static int
pkcs7_import_keys (GMimeCryptoContext *context, GMimeStream *istream, GError **err)
{
#ifdef ENABLE_SMIME
GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
Pkcs7Ctx *pkcs7 = ctx->priv;
gpgme_data_t keydata;
gpgme_error_t error;
if ((error = gpgme_data_new_from_cbs (&keydata, &pkcs7_stream_funcs, istream)) != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream"));
return -1;
}
/* import the key(s) */
if ((error = gpgme_op_import (pkcs7->ctx, keydata)) != GPG_ERR_NO_ERROR) {
//printf ("import error (%d): %s\n", error & GPG_ERR_CODE_MASK, gpg_strerror (error));
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not import key data"));
gpgme_data_release (keydata);
return -1;
}
gpgme_data_release (keydata);
return 0;
#else
g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build"));
return -1;
#endif /* ENABLE_SMIME */
}
gboolean
fu_keyring_add_public_key (FuKeyring *keyring, const gchar *filename, GError **error)
{
FuKeyringPrivate *priv = GET_PRIVATE (keyring);
gpgme_error_t rc;
gpgme_import_result_t result;
gpgme_import_status_t s;
g_auto(gpgme_data_t) data = NULL;
g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE);
g_return_val_if_fail (filename != NULL, FALSE);
/* import public key */
g_debug ("Adding public key %s", filename);
rc = gpgme_data_new_from_file (&data, filename, 1);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to load %s: %s",
filename, gpgme_strerror (rc));
return FALSE;
}
rc = gpgme_op_import (priv->ctx, data);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to import %s: %s",
filename, gpgme_strerror (rc));
return FALSE;
}
/* print what keys were imported */
result = gpgme_op_import_result (priv->ctx);
for (s = result->imports; s != NULL; s = s->next) {
g_debug ("importing key %s [%u] %s",
s->fpr, s->status, gpgme_strerror (s->result));
}
/* make sure keys were really imported */
if (result->imported == 0 && result->unchanged == 0) {
g_debug("imported: %d, unchanged: %d, not_imported: %d",
result->imported,
result->unchanged,
result->not_imported);
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"key import failed %s",
filename);
return FALSE;
}
return TRUE;
}
/* Deprecated interface. */
gpgme_error_t
gpgme_op_import_ext (gpgme_ctx_t ctx, gpgme_data_t keydata, int *nr)
{
gpgme_error_t err = gpgme_op_import (ctx, keydata);
if (!err && nr)
{
gpgme_import_result_t result = gpgme_op_import_result (ctx);
*nr = result->considered;
}
return err;
}
int
main (int argc, char **argv)
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in;
gpgme_import_result_t result;
char *cert_1 = make_filename ("cert_dfn_pca01.der");
char *cert_2 = make_filename ("cert_dfn_pca15.der");
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
err = gpgme_data_new_from_file (&in, cert_1, 1);
free (cert_1);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "DFA56FB5FC41E3A8921F77AD1622EEFD9152A5AD", 1, 1);
gpgme_data_release (in);
err = gpgme_data_new_from_file (&in, cert_2, 1);
free (cert_2);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "2C8F3C356AB761CB3674835B792CDA52937F9285", 1, 2);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
int
main (int argc, char *argv[])
{
gpgme_ctx_t ctx;
gpgme_error_t err;
gpgme_data_t in;
gpgme_import_result_t result;
char *pubkey_1_asc = make_filename ("pubkey-1.asc");
char *seckey_1_asc = make_filename ("seckey-1.asc");
init_gpgme (GPGME_PROTOCOL_OpenPGP);
err = gpgme_new (&ctx);
fail_if_err (err);
err = gpgme_data_new_from_file (&in, pubkey_1_asc, 1);
free (pubkey_1_asc);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 0);
gpgme_data_release (in);
