Exemplo n.º 1
0
gpgme_data_t sgpgme_data_from_mimeinfo(MimeInfo *mimeinfo)
{
	gpgme_data_t data = NULL;
	gpgme_error_t err;
	FILE *fp = g_fopen(mimeinfo->data.filename, "rb");
	gchar *tmp_file = NULL;

	if (!fp) 
		return NULL;

	tmp_file = get_tmp_file();
	copy_file_part(fp, mimeinfo->offset, mimeinfo->length, tmp_file);
	fclose(fp);
	fp = NULL;
	debug_print("tmp file %s\n", tmp_file);
	
	err = gpgme_data_new_from_file(&data, tmp_file, 1);
	claws_unlink(tmp_file);
	g_free(tmp_file);

	debug_print("data %p (%d %d)\n", (void *)&data, mimeinfo->offset, mimeinfo->length);
	if (err) {
		debug_print ("gpgme_data_new_from_file failed: %s\n",
			     gpgme_strerror (err));
		privacy_set_error(_("Couldn't get data from message, %s"), gpgme_strerror(err));
		return NULL;
	}
	return data;
}
Exemplo n.º 2
0
int
main (int argc, char **argv)
{
  int last_argc = -1;
  gpgme_error_t err;
  int anyerr = 0;
  gpgme_data_t data;
  gpgme_data_type_t dt;

  if (argc)
    { argc--; argv++; }
  while (argc && last_argc != argc )
    {
      last_argc = argc;
      if (!strcmp (*argv, "--"))
        {
          argc--; argv++;
          break;
        }
      else if (!strcmp (*argv, "--help"))
        show_usage (0);
      else if (!strcmp (*argv, "--verbose"))
        {
          verbose = 1;
          argc--; argv++;
        }
      else if (!strncmp (*argv, "--", 2))
        show_usage (1);

    }

  init_gpgme (GPGME_PROTOCOL_OpenPGP);

  for (; argc; argc--, argv++)
    {
      if (verbose)
        printf ("reading file `%s'\n", *argv);
      err = gpgme_data_new_from_file (&data, *argv, 1);
      if (err)
        {
          fprintf (stderr, PGM ": error reading '%s': %s\n",
                   *argv, gpg_strerror (err));
          anyerr = 1;
        }
      else
        {
          dt = gpgme_data_identify (data, 0);
          if (dt == GPGME_DATA_TYPE_INVALID)
            anyerr = 1;
          printf ("%s: %s\n", *argv, data_type_to_string (dt));
          gpgme_data_release (data);
        }
    }

  return anyerr;
}
Exemplo n.º 3
0
gboolean
fu_keyring_add_public_key (FuKeyring *keyring, const gchar *filename, GError **error)
{
	FuKeyringPrivate *priv = GET_PRIVATE (keyring);
	gpgme_error_t rc;
	gpgme_import_result_t result;
	gpgme_import_status_t s;
	g_auto(gpgme_data_t) data = NULL;

	g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE);
	g_return_val_if_fail (filename != NULL, FALSE);

	/* import public key */
	g_debug ("Adding public key %s", filename);
	rc = gpgme_data_new_from_file (&data, filename, 1);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     FWUPD_ERROR,
			     FWUPD_ERROR_INTERNAL,
			     "failed to load %s: %s",
			     filename, gpgme_strerror (rc));
		return FALSE;
	}
	rc = gpgme_op_import (priv->ctx, data);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     FWUPD_ERROR,
			     FWUPD_ERROR_INTERNAL,
			     "failed to import %s: %s",
			     filename, gpgme_strerror (rc));
		return FALSE;
	}

	/* print what keys were imported */
	result = gpgme_op_import_result (priv->ctx);
	for (s = result->imports; s != NULL; s = s->next) {
		g_debug ("importing key %s [%u] %s",
			 s->fpr, s->status, gpgme_strerror (s->result));
	}

