corrected copyright notices
[gnutls.git] / lib / openpgp / compat.c
blobebcb3afb82c69be95cb3e2b77b9cd7ef9ddc05b0
1 /*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
4 * Author: Timo Schulz, Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Compatibility functions on OpenPGP key parsing.
26 #include <gnutls_int.h>
27 #include <gnutls_errors.h>
28 #include <gnutls_openpgp.h>
29 #include <openpgp_int.h>
31 /*-
32 * gnutls_openpgp_verify_key:
33 * @hostname: the name of the certificate holder
34 * @cert_list: the structure that holds the certificates.
35 * @cert_list_lenght: the items in the cert_list.
36 * @status: the output of the verification function
38 * Verify all signatures in the certificate list. When the key
39 * is not available, the signature is skipped.
41 * The return value is one of the CertificateStatus entries.
43 * NOTE: this function does not verify using any "web of trust". You
44 * may use GnuPG for that purpose, or any other external PGP application.
45 -*/
46 int
47 _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
48 const char* hostname,
49 const gnutls_datum_t * cert_list,
50 int cert_list_length, unsigned int *status)
52 int ret = 0;
53 gnutls_openpgp_crt_t key = NULL;
54 unsigned int verify = 0, verify_self = 0;
56 if (!cert_list || cert_list_length != 1)
58 gnutls_assert ();
59 return GNUTLS_E_NO_CERTIFICATE_FOUND;
62 ret = gnutls_openpgp_crt_init (&key);
63 if (ret < 0)
65 gnutls_assert ();
66 return ret;
69 ret =
70 gnutls_openpgp_crt_import (key, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
71 if (ret < 0)
73 gnutls_assert ();
74 goto leave;
77 if (cred->keyring != NULL)
79 ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify);
80 if (ret < 0)
82 gnutls_assert ();
83 goto leave;
87 /* Now try the self signature. */
88 ret = gnutls_openpgp_crt_verify_self (key, 0, &verify_self);
89 if (ret < 0)
91 gnutls_assert ();
92 goto leave;
95 *status = verify_self | verify;
97 /* If we only checked the self signature. */
98 if (!cred->keyring)
99 *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
101 if (hostname)
103 ret = gnutls_openpgp_crt_check_hostname(key, hostname);
104 if (ret == 0)
105 *status |= GNUTLS_CERT_UNEXPECTED_OWNER;
108 ret = 0;
110 leave:
111 gnutls_openpgp_crt_deinit (key);
113 return ret;
117 * gnutls_openpgp_fingerprint:
118 * @cert: the raw data that contains the OpenPGP public key.
119 * @fpr: the buffer to save the fingerprint.
120 * @fprlen: the integer to save the length of the fingerprint.
122 * Returns the fingerprint of the OpenPGP key. Depence on the algorithm,
123 * the fingerprint can be 16 or 20 bytes.
126 _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
127 unsigned char *fpr, size_t * fprlen)
129 gnutls_openpgp_crt_t key;
130 int ret;
132 ret = gnutls_openpgp_crt_init (&key);
133 if (ret < 0)
135 gnutls_assert ();
136 return ret;
139 ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
140 if (ret < 0)
142 gnutls_assert ();
143 return ret;
146 ret = gnutls_openpgp_crt_get_fingerprint (key, fpr, fprlen);
147 gnutls_openpgp_crt_deinit (key);
148 if (ret < 0)
150 gnutls_assert ();
151 return ret;
154 return 0;
158 * gnutls_openpgp_get_raw_key_creation_time:
159 * @cert: the raw data that contains the OpenPGP public key.
161 * Returns the timestamp when the OpenPGP key was created.
163 time_t
164 _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert)
166 gnutls_openpgp_crt_t key;
167 int ret;
168 time_t tim;
170 ret = gnutls_openpgp_crt_init (&key);
171 if (ret < 0)
173 gnutls_assert ();
174 return ret;
177 ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
178 if (ret < 0)
180 gnutls_assert ();
181 return ret;
184 tim = gnutls_openpgp_crt_get_creation_time (key);
186 gnutls_openpgp_crt_deinit (key);
188 return tim;
193 * gnutls_openpgp_get_raw_key_expiration_time:
194 * @cert: the raw data that contains the OpenPGP public key.
196 * Returns the time when the OpenPGP key expires. A value of '0' means
197 * that the key doesn't expire at all.
199 time_t
200 _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * cert)
202 gnutls_openpgp_crt_t key;
203 int ret;
204 time_t tim;
206 ret = gnutls_openpgp_crt_init (&key);
207 if (ret < 0)
209 gnutls_assert ();
210 return ret;
213 ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
214 if (ret < 0)
216 gnutls_assert ();
217 return ret;
220 tim = gnutls_openpgp_crt_get_expiration_time (key);
222 gnutls_openpgp_crt_deinit (key);
224 return tim;