/* This functions builds an index of the keyring into a separate file with the name keyring.ext.idx. It contains the offset of all public- and public subkeys. The format of the file is: -------- 4 octets offset of the packet 8 octets keyid 20 octets fingerprint -------- We store the keyid and the fingerprint due to the fact we can't get the keyid from a v3 fingerprint directly. */ static int keydb_idx_build( const char * file ) { cdk_packet_t pkt; cdk_stream_t inp, out = NULL; byte buf[8], fpr[20]; char * fname; u32 keyid[2]; int rc, pos; if( !file ) return CDK_Inv_Value; pkt = cdk_calloc( 1, sizeof * pkt ); if( !pkt ) return CDK_Out_Of_Core; fname = keydb_idx_mkname( file ); if( !fname ) { rc = CDK_Out_Of_Core; goto leave; } rc = cdk_stream_open( file, &inp ); if( !rc ) rc = cdk_stream_create( fname, &out ); if( rc ) goto leave; while( !cdk_stream_eof( inp ) ) { pos = cdk_stream_tell( inp ); rc = cdk_pkt_read( inp, pkt ); if( rc ) break; if( pkt->pkttype == CDK_PKT_PUBLIC_KEY || pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ) { _cdk_u32tobuf( pos, buf ); cdk_stream_write( out, buf, 4 ); cdk_pk_get_keyid( pkt->pkt.public_key, keyid ); _cdk_u32tobuf( keyid[0], buf ); _cdk_u32tobuf( keyid[1], buf + 4 ); cdk_stream_write( out, buf, 8 ); cdk_pk_get_fingerprint( pkt->pkt.public_key, fpr ); cdk_stream_write( out, fpr, 20 ); } cdk_pkt_free( pkt ); cdk_pkt_init( pkt ); } cdk_stream_close( out ); leave: cdk_stream_close( inp ); cdk_free( fname ); cdk_free( pkt ); return rc; }
static cdk_error_t file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) { cdk_stream_t inp = NULL, out = NULL, tmp = NULL; digest_hd_st md; char buf[512], chk[512]; const char *s; int i, is_signed = 0, nbytes; int digest_algo = 0; int err; cdk_error_t rc; memset(&md, 0, sizeof(md)); if (output) { rc = cdk_stream_create (output, &out); if (rc) return rc; } rc = cdk_stream_open (file, &inp); if (rc) { if (output) cdk_stream_close (out); return rc; } s = "-----BEGIN PGP SIGNED MESSAGE-----"; while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (!strncmp (buf, s, strlen (s))) { is_signed = 1; break; } } if (cdk_stream_eof (inp) && !is_signed) { rc = CDK_Armor_Error; goto leave; } while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (nbytes == 1) /* Empty line */ break; else if (!strncmp (buf, "Hash: ", 6)) { for (i = 0; digest_table[i].name; i++) { if (!strcmp (buf + 6, digest_table[i].name)) { digest_algo = digest_table[i].algo; break; } } } } if (digest_algo && _gnutls_hash_get_algo_len (digest_algo) <= 0) { rc = CDK_Inv_Algo; goto leave; } if (!digest_algo) digest_algo = GNUTLS_DIG_MD5; err = _gnutls_hash_init (&md, digest_algo); if (err < 0) { rc = map_gnutls_error (err); goto leave; } s = "-----BEGIN PGP SIGNATURE-----"; while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (!strncmp (buf, s, strlen (s))) break; else { cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1); i = strncmp (chk, s, strlen (s)); if (strlen (buf) == 0 && i == 0) continue; /* skip last '\n' */ _cdk_trim_string (buf, i == 0 ? 0 : 1); _gnutls_hash (&md, buf, strlen (buf)); } if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */ memmove (buf, buf + 2, nbytes - 2); if (out) { if (strstr (buf, "\r\n")) buf[strlen (buf) - 2] = '\0'; cdk_stream_write (out, buf, strlen (buf)); _cdk_stream_puts (out, _cdk_armor_get_lineend ()); } } /* We create a temporary stream object to store the signature data in there. */ rc = cdk_stream_tmp_new (&tmp); if (rc) goto leave; s = "-----BEGIN PGP SIGNATURE-----\n"; _cdk_stream_puts (tmp, s); while (!cdk_stream_eof (inp)) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) break; if (nbytes < (int) (DIM (buf) - 3)) { buf[nbytes - 1] = '\n'; buf[nbytes] = '\0'; } cdk_stream_write (tmp, buf, nbytes); } /* FIXME: This code is not very elegant. */ cdk_stream_tmp_set_mode (tmp, STREAMCTL_READ); cdk_stream_seek (tmp, 0); cdk_stream_set_armor_flag (tmp, 0); cdk_stream_read (tmp, NULL, 0); /* the digest handle will be closed there. */ rc = _cdk_proc_packets (hd, tmp, NULL, NULL, NULL, &md); leave: _gnutls_hash_deinit (&md, NULL); cdk_stream_close (out); cdk_stream_close (tmp); cdk_stream_close (inp); return rc; }
/** * cdk_keygen_save: save the generated keys to disk * @hd: the keygen object * @pub: name of the file to store the public key * @sec: name of the file to store the secret key * **/ cdk_error_t cdk_keygen_save( cdk_keygen_ctx_t hd, const char * pubf, const char * secf ) { cdk_stream_t out = NULL; CDK_PACKET pkt; int rc; hd->key[0].pk = pk_create( hd, 0 ); if( !hd->key[0].pk ) return CDK_Inv_Packet; hd->key[0].sk = sk_create( hd, 0 ); if( !hd->key[0].sk ) return CDK_Inv_Packet; hd->id = uid_create( hd ); if( !hd->id ) return CDK_Inv_Packet; hd->sig = sig_self_create( hd ); if( !hd->sig ) return CDK_Inv_Packet; rc = cdk_stream_create( pubf, &out ); if( rc ) return rc; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_PUBLIC_KEY; pkt.pkt.public_key = hd->key[0].pk; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_USER_ID; pkt.pkt.user_id = hd->id; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SIGNATURE; pkt.pkt.signature = hd->sig; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; if( hd->key[1].algo ) { cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_PUBLIC_SUBKEY; pkt.pkt.public_key = hd->key[1].pk = pk_create( hd, 1 ); rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SIGNATURE; pkt.pkt.signature = sig_subkey_create( hd ); rc = cdk_pkt_write( out, &pkt ); cdk_pkt_free( &pkt ); if( rc ) goto fail; } cdk_stream_close( out ); out = NULL; rc = cdk_stream_create( secf, &out ); if( rc ) goto fail; if( hd->protect ) { rc = cdk_sk_protect( hd->key[0].sk, hd->pass ); if( rc ) goto fail; } cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SECRET_KEY; pkt.pkt.secret_key = hd->key[0].sk; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_USER_ID; pkt.pkt.user_id = hd->id; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SIGNATURE; pkt.pkt.signature = hd->sig; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; if( hd->key[1].algo ) { hd->key[1].sk = sk_create( hd, 1 ); if( hd->protect && (rc = cdk_sk_protect( hd->key[1].sk, hd->pass )) ) goto fail; cdk_pkt_init( &pkt ); pkt.pkttype = CDK_PKT_SECRET_SUBKEY; pkt.pkt.secret_key = hd->key[1].sk; rc = cdk_pkt_write( out, &pkt ); if( rc ) goto fail; } fail: cdk_stream_close( out ); return rc; }