2003-08-05 17:11:04 +00:00
|
|
|
|
/* fingerprint.c - Get the fingerprint
|
|
|
|
|
* Copyright (C) 2001 Free Software Foundation, Inc.
|
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 19:49:40 +00:00
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-08-05 17:11:04 +00:00
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2003-08-05 17:11:04 +00:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <errno.h>
|
2011-02-04 12:57:53 +01:00
|
|
|
|
#include <unistd.h>
|
2003-08-05 17:11:04 +00:00
|
|
|
|
#include <time.h>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include "gpgsm.h"
|
|
|
|
|
#include <gcrypt.h>
|
|
|
|
|
#include <ksba.h>
|
|
|
|
|
|
2017-03-07 20:21:23 +09:00
|
|
|
|
#include "../common/host2net.h"
|
2015-02-11 10:27:57 +01:00
|
|
|
|
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
/* Return the fingerprint of the certificate (we can't put this into
|
|
|
|
|
libksba because we need libgcrypt support). The caller must
|
|
|
|
|
provide an array of sufficient length or NULL so that the function
|
|
|
|
|
allocates the array. If r_len is not NULL, the length of the
|
|
|
|
|
digest is returned; well, this can also be done by using
|
|
|
|
|
gcry_md_get_algo_dlen(). If algo is 0, a SHA-1 will be used.
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
If there is a problem , the function does never return NULL but a
|
|
|
|
|
digest of all 0xff.
|
|
|
|
|
*/
|
2005-06-16 08:12:03 +00:00
|
|
|
|
unsigned char *
|
|
|
|
|
gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
|
|
|
|
|
unsigned char *array, int *r_len)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
gcry_md_hd_t md;
|
|
|
|
|
int rc, len;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (!algo)
|
|
|
|
|
algo = GCRY_MD_SHA1;
|
|
|
|
|
|
|
|
|
|
len = gcry_md_get_algo_dlen (algo);
|
2020-07-08 14:40:34 +02:00
|
|
|
|
log_assert (len);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (!array)
|
|
|
|
|
array = xmalloc (len);
|
|
|
|
|
|
|
|
|
|
if (r_len)
|
|
|
|
|
*r_len = len;
|
|
|
|
|
|
2007-03-20 16:57:40 +00:00
|
|
|
|
/* Fist check whether we have cached the fingerprint. */
|
|
|
|
|
if (algo == GCRY_MD_SHA1)
|
|
|
|
|
{
|
|
|
|
|
size_t buflen;
|
|
|
|
|
|
2020-07-08 14:40:34 +02:00
|
|
|
|
log_assert (len >= 20);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (!ksba_cert_get_user_data (cert, "sha1-fingerprint",
|
2007-03-20 16:57:40 +00:00
|
|
|
|
array, len, &buflen)
|
|
|
|
|
&& buflen == 20)
|
|
|
|
|
return array;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* No, need to compute it. */
|
2003-08-05 17:11:04 +00:00
|
|
|
|
rc = gcry_md_open (&md, algo, 0);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("md_open failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
memset (array, 0xff, len); /* better return an invalid fpr than NULL */
|
|
|
|
|
return array;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
2003-11-12 15:17:44 +00:00
|
|
|
|
log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
|
2003-08-05 17:11:04 +00:00
|
|
|
|
gcry_md_close (md);
|
|
|
|
|
memset (array, 0xff, len); /* better return an invalid fpr than NULL */
|
|
|
|
|
return array;
|
|
|
|
|
}
|
|
|
|
|
gcry_md_final (md);
|
|
|
|
|
memcpy (array, gcry_md_read(md, algo), len );
|
2006-12-18 01:03:07 +00:00
|
|
|
|
gcry_md_close (md);
|
2007-03-20 16:57:40 +00:00
|
|
|
|
|
|
|
|
|
/* Cache an SHA-1 fingerprint. */
|
|
|
|
|
