diff --git a/agent/ChangeLog b/agent/ChangeLog index 783089e6b..7ec8789fd 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2011-03-02 Werner Koch + + * call-scd.c (hash_algo_option): New. + (agent_card_pksign): Use it with PKSIGN. + 2011-03-02 Ben Kibbey (wk) * command.c (cmd_clear_passphrase): Add option --mode=normal. diff --git a/agent/agent.h b/agent/agent.h index 1ec736c55..3319c3684 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -365,6 +365,7 @@ int agent_card_pksign (ctrl_t ctrl, const char *keyid, int (*getpin_cb)(void *, const char *, char*, size_t), void *getpin_cb_arg, + int mdalgo, const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen); int agent_card_pkdecrypt (ctrl_t ctrl, diff --git a/agent/call-scd.c b/agent/call-scd.c index 40770abae..710589f72 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -796,13 +796,33 @@ inq_needpin (void *opaque, const char *line) } +/* Helper returning a command option to describe the used hash + algorithm. See scd/command.c:cmd_pksign. */ +static const char * +hash_algo_option (int algo) +{ + switch (algo) + { + case GCRY_MD_MD5 : return "--hash=md5"; + case GCRY_MD_RMD160: return "--hash=rmd160"; + case GCRY_MD_SHA1 : return "--hash=sha1"; + case GCRY_MD_SHA224: return "--hash=sha224"; + case GCRY_MD_SHA256: return "--hash=sha256"; + case GCRY_MD_SHA384: return "--hash=sha384"; + case GCRY_MD_SHA512: return "--hash=sha512"; + default: return ""; + } +} -/* Create a signature using the current card */ + +/* Create a signature using the current card. MDALGO is either 0 or + gives the digest algorithm. */ int agent_card_pksign (ctrl_t ctrl, const char *keyid, int (*getpin_cb)(void *, const char *, char*, size_t), void *getpin_cb_arg, + int mdalgo, const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen) { @@ -837,9 +857,11 @@ agent_card_pksign (ctrl_t ctrl, inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = 0; - snprintf (line, DIM(line)-1, - ctrl->use_auth_call? "PKAUTH %s":"PKSIGN %s", keyid); - line[DIM(line)-1] = 0; + if (ctrl->use_auth_call) + snprintf (line, sizeof line, "PKAUTH %s", keyid); + else + snprintf (line, sizeof line, "PKSIGN %s %s", + hash_algo_option (mdalgo), keyid); rc = assuan_transact (ctrl->scd_local->ctx, line, membuf_data_cb, &data, inq_needpin, &inqparm, diff --git a/agent/divert-scd.c b/agent/divert-scd.c index f4787b537..f176a6b94 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -347,7 +347,7 @@ divert_pksign (ctrl_t ctrl, int save = ctrl->use_auth_call; ctrl->use_auth_call = 1; rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, - digest, digestlen, &sigval, &siglen); + algo, digest, digestlen, &sigval, &siglen); ctrl->use_auth_call = save; } else @@ -359,7 +359,7 @@ divert_pksign (ctrl_t ctrl, if (!rc) { rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, - data, ndata, &sigval, &siglen); + algo, data, ndata, &sigval, &siglen); xfree (data); } } diff --git a/g10/ChangeLog b/g10/ChangeLog index 0eebbef78..65e97a9a4 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-03-02 Werner Koch + + * call-agent.c (agent_scd_pksign, agent_scd_pkdecrypt) + (hash_algo_option): Remove these unused functions. + 2011-02-10 Werner Koch * seskey.c (encode_md_value): Change last fix to avoid a diff --git a/g10/call-agent.c b/g10/call-agent.c index 6333586fb..03ea1685f 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -914,144 +914,6 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length) } -/* Helper returning a command option to describe the used hash - algorithm. See scd/command.c:cmd_pksign. */ -static const char * -hash_algo_option (int algo) -{ - switch (algo) - { - case GCRY_MD_RMD160: return "--hash=rmd160"; - case GCRY_MD_SHA1 : return "--hash=sha1"; - case GCRY_MD_SHA224: return "--hash=sha224"; - case GCRY_MD_SHA256: return "--hash=sha256"; - case GCRY_MD_SHA384: return "--hash=sha384"; - case GCRY_MD_SHA512: return "--hash=sha512"; - case GCRY_MD_MD5 : return "--hash=md5"; - default: return ""; - } -} - - -/* Send a sign command to the scdaemon via gpg-agent's pass thru - mechanism. */ -int -agent_scd_pksign (const char *serialno, int hashalgo, - const unsigned char *indata, size_t indatalen, - unsigned char **r_buf, size_t *r_buflen) -{ - int rc; - char line[ASSUAN_LINELENGTH]; - membuf_t data; - size_t len; - - /* Note, hashalgo is not yet used but hardwired to SHA1 in SCdaemon. */ - - *r_buf = NULL; - *r_buflen = 0; - - rc = start_agent (NULL, 1); - if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT - || gpg_err_code (rc) == GPG_ERR_NOT_SUPPORTED) - rc = 0; /* We check later. */ - if (rc) - return rc; - - if (indatalen*2 + 50 > DIM(line)) - return gpg_error (GPG_ERR_GENERAL); - - rc = select_openpgp (serialno); - if (rc) - return rc; - - strcpy (line, "SCD SETDATA "); - bin2hex (indata, indatalen, line + strlen (line)); - - rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - return rc; - - init_membuf (&data, 1024); - /* if (!hashalgo) /\* Temporary test hack. *\/ */ - /* snprintf (line, DIM(line)-1, "SCD PKAUTH %s", serialno); */ - /* else */ - snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", - hash_algo_option (hashalgo), serialno); - line[DIM(line)-1] = 0; - rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data, - default_inq_cb, NULL, NULL, NULL); - if (rc) - { - xfree (get_membuf (&data, &len)); - } - else - *r_buf = get_membuf (&data, r_buflen); - - status_sc_op_failure (rc); - return rc; -} - - -/* Decrypt INDATA of length INDATALEN using the card identified by - SERIALNO. Return the plaintext in a nwly allocated buffer stored - at the address of R_BUF. - - Note, we currently support only RSA or more exactly algorithms - taking one input data element. */ -int -agent_scd_pkdecrypt (const char *serialno, - const unsigned char *indata, size_t indatalen, - unsigned char **r_buf, size_t *r_buflen) -{ - int rc; - char line[ASSUAN_LINELENGTH]; - membuf_t data; - size_t len; - - *r_buf = NULL; - rc = start_agent (NULL, 1); - if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT - || gpg_err_code (rc) == GPG_ERR_NOT_SUPPORTED) - rc = 0; /* We check later. */ - if (rc) - return rc; - - /* FIXME: use secure memory where appropriate */ - if (indatalen*2 + 50 > DIM(line)) - return gpg_error (GPG_ERR_GENERAL); - - rc = select_openpgp (serialno); - if (rc) - return rc; - - strcpy (line, "SCD SETDATA "); - bin2hex (indata, indatalen, line + strlen (line)); - - rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - return rc; - - init_membuf (&data, 1024); - snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno); - line[DIM(line)-1] = 0; - rc = assuan_transact (agent_ctx, line, - membuf_data_cb, &data, - default_inq_cb, NULL, NULL, NULL); - if (rc) - { - xfree (get_membuf (&data, &len)); - } - else - { - *r_buf = get_membuf (&data, r_buflen); - if (!*r_buf) - rc = gpg_error (GPG_ERR_ENOMEM); - } - - status_sc_op_failure (rc); - return rc; -} - /* Send a READCERT command to the SCdaemon. */ diff --git a/g10/call-agent.h b/g10/call-agent.h index 337847dab..1e7e15abc 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -98,16 +98,6 @@ int agent_scd_writekey (int keyno, const char *serialno, int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force, const char *serialno, u32 createtime); -/* Send a PKSIGN command to the SCdaemon. */ -int agent_scd_pksign (const char *keyid, int hashalgo, - const unsigned char *indata, size_t indatalen, - unsigned char **r_buf, size_t *r_buflen); - -/* Send a PKDECRYPT command to the SCdaemon. */ -int agent_scd_pkdecrypt (const char *serialno, - const unsigned char *indata, size_t indatalen, - unsigned char **r_buf, size_t *r_buflen); - /* Send a READKEY command to the SCdaemon. */ int agent_scd_readcert (const char *certidstr, void **r_buf, size_t *r_buflen);