[Help-gnutls] Re: Failure to import an OpenPGP private key

Ludovic Courtès ludovic.courtes at laas.fr
Tue Jan 9 11:02:44 CET 2007 

Hi,

Simon Josefsson <simon at josefsson.org> writes:

> However, maybe this is a good place to take the opportunity to get rid
> of the _E_gnutls_* variables entirely, and to fix your problem at the
> same time.  I think that is the cleanest solution here.  nm suggests
> that the entire variable list is:
>
> 00000000 B _E_gnutls_openpgp_get_raw_key_creation_time
> 00000004 B _E_gnutls_openpgp_get_raw_key_expiration_time
> 00000004 C _E_gnutls_openpgp_raw_key_to_gcert
> 00000004 C _E_gnutls_openpgp_raw_privkey_to_gkey
> 00000008 B _E_gnutls_openpgp_verify_key
> 00000000 B _E_gnutls_openpgp_fingerprint
> 00000004 C _E_gnutls_openpgp_key_deinit
> 00000004 C _E_gnutls_openpgp_key_to_gcert
> 00000004 C _E_gnutls_openpgp_privkey_deinit
> 00000004 C _E_gnutls_openpgp_privkey_to_gkey
>          U _E_gnutls_openpgp_raw_key_to_gcert
> 00000004 B _E_gnutls_openpgp_request_key
>
> The variables are implemented in libgnutls-extra and used by
> libgnutls, when libgnutls-extra is loaded, only in lib/auth_cert.c and
> lib/gnutls_cert.c.  I'm not yet sure how to do this, ideas and
> suggestions most welcome.  Perhaps more code related to openpgp should
> be moved from libgnutls to libgnutls-extra.

How about having a per-certificate-type "vtable", with pointers to
methods like:

  certificate_init_from_raw_key
  certificate_deinit
  certificate_send
  process_server_certificate
  ...

There are various places (e.g., in `auth_cert.c') where code
encapsulates specific X509 and OpenPGP knowledge, with things like:

  if (cert_type == GNUTLS_CRT_X509)
    ...
  else
    /* OpenPGP */

That code would instead do things like:

  _gnutls_certificate_type_vtable[cert_type].certificate_deinit (...);

(The indirection itself could rather be implemented in inline functions
that would also make sure that the method pointer is not NULL.)

`libgnutls-extra' would appropriately fill out
`_gnutls_certificate_type_vtable[GNUTLS_CRT_OPENPGP]' upon
initialization.

Determining the exact set of methods may require quite a bit of work.
However, in doing so, we'd probably automatically end up moving
OpenPGP-specific bits back from `libgnutls' to `libgnutls-extra', which
is good.

As far as the OpenPGP private key import bug is concerned, the initial
solution would still be easier to achieve.  ;-)

What do you think?

Thanks,
Ludovic.

More information about the Gnutls-help mailing list