/* idx == -1 indicates main key * otherwise the subkey. */ static void print_key_fingerprint(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) { uint8_t fpr[128]; size_t fpr_size = sizeof(fpr); int err; const char *name; char *p; unsigned int bits; err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size); if (err < 0) addf(str, "error: get_fingerprint: %s\n", gnutls_strerror(err)); else { adds(str, _("\tFingerprint (hex): ")); _gnutls_buffer_hexprint(str, fpr, fpr_size); addf(str, "\n"); } err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits); if (err < 0) return; name = gnutls_pk_get_name(err); if (name == NULL) return; p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits, "\t\t"); if (p == NULL) return; adds(str, _("\tFingerprint's random art:\n")); adds(str, p); adds(str, "\n"); gnutls_free(p); }
static void print_key_info(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) { int err; unsigned int bits; if (idx == -1) err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits); else err = gnutls_openpgp_crt_get_subkey_pk_algorithm(cert, idx, &bits); if (err < 0) addf(str, "error: get_pk_algorithm: %s\n", gnutls_strerror(err)); else { const char *name = gnutls_pk_algorithm_get_name(err); if (name == NULL) name = _("unknown"); addf(str, _("\tPublic Key Algorithm: %s\n"), name); addf(str, _("\tKey Security Level: %s\n"), gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param (err, bits))); switch (err) { case GNUTLS_PK_RSA: { gnutls_datum_t m, e; if (idx == -1) err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e); else err = gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e); if (err < 0) addf(str, "error: get_pk_rsa_raw: %s\n", gnutls_strerror(err)); else { addf(str, _("\t\tModulus (bits %d):\n"), bits); _gnutls_buffer_hexdump(str, m.data, m.size, "\t\t\t"); adds(str, _("\t\tExponent:\n")); _gnutls_buffer_hexdump(str, e.data, e.size, "\t\t\t"); gnutls_free(m.data); gnutls_free(e.data); } } break; case GNUTLS_PK_DSA: { gnutls_datum_t p, q, g, y; if (idx == -1) err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y); else err = gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q, &g, &y); if (err < 0) addf(str, "error: get_pk_dsa_raw: %s\n", gnutls_strerror(err)); else { addf(str, _ ("\t\tPublic key (bits %d):\n"), bits); _gnutls_buffer_hexdump(str, y.data, y.size, "\t\t\t"); adds(str, _("\t\tP:\n")); _gnutls_buffer_hexdump(str, p.data, p.size, "\t\t\t"); adds(str, _("\t\tQ:\n")); _gnutls_buffer_hexdump(str, q.data, q.size, "\t\t\t"); adds(str, _("\t\tG:\n")); _gnutls_buffer_hexdump(str, g.data, g.size, "\t\t\t"); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(g.data); gnutls_free(y.data); } } break; default: break; } } }
static void print_oneline(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) { int err, i; i = 0; do { char *dn; size_t dn_size = 0; err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size); if (err != GNUTLS_E_SHORT_MEMORY_BUFFER && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && err != GNUTLS_E_OPENPGP_UID_REVOKED) addf(str, "unknown name (%s), ", gnutls_strerror(err)); else { dn = gnutls_malloc(dn_size); if (!dn) addf(str, "unknown name (%s), ", gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); else { err = gnutls_openpgp_crt_get_name(cert, i, dn, &dn_size); if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && err != GNUTLS_E_OPENPGP_UID_REVOKED) addf(str, "unknown name (%s), ", gnutls_strerror(err)); else if (err >= 0) addf(str, _("name[%d]: %s, "), i, dn); else if (err == GNUTLS_E_OPENPGP_UID_REVOKED) addf(str, _("revoked name[%d]: %s, "), i, dn); gnutls_free(dn); } } i++; } while (err >= 0); { char fpr[128]; size_t fpr_size = sizeof(fpr); int err; err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size); if (err < 0) addf(str, "error: get_fingerprint: %s\n", gnutls_strerror(err)); else { adds(str, _("fingerprint: ")); _gnutls_buffer_hexprint(str, fpr, fpr_size); addf(str, ", "); } } { time_t tim; tim = gnutls_openpgp_crt_get_creation_time(cert); { char s[42]; size_t max = sizeof(s); struct tm t; if (gmtime_r(&tim, &t) == NULL) addf(str, "error: gmtime_r (%ld), ", (unsigned long) tim); else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) addf(str, "error: strftime (%ld), ", (unsigned long) tim); else addf(str, _("created: %s, "), s); } tim = gnutls_openpgp_crt_get_expiration_time(cert); { char s[42]; size_t max = sizeof(s); struct tm t; if (tim == 0) adds(str, _("never expires, ")); else { if (gmtime_r(&tim, &t) == NULL) addf(str, "error: gmtime_r (%ld), ", (unsigned long) tim); else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) addf(str, "error: strftime (%ld), ", (unsigned long) tim); else addf(str, _("expires: %s, "), s); } } } { unsigned int bits = 0; gnutls_pk_algorithm_t algo = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits); const char *algostr = gnutls_pk_algorithm_get_name(algo); if (algostr) addf(str, _("key algorithm %s (%d bits)"), algostr, bits); else addf(str, _("unknown key algorithm (%d)"), algo); } }
/* Converts a parsed gnutls_openpgp_crt_t to a gnutls_cert structure. */ int _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) { int ret; gnutls_openpgp_keyid_t keyid; char err_buf[33]; memset (gcert, 0, sizeof (gnutls_cert)); gcert->cert_type = GNUTLS_CRT_OPENPGP; gcert->version = gnutls_openpgp_crt_get_version (cert); gcert->params_size = MAX_PUBLIC_PARAMS_SIZE; ret = gnutls_openpgp_crt_get_preferred_key_id (cert, keyid); if (ret == 0) { int idx; uint32_t kid32[2]; _gnutls_debug_log ("Importing Openpgp cert and using openpgp sub key: %s\n", _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf))); KEYID_IMPORT (kid32, keyid); idx = gnutls_openpgp_crt_get_subkey_idx (cert, keyid); if (idx < 0) { gnutls_assert (); return idx; } gcert->subject_pk_algorithm = gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL); gnutls_openpgp_crt_get_subkey_usage (cert, idx, &gcert->key_usage); gcert->use_subkey = 1; memcpy (gcert->subkey_id, keyid, sizeof (keyid)); ret = _gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params, &gcert->params_size); } else { _gnutls_debug_log ("Importing Openpgp cert and using main openpgp key\n"); gcert->subject_pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (cert, NULL); gnutls_openpgp_crt_get_key_usage (cert, &gcert->key_usage); ret = _gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params, &gcert->params_size); gcert->use_subkey = 0; } if (ret < 0) { gnutls_assert (); return ret; } { /* copy the raw certificate */ #define SMALL_RAW 512 opaque *raw; size_t raw_size = SMALL_RAW; /* initially allocate a bogus size, just in case the certificate * fits in it. That way we minimize the DER encodings performed. */ raw = gnutls_malloc (raw_size); if (raw == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } ret = gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw, &raw_size); if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { gnutls_assert (); gnutls_free (raw); return ret; } if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { raw = gnutls_realloc (raw, raw_size); if (raw == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } ret = gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw, &raw_size); if (ret < 0) { gnutls_assert (); gnutls_free (raw); return ret; } } gcert->raw.data = raw; gcert->raw.size = raw_size; } return 0; }