/* This functions builds an index of the keyring into a separate file with the name keyring.ext.idx. It contains the offset of all public- and public subkeys. The format of the file is: -------- 4 octets offset of the packet 8 octets keyid 20 octets fingerprint -------- We store the keyid and the fingerprint due to the fact we can't get the keyid from a v3 fingerprint directly. */ static int keydb_idx_build( const char * file ) { cdk_packet_t pkt; cdk_stream_t inp, out = NULL; byte buf[8], fpr[20]; char * fname; u32 keyid[2]; int rc, pos; if( !file ) return CDK_Inv_Value; pkt = cdk_calloc( 1, sizeof * pkt ); if( !pkt ) return CDK_Out_Of_Core; fname = keydb_idx_mkname( file ); if( !fname ) { rc = CDK_Out_Of_Core; goto leave; } rc = cdk_stream_open( file, &inp ); if( !rc ) rc = cdk_stream_create( fname, &out ); if( rc ) goto leave; while( !cdk_stream_eof( inp ) ) { pos = cdk_stream_tell( inp ); rc = cdk_pkt_read( inp, pkt ); if( rc ) break; if( pkt->pkttype == CDK_PKT_PUBLIC_KEY || pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ) { _cdk_u32tobuf( pos, buf ); cdk_stream_write( out, buf, 4 ); cdk_pk_get_keyid( pkt->pkt.public_key, keyid ); _cdk_u32tobuf( keyid[0], buf ); _cdk_u32tobuf( keyid[1], buf + 4 ); cdk_stream_write( out, buf, 8 ); cdk_pk_get_fingerprint( pkt->pkt.public_key, fpr ); cdk_stream_write( out, fpr, 20 ); } cdk_pkt_free( pkt ); cdk_pkt_init( pkt ); } cdk_stream_close( out ); leave: cdk_stream_close( inp ); cdk_free( fname ); cdk_free( pkt ); return rc; }
/** * cdk_kbnode_write_to_mem_alloc: * @node: the key node * @r_buf: buffer to hold the raw data * @r_buflen: buffer length of the allocated raw data. * * The function acts similar to cdk_kbnode_write_to_mem but * it allocates the buffer to avoid the lengthy second run. */ cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node, byte ** r_buf, size_t * r_buflen) { cdk_kbnode_t n; cdk_stream_t s; cdk_error_t rc; size_t len; if (!node || !r_buf || !r_buflen) { gnutls_assert (); return CDK_Inv_Value; } *r_buf = NULL; *r_buflen = 0; rc = cdk_stream_tmp_new (&s); if (rc) { gnutls_assert (); return rc; } for (n = node; n; n = n->next) { /* Skip all packets which cannot occur in a key composition. */ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY && n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY && n->pkt->pkttype != CDK_PKT_SECRET_KEY && n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY && n->pkt->pkttype != CDK_PKT_SIGNATURE && n->pkt->pkttype != CDK_PKT_USER_ID && n->pkt->pkttype != CDK_PKT_ATTRIBUTE) continue; rc = cdk_pkt_write (s, n->pkt); if (rc) { cdk_stream_close (s); gnutls_assert (); return rc; } } cdk_stream_seek (s, 0); len = cdk_stream_get_length (s); *r_buf = cdk_calloc (1, len); *r_buflen = cdk_stream_read (s, *r_buf, len); cdk_stream_close (s); return 0; }
/** * cdk_file_verify: * @hd: the session handle * @file: the input file * @data_file: for detached signature this is the data file and @file is the sig. * @output: the output file * * Verify a signature. **/ cdk_error_t cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file, const char *output) { struct stat stbuf; cdk_stream_t inp, data; char buf[4096]; int n; cdk_error_t rc; if (!hd || !file) return CDK_Inv_Value; if (output && !hd->opt.overwrite && !stat (output, &stbuf)) return CDK_Inv_Mode; rc = cdk_stream_open (file, &inp); if (rc) return rc; if (cdk_armor_filter_use (inp)) { n = cdk_stream_peek (inp, (byte *) buf, DIM (buf) - 1); if (!n || n == -1) return CDK_EOF; buf[n] = '\0'; if (strstr (buf, "BEGIN PGP SIGNED MESSAGE")) { cdk_stream_close (inp); return file_verify_clearsign (hd, file, output); } cdk_stream_set_armor_flag (inp, 0); } if (data_file) { rc = cdk_stream_open (data_file, &data); if (rc) { cdk_stream_close (inp); return rc; } } else data = NULL; rc = _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL); if (data != NULL) cdk_stream_close (data); cdk_stream_close (inp); return rc; }
