[gnutls-dev] Re: Client OpenPGP verification fails (solved)

Sun Aug 6 19:59:07 CEST 2006

Hi!

> Please remind me (in private) if there is some e-mail from you that
> contains a patch or something concrete that you'd like me to install.

Just the wrong return in cdk_kbnode_write_to_mem, everything else
works :-)

> > Afaik there's no function to import an OpenPGP key which is secured
> > by a pass phrase. I would like to implement one if you don't mind.
> > Please tell me if that's ok.
> 
> That seems useful, please go ahead!  Maybe the gpg-agent should be
> supported, but that's another story.

(Everything happens in libextra/gnutls_openpgp.c)

Rename _gnutls_openpgp_raw_privkey_to_gkey to
_gnutls_openpgp_raw_enc_privkey_to_gkey, give it an additional
parameter and call cdk_sk_unprotect if pw != NULL:

int
_gnutls_openpgp_raw_enc_privkey_to_gkey (gnutls_privkey * pkey, const
gnutls_datum_t * raw_key, const char *pw)
{
  /* no changes */

  if (pw)
  {
    if (cdk_sk_unprotect (pkt->pkt.secret_key, pw) != CDK_Success)
    {
      rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
      goto leave;
    }
  }

  /* no changes from here on */

  sk = pkt->pkt.secret_key;
  pke_algo = sk->pk->pubkey_algo;
  pkey->params_size = cdk_pk_get_npkey (pke_algo);

  /* and so on... */

}

Because the original function is missing now, add:

int
_gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey * pkey, const
gnutls_datum_t * raw_key)
{
  return _gnutls_openpgp_raw_enc_privkey_to_gkey (pkey, raw_key, NULL);
}

Rename gnutls_certificate_set_openpgp_key_mem, add pw parameter
and call _gnutls_openpgp_raw_enc_privkey_to_gkey instead of
_gnutls_openpgp_raw_privkey_to_gkey:

int
gnutls_certificate_set_openpgp_key_mem_enc
(gnutls_certificate_credentials_t res, const gnutls_datum_t * cert,
const gnutls_datum_t * key, const char *pw)
{
  /* no changes */

  rc = _gnutls_openpgp_raw_enc_privkey_to_gkey (&res->pkey[res->ncerts -
1], &raw, pw);

  /* no changes from here on */

  if (rc)
    {
      gnutls_assert ();
    }

  _gnutls_free_datum (&raw);

leave:
  cdk_kbnode_release (knode);

  return rc;
}

Add:

int
gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
res, const gnutls_datum_t * cert, const gnutls_datum_t * key)
{
  return gnutls_certificate_set_openpgp_key_mem_enc (res, cert, key,
NULL);
}

Rename gnutls_certificate_set_openpgp_key_file, add pw parameter
and call gnutls_certificate_set_openpgp_key_mem_enc instead of
gnutls_certificate_set_openpgp_key_mem:

int
gnutls_certificate_set_openpgp_key_file_enc
(gnutls_certificate_credentials_t res, const char *certfile, const char
*keyfile, const char *pw)
{
  /* no changes */

  rc = gnutls_certificate_set_openpgp_key_mem_enc (res, &cert, &key,
pw);

  /* no changes from here on */

  free (cert.data);
  free (key.data);

  if (rc < 0)
    {
      gnutls_assert ();
      return rc;
    }

  return 0;
}

Add:

int
gnutls_certificate_set_openpgp_key_file
(gnutls_certificate_credentials_t res, const char *certfile, const char
*keyfile)
{
  return gnutls_certificate_set_openpgp_key_file_enc (res, certfile,
keyfile, NULL);
}

Update the header files (includes/gnutls/extra.h and
libextra/openpgp/gnutls_openpgp.h). And please have a look at
_gnutls_openpgp_raw_enc_privkey_to_gkey; I'm not sure if there's
anything to do with pkt if cdk_sk_unprotect (pkt->pkt.secret_key, pw) !=
CDK_Success. Can't help you with gpg-agent, though.

greez

   Mario

PS
I've done some tests and didn't find any problems.