if ( algo == GCRY_MD_SHA1 )
|
|
|
|
|
ksba_cert_set_user_data (cert, "sha1-fingerprint", array, 20);
|
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return array;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Return an allocated buffer with the formatted fingerprint */
|
|
|
|
|
char *
|
2003-12-17 12:28:24 +00:00
|
|
|
|
gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
unsigned char digest[MAX_DIGEST_LEN];
|
|
|
|
|
char *buf;
|
2007-03-20 16:57:40 +00:00
|
|
|
|
int len;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
if (!algo)
|
|
|
|
|
algo = GCRY_MD_SHA1;
|
|
|
|
|
|
|
|
|
|
len = gcry_md_get_algo_dlen (algo);
|
2020-07-08 14:40:34 +02:00
|
|
|
|
log_assert (len <= MAX_DIGEST_LEN );
|
2003-08-05 17:11:04 +00:00
|
|
|
|
gpgsm_get_fingerprint (cert, algo, digest, NULL);
|
|
|
|
|
buf = xmalloc (len*3+1);
|
2007-03-20 16:57:40 +00:00
|
|
|
|
bin2hexcolon (digest, len, buf);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return an allocated buffer with the formatted fingerprint as one
|
|
|
|
|
large hexnumber */
|
|
|
|
|
char *
|
2003-12-17 12:28:24 +00:00
|
|
|
|
gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
unsigned char digest[MAX_DIGEST_LEN];
|
|
|
|
|
char *buf;
|
2007-03-20 16:57:40 +00:00
|
|
|
|
int len;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
if (!algo)
|
|
|
|
|
algo = GCRY_MD_SHA1;
|
|
|
|
|
|
|
|
|
|
len = gcry_md_get_algo_dlen (algo);
|
2020-07-08 14:40:34 +02:00
|
|
|
|
log_assert (len <= MAX_DIGEST_LEN );
|
2003-08-05 17:11:04 +00:00
|
|
|
|
gpgsm_get_fingerprint (cert, algo, digest, NULL);
|
2007-03-20 16:57:40 +00:00
|
|
|
|
buf = xmalloc (len*2+1);
|
|
|
|
|
bin2hex (digest, len, buf);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return a certificate ID. These are the last 4 bytes of the SHA-1
|
2009-03-25 16:05:16 +00:00
|
|
|
|
fingerprint. If R_HIGH is not NULL the next 4 bytes are stored
|
|
|
|
|
there. */
|
2003-08-05 17:11:04 +00:00
|
|
|
|
unsigned long
|
2009-03-25 16:05:16 +00:00
|
|
|
|
gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
unsigned char digest[20];
|
|
|
|
|
|
|
|
|
|
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
|
2009-03-25 16:05:16 +00:00
|
|
|
|
if (r_high)
|
2015-02-11 10:27:57 +01:00
|
|
|
|
*r_high = buf32_to_ulong (digest+12);
|
|
|
|
|
return buf32_to_ulong (digest + 16);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Return the so called KEYGRIP which is the SHA-1 hash of the public
|
Spelling cleanup.
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 09:34:42 -05:00
|
|
|
|
key parameters expressed as an canonical encoded S-Exp. ARRAY must
|
2009-01-08 19:51:59 +00:00
|
|
|
|
be 20 bytes long. Returns ARRAY or a newly allocated buffer if ARRAY was
|
|
|
|
|
given as NULL. May return NULL on error. */
|
2005-06-16 08:12:03 +00:00
|
|
|
|
unsigned char *
|
|
|
|
|
gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
gcry_sexp_t s_pkey;
|
|
|
|
|
int rc;
|
2003-12-17 12:28:24 +00:00
|
|
|
|
ksba_sexp_t p;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
size_t n;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
p = ksba_cert_get_public_key (cert);
|
|
|
|
|
if (!p)
|
|
|
|
|
return NULL; /* oops */
|
|
|
|
|
|
|
|
|
|
if (DBG_X509)
|
2004-04-07 17:59:18 +00:00
|
|
|
|
log_debug ("get_keygrip for public key\n");
|
2003-08-05 17:11:04 +00:00
|
|
|
|
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
|
|
|
|
|
if (!n)
