security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

* certcheck.c (gpgsm_create_cms_signature): Format a description

Browse Source 
for use by the pinentry.
* decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
* certdump.c (format_name_cookie, format_name_writer)
(gpgsm_format_name): New.
(gpgsm_format_serial): New.
(gpgsm_format_keydesc): New.
* call-agent.c (gpgsm_agent_pksign): New arg DESC.
(gpgsm_agent_pkdecrypt): Ditto.
This commit is contained in:
Werner Koch 2004-02-13 17:06:50 +00:00
parent cbff0b05e5
commit 01486117e8
7 changed files with 236 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sm/ChangeLog
View File

@ -1,5 +1,15 @@
2004-02-13 Werner Koch <wk@gnupg.org>
* certcheck.c (gpgsm_create_cms_signature): Format a description
for use by the pinentry.
* decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
* certdump.c (format_name_cookie, format_name_writer)
(gpgsm_format_name): New.
(gpgsm_format_serial): New.
(gpgsm_format_keydesc): New.
* call-agent.c (gpgsm_agent_pksign): New arg DESC.
(gpgsm_agent_pkdecrypt): Ditto.
* encrypt.c (init_dek): Check for too weak algorithms.
* import.c (parse_p12, popen_protect_tool): New.

24
sm/call-agent.c
View File

@ -301,7 +301,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
/* Call the agent to do a sign operation using the key identified by
the hex string KEYGRIP. */
int
gpgsm_agent_pksign (const char *keygrip,
gpgsm_agent_pksign (const char *keygrip, const char *desc,
unsigned char *digest, size_t digestlen, int digestalgo,
char **r_buf, size_t *r_buflen )
{
@ -328,6 +328,16 @@ gpgsm_agent_pksign (const char *keygrip,
if (rc)
return map_assuan_err (rc);
if (desc)
{
snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
line[DIM(line)-1] = 0;
rc = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return map_assuan_err (rc);
}
sprintf (line, "SETHASH %d ", digestalgo);
p = line + strlen (line);
for (i=0; i < digestlen ; i++, p += 2 )
@ -376,7 +386,7 @@ inq_ciphertext_cb (void *opaque, const char *keyword)
/* Call the agent to do a decrypt operation using the key identified by
the hex string KEYGRIP. */
int
gpgsm_agent_pkdecrypt (const char *keygrip,
gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen )
{
@ -411,6 +421,16 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
if (rc)
return map_assuan_err (rc);
if (desc)
{
snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
line[DIM(line)-1] = 0;
rc = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return map_assuan_err (rc);
}
init_membuf (&data, 1024);
cipher_parm.ctx = agent_ctx;
cipher_parm.ciphertext = ciphertext;

7
sm/certcheck.c
View File

@ -282,16 +282,19 @@ gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
char **r_sigval)
{
int rc;
char *grip;
char *grip, *desc;
size_t siglen;
grip = gpgsm_get_keygrip_hexstring (cert);
if (!grip)
return gpg_error (GPG_ERR_BAD_CERT);
rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo),
desc = gpgsm_format_keydesc (cert);
rc = gpgsm_agent_pksign (grip, desc, gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), mdalgo,
r_sigval, &siglen);
xfree (desc);
xfree (grip);
return rc;
}

