/* idx == -1 indicates main key
* otherwise the subkey.
*/
static void
print_key_fingerprint(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
uint8_t fpr[128];
size_t fpr_size = sizeof(fpr);
int err;
const char *name;
char *p;
unsigned int bits;
err = gnutls_openpgp_crt_get_fingerprint(cert, fpr, &fpr_size);
if (err < 0)
addf(str, "error: get_fingerprint: %s\n",
gnutls_strerror(err));
else {
adds(str, _("\tFingerprint (hex): "));
_gnutls_buffer_hexprint(str, fpr, fpr_size);
addf(str, "\n");
}
err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
if (err < 0)
return;
name = gnutls_pk_get_name(err);
if (name == NULL)
return;
p = _gnutls_key_fingerprint_randomart(fpr, fpr_size, name, bits,
"\t\t");
if (p == NULL)
return;
adds(str, _("\tFingerprint's random art:\n"));
adds(str, p);
adds(str, "\n");
gnutls_free(p);
}
static void
print_key_info(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
{
int err;
unsigned int bits;
if (idx == -1)
err = gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
else
err =
gnutls_openpgp_crt_get_subkey_pk_algorithm(cert, idx,
&bits);
if (err < 0)
addf(str, "error: get_pk_algorithm: %s\n",
gnutls_strerror(err));
else {
const char *name = gnutls_pk_algorithm_get_name(err);
if (name == NULL)
name = _("unknown");
addf(str, _("\tPublic Key Algorithm: %s\n"), name);
addf(str, _("\tKey Security Level: %s\n"),
gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
(err, bits)));
switch (err) {
case GNUTLS_PK_RSA:
{
gnutls_datum_t m, e;
if (idx == -1)
err =
gnutls_openpgp_crt_get_pk_rsa_raw
(cert, &m, &e);
else
err =
gnutls_openpgp_crt_get_subkey_pk_rsa_raw
(cert, idx, &m, &e);
if (err < 0)
addf(str,
"error: get_pk_rsa_raw: %s\n",
gnutls_strerror(err));
else {
addf(str,
_("\t\tModulus (bits %d):\n"),
bits);
_gnutls_buffer_hexdump(str, m.data,
m.size,
"\t\t\t");
adds(str, _("\t\tExponent:\n"));
_gnutls_buffer_hexdump(str, e.data,
e.size,
"\t\t\t");
gnutls_free(m.data);
gnutls_free(e.data);
}
}
break;
case GNUTLS_PK_DSA:
{
gnutls_datum_t p, q, g, y;
if (idx == -1)
err =
gnutls_openpgp_crt_get_pk_dsa_raw
(cert, &p, &q, &g, &y);
else
err =
gnutls_openpgp_crt_get_subkey_pk_dsa_raw
(cert, idx, &p, &q, &g, &y);
if (err < 0)
addf(str,
"error: get_pk_dsa_raw: %s\n",
gnutls_strerror(err));
else {
addf(str,
_
("\t\tPublic key (bits %d):\n"),
bits);
_gnutls_buffer_hexdump(str, y.data,
y.size,
"\t\t\t");
adds(str, _("\t\tP:\n"));
_gnutls_buffer_hexdump(str, p.data,
p.size,
"\t\t\t");
adds(str, _("\t\tQ:\n"));
_gnutls_buffer_hexdump(str, q.data,
q.size,
"\t\t\t");
adds(str, _("\t\tG:\n"));
_gnutls_buffer_hexdump(str, g.data,
g.size,
"\t\t\t");
gnutls_free(p.data);
gnutls_free(q.data);
gnutls_free(g.data);
gnutls_free(y.data);
}
}
break;
default:
break;
}
}
}
static void
print_oneline(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
int err, i;
i = 0;
do {
char *dn;
size_t dn_size = 0;
err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
&& err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "unknown name (%s), ",
gnutls_strerror(err));
else {
dn = gnutls_malloc(dn_size);
if (!dn)
addf(str, "unknown name (%s), ",
gnutls_strerror
(GNUTLS_E_MEMORY_ERROR));
else {
err =
gnutls_openpgp_crt_get_name(cert, i,
dn,
&dn_size);
if (err < 0
&& err !=
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "unknown name (%s), ",
gnutls_strerror(err));
else if (err >= 0)
addf(str, _("name[%d]: %s, "), i,
dn);
else if (err ==
GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str,
_("revoked name[%d]: %s, "),
i, dn);
gnutls_free(dn);
}
}
i++;
}
while (err >= 0);
{
char fpr[128];
size_t fpr_size = sizeof(fpr);
int err;
err =
