summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/auth/cert.c8
-rw-r--r--lib/openpgp/privkey.c18
2 files changed, 21 insertions, 5 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index c5dd933fd7..3e10051df3 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -856,8 +856,10 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session,
gnutls_pcert_st *apr_cert_list;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
+ unsigned int subkey;
uint8_t type;
uint8_t fpr[20];
+ char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
size_t fpr_size;
/* find the appropriate certificate */
@@ -871,18 +873,18 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session,
ret = 3 + 1 + 3;
-
-
if (apr_cert_list_length > 0)
{
fpr_size = sizeof (fpr);
ret =
gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey, 0, fpr,
- &fpr_size, NULL);
+ &fpr_size, &subkey);
if (ret < 0)
return gnutls_assert_val (ret);
ret += 1 + fpr_size; /* for the keyid */
+ _gnutls_handshake_log("Sending PGP key ID %s (%s)\n", _gnutls_bin2hex(fpr, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL),
+ subkey?"subkey":"master");
ret += apr_cert_list[0].cert.size;
}
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 6ee2584b6b..ec4c306b34 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -1310,6 +1310,7 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
gnutls_pk_params_st params;
int pk_algorithm;
uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
if (key == NULL)
{
@@ -1324,6 +1325,8 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
int idx;
KEYID_IMPORT (kid, keyid);
+
+ _gnutls_hard_log("Signing using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL));
idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
pk_algorithm =
@@ -1333,6 +1336,8 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
}
else
{
+ _gnutls_hard_log("Signing using master PGP key\n");
+
pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
result = _gnutls_openpgp_privkey_get_mpis (key, NULL, &params);
}
@@ -1345,7 +1350,7 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
result =
- _gnutls_pk_sign (pk_algorithm, signature, hash, &params);
+ _gnutls_soft_sign (pk_algorithm, &params, hash, signature);
gnutls_pk_params_release(&params);
@@ -1382,6 +1387,7 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
gnutls_pk_params_st params;
int pk_algorithm;
uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1];
if (key == NULL)
{
@@ -1395,6 +1401,9 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
uint32_t kid[2];
KEYID_IMPORT (kid, keyid);
+
+ _gnutls_hard_log("Decrypting using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL));
+
result = _gnutls_openpgp_privkey_get_mpis (key, kid, &params);
i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
@@ -1403,6 +1412,8 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
}
else
{
+ _gnutls_hard_log("Decrypting using master PGP key\n");
+
pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
result = _gnutls_openpgp_privkey_get_mpis (key, NULL, &params);
@@ -1415,7 +1426,10 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
return result;
}
- result = _gnutls_pk_decrypt (pk_algorithm, plaintext, ciphertext, &params);
+ if (pk_algorithm != GNUTLS_PK_RSA)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ result = _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, &params, 2);
gnutls_pk_params_release(&params);