	/* make sure keys were really imported */
	if (result->imported == 0 && result->unchanged == 0) {
		g_debug("imported: %d, unchanged: %d, not_imported: %d",
			result->imported,
			result->unchanged,
			result->not_imported);
		g_set_error (error,
			     FWUPD_ERROR,
			     FWUPD_ERROR_INTERNAL,
			     "key import failed %s",
			     filename);
		return FALSE;
	}
	return TRUE;
}
Exemplo n.º 4
0
Arquivo: t-import.c Projeto: gpg/gpgme
int 
main (int argc, char **argv)
{
  gpgme_ctx_t ctx;
  gpgme_error_t err;
  gpgme_data_t in;
  gpgme_import_result_t result;
  char *cert_1 = make_filename ("cert_dfn_pca01.der");
  char *cert_2 = make_filename ("cert_dfn_pca15.der");

  init_gpgme (GPGME_PROTOCOL_CMS);

  err = gpgme_new (&ctx);
  fail_if_err (err);
  
  gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);

  err = gpgme_data_new_from_file (&in, cert_1, 1);
  free (cert_1);
  fail_if_err (err);

  err = gpgme_op_import (ctx, in);
  fail_if_err (err);
  result = gpgme_op_import_result (ctx);
  check_result (result, "DFA56FB5FC41E3A8921F77AD1622EEFD9152A5AD", 1, 1);
  gpgme_data_release (in);

  err = gpgme_data_new_from_file (&in, cert_2, 1);
  free (cert_2);
  fail_if_err (err);

  err = gpgme_op_import (ctx, in);
  fail_if_err (err);
  result = gpgme_op_import_result (ctx);
  check_result (result, "2C8F3C356AB761CB3674835B792CDA52937F9285", 1, 2);
  gpgme_data_release (in);

  gpgme_release (ctx);
  return 0;
}
Exemplo n.º 5
0
Arquivo: t-import.c Projeto: gpg/gpgme
int
main (int argc, char *argv[])
{
    gpgme_ctx_t ctx;
    gpgme_error_t err;
    gpgme_data_t in;
    gpgme_import_result_t result;
    char *pubkey_1_asc = make_filename ("pubkey-1.asc");
    char *seckey_1_asc = make_filename ("seckey-1.asc");

    init_gpgme (GPGME_PROTOCOL_OpenPGP);

    err = gpgme_new (&ctx);
    fail_if_err (err);

    err = gpgme_data_new_from_file (&in, pubkey_1_asc, 1);
    free (pubkey_1_asc);
    fail_if_err (err);

    err = gpgme_op_import (ctx, in);
    fail_if_err (err);
    result = gpgme_op_import_result (ctx);
    check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 0);
    gpgme_data_release (in);

    err = gpgme_data_new_from_file (&in, seckey_1_asc, 1);
    free (seckey_1_asc);
    fail_if_err (err);

    err = gpgme_op_import (ctx, in);
    fail_if_err (err);
    result = gpgme_op_import_result (ctx);
    check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 1);
    gpgme_data_release (in);

    gpgme_release (ctx);
    return 0;
}
Exemplo n.º 6
0
int
main (int argc, char *argv[])
{
  gpgme_ctx_t ctx;
  gpgme_error_t err;
  gpgme_data_t in, out;
  gpgme_decrypt_result_t decrypt_result;
  gpgme_verify_result_t verify_result;
  char *cipher_2_asc = make_filename ("cipher-2.asc");
  char *agent_info;

  init_gpgme (GPGME_PROTOCOL_OpenPGP);

  err = gpgme_new (&ctx);
  fail_if_err (err);

  agent_info = getenv("GPG_AGENT_INFO");
  if (!(agent_info && strchr (agent_info, ':')))
    gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);

  err = gpgme_data_new_from_file (&in, cipher_2_asc, 1);
  free (cipher_2_asc);
  fail_if_err (err);
  err = gpgme_data_new (&out);
  fail_if_err (err);

  err = gpgme_op_decrypt_verify (ctx, in, out);
  fail_if_err (err);
  decrypt_result = gpgme_op_decrypt_result (ctx);
  if (decrypt_result->unsupported_algorithm)
    {
      fprintf (stderr, "%s:%i: unsupported algorithm: %s\n",
	       __FILE__, __LINE__, decrypt_result->unsupported_algorithm);
      exit (1);
    }
  print_data (out);
  verify_result = gpgme_op_verify_result (ctx);
  check_verify_result (verify_result, 0,
		       "A0FF4590BB6122EDEF6E3C542D727CC768697734",
		       GPG_ERR_NO_ERROR);

