mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-05 12:31:50 +01:00
* app-openpgp.c (store_fpr): Fixed fingerprint calculation.
* keygen.c (gen_card_key): Obviously we should use the creation date received from SCDAEMON, so that the fingerprints will match. * sign.c (do_sign): Pass the serialno to the sign code. * keyid.c (serialno_and_fpr_from_sk): New.
This commit is contained in:
parent
5c46f134e2
commit
39046ea7ec
@ -1,3 +1,23 @@
|
|||||||
|
2003-07-01 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* keygen.c (gen_card_key): Obviously we should use the creation
|
||||||
|
date received from SCDAEMON, so that the fingerprints will match.
|
||||||
|
* sign.c (do_sign): Pass the serialno to the sign code.
|
||||||
|
* keyid.c (serialno_and_fpr_from_sk): New.
|
||||||
|
|
||||||
|
2003-06-30 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* call-agent.h (agent_card_info_s): Add field serialno.
|
||||||
|
* call-agent.c (store_serialno): New.
|
||||||
|
(learn_status_cb): Store the serial number.
|
||||||
|
* keygen.c (gen_card_key): Store the serial number
|
||||||
|
(check_smartcard): New argument to return the serial number.
|
||||||
|
(generate_keypair): Get the serial number from check_smartcard and
|
||||||
|
store it as a parameter.
|
||||||
|
* parse-packet.c (parse_key): Use the protect.iv field to store the
|
||||||
|
serial number.
|
||||||
|
* build-packet.c (do_secret_key): Write the serial number.
|
||||||
|
|
||||||
2003-06-27 Werner Koch <wk@gnupg.org>
|
2003-06-27 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* seckey-cert.c (check_secret_key): Bypass the unprotection for
|
* seckey-cert.c (check_secret_key): Bypass the unprotection for
|
||||||
|
@ -415,7 +415,7 @@ do_secret_key( iobuf_t out, int ctb, PKT_secret_key *sk )
|
|||||||
if( sk->protect.s2k.mode == 3 )
|
if( sk->protect.s2k.mode == 3 )
|
||||||
iobuf_put(a, sk->protect.s2k.count );
|
iobuf_put(a, sk->protect.s2k.count );
|
||||||
|
|
||||||
/* For out special modes 1001 and 1002 we do not need an IV */
|
/* For our special modes 1001 and 1002 we do not need an IV */
|
||||||
if( sk->protect.s2k.mode != 1001
|
if( sk->protect.s2k.mode != 1001
|
||||||
&& sk->protect.s2k.mode != 1002 )
|
&& sk->protect.s2k.mode != 1002 )
|
||||||
iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
|
iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
|
||||||
@ -428,8 +428,11 @@ do_secret_key( iobuf_t out, int ctb, PKT_secret_key *sk )
|
|||||||
; /* GnuPG extension - don't write a secret key at all */
|
; /* GnuPG extension - don't write a secret key at all */
|
||||||
else if( sk->protect.s2k.mode == 1002 )
|
else if( sk->protect.s2k.mode == 1002 )
|
||||||
{ /* GnuPG extension - divert to OpenPGP smartcard. */
|
{ /* GnuPG extension - divert to OpenPGP smartcard. */
|
||||||
iobuf_put(a, 0 ); /* length of the serial number or 0 for unknown. */
|
iobuf_put(a, sk->protect.ivlen ); /* length of the serial
|
||||||
/* fixme: write the serial number. */
|
number or 0 for no serial
|
||||||
|
number. */
|
||||||
|
/* The serial number gets stored in the IV field. */
|
||||||
|
iobuf_write(a, sk->protect.iv, sk->protect.ivlen);
|
||||||
}
|
}
|
||||||
else if( sk->is_protected && sk->version >= 4 ) {
|
else if( sk->is_protected && sk->version >= 4 ) {
|
||||||
/* The secret key is protected - write it out as it is */
|
/* The secret key is protected - write it out as it is */
|
||||||
|
