void doit (void) { gnutls_openpgp_keyring_t keyring; gnutls_datum_t data; int ret; ret = gnutls_global_init (); if (ret < 0) fail ("init %d\n", ret); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (2); ret = gnutls_global_init_extra (); if (ret < 0) fail ("extra-init %d\n", ret); ret = gnutls_openpgp_keyring_init (&keyring); if (ret < 0) fail ("keyring-init %d\n", ret); data.data = raw_keyring; data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]); ret = gnutls_openpgp_keyring_import (keyring, &data, GNUTLS_OPENPGP_FMT_RAW); if (ret < 0) fail ("keyring-import %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_not_in_keyring, 0); if (ret == 0) fail ("keyring-check-id (not-in-keyring) %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_in_keyring, 0); if (ret != 0) fail ("keyring-check-id first key %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id2_in_keyring, 0); if (ret != 0) fail ("keyring-check-id second key %d\n", ret); if (debug) success ("done\n"); gnutls_openpgp_keyring_deinit (keyring); gnutls_global_deinit (); }
/** * gnutls_openpgp_crt_verify_ring: * @key: the structure that holds the key. * @keyring: holds the keyring to check against * @flags: unused (should be 0) * @verify: will hold the certificate verification output. * * Verify all signatures in the key, using the given set of keys * (keyring). * * The key verification output will be put in @verify and will be one * or more of the #gnutls_certificate_status_t enumerated elements * bitwise or'd. * * %GNUTLS_CERT_INVALID: A signature on the key is invalid. * * %GNUTLS_CERT_REVOKED: The key has been revoked. * * Note that this function does not verify using any "web of trust". * You may use GnuPG for that purpose, or any other external PGP * application. * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, gnutls_openpgp_keyring_t keyring, unsigned int flags, unsigned int *verify) { gnutls_openpgp_keyid_t id; cdk_error_t rc; int status; if (!key || !keyring) { gnutls_assert (); return GNUTLS_E_NO_CERTIFICATE_FOUND; } *verify = 0; rc = cdk_pk_check_sigs (key->knode, keyring->db, &status); if (rc == CDK_Error_No_Key) { rc = GNUTLS_E_NO_CERTIFICATE_FOUND; gnutls_assert (); return rc; } else if (rc != CDK_Success) { _gnutls_x509_log ("cdk_pk_check_sigs: error %d\n", rc); rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } _gnutls_x509_log ("status: %x\n", status); if (status & CDK_KEY_INVALID) *verify |= GNUTLS_CERT_INVALID; if (status & CDK_KEY_REVOKED) *verify |= GNUTLS_CERT_REVOKED; if (status & CDK_KEY_NOSIGNER) *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND; /* Check if the key is included in the ring. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) { rc = gnutls_openpgp_crt_get_key_id (key, id); if (rc < 0) { gnutls_assert (); return rc; } rc = gnutls_openpgp_keyring_check_id (keyring, id, 0); /* If it exists in the keyring don't treat it as unknown. */ if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; } return 0; }