  gpgme_data_release (in);
  gpgme_data_release (out);
  gpgme_release (ctx);
  return 0;
}
Exemplo n.º 7
0
int 
main (int argc, char *argv[])
{
  gpgme_ctx_t ctx;
  gpgme_error_t err;
  gpgme_data_t in, out;
  gpgme_decrypt_result_t result;
  char *cipher_1_asc = make_filename ("cipher-1.asc");
  char *agent_info;

  init_gpgme (GPGME_PROTOCOL_OpenPGP);

  err = gpgme_new (&ctx);
  fail_if_err (err);

  agent_info = getenv("GPG_AGENT_INFO");
  if (!(agent_info && strchr (agent_info, ':')))
    gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL);

  err = gpgme_data_new_from_file (&in, cipher_1_asc, 1);
  free (cipher_1_asc);
  fail_if_err (err);

  err = gpgme_data_new (&out);
  fail_if_err (err);
  
  err = gpgme_op_decrypt (ctx, in, out);
  fail_if_err (err);
  result = gpgme_op_decrypt_result (ctx);
  if (result->unsupported_algorithm)
    {
      fprintf (stderr, "%s:%i: unsupported algorithm: %s\n",
	       __FILE__, __LINE__, result->unsupported_algorithm);
      exit (1);
    }
  print_data (out);
   
  gpgme_data_release (in);
  gpgme_data_release (out);
  gpgme_release (ctx);
  return 0;
}
Exemplo n.º 8
0
void import (
  gpgme_ctx_t * context,
  telem_gpg_opts * options,
  int num_keys,
  char ** key_path
  )
{
  gpgme_error_t err;
  int url_mode = 0;
  int nul_mode = 0;
  gpgme_import_result_t impres;
  gpgme_data_t data;

  for (; num_keys; --num_keys, key_path++)
    {
      printf ("reading file `%s'\n", *key_path);
      err = gpgme_data_new_from_file(&data, *key_path, 1);
      fail_if_err(err);

      if (url_mode)
        gpgme_data_set_encoding(
          data,
          (nul_mode? GPGME_DATA_ENCODING_URL0 : GPGME_DATA_ENCODING_URL)
        );

      err = gpgme_op_import(*context, data);
      fail_if_err(err);
      impres = gpgme_op_import_result(*context);
      if (!impres)
        {
          fprintf(stderr, "No import result returned\n");
          exit(1);
        }
      print_import_result(impres);

      gpgme_data_release(data);
    }
}
Exemplo n.º 9
0
int
opkg_verify_file (char *text_file, char *sig_file)
{
#if defined HAVE_GPGME
    if (conf->check_signature == 0 )
        return 0;
    int status = -1;
    gpgme_ctx_t ctx;
    gpgme_data_t sig, text, key;
    gpgme_error_t err;
    gpgme_verify_result_t result;
    gpgme_signature_t s;
    char *trusted_path = NULL;

    gpgme_check_version (NULL);

    err = gpgme_new (&ctx);

    if (err)
	return -1;

    sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg");
    err = gpgme_data_new_from_file (&key, trusted_path, 1);
    free (trusted_path);
    if (err)
    {
      return -1;
    }
    err = gpgme_op_import (ctx, key);
    if (err)
    {
      gpgme_data_release (key);
      return -1;
    }
    gpgme_data_release (key);

    err = gpgme_data_new_from_file (&sig, sig_file, 1);
    if (err)
    {
	gpgme_release (ctx);
	return -1;
    }

    err = gpgme_data_new_from_file (&text, text_file, 1);
    if (err)
    {
        gpgme_data_release (sig);
	gpgme_release (ctx);
	return -1;
    }

    err = gpgme_op_verify (ctx, sig, text, NULL);

    result = gpgme_op_verify_result (ctx);
    if (!result)
	return -1;

    /* see if any of the signitures matched */
    s = result->signatures;
    while (s)
    {
	status = gpg_err_code (s->status);
	if (status == GPG_ERR_NO_ERROR)
	    break;
	s = s->next;
    }


    gpgme_data_release (sig);
    gpgme_data_release (text);
    gpgme_release (ctx);

    return status;
#elif defined HAVE_OPENSSL
    X509_STORE *store = NULL;
    PKCS7 *p7 = NULL;
    BIO *in = NULL, *indata = NULL;