static cdk_error_t literal_encode (void *data, FILE * in, FILE * out) { literal_filter_t *pfx = data; cdk_pkt_literal_t pt; cdk_stream_t si; cdk_packet_t pkt; size_t filelen; cdk_error_t rc; _cdk_log_debug ("literal filter: encode\n"); if (!pfx || !in || !out) return CDK_Inv_Value; if (!pfx->filename) { pfx->filename = cdk_strdup ("_CONSOLE"); if (!pfx->filename) return CDK_Out_Of_Core; } rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si); if (rc) return rc; filelen = strlen (pfx->filename); cdk_pkt_new (&pkt); pt = pkt->pkt.literal = cdk_calloc (1, sizeof *pt + filelen); pt->name = (char *) pt + sizeof (*pt); if (!pt) { cdk_pkt_release (pkt); cdk_stream_close (si); return CDK_Out_Of_Core; } memcpy (pt->name, pfx->filename, filelen); pt->namelen = filelen; pt->name[pt->namelen] = '\0'; pt->timestamp = (u32) time (NULL); pt->mode = intmode_to_char (pfx->mode); pt->len = cdk_stream_get_length (si); pt->buf = si; pkt->old_ctb = 1; pkt->pkttype = CDK_PKT_LITERAL; pkt->pkt.literal = pt; rc = _cdk_pkt_write_fp (out, pkt); cdk_pkt_release (pkt); cdk_stream_close (si); return rc; }
/** * cdk_stream_tmp_from_mem: * @buf: the buffer which shall be written to the temp stream. * @buflen: how large the buffer is * @r_out: the new stream with the given contents. * * Creates a new tempory stream with the given contests. */ cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen, cdk_stream_t * r_out) { cdk_stream_t s; cdk_error_t rc; int nwritten; *r_out = NULL; rc = cdk_stream_tmp_new (&s); if (rc) { gnutls_assert (); return rc; } nwritten = cdk_stream_write (s, buf, buflen); if (nwritten == EOF) { cdk_stream_close (s); gnutls_assert (); return s->error; } cdk_stream_seek (s, 0); *r_out = s; return 0; }
cdk_error_t cdk_keydb_import( cdk_keydb_hd_t hd, cdk_kbnode_t knode, int *result ) { cdk_kbnode_t node, chk = NULL; cdk_packet_t pkt; cdk_stream_t out; u32 keyid[2]; int rc = 0, is_sk = 0; if( !hd || !knode ) return CDK_Inv_Value; memset( result, 0, 4 * sizeof (int) ); pkt = find_key_packet( knode, &is_sk ); if( !pkt ) return CDK_Inv_Packet; result[is_sk] = 1; _cdk_pkt_get_keyid( pkt, keyid ); cdk_keydb_get_bykeyid( hd, keyid, &chk ); if( chk ) { /* fixme: search for new signatures */ cdk_kbnode_release( chk ); return 0; } if( hd->buf ) { cdk_stream_close( hd->buf ); hd->buf = NULL; } rc = _cdk_stream_append( hd->name, &out ); if( rc ) return rc; for( node = knode; node; node = node->next ) { if( node->pkt->pkttype == CDK_PKT_RING_TRUST ) continue; /* No uniformed syntax for this packet */ rc = cdk_pkt_write( out, node->pkt ); if( rc ) break; } if( !rc ) result[is_sk? 3 : 2] = 1; cdk_stream_close( out ); if( !hd->no_cache ) cdk_keydb_idx_rebuild( hd ); return rc; }
cdk_error_t _cdk_pkt_write_fp (FILE * out, cdk_packet_t pkt) { cdk_stream_t so; cdk_error_t rc; rc = _cdk_stream_fpopen (out, 1, &so); if (rc) return rc; rc = cdk_pkt_write (so, pkt); cdk_stream_close (so); return rc; }
