gpgme_data_t sgpgme_data_from_mimeinfo(MimeInfo *mimeinfo)
{
gpgme_data_t data = NULL;
gpgme_error_t err;
FILE *fp = g_fopen(mimeinfo->data.filename, "rb");
gchar *tmp_file = NULL;
if (!fp)
return NULL;
tmp_file = get_tmp_file();
copy_file_part(fp, mimeinfo->offset, mimeinfo->length, tmp_file);
fclose(fp);
fp = NULL;
debug_print("tmp file %s\n", tmp_file);
err = gpgme_data_new_from_file(&data, tmp_file, 1);
claws_unlink(tmp_file);
g_free(tmp_file);
debug_print("data %p (%d %d)\n", (void *)&data, mimeinfo->offset, mimeinfo->length);
if (err) {
debug_print ("gpgme_data_new_from_file failed: %s\n",
gpgme_strerror (err));
privacy_set_error(_("Couldn't get data from message, %s"), gpgme_strerror(err));
return NULL;
}
return data;
}
int
main (int argc, char **argv)
{
int last_argc = -1;
gpgme_error_t err;
int anyerr = 0;
gpgme_data_t data;
gpgme_data_type_t dt;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
show_usage (0);
else if (!strcmp (*argv, "--verbose"))
{
verbose = 1;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
show_usage (1);
}
init_gpgme (GPGME_PROTOCOL_OpenPGP);
for (; argc; argc--, argv++)
{
if (verbose)
printf ("reading file `%s'\n", *argv);
err = gpgme_data_new_from_file (&data, *argv, 1);
if (err)
{
fprintf (stderr, PGM ": error reading '%s': %s\n",
*argv, gpg_strerror (err));
anyerr = 1;
}
else
{
dt = gpgme_data_identify (data, 0);
if (dt == GPGME_DATA_TYPE_INVALID)
anyerr = 1;
printf ("%s: %s\n", *argv, data_type_to_string (dt));
gpgme_data_release (data);
}
}
return anyerr;
}
gboolean
fu_keyring_add_public_key (FuKeyring *keyring, const gchar *filename, GError **error)
{
FuKeyringPrivate *priv = GET_PRIVATE (keyring);
gpgme_error_t rc;
gpgme_import_result_t result;
gpgme_import_status_t s;
g_auto(gpgme_data_t) data = NULL;
g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
/* import public key */
g_debug ("Adding public key %s", filename);
rc = gpgme_data_new_from_file (&data, filename, 1);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to load %s: %s",
filename, gpgme_strerror (rc));
return FALSE;
}
rc = gpgme_op_import (priv->ctx, data);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to import %s: %s",
filename, gpgme_strerror (rc));
return FALSE;
}
/* print what keys were imported */
result = gpgme_op_import_result (priv->ctx);
for (s = result->imports; s != NULL; s = s->next) {
g_debug ("importing key %s [%u] %s",
s->fpr, s->status, gpgme_strerror (s->result));
}
/* make sure keys were really imported */
if (result->imported == 0 && result->unchanged == 0) {
g_debug("imported: %d, unchanged: %d, not_imported: %d",
result->imported,
result->unchanged,
result->not_imported);
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"key import failed %s",
filename);
return FALSE;
}
return TRUE;
}
int
main (int argc, char **argv)
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in;
gpgme_import_result_t result;
char *cert_1 = make_filename ("cert_dfn_pca01.der");
char *cert_2 = make_filename ("cert_dfn_pca15.der");
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
err = gpgme_data_new_from_file (&in, cert_1, 1);
free (cert_1);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "DFA56FB5FC41E3A8921F77AD1622EEFD9152A5AD", 1, 1);
gpgme_data_release (in);
err = gpgme_data_new_from_file (&in, cert_2, 1);
free (cert_2);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "2C8F3C356AB761CB3674835B792CDA52937F9285", 1, 2);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in;
gpgme_import_result_t result;
char *pubkey_1_asc = make_filename ("pubkey-1.asc");
char *seckey_1_asc = make_filename ("seckey-1.asc");
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
err = gpgme_data_new_from_file (&in, pubkey_1_asc, 1);
free (pubkey_1_asc);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 0);
gpgme_data_release (in);
err = gpgme_data_new_from_file (&in, seckey_1_asc, 1);