    // Sig check failed by default !
    int status = -1;

    openssl_init();

    // Set-up the key store
    if(!(store = setup_verify(conf->signature_ca_file, conf->signature_ca_path))){
        opkg_msg(ERROR, "Can't open CA certificates.\n");
        goto verify_file_end;
    }

    // Open a BIO to read the sig file
    if (!(in = BIO_new_file(sig_file, "rb"))){
        opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file);
        goto verify_file_end;
    }

    // Read the PKCS7 block contained in the sig file
    p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
    if(!p7){
        opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n",
		sig_file);
        goto verify_file_end;
    }
#if defined(HAVE_PATHFINDER)
    if(conf->check_x509_path){
	if(!pkcs7_pathfinder_verify_signers(p7)){
	    opkg_msg(ERROR, "pkcs7_pathfinder_verify_signers: "
		    "Path verification failed.\n");
	    goto verify_file_end;
	}
    }
#endif

    // Open the Package file to authenticate
    if (!(indata = BIO_new_file(text_file, "rb"))){
        opkg_msg(ERROR, "Can't open file %s.\n", text_file);
        goto verify_file_end;
    }

    // Let's verify the autenticity !
    if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){
        // Get Off My Lawn!
        opkg_msg(ERROR, "Verification failure.\n");
    }else{
        // Victory !
        status = 0;
    }

verify_file_end:
    BIO_free(in);
    BIO_free(indata);
    PKCS7_free(p7);
    X509_STORE_free(store);

    return status;
#else
    /* mute `unused variable' warnings. */
    (void) sig_file;
    (void) text_file;
    (void) conf;
    return 0;
#endif
}
Exemplo n.º 10
0
GpgME::Data::Data( const char * filename ) {
  gpgme_data_t data;
  const gpgme_error_t e = gpgme_data_new_from_file( &data, filename, 1 );
  d = new Private( e ? 0 : data );
  d->ref();
}
Exemplo n.º 11
0
int
main (int argc, char **argv)
{
  int last_argc = -1;
  gpgme_error_t err;
  gpgme_ctx_t ctx;
  const char *key_string = NULL;
  gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
  gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_CLEAR;
  gpgme_data_t in, out;

  if (argc)
    { argc--; argv++; }

  while (argc && last_argc != argc )
    {
      last_argc = argc;
      if (!strcmp (*argv, "--"))
        {
          argc--; argv++;
          break;
        }
      else if (!strcmp (*argv, "--help"))
        show_usage (0);
      else if (!strcmp (*argv, "--key"))
        {
          argc--; argv++;
          if (!argc)
            show_usage (1);
          key_string = *argv;
          argc--; argv++;
        }
      else if (!strncmp (*argv, "--", 2))
        show_usage (1);

    }

  if (argc != 1)
    show_usage (1);

  init_gpgme (protocol);

  err = gpgme_new (&ctx);
  fail_if_err (err);
  gpgme_set_protocol (ctx, protocol);
  gpgme_set_armor (ctx, 1);

  if (key_string)
    {
      gpgme_key_t akey;

      err = gpgme_get_key (ctx, key_string, &akey, 1);
      if (err)
        {
          exit (1);
        }
      err = gpgme_signers_add (ctx, akey);
      fail_if_err (err);
      gpgme_key_unref (akey);
    }

  err = gpgme_data_new_from_file (&in, *argv, 1);
  if (err)
    {
      fprintf (stderr, PGM ": error reading `%s': %s\n",
               *argv, gpg_strerror (err));
      exit (1);
    }

  err = gpgme_data_new (&out);
  fail_if_err (err);

  err = gpgme_op_sign (ctx, in, out, sigmode);
  if (err)
    {
      fprintf (stderr, PGM ": signing failed: %s\n", gpg_strerror (err));
      exit (1);
    }

  print_data (out);
  gpgme_data_release (out);

  gpgme_data_release (in);

  gpgme_release (ctx);
  return 0;
}
Exemplo n.º 12
0
gboolean
zif_utils_gpg_verify (const gchar *filename,
		      const gchar *filename_gpg,
		      GError **error)
{
	gboolean ret = FALSE;
	gpgme_ctx_t ctx = NULL;
	gpgme_data_t repomd_gpg = NULL;
	gpgme_data_t repomd = NULL;
	gpgme_error_t rc;
	gpgme_signature_t s;
	gpgme_verify_result_t result;