@ -340,6 +340,26 @@ unhexify_fpr (const char *hexstr, unsigned char *fpr)
|
|||||||
return 1; /* okay */
|
return 1; /* okay */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Take the serial number from LINE and return it verbatim in a newly
|
||||||
|
allocated string. We make sure that only hex characters are
|
||||||
|
returned. */
|
||||||
|
static char *
|
||||||
|
store_serialno (const char *line)
|
||||||
|
{
|
||||||
|
const char *s;
|
||||||
|
char *p;
|
||||||
|
|
||||||
|
for (s=line; hexdigitp (s); s++)
|
||||||
|
;
|
||||||
|
p = xtrymalloc (s + 1 - line);
|
||||||
|
if (p)
|
||||||
|
{
|
||||||
|
memcpy (p, line, s-line);
|
||||||
|
p[s-line] = 0;
|
||||||
|
}
|
||||||
|
return p;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
@ -442,7 +462,11 @@ learn_status_cb (void *opaque, const char *line)
|
|||||||
while (spacep (line))
|
while (spacep (line))
|
||||||
line++;
|
line++;
|
||||||
|
|
||||||
if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
|
if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
|
||||||
|
{
|
||||||
|
parm->serialno = store_serialno (line);
|
||||||
|
}
|
||||||
|
else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
|
||||||
{
|
{
|
||||||
parm->disp_name = unescape_status_string (line);
|
parm->disp_name = unescape_status_string (line);
|
||||||
}
|
}
|
||||||
@ -619,7 +643,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
|
|||||||
/* Send a sign command to the scdaemon via gpg-agent's pass thru
|
/* Send a sign command to the scdaemon via gpg-agent's pass thru
|
||||||
mechanism. */
|
mechanism. */
|
||||||
int
|
int
|
||||||
agent_scd_pksign (const char *keyid, int hashalgo,
|
agent_scd_pksign (const char *serialno, int hashalgo,
|
||||||
const unsigned char *indata, size_t indatalen,
|
const unsigned char *indata, size_t indatalen,
|
||||||
char **r_buf, size_t *r_buflen)
|
char **r_buf, size_t *r_buflen)
|
||||||
{
|
{
|
||||||
@ -649,7 +673,7 @@ agent_scd_pksign (const char *keyid, int hashalgo,
|
|||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
init_membuf (&data, 1024);
|
init_membuf (&data, 1024);
|
||||||
snprintf (line, DIM(line)-1, "SCD PKSIGN %s", keyid);
|
snprintf (line, DIM(line)-1, "SCD PKSIGN %s", serialno);
|
||||||
line[DIM(line)-1] = 0;
|
line[DIM(line)-1] = 0;
|
||||||
rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data,
|
rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data,
|
||||||
NULL, NULL, NULL, NULL);
|
NULL, NULL, NULL, NULL);
|
||||||
@ -662,25 +686,3 @@ agent_scd_pksign (const char *keyid, int hashalgo,
|
|||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -23,6 +23,7 @@
|
|||||||
|
|
||||||
struct agent_card_info_s {
|
struct agent_card_info_s {
|
||||||
int error; /* private. */
|
int error; /* private. */
|
||||||
|
char *serialno; /* malloced hex string. */
|
||||||
char *disp_name; /* malloced. */
|
char *disp_name; /* malloced. */
|
||||||
char *pubkey_url; /* malloced. */
|
char *pubkey_url; /* malloced. */
|
||||||
char fpr1valid;
|
char fpr1valid;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/* keydb.h - Key database
|
/* keydb.h - Key database
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
* Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -259,6 +259,10 @@ const char *colon_expirestr_from_sig (PKT_signature *sig);
|
|||||||
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
|
byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
|
||||||
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