gnutls_openpgp_crt_get_fingerprint(cert, fpr,
&fpr_size);
if (err < 0)
addf(str, "error: get_fingerprint: %s\n",
gnutls_strerror(err));
else {
adds(str, _("fingerprint: "));
_gnutls_buffer_hexprint(str, fpr, fpr_size);
addf(str, ", ");
}
}
{
time_t tim;
tim = gnutls_openpgp_crt_get_creation_time(cert);
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (gmtime_r(&tim, &t) == NULL)
addf(str, "error: gmtime_r (%ld), ",
(unsigned long) tim);
else if (strftime
(s, max, "%Y-%m-%d %H:%M:%S UTC",
&t) == 0)
addf(str, "error: strftime (%ld), ",
(unsigned long) tim);
else
addf(str, _("created: %s, "), s);
}
tim = gnutls_openpgp_crt_get_expiration_time(cert);
{
char s[42];
size_t max = sizeof(s);
struct tm t;
if (tim == 0)
adds(str, _("never expires, "));
else {
if (gmtime_r(&tim, &t) == NULL)
addf(str,
"error: gmtime_r (%ld), ",
(unsigned long) tim);
else if (strftime
(s, max, "%Y-%m-%d %H:%M:%S UTC",
&t) == 0)
addf(str,
"error: strftime (%ld), ",
(unsigned long) tim);
else
addf(str, _("expires: %s, "), s);
}
}
}
{
unsigned int bits = 0;
gnutls_pk_algorithm_t algo =
gnutls_openpgp_crt_get_pk_algorithm(cert, &bits);
const char *algostr = gnutls_pk_algorithm_get_name(algo);
if (algostr)
addf(str, _("key algorithm %s (%d bits)"), algostr,
bits);
else
addf(str, _("unknown key algorithm (%d)"), algo);
}
}
/* Converts a parsed gnutls_openpgp_crt_t to a gnutls_cert structure.
*/
int
_gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)
{
int ret;
gnutls_openpgp_keyid_t keyid;
char err_buf[33];
memset (gcert, 0, sizeof (gnutls_cert));
gcert->cert_type = GNUTLS_CRT_OPENPGP;
gcert->version = gnutls_openpgp_crt_get_version (cert);
gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
ret = gnutls_openpgp_crt_get_preferred_key_id (cert, keyid);
if (ret == 0)
{
int idx;
uint32_t kid32[2];
_gnutls_debug_log
("Importing Openpgp cert and using openpgp sub key: %s\n",
_gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf)));
KEYID_IMPORT (kid32, keyid);
idx = gnutls_openpgp_crt_get_subkey_idx (cert, keyid);
if (idx < 0)
{
gnutls_assert ();
return idx;
}
gcert->subject_pk_algorithm =
gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL);
gnutls_openpgp_crt_get_subkey_usage (cert, idx, &gcert->key_usage);
gcert->use_subkey = 1;
memcpy (gcert->subkey_id, keyid, sizeof (keyid));
ret =
_gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params,
&gcert->params_size);
}
else
{
_gnutls_debug_log
("Importing Openpgp cert and using main openpgp key\n");
gcert->subject_pk_algorithm =
gnutls_openpgp_crt_get_pk_algorithm (cert, NULL);
gnutls_openpgp_crt_get_key_usage (cert, &gcert->key_usage);
ret =
_gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params,
&gcert->params_size);
gcert->use_subkey = 0;
}
if (ret < 0)
{
gnutls_assert ();
return ret;
}
{ /* copy the raw certificate */
#define SMALL_RAW 512
opaque *raw;
size_t raw_size = SMALL_RAW;
/* initially allocate a bogus size, just in case the certificate
* fits in it. That way we minimize the DER encodings performed.
*/
raw = gnutls_malloc (raw_size);
if (raw == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
ret =
gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
&raw_size);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
gnutls_assert ();
gnutls_free (raw);
return ret;
}
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
raw = gnutls_realloc (raw, raw_size);
if (raw == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
ret =
gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
&raw_size);
if (ret < 0)
{
gnutls_assert ();
gnutls_free (raw);
return ret;
}
}
gcert->raw.data = raw;
gcert->raw.size = raw_size;
}
return 0;
}
