Re: openpgp fingerprints for subkeys

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openpgp fingerprints for subkeys

From:	Daniel Kahn Gillmor
Subject:	Re: openpgp fingerprints for subkeys
Date:	Mon, 16 Jun 2008 10:21:43 -0400
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)

On Mon 2008-06-16 09:41:06 -0400, Nikos Mavrogiannopoulos wrote:

> On Mon, Jun 16, 2008 at 11:55 AM, Simon Josefsson <address@hidden> wrote:
>
>> Is it easy to implement this?  I think we could squeeze this
>> addition into 2.4.0 if you or Nikos come up with a patch soon.
>
> Could be easy but please do not delay the 2.4.0 for this. The
> merging of development with my branch is already very difficult!
> Such a function can be easily implemented at any point (currently
> I'm not home so I cannot provide a quick patch).

Attached, please find a patch to provide this functionality.  I've
tested it locally against private keys and certificates, and it seems
to work.  I still don't understand the test infrastructure, though, so
i haven't added a test, unfortunately.

Feedback on the patch is welcome.  I'm afraid it's a bit of a
cargo-cult patch (a fair bit of copy/paste from similar functions),
and it further aggravates the other concern i wrote about having too
many duplicate OpenPGP functions.  But it produces the correct
fingerprints for me.

Regards,

        --dkg

PS i also fixed a misleading comment in one of the existing
   fingerprint function headers.  Sorry to have two things in one
   patch.

diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h
index e56a226..2bbd99f 100644
--- a/includes/gnutls/openpgp.h
+++ b/includes/gnutls/openpgp.h
@@ -73,6 +73,8 @@ extern "C"
                                        unsigned int *key_usage);
   int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
                                          size_t * fprlen);
+  int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, 
unsigned int idx,
+                                                void *fpr, size_t * fprlen);
 
   int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
                                   int idx, char *buf, size_t * sizeof_buf);
@@ -135,6 +137,8 @@ extern "C"
                                  gnutls_datum_t * signature);
   int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
                                    void *fpr, size_t * fprlen);
+  int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t 
key,
+                                                    unsigned int idx, void 
*fpr, size_t * fprlen);
   int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, 
gnutls_openpgp_keyid_t keyid);
   int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
   int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, 
const gnutls_openpgp_keyid_t keyid);
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 02834f7..70ef72d 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -226,7 +226,7 @@ gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
  * Get key fingerprint.  Depending on the algorithm, the fingerprint
  * can be 16 or 20 bytes.
  *
- * Returns: the fingerprint of the OpenPGP key.
+ * Returns: On success, 0 is returned.  Otherwise, an error code.
  **/
 int
 gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key,
@@ -258,6 +258,7 @@ gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t 
key,
   return 0;
 }
 
+
 int
 _gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key)
 {
@@ -937,6 +938,48 @@ gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
 }
 
 /**
+ * gnutls_openpgp_crt_get_subkey_fingerprint - Gets the fingerprint of a subkey
+ * @key: the raw data that contains the OpenPGP public key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get key fingerprint of a subkey.  Depending on the algorithm, the 
fingerprint
+ * can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned.  Otherwise, an error code.
+ **/
+int
+gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
+                                          unsigned int idx, void *fpr, size_t 
* fprlen)
+{
+  cdk_packet_t pkt;
+  cdk_pkt_pubkey_t pk = NULL;
+
+  if (!fpr || !fprlen)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  *fprlen = 0;
+
+  pkt = _get_public_subkey( key, idx);
+  if (!pkt)
+    return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+  pk = pkt->pkt.public_key;
+  *fprlen = 20;
+
+  /* FIXME: Check if the draft allows old PGP keys. */
+  if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+    *fprlen = 16;
+  cdk_pk_get_fingerprint (pk, fpr);
+
+  return 0;
+}
+
+/**
  * gnutls_openpgp_crt_get_subkey_idx - Returns the subkey's index
  * @key: the structure that contains the OpenPGP public key.
  * @keyid: the keyid.
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 5a7e2d5..b94a808 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -606,6 +606,51 @@ gnutls_openpgp_privkey_get_subkey_id 
(gnutls_openpgp_privkey_t key,
   return 0;
 }
 
+/**
+ * gnutls_openpgp_privkey_get_subkey_fingerprint - Gets the fingerprint of a 
subkey
+ * @key: the raw data that contains the OpenPGP secret key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get the fingerprint of an OpenPGP subkey. Depends on the
+ * algorithm, the fingerprint can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
+                                       unsigned int idx, void *fpr, size_t * 
fprlen)
+{
+  cdk_packet_t pkt;
+  cdk_pkt_pubkey_t pk = NULL;
+
+  if (!fpr || !fprlen)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  *fprlen = 0;
+
+  pkt = _get_secret_subkey( key, idx);
+  if (!pkt)
+    return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+
+  pk = pkt->pkt.secret_key->pk;
+  *fprlen = 20;
+  
+  if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+    *fprlen = 16;
+
+  cdk_pk_get_fingerprint (pk, fpr);
+
+  return 0;
+}
+
 /* Extracts DSA and RSA parameters from a certificate.
  */
 int

pgpUOOWTQbKve.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

openpgp fingerprints for subkeys, Daniel Kahn Gillmor, 2008/06/16
- Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
  - Re: openpgp fingerprints for subkeys, Nikos Mavrogiannopoulos, 2008/06/16
    - Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
    - Re: openpgp fingerprints for subkeys, Daniel Kahn Gillmor <=
    - Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
    - Re: openpgp fingerprints for subkeys, Daniel Kahn Gillmor, 2008/06/16
    - Re: openpgp fingerprints for subkeys, Daniel Kahn Gillmor, 2008/06/16
    - Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/16
    - Re: openpgp fingerprints for subkeys, Werner Koch, 2008/06/17
    - Re: openpgp fingerprints for subkeys, Simon Josefsson, 2008/06/18

Prev by Date: Re: OpenPGP certificate/key management thoughts about function re-organization and cleanup
Next by Date: Re: OpenPGP certificate/key management thoughts about function re-organization and cleanup
Previous by thread: Re: openpgp fingerprints for subkeys
Next by thread: Re: openpgp fingerprints for subkeys
Index(es):
- Date
- Thread