security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

Fix assuan context things.

Browse Source 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-03-03 12:02:07 +09:00
parent ef83c46362
commit 20ba5794bf
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
4 changed files with 28 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tkd/command.c
View File

@ -32,7 +32,6 @@
#endif #endif
#include "tkdaemon.h" #include "tkdaemon.h"
#include <assuan.h>
#include "../common/asshelp.h" #include "../common/asshelp.h"
#include "../common/server-help.h" #include "../common/server-help.h"
#include "../common/ssh-utils.h" #include "../common/ssh-utils.h"
@ -200,7 +199,7 @@ cmd_slotlist (assuan_context_t ctx, char *line)
line = skip_options (line); line = skip_options (line);
(void)line; (void)line;
err = token_slotlist (ctrl); err = token_slotlist (ctrl, ctx);
return err; return err;
} }
@ -238,7 +237,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
if (strlen (keygrip) != 40) if (strlen (keygrip) != 40)
err = gpg_error (GPG_ERR_INV_ID); err = gpg_error (GPG_ERR_INV_ID);
err = token_readkey (ctrl, keygrip, opt_info, &pk, &pklen); err = token_readkey (ctrl, ctx, keygrip, opt_info, &pk, &pklen);
if (err) if (err)
goto leave; goto leave;
@ -344,7 +343,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
if (strlen (keygrip) != 40) if (strlen (keygrip) != 40)
err = gpg_error (GPG_ERR_INV_ID); err = gpg_error (GPG_ERR_INV_ID);
err = token_sign (ctrl, keygrip, hash_algo, &outdata, &outdatalen); err = token_sign (ctrl, ctx, keygrip, hash_algo, &outdata, &outdatalen);
if (err) if (err)
{ {
log_error ("token_sign failed: %s\n", gpg_strerror (err)); log_error ("token_sign failed: %s\n", gpg_strerror (err));
@ -424,7 +423,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
else else
keygrip = skip_options (line); keygrip = skip_options (line);
err = token_keyinfo (ctrl, keygrip, opt_data, cap); err = token_keyinfo (ctrl, ctx, keygrip, opt_data, cap);
return err; return err;
} }

