* certcheck.c (gpgsm_create_cms_signature): Format a description

for use by the pinentry. * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP. * certdump.c (format_name_cookie, format_name_writer) (gpgsm_format_name): New. (gpgsm_format_serial): New. (gpgsm_format_keydesc): New. * call-agent.c (gpgsm_agent_pksign): New arg DESC. (gpgsm_agent_pkdecrypt): Ditto.
2004-02-13 17:06:50 +00:00 · 2004-02-13 17:06:50 +00:00 · 01486117e8
parent cbff0b05e5
commit 01486117e8
7 changed files with 236 additions and 13 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,5 +1,15 @@
 2004-02-13  Werner Koch  <wk@gnupg.org>

+	* certcheck.c (gpgsm_create_cms_signature): Format a description
+	for use by the pinentry.
+	* decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
+	* certdump.c (format_name_cookie, format_name_writer) 
+	(gpgsm_format_name): New.
+	(gpgsm_format_serial): New.
+	(gpgsm_format_keydesc): New.
+	* call-agent.c (gpgsm_agent_pksign): New arg DESC.
+	(gpgsm_agent_pkdecrypt): Ditto.
+
 	* encrypt.c (init_dek): Check for too weak algorithms.

 	* import.c (parse_p12, popen_protect_tool): New.
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -301,7 +301,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
 /* Call the agent to do a sign operation using the key identified by
   the hex string KEYGRIP. */
 int
-gpgsm_agent_pksign (const char *keygrip,
+gpgsm_agent_pksign (const char *keygrip, const char *desc,
                    unsigned char *digest, size_t digestlen, int digestalgo,
                    char **r_buf, size_t *r_buflen )
 {
@ -328,6 +328,16 @@ gpgsm_agent_pksign (const char *keygrip,
  if (rc)
    return map_assuan_err (rc);

+  if (desc)
+    {
+      snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+      line[DIM(line)-1] = 0;
+      rc = assuan_transact (agent_ctx, line,
+                            NULL, NULL, NULL, NULL, NULL, NULL);
+      if (rc)
+        return map_assuan_err (rc);
+    }
+
  sprintf (line, "SETHASH %d ", digestalgo);
  p = line + strlen (line);
  for (i=0; i < digestlen ; i++, p += 2 )
@ -376,7 +386,7 @@ inq_ciphertext_cb (void *opaque, const char *keyword)
 /* Call the agent to do a decrypt operation using the key identified by
   the hex string KEYGRIP. */
 int
-gpgsm_agent_pkdecrypt (const char *keygrip,
+gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
                       ksba_const_sexp_t ciphertext, 
                       char **r_buf, size_t *r_buflen )
 {
@ -411,6 +421,16 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
  if (rc)
    return map_assuan_err (rc);

+  if (desc)
+    {
+      snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+      line[DIM(line)-1] = 0;
+      rc = assuan_transact (agent_ctx, line,
+                            NULL, NULL, NULL, NULL, NULL, NULL);
+      if (rc)
+        return map_assuan_err (rc);
+    }
+
  init_membuf (&data, 1024);
  cipher_parm.ctx = agent_ctx;
  cipher_parm.ciphertext = ciphertext;
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -282,16 +282,19 @@ gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
                            char **r_sigval)
 {
  int rc;
-  char *grip;
+  char *grip, *desc;
  size_t siglen;

  grip = gpgsm_get_keygrip_hexstring (cert);
  if (!grip)
    return gpg_error (GPG_ERR_BAD_CERT);

-  rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo), 
+  desc = gpgsm_format_keydesc (cert);
+
+  rc = gpgsm_agent_pksign (grip, desc, gcry_md_read(md, mdalgo), 
                           gcry_md_get_algo_dlen (mdalgo), mdalgo,
                           r_sigval, &siglen);
+  xfree (desc);
  xfree (grip);
  return rc;
 }
--- a/sm/certdump.c
+++ b/sm/certdump.c
@ -1,5 +1,5 @@
 /* certdump.c - Dump a certificate for debugging
- *	Copyright (C) 2001 Free Software Foundation, Inc.
+ *	Copyright (C) 2001, 2004 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -94,6 +94,41 @@ gpgsm_dump_serial (ksba_const_sexp_t p)
    }
 }