err = gpgme_data_new_from_file (&in, seckey_1_asc, 1);
free (seckey_1_asc);
fail_if_err (err);
err = gpgme_op_import (ctx, in);
fail_if_err (err);
result = gpgme_op_import_result (ctx);
check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 1);
gpgme_data_release (in);
gpgme_release (ctx);
return 0;
}
SEXP R_gpg_import(SEXP pubkey) {
gpgme_data_t KEY;
bail(gpgme_data_new_from_mem(&KEY, (const char*) RAW(pubkey), LENGTH(pubkey), 0), "creating key buffer");
bail(gpgme_op_import(ctx, KEY), "importing pubkey");
gpgme_import_result_t result = gpgme_op_import_result(ctx);
SEXP out = PROTECT(allocVector(INTSXP, 5));
INTEGER(out)[0] = result->considered;
INTEGER(out)[1] = result->imported;
INTEGER(out)[2] = result->secret_imported;
INTEGER(out)[3] = result->new_signatures;
INTEGER(out)[4] = result->new_revocations;
UNPROTECT(1);
return out;
}
/* ------------------
* import ascii armored key
* ------------------ */
int import_key(char* armored_key)
{
gpgme_error_t error;
gpgme_ctx_t ctx;
gpgme_data_t keydata;
gpgme_import_result_t result;
// connect to gpgme
gpgme_check_version (NULL);
error = gpgme_new(&ctx);
if (error)
{
purple_debug_error(PLUGIN_ID,"gpgme_new failed: %s %s\n",gpgme_strsource (error), gpgme_strerror (error));
return FALSE;
}
purple_debug_info(PLUGIN_ID,"try to import key: %s\n",armored_key);
// create data containers
gpgme_data_new_from_mem (&keydata, armored_key,strlen(armored_key),1);
// import key, ascii armored
gpgme_set_armor(ctx,1);
error = gpgme_op_import (ctx, keydata);
if (error)
{
purple_debug_error(PLUGIN_ID,"gpgme_op_import: %s %s\n",gpgme_strsource (error), gpgme_strerror (error));
gpgme_release (ctx);
return FALSE;
}
result = gpgme_op_import_result (ctx);
purple_debug_info(PLUGIN_ID,"considered keys: %d; imported keys: %d; not imported keys: %d\n",result->considered,result->imported,result->not_imported);
// release memory for data containers
gpgme_data_release(keydata);
// close gpgme connection
gpgme_release (ctx);
return TRUE;
}
void import (
gpgme_ctx_t * context,
telem_gpg_opts * options,
int num_keys,
char ** key_path
)
{
gpgme_error_t err;
int url_mode = 0;
int nul_mode = 0;
gpgme_import_result_t impres;
gpgme_data_t data;
for (; num_keys; --num_keys, key_path++)
{
printf ("reading file `%s'\n", *key_path);
err = gpgme_data_new_from_file(&data, *key_path, 1);
fail_if_err(err);
if (url_mode)
gpgme_data_set_encoding(
data,
(nul_mode? GPGME_DATA_ENCODING_URL0 : GPGME_DATA_ENCODING_URL)
);
err = gpgme_op_import(*context, data);
fail_if_err(err);
impres = gpgme_op_import_result(*context);
if (!impres)
{
fprintf(stderr, "No import result returned\n");
exit(1);
}
print_import_result(impres);
gpgme_data_release(data);
}
}
static PyObject *
pygpgme_context_import(PyGpgmeContext *self, PyObject *args)
{
PyObject *py_keydata, *result;
gpgme_data_t keydata;
gpgme_error_t err;
if (!PyArg_ParseTuple(args, "O", &py_keydata))
return NULL;
if (pygpgme_data_new(&keydata, py_keydata))
return NULL;
Py_BEGIN_ALLOW_THREADS;
err = gpgme_op_import(self->ctx, keydata);
Py_END_ALLOW_THREADS;
gpgme_data_release(keydata);
result = pygpgme_import_result(self->ctx);
if (pygpgme_check_error(err)) {
PyObject *err_type, *err_value, *err_traceback;
PyErr_Fetch(&err_type, &err_value, &err_traceback);
PyErr_NormalizeException(&err_type, &err_value, &err_traceback);
if (!PyErr_GivenExceptionMatches(err_type, pygpgme_error))
goto end;
if (result != NULL) {
PyObject_SetAttrString(err_value, "result", result);
Py_DECREF(result);
}
end:
PyErr_Restore(err_type, err_value, err_traceback);
return NULL;
}
return result;
}
gboolean
lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err)
{
gpgme_error_t gpgerr;
int key_fd;
gpgme_ctx_t context;
gpgme_data_t key_data;
assert(!err || *err == NULL);
// Initialization
gpgme_check_version(NULL);
gpgerr = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_engine_check_version: %s",
__func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGNOTSUPPORTED,
"gpgme_engine_check_version() error: %s",
gpgme_strerror(gpgerr));
return FALSE;
}
gpgerr = gpgme_new(&context);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_new: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_new() error: %s", gpgme_strerror(gpgerr));
return FALSE;
}
gpgerr = gpgme_set_protocol(context, GPGME_PROTOCOL_OpenPGP);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_set_protocol: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_set_protocol() error: %s", gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
if (home_dir) {
gpgerr = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_OpenPGP,
NULL, home_dir);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_ctx_set_engine_info: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_ctx_set_engine_info() error: %s",
gpgme_strerror(gpgerr));
gpgme_release(context);
return FALSE;
}
}
gpgme_set_armor(context, 1);
// Key import
key_fd = open(key_fn, O_RDONLY);
if (key_fd == -1) {
g_debug("%s: Opening key: %s", __func__, strerror(errno));
g_set_error(err, LR_GPG_ERROR, LRE_IO,
"Error while opening key %s: %s",
key_fn, strerror(errno));
gpgme_release(context);
return FALSE;
}
gpgerr = gpgme_data_new_from_fd(&key_data, key_fd);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_data_new_from_fd: %s",
__func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_data_new_from_fd(_, %d) error: %s",
key_fd, gpgme_strerror(gpgerr));
gpgme_release(context);
close(key_fd);
return FALSE;
}
gpgerr = gpgme_op_import(context, key_data);
gpgme_data_release(key_data);
if (gpgerr != GPG_ERR_NO_ERROR) {
g_debug("%s: gpgme_op_import: %s", __func__, gpgme_strerror(gpgerr));
g_set_error(err, LR_GPG_ERROR, LRE_GPGERROR,
"gpgme_op_import() error: %s", gpgme_strerror(gpgerr));
gpgme_release(context);
close(key_fd);
return FALSE;
}
close(key_fd);
gpgme_release(context);
return TRUE;
}
int
opkg_verify_file (char *text_file, char *sig_file)
{
#if defined HAVE_GPGME
if (conf->check_signature == 0 )
return 0;
int status = -1;
gpgme_ctx_t ctx;
gpgme_data_t sig, text, key;
gpgme_error_t err;
gpgme_verify_result_t result;
gpgme_signature_t s;
char *trusted_path = NULL;
gpgme_check_version (NULL);
err = gpgme_new (&ctx);
if (err)
return -1;
sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg");
err = gpgme_data_new_from_file (&key, trusted_path, 1);
free (trusted_path);
if (err)
{
return -1;
}
err = gpgme_op_import (ctx, key);
if (err)
{
gpgme_data_release (key);
return -1;
}
gpgme_data_release (key);
err = gpgme_data_new_from_file (&sig, sig_file, 1);
if (err)
{
gpgme_release (ctx);
return -1;
}
err = gpgme_data_new_from_file (&text, text_file, 1);
if (err)
{
gpgme_data_release (sig);
gpgme_release (ctx);
return -1;
}
err = gpgme_op_verify (ctx, sig, text, NULL);
result = gpgme_op_verify_result (ctx);
if (!result)
return -1;
/* see if any of the signitures matched */
s = result->signatures;
while (s)
{
status = gpg_err_code (s->status);
if (status == GPG_ERR_NO_ERROR)
break;
s = s->next;
}
gpgme_data_release (sig);
gpgme_data_release (text);
gpgme_release (ctx);
return status;
#elif defined HAVE_OPENSSL
X509_STORE *store = NULL;
PKCS7 *p7 = NULL;
BIO *in = NULL, *indata = NULL;
// Sig check failed by default !