|
|
|
|
|
{
|
|
|
|
|
log_error ("libksba did not return a proper S-Exp\n");
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2005-06-16 08:12:03 +00:00
|
|
|
|
rc = gcry_sexp_sscan ( &s_pkey, NULL, (char*)p, n);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
xfree (p);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
array = gcry_pk_get_keygrip (s_pkey, array);
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
if (!array)
|
|
|
|
|
{
|
|
|
|
|
log_error ("can't calculate keygrip\n");
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if (DBG_X509)
|
2020-04-23 10:00:18 +02:00
|
|
|
|
log_printhex (array, 20, "keygrip:");
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
return array;
|
|
|
|
|
}
|
|
|
|
|
|
2009-03-06 17:31:27 +00:00
|
|
|
|
/* Return an allocated buffer with the keygrip of CERT encoded as a
|
|
|
|
|
hexstring. NULL is returned in case of error. */
|
2003-08-05 17:11:04 +00:00
|
|
|
|
char *
|
2003-12-17 12:28:24 +00:00
|
|
|
|
gpgsm_get_keygrip_hexstring (ksba_cert_t cert)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
|
|
|
|
unsigned char grip[20];
|
2007-03-20 16:57:40 +00:00
|
|
|
|
char *buf;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
2009-01-08 19:51:59 +00:00
|
|
|
|
if (!gpgsm_get_keygrip (cert, grip))
|
|
|
|
|
return NULL;
|
|
|
|
|
buf = xtrymalloc (20*2+1);
|
|
|
|
|
if (buf)
|
|
|
|
|
bin2hex (grip, 20, buf);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-05-11 15:36:48 +00:00
|
|
|
|
/* Return the PK algorithm used by CERT as well as the length in bits
|
2020-05-07 09:45:49 +02:00
|
|
|
|
* of the public key at NBITS. If R_CURVE is not NULL and an ECC
|
|
|
|
|
* algorithm is used the name or OID of the curve is stored there; the
|
|
|
|
|
* caller needs to free this value. */
|
2004-05-11 15:36:48 +00:00
|
|
|
|
int
|
2023-10-24 14:51:16 +02:00
|
|
|
|
gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits, char **r_curve)
|
2004-05-11 15:36:48 +00:00
|
|
|
|
{
|
|
|
|
|
gcry_sexp_t s_pkey;
|
|
|
|
|
int rc;
|
|
|
|
|
ksba_sexp_t p;
|
|
|
|
|
size_t n;
|
|
|
|
|
gcry_sexp_t l1, l2;
|
2020-05-07 09:45:49 +02:00
|
|
|
|
const char *curve;
|
2004-05-11 15:36:48 +00:00
|
|
|
|
const char *name;
|
|
|
|
|
char namebuf[128];
|
|
|
|
|
|
|
|
|
|
if (nbits)
|
|
|
|
|
*nbits = 0;
|
2020-05-07 09:45:49 +02:00
|
|
|
|
if (r_curve)
|
|
|
|
|
*r_curve = NULL;
|
2004-05-11 15:36:48 +00:00
|
|
|
|
|
|
|
|
|
p = ksba_cert_get_public_key (cert);
|
|
|
|
|
if (!p)
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return 0;
|
2004-05-11 15:36:48 +00:00
|
|
|
|
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
|
|
|
|
|
if (!n)
|
|
|
|
|
{
|
|
|
|
|
xfree (p);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2005-06-16 08:12:03 +00:00
|
|
|
|
rc = gcry_sexp_sscan (&s_pkey, NULL, (char *)p, n);
|
2004-05-11 15:36:48 +00:00
|
|
|
|
xfree (p);
|
|
|
|
|
if (rc)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (nbits)
|
|
|
|
|
*nbits = gcry_pk_get_nbits (s_pkey);
|
|
|
|
|
|
|
|
|
|
/* Breaking the algorithm out of the S-exp is a bit of a challenge ... */
|
|
|
|
|
l1 = gcry_sexp_find_token (s_pkey, "public-key", 0);
|
|
|
|
|
if (!l1)
|
|
|
|
|
{
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2020-05-07 09:45:49 +02:00
|
|
|
|
|
|
|
|
|
if (r_curve)
|
|
|
|
|
{
|
|
|
|
|
curve = gcry_pk_get_curve (l1, 0, NULL);
|
|
|
|
|
if (curve)
|
|
|
|
|
{
|
|
|
|
|