/** * cdk_keydb_free: * @hd: the keydb object * * Free the keydb object. **/ void cdk_keydb_free( cdk_keydb_hd_t hd ) { if( !hd ) return; if( hd->isopen && hd->name ) { hd->isopen = 0; cdk_free( hd->name ); hd->name = NULL; cdk_stream_close( hd->buf ); hd->buf = NULL; } if( !hd->secret ) { cdk_stream_close( hd->idx ); hd->idx = NULL; } hd->no_cache = 0; hd->secret = 0; keydb_cache_free( hd->cache ); hd->cache = NULL; keydb_search_free( hd->dbs ); hd->dbs = NULL; cdk_free( hd ); }
/** * gnutls_openpgp_key_deinit - This function deinitializes memory used by a gnutls_openpgp_key_t structure * @key: The structure to be initialized * * This function will deinitialize a key structure. * **/ void gnutls_openpgp_key_deinit (gnutls_openpgp_key_t key) { if (!key) return; if (key->knode) { cdk_kbnode_release (key->knode); key->knode = NULL; } if (key->inp) cdk_stream_close (key->inp); gnutls_free (key); }
static int literal_encode (void * opaque, FILE * in, FILE * out) { literal_filter_t * pfx = opaque; cdk_pkt_literal_t pt; cdk_stream_t si; CDK_PACKET pkt; size_t filelen; int rc; _cdk_log_debug ("literal filter: encode\n"); if (!pfx || !in || !out) return CDK_Inv_Value; if (!pfx->filename) { pfx->filename = cdk_strdup ("_CONSOLE"); if( !pfx->filename ) return CDK_Out_Of_Core; } si = _cdk_stream_fpopen (in, STREAMCTL_READ); if (!si) return CDK_Out_Of_Core; filelen = strlen (pfx->filename); pt = cdk_calloc (1, sizeof *pt + filelen - 1); if (!pt) return CDK_Out_Of_Core; memcpy (pt->name, pfx->filename, filelen); pt->namelen = filelen; pt->name[pt->namelen] = '\0'; pt->timestamp = _cdk_timestamp (); pt->mode = pfx->mode ? 't' : 'b'; pt->len = cdk_stream_get_length (si); pt->buf = si; cdk_pkt_init (&pkt); pkt.old_ctb = pfx->rfc1991? 1 : 0; pkt.pkttype = CDK_PKT_LITERAL; pkt.pkt.literal = pt; rc = _cdk_pkt_write_fp (out, &pkt); cdk_free (pt); cdk_stream_close (si); return rc; }
cdk_stream_t cdk_stream_tmp_from_mem( const void * buf, size_t count ) { cdk_stream_t s; int nwritten; s = cdk_stream_tmp( ); if( !s ) return NULL; nwritten = cdk_stream_write( s, buf, count ); if( nwritten == EOF ) { cdk_stream_close( s ); return NULL; } cdk_stream_seek( s, 0 ); return s; }
/** * cdk_keydb_idx_rebuild: * @hd: key database handle * * Rebuild the key index files for the given key database. **/ cdk_error_t cdk_keydb_idx_rebuild( cdk_keydb_hd_t hd ) { int rc; if( !hd || !hd->name ) return CDK_Inv_Value; if( hd->secret ) return 0; cdk_stream_close( hd->idx ); if( !hd->idx_name ) { hd->idx_name = keydb_idx_mkname( hd->name ); if( !hd->idx_name ) return CDK_Out_Of_Core; } rc = keydb_idx_build( hd->name ); if( !rc ) rc = cdk_stream_open( hd->idx_name, &hd->idx ); return rc; }
cdk_error_t _cdk_stream_append( const char * file, cdk_stream_t * ret_s ) { cdk_stream_t s; FILE * fp; int rc; if( !ret_s ) return CDK_Inv_Value; rc = cdk_stream_open( file, &s ); if( rc ) return rc; fp = fopen( file, "a+b" ); if( !fp ) { cdk_stream_close( s ); return CDK_File_Error; } fclose( s->fp ); s->fp = fp; s->flags.write = 1; *ret_s = s; return 0; }
/** * cdk_kbnode_read_from_mem: * @ret_node: the new key node * @buf: the buffer which stores the key sequence * @buflen: the length of the buffer * * Tries to read a key node from the memory buffer @buf. **/ cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node, const byte * buf, size_t buflen) { cdk_stream_t inp; cdk_error_t rc; if (!ret_node || !buf) return CDK_Inv_Value; *ret_node = NULL; if (!buflen) return CDK_Too_Short; rc = cdk_stream_tmp_from_mem (buf, buflen, &inp); if (rc) return rc; rc = cdk_keydb_get_keyblock (inp, ret_node); if (rc) gnutls_assert (); cdk_stream_close (inp); return rc; }