|
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
|
||||||
|
|
||||||
|
char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
|
||||||
|
PKT_secret_key *sk);
|
||||||
|
|
||||||
|
|
||||||
/*-- kbnode.c --*/
|
/*-- kbnode.c --*/
|
||||||
KBNODE new_kbnode( PACKET *pkt );
|
KBNODE new_kbnode( PACKET *pkt );
|
||||||
KBNODE clone_kbnode( KBNODE node );
|
KBNODE clone_kbnode( KBNODE node );
|
||||||
|
46
g10/keygen.c
46
g10/keygen.c
@ -61,7 +61,8 @@ enum para_name {
|
|||||||
pSUBKEYEXPIRE, /* in n seconds */
|
pSUBKEYEXPIRE, /* in n seconds */
|
||||||
pPASSPHRASE,
|
pPASSPHRASE,
|
||||||
pPASSPHRASE_DEK,
|
pPASSPHRASE_DEK,
|
||||||
pPASSPHRASE_S2K
|
pPASSPHRASE_S2K,
|
||||||
|
pSERIALNO
|
||||||
};
|
};
|
||||||
|
|
||||||
struct para_data_s {
|
struct para_data_s {
|
||||||
@ -115,8 +116,9 @@ static int mdc_available,ks_modify;
|
|||||||
static void do_generate_keypair( struct para_data_s *para,
|
static void do_generate_keypair( struct para_data_s *para,
|
||||||
struct output_control_s *outctrl, int card);
|
struct output_control_s *outctrl, int card);
|
||||||
static int write_keyblock( iobuf_t out, KBNODE node );
|
static int write_keyblock( iobuf_t out, KBNODE node );
|
||||||
static int check_smartcard (void);
|
static int check_smartcard (char **);
|
||||||
static int gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root, u32 expireval);
|
static int gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root,
|
||||||
|
u32 expireval, struct para_data_s *para);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -2078,6 +2080,7 @@ generate_keypair( const char *fname )
|
|||||||
struct para_data_s *para = NULL;
|
struct para_data_s *para = NULL;
|
||||||
struct para_data_s *r;
|
struct para_data_s *r;
|
||||||
struct output_control_s outctrl;
|
struct output_control_s outctrl;
|
||||||
|
char *serialno = NULL;
|
||||||
|
|
||||||
memset (&outctrl, 0, sizeof (outctrl));
|
memset (&outctrl, 0, sizeof (outctrl));
|
||||||
|
|
||||||
@ -2089,7 +2092,8 @@ generate_keypair( const char *fname )
|
|||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
card = check_smartcard ();
|
xfree (serialno); serialno = NULL;
|
||||||
|
card = check_smartcard (&serialno);
|
||||||
if (card < 0)
|
if (card < 0)
|
||||||
return;
|
return;
|
||||||
if (card > 1)
|
if (card > 1)
|
||||||
@ -2097,6 +2101,16 @@ generate_keypair( const char *fname )
|
|||||||
}
|
}
|
||||||
while (card > 1);
|
while (card > 1);
|
||||||
|
|
||||||
|
if (serialno)
|
||||||
|
{
|
||||||
|
r = xcalloc (1, sizeof *r + strlen (serialno) );
|
||||||
|
r->key = pSERIALNO;
|
||||||
|
strcpy( r->u.value, serialno);
|
||||||
|
r->next = para;
|
||||||
|
para = r;
|
||||||
|
xfree (serialno); serialno = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if (card)
|
if (card)
|
||||||
{
|
{
|
||||||
algo = PUBKEY_ALGO_RSA;
|
algo = PUBKEY_ALGO_RSA;
|
||||||
@ -2322,7 +2336,7 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
rc = gen_card_key (PUBKEY_ALGO_RSA, 1, pub_root, sec_root,
|
rc = gen_card_key (PUBKEY_ALGO_RSA, 1, pub_root, sec_root,
|
||||||
get_parameter_u32 (para, pKEYEXPIRE));
|
get_parameter_u32 (para, pKEYEXPIRE), para);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
sk = sec_root->next->pkt->pkt.secret_key;
|
sk = sec_root->next->pkt->pkt.secret_key;
|
||||||
@ -2725,7 +2739,7 @@ smartcard_change_name (const char *current_name)
|
|||||||
2 = generate subkey
|
2 = generate subkey