	/* check version */
	gpgme_check_version (NULL);

	/* startup gpgme */
	rc = gpg_err_init ();
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     ZIF_UTILS_ERROR,
			     ZIF_UTILS_ERROR_FAILED,
			     "failed to startup GPG: %s",
			     gpgme_strerror (rc));
		goto out;
	}

	/* create a new GPG context */
	rc = gpgme_new (&ctx);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     ZIF_UTILS_ERROR,
			     ZIF_UTILS_ERROR_FAILED,
			     "failed to create context: %s",
			     gpgme_strerror (rc));
		goto out;
	}

	/* set the protocol */
	rc = gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     ZIF_UTILS_ERROR,
			     ZIF_UTILS_ERROR_FAILED,
			     "failed to set protocol: %s",
			     gpgme_strerror (rc));
		goto out;
	}

	/* enable armor mode */
	gpgme_set_armor (ctx, TRUE);

	/* load file */
	rc = gpgme_data_new_from_file (&repomd, filename, 1);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     ZIF_UTILS_ERROR,
			     ZIF_UTILS_ERROR_FAILED,
			     "failed to load repomd: %s",
			     gpgme_strerror (rc));
		goto out;
	}

	/* load signature */
	rc = gpgme_data_new_from_file (&repomd_gpg, filename_gpg, 1);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     ZIF_UTILS_ERROR,
			     ZIF_UTILS_ERROR_FAILED,
			     "failed to load repomd.asc: %s",
			     gpgme_strerror (rc));
		goto out;
	}

	/* verify the repodata.xml */
	g_debug ("verifying %s with %s", filename, filename_gpg);
	rc = gpgme_op_verify (ctx, repomd_gpg, repomd, NULL);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     ZIF_UTILS_ERROR,
			     ZIF_UTILS_ERROR_FAILED,
			     "failed to verify: %s",
			     gpgme_strerror (rc));
		goto out;
	}

	/* verify the result */
	result = gpgme_op_verify_result (ctx);
	if (result == NULL) {
		g_set_error_literal (error,
				     ZIF_UTILS_ERROR,
				     ZIF_UTILS_ERROR_FAILED,
				     "no result record from libgpgme");
		goto out;
	}

	/* look at each signature */
	for (s = result->signatures; s != NULL ; s = s->next ) {
		ret = zif_utils_gpg_check_signature (s, error);
		if (!ret)
			goto out;
	}

	/* success */
	ret = TRUE;
out:
	if (ctx != NULL)
		gpgme_release (ctx);
	gpgme_data_release (repomd_gpg);
	gpgme_data_release (repomd);
	return ret;
}
Exemplo n.º 13
0
Arquivo: t-data.c Projeto: gpg/gpgme
int
main (int argc, char **argv)
{
  round_t round = TEST_INITIALIZER;
  char *text_filename = make_filename ("t-data-1.txt");
  char *longer_text_filename = make_filename ("t-data-2.txt");
  const char *missing_filename = "this-file-surely-does-not-exist";
  gpgme_error_t err = 0;
  gpgme_data_t data;

