1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

scd: Support changing key attribute back to RSA.

* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.

--

In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent.  Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA.  But, many card
implementation uses P and Q, try this option.  If other cases,
factory-reset would be easier option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2018-03-30 09:59:09 +09:00
parent a1515b3bbc
commit 2969271876

View File

@ -3208,21 +3208,33 @@ change_rsa_keyattr (app_t app, int keyno, unsigned int nbits,
relptr = get_one_do (app, 0xC1+keyno, &buf, &buflen, NULL); relptr = get_one_do (app, 0xC1+keyno, &buf, &buflen, NULL);
if (!relptr) if (!relptr)
err = gpg_error (GPG_ERR_CARD); err = gpg_error (GPG_ERR_CARD);
else if (buflen < 6 || buf[0] != PUBKEY_ALGO_RSA) else if (buflen < 6)
{ {
/* Attriutes too short or not an RSA key. */ /* Attributes too short. */
xfree (relptr); xfree (relptr);
err = gpg_error (GPG_ERR_CARD); err = gpg_error (GPG_ERR_CARD);
} }
else else
{ {
/* We only change n_bits and don't touch anything else. Before we /* If key attribute was RSA, we only change n_bits and don't
do so, we round up NBITS to a sensible way in the same way as touch anything else. Before we do so, we round up NBITS to a
gpg's key generation does it. This may help to sort out problems sensible way in the same way as gpg's key generation does it.
with a few bits too short keys. */ This may help to sort out problems with a few bits too short
keys. */
nbits = ((nbits + 31) / 32) * 32; nbits = ((nbits + 31) / 32) * 32;
buf[1] = (nbits >> 8); buf[1] = (nbits >> 8);
buf[2] = nbits; buf[2] = nbits;
/* If it was not RSA, we need to fill other parts. */
if (buf[0] != PUBKEY_ALGO_RSA)
{
buf[0] = PUBKEY_ALGO_RSA;
buf[3] = 0;
buf[4] = 32;
buf[5] = 0;
buflen = 6;
}
err = change_keyattr (app, keyno, buf, buflen, pincb, pincb_arg); err = change_keyattr (app, keyno, buf, buflen, pincb, pincb_arg);
xfree (relptr); xfree (relptr);
} }