diff --git a/sm/ChangeLog b/sm/ChangeLog index 2e78d1f41..4af2437d3 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,5 +1,15 @@ 2004-02-13 Werner Koch + * certcheck.c (gpgsm_create_cms_signature): Format a description + for use by the pinentry. + * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP. + * certdump.c (format_name_cookie, format_name_writer) + (gpgsm_format_name): New. + (gpgsm_format_serial): New. + (gpgsm_format_keydesc): New. + * call-agent.c (gpgsm_agent_pksign): New arg DESC. + (gpgsm_agent_pkdecrypt): Ditto. + * encrypt.c (init_dek): Check for too weak algorithms. * import.c (parse_p12, popen_protect_tool): New. diff --git a/sm/call-agent.c b/sm/call-agent.c index fe740964b..30a1b6480 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -301,7 +301,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length) /* Call the agent to do a sign operation using the key identified by the hex string KEYGRIP. */ int -gpgsm_agent_pksign (const char *keygrip, +gpgsm_agent_pksign (const char *keygrip, const char *desc, unsigned char *digest, size_t digestlen, int digestalgo, char **r_buf, size_t *r_buflen ) { @@ -328,6 +328,16 @@ gpgsm_agent_pksign (const char *keygrip, if (rc) return map_assuan_err (rc); + if (desc) + { + snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); + line[DIM(line)-1] = 0; + rc = assuan_transact (agent_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc) + return map_assuan_err (rc); + } + sprintf (line, "SETHASH %d ", digestalgo); p = line + strlen (line); for (i=0; i < digestlen ; i++, p += 2 ) @@ -376,7 +386,7 @@ inq_ciphertext_cb (void *opaque, const char *keyword) /* Call the agent to do a decrypt operation using the key identified by the hex string KEYGRIP. */ int -gpgsm_agent_pkdecrypt (const char *keygrip, +gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc, ksba_const_sexp_t ciphertext, char **r_buf, size_t *r_buflen ) { @@ -411,6 +421,16 @@ gpgsm_agent_pkdecrypt (const char *keygrip, if (rc) return map_assuan_err (rc); + if (desc) + { + snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); + line[DIM(line)-1] = 0; + rc = assuan_transact (agent_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc) + return map_assuan_err (rc); + } + init_membuf (&data, 1024); cipher_parm.ctx = agent_ctx; cipher_parm.ciphertext = ciphertext; diff --git a/sm/certcheck.c b/sm/certcheck.c index 47cae13c0..dbd0ff1ba 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -282,16 +282,19 @@ gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo, char **r_sigval) { int rc; - char *grip; + char *grip, *desc; size_t siglen; grip = gpgsm_get_keygrip_hexstring (cert); if (!grip) return gpg_error (GPG_ERR_BAD_CERT); - rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo), + desc = gpgsm_format_keydesc (cert); + + rc = gpgsm_agent_pksign (grip, desc, gcry_md_read(md, mdalgo), gcry_md_get_algo_dlen (mdalgo), mdalgo, r_sigval, &siglen); + xfree (desc); xfree (grip); return rc; } diff --git a/sm/certdump.c b/sm/certdump.c index 26f3f7e2c..598ce7448 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -1,5 +1,5 @@ /* certdump.c - Dump a certificate for debugging - * Copyright (C) 2001 Free Software Foundation, Inc. + * Copyright (C) 2001, 2004 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -94,6 +94,41 @@ gpgsm_dump_serial (ksba_const_sexp_t p) } } + +char * +gpgsm_format_serial (ksba_const_sexp_t p) +{ + unsigned long n; + char *endp; + char *buffer; + int i; + + if (!p) + return NULL; + + if (*p != '(') + BUG (); /* Not a valid S-expression. */ + + p++; + n = strtoul (p, &endp, 10); + p = endp; + if (*p!=':') + BUG (); /* Not a valid S-expression. */ + p++; + + buffer = xtrymalloc (n*2+1); + if (buffer) + { + for (i=0; n; n--, p++, i+=2) + sprintf (buffer+i, "%02X", *(unsigned char *)p); + buffer[i] = 0; + } + return buffer; +} + + + + void gpgsm_print_time (FILE *fp, ksba_isotime_t t) { @@ -479,3 +514,149 @@ gpgsm_print_name (FILE *fp, const char *name) +/* A cookie structure used for the memory stream. */ +struct format_name_cookie +{ + char *buffer; /* Malloced buffer with the data to deliver. */ + size_t size; /* Allocated size of this buffer. */ + size_t len; /* strlen (buffer). */ + int error; /* system error code if any. */ +}; + +/* The writer function for the memory stream. */ +static int +format_name_writer (void *cookie, const char *buffer, size_t size) +{ + struct format_name_cookie *c = cookie; + char *p; + + if (c->buffer) + p = xtryrealloc (c->buffer, c->size + size + 1); + else + p = xtrymalloc (size + 1); + if (!p) + { + c->error = errno; + xfree (c->buffer); + errno = c->error; + return -1; + } + c->buffer = p; + memcpy (p + c->len, buffer, size); + c->len += size; + p[c->len] = 0; /* Terminate string. */ + + return size; +} + +/* Format NAME which is expected to be in rfc2253 format into a better + human readable format. Caller must free the returned string. NULL + is returned in case of an error. */ +char * +gpgsm_format_name (const char *name) +{ +#if defined (HAVE_FOPENCOOKIE)|| defined (HAVE_FUNOPEN) + FILE *fp; + struct format_name_cookie cookie; + + memset (&cookie, 0, sizeof cookie); + +#ifdef HAVE_FOPENCOOKIE + { + cookie_io_functions_t io = { NULL }; + io.write = format_name_writer; + + fp = fopencookie (&cookie, "w", io); + } +#else /*!HAVE_FOPENCOOKIE*/ + { + fp = funopen (&cookie, NULL, format_name_writer, NULL, NULL); + } +#endif /*!HAVE_FOPENCOOKIE*/ + if (!fp) + { + int save_errno = errno; + log_error ("error creating memory stream: %s\n", strerror (errno)); + errno = save_errno; + return NULL; + } + gpgsm_print_name (fp, name); + fclose (fp); + if (cookie.error || !cookie.buffer) + { + xfree (cookie.buffer); + errno = cookie.error; + return NULL; + } + return cookie.buffer; +#else /* No fun - use the name verbatim. */ + return xtrystrdup (name); +#endif /* No fun. */ +} + + +/* Create a key description for the CERT, this may be passed to the + pinentry. The caller must free the returned string. NULL may be + returned on error. */ +char * +gpgsm_format_keydesc (ksba_cert_t cert) +{ + char *name, *subject, *buffer, *p; + const char *s; + ksba_isotime_t t; + char created[20]; + char *sn; + ksba_sexp_t sexp; + + name = ksba_cert_get_subject (cert, 0); + subject = name? gpgsm_format_name (name) : NULL; + ksba_free (name); name = NULL; + + sexp = ksba_cert_get_serial (cert); + sn = sexp? gpgsm_format_serial (sexp) : NULL; + ksba_free (sexp); + + ksba_cert_get_validity (cert, 0, t); + if (t && *t) + sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6); + else + *created = 0; + + if ( asprintf (&name, + _("Please enter the passphrase to unlock the" + " secret key for:\n" + "\"%s\"\n" + "S/N %s, ID %08lX, created %s" ), + subject? subject:"?", + sn? sn: "?", + gpgsm_get_short_fingerprint (cert), + created) < 0) + { + int save_errno = errno; + xfree (subject); + xfree (sn); + errno = save_errno; + return NULL; + } + + xfree (subject); + xfree (sn); + + buffer = p = xtrymalloc (strlen (name) * 3 + 1); + for (s=name; *s; s++) + { + if (*s < ' ' || *s == '+') + { + sprintf (p, "%%%02X", *(unsigned char *)s); + p += 3; + } + else if (*s == ' ') + *p++ = '+'; + else + *p++ = *s; + } + *p = 0; + free (name); + + return buffer; +} diff --git a/sm/certreqgen.c b/sm/certreqgen.c index cffa564bd..a0addd2b4 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -614,7 +614,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public, for (n=0; n < 20; n++) sprintf (hexgrip+n*2, "%02X", grip[n]); - rc = gpgsm_agent_pksign (hexgrip, + rc = gpgsm_agent_pksign (hexgrip, NULL, gcry_md_read(md, GCRY_MD_SHA1), gcry_md_get_algo_dlen (GCRY_MD_SHA1), GCRY_MD_SHA1, diff --git a/sm/decrypt.c b/sm/decrypt.c index 427466a49..76524b51f 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -54,14 +54,15 @@ struct decrypt_filter_parm_s { /* Decrypt the session key and fill in the parm structure. The algo and the IV is expected to be already in PARM. */ static int -prepare_decryption (const char *hexkeygrip, ksba_const_sexp_t enc_val, +prepare_decryption (const char *hexkeygrip, const char *desc, + ksba_const_sexp_t enc_val, struct decrypt_filter_parm_s *parm) { char *seskey = NULL; size_t n, seskeylen; int rc; - rc = gpgsm_agent_pkdecrypt (hexkeygrip, enc_val, + rc = gpgsm_agent_pkdecrypt (hexkeygrip, desc, enc_val, &seskey, &seskeylen); if (rc) { @@ -356,6 +357,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp) ksba_sexp_t serial; ksba_sexp_t enc_val; char *hexkeygrip = NULL; + char *desc = NULL; rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); if (rc == -1 && recp) @@ -402,6 +404,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp) } hexkeygrip = gpgsm_get_keygrip_hexstring (cert); + desc = gpgsm_format_keydesc (cert); oops: xfree (issuer); @@ -416,12 +419,12 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp) recp); else { - rc = prepare_decryption (hexkeygrip, enc_val, &dfparm); + rc = prepare_decryption (hexkeygrip, desc, enc_val, &dfparm); xfree (enc_val); if (rc) { - log_debug ("decrypting session key failed: %s\n", - gpg_strerror (rc)); + log_info ("decrypting session key failed: %s\n", + gpg_strerror (rc)); } else { /* setup the bulk decrypter */ @@ -431,6 +434,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp) &dfparm); } } + xfree (hexkeygrip); + xfree (desc); } if (!any_key) { diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 2132c564e..eb40b1c49 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -197,6 +197,10 @@ void gpgsm_dump_serial (ksba_const_sexp_t p); void gpgsm_dump_time (ksba_isotime_t t); void gpgsm_dump_string (const char *string); +char *gpgsm_format_serial (ksba_const_sexp_t p); +char *gpgsm_format_name (const char *name); + +char *gpgsm_format_keydesc (ksba_cert_t cert); /*-- certcheck.c --*/ @@ -260,12 +264,12 @@ int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp); int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp); /*-- call-agent.c --*/ -int gpgsm_agent_pksign (const char *keygrip, +int gpgsm_agent_pksign (const char *keygrip, const char *desc, unsigned char *digest, size_t digestlen, int digestalgo, char **r_buf, size_t *r_buflen); -int gpgsm_agent_pkdecrypt (const char *keygrip, +int gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc, ksba_const_sexp_t ciphertext, char **r_buf, size_t *r_buflen); int gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);