/** * cdk_kbnode_write_to_mem: * @node: the key node * @buf: the buffer to store the node data * @r_nbytes: the new length of the buffer. * * Tries to write the contents of the key node to the buffer @buf and * return the length of it in @r_nbytes. If buf is zero, only the * length of the node is calculated and returned in @r_nbytes. * Whenever it is possible, the cdk_kbnode_write_to_mem_alloc should be used. **/ cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes) { cdk_kbnode_t n; cdk_stream_t s; cdk_error_t rc; size_t len; if (!node || !r_nbytes) { gnutls_assert (); return CDK_Inv_Value; } rc = cdk_stream_tmp_new (&s); if (rc) { gnutls_assert (); return rc; } for (n = node; n; n = n->next) { /* Skip all packets which cannot occur in a key composition. */ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY && n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY && n->pkt->pkttype != CDK_PKT_SECRET_KEY && n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY && n->pkt->pkttype != CDK_PKT_SIGNATURE && n->pkt->pkttype != CDK_PKT_USER_ID && n->pkt->pkttype != CDK_PKT_ATTRIBUTE) continue; rc = cdk_pkt_write (s, n->pkt); if (rc) { cdk_stream_close (s); gnutls_assert (); return rc; } } cdk_stream_seek (s, 0); len = cdk_stream_get_length (s); if (!buf) { *r_nbytes = len; /* Only return the length of the buffer */ cdk_stream_close (s); return 0; } if (*r_nbytes < len) { *r_nbytes = len; rc = CDK_Too_Short; } if (!rc) *r_nbytes = cdk_stream_read (s, buf, len); else gnutls_assert (); cdk_stream_close (s); return rc; }
/** * cdk_keydb_open: * @hd: keydb object * @ret_kr: the STREAM object which contains the data of the keyring * * Open a STREAM with the contents of the keyring from @hd **/ cdk_error_t cdk_keydb_open( cdk_keydb_hd_t hd, cdk_stream_t * ret_kr ) { int rc = 0, ec; if( !hd || !ret_kr ) return CDK_Inv_Value; if( hd->type == CDK_DBTYPE_DATA && hd->buf ) cdk_stream_seek( hd->buf, 0 ); else if( hd->type == CDK_DBTYPE_PK_KEYRING || hd->type == CDK_DBTYPE_SK_KEYRING ) { if( !hd->isopen && hd->name ) { rc = cdk_stream_open( hd->name, &hd->buf ); if( rc ) goto leave; if( cdk_armor_filter_use( hd->buf ) ) cdk_stream_set_armor_flag( hd->buf, 0 ); hd->isopen = 1; cdk_free( hd->idx_name ); hd->idx_name = keydb_idx_mkname( hd->name ); if( !hd->idx_name ) { rc = CDK_Out_Of_Core; goto leave; } ec = cdk_stream_open( hd->idx_name, &hd->idx ); if( ec && !hd->secret ) { rc = keydb_idx_build( hd->name ); if( !rc ) rc = cdk_stream_open( hd->idx_name, &hd->idx ); if( !rc ) _cdk_log_debug( "create key index table\n" ); if( rc ) { /* this is no real error, it just means we can't create the index at the given directory. maybe we've no write access. in this case, we simply disable the index. */ _cdk_log_debug( "disable key index table\n" ); rc = 0; hd->no_cache = 1; } } } else { /* We use the cache to search keys, so we always rewind the STREAM. Except when the _NEXT search mode is used because this mode is an enumeration and no seeking is needed. */ if( !hd->search || (hd->search && hd->dbs->type != CDK_DBSEARCH_NEXT) ) cdk_stream_seek( hd->buf, 0 ); } } else return CDK_Inv_Mode; leave: if( rc ) { cdk_stream_close( hd->buf ); hd->buf = NULL; } *ret_kr = hd->buf; return rc; }
