/**
* gnutls_openpgp_keyring_get_crt_count:
* @ring: is an OpenPGP key ring
*
* This function will return the number of OpenPGP certificates
* present in the given keyring.
*
* Returns: the number of subkeys, or a negative error code on error.
**/
int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t ring)
{
cdk_kbnode_t knode;
cdk_error_t err;
cdk_keydb_search_t st;
int ret = 0;
err =
cdk_keydb_search_start(&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
if (err != CDK_Success) {
gnutls_assert();
return _gnutls_map_cdk_rc(err);
}
do {
err = cdk_keydb_search(st, ring->db, &knode);
if (err != CDK_Error_No_Key && err != CDK_Success) {
gnutls_assert();
cdk_keydb_search_release(st);
return _gnutls_map_cdk_rc(err);
}
if (knode_is_pkey(knode))
ret++;
cdk_kbnode_release(knode);
}
while (err != CDK_Error_No_Key);
cdk_keydb_search_release(st);
return ret;
}
cdk_error_t
cdk_keydb_get_pk( cdk_keydb_hd_t hd, u32 * keyid, cdk_pkt_pubkey_t* r_pk )
{
cdk_kbnode_t knode = NULL, node = NULL;
cdk_pkt_pubkey_t pk = NULL;
int rc = 0;
if( !keyid || !r_pk )
return CDK_Inv_Value;
if( !hd )
return CDK_Error_No_Keyring;
rc = cdk_keydb_search_start( hd, !keyid[0]?
CDK_DBSEARCH_SHORT_KEYID : CDK_DBSEARCH_KEYID,
keyid );
if( !rc )
rc = cdk_keydb_search( hd, &knode );
if( rc )
goto leave;
node = keydb_find_bykeyid( knode, keyid );
if( !node ) {
rc = CDK_Error_No_Key;
goto leave;
}
_cdk_copy_pubkey( &pk, node->pkt->pkt.public_key );
cdk_kbnode_release( knode );
leave:
*r_pk = pk;
return rc;
}
int
_cdk_keydb_get_sk_byusage( cdk_keydb_hd_t hd, const char * name,
cdk_pkt_seckey_t* ret_sk, int usage )
{
cdk_kbnode_t knode = NULL, node = NULL;
cdk_pkt_seckey_t sk = NULL;
int rc = 0;
if( !ret_sk || !usage )
return CDK_Inv_Value;
if( !hd )
return CDK_Error_No_Keyring;
rc = cdk_keydb_search_start( hd, CDK_DBSEARCH_AUTO, (char *)name );
if( !rc )
rc = cdk_keydb_search( hd, &knode );
if( rc )
goto leave;
node = keydb_find_byusage( knode, usage, 0 );
if( !node ) {
rc = CDK_Unusable_Key;
goto leave;
}
sk = node->pkt->pkt.secret_key;
_cdk_kbnode_clone( node );
cdk_kbnode_release( knode );
leave:
*ret_sk = sk;
return rc;
}
cdk_error_t
cdk_keydb_get_byfpr( cdk_keydb_hd_t hd, const byte * fpr, cdk_kbnode_t * r_pk )
{
int rc;
if( !hd || !fpr || !r_pk )
return CDK_Inv_Value;
rc = cdk_keydb_search_start( hd, CDK_DBSEARCH_FPR, (byte *)fpr );
if( !rc )
rc = cdk_keydb_search( hd, r_pk );
return rc;
}
cdk_error_t
cdk_keydb_get_bykeyid( cdk_keydb_hd_t hd, u32 * keyid, cdk_kbnode_t * ret_pk )
{
int rc;
if( !hd || !keyid || !ret_pk )
return CDK_Inv_Value;
rc = cdk_keydb_search_start( hd, CDK_DBSEARCH_KEYID, keyid );
if( !rc )
rc = cdk_keydb_search( hd, ret_pk );
return rc;
}
cdk_error_t
cdk_keydb_get_bypattern( cdk_keydb_hd_t hd, const char * patt,
cdk_kbnode_t * ret_pk )
{
int rc;
if( !hd || !patt || !ret_pk )
return CDK_Inv_Value;
rc = cdk_keydb_search_start( hd, CDK_DBSEARCH_SUBSTR, (char *)patt );
if( !rc )
rc = cdk_keydb_search( hd, ret_pk );
return rc;
}
/**
* gnutls_openpgp_keyring_get_crt:
* @ring: Holds the keyring.
