1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-21 10:09:57 +01:00

tkd: Support READCERT command.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-03-22 15:28:56 +09:00
parent 01eef54e2c
commit 30d4eb97db
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
3 changed files with 91 additions and 36 deletions

View File

@ -297,6 +297,31 @@ cmd_readkey (assuan_context_t ctx, char *line)
return err;
}
static const char hlp_readcert[] =
"READCERT <keygrip>\n"
"\n"
"Return the certificate for the given KEYGRIP.";
static gpg_error_t
cmd_readcert (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
const char *keygrip;
line = xtrystrdup (line); /* Need a copy of the line. */
if (!line)
return gpg_error_from_syserror ();
keygrip = skip_options (line);
if (strlen (keygrip) != 40)
err = gpg_error (GPG_ERR_INV_ID);
err = tkd_readcert (ctrl, ctx, keygrip);
xfree (line);
return err;
}
static const char hlp_pksign[] =
"PKSIGN [--hash=[sha{256,384,512}|none]] <keygrip>\n"
"\n"
@ -469,6 +494,7 @@ register_commands (assuan_context_t ctx)
{ "PKSIGN", cmd_pksign, hlp_pksign },
{ "KILLTKD", cmd_killtkd, hlp_killtkd },
{ "KEYINFO", cmd_keyinfo, hlp_keyinfo },
{ "READCERT", cmd_readcert, hlp_readcert },
{ "GETINFO", cmd_getinfo, hlp_getinfo },
{ "RESTART", cmd_restart, hlp_restart },
{ NULL }

View File

@ -622,72 +622,73 @@ check_public_keys (struct token *token)
return 0;
}
#if 0
static long
get_certificate (struct token *token)
get_certificate (struct token *token,
unsigned char **r_cert, size_t *r_certlen)
{
unsigned long err = 0;
unsigned long r = 0;
struct cryptoki *ck = token->ck;
struct ck_attribute templ[1];
unsigned long class;
unsigned char certificate[4096];
unsigned long cert_len;
int certificate_available;
ck_object_handle_t obj;
int i;
int certificate_available = 0;
unsigned char *cert;
size_t certlen;
class = CKO_CERTIFICATE;
templ[0].type = CKA_CLASS;
templ[0].pValue = (void *)&class;
templ[0].ulValueLen = sizeof (class);
err = ck->f->C_FindObjectsInit (token->session, templ, 1);
if (!err)
r = ck->f->C_FindObjectsInit (token->session, templ, 1);
if (!r)
{
ck_object_handle_t obj;
while (TRUE)
{
unsigned long any;
/* Portable way to get objects... is get it one by one. */
err = ck->f->C_FindObjects (token->session, &obj, 1, &any);
if (err || any == 0)
r = ck->f->C_FindObjects (token->session, &obj, 1, &any);
if (r || any == 0)
break;
templ[0].type = CKA_VALUE;
templ[0].pValue = (void *)certificate;
templ[0].ulValueLen = sizeof (certificate);
err = ck->f->C_GetAttributeValue (token->session, obj, templ, 1);
if (err)
certificate_available = 0;
else
r = ck->f->C_GetAttributeValue (token->session, obj, templ, 1);
if (!r)
{
certificate_available = 1;
cert_len = templ[0].ulValueLen;
puts ("Certificate available:");
for (i = 0; i < cert_len; i++)
{
printf ("%02x", certificate[i]);
if ((i % 16) == 15)
puts ("");
}
puts ("");
break;
}
}
err = ck->f->C_FindObjectsFinal (token->session);
if (err)
r = ck->f->C_FindObjectsFinal (token->session);
if (r)
{
return -1;
}
}
if (!certificate_available)
return -1;
certlen = templ[0].ulValueLen;
cert = xtrymalloc (certlen);
if (!cert)
{
return gpg_error_from_syserror ();
}
memcpy (cert, certificate, certlen);
*r_cert = cert;
*r_certlen = certlen;
return 0;
}
#endif
static long
learn_keys (struct token *token)
@ -717,12 +718,6 @@ learn_keys (struct token *token)
k->flags &= ~KEY_FLAG_NO_PUBKEY;
}
#if 0
/* Another way to get raw public key material is get it from the
certificate, if available. */
get_certificate (token);
#endif
return 0;
}
@ -1358,6 +1353,39 @@ tkd_readkey (ctrl_t ctrl, assuan_context_t ctx, const char *keygrip)
return err;
}
gpg_error_t
tkd_readcert (ctrl_t ctrl, assuan_context_t ctx, const char *keygrip)
{
gpg_error_t err = 0;
struct key *k;
struct cryptoki *ck = ck_instance;
unsigned long r;
unsigned char *cert;
size_t certlen;
(void)ctrl;
(void)ctx;
if (!ck->handle)
{
err = tkd_init (ctrl, ctx, 0);
if (err)
return err;
}
r = find_key (ck, keygrip, &k);
if (r)
return gpg_error (GPG_ERR_NO_SECKEY);
if (get_certificate (k->token, &cert, &certlen))
return gpg_error (GPG_ERR_NOT_FOUND);
err = assuan_send_data (ctx, cert, certlen);
xfree (cert);
return err;
}
gpg_error_t
tkd_keyinfo (ctrl_t ctrl, assuan_context_t ctx, const char *keygrip,
int opt_data, int cap)

View File

@ -121,6 +121,7 @@ gpg_error_t tkd_readkey (ctrl_t ctrl, assuan_context_t ctx,
const char *keygrip);
gpg_error_t tkd_keyinfo (ctrl_t ctrl, assuan_context_t ctx,
const char *keygrip, int opt_data, int cap);
gpg_error_t tkd_readcert (ctrl_t ctrl, assuan_context_t ctx,
const char *keygrip);
#endif /*TKDAEMON_H*/