/* ***************************************************************************** * * File: fko_encryption.c * * Author: Damien S. Stuart * * Purpose: Set/Get the spa encryption type. * * Copyright 2009-2010 Damien Stuart (dstuart@dstuart.org) * * License (GNU Public License): * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * ***************************************************************************** */ #include "fko_common.h" #include "fko.h" #include "cipher_funcs.h" #include "base64.h" #if HAVE_LIBGPGME #include "gpgme_funcs.h" #if HAVE_SYS_STAT_H #include #endif #endif /* Prep and encrypt using Rijndael */ static int _rijndael_encrypt(fko_ctx_t ctx, const char *enc_key) { char *plain; char *b64cipher; unsigned char *cipher; int cipher_len; /* Make a bucket big enough to hold the enc msg + digest (plaintext) * and populate it appropriately. */ plain = malloc(strlen(ctx->encoded_msg) + strlen(ctx->digest) + 4); if(plain == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); snprintf(plain, strlen(ctx->encoded_msg) + strlen(ctx->digest) + 4, "%s:%s", ctx->encoded_msg, ctx->digest); /* Make a bucket for the encrypted version and populate it. */ cipher = malloc(strlen(plain) + 32); /* Plus padding for salt and Block */ if(cipher == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); cipher_len = rij_encrypt( (unsigned char*)plain, strlen(plain), (char*)enc_key, cipher ); /* Now make a bucket for the base64-encoded version and populate it. */ b64cipher = malloc(((cipher_len / 3) * 4) + 8); if(b64cipher == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); b64_encode(cipher, b64cipher, cipher_len); strip_b64_eq(b64cipher); ctx->encrypted_msg = strdup(b64cipher); /* Clean-up */ free(plain); free(cipher); free(b64cipher); if(ctx->encrypted_msg == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); return(FKO_SUCCESS); } /* Decode, decrypt, and parse SPA data into the context. */ static int _rijndael_decrypt(fko_ctx_t ctx, const char *dec_key) { char *tbuf; unsigned char *ndx; unsigned char *cipher; int cipher_len, pt_len, i, err = 0; int b64_len = strlen(ctx->encrypted_msg); /* Now see if we need to add the "Salted__" string to the front of the * encrypted data. */ if(strncmp(ctx->encrypted_msg, B64_RIJNDAEL_SALT, strlen(B64_RIJNDAEL_SALT))) { /* We need to realloc space for the salt. */ tbuf = realloc(ctx->encrypted_msg, b64_len + 12); if(tbuf == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); memmove(tbuf+strlen(B64_RIJNDAEL_SALT), tbuf, b64_len); ctx->encrypted_msg = memcpy(tbuf, B64_RIJNDAEL_SALT, strlen(B64_RIJNDAEL_SALT)); /* Adjust b64_len for added SALT value and Make sure we are still * a properly NULL-terminated string (Ubuntu was one system for * which this was an issue). */ b64_len += strlen(B64_RIJNDAEL_SALT); tbuf[b64_len] = '\0'; } /* Create a bucket for the (base64) decoded encrypted data and get the * raw cipher data. */ cipher = malloc(strlen(ctx->encrypted_msg)); if(cipher == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); cipher_len = b64_decode(ctx->encrypted_msg, cipher); /* Create a bucket for the plaintext data and decrypt the message * data into it. */ ctx->encoded_msg = malloc(cipher_len); if(ctx->encoded_msg == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); pt_len = rij_decrypt(cipher, cipher_len, dec_key, (unsigned char*)ctx->encoded_msg); /* Done with cipher... */ free(cipher); /* The length of the decrypted data should be within 32 bytes of the * length of the encrypted version. */ if(pt_len < (cipher_len - 32)) return(FKO_ERROR_DECRYPTION_SIZE); /* At this point we can check the data to see if we have a good * decryption by ensuring the first field (16-digit random decimal * value) is valid and is followed by a colon. Additional checks * are made in fko_decode_spa_data(). */ ndx = (unsigned char *)ctx->encoded_msg; for(i=0; i 0 || *ndx != ':') return(FKO_ERROR_DECRYPTION_FAILURE); /* Call fko_decode and return the results. */ return(fko_decode_spa_data(ctx)); } #if HAVE_LIBGPGME /* Prep and encrypt using gpgme */ static int gpg_encrypt(fko_ctx_t ctx, const char *enc_key) { int res; char *plain; char *b64cipher; unsigned char *cipher = NULL; size_t cipher_len; /* First make sure we have a recipient key set. */ if(ctx->gpg_recipient == NULL) return(FKO_ERROR_MISSING_GPG_KEY_DATA); /* Make a bucket big enough to hold the enc msg + digest (plaintext) * and populate it appropriately. */ plain = malloc(strlen(ctx->encoded_msg) + strlen(ctx->digest) + 2); if(plain == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); snprintf(plain, strlen(ctx->encoded_msg) + strlen(ctx->digest) + 2, "%s:%s", ctx->encoded_msg, ctx->digest); res = gpgme_encrypt(ctx, (unsigned char*)plain, strlen(plain), enc_key, &cipher, &cipher_len ); /* --DSS XXX: Better parsing of what went wrong would be nice :) */ if(res != FKO_SUCCESS) { free(plain); if(cipher) free(cipher); return(res); } /* Now make a bucket for the base64-encoded version and populate it. */ b64cipher = malloc(((cipher_len / 3) * 4) + 8); if(b64cipher == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); b64_encode(cipher, b64cipher, cipher_len); strip_b64_eq(b64cipher); ctx->encrypted_msg = strdup(b64cipher); /* Clean-up */ free(plain); free(cipher); free(b64cipher); if(ctx->encrypted_msg == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); return(FKO_SUCCESS); } /* Prep and decrypt using gpgme */ static int gpg_decrypt(fko_ctx_t ctx, const char *dec_key) { char *tbuf; unsigned char *cipher; size_t cipher_len; int res; int b64_len = strlen(ctx->encrypted_msg); /* Now see if we need to add the "hQ" string to the front of the * base64-encoded-GPG-encrypted data. */ if(strncmp(ctx->encrypted_msg, B64_GPG_PREFIX, strlen(B64_GPG_PREFIX))) { /* We need to realloc space for the GPG prefix of hQ. */ tbuf = realloc(ctx->encrypted_msg, b64_len + 12); if(tbuf == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); memmove(tbuf+strlen(B64_GPG_PREFIX), tbuf, b64_len); ctx->encrypted_msg = memcpy(tbuf, B64_GPG_PREFIX, strlen(B64_GPG_PREFIX)); /* Adjust b64_len for added SALT value and Make sure we are still * a properly NULL-terminated string (Ubuntu was one system for * which this was an issue). */ b64_len += strlen(B64_GPG_PREFIX); tbuf[b64_len] = '\0'; } /* Create a bucket for the (base64) decoded encrypted data and get the * raw cipher data. */ cipher = malloc(strlen(ctx->encrypted_msg)); if(cipher == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); cipher_len = b64_decode(ctx->encrypted_msg, cipher); /* Create a bucket for the plaintext data and decrypt the message * data into it. */ /* --DSS Actually, the needed memory will be malloced in the gpgme_decrypt // function. Just leaving this here for reference (for now). //ctx->encoded_msg = malloc(cipher_len); //if(ctx->encoded_msg == NULL) // return(FKO_ERROR_MEMORY_ALLOCATION); */ res = gpgme_decrypt(ctx, cipher, cipher_len, dec_key, (unsigned char**)&ctx->encoded_msg, &cipher_len ); /* Done with cipher... */ free(cipher); if(res != FKO_SUCCESS) return(res); /* XXX: We could put some kind of sanity check of the decrypted * data here */ /* Call fko_decode and return the results. */ return(fko_decode_spa_data(ctx)); } #endif /* HAVE_LIBGPGME */ /* Set the SPA encryption type. */ int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(encrypt_type < 0 || encrypt_type >= FKO_LAST_ENCRYPTION_TYPE) return(FKO_ERROR_INVALID_DATA); ctx->encryption_type = encrypt_type; ctx->state |= FKO_ENCRYPT_TYPE_MODIFIED; return(FKO_SUCCESS); } /* Return the SPA encryption type. */ int fko_get_spa_encryption_type(fko_ctx_t ctx, short *enc_type) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *enc_type = ctx->encryption_type; return(FKO_SUCCESS); } /* Encrypt the encoded SPA data. */ int fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key) { int res = 0; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) { return(FKO_ERROR_CTX_NOT_INITIALIZED); } /* If there is no encoded data or the SPA data has been modified, * go ahead and re-encode here. */ if(ctx->encoded_msg == NULL || FKO_IS_SPA_DATA_MODIFIED(ctx)) res = fko_encode_spa_data(ctx); if(res) return(res); /* Croak on invalid encoded message as well. At present this is a * check for a somewhat arbitrary minimum length for the encoded * data. */ if(strlen(ctx->encoded_msg) < MIN_SPA_ENCODED_MSG_SIZE) { return(FKO_ERROR_MISSING_ENCODED_DATA); } /* Encrypt according to type and return... */ if(ctx->encryption_type == FKO_ENCRYPTION_RIJNDAEL) res = _rijndael_encrypt(ctx, enc_key); else if(ctx->encryption_type == FKO_ENCRYPTION_GPG) #if HAVE_LIBGPGME res = gpg_encrypt(ctx, enc_key); #else res = FKO_ERROR_UNSUPPORTED_FEATURE; #endif else res = FKO_ERROR_INVALID_ENCRYPTION_TYPE; return(res); } /* Decode, decrypt, and parse SPA data into the context. */ int fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key) { int enc_type, res; /* Get the (assumed) type of encryption used. This will also provide * some data validation. */ enc_type = fko_encryption_type(ctx->encrypted_msg); //strlen(ctx->encrypted_msg) < MIN_SPA_ENCODED_MSG_SIZE) if(enc_type == FKO_ENCRYPTION_GPG) { ctx->encryption_type = FKO_ENCRYPTION_GPG; #if HAVE_LIBGPGME res = gpg_decrypt(ctx, dec_key); #else res = FKO_ERROR_UNSUPPORTED_FEATURE; #endif } else if(enc_type == FKO_ENCRYPTION_RIJNDAEL) { ctx->encryption_type = FKO_ENCRYPTION_RIJNDAEL; res = _rijndael_decrypt(ctx, dec_key); } else return(FKO_ERROR_INVALID_DATA); return(res); } /* Return the assumed encryption type based on the raw encrypted data. */ int fko_encryption_type(const char *enc_data) { int enc_data_len; /* Sanity check the data. */ if(enc_data == NULL) return(FKO_ENCRYPTION_INVALID_DATA); /* Determine type of encryption used. For now, we are using the * size of the message. * * XXX: We will want to come up with a more reliable method of * identifying the encryption type. */ enc_data_len = strlen(enc_data); if(enc_data_len >= MIN_GNUPG_MSG_SIZE) return(FKO_ENCRYPTION_GPG); else if(enc_data_len < MIN_GNUPG_MSG_SIZE && enc_data_len >= MIN_SPA_ENCODED_MSG_SIZE) return(FKO_ENCRYPTION_RIJNDAEL); else return(FKO_ENCRYPTION_UNKNOWN); } /* Set the GPG recipient key name. */ int fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip) { #if HAVE_LIBGPGME int res; gpgme_key_t key = NULL; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); ctx->gpg_recipient = strdup(recip); if(ctx->gpg_recipient == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); /* Get the key. */ res = get_gpg_key(ctx, &key, 0); if(res != FKO_SUCCESS) { free(ctx->gpg_recipient); ctx->gpg_recipient = NULL; return(res); } ctx->recipient_key = key; ctx->state |= FKO_DATA_MODIFIED; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /* Set the GPG home dir. */ int fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe) { #if HAVE_LIBGPGME struct stat st; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* If we are unable to stat the given path/file and determine if it * is a regular file or symbolic link, then return with error. */ if(stat(gpg_exe, &st) != 0) return(FKO_ERROR_GPGME_BAD_GPG_EXE); if(!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) return(FKO_ERROR_GPGME_BAD_GPG_EXE); ctx->gpg_exe = strdup(gpg_exe); if(ctx->gpg_exe == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /* Get the GPG home dir. */ int fko_get_gpg_exe(fko_ctx_t ctx, char **gpg_exe) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *gpg_exe = ctx->gpg_exe; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /* Get the GPG recipient key name. */ int fko_get_gpg_recipient(fko_ctx_t ctx, char **recipient) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *recipient = ctx->gpg_recipient; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /* Set the GPG signer key name. */ int fko_set_gpg_signer(fko_ctx_t ctx, const char *signer) { #if HAVE_LIBGPGME int res; gpgme_key_t key = NULL; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); ctx->gpg_signer = strdup(signer); if(ctx->gpg_signer == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); /* Get the key. */ res = get_gpg_key(ctx, &key, 1); if(res != FKO_SUCCESS) { free(ctx->gpg_signer); ctx->gpg_signer = NULL; return(res); } ctx->signer_key = key; ctx->state |= FKO_DATA_MODIFIED; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /* Get the GPG signer key name. */ int fko_get_gpg_signer(fko_ctx_t ctx, char **signer) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *signer = ctx->gpg_signer; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /* Set the GPG home dir. */ int fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir) { #if HAVE_LIBGPGME struct stat st; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* If we are unable to stat the given dir, then return with error. */ if(stat(gpg_home_dir, &st) != 0) return(FKO_ERROR_GPGME_BAD_HOME_DIR); if(!S_ISDIR(st.st_mode)) return(FKO_ERROR_GPGME_BAD_HOME_DIR); ctx->gpg_home_dir = strdup(gpg_home_dir); if(ctx->gpg_home_dir == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /* Get the GPG home dir. */ int fko_get_gpg_home_dir(fko_ctx_t ctx, char **home_dir) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *home_dir = ctx->gpg_home_dir; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); ctx->verify_gpg_sigs = (val != 0) ? 