stream * @data: for detached signatures, this is the data stream @inp is the sig * @out: where the output shall be written. * * Verify a signature in stream. */ cdk_error_t cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data, cdk_stream_t out) { /* FIXME: out is not currently used. */ if (cdk_armor_filter_use (inp)) cdk_stream_set_armor_flag (inp, 0); return _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL); }
/** * cdk_file_verify: * @hd: the session handle * @file: the input file * @data_file: for detached signature this is the data file and @file is the sig. * @output: the output file * * Verify a signature. **/ cdk_error_t cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file, const char *output) { struct stat stbuf; cdk_stream_t inp, data; char buf[4096]; int n; cdk_error_t rc; if (!hd || !file) return CDK_Inv_Value; if (output && !hd->opt.overwrite && !stat (output, &stbuf)) return CDK_Inv_Mode; rc = cdk_stream_open (file, &inp); if (rc) return rc; if (cdk_armor_filter_use (inp)) { n = cdk_stream_peek (inp, (byte *) buf, DIM (buf) - 1); if (!n || n == -1) return CDK_EOF; buf[n] = '\0'; if (strstr (buf, "BEGIN PGP SIGNED MESSAGE")) { cdk_stream_close (inp); return file_verify_clearsign (hd, file, output); } cdk_stream_set_armor_flag (inp, 0); } if (data_file) { rc = cdk_stream_open (data_file, &data); if (rc) { cdk_stream_close (inp); return rc; } } else data = NULL; rc = _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL); if (data != NULL) cdk_stream_close (data); cdk_stream_close (inp); return rc; }
/** * gnutls_openpgp_privkey_import: * @key: The structure to store the parsed key. * @data: The RAW or BASE64 encoded key. * @format: One of #gnutls_openpgp_crt_fmt_t elements. * @password: not used for now * @flags: should be zero * * This function will convert the given RAW or Base64 encoded key to * the native gnutls_openpgp_privkey_t format. The output will be * stored in 'key'. * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, const gnutls_datum_t * data, gnutls_openpgp_crt_fmt_t format, const char *password, unsigned int flags) { cdk_stream_t inp; cdk_packet_t pkt; int rc; if (data->data == NULL || data->size == 0) { gnutls_assert (); return GNUTLS_E_OPENPGP_GETKEY_FAILED; } if (format == GNUTLS_OPENPGP_FMT_RAW) { rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } if (cdk_armor_filter_use (inp)) { rc = cdk_stream_set_armor_flag (inp, 0); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); cdk_stream_close (inp); gnutls_assert (); return rc; } } rc = cdk_keydb_get_keyblock (inp, &key->knode); cdk_stream_close (inp); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } } /* Test if the import was successful. */ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); if (pkt == NULL) { gnutls_assert (); return GNUTLS_E_OPENPGP_GETKEY_FAILED; } return 0; }
/** * cdk_keydb_open: * @hd: keydb object * @ret_kr: the STREAM object which contains the data of the keyring * * Open a STREAM with the contents of the keyring from @hd **/ cdk_error_t cdk_keydb_open( cdk_keydb_hd_t hd, cdk_stream_t * ret_kr ) { int rc = 0, ec; if( !hd || !ret_kr ) return CDK_Inv_Value; if( hd->type == CDK_DBTYPE_DATA && hd->buf ) cdk_stream_seek( hd->buf, 0 ); else if( hd->type == CDK_DBTYPE_PK_KEYRING || hd->type == CDK_DBTYPE_SK_KEYRING ) { if( !hd->isopen && hd->name ) { rc = cdk_stream_open( hd->name, &hd->buf ); if( rc ) goto leave; if( cdk_armor_filter_use( hd->buf ) ) cdk_stream_set_armor_flag( hd->buf, 0 ); hd->isopen = 1; cdk_free( hd->idx_name ); hd->idx_name = keydb_idx_mkname( hd->name ); if( !hd->idx_name ) { rc = CDK_Out_Of_Core; goto leave; } ec = cdk_stream_open( hd->idx_name, &hd->idx ); if( ec && !hd->secret ) { rc = keydb_idx_build( hd->name ); if( !rc ) rc = cdk_stream_open( hd->idx_name, &hd->idx ); if( !rc ) _cdk_log_debug( "create key index table\n" ); if( rc ) { /* this is no real error, it just means we can't create the index at the given directory. maybe we've no write access. in this case, we simply disable the index. */ _cdk_log_debug( "disable key index table\n" ); rc = 0; hd->no_cache = 1; } } } else { /* We use the cache to search keys, so we always rewind the STREAM. Except when the _NEXT search mode is used because this mode is an enumeration and no seeking is needed. */ if( !hd->search || (hd->search && hd->dbs->type != CDK_DBSEARCH_NEXT) ) cdk_stream_seek( hd->buf, 0 ); } } else return CDK_Inv_Mode; leave: if( rc ) { cdk_stream_close( hd->buf ); hd->buf = NULL; } *ret_kr = hd->buf; return rc; }