183
sm/certdump.c
View File

@ -1,5 +1,5 @@
/* certdump.c - Dump a certificate for debugging
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2004 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -94,6 +94,41 @@ gpgsm_dump_serial (ksba_const_sexp_t p)
}
}
char *
gpgsm_format_serial (ksba_const_sexp_t p)
{
unsigned long n;
char *endp;
char *buffer;
int i;
if (!p)
return NULL;
if (*p != '(')
BUG (); /* Not a valid S-expression. */
p++;
n = strtoul (p, &endp, 10);
p = endp;
if (*p!=':')
BUG (); /* Not a valid S-expression. */
p++;
buffer = xtrymalloc (n*2+1);
if (buffer)
{
for (i=0; n; n--, p++, i+=2)
sprintf (buffer+i, "%02X", *(unsigned char *)p);
buffer[i] = 0;
}
return buffer;
}
void
gpgsm_print_time (FILE *fp, ksba_isotime_t t)
{
@ -479,3 +514,149 @@ gpgsm_print_name (FILE *fp, const char *name)
/* A cookie structure used for the memory stream. */
struct format_name_cookie
{
char *buffer; /* Malloced buffer with the data to deliver. */
size_t size; /* Allocated size of this buffer. */
size_t len; /* strlen (buffer). */
int error; /* system error code if any. */
};
/* The writer function for the memory stream. */
static int
format_name_writer (void *cookie, const char *buffer, size_t size)
{
struct format_name_cookie *c = cookie;
char *p;
if (c->buffer)
p = xtryrealloc (c->buffer, c->size + size + 1);
else
p = xtrymalloc (size + 1);
if (!p)
{
c->error = errno;
xfree (c->buffer);
errno = c->error;
return -1;
}
c->buffer = p;
memcpy (p + c->len, buffer, size);
c->len += size;
p[c->len] = 0; /* Terminate string. */
return size;
}
/* Format NAME which is expected to be in rfc2253 format into a better
human readable format. Caller must free the returned string. NULL
is returned in case of an error. */
char *
gpgsm_format_name (const char *name)
{
#if defined (HAVE_FOPENCOOKIE)|| defined (HAVE_FUNOPEN)
FILE *fp;
struct format_name_cookie cookie;
memset (&cookie, 0, sizeof cookie);
#ifdef HAVE_FOPENCOOKIE
{
cookie_io_functions_t io = { NULL };
io.write = format_name_writer;
fp = fopencookie (&cookie, "w", io);
}
#else /*!HAVE_FOPENCOOKIE*/
{
fp = funopen (&cookie, NULL, format_name_writer, NULL, NULL);
}
#endif /*!HAVE_FOPENCOOKIE*/
if (!fp)
{
int save_errno = errno;
log_error ("error creating memory stream: %s\n", strerror (errno));
errno = save_errno;
return NULL;
}
gpgsm_print_name (fp, name);
fclose (fp);
if (cookie.error || !cookie.buffer)
{
xfree (cookie.buffer);
errno = cookie.error;
return NULL;
}
return cookie.buffer;
#else /* No fun - use the name verbatim. */
return xtrystrdup (name);
#endif /* No fun. */
}
/* Create a key description for the CERT, this may be passed to the
pinentry. The caller must free the returned string. NULL may be
returned on error. */
char *
gpgsm_format_keydesc (ksba_cert_t cert)
{
char *name, *subject, *buffer, *p;
const char *s;
ksba_isotime_t t;
char created[20];
char *sn;
ksba_sexp_t sexp;
name = ksba_cert_get_subject (cert, 0);
subject = name? gpgsm_format_name (name) : NULL;
ksba_free (name); name = NULL;
sexp = ksba_cert_get_serial (cert);
sn = sexp? gpgsm_format_serial (sexp) : NULL;
ksba_free (sexp);
ksba_cert_get_validity (cert, 0, t);
if (t && *t)
sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6);
else
*created = 0;
if ( asprintf (&name,
_("Please enter the passphrase to unlock the"
" secret key for:\n"
"\"%s\"\n"
"S/N %s, ID %08lX, created %s" ),
subject? subject:"?",
sn? sn: "?",
gpgsm_get_short_fingerprint (cert),
created) < 0)
{
int save_errno = errno;
xfree (subject);
xfree (sn);
errno = save_errno;
return NULL;
}
xfree (subject);
xfree (sn);
buffer = p = xtrymalloc (strlen (name) * 3 + 1);
for (s=name; *s; s++)
{
if (*s < ' ' || *s == '+')
{
sprintf (p, "%%%02X", *(unsigned char *)s);
p += 3;
}
else if (*s == ' ')
*p++ = '+';
else
*p++ = *s;
}
*p = 0;
free (name);
return buffer;
}

2
sm/certreqgen.c
View File

@ -614,7 +614,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public,
for (n=0; n < 20; n++)
sprintf (hexgrip+n*2, "%02X", grip[n]);
rc = gpgsm_agent_pksign (hexgrip,
rc = gpgsm_agent_pksign (hexgrip, NULL,
gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_get_algo_dlen (GCRY_MD_SHA1),
GCRY_MD_SHA1,

15
sm/decrypt.c
View File

@ -54,14 +54,15 @@ struct decrypt_filter_parm_s {
/* Decrypt the session key and fill in the parm structure. The
algo and the IV is expected to be already in PARM. */
static int
prepare_decryption (const char *hexkeygrip, ksba_const_sexp_t enc_val,
prepare_decryption (const char *hexkeygrip, const char *desc,
ksba_const_sexp_t enc_val,
struct decrypt_filter_parm_s *parm)
{
char *seskey = NULL;
size_t n, seskeylen;
int rc;
rc = gpgsm_agent_pkdecrypt (hexkeygrip, enc_val,
rc = gpgsm_agent_pkdecrypt (hexkeygrip, desc, enc_val,
&seskey, &seskeylen);
if (rc)
{
@ -356,6 +357,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
ksba_sexp_t serial;
ksba_sexp_t enc_val;
char *hexkeygrip = NULL;
char *desc = NULL;
rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
if (rc == -1 && recp)
@ -402,6 +404,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
}
hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
desc = gpgsm_format_keydesc (cert);
oops:
xfree (issuer);
@ -416,12 +419,12 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
recp);
else
{
rc = prepare_decryption (hexkeygrip, enc_val, &dfparm);
rc = prepare_decryption (hexkeygrip, desc, enc_val, &dfparm);
xfree (enc_val);
if (rc)
{
log_debug ("decrypting session key failed: %s\n",
gpg_strerror (rc));
log_info ("decrypting session key failed: %s\n",
gpg_strerror (rc));
}
else
{ /* setup the bulk decrypter */
@ -431,6 +434,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
&dfparm);
}
}
xfree (hexkeygrip);
xfree (desc);
}
if (!any_key)
{

8
sm/gpgsm.h
View File

@ -197,6 +197,10 @@ void gpgsm_dump_serial (ksba_const_sexp_t p);
void gpgsm_dump_time (ksba_isotime_t t);
void gpgsm_dump_string (const char *string);
char *gpgsm_format_serial (ksba_const_sexp_t p);
char *gpgsm_format_name (const char *name);
char *gpgsm_format_keydesc (ksba_cert_t cert);
/*-- certcheck.c --*/
@ -260,12 +264,12 @@ int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
/*-- call-agent.c --*/
int gpgsm_agent_pksign (const char *keygrip,
int gpgsm_agent_pksign (const char *keygrip, const char *desc,
unsigned char *digest,
size_t digestlen,
int digestalgo,
char **r_buf, size_t *r_buflen);
int gpgsm_agent_pkdecrypt (const char *keygrip,
int gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen);
int gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);