142
tkd/pkcs11.c
View File

@ -4,10 +4,9 @@
#include <string.h> #include <string.h>
#include <dlfcn.h> #include <dlfcn.h>
#include <gpg-error.h> #include "tkdaemon.h"
#include <gcrypt.h>
#include <assuan.h>
#include <gcrypt.h>
#include "../common/util.h" #include "../common/util.h"
#include "pkcs11.h" #include "pkcs11.h"
@ -503,6 +502,7 @@ detect_private_keys (struct token *token)
return -1; return -1;
} }
} }
return 0;
} }
static long static long
@ -591,6 +591,7 @@ check_public_keys (struct token *token)
return -1; return -1;
} }
} }
return 0;
} }
#if 0 #if 0
@ -728,12 +729,13 @@ find_key (struct cryptoki *ck, const char *keygrip, struct key **r_key)
return -1; return -1;
} }
static long static gpg_error_t
do_pksign (struct key *key, int hash_algo, do_pksign (struct key *key, int hash_algo,
const unsigned char *u_data, unsigned long u_data_len, const unsigned char *u_data, unsigned long u_data_len,
unsigned char **r_signature, unsigned char **r_signature,
unsigned long *r_signature_len) unsigned long *r_signature_len)
{ {
gpg_error_t err = 0;
unsigned long r = 0; unsigned long r = 0;
struct token *token = key->token; struct token *token = key->token;
struct cryptoki *ck = token->ck; struct cryptoki *ck = token->ck;
@ -783,7 +785,11 @@ do_pksign (struct key *key, int hash_algo,
{ {
mechanism = CKM_EDDSA; mechanism = CKM_EDDSA;
siglen = ((nbits+7)/8)*2; siglen = ((nbits+7)/8)*2;
memcpy (data, u_data, u_data_len);
data_len = u_data_len;
} }
else
return gpg_error (GPG_ERR_BAD_SECKEY);
mechanism_struct.mechanism = mechanism; mechanism_struct.mechanism = mechanism;
mechanism_struct.parameter = NULL; mechanism_struct.parameter = NULL;
@ -819,123 +825,10 @@ do_pksign (struct key *key, int hash_algo,
return 0; return 0;
} }
#ifdef TESTING
int
main (int argc, const char *argv[])
{
long r;
struct cryptoki *ck = ck_instance;
unsigned long num_slots = MAX_SLOTS;
ck_slot_id_t slot_list[MAX_SLOTS];
int i;
const unsigned char *pin = NULL;
int pin_len = -1;
const char *keygrip = NULL;
int num_tokens = 0;
r = get_function_list (ck, argv[1]);
if (r)
{
return 1;
}
if (argc >= 3)
keygrip = argv[2];
if (argc >= 4)
{
pin = argv[3];
pin_len = strlen (argv[3]);
}
r = get_slot_list (ck, &num_slots, slot_list);
if (r)
{
return 1;
}
for (i = 0; i < num_slots; i++)
{
struct ck_token_info tk_info;
struct token *token = &ck->token_list[num_tokens]; /* Allocate one token in CK */
token->ck = ck;
token->valid = 0;
token->slot_id = slot_list[i];
if (get_token_info (token, &tk_info) == 0)
{
if ((tk_info.flags & CKF_TOKEN_INITIALIZED) == 0
|| (tk_info.flags & CKF_USER_PIN_LOCKED) != 0)
continue;
token->login_required = (tk_info.flags & CKF_LOGIN_REQUIRED);
r = open_session (token);
if (r)
{
printf ("Error at open_session: %d\n", r);
continue;
}
/* XXX: Support each PIN for each token. */
if (token->login_required && pin)
login (token, pin, pin_len);
puts ("************");
num_tokens++;
r = learn_keys (token);
}
}
ck->num_slots = num_tokens;
if (keygrip)
{
struct key *k;
r = find_key (ck, keygrip, &k);
if (!r)
{
unsigned char sig[1024];
unsigned long siglen = sizeof (sig);
printf ("key object id: %d\n", k->p11_keyid);
printf ("key type: %d\n", k->key_type);
puts (k->keygrip);
r = do_pksign (k, "test test", 9, sig, &siglen);
if (!r)
{
int i;
for (i = 0; i < siglen; i++)
printf ("%02x", sig[i]);
puts ("");
}
}
}
for (i = 0; i < num_slots; i++)
{
struct token *token = &ck->token_list[i];
if (token->valid && token->login_required && pin)
logout (token);
close_session (token);
}
ck->f->C_Finalize (NULL);
return 0;
}
#else
#include "../common/util.h"
#define ENVNAME "PKCS11_MODULE" #define ENVNAME "PKCS11_MODULE"
gpg_error_t gpg_error_t
token_slotlist (ctrl_t ctrl) token_slotlist (ctrl_t ctrl, assuan_context_t ctx)
{ {
gpg_error_t err; gpg_error_t err;
@ -949,6 +842,7 @@ token_slotlist (ctrl_t ctrl)
char *module_name; char *module_name;
(void)ctrl; (void)ctrl;
(void)ctx;
module_name = getenv (ENVNAME); module_name = getenv (ENVNAME);
if (!module_name) if (!module_name)
return gpg_error (GPG_ERR_NO_NAME); return gpg_error (GPG_ERR_NO_NAME);
@ -1006,7 +900,7 @@ token_slotlist (ctrl_t ctrl)
} }
gpg_error_t gpg_error_t
token_sign (ctrl_t ctrl, token_sign (ctrl_t ctrl, assuan_context_t ctx,
const char *keygrip, int hash_algo, const char *keygrip, int hash_algo,
unsigned char **r_outdata, unsigned char **r_outdata,
size_t *r_outdatalen) size_t *r_outdatalen)
@ -1016,6 +910,7 @@ token_sign (ctrl_t ctrl,
struct cryptoki *ck = ck_instance; struct cryptoki *ck = ck_instance;
unsigned long r; unsigned long r;
(void)ctrl;
/* mismatch: size_t for GnuPG, unsigned long for PKCS#11 */ /* mismatch: size_t for GnuPG, unsigned long for PKCS#11 */
/* mismatch: application prepare buffer for PKCS#11 */ /* mismatch: application prepare buffer for PKCS#11 */
@ -1024,7 +919,6 @@ token_sign (ctrl_t ctrl,
return gpg_error (GPG_ERR_NO_SECKEY); return gpg_error (GPG_ERR_NO_SECKEY);
else else
{ {
assuan_context_t ctx = ctrl->server_local->assuan_ctx;
const char *cmd; const char *cmd;
unsigned char *value; unsigned char *value;
size_t valuelen; size_t valuelen;
@ -1045,20 +939,20 @@ token_sign (ctrl_t ctrl,
} }
gpg_error_t gpg_error_t
token_readkey (ctrl_t ctrl, token_readkey (ctrl_t ctrl, assuan_context_t ctx,
const char *keygrip, int opt_info, const char *keygrip, int opt_info,
unsigned char **r_pk, unsigned char **r_pk,
size_t *r_pklen) size_t *r_pklen)
{ {
gpg_error_t err; gpg_error_t err;
(void)ctrl;
return err; return err;
} }
gpg_error_t gpg_error_t
token_keyinfo (ctrl_t ctrl, const char *keygrip, token_keyinfo (ctrl_t ctrl, assuan_context_t ctx,
int opt_data, int cap) const char *keygrip, int opt_data, int cap)
{ {
gpg_error_t err; gpg_error_t err;
return err; return err;
} }
#endif

