[gnutls-dev] Re: Client OpenPGP verification fails (solved)
Mario Lenz
mario.lenz at gmx.net
Sun Aug 6 19:59:07 CEST 2006
Hi!
> Please remind me (in private) if there is some e-mail from you that
> contains a patch or something concrete that you'd like me to install.
Just the wrong return in cdk_kbnode_write_to_mem, everything else
works :-)
> > Afaik there's no function to import an OpenPGP key which is secured
> > by a pass phrase. I would like to implement one if you don't mind.
> > Please tell me if that's ok.
>
> That seems useful, please go ahead! Maybe the gpg-agent should be
> supported, but that's another story.
(Everything happens in libextra/gnutls_openpgp.c)
Rename _gnutls_openpgp_raw_privkey_to_gkey to
_gnutls_openpgp_raw_enc_privkey_to_gkey, give it an additional
parameter and call cdk_sk_unprotect if pw != NULL:
int
_gnutls_openpgp_raw_enc_privkey_to_gkey (gnutls_privkey * pkey, const
gnutls_datum_t * raw_key, const char *pw)
{
/* no changes */
if (pw)
{
if (cdk_sk_unprotect (pkt->pkt.secret_key, pw) != CDK_Success)
{
rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
goto leave;
}
}
/* no changes from here on */
sk = pkt->pkt.secret_key;
pke_algo = sk->pk->pubkey_algo;
pkey->params_size = cdk_pk_get_npkey (pke_algo);
/* and so on... */
}
Because the original function is missing now, add:
int
_gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey * pkey, const
gnutls_datum_t * raw_key)
{
return _gnutls_openpgp_raw_enc_privkey_to_gkey (pkey, raw_key, NULL);
}
Rename gnutls_certificate_set_openpgp_key_mem, add pw parameter
and call _gnutls_openpgp_raw_enc_privkey_to_gkey instead of
_gnutls_openpgp_raw_privkey_to_gkey:
int
gnutls_certificate_set_openpgp_key_mem_enc
(gnutls_certificate_credentials_t res, const gnutls_datum_t * cert,
const gnutls_datum_t * key, const char *pw)
{
/* no changes */
rc = _gnutls_openpgp_raw_enc_privkey_to_gkey (&res->pkey[res->ncerts -
1], &raw, pw);
/* no changes from here on */
if (rc)
{
gnutls_assert ();
}
_gnutls_free_datum (&raw);
leave:
cdk_kbnode_release (knode);
return rc;
}
Add:
int
gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
res, const gnutls_datum_t * cert, const gnutls_datum_t * key)
{
return gnutls_certificate_set_openpgp_key_mem_enc (res, cert, key,
NULL);
}
Rename gnutls_certificate_set_openpgp_key_file, add pw parameter
and call gnutls_certificate_set_openpgp_key_mem_enc instead of
gnutls_certificate_set_openpgp_key_mem:
int
gnutls_certificate_set_openpgp_key_file_enc
(gnutls_certificate_credentials_t res, const char *certfile, const char
*keyfile, const char *pw)
{
/* no changes */
rc = gnutls_certificate_set_openpgp_key_mem_enc (res, &cert, &key,
pw);
/* no changes from here on */
free (cert.data);
free (key.data);
if (rc < 0)
{
gnutls_assert ();
return rc;
}
return 0;
}
Add:
int
gnutls_certificate_set_openpgp_key_file
(gnutls_certificate_credentials_t res, const char *certfile, const char
*keyfile)
{
return gnutls_certificate_set_openpgp_key_file_enc (res, certfile,
keyfile, NULL);
}
Update the header files (includes/gnutls/extra.h and
libextra/openpgp/gnutls_openpgp.h). And please have a look at
_gnutls_openpgp_raw_enc_privkey_to_gkey; I'm not sure if there's
anything to do with pkt if cdk_sk_unprotect (pkt->pkt.secret_key, pw) !=
CDK_Success. Can't help you with gpg-agent, though.
greez
Mario
PS
I've done some tests and didn't find any problems.
More information about the Gnutls-devel
mailing list