/** * gnutls_openpgp_privkey_import: * @key: The structure to store the parsed key. * @data: The RAW or BASE64 encoded key. * @format: One of #gnutls_openpgp_crt_fmt_t elements. * @password: not used for now * @flags: should be zero * * This function will convert the given RAW or Base64 encoded key to * the native gnutls_openpgp_privkey_t format. The output will be * stored in 'key'. * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, const gnutls_datum_t * data, gnutls_openpgp_crt_fmt_t format, const char *password, unsigned int flags) { cdk_stream_t inp; cdk_packet_t pkt; int rc; if (data->data == NULL || data->size == 0) { gnutls_assert (); return GNUTLS_E_OPENPGP_GETKEY_FAILED; } if (format == GNUTLS_OPENPGP_FMT_RAW) { rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } if (cdk_armor_filter_use (inp)) { rc = cdk_stream_set_armor_flag (inp, 0); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); cdk_stream_close (inp); gnutls_assert (); return rc; } } rc = cdk_keydb_get_keyblock (inp, &key->knode); cdk_stream_close (inp); if (rc != 0) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } } /* Test if the import was successful. */ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY); if (pkt == NULL) { gnutls_assert (); return GNUTLS_E_OPENPGP_GETKEY_FAILED; } return 0; }
static int literal_decode( void * opaque, FILE * in, FILE * out ) { literal_filter_t * pfx = opaque; cdk_stream_t si, so; CDK_PACKET pkt; cdk_pkt_literal_t pt; byte buf[8192]; size_t nread; int rc, bufsize; _cdk_log_debug( "literal filter: decode\n" ); if (!pfx || !in || !out) return CDK_Inv_Value; si = _cdk_stream_fpopen( in, STREAMCTL_READ ); if (!si) return CDK_Out_Of_Core; so = _cdk_stream_fpopen( out, STREAMCTL_WRITE ); if( !so ) { cdk_stream_close( si ); return CDK_Out_Of_Core; } cdk_pkt_init( &pkt ); rc = cdk_pkt_read( si, &pkt ); if( pkt.pkttype != CDK_PKT_LITERAL ) { if( pkt.pkttype ) cdk_pkt_free( &pkt ); return rc; } pt = pkt.pkt.literal; pfx->mode = pt->mode; pfx->filename = cdk_strdup( pt->name? pt->name : " " ); if( !pfx->filename ) { cdk_pkt_free( &pkt ); return CDK_Out_Of_Core; } while( !feof( in ) ) { _cdk_log_debug( "partial on=%d size=%lu\n", pfx->blkmode.on, pfx->blkmode.size ); if( pfx->blkmode.on ) bufsize = pfx->blkmode.size; else bufsize = pt->len < sizeof buf-1? pt->len : sizeof buf-1; nread = cdk_stream_read( pt->buf, buf, bufsize ); if( nread == EOF ) { rc = CDK_File_Error; break; } if( pfx->md ) cdk_md_write (pfx->md, buf, nread); cdk_stream_write( so, buf, nread ); pt->len -= nread; if( pfx->blkmode.on ) { pfx->blkmode.size = _cdk_pkt_read_len( in, &pfx->blkmode.on ); if( pfx->blkmode.size == (size_t)EOF ) return CDK_Inv_Packet; } if( pt->len <= 0 && !pfx->blkmode.on ) break; } cdk_stream_close( si ); cdk_stream_close( so ); cdk_pkt_free( &pkt ); return rc; }
/** * gnutls_openpgp_keyring_import: * @keyring: The structure to store the parsed key. * @data: The RAW or BASE64 encoded keyring. * @format: One of #gnutls_openpgp_keyring_fmt elements. * * This function will convert the given RAW or Base64 encoded keyring * to the native #gnutls_openpgp_keyring_t format. The output will be * stored in 'keyring'. * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring, const gnutls_datum_t * data, gnutls_openpgp_crt_fmt_t format) { cdk_error_t err; cdk_stream_t input = NULL; size_t raw_len = 0; uint8_t *raw_data = NULL; unsigned free_data = 0; if (data->data == NULL || data->size == 0) { gnutls_assert(); return