libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys.

Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.

5 files changed, 106 insertions, 1 deletions

diff --git a/AUTHORS b/AUTHORS
index eb5667792a..456f4c6c60 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -45,6 +45,9 @@ TLS/IA fixes.
 Joe Orton <jorton@redhat.com>
 Certificate name import/export, build fixes, test vectors.
 
+Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+OpenPGP discussion and improvements.
+
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 URL: http://josefsson.org/key.txt (always latest version)
 Comment: This 0xB565716F key is used to sign releases of GnuTLS.
diff --git a/NEWS b/NEWS
index b043ffb293..a6ea5c0576 100644
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,12 @@ See the end for copying conditions.
 
 * Version 2.4.0 (unreleased)
 
+** libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
 ** API and ABI modifications:
-No changes since last version.
+gnutls_openpgp_crt_get_subkey_fingerprint: ADDED.
+gnutls_openpgp_privkey_get_subkey_fingerprint: ADDED.
 
 * Version 2.3.15 (released 2008-06-15)
 
diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h
index e56a226e4e..ecb05183c8 100644
--- a/includes/gnutls/openpgp.h
+++ b/includes/gnutls/openpgp.h
@@ -73,6 +73,9 @@ extern "C"
 					unsigned int *key_usage);
   int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
 					  size_t * fprlen);
+  int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
+						 unsigned int idx,
+						 void *fpr, size_t * fprlen);
 
   int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
 				   int idx, char *buf, size_t * sizeof_buf);
@@ -135,6 +138,10 @@ extern "C"
 				  gnutls_datum_t * signature);
   int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
 				    void *fpr, size_t * fprlen);
+  int
+  gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
+						 unsigned int idx,
+						 void *fpr, size_t * fprlen);
   int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, gnutls_openpgp_keyid_t keyid);
   int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
   int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, const gnutls_openpgp_keyid_t keyid);
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 493cee5ab0..13d97d4530 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -936,6 +936,51 @@ gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
 }
 
 /**
+ * gnutls_openpgp_crt_get_subkey_fingerprint - Gets the fingerprint of a subkey
+ * @key: the raw data that contains the OpenPGP public key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get key fingerprint of a subkey.  Depending on the algorithm, the
+ * fingerprint can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned.  Otherwise, an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
+					   unsigned int idx,
+					   void *fpr, size_t * fprlen)
+{
+  cdk_packet_t pkt;
+  cdk_pkt_pubkey_t pk = NULL;
+
+  if (!fpr || !fprlen)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  *fprlen = 0;
+
+  pkt = _get_public_subkey( key, idx);
+  if (!pkt)
+    return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+  pk = pkt->pkt.public_key;
+  *fprlen = 20;
+
+  /* FIXME: Check if the draft allows old PGP keys. */
+  if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+    *fprlen = 16;
+  cdk_pk_get_fingerprint (pk, fpr);
+
+  return 0;
+}
+
+/**
  * gnutls_openpgp_crt_get_subkey_idx - Returns the subkey's index
  * @key: the structure that contains the OpenPGP public key.
  * @keyid: the keyid.
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 5a7e2d53c5..b843a9e373 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -606,6 +606,52 @@ gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
   return 0;
 }
 
+/**
+ * gnutls_openpgp_privkey_get_subkey_fingerprint - Gets the fingerprint of a subkey
+ * @key: the raw data that contains the OpenPGP secret key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get the fingerprint of an OpenPGP subkey.  Depends on the
+ * algorithm, the fingerprint can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
+					       unsigned int idx,
+					       void *fpr, size_t * fprlen)
+{
+  cdk_packet_t pkt;
+  cdk_pkt_pubkey_t pk = NULL;
+
+  if (!fpr || !fprlen)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  *fprlen = 0;
+
+  pkt = _get_secret_subkey( key, idx);
+  if (!pkt)
+    return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+
+  pk = pkt->pkt.secret_key->pk;
+  *fprlen = 20;
+
+  if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+    *fprlen = 16;
+
+  cdk_pk_get_fingerprint (pk, fpr);
+
+  return 0;
+}
+
 /* Extracts DSA and RSA parameters from a certificate.
  */
 int