free (seckey_1_asc);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 1);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_decrypt_result_t decrypt_result;
gpgme_verify_result_t verify_result;
char *cipher_2_asc = make_filename ("cipher-2.asc");
char *agent_info;
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
agent_info = getenv("GPG_AGENT_INFO");
if (!(agent_info && strchr (agent_info, ':')))
gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
err = gpgme_data_new_from_file (&in, cipher_2_asc, 1);
free (cipher_2_asc);
fail_if_err (err);
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_decrypt_verify (ctx, in, out);
fail_if_err (err);
decrypt_result = gpgme_op_decrypt_result (ctx);
if (decrypt_result->unsupported_algorithm)
{
fprintf (stderr, "%s:%i: unsupported algorithm: %s\n",
__FILE__, __LINE__, decrypt_result->unsupported_algorithm);
exit (1);
}
print_data (out);
verify_result = gpgme_op_verify_result (ctx);
check_verify_result (verify_result, 0,
"A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR);
gpgme_data_release (in);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in, out;
gpgme_decrypt_result_t result;
char *cipher_1_asc = make_filename ("cipher-1.asc");
char *agent_info;
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
agent_info = getenv("GPG_AGENT_INFO");
if (!(agent_info && strchr (agent_info, ':')))
gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);
err = gpgme_data_new_from_file (&in, cipher_1_asc, 1);
free (cipher_1_asc);
fail_if_err (err);
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_decrypt (ctx, in, out);
fail_if_err (err);
result = gpgme_op_decrypt_result (ctx);
if (result->unsupported_algorithm)
{
fprintf (stderr, "%s:%i: unsupported algorithm: %s\n",
__FILE__, __LINE__, result->unsupported_algorithm);
exit (1);
}
print_data (out);
gpgme_data_release (in);
gpgme_data_release (out);
gpgme_release (ctx);
return 0;
}
void import (
gpgme_ctx_t * context,
telem_gpg_opts * options,
int num_keys,
char ** key_path
)
{
gpgme_error_t err;
int url_mode = 0;
int nul_mode = 0;
gpgme_import_result_t impres;
gpgme_data_t data;
for (; num_keys; --num_keys, key_path++)
{
printf ("reading file `%s'\n", *key_path);
err = gpgme_data_new_from_file(&data, *key_path, 1);
fail_if_err(err);
if (url_mode)
gpgme_data_set_encoding(
data,
(nul_mode? GPGME_DATA_ENCODING_URL0 : GPGME_DATA_ENCODING_URL)
);
err = gpgme_op_import(*context, data);
fail_if_err(err);
impres = gpgme_op_import_result(*context);
if (!impres)
{
fprintf(stderr, "No import result returned\n");
exit(1);
}
print_import_result(impres);
gpgme_data_release(data);
}
}
int
opkg_verify_file (char *text_file, char *sig_file)
{
#if defined HAVE_GPGME
if (conf->check_signature == 0 )
return 0;
int status = -1;
gpgme_ctx_t ctx;
gpgme_data_t sig, text, key;
gpgme_error_t err;
gpgme_verify_result_t result;
gpgme_signature_t s;
char *trusted_path = NULL;
gpgme_check_version (NULL);
err = gpgme_new (&ctx);
if (err)
return -1;
sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg");
err = gpgme_data_new_from_file (&key, trusted_path, 1);
free (trusted_path);
if (err)
{
return -1;
}
err = gpgme_op_import (ctx, key);
if (err)
{
gpgme_data_release (key);
return -1;
}
gpgme_data_release (key);
err = gpgme_data_new_from_file (&sig, sig_file, 1);
if (err)
{
gpgme_release (ctx);
return -1;
}
err = gpgme_data_new_from_file (&text, text_file, 1);
if (err)
{
gpgme_data_release (sig);
gpgme_release (ctx);
return -1;
}
err = gpgme_op_verify (ctx, sig, text, NULL);
result = gpgme_op_verify_result (ctx);
if (!result)
return -1;
/* see if any of the signitures matched */
s = result->signatures;
while (s)
{
status = gpg_err_code (s->status);
if (status == GPG_ERR_NO_ERROR)
break;
s = s->next;
}
gpgme_data_release (sig);
gpgme_data_release (text);
gpgme_release (ctx);
return status;
#elif defined HAVE_OPENSSL
X509_STORE *store = NULL;
PKCS7 *p7 = NULL;
BIO *in = NULL, *indata = NULL;
// Sig check failed by default !