* @idx: the index of the certificate to export
* @cert: An uninitialized #gnutls_openpgp_crt_t structure
*
* This function will extract an OpenPGP certificate from the given
* keyring. If the index given is out of range
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. The
* returned structure needs to be deinited.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
unsigned int idx, gnutls_openpgp_crt_t * cert)
{
cdk_kbnode_t knode;
cdk_error_t err;
int ret = 0;
unsigned int count = 0;
cdk_keydb_search_t st;
err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
if (err != CDK_Success)
{
gnutls_assert ();
return _gnutls_map_cdk_rc (err);
}
do
{
err = cdk_keydb_search (st, ring->db, &knode);
if (err != CDK_EOF && err != CDK_Success)
{
gnutls_assert ();
cdk_keydb_search_release (st);
return _gnutls_map_cdk_rc (err);
}
if (idx == count && err == CDK_Success)
{
ret = gnutls_openpgp_crt_init (cert);
if (ret == 0)
(*cert)->knode = knode;
cdk_keydb_search_release (st);
return ret;
}
if (knode_is_pkey (knode))
count++;
cdk_kbnode_release (knode);
}
while (err != CDK_EOF);
cdk_keydb_search_release (st);
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
int
_cdk_keydb_get_pk_byusage( cdk_keydb_hd_t hd, const char * name,
cdk_pkt_pubkey_t* ret_pk, int usage )
{
cdk_kbnode_t knode, node = NULL;
cdk_pkt_pubkey_t pk = NULL;
const char * s;
int rc = 0;
if( !ret_pk || !usage )
return CDK_Inv_Value;
if( !hd )
return CDK_Error_No_Keyring;
rc = cdk_keydb_search_start( hd, CDK_DBSEARCH_AUTO, (char *)name );
if( !rc )
rc = cdk_keydb_search( hd, &knode );
if( rc )
goto leave;
node = keydb_find_byusage( knode, usage, 1 );
if( !node ) {
rc = CDK_Unusable_Key;
goto leave;
}
_cdk_copy_pubkey( &pk, node->pkt->pkt.public_key );
for( node = knode; node; node = node->next ) {
if( node->pkt->pkttype == CDK_PKT_USER_ID ) {
s = node->pkt->pkt.user_id->name;
if( pk && !pk->uid && _cdk_memistr( s, strlen( s ), name ) ) {
_cdk_copy_userid( &pk->uid, node->pkt->pkt.user_id );
break;
}
}
}
cdk_kbnode_release( knode );
leave:
*ret_pk = pk;
return rc;
}
cdk_error_t
cdk_keydb_export( cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr )
{
cdk_kbnode_t knode, node;
cdk_strlist_t r;
int old_ctb = 0;
int rc = 0;
for( r = remusr; r; r = r->next ) {
rc = cdk_keydb_search_start( hd, CDK_DBSEARCH_AUTO, r->d );
if( !rc )
rc = cdk_keydb_search( hd, &knode );
if( rc )
break;
for( node = knode; node; node = node->next ) {
/* those packets are not intended for the real wolrd */
if( node->pkt->pkttype == CDK_PKT_RING_TRUST )
continue;
/* we never export local signed signatures */
if( node->pkt->pkttype == CDK_PKT_SIGNATURE &&
!node->pkt->pkt.signature->flags.exportable )
continue;
/* filter out invalid signatures */
if( node->pkt->pkttype == CDK_PKT_SIGNATURE
&& !KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo) )
continue;
if( node->pkt->pkttype == CDK_PKT_PUBLIC_KEY
&& node->pkt->pkt.public_key->version == 3 )
old_ctb = 1;
node->pkt->old_ctb = old_ctb;
rc = cdk_pkt_write( out, node->pkt );
if( rc )
break;
}
cdk_kbnode_release( knode );
knode = NULL;
}
return rc;
}
/*-
* gnutls_openpgp_get_key - Retrieve a key from the keyring.
* @key: the destination context to save the key.
* @keyring: the datum struct that contains all keyring information.
* @attr: The attribute (keyid, fingerprint, ...).
* @by: What attribute is used.
*
* This function can be used to retrieve keys by different pattern
* from a binary or a file keyring.
-*/
int
gnutls_openpgp_get_key (gnutls_datum_t * key,
gnutls_openpgp_keyring_t keyring, key_attr_t by,
opaque * pattern)
{
cdk_kbnode_t knode = NULL;
unsigned long keyid[2];
unsigned char *buf;
void *desc;
size_t len;
int rc = 0;
cdk_keydb_search_t st;
if (!key || !keyring || by == KEY_ATTR_NONE)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
memset (key, 0, sizeof *key);
if (by == KEY_ATTR_SHORT_KEYID)
{
keyid[0] = _gnutls_read_uint32 (pattern);
desc = keyid;
}
else if (by == KEY_ATTR_KEYID)
{
keyid[0] = _gnutls_read_uint32 (pattern);
keyid[1] = _gnutls_read_uint32 (pattern + 4);
desc = keyid;
}
else
desc = pattern;
rc = cdk_keydb_search_start (&st, keyring->db, by, desc);
if (!rc)
rc = cdk_keydb_search (st, keyring->db, &knode);
cdk_keydb_search_release (st);
if (rc)
{
rc = _gnutls_map_cdk_rc (rc);
goto leave;
}
if (!cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY))
{
rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
goto leave;
}
/* We let the function allocate the buffer to avoid
to call the function twice. */
rc = cdk_kbnode_write_to_mem_alloc (knode, &buf, &len);
if (!rc)
datum_append (key, buf, len);
gnutls_free (buf);
leave:
cdk_kbnode_release (knode);
return rc;
}
