diff options
-rw-r--r-- | lib/auth/cert.c | 8 | ||||
-rw-r--r-- | lib/openpgp/privkey.c | 18 |
2 files changed, 21 insertions, 5 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index c5dd933fd7..3e10051df3 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -856,8 +856,10 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session, gnutls_pcert_st *apr_cert_list; gnutls_privkey_t apr_pkey; int apr_cert_list_length; + unsigned int subkey; uint8_t type; uint8_t fpr[20]; + char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1]; size_t fpr_size; /* find the appropriate certificate */ @@ -871,18 +873,18 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session, ret = 3 + 1 + 3; - - if (apr_cert_list_length > 0) { fpr_size = sizeof (fpr); ret = gnutls_pubkey_get_openpgp_key_id (apr_cert_list[0].pubkey, 0, fpr, - &fpr_size, NULL); + &fpr_size, &subkey); if (ret < 0) return gnutls_assert_val (ret); ret += 1 + fpr_size; /* for the keyid */ + _gnutls_handshake_log("Sending PGP key ID %s (%s)\n", _gnutls_bin2hex(fpr, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL), + subkey?"subkey":"master"); ret += apr_cert_list[0].cert.size; } diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index 6ee2584b6b..ec4c306b34 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -1310,6 +1310,7 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, gnutls_pk_params_st params; int pk_algorithm; uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1]; if (key == NULL) { @@ -1324,6 +1325,8 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, int idx; KEYID_IMPORT (kid, keyid); + + _gnutls_hard_log("Signing using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL)); idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); pk_algorithm = @@ -1333,6 +1336,8 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, } else { + _gnutls_hard_log("Signing using master PGP key\n"); + pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); result = _gnutls_openpgp_privkey_get_mpis (key, NULL, ¶ms); } @@ -1345,7 +1350,7 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, result = - _gnutls_pk_sign (pk_algorithm, signature, hash, ¶ms); + _gnutls_soft_sign (pk_algorithm, ¶ms, hash, signature); gnutls_pk_params_release(¶ms); @@ -1382,6 +1387,7 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, gnutls_pk_params_st params; int pk_algorithm; uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + char buf[2*GNUTLS_OPENPGP_KEYID_SIZE+1]; if (key == NULL) { @@ -1395,6 +1401,9 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, uint32_t kid[2]; KEYID_IMPORT (kid, keyid); + + _gnutls_hard_log("Decrypting using PGP key ID %s\n", _gnutls_bin2hex(keyid, GNUTLS_OPENPGP_KEYID_SIZE, buf, sizeof(buf), NULL)); + result = _gnutls_openpgp_privkey_get_mpis (key, kid, ¶ms); i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); @@ -1403,6 +1412,8 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, } else { + _gnutls_hard_log("Decrypting using master PGP key\n"); + pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); result = _gnutls_openpgp_privkey_get_mpis (key, NULL, ¶ms); @@ -1415,7 +1426,10 @@ _gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, return result; } - result = _gnutls_pk_decrypt (pk_algorithm, plaintext, ciphertext, ¶ms); + if (pk_algorithm != GNUTLS_PK_RSA) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + result = _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, ¶ms, 2); gnutls_pk_params_release(¶ms); |