2 * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation
4 * Author: Timo Schulz, Nikos Mavrogiannopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 /* Functions on OpenPGP key parsing
28 #include <gnutls_int.h>
29 #include <openpgp_int.h>
30 #include <gnutls_errors.h>
31 #include <gnutls_openpgp.h>
32 #include <gnutls_num.h>
35 * gnutls_openpgp_crt_verify_ring - Verify all signatures in the key
36 * @key: the structure that holds the key.
37 * @keyring: holds the keyring to check against
38 * @flags: unused (should be 0)
39 * @verify: will hold the certificate verification output.
41 * Verify all signatures in the key, using the given set of keys
44 * The key verification output will be put in @verify and will be one
45 * or more of the #gnutls_certificate_status_t enumerated elements
48 * %GNUTLS_CERT_INVALID: A signature on the key is invalid.
50 * %GNUTLS_CERT_REVOKED: The key has been revoked.
52 * Note that this function does not verify using any "web of trust".
53 * You may use GnuPG for that purpose, or any other external PGP
56 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
59 gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
60 gnutls_openpgp_keyring_t keyring,
61 unsigned int flags, unsigned int *verify)
63 gnutls_openpgp_keyid_t id;
70 return GNUTLS_E_NO_CERTIFICATE_FOUND;
75 rc = cdk_pk_check_sigs (key->knode, keyring->db, &status);
76 if (rc == CDK_Error_No_Key)
78 rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
82 else if (rc != CDK_Success)
84 _gnutls_x509_log("cdk_pk_check_sigs: error %d\n", rc);
85 rc = _gnutls_map_cdk_rc (rc);
89 _gnutls_x509_log("status: %x\n", status);
91 if (status & CDK_KEY_INVALID)
92 *verify |= GNUTLS_CERT_INVALID;
93 if (status & CDK_KEY_REVOKED)
94 *verify |= GNUTLS_CERT_REVOKED;
95 if (status & CDK_KEY_NOSIGNER)
96 *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
98 /* Check if the key is included in the ring. */
99 if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
101 rc = gnutls_openpgp_crt_get_key_id (key, id);
108 rc = gnutls_openpgp_keyring_check_id (keyring, id, 0);
109 /* If it exists in the keyring don't treat it as unknown. */
110 if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
111 *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND;
119 * gnutls_openpgp_crt_verify_self - Verify the self signature on the key
120 * @key: the structure that holds the key.
121 * @flags: unused (should be 0)
122 * @verify: will hold the key verification output.
124 * Verifies the self signature in the key. The key verification
125 * output will be put in @verify and will be one or more of the
126 * gnutls_certificate_status_t enumerated elements bitwise or'd.
128 * %GNUTLS_CERT_INVALID: The self signature on the key is invalid.
130 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
133 gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
134 unsigned int flags, unsigned int *verify)
139 rc = cdk_pk_check_self_sig (key->knode, &status);
140 if (rc || status != CDK_KEY_VALID)
141 *verify |= GNUTLS_CERT_INVALID;
projects / gnutls:gnutls.git / blob