int status = -1;
openssl_init();
// Set-up the key store
if(!(store = setup_verify(conf->signature_ca_file, conf->signature_ca_path))){
opkg_msg(ERROR, "Can't open CA certificates.\n");
goto verify_file_end;
}
// Open a BIO to read the sig file
if (!(in = BIO_new_file(sig_file, "rb"))){
opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file);
goto verify_file_end;
}
// Read the PKCS7 block contained in the sig file
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
if(!p7){
opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n",
sig_file);
goto verify_file_end;
}
#if defined(HAVE_PATHFINDER)
if(conf->check_x509_path){
if(!pkcs7_pathfinder_verify_signers(p7)){
opkg_msg(ERROR, "pkcs7_pathfinder_verify_signers: "
"Path verification failed.\n");
goto verify_file_end;
}
}
#endif
// Open the Package file to authenticate
if (!(indata = BIO_new_file(text_file, "rb"))){
opkg_msg(ERROR, "Can't open file %s.\n", text_file);
goto verify_file_end;
}
// Let's verify the autenticity !
if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){
// Get Off My Lawn!
opkg_msg(ERROR, "Verification failure.\n");
}else{
// Victory !
status = 0;
}
verify_file_end:
BIO_free(in);
BIO_free(indata);
PKCS7_free(p7);
X509_STORE_free(store);
return status;
#else
/* mute `unused variable' warnings. */
(void) sig_file;
(void) text_file;
(void) conf;
return 0;
#endif
}
GpgME::Data::Data( const char * filename ) {
gpgme_data_t data;
const gpgme_error_t e = gpgme_data_new_from_file( &data, filename, 1 );
d = new Private( e ? 0 : data );
d->ref();
}
int
main (int argc, char **argv)
{
int last_argc = -1;
gpgme_error_t err;
gpgme_ctx_t ctx;
const char *key_string = NULL;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_CLEAR;
gpgme_data_t in, out;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
show_usage (0);
else if (!strcmp (*argv, "--key"))
{
argc--; argv++;
if (!argc)
show_usage (1);
key_string = *argv;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
show_usage (1);
}
if (argc != 1)
show_usage (1);
init_gpgme (protocol);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, protocol);
gpgme_set_armor (ctx, 1);
if (key_string)
{
gpgme_key_t akey;
err = gpgme_get_key (ctx, key_string, &akey, 1);
if (err)
{
exit (1);
}
err = gpgme_signers_add (ctx, akey);
fail_if_err (err);
gpgme_key_unref (akey);
}
err = gpgme_data_new_from_file (&in, *argv, 1);
if (err)
{
fprintf (stderr, PGM ": error reading `%s': %s\n",
*argv, gpg_strerror (err));
exit (1);
}
err = gpgme_data_new (&out);
fail_if_err (err);
err = gpgme_op_sign (ctx, in, out, sigmode);
if (err)
{
fprintf (stderr, PGM ": signing failed: %s\n", gpg_strerror (err));
exit (1);
}
print_data (out);
gpgme_data_release (out);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
gboolean
zif_utils_gpg_verify (const gchar *filename,
const gchar *filename_gpg,
GError **error)
{
gboolean ret = FALSE;
gpgme_ctx_t ctx = NULL;
gpgme_data_t repomd_gpg = NULL;
gpgme_data_t repomd = NULL;
gpgme_error_t rc;
gpgme_signature_t s;
gpgme_verify_result_t result;
/* check version */
gpgme_check_version (NULL);
/* startup gpgme */
rc = gpg_err_init ();
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to startup GPG: %s",
gpgme_strerror (rc));
goto out;
}
/* create a new GPG context */
rc = gpgme_new (&ctx);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to create context: %s",
gpgme_strerror (rc));
goto out;
}
/* set the protocol */
rc = gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to set protocol: %s",
gpgme_strerror (rc));
goto out;
}
/* enable armor mode */
gpgme_set_armor (ctx, TRUE);
/* load file */
rc = gpgme_data_new_from_file (&repomd, filename, 1);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to load repomd: %s",
gpgme_strerror (rc));
goto out;
}
