Internal error returned from within gnutls_certificate_set_openpgp_key()

Joke de Buhr joke at seiken.de
Sun Sep 23 16:54:39 CEST 2012 

On Sunday 23 September 2012 12:23:01 Nikos Mavrogiannopoulos wrote:
> On 09/22/2012 08:53 PM, Joke de Buhr wrote:
> > the internal error occurs with "lib/openpgp/privkey.c" during reimporting
> > the private key "gnutls_openpgp_privkey_import()" line 111.
> > the key is exported into memory and imported from memory later on. the
> > buffer created for the export is exactly as big as the binary format
> > export from gnupg2. i did a memory dump via gdb and discovered the dumped
> > key and the original gnupg key differ in some places. the differences are
> > locate within the
> > files. gnupg seems to be able to import the dumped key again.
> > i trace the origin of the error value back to read_subpkt() origination
> > from
> > 
> > #0 read_subpkt() at opencdk/read-packet.c:609
> > #1 read_signature() at opencdk/read-packet.c:788
> > #2 cdk_pkt_read() at opencdk/read-packet.c:1076
> > #3 cdk_keydb_get_keyblock() at opencdk/keydb.c:1820
> > #4 cdk_kbnode_read_from_mem() at opencdk/kbnode.c:426
> > #5 gnutls_openpgp_privkey_import() at openpgp/privkey.c:184
> > #6 _gnutls_openpgp_privkey_cpy() at openpgp/privkey.c:110
> > #7 gnutls_privkey_import_openpgp() at gnutls_privkey.c:590
> > #8 gnutls_certificate_set_openpgp_key() at openpgp/gnutls_openpgp.c:106
> > #9 main() at /dev/shm/test.c++:61
> > read_subpkt sets nbytes in "read-paket.c:792". the nbytes is subtracted
> > from size.
> 
> I see this code expects size to get negative at some point,
> so if you change the type of size to ssize_t does it help?

i changed the type of size from size_t to ssize_t. on a quick check the error 
change from GNUTLS_E_INTERNAL_ERROR to GNUTLS_E_MPI_SCAN_FAILED.
fixing the problem doesn't seem to be that simple unfortunately.

> > if you need further information i need to know what i should be looking
> > for.
> Could you provide me with a scenario and the certificates needed to
> reproduce it?

of cause. if the mailing list doesn't support attachments i can inline them.

the example program reads the keys, initializes the structures and sets the 
credential. it should be calls with public key as first argument and private 
key as second. both in raw binary format.

the key contains a rsa master key usable for certification only and a rsa 
subkey capable for siging, encryption and authentication.

the key was generated with gnupg2 in expert mode to allow custom flags to be 
set. it was exported with "gpg2 --openpgp --export".

> >> About the signing flags, you need them in order to use DHE-RSA and
> >> ECDHE-RSA. Those two require RSA signatures. The RSA algorithm requires
> >> an RSA encryption key. Does this explain what you notice?
> > 
> > rfc6091 and the old rfc5081 both state in section 3.3 state:
> Seeing that it seems some unfortunate mix of terminology. RFC4880 says
> "Authentication via digital signatures", so authentication in this
> context is signing, and from my discussions with OpenPGP people at that
> time, I accepted that the term authentication key was used to mean the
> signing key.

well the signing (S), encryption (E) and authentication (A) flags can be set 
individually with gnupg operating in expert mode (--expert). the master key 
has an additional flags for certification (C).

subkeys with authentication flag are used when gpg-agent operates in ssh-agent 
mode and connects to a ssh server. i'm sure gnupg does the authentication via 
digital signatures during the sshd handshake.

since the actual behavior is a bit unclear i think it would be helpful to 
mention gnutls requires the signing flag in the gnutls documentation. but i can 
definitely get your point.

> There is no big confusion (IMO) because RSA keys can be used for digital
> signatures or encryption, and DSA keys for digital signatures (there is
> no separate authentication usage).
> 
> > i don't know enough of openpgp certificate internals but the rfc doesn't
> > mention anything about a signing capable certificate. the gnutls
> > documentation on the other hand states in section 4 to use DHS_RSA the
> > key must by capable of signing.

to be precise of cause openpgp certificates can be used for signing but the rfc 
doesn't mention anything about the need to enable signing flags.

> This is correct.
> 
> regards,
> Nikos

regards
joke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pub.gpg
Type: application/pgp-encrypted
Size: 2782 bytes
Desc: not available
URL: </pipermail/attachments/20120923/994fe537/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: priv.gpg
Type: application/pgp-encrypted
Size: 5364 bytes
Desc: not available
URL: </pipermail/attachments/20120923/994fe537/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.c
Type: text/x-c++src
Size: 1317 bytes
Desc: not available
URL: </pipermail/attachments/20120923/994fe537/attachment.cc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 729 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120923/994fe537/attachment.pgp>

More information about the Gnutls-help mailing list