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
check_smartcard (void)
|
check_smartcard (char **r_serialno)
|
||||||
{
|
{
|
||||||
struct agent_card_info_s info;
|
struct agent_card_info_s info;
|
||||||
int rc;
|
int rc;
|
||||||
@ -2738,7 +2752,8 @@ check_smartcard (void)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
tty_printf (_("OpenPGP card with serial number %s detected\n"), "xxx");
|
tty_printf (_("OpenPGP card no. %s detected\n"),
|
||||||
|
info.serialno? info.serialno : "[none]");
|
||||||
|
|
||||||
|
|
||||||
for (;;)
|
for (;;)
|
||||||
@ -2790,6 +2805,7 @@ check_smartcard (void)
|
|||||||
|
|
||||||
if (reread)
|
if (reread)
|
||||||
{
|
{
|
||||||
|
xfree (info.serialno); info.serialno = NULL;
|
||||||
xfree (info.disp_name); info.disp_name = NULL;
|
xfree (info.disp_name); info.disp_name = NULL;
|
||||||
xfree (info.pubkey_url); info.pubkey_url = NULL;
|
xfree (info.pubkey_url); info.pubkey_url = NULL;
|
||||||
rc = agent_learn (&info);
|
rc = agent_learn (&info);
|
||||||
@ -2803,6 +2819,10 @@ check_smartcard (void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (r_serialno && rc > 0)
|
||||||
|
*r_serialno = info.serialno;
|
||||||
|
else
|
||||||
|
xfree (info.serialno);
|
||||||
xfree (info.disp_name);
|
xfree (info.disp_name);
|
||||||
xfree (info.pubkey_url);
|
xfree (info.pubkey_url);
|
||||||
|
|
||||||
@ -2813,9 +2833,10 @@ check_smartcard (void)
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root,
|
gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root,
|
||||||
u32 expireval)
|
u32 expireval, struct para_data_s *para)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
const char *s;
|
||||||
struct agent_card_genkey_s info;
|
struct agent_card_genkey_s info;
|
||||||
PACKET *pkt;
|
PACKET *pkt;
|
||||||
PKT_secret_key *sk;
|
PKT_secret_key *sk;
|
||||||
@ -2850,7 +2871,7 @@ gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root,
|
|||||||
|
|
||||||
pk = xcalloc (1, sizeof *pk );
|
pk = xcalloc (1, sizeof *pk );
|
||||||
sk = xcalloc (1, sizeof *sk );
|
sk = xcalloc (1, sizeof *sk );
|
||||||
sk->timestamp = pk->timestamp = make_timestamp();
|
sk->timestamp = pk->timestamp = info.created_at;
|
||||||
sk->version = pk->version = 4;
|
sk->version = pk->version = 4;
|
||||||
if (expireval)
|
if (expireval)
|
||||||
sk->expiredate = pk->expiredate = pk->timestamp + expireval;
|
sk->expiredate = pk->expiredate = pk->timestamp + expireval;
|
||||||
@ -2862,6 +2883,13 @@ gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root,
|
|||||||
sk->skey[2] = mpi_set_opaque (NULL, xstrdup ("dummydata"), 10);
|
sk->skey[2] = mpi_set_opaque (NULL, xstrdup ("dummydata"), 10);
|
||||||
sk->is_protected = 1;
|
sk->is_protected = 1;
|
||||||
sk->protect.s2k.mode = 1002;
|
sk->protect.s2k.mode = 1002;
|
||||||
|
s = get_parameter_value (para, pSERIALNO);
|
||||||
|
if (s)
|
||||||
|
{
|
||||||
|
for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
|
||||||
|
sk->protect.ivlen++, s += 2)
|
||||||
|
sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
|
||||||
|
}
|
||||||
|
|
||||||
pkt = xcalloc (1,sizeof *pkt);
|
pkt = xcalloc (1,sizeof *pkt);
|
||||||
pkt->pkttype = keyno == 1 ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
|
pkt->pkttype = keyno == 1 ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
|
||||||
|
30
g10/keyid.c
30
g10/keyid.c
@ -62,7 +62,6 @@ do_fingerprint_md( PKT_public_key *pk )
|
|||||||
|
|
||||||