1 : 0; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *val = ctx->verify_gpg_sigs; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); ctx->ignore_gpg_sig_error = (val != 0) ? 1 : 0; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char *val) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *val = ctx->ignore_gpg_sig_error; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_get_gpg_signature_fpr(fko_ctx_t ctx, char **fpr) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* Must be using GPG encryption. */ if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); /* Make sure we are supposed to verify signatures. */ if(ctx->verify_gpg_sigs == 0) return(FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED); /* Make sure we have a signature to work with. */ if(ctx->gpg_sigs == NULL) return(FKO_ERROR_GPGME_NO_SIGNATURE); *fpr = ctx->gpg_sigs->fpr; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_get_gpg_signature_id(fko_ctx_t ctx, char **id) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* Must be using GPG encryption. */ if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); /* Make sure we are supposed to verify signatures. */ if(ctx->verify_gpg_sigs == 0) return(FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED); /* Make sure we have a signature to work with. */ if(ctx->gpg_sigs == NULL) return(FKO_ERROR_GPGME_NO_SIGNATURE); *id = ctx->gpg_sigs->fpr + strlen(ctx->gpg_sigs->fpr) - 8; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_get_gpg_signature_summary(fko_ctx_t ctx, int *sigsum) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* Must be using GPG encryption. */ if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); /* Make sure we are supposed to verify signatures. */ if(ctx->verify_gpg_sigs == 0) return(FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED); /* Make sure we have a signature to work with. */ if(ctx->gpg_sigs == NULL) return(FKO_ERROR_GPGME_NO_SIGNATURE); *sigsum = ctx->gpg_sigs->summary; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* Must be using GPG encryption. */ if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); /* Make sure we are supposed to verify signatures. */ if(ctx->verify_gpg_sigs == 0) return(FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED); /* Make sure we have a signature to work with. */ if(ctx->gpg_sigs == NULL) return(FKO_ERROR_GPGME_NO_SIGNATURE); *sigstat = ctx->gpg_sigs->status; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result) { #if HAVE_LIBGPGME char *curr_id; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* Must be using GPG encryption. */ if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); /* Make sure we are supposed to verify signatures. */ if(ctx->verify_gpg_sigs == 0) return(FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED); /* Make sure we have a signature to work with. */ if(ctx->gpg_sigs == NULL) return(FKO_ERROR_GPGME_NO_SIGNATURE); fko_get_gpg_signature_id(ctx, &curr_id); *result = strcmp(id, curr_id) == 0 ? 1 : 0; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *id, unsigned char *result) { #if HAVE_LIBGPGME /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* Must be using GPG encryption. */ if(ctx->encryption_type != FKO_ENCRYPTION_GPG) return(FKO_ERROR_WRONG_ENCRYPTION_TYPE); /* Make sure we are supposed to verify signatures. */ if(ctx->verify_gpg_sigs == 0) return(FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED); /* Make sure we have a signature to work with. */ if(ctx->gpg_sigs == NULL) return(FKO_ERROR_GPGME_NO_SIGNATURE); *result = strcmp(id, ctx->gpg_sigs->fpr) == 0 ? 1 : 0; return(FKO_SUCCESS); #else return(FKO_ERROR_UNSUPPORTED_FEATURE); #endif /* HAVE_LIBGPGME */ } /***EOF***/