+
+char *
+gpgsm_format_serial (ksba_const_sexp_t p)
+{
+  unsigned long n;
+  char *endp;
+  char *buffer;
+  int i;
+
+  if (!p)
+    return NULL;
+
+  if (*p != '(')
+    BUG (); /* Not a valid S-expression. */
+
+  p++;
+  n = strtoul (p, &endp, 10);
+  p = endp;
+  if (*p!=':')
+    BUG (); /* Not a valid S-expression. */
+  p++;
+
+  buffer = xtrymalloc (n*2+1);
+  if (buffer)
+    {
+      for (i=0; n; n--, p++, i+=2)
+        sprintf (buffer+i, "%02X", *(unsigned char *)p);
+      buffer[i] = 0;
+    }
+  return buffer;
+}
+
+
+
+
 void
 gpgsm_print_time (FILE *fp, ksba_isotime_t t)
 {
@ -479,3 +514,149 @@ gpgsm_print_name (FILE *fp, const char *name)



+/* A cookie structure used for the memory stream. */
+struct format_name_cookie 
+{
+  char *buffer;         /* Malloced buffer with the data to deliver. */
+  size_t size;          /* Allocated size of this buffer. */
+  size_t len;           /* strlen (buffer). */
+  int error;            /* system error code if any. */
+};
+
+/* The writer function for the memory stream. */
+static int 
+format_name_writer (void *cookie, const char *buffer, size_t size)
+{
+  struct format_name_cookie *c = cookie;
+  char *p;
+
+  if (c->buffer)
+    p = xtryrealloc (c->buffer, c->size + size + 1);
+  else
+    p = xtrymalloc (size + 1);
+  if (!p)
+    {
+      c->error = errno;
+      xfree (c->buffer);
+      errno = c->error;
+      return -1;
+    }
+  c->buffer = p;
+  memcpy (p + c->len, buffer, size);
+  c->len += size;
+  p[c->len] = 0; /* Terminate string. */ 
+
+  return size;
+}
+
+/* Format NAME which is expected to be in rfc2253 format into a better
+   human readable format. Caller must free the returned string.  NULL
+   is returned in case of an error. */
+char *
+gpgsm_format_name (const char *name)
+{
+#if defined (HAVE_FOPENCOOKIE)||  defined (HAVE_FUNOPEN)
+  FILE *fp;
+  struct format_name_cookie cookie;
+
+  memset (&cookie, 0, sizeof cookie);
+
+#ifdef HAVE_FOPENCOOKIE
+  {
+    cookie_io_functions_t io = { NULL };
+    io.write = format_name_writer;
+    
+    fp = fopencookie (&cookie, "w", io);
+  }
+#else /*!HAVE_FOPENCOOKIE*/
+  {
+    fp = funopen (&cookie, NULL, format_name_writer, NULL, NULL);
+  }
+#endif /*!HAVE_FOPENCOOKIE*/
+  if (!fp)
+    {
+      int save_errno = errno;
+      log_error ("error creating memory stream: %s\n", strerror (errno));
+      errno = save_errno;
+      return NULL;
+    }
+  gpgsm_print_name (fp, name);
+  fclose (fp);
+  if (cookie.error || !cookie.buffer)
+    {
+      xfree (cookie.buffer);
+      errno = cookie.error;
+      return NULL;
+    }
+  return cookie.buffer;
+#else /* No fun - use the name verbatim. */
+  return xtrystrdup (name);
+#endif /* No fun. */
+}
+
+
+/* Create a key description for the CERT, this may be passed to the
+   pinentry.  The caller must free the returned string. NULL may be
+   returned on error. */
+char *
+gpgsm_format_keydesc (ksba_cert_t cert)
+{
+  char *name, *subject, *buffer, *p;
+  const char *s;
+  ksba_isotime_t t;
+  char created[20];
+  char *sn;
+  ksba_sexp_t sexp;
+
+  name = ksba_cert_get_subject (cert, 0);
+  subject = name? gpgsm_format_name (name) : NULL;
+  ksba_free (name); name = NULL;
+
+  sexp = ksba_cert_get_serial (cert);
+  sn = sexp? gpgsm_format_serial (sexp) : NULL;
+  ksba_free (sexp);
+
+  ksba_cert_get_validity (cert, 0, t);
+  if (t && *t)
+    sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6);
+  else
+    *created = 0;
+
+  if ( asprintf (&name,
+                 _("Please enter the passphrase to unlock the"
+                   " secret key for:\n"
+                   "\"%s\"\n"
+                   "S/N %s, ID %08lX, created %s" ),
+                 subject? subject:"?",
+                 sn? sn: "?",
+                 gpgsm_get_short_fingerprint (cert),
+                 created) < 0)
+    {
+      int save_errno = errno;
+      xfree (subject);
+      xfree (sn);
+      errno = save_errno;
+      return NULL;
+    }
+  
+  xfree (subject);
+  xfree (sn);
+
+  buffer = p = xtrymalloc (strlen (name) * 3 + 1);
+  for (s=name; *s; s++)
+    {
+      if (*s < ' ' || *s == '+')
+        {
+          sprintf (p, "%%%02X", *(unsigned char *)s);
+          p += 3;
+        }
+      else if (*s == ' ')
+        *p++ = '+';
+      else
+        *p++ = *s;
+    }
+  *p = 0;
+  free (name); 
+
+  return buffer;
+}
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@ -614,7 +614,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public,
          for (n=0; n < 20; n++)
            sprintf (hexgrip+n*2, "%02X", grip[n]);