/* load signature */
rc = gpgme_data_new_from_file (&repomd_gpg, filename_gpg, 1);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to load repomd.asc: %s",
gpgme_strerror (rc));
goto out;
}
/* verify the repodata.xml */
g_debug ("verifying %s with %s", filename, filename_gpg);
rc = gpgme_op_verify (ctx, repomd_gpg, repomd, NULL);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to verify: %s",
gpgme_strerror (rc));
goto out;
}
/* verify the result */
result = gpgme_op_verify_result (ctx);
if (result == NULL) {
g_set_error_literal (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"no result record from libgpgme");
goto out;
}
/* look at each signature */
for (s = result->signatures; s != NULL ; s = s->next ) {
ret = zif_utils_gpg_check_signature (s, error);
if (!ret)
goto out;
}
/* success */
ret = TRUE;
out:
if (ctx != NULL)
gpgme_release (ctx);
gpgme_data_release (repomd_gpg);
gpgme_data_release (repomd);
return ret;
}
int
main (int argc, char **argv)
{
round_t round = TEST_INITIALIZER;
char *text_filename = make_filename ("t-data-1.txt");
char *longer_text_filename = make_filename ("t-data-2.txt");
const char *missing_filename = "this-file-surely-does-not-exist";
gpgme_error_t err = 0;
gpgme_data_t data;
while (++round)
{
switch (round)
{
case TEST_INVALID_ARGUMENT:
err = gpgme_data_new (NULL);
if (!err)
{
fprintf (stderr, "%s:%d: gpgme_data_new on NULL pointer succeeded "
"unexpectedly\n", __FILE__, __LINE__);
exit (1);
}
continue;
case TEST_INOUT_NONE:
err = gpgme_data_new (&data);
break;
case TEST_INOUT_MEM_NO_COPY:
err = gpgme_data_new_from_mem (&data, text, strlen (text), 0);
break;
case TEST_INOUT_MEM_COPY:
err = gpgme_data_new_from_mem (&data, text, strlen (text), 1);
break;
case TEST_INOUT_MEM_FROM_FILE_COPY:
err = gpgme_data_new_from_file (&data, text_filename, 1);
break;
case TEST_INOUT_MEM_FROM_INEXISTANT_FILE:
err = gpgme_data_new_from_file (&data, missing_filename, 1);
if (!err)
{
fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "
"file succeeded unexpectedly\n", __FILE__, __LINE__);
exit (1);
}
continue;
case TEST_INOUT_MEM_FROM_FILE_NO_COPY:
err = gpgme_data_new_from_file (&data, text_filename, 0);
/* This is not implemented yet. */
if (gpgme_err_code (err) == GPG_ERR_NOT_IMPLEMENTED
|| gpgme_err_code (err) == GPG_ERR_INV_VALUE)
continue;
break;
case TEST_INOUT_MEM_FROM_FILE_PART_BY_NAME:
err = gpgme_data_new_from_filepart (&data, longer_text_filename, 0,
strlen (text), strlen (text));
break;
case TEST_INOUT_MEM_FROM_INEXISTANT_FILE_PART:
err = gpgme_data_new_from_filepart (&data, missing_filename, 0,
strlen (text), strlen (text));
if (!err)
{
fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "
"file succeeded unexpectedly\n", __FILE__, __LINE__);
exit (1);
}
continue;
case TEST_INOUT_MEM_FROM_FILE_PART_BY_FP:
{
FILE *fp = fopen (longer_text_filename, "rb");
if (! fp)
{
fprintf (stderr, "%s:%d: fopen: %s\n", __FILE__, __LINE__,
strerror (errno));
exit (1);
}
err = gpgme_data_new_from_filepart (&data, 0, fp,
strlen (text), strlen (text));
}
break;
case TEST_END:
goto out;
case TEST_INITIALIZER:
/* Shouldn't happen. */
fprintf (stderr, "%s:%d: impossible condition\n", __FILE__, __LINE__);
exit (1);
}
fail_if_err (err);
read_test (round, data);
write_test (round, data);
gpgme_data_release (data);
}
out:
free (text_filename);
free (longer_text_filename);
return 0;
}
gboolean
fu_keyring_verify_file (FuKeyring *keyring,
const gchar *filename,
const gchar *signature,
GError **error)
{
FuKeyringPrivate *priv = GET_PRIVATE (keyring);
gboolean has_header;
gpgme_error_t rc;
gpgme_signature_t s;
gpgme_verify_result_t result;
g_auto(gpgme_data_t) data = NULL;
g_auto(gpgme_data_t) sig = NULL;
g_autoptr(GString) sig_v1 = NULL;
g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