gcry_md_open (&md, pk->version < 4 ? DIGEST_ALGO_RMD160
|
gcry_md_open (&md, pk->version < 4 ? DIGEST_ALGO_RMD160
|
||||||
: DIGEST_ALGO_SHA1, 0);
|
: DIGEST_ALGO_SHA1, 0);
|
||||||
gcry_md_start_debug (md,"keyid");
|
|
||||||
n = pk->version < 4 ? 8 : 6;
|
n = pk->version < 4 ? 8 : 6;
|
||||||
for(i=0; i < npkey; i++ ) {
|
for(i=0; i < npkey; i++ ) {
|
||||||
size_t nbytes;
|
size_t nbytes;
|
||||||
@ -575,4 +574,33 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Create a serialno/fpr string from the serial number and the secret
|
||||||
|
* key. caller must free the returned string. There is no error
|
||||||
|
* return. */
|
||||||
|
char *
|
||||||
|
serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
|
||||||
|
PKT_secret_key *sk)
|
||||||
|
{
|
||||||
|
unsigned char fpr[MAX_FINGERPRINT_LEN];
|
||||||
|
size_t fprlen;
|
||||||
|
char *buffer, *p;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
fingerprint_from_sk (sk, fpr, &fprlen);
|
||||||
|
buffer = p= xmalloc (snlen*2 + 1 + fprlen*2 + 1);
|
||||||
|
for (i=0; i < snlen; i++, p+=2)
|
||||||
|
sprintf (p, "%02X", sn[i]);
|
||||||
|
*p++ = '/';
|
||||||
|
for (i=0; i < fprlen; i++, p+=2)
|
||||||
|
sprintf (p, "%02X", fpr[i]);
|
||||||
|
*p = 0;
|
||||||
|
return buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -193,7 +193,7 @@ typedef struct {
|
|||||||
* Note about the pkey/skey elements: We assume that the secret keys
|
* Note about the pkey/skey elements: We assume that the secret keys
|
||||||
* has the same elemts as the public key at the begin of the array, so
|
* has the same elemts as the public key at the begin of the array, so
|
||||||
* that npkey < nskey and it is possible to compare the secret and
|
* that npkey < nskey and it is possible to compare the secret and
|
||||||
* public keys by comparing the first npkey elements of pkey againts skey.
|
* public keys by comparing the first npkey elements of pkey against skey.
|
||||||
*/
|
*/
|
||||||
typedef struct {
|
typedef struct {
|
||||||
u32 timestamp; /* key made */
|
u32 timestamp; /* key made */
|
||||||
|
@ -1562,6 +1562,7 @@ parse_key( iobuf_t inp, int pkttype, unsigned long pktlen,
|
|||||||
if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
|
if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
|
||||||
PKT_secret_key *sk = pkt->pkt.secret_key;
|
PKT_secret_key *sk = pkt->pkt.secret_key;
|
||||||
byte temp[16];
|
byte temp[16];
|
||||||
|
size_t snlen = 0;
|
||||||
|
|
||||||
if( !npkey ) {
|
if( !npkey ) {
|
||||||
sk->skey[0] = mpi_set_opaque( NULL,
|
sk->skey[0] = mpi_set_opaque( NULL,
|
||||||
@ -1672,7 +1673,6 @@ parse_key( iobuf_t inp, int pkttype, unsigned long pktlen,
|
|||||||
(ulong)sk->protect.s2k.count);
|
(ulong)sk->protect.s2k.count);
|
||||||
}
|
}
|
||||||
else if( sk->protect.s2k.mode == 1002 ) {
|
else if( sk->protect.s2k.mode == 1002 ) {
|
||||||
size_t snlen;
|
|
||||||
/* Read the serial number. */
|
/* Read the serial number. */
|
||||||
if (pktlen < 1) {
|
if (pktlen < 1) {
|
||||||
rc = GPG_ERR_INV_PACKET;
|
rc = GPG_ERR_INV_PACKET;
|
||||||
@ -1684,17 +1684,6 @@ parse_key( iobuf_t inp, int pkttype, unsigned long pktlen,
|
|||||||
rc = GPG_ERR_INV_PACKET;
|
rc = GPG_ERR_INV_PACKET;
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( list_mode ) {
|
|
||||||
printf("\tserial-number: ");
|
|
||||||
for (;snlen; snlen--)
|
|
||||||
printf ("%02X", (unsigned int)iobuf_get_noeof (inp));
|
|
||||||
putchar ('\n');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