  while (++round)
    {
      switch (round)
	{
	case TEST_INVALID_ARGUMENT:
	  err = gpgme_data_new (NULL);
	  if (!err)
	    {
	      fprintf (stderr, "%s:%d: gpgme_data_new on NULL pointer succeeded "
		       "unexpectedly\n", __FILE__, __LINE__);
	      exit (1);
	    }
	  continue;
	case TEST_INOUT_NONE:
	  err = gpgme_data_new (&data);
	  break;
	case TEST_INOUT_MEM_NO_COPY:
	  err = gpgme_data_new_from_mem (&data, text, strlen (text), 0);
	  break;
	case TEST_INOUT_MEM_COPY:
	  err = gpgme_data_new_from_mem (&data, text, strlen (text), 1);
	  break;
	case TEST_INOUT_MEM_FROM_FILE_COPY:
	  err = gpgme_data_new_from_file (&data, text_filename, 1);
	  break;
	case TEST_INOUT_MEM_FROM_INEXISTANT_FILE:
	  err = gpgme_data_new_from_file (&data, missing_filename, 1);
	  if (!err)
	    {
	      fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "
		       "file succeeded unexpectedly\n", __FILE__, __LINE__);
	      exit (1);
	    }
	  continue;
	case TEST_INOUT_MEM_FROM_FILE_NO_COPY:
	  err = gpgme_data_new_from_file (&data, text_filename, 0);
	  /* This is not implemented yet.  */
	  if (gpgme_err_code (err) == GPG_ERR_NOT_IMPLEMENTED
	      || gpgme_err_code (err) == GPG_ERR_INV_VALUE)
	    continue;
	  break;
	case TEST_INOUT_MEM_FROM_FILE_PART_BY_NAME:
	  err = gpgme_data_new_from_filepart (&data, longer_text_filename, 0,
					      strlen (text), strlen (text));
	  break;
	case TEST_INOUT_MEM_FROM_INEXISTANT_FILE_PART:
	  err = gpgme_data_new_from_filepart (&data, missing_filename, 0,
					      strlen (text), strlen (text));
	  if (!err)
	    {
	      fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant "
		       "file succeeded unexpectedly\n", __FILE__, __LINE__);
	      exit (1);
	    }
	  continue;
	case TEST_INOUT_MEM_FROM_FILE_PART_BY_FP:
	  {
	    FILE *fp = fopen (longer_text_filename, "rb");
	    if (! fp)
	      {
		fprintf (stderr, "%s:%d: fopen: %s\n", __FILE__, __LINE__,
			 strerror (errno));
		exit (1);
	      }
	    err = gpgme_data_new_from_filepart (&data, 0, fp,
						strlen (text), strlen (text));
	  }
	  break;
	case TEST_END:
	  goto out;
	case TEST_INITIALIZER:
	  /* Shouldn't happen.  */
	  fprintf (stderr, "%s:%d: impossible condition\n", __FILE__, __LINE__);
	  exit (1);
	}
      fail_if_err (err);

      read_test (round, data);
      write_test (round, data);
      gpgme_data_release (data);
    }
 out:
  free (text_filename);
  free (longer_text_filename);
  return 0;
}
Exemplo n.º 14
0
gboolean
fu_keyring_verify_file (FuKeyring *keyring,
			const gchar *filename,
			const gchar *signature,
			GError **error)
{
	FuKeyringPrivate *priv = GET_PRIVATE (keyring);
	gboolean has_header;
	gpgme_error_t rc;
	gpgme_signature_t s;
	gpgme_verify_result_t result;
	g_auto(gpgme_data_t) data = NULL;
	g_auto(gpgme_data_t) sig = NULL;
	g_autoptr(GString) sig_v1 = NULL;

	g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE);
	g_return_val_if_fail (filename != NULL, FALSE);
	g_return_val_if_fail (signature != NULL, FALSE);

	/* setup context */
	if (!fu_keyring_setup (keyring, error))
		return FALSE;

	/* has header already */
	has_header = g_strstr_len (signature, -1, "BEGIN PGP SIGNATURE") != NULL;

	/* load file data */
	rc = gpgme_data_new_from_file (&data, filename, 1);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     FWUPD_ERROR,
			     FWUPD_ERROR_INTERNAL,
			     "failed to load %s: %s",
			     filename, gpgme_strerror (rc));
		return FALSE;
	}

	/* load signature */
	sig_v1 = g_string_new ("");
	if (!has_header) {
		g_string_append (sig_v1, "-----BEGIN PGP SIGNATURE-----\n");
		g_string_append (sig_v1, "Version: GnuPG v1\n\n");
	}
	g_string_append_printf (sig_v1, "%s\n", signature);
	if (!has_header)
		g_string_append (sig_v1, "-----END PGP SIGNATURE-----\n");
	rc = gpgme_data_new_from_mem (&sig, sig_v1->str, sig_v1->len, 0);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     FWUPD_ERROR,
			     FWUPD_ERROR_INTERNAL,
			     "failed to load signature %s: %s",
			     signature, gpgme_strerror (rc));
		return FALSE;
	}

