security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-27 15:47:05 +01:00
Code Activity

2004-08-07 Moritz Schulte <moritz@g10code.com>

Browse Source 
* command-ssh.c (ssh_key_to_sexp_buffer): New argument: comment;
	integrate into S-Exp.
	(ssh_identity_register): New argument: comment; pass to
	ssh_key_to_sexp_buffer().
	(ssh_handler_add_identity): Pass comment to
	ssh_identity_register().
	(ssh_identity_register): Allocate description dynamically, insert
	comment; new variable: description_length; removed variable: i.
	(data_sign): Do not calculate key grip for integration in
	description; removed variable: i.

	* findkey.c (modify_description): New function.
	(agent_key_from_file): New variables: comment, comment_sexp,
	comment_length, desc_text_modified; extract comment from S-Exp,
	pass modified version to unprotect().
This commit is contained in:
Moritz Schulte 2004-08-07 20:36:53 +00:00
parent cc95de1d19
commit 12c0c36151
3 changed files with 176 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
agent/ChangeLog
View File

@ -1,3 +1,21 @@
2004-08-07 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_key_to_sexp_buffer): New argument: comment;
integrate into S-Exp.
(ssh_identity_register): New argument: comment; pass to
ssh_key_to_sexp_buffer().
(ssh_handler_add_identity): Pass comment to
ssh_identity_register().
(ssh_identity_register): Allocate description dynamically, insert
comment; new variable: description_length; removed variable: i.
(data_sign): Do not calculate key grip for integration in
description; removed variable: i.
* findkey.c (modify_description): New function.
(agent_key_from_file): New variables: comment, comment_sexp,
comment_length, desc_text_modified; extract comment from S-Exp,
pass modified version to unprotect().
2004-07-30 Moritz Schulte <moritz@g10code.com> 2004-07-30 Moritz Schulte <moritz@g10code.com>
* command-ssh.c: Updated Libgpg-stream (more support for secure * command-ssh.c: Updated Libgpg-stream (more support for secure

50
agent/command-ssh.c
View File

@ -985,14 +985,7 @@ data_sign (CTRL ctrl, unsigned char **sig, size_t *sig_n)
size_t sig_blob_n = 0; size_t sig_blob_n = 0;
size_t bytes_read = 0; size_t bytes_read = 0;
char description[] = char description[] =
"Please provide the passphrase for key " "Please provide the passphrase for key `%c':";
"`0123456789012345678901234567890123456789':";
char key_grip[41];
unsigned int i = 0;
for (i = 0; i < 20; i++)
sprintf (&key_grip[i * 2], "%02X", (unsigned char) ctrl->keygrip[i]);
strncpy (strchr (description, '0'), key_grip, 40);
err = agent_pksign_do (ctrl, description, &signature_sexp, 0); err = agent_pksign_do (ctrl, description, &signature_sexp, 0);
if (err) if (err)
@ -1174,7 +1167,8 @@ ssh_handler_sign_request (ctrl_t ctrl,
} }
static gpg_err_code_t static gpg_err_code_t
ssh_key_to_sexp_buffer (ssh_key_secret_t *key, const char *passphrase, ssh_key_to_sexp_buffer (ssh_key_secret_t *key,
const char *comment, const char *passphrase,
unsigned char **buffer, size_t *buffer_n) unsigned char **buffer, size_t *buffer_n)
{ {
gpg_err_code_t err = GPG_ERR_NO_ERROR; gpg_err_code_t err = GPG_ERR_NO_ERROR;
@ -1190,13 +1184,15 @@ ssh_key_to_sexp_buffer (ssh_key_secret_t *key, const char *passphrase,
" (d %m)" " (d %m)"
" (p %m)" " (p %m)"
" (q %m)" " (q %m)"
" (u %m)))", " (u %m))"
" (comment %s))",
key->material.rsa.n, key->material.rsa.n,
key->material.rsa.e, key->material.rsa.e,
key->material.rsa.d, key->material.rsa.d,
key->material.rsa.p, key->material.rsa.p,
key->material.rsa.q, key->material.rsa.q,
key->material.rsa.u); key->material.rsa.u,
comment ? comment : "");
if (err) if (err)
goto out; goto out;
@ -1256,18 +1252,15 @@ get_passphrase (char *description, size_t passphrase_n, char *passphrase)
} }
static gpg_err_code_t static gpg_err_code_t
ssh_identity_register (ssh_key_secret_t *key, int ttl) ssh_identity_register (ssh_key_secret_t *key, const char *comment, int ttl)
{ {
gpg_err_code_t err = GPG_ERR_NO_ERROR; gpg_err_code_t err = GPG_ERR_NO_ERROR;
unsigned char key_grip_raw[21] = { 0 }; unsigned char key_grip_raw[21] = { 0 };
unsigned char *buffer = NULL; unsigned char *buffer = NULL;
unsigned int buffer_n = 0; unsigned int buffer_n = 0;
char passphrase[100] = { 0 }; char passphrase[100] = { 0 };
char description[] = size_t description_length = 0;
"Please provide the passphrase, which should " char *description = NULL;
"be used for protecting the received secret key "
"`0123456789012345678901234567890123456789':";
unsigned int i = 0;
char key_grip[41]; char key_grip[41];
int ret = 0; int ret = 0;
@ -1282,16 +1275,25 @@ ssh_identity_register (ssh_key_secret_t *key, int ttl)
if (! ret) if (! ret)
goto out; goto out;
for (i = 0; i < 20; i++) description_length = 95 + (comment ? strlen (comment) : 0);
sprintf (&key_grip[i * 2], "%02X", key_grip_raw[i]); description = malloc (description_length);
strncpy (strchr (description, '0'), key_grip, 40); if (! description)
{
err = gpg_err_code_from_errno (errno);
goto out;
}
else
sprintf (description,
"Please provide the passphrase, which should be used "
"for protecting the received secret key `%s':",
comment ? comment : "");
err = get_passphrase (description, err = get_passphrase (description, sizeof (passphrase), passphrase);
sizeof (passphrase), passphrase); free (description);
if (err) if (err)
goto out; goto out;
err = ssh_key_to_sexp_buffer (key, passphrase, &buffer, &buffer_n); err = ssh_key_to_sexp_buffer (key, comment, passphrase, &buffer, &buffer_n);
if (err) if (err)
goto out; goto out;
@ -1391,7 +1393,7 @@ ssh_handler_add_identity (ctrl_t ctrl,
/* FIXME: are constraints used correctly? */ /* FIXME: are constraints used correctly? */
err = ssh_identity_register (&key, death); err = ssh_identity_register (&key, comment, death);
if (err) if (err)
goto out; goto out;