-          rc = gpgsm_agent_pksign (hexgrip,
+          rc = gpgsm_agent_pksign (hexgrip, NULL,
                                   gcry_md_read(md, GCRY_MD_SHA1), 
                                   gcry_md_get_algo_dlen (GCRY_MD_SHA1),
                                   GCRY_MD_SHA1,
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -54,14 +54,15 @@ struct decrypt_filter_parm_s {
 /* Decrypt the session key and fill in the parm structure.  The
   algo and the IV is expected to be already in PARM. */
 static int 
-prepare_decryption (const char *hexkeygrip, ksba_const_sexp_t enc_val,
+prepare_decryption (const char *hexkeygrip, const char *desc,
+                    ksba_const_sexp_t enc_val,
                    struct decrypt_filter_parm_s *parm)
 {
  char *seskey = NULL;
  size_t n, seskeylen;
  int rc;

-  rc = gpgsm_agent_pkdecrypt (hexkeygrip, enc_val,
+  rc = gpgsm_agent_pkdecrypt (hexkeygrip, desc, enc_val,
                              &seskey, &seskeylen);
  if (rc)
    {
@ -356,6 +357,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
              ksba_sexp_t serial;
              ksba_sexp_t enc_val;
              char *hexkeygrip = NULL;
+              char *desc = NULL;

              rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
              if (rc == -1 && recp)
@ -402,6 +404,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
                    }

                  hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
+                  desc = gpgsm_format_keydesc (cert);

                oops:
                  xfree (issuer);
@ -416,12 +419,12 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
                           recp);
              else
                {
-                  rc = prepare_decryption (hexkeygrip, enc_val, &dfparm);
+                  rc = prepare_decryption (hexkeygrip, desc, enc_val, &dfparm);
                  xfree (enc_val);
                  if (rc)
                    {
-                      log_debug ("decrypting session key failed: %s\n",
-                                 gpg_strerror (rc));
+                      log_info ("decrypting session key failed: %s\n",
+                                gpg_strerror (rc));
                    }
                  else
                    { /* setup the bulk decrypter */
@ -431,6 +434,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
                                              &dfparm);
                    }
                }
+              xfree (hexkeygrip);
+              xfree (desc);
            }
          if (!any_key)
            {
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -197,6 +197,10 @@ void gpgsm_dump_serial (ksba_const_sexp_t p);
 void gpgsm_dump_time (ksba_isotime_t t);
 void gpgsm_dump_string (const char *string);

+char *gpgsm_format_serial (ksba_const_sexp_t p);
+char *gpgsm_format_name (const char *name);
+
+char *gpgsm_format_keydesc (ksba_cert_t cert);


 /*-- certcheck.c --*/
@ -260,12 +264,12 @@ int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
 int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);

 /*-- call-agent.c --*/
-int gpgsm_agent_pksign (const char *keygrip,
+int gpgsm_agent_pksign (const char *keygrip, const char *desc,
                        unsigned char *digest,
                        size_t digestlen,
                        int digestalgo,
                        char **r_buf, size_t *r_buflen);
-int gpgsm_agent_pkdecrypt (const char *keygrip,
+int gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
                           ksba_const_sexp_t ciphertext, 
                           char **r_buf, size_t *r_buflen);
 int gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);