/**
* cdk_stream_verify:
* @hd: session handle
* @inp: the input stream
* @data: for detached signatures, this is the data stream @inp is the sig
* @out: where the output shall be written.
*
* Verify a signature in stream.
*/
cdk_error_t
cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
cdk_stream_t out)
{
/* FIXME: out is not currently used. */
if (cdk_armor_filter_use (inp))
cdk_stream_set_armor_flag (inp, 0);
return _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL);
}
/**
* cdk_file_verify:
* @hd: the session handle
* @file: the input file
* @data_file: for detached signature this is the data file and @file is the sig.
* @output: the output file
*
* Verify a signature.
**/
cdk_error_t
cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file,
const char *output)
{
struct stat stbuf;
cdk_stream_t inp, data;
char buf[4096];
int n;
cdk_error_t rc;
if (!hd || !file)
return CDK_Inv_Value;
if (output && !hd->opt.overwrite && !stat (output, &stbuf))
return CDK_Inv_Mode;
rc = cdk_stream_open (file, &inp);
if (rc)
return rc;
if (cdk_armor_filter_use (inp))
{
n = cdk_stream_peek (inp, (byte *) buf, DIM (buf) - 1);
if (!n || n == -1)
return CDK_EOF;
buf[n] = '\0';
if (strstr (buf, "BEGIN PGP SIGNED MESSAGE"))
{
cdk_stream_close (inp);
return file_verify_clearsign (hd, file, output);
}
cdk_stream_set_armor_flag (inp, 0);
}
if (data_file)
{
rc = cdk_stream_open (data_file, &data);
if (rc)
{
cdk_stream_close (inp);
return rc;
}
}
else
data = NULL;
rc = _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL);
if (data != NULL)
cdk_stream_close (data);
cdk_stream_close (inp);
return rc;
}
/**
* gnutls_openpgp_privkey_import:
* @key: The structure to store the parsed key.
* @data: The RAW or BASE64 encoded key.
* @format: One of #gnutls_openpgp_crt_fmt_t elements.
* @password: not used for now
* @flags: should be zero
*
* This function will convert the given RAW or Base64 encoded key to
* the native gnutls_openpgp_privkey_t format. The output will be
* stored in 'key'.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format,
const char *password, unsigned int flags)
{
cdk_stream_t inp;
cdk_packet_t pkt;
int rc;
if (data->data == NULL || data->size == 0)
{
gnutls_assert ();
return GNUTLS_E_OPENPGP_GETKEY_FAILED;
}
if (format == GNUTLS_OPENPGP_FMT_RAW)
{
rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
if (rc != 0)
{
rc = _gnutls_map_cdk_rc (rc);
gnutls_assert ();
return rc;
}
}
else
{
rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
if (rc != 0)
{
rc = _gnutls_map_cdk_rc (rc);
gnutls_assert ();
return rc;
}
if (cdk_armor_filter_use (inp))
{
rc = cdk_stream_set_armor_flag (inp, 0);
if (rc != 0)
{
rc = _gnutls_map_cdk_rc (rc);
cdk_stream_close (inp);
gnutls_assert ();
return rc;
}
}
rc = cdk_keydb_get_keyblock (inp, &key->knode);
cdk_stream_close (inp);
if (rc != 0)
{
rc = _gnutls_map_cdk_rc (rc);
gnutls_assert ();
return rc;
}
}
/* Test if the import was successful. */
pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
if (pkt == NULL)
{
gnutls_assert ();
return GNUTLS_E_OPENPGP_GETKEY_FAILED;
}
return 0;
}
/**
* cdk_keydb_open:
* @hd: keydb object
* @ret_kr: the STREAM object which contains the data of the keyring
*
* Open a STREAM with the contents of the keyring from @hd
**/
cdk_error_t
cdk_keydb_open( cdk_keydb_hd_t hd, cdk_stream_t * ret_kr )
{
int rc = 0, ec;
if( !hd || !ret_kr )
return CDK_Inv_Value;
if( hd->type == CDK_DBTYPE_DATA && hd->buf )
cdk_stream_seek( hd->buf, 0 );
else if( hd->type == CDK_DBTYPE_PK_KEYRING
|| hd->type == CDK_DBTYPE_SK_KEYRING ) {
if( !hd->isopen && hd->name ) {
rc = cdk_stream_open( hd->name, &hd->buf );
if( rc )
goto leave;
if( cdk_armor_filter_use( hd->buf ) )
cdk_stream_set_armor_flag( hd->buf, 0 );
hd->isopen = 1;
cdk_free( hd->idx_name );
hd->idx_name = keydb_idx_mkname( hd->name );
if( !hd->idx_name ) {
rc = CDK_Out_Of_Core;
goto leave;
}
ec = cdk_stream_open( hd->idx_name, &hd->idx );
if( ec && !hd->secret ) {
rc = keydb_idx_build( hd->name );
if( !rc )
rc = cdk_stream_open( hd->idx_name, &hd->idx );
if( !rc )
_cdk_log_debug( "create key index table\n" );
if( rc ) {
/* this is no real error, it just means we can't create
the index at the given directory. maybe we've no write
access. in this case, we simply disable the index. */
_cdk_log_debug( "disable key index table\n" );
rc = 0;
hd->no_cache = 1;
}
}
}
else {
/* We use the cache to search keys, so we always rewind the
STREAM. Except when the _NEXT search mode is used because
this mode is an enumeration and no seeking is needed. */
if( !hd->search ||
(hd->search && hd->dbs->type != CDK_DBSEARCH_NEXT) )
cdk_stream_seek( hd->buf, 0 );
}
}
else
return CDK_Inv_Mode;
leave:
if( rc ) {
cdk_stream_close( hd->buf );
hd->buf = NULL;
}
*ret_kr = hd->buf;
return rc;
}