131
agent/findkey.c
View File

@ -136,6 +136,109 @@ try_unprotect_cb (struct pin_entry_info_s *pi)
} }
/* Modify a Key description, replacing certain special format
characters. */
static int
modify_description (const char *description,
const char *comment, size_t comment_length,
char **description_modified)
{
size_t description_length = strlen (description);
size_t description_new_length = description_length;
gpg_error_t err = GPG_ERR_NO_ERROR;
char *description_new = NULL;
unsigned int i = 0, j = 0;
unsigned int special = 0;
/* Calculate length. */
for (i = 0; i < description_length; i++)
{
if (description[i] == '%')
special = 1;
else
{
if (special)
{
description_new_length -= 2;
switch (description[i])
{
case 'c':
/* Comment. */
description_new_length += comment_length;
break;
case 'g':
/* Key grip. */
description_new_length += 40;
break;
case '%':
description_new_length += 1;
break;
}
special = 0;
}
}
}
/* Allocate. */
description_new = malloc (description_new_length + 1);
if (! description_new)
{
err = gpg_error_from_errno (errno);
goto out;
}
/* Fill. */
for (i = j = 0; i < description_length; i++)
{
if (description[i] == '%')
special = 1;
else
{
if (special)
{
switch (description[i])
{
case 'c':
/* Comment. */
if (comment)
{
strncpy (description_new + j, comment, comment_length);
j += comment_length;
}
break;
case 'g':
/* Key grip. */
/* FIXME */
break;
case '%':
description_new[j] = '%';
j++;
break;
}
special = 0;
}
else
{
description_new[j] = description[i];
j++;
}
}
}
description_new[j] = 0;
out:
*description_modified = description_new;
return err;
}
/* Unprotect the canconical encoded S-expression key in KEYBUF. GRIP /* Unprotect the canconical encoded S-expression key in KEYBUF. GRIP
should be the hex encoded keygrip of that key to be used with the should be the hex encoded keygrip of that key to be used with the
caching mechanism. DESC_TEXT may be set to override the default caching mechanism. DESC_TEXT may be set to override the default
@ -220,6 +323,10 @@ agent_key_from_file (CTRL ctrl, const char *desc_text,
gcry_sexp_t s_skey; gcry_sexp_t s_skey;
char hexgrip[40+4+1]; char hexgrip[40+4+1];
int got_shadow_info = 0; int got_shadow_info = 0;
const char *comment = NULL;
gcry_sexp_t comment_sexp = NULL;
char *desc_text_modified = NULL;
size_t comment_length = 0;
*result = NULL; *result = NULL;
if (shadow_info) if (shadow_info)
@ -264,12 +371,26 @@ agent_key_from_file (CTRL ctrl, const char *desc_text,
xfree (fname); xfree (fname);
fclose (fp); fclose (fp);
xfree (buf); xfree (buf);
if (rc) if (rc)
{ {
log_error ("failed to build S-Exp (off=%u): %s\n", log_error ("failed to build S-Exp (off=%u): %s\n",
(unsigned int)erroff, gpg_strerror (rc)); (unsigned int)erroff, gpg_strerror (rc));
return rc; return rc;
} }
comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0);
if (comment_sexp)
{
comment = gcry_sexp_nth_data (comment_sexp, 1, &comment_length);
if (! comment)
{
rc = GPG_ERR_INV_SEXP;
gcry_sexp_release (s_skey);
return rc;
}
}
len = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); len = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len); assert (len);
buf = xtrymalloc (len); buf = xtrymalloc (len);
@ -288,10 +409,18 @@ agent_key_from_file (CTRL ctrl, const char *desc_text,
case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_CLEAR:
break; /* no unprotection needed */ break; /* no unprotection needed */
case PRIVATE_KEY_PROTECTED: case PRIVATE_KEY_PROTECTED:
rc = unprotect (ctrl, desc_text, &buf, grip, ignore_cache); rc = modify_description (desc_text,
comment, comment_length, &desc_text_modified);
if (rc)
log_error ("failed to modify description: %s\n", gpg_strerror (rc));
else
{
rc = unprotect (ctrl, desc_text_modified, &buf, grip, ignore_cache);
xfree (desc_text_modified);
if (rc) if (rc)
log_error ("failed to unprotect the secret key: %s\n", log_error ("failed to unprotect the secret key: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
}
break; break;
case PRIVATE_KEY_SHADOWED: case PRIVATE_KEY_SHADOWED:
if (shadow_info) if (shadow_info)