GNUTLS_E_OPENPGP_GETKEY_FAILED; } _gnutls_debug_log("PGP: keyring import format '%s'\n", format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64"); /* Create a new stream from the given data, decode it, and import * the raw database. This to avoid using opencdk streams which are * not thread safe. */ if (format == GNUTLS_OPENPGP_FMT_BASE64) { size_t seen = 0; err = cdk_stream_tmp_from_mem(data->data, data->size, &input); if (err == 0) err = cdk_stream_set_armor_flag(input, 0); if (err) { gnutls_assert(); err = _gnutls_map_cdk_rc(err); goto error; } raw_len = cdk_stream_get_length(input); if (raw_len == 0) { gnutls_assert(); err = GNUTLS_E_BASE64_DECODING_ERROR; goto error; } raw_data = gnutls_malloc(raw_len); if (raw_data == NULL) { gnutls_assert(); err = GNUTLS_E_MEMORY_ERROR; goto error; } do { err = cdk_stream_read(input, raw_data + seen, raw_len - seen); if (err > 0) seen += err; } while (seen < raw_len && err != EOF && err > 0); raw_len = seen; if (raw_len == 0) { gnutls_assert(); err = GNUTLS_E_BASE64_DECODING_ERROR; goto error; } free_data = 1; } else { /* RAW */ raw_len = data->size; raw_data = data->data; } err = cdk_keydb_new_from_mem(&keyring->db, 0, 0, raw_data, raw_len); if (err) gnutls_assert(); if (free_data) { err = _gnutls_map_cdk_rc(err); goto error; } return _gnutls_map_cdk_rc(err); error: gnutls_free(raw_data); cdk_stream_close(input); return err; }
static cdk_error_t literal_decode (void *data, FILE * in, FILE * out) { literal_filter_t *pfx = data; cdk_stream_t si, so; cdk_packet_t pkt; cdk_pkt_literal_t pt; byte buf[BUFSIZE]; ssize_t nread; int bufsize; cdk_error_t rc; _cdk_log_debug ("literal filter: decode\n"); if (!pfx || !in || !out) return CDK_Inv_Value; rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si); if (rc) return rc; cdk_pkt_new (&pkt); rc = cdk_pkt_read (si, pkt); if (rc || pkt->pkttype != CDK_PKT_LITERAL) { cdk_pkt_release (pkt); cdk_stream_close (si); return !rc ? CDK_Inv_Packet : rc; } rc = _cdk_stream_fpopen (out, STREAMCTL_WRITE, &so); if (rc) { cdk_pkt_release (pkt); cdk_stream_close (si); return rc; } pt = pkt->pkt.literal; pfx->mode = pt->mode; if (pfx->filename && pt->namelen > 0) { /* The name in the literal packet is more authorative. */ cdk_free (pfx->filename); pfx->filename = dup_trim_filename (pt->name); } else if (!pfx->filename && pt->namelen > 0) pfx->filename = dup_trim_filename (pt->name); else if (!pt->namelen && !pfx->filename && pfx->orig_filename) { /* In this case, we need to derrive the output file name from the original name and cut off the OpenPGP extension. If this is not possible, we return an error. */ if (!stristr (pfx->orig_filename, ".gpg") && !stristr (pfx->orig_filename, ".pgp") && !stristr (pfx->orig_filename, ".asc")) { cdk_pkt_release (pkt); cdk_stream_close (si); cdk_stream_close (so); _cdk_log_debug ("literal filter: no file name and no PGP extension\n"); return CDK_Inv_Mode; } _cdk_log_debug ("literal filter: derrive file name from original\n"); pfx->filename = dup_trim_filename (pfx->orig_filename); pfx->filename[strlen (pfx->filename) - 4] = '\0'; } while (!feof (in)) { _cdk_log_debug ("literal_decode: part on %d size %lu\n", (int) pfx->blkmode.on, (unsigned long)pfx->blkmode.size); if (pfx->blkmode.on) bufsize = pfx->blkmode.size; else bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf); nread = cdk_stream_read (pt->buf, buf, bufsize); if (nread == EOF) { rc = CDK_File_Error; break; } if (pfx->md_initialized) _gnutls_hash (&pfx->md, buf, nread); cdk_stream_write (so, buf, nread); pt->len -= nread; if (pfx->blkmode.on) { pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on); if ((ssize_t) pfx->blkmode.size == EOF) return CDK_Inv_Packet; } if (pt->len <= 0 && !pfx->blkmode.on) break; } cdk_stream_close (si); cdk_stream_close (so); cdk_pkt_release (pkt); return rc; }