for (;snlen; snlen--)
|
|
||||||
iobuf_get_noeof (inp);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* Note that a sk->protect.algo > 110 is illegal, but I'm
|
/* Note that a sk->protect.algo > 110 is illegal, but I'm
|
||||||
@ -1725,9 +1714,12 @@ parse_key( iobuf_t inp, int pkttype, unsigned long pktlen,
|
|||||||
}
|
}
|
||||||
if( sk->protect.s2k.mode == 1001 )
|
if( sk->protect.s2k.mode == 1001 )
|
||||||
sk->protect.ivlen = 0;
|
sk->protect.ivlen = 0;
|
||||||
else if( sk->protect.s2k.mode == 1002 )
|
else if( sk->protect.s2k.mode == 1002 ) {
|
||||||
sk->protect.ivlen = 0;
|
if (snlen > 16)
|
||||||
|
log_info ("WARNING: serial number of card truncated\n");
|
||||||
|
sk->protect.ivlen = snlen < 16? snlen : 16;
|
||||||
|
|
||||||
|
}
|
||||||
if( pktlen < sk->protect.ivlen ) {
|
if( pktlen < sk->protect.ivlen ) {
|
||||||
rc = GPG_ERR_INV_PACKET;
|
rc = GPG_ERR_INV_PACKET;
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -1735,7 +1727,8 @@ parse_key( iobuf_t inp, int pkttype, unsigned long pktlen,
|
|||||||
for(i=0; i < sk->protect.ivlen && pktlen; i++, pktlen-- )
|
for(i=0; i < sk->protect.ivlen && pktlen; i++, pktlen-- )
|
||||||
temp[i] = iobuf_get_noeof(inp);
|
temp[i] = iobuf_get_noeof(inp);
|
||||||
if( list_mode ) {
|
if( list_mode ) {
|
||||||
printf( "\tprotect IV: ");
|
printf( sk->protect.s2k.mode == 1002? "\tserial-number: "
|
||||||
|
: "\tprotect IV: ");
|
||||||
for(i=0; i < sk->protect.ivlen; i++ )
|
for(i=0; i < sk->protect.ivlen; i++ )
|
||||||
printf(" %02x", temp[i] );
|
printf(" %02x", temp[i] );
|
||||||
putchar('\n');
|
putchar('\n');
|
||||||
|
@ -215,12 +215,14 @@ encode_md_value (int pubkey_algo, gcry_md_hd_t md, int hash_algo,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
gpg_error_t rc;
|
||||||
byte *asn;
|
byte *asn;
|
||||||
size_t asnlen;
|
size_t asnlen;
|
||||||
|
|
||||||
if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, NULL, &asnlen ) )
|
rc = gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, NULL, &asnlen);
|
||||||
|
if (rc)
|
||||||
log_fatal("can't get OID of algo %d: %s\n",
|
log_fatal("can't get OID of algo %d: %s\n",
|
||||||
algo, gcry_strerror(-1));
|
algo, gpg_strerror (rc));
|
||||||
asn = xmalloc (asnlen);
|
asn = xmalloc (asnlen);
|
||||||
if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, asn, &asnlen ) )
|
if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, asn, &asnlen ) )
|
||||||
BUG();
|
BUG();
|
||||||
|
@ -277,13 +277,14 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
|
|||||||
{ /* FIXME: Note that we do only support RSA for now. */
|
{ /* FIXME: Note that we do only support RSA for now. */
|
||||||
char *rbuf;
|
char *rbuf;
|
||||||
size_t rbuflen;
|
size_t rbuflen;
|
||||||
|
char *snbuf;
|
||||||
|
|
||||||
/* FIXME: We need to pass the correct keyid or better the
|
snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
|
||||||
fingerprint to the scdaemon. */
|
rc = agent_scd_pksign (snbuf, digest_algo,
|
||||||
rc = agent_scd_pksign ("nokeyid", digest_algo,
|
|
||||||
gcry_md_read (md, digest_algo),
|
gcry_md_read (md, digest_algo),
|
||||||
gcry_md_get_algo_dlen (digest_algo),
|
gcry_md_get_algo_dlen (digest_algo),
|
||||||
&rbuf, &rbuflen);
|
&rbuf, &rbuflen);
|
||||||
|
xfree (snbuf);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
unsigned int nbytes = rbuflen;
|
unsigned int nbytes = rbuflen;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user