name = openpgp_oid_to_curve (openpgp_curve_to_oid (curve,
|
|
|
|
|
NULL, NULL), 0);
|
|
|
|
|
*r_curve = xtrystrdup (name? name : curve);
|
|
|
|
|
if (!*r_curve)
|
|
|
|
|
{
|
|
|
|
|
gcry_sexp_release (l1);
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
return 0; /* Out of core. */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-11 15:36:48 +00:00
|
|
|
|
l2 = gcry_sexp_cadr (l1);
|
|
|
|
|
gcry_sexp_release (l1);
|
|
|
|
|
l1 = l2;
|
|
|
|
|
name = gcry_sexp_nth_data (l1, 0, &n);
|
|
|
|
|
if (name)
|
|
|
|
|
{
|
|
|
|
|
if (n > sizeof namebuf -1)
|
|
|
|
|
n = sizeof namebuf -1;
|
|
|
|
|
memcpy (namebuf, name, n);
|
|
|
|
|
namebuf[n] = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
*namebuf = 0;
|
|
|
|
|
gcry_sexp_release (l1);
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
return gcry_pk_map_name (namebuf);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2022-10-24 17:38:49 +02:00
|
|
|
|
/* Return true if CERT is an ECC key. */
|
|
|
|
|
int
|
|
|
|
|
gpgsm_is_ecc_key (ksba_cert_t cert)
|
|
|
|
|
{
|
2023-10-24 14:51:16 +02:00
|
|
|
|
return GCRY_PK_ECC == gpgsm_get_key_algo_info (cert, NULL, NULL);
|
2022-10-24 17:38:49 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-07-08 14:40:34 +02:00
|
|
|
|
/* This is a wrapper around pubkey_algo_string which takes a KSBA
|
|
|
|
|
* certificate instead of a Gcrypt public key. Note that this
|
2020-05-07 09:45:49 +02:00
|
|
|
|
* function may return NULL on error. */
|
|
|
|
|
char *
|
|
|
|
|
gpgsm_pubkey_algo_string (ksba_cert_t cert, int *r_algoid)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
gcry_sexp_t s_pkey;
|
|
|
|
|
ksba_sexp_t p;
|
|
|
|
|
size_t n;
|
|
|
|
|
enum gcry_pk_algos algoid;
|
|
|
|
|
char *algostr;
|
|
|
|
|
|
|
|
|
|
p = ksba_cert_get_public_key (cert);
|
|
|
|
|
if (!p)
|
|
|
|
|
return NULL;
|
|
|
|
|
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
|
|
|
|
|
if (!n)
|
|
|
|
|
{
|
|
|
|
|
xfree (p);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
err = gcry_sexp_sscan (&s_pkey, NULL, (char *)p, n);
|
|
|
|
|
xfree (p);
|
|
|
|
|
if (err)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
algostr = pubkey_algo_string (s_pkey, r_algoid? &algoid : NULL);
|
|
|
|
|
if (algostr && r_algoid)
|
|
|
|
|
*r_algoid = algoid;
|
|
|
|
|
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
return algostr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2017-10-17 21:10:19 +02:00
|
|
|
|
/* If KEY is an RSA key, return its modulus. For non-RSA keys or on
|
|
|
|
|
* error return NULL. */
|
|
|
|
|
gcry_mpi_t
|
|
|
|
|
gpgsm_get_rsa_modulus (ksba_cert_t cert)
|
|
|
|
|
{
|
|
|
|
|
gpg_error_t err;
|
|
|
|
|
gcry_sexp_t key;
|
|
|
|
|
gcry_sexp_t list = NULL;
|
|
|
|
|
gcry_sexp_t l2 = NULL;
|
|
|
|
|
char *name = NULL;
|
|
|
|
|
gcry_mpi_t modulus = NULL;
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
ksba_sexp_t ckey;
|
|
|
|
|
size_t n;
|
|
|
|
|
|
|
|
|
|
ckey = ksba_cert_get_public_key (cert);
|
|
|
|
|
if (!ckey)
|
|
|
|
|
return NULL;
|
|
|
|
|
n = gcry_sexp_canon_len (ckey, 0, NULL, NULL);
|
|
|
|
|
if (!n)
|
|
|
|
|
{
|
|
|
|
|
xfree (ckey);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
err = gcry_sexp_sscan (&key, NULL, (char *)ckey, n);
|
|
|
|
|
xfree (ckey);
|
|
|
|
|
if (err)
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
list = gcry_sexp_find_token (key, "public-key", 0);
|
|
|
|
|
if (!list)
|
|
|
|
|