/** * gnutls_openpgp_key_export - This function will export a RAW or BASE64 encoded key * @key: Holds the key. * @format: One of gnutls_openpgp_key_fmt_t elements. * @output_data: will contain the key base64 encoded or raw * @output_data_size: holds the size of output_data (and will be replaced by the actual size of parameters) * * This function will convert the given key to RAW or Base64 format. * If the buffer provided is not long enough to hold the output, then * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. * * Returns 0 on success. * **/ int gnutls_openpgp_key_export (gnutls_openpgp_key_t key, gnutls_openpgp_key_fmt_t format, void *output_data, size_t * output_data_size) { int rc; size_t input_data_size = *output_data_size; rc = cdk_kbnode_write_to_mem (key->knode, output_data, output_data_size); if (rc) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); return rc; } if (format == GNUTLS_OPENPGP_FMT_BASE64) { cdk_stream_t s; s = cdk_stream_tmp_from_mem (output_data, *output_data_size); if (s == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } cdk_stream_tmp_set_mode (s, 1); rc = cdk_stream_set_armor_flag (s, CDK_ARMOR_PUBKEY); if (rc) { rc = _gnutls_map_cdk_rc (rc); gnutls_assert (); cdk_stream_close (s); return rc; } *output_data_size = input_data_size; rc = cdk_stream_read (s, output_data, *output_data_size); if (rc == EOF) { gnutls_assert (); cdk_stream_close (s); return GNUTLS_E_INTERNAL_ERROR; } *output_data_size = rc; if (*output_data_size != cdk_stream_get_length (s)) { *output_data_size = cdk_stream_get_length (s); cdk_stream_close (s); gnutls_assert (); return GNUTLS_E_SHORT_MEMORY_BUFFER; } cdk_stream_close (s); } return 0; }
static cdk_error_t file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) { cdk_stream_t inp = NULL, out = NULL, tmp = NULL; digest_hd_st md; char buf[512], chk[512]; const char *s; int i, is_signed = 0, nbytes; int digest_algo = 0; int err; cdk_error_t rc; memset(&md, 0, sizeof(md)); if (output) { rc = cdk_stream_create (output, &out); if (rc) return rc; } rc = cdk_stream_open (file, &inp); if (rc) { if (output) cdk_stream_close (out); return rc; } s = "-----BEGIN PGP SIGNED MESSAGE-----"; while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (!strncmp (buf, s, strlen (s))) { is_signed = 1; break; } } if (cdk_stream_eof (inp) && !is_signed) { rc = CDK_Armor_Error; goto leave; } while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (nbytes == 1) /* Empty line */ break; else if (!strncmp (buf, "Hash: ", 6)) { for (i = 0; digest_table[i].name; i++) { if (!strcmp (buf + 6, digest_table[i].name)) { digest_algo = digest_table[i].algo; break; } } } } if (digest_algo && _gnutls_hash_get_algo_len (digest_algo) <= 0) { rc = CDK_Inv_Algo; goto leave; } if (!digest_algo) digest_algo = GNUTLS_DIG_MD5; err = _gnutls_hash_init (&md, digest_algo); if (err < 0) { rc = map_gnutls_error (err); goto leave; } s = "-----BEGIN PGP SIGNATURE-----"; while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (!strncmp (buf, s, strlen (s))) break; else { cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1); i = strncmp (chk, s, strlen (s)); if (strlen (buf) == 0 && i == 0) continue; /* skip last '\n' */ _cdk_trim_string (buf, i == 0 ? 