1
tkd/tkdaemon.c
View File

@ -43,7 +43,6 @@
#include "tkdaemon.h" #include "tkdaemon.h"
#include <gcrypt.h> #include <gcrypt.h>
#include <assuan.h> /* malloc hooks */
#include "../common/i18n.h" #include "../common/i18n.h"
#include "../common/sysutils.h" #include "../common/sysutils.h"

11
tkd/tkdaemon.h
View File

@ -26,6 +26,7 @@
#endif #endif
#define GPG_ERR_SOURCE_DEFAULT 18 // GPG_ERR_SOURCE_TKD #define GPG_ERR_SOURCE_DEFAULT 18 // GPG_ERR_SOURCE_TKD
#include <gpg-error.h> #include <gpg-error.h>
#include <assuan.h>
#include <time.h> #include <time.h>
#include <gcrypt.h> #include <gcrypt.h>
@ -108,17 +109,17 @@ void send_keyinfo (ctrl_t ctrl, int data, const char *keygrip_str,
const char *usage); const char *usage);
/*-- pkcs11.c --*/ /*-- pkcs11.c --*/
gpg_error_t token_slotlist (ctrl_t ctrl); gpg_error_t token_slotlist (ctrl_t ctrl, assuan_context_t ctx);
gpg_error_t token_sign (ctrl_t ctrl, gpg_error_t token_sign (ctrl_t ctrl, assuan_context_t ctx,
const char *keygrip, int hash_algo, const char *keygrip, int hash_algo,
unsigned char **r_outdata, unsigned char **r_outdata,
size_t *r_outdatalen); size_t *r_outdatalen);
gpg_error_t token_readkey (ctrl_t ctrl, gpg_error_t token_readkey (ctrl_t ctrl, assuan_context_t ctx,
const char *keygrip, int opt_info, const char *keygrip, int opt_info,
unsigned char **r_pk, unsigned char **r_pk,
size_t *r_pklen); size_t *r_pklen);
gpg_error_t token_keyinfo (ctrl_t ctrl, const char *keygrip, gpg_error_t token_keyinfo (ctrl_t ctrl, assuan_context_t ctx,
int opt_data, int cap); const char *keygrip, int opt_data, int cap);
#endif /*TKDAEMON_H*/ #endif /*TKDAEMON_H*/