g_return_val_if_fail (signature != NULL, FALSE);
/* setup context */
if (!fu_keyring_setup (keyring, error))
return FALSE;
/* has header already */
has_header = g_strstr_len (signature, -1, "BEGIN PGP SIGNATURE") != NULL;
/* load file data */
rc = gpgme_data_new_from_file (&data, filename, 1);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to load %s: %s",
filename, gpgme_strerror (rc));
return FALSE;
}
/* load signature */
sig_v1 = g_string_new ("");
if (!has_header) {
g_string_append (sig_v1, "-----BEGIN PGP SIGNATURE-----\n");
g_string_append (sig_v1, "Version: GnuPG v1\n\n");
}
g_string_append_printf (sig_v1, "%s\n", signature);
if (!has_header)
g_string_append (sig_v1, "-----END PGP SIGNATURE-----\n");
rc = gpgme_data_new_from_mem (&sig, sig_v1->str, sig_v1->len, 0);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to load signature %s: %s",
signature, gpgme_strerror (rc));
return FALSE;
}
/* verify */
rc = gpgme_op_verify (priv->ctx, sig, data, NULL);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to verify %s: %s",
filename, gpgme_strerror (rc));
return FALSE;
}
/* verify the result */
result = gpgme_op_verify_result (priv->ctx);
if (result == NULL) {
g_set_error_literal (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"no result record from libgpgme");
return FALSE;
}
/* look at each signature */
for (s = result->signatures; s != NULL ; s = s->next ) {
g_debug ("returned signature fingerprint %s", s->fpr);
if (!fu_keyring_check_signature (s, error))
return FALSE;
}
return TRUE;
}
int opkg_verify_gpg_signature(const char *file, const char *sigfile)
{
int status = -1;
int ret = -1;
gpgme_ctx_t ctx;
int have_ctx = 0;
gpgme_data_t sig, text, key;
int have_sig = 0, have_text = 0, have_key = 0;
gpgme_error_t err;
gpgme_verify_result_t result;
gpgme_signature_t s;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
char *trusted_path = NULL;
if (opkg_config->check_signature == 0)
return 0;
gpgme_check_version(NULL);
err = gpgme_new(&ctx);
if (err) {
opkg_msg(ERROR, "Unable to create gpgme context: %s\n",
gpg_strerror(err));
goto out_err;
}
have_ctx = 1;
err = gpgme_set_protocol(ctx, protocol);
if (err) {
opkg_msg(ERROR, "Unable to set gpgme protocol to OpenPGP: %s\n",
gpg_strerror(err));
goto out_err;
}
trusted_path = root_filename_alloc("/etc/opkg/trusted.gpg");
if (!trusted_path) {
opkg_msg(ERROR, "Out of memory!\n");
goto out_err;
}
err = gpgme_data_new_from_file(&key, trusted_path, 1);
if (err) {
opkg_msg(ERROR, "Unable to get data from file %s: %s\n", trusted_path,
gpg_strerror(err));
goto out_err;
}
have_key = 1;
err = gpgme_op_import(ctx, key);
if (err) {
opkg_msg(ERROR, "Unable to import key from file %s: %s\n", trusted_path,
gpg_strerror(err));
goto out_err;
}
err = gpgme_data_new_from_file(&sig, sigfile, 1);
if (err) {
opkg_msg(ERROR, "Unable to get data from file %s: %s\n", sigfile,
gpg_strerror(err));
goto out_err;
}
have_sig = 1;
err = gpgme_data_new_from_file(&text, file, 1);
if (err) {
opkg_msg(ERROR, "Unable to get data from file %s: %s\n", file,
gpg_strerror(err));
goto out_err;
}
have_text = 1;
err = gpgme_op_verify(ctx, sig, text, NULL);
if (err) {
opkg_msg(ERROR, "Unable to verify signature: %s\n", gpg_strerror(err));
goto out_err;
}
result = gpgme_op_verify_result(ctx);
if (!result) {
opkg_msg(ERROR, "Unable to get verification data: %s\n",
gpg_strerror(err));
goto out_err;
}
/* see if any of the signitures matched */
s = result->signatures;
while (s) {
status = gpg_err_code(s->status);
if (status == GPG_ERR_NO_ERROR) {
ret = 0;
break;
}
s = s->next;
}
out_err:
if (have_sig)
gpgme_data_release(sig);
if (have_text)
gpgme_data_release(text);
if (have_key)
gpgme_data_release(key);
if (trusted_path)
free(trusted_path);
if (have_ctx)
gpgme_release(ctx);
return ret;
}