	/* verify */
	rc = gpgme_op_verify (priv->ctx, sig, data, NULL);
	if (rc != GPG_ERR_NO_ERROR) {
		g_set_error (error,
			     FWUPD_ERROR,
			     FWUPD_ERROR_INTERNAL,
			     "failed to verify %s: %s",
			     filename, gpgme_strerror (rc));
		return FALSE;
	}

	/* verify the result */
	result = gpgme_op_verify_result (priv->ctx);
	if (result == NULL) {
		g_set_error_literal (error,
				     FWUPD_ERROR,
				     FWUPD_ERROR_INTERNAL,
				     "no result record from libgpgme");
		return FALSE;
	}

	/* look at each signature */
	for (s = result->signatures; s != NULL ; s = s->next ) {
		g_debug ("returned signature fingerprint %s", s->fpr);
		if (!fu_keyring_check_signature (s, error))
			return FALSE;
	}
	return TRUE;
}
Exemplo n.º 15
0
int opkg_verify_gpg_signature(const char *file, const char *sigfile)
{
    int status = -1;
    int ret = -1;
    gpgme_ctx_t ctx;
    int have_ctx = 0;
    gpgme_data_t sig, text, key;
    int have_sig = 0, have_text = 0, have_key = 0;
    gpgme_error_t err;
    gpgme_verify_result_t result;
    gpgme_signature_t s;
    gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
    char *trusted_path = NULL;

    if (opkg_config->check_signature == 0)
        return 0;

    gpgme_check_version(NULL);

    err = gpgme_new(&ctx);
    if (err) {
        opkg_msg(ERROR, "Unable to create gpgme context: %s\n",
                 gpg_strerror(err));
        goto out_err;
    }
    have_ctx = 1;

    err = gpgme_set_protocol(ctx, protocol);
    if (err) {
        opkg_msg(ERROR, "Unable to set gpgme protocol to OpenPGP: %s\n",
                 gpg_strerror(err));
        goto out_err;
    }

    trusted_path = root_filename_alloc("/etc/opkg/trusted.gpg");
    if (!trusted_path) {
        opkg_msg(ERROR, "Out of memory!\n");
        goto out_err;
    }

    err = gpgme_data_new_from_file(&key, trusted_path, 1);
    if (err) {
        opkg_msg(ERROR, "Unable to get data from file %s: %s\n", trusted_path,
                 gpg_strerror(err));
        goto out_err;
    }
    have_key = 1;

    err = gpgme_op_import(ctx, key);
    if (err) {
        opkg_msg(ERROR, "Unable to import key from file %s: %s\n", trusted_path,
                 gpg_strerror(err));
        goto out_err;
    }

    err = gpgme_data_new_from_file(&sig, sigfile, 1);
    if (err) {
        opkg_msg(ERROR, "Unable to get data from file %s: %s\n", sigfile,
                 gpg_strerror(err));
        goto out_err;
    }
    have_sig = 1;

    err = gpgme_data_new_from_file(&text, file, 1);
    if (err) {
        opkg_msg(ERROR, "Unable to get data from file %s: %s\n", file,
                 gpg_strerror(err));
        goto out_err;
    }
    have_text = 1;

    err = gpgme_op_verify(ctx, sig, text, NULL);
    if (err) {
        opkg_msg(ERROR, "Unable to verify signature: %s\n", gpg_strerror(err));
        goto out_err;
    }

    result = gpgme_op_verify_result(ctx);
    if (!result) {
        opkg_msg(ERROR, "Unable to get verification data: %s\n",
                 gpg_strerror(err));
        goto out_err;
    }

    /* see if any of the signitures matched */
    s = result->signatures;
    while (s) {
        status = gpg_err_code(s->status);
        if (status == GPG_ERR_NO_ERROR) {
            ret = 0;
            break;
        }
        s = s->next;
    }

 out_err:
    if (have_sig)
        gpgme_data_release(sig);
    if (have_text)
        gpgme_data_release(text);
    if (have_key)
        gpgme_data_release(key);
    if (trusted_path)
        free(trusted_path);
    if (have_ctx)
        gpgme_release(ctx);

    return ret;
}