list = gcry_sexp_find_token (key, "private-key", 0);
|
|
|
|
|
if (!list)
|
|
|
|
|
list = gcry_sexp_find_token (key, "protected-private-key", 0);
|
|
|
|
|
if (!list)
|
|
|
|
|
list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
|
|
|
|
|
|
|
|
|
|
gcry_sexp_release (key);
|
|
|
|
|
if (!list)
|
|
|
|
|
return NULL; /* No suitable key. */
|
|
|
|
|
|
|
|
|
|
l2 = gcry_sexp_cadr (list);
|
|
|
|
|
gcry_sexp_release (list);
|
|
|
|
|
list = l2;
|
|
|
|
|
l2 = NULL;
|
|
|
|
|
|
|
|
|
|
name = gcry_sexp_nth_string (list, 0);
|
|
|
|
|
if (!name)
|
|
|
|
|
;
|
|
|
|
|
else if (gcry_pk_map_name (name) == GCRY_PK_RSA)
|
|
|
|
|
{
|
|
|
|
|
l2 = gcry_sexp_find_token (list, "n", 1);
|
|
|
|
|
if (l2)
|
|
|
|
|
modulus = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gcry_free (name);
|
|
|
|
|
gcry_sexp_release (l2);
|
|
|
|
|
gcry_sexp_release (list);
|
|
|
|
|
return modulus;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-11 15:36:48 +00:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
/* For certain purposes we need a certificate id which has an upper
|
|
|
|
|
limit of the size. We use the hash of the issuer name and the
|
|
|
|
|
serial number for this. In most cases the serial number is not
|
|
|
|
|
that large and the resulting string can be passed on an assuan
|
|
|
|
|
command line. Everything is hexencoded with the serialnumber
|
2011-02-04 12:57:53 +01:00
|
|
|
|
delimited from the hash by a dot.
|
2003-08-05 17:11:04 +00:00
|
|
|
|
|
|
|
|
|
The caller must free the string.
|
|
|
|
|
*/
|
|
|
|
|
char *
|
2003-12-17 12:28:24 +00:00
|
|
|
|
gpgsm_get_certid (ksba_cert_t cert)
|
2003-08-05 17:11:04 +00:00
|
|
|
|
{
|
2003-12-17 12:28:24 +00:00
|
|
|
|
ksba_sexp_t serial;
|
2005-06-16 08:12:03 +00:00
|
|
|
|
char *p;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
char *endp;
|
|
|
|
|
unsigned char hash[20];
|
|
|
|
|
unsigned long n;
|
|
|
|
|
char *certid;
|
|
|
|
|
int i;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-08-05 17:11:04 +00:00
|
|
|
|
p = ksba_cert_get_issuer (cert, 0);
|
|
|
|
|
if (!p)
|
|
|
|
|
return NULL; /* Ooops: No issuer */
|
|
|
|
|
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, p, strlen (p));
|
|
|
|
|
xfree (p);
|
|
|
|
|
|
|
|
|
|
serial = ksba_cert_get_serial (cert);
|
|
|
|
|
if (!serial)
|
|
|
|
|
return NULL; /* oops: no serial number */
|
2005-06-16 08:12:03 +00:00
|
|
|
|
p = (char *)serial;
|
2003-08-05 17:11:04 +00:00
|
|
|
|
if (*p != '(')
|
|
|
|
|
{
|
|
|
|
|
log_error ("Ooops: invalid serial number\n");
|
|
|
|
|
xfree (serial);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
p++;
|
|
|
|
|
n = strtoul (p, &endp, 10);
|
|
|
|
|
p = endp;
|
|
|
|
|
if (*p != ':')
|
|
|
|
|
{
|
|
|
|
|
log_error ("Ooops: invalid serial number (no colon)\n");
|
|
|
|
|
xfree (serial);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
p++;
|
|
|
|
|
|
|
|
|
|
certid = xtrymalloc ( 40 + 1 + n*2 + 1);
|
|
|
|
|
if (!certid)
|
|
|
|
|
{
|
|
|
|
|
xfree (serial);
|
|
|
|
|
return NULL; /* out of core */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i=0, endp = certid; i < 20; i++, endp += 2 )
|
|
|
|
|
sprintf (endp, "%02X", hash[i]);
|
|
|
|
|
*endp++ = '.';
|
|
|
|
|
for (i=0; i < n; i++, endp += 2)
|
2005-07-19 11:23:02 +00:00
|
|
|
|
sprintf (endp, "%02X", ((unsigned char*)p)[i]);
|
2003-08-05 17:11:04 +00:00
|
|
|
|
*endp = 0;
|
|
|
|
|
|
|
|
|
|
xfree (serial);
|
|
|
|
|
return certid;
|
|
|
|
|
}
|