int status = -1;
openssl_init();
// Set-up the key store
if(!(store = setup_verify(conf->signature_ca_file, conf->signature_ca_path))){
opkg_msg(ERROR, "Can't open CA certificates.\n");
goto verify_file_end;
}
// Open a BIO to read the sig file
if (!(in = BIO_new_file(sig_file, "rb"))){
opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file);
goto verify_file_end;
}
// Read the PKCS7 block contained in the sig file
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
if(!p7){
opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n",
sig_file);
goto verify_file_end;
}
#if defined(HAVE_PATHFINDER)
if(conf->check_x509_path){
if(!pkcs7_pathfinder_verify_signers(p7)){
opkg_msg(ERROR, "pkcs7_pathfinder_verify_signers: "
"Path verification failed.\n");
goto verify_file_end;
}
}
#endif
// Open the Package file to authenticate
if (!(indata = BIO_new_file(text_file, "rb"))){
opkg_msg(ERROR, "Can't open file %s.\n", text_file);
goto verify_file_end;
}
// Let's verify the autenticity !
if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){
// Get Off My Lawn!
opkg_msg(ERROR, "Verification failure.\n");
}else{
// Victory !
status = 0;
}
verify_file_end:
BIO_free(in);
BIO_free(indata);
PKCS7_free(p7);
X509_STORE_free(store);
return status;
#else
/* mute `unused variable' warnings. */
(void) sig_file;
(void) text_file;
(void) conf;
return 0;
#endif
}
void c_gpgme::load_public_key ( const std::string &filename ) {
auto key_file_ptr = load_file(filename);
m_error_code = gpgme_op_import(m_ctx, *key_file_ptr);
}
int opkg_verify_gpg_signature(const char *file, const char *sigfile)
{
int status = -1;
int ret = -1;
gpgme_ctx_t ctx;
int have_ctx = 0;
gpgme_data_t sig, text, key;
int have_sig = 0, have_text = 0, have_key = 0;
gpgme_error_t err;
gpgme_verify_result_t result;
gpgme_signature_t s;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
char *trusted_path = NULL;
if (opkg_config->check_signature == 0)
return 0;
gpgme_check_version(NULL);
err = gpgme_new(&ctx);
if (err) {
opkg_msg(ERROR, "Unable to create gpgme context: %s\n",
gpg_strerror(err));
goto out_err;
}
have_ctx = 1;
err = gpgme_set_protocol(ctx, protocol);
if (err) {
opkg_msg(ERROR, "Unable to set gpgme protocol to OpenPGP: %s\n",
gpg_strerror(err));
goto out_err;
}
trusted_path = root_filename_alloc("/etc/opkg/trusted.gpg");
if (!trusted_path) {
opkg_msg(ERROR, "Out of memory!\n");
goto out_err;
}
err = gpgme_data_new_from_file(&key, trusted_path, 1);
if (err) {
opkg_msg(ERROR, "Unable to get data from file %s: %s\n", trusted_path,
gpg_strerror(err));
goto out_err;
}
have_key = 1;
err = gpgme_op_import(ctx, key);
if (err) {
opkg_msg(ERROR, "Unable to import key from file %s: %s\n", trusted_path,
gpg_strerror(err));
goto out_err;
}
err = gpgme_data_new_from_file(&sig, sigfile, 1);
if (err) {
opkg_msg(ERROR, "Unable to get data from file %s: %s\n", sigfile,
gpg_strerror(err));
goto out_err;
}
have_sig = 1;
err = gpgme_data_new_from_file(&text, file, 1);
if (err) {
opkg_msg(ERROR, "Unable to get data from file %s: %s\n", file,
gpg_strerror(err));
goto out_err;
}
have_text = 1;
err = gpgme_op_verify(ctx, sig, text, NULL);
if (err) {
opkg_msg(ERROR, "Unable to verify signature: %s\n", gpg_strerror(err));
goto out_err;
}
result = gpgme_op_verify_result(ctx);
if (!result) {
opkg_msg(ERROR, "Unable to get verification data: %s\n",
gpg_strerror(err));
goto out_err;
}
/* see if any of the signitures matched */
s = result->signatures;
while (s) {
status = gpg_err_code(s->status);
if (status == GPG_ERR_NO_ERROR) {
ret = 0;
break;
}
s = s->next;
}
out_err:
if (have_sig)
gpgme_data_release(sig);
if (have_text)
gpgme_data_release(text);
if (have_key)
gpgme_data_release(key);
if (trusted_path)
free(trusted_path);
if (have_ctx)
gpgme_release(ctx);
return ret;
}