0 : 1); _gnutls_hash (&md, buf, strlen (buf)); } if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */ memmove (buf, buf + 2, nbytes - 2); if (out) { if (strstr (buf, "\r\n")) buf[strlen (buf) - 2] = '\0'; cdk_stream_write (out, buf, strlen (buf)); _cdk_stream_puts (out, _cdk_armor_get_lineend ()); } } /* We create a temporary stream object to store the signature data in there. */ rc = cdk_stream_tmp_new (&tmp); if (rc) goto leave; s = "-----BEGIN PGP SIGNATURE-----\n"; _cdk_stream_puts (tmp, s); while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (nbytes < (int) (DIM (buf) - 3)) { buf[nbytes - 1] = '\n'; buf[nbytes] = '\0'; } cdk_stream_write (tmp, buf, nbytes); } /* FIXME: This code is not very elegant. */ cdk_stream_tmp_set_mode (tmp, STREAMCTL_READ); cdk_stream_seek (tmp, 0); cdk_stream_set_armor_flag (tmp, 0); cdk_stream_read (tmp, NULL, 0); /* the digest handle will be closed there. */ rc = _cdk_proc_packets (hd, tmp, NULL, NULL, NULL, &md); leave: _gnutls_hash_deinit (&md, NULL); cdk_stream_close (out); cdk_stream_close (tmp); cdk_stream_close (inp); return rc; }
/** * cdk_keygen_save: save the generated keys to disk * @hd: the keygen object * @pub: name of the file to store the public key * @sec: name of the file to store the secret key * **/ cdk_error_t cdk_keygen_save( cdk_keygen_ctx_t hd, const char * pubf, const char * secf ) { cdk_stream_t out = NULL; CDK_PACKET pkt; int rc; hd->key[0].pk = pk_create( hd, 0 ); if( !hd->key[0].pk ) return CDK_Inv_Packet; hd->key[0].sk = sk_create( hd, 0 ); if( !hd->key[0].sk ) return CDK_Inv_Packet; hd->id = uid_create( hd ); if( !hd->id ) return CDK_Inv_Packet; hd->sig = sig_self_create( hd ); if( !hd->sig ) return CDK_Inv_Packet; rc = cdk_stream_create( pubf, &out ); if( rc ) return rc; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_PUBLIC_KEY; pkt.pkt.public_key = hd->key[0].pk; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_USER_ID; pkt.pkt.user_id = hd->id; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SIGNATURE; pkt.pkt.signature = hd->sig; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; if( hd->key[1].algo ) { cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_PUBLIC_SUBKEY; pkt.pkt.public_key = hd->key[1].pk = pk_create( hd, 1 ); rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SIGNATURE; pkt.pkt.signature = sig_subkey_create( hd ); rc = cdk_pkt_write( out, &pkt ); cdk_pkt_free( &pkt ); if( rc ) goto fail; } cdk_stream_close( out ); out = NULL; rc = cdk_stream_create( secf, &out ); if( rc ) goto fail; if( hd->protect ) { rc = cdk_sk_protect( hd->key[0].sk, hd->pass ); if( rc ) goto fail; } cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SECRET_KEY; pkt.pkt.secret_key = hd->key[0].sk; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_USER_ID; pkt.pkt.user_id = hd->id; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SIGNATURE; pkt.pkt.signature = hd->sig; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; if( hd->key[1].algo ) { hd->key[1].sk = sk_create( hd, 1 ); if( hd->protect && (rc = cdk_sk_protect( hd->key[1].sk, hd->pass )) ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SECRET_SUBKEY; pkt.pkt.secret_key = hd->key[1].sk; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; } fail: cdk_stream_close( out ); return rc; }