security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. 

(do_generate_keypair): Abd generate the authkey.
(check_smartcard): Changed menu accordingly.
This commit is contained in:
Werner Koch 2003-07-23 07:11:06 +00:00
parent 4622a2180d
commit 44f4303bcf
10 changed files with 272 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
g10/ChangeLog
View File

@ -1,3 +1,17 @@
2003-07-23 Werner Koch <wk@gnupg.org>
* keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards.
(do_generate_keypair): Abd generate the authkey.
(check_smartcard): Changed menu accordingly.
2003-07-22 Werner Koch <wk@gnupg.org>
* g10.c: New command --change-pin.
* card-util.c: New.
* call-agent.c (agent_scd_change_pin): New.
(agent_release_card_info): New.
* keygen.c (check_smartcard): Use it here.
2003-07-16 Werner Koch <wk@gnupg.org>
* export.c (parse_export_options): New option sexp-format.

1
g10/Makefile.am
View File

@ -96,6 +96,7 @@ gpg_SOURCES = g10.c \
keyserver-internal.h \
photoid.c photoid.h \
call-agent.c call-agent.h \
card-util.c \
exec.c exec.h
gpgv_SOURCES = gpgv.c \

52
g10/call-agent.c
View File

@ -449,6 +449,19 @@ agent_havekey (const char *hexkeygrip)
}
/* Release the card info structure INFO. */
void
agent_release_card_info (struct agent_card_info_s *info)
{
if (!info)
return;
xfree (info->serialno); info->serialno = NULL;
xfree (info->disp_name); info->disp_name = NULL;
xfree (info->pubkey_url); info->pubkey_url = NULL;
info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
}
static AssuanError
learn_status_cb (void *opaque, const char *line)
{
@ -509,7 +522,6 @@ agent_learn (struct agent_card_info_s *info)
return map_assuan_err (rc);
}
/* Send an setattr command to the SCdaemon. */
int
@ -672,7 +684,12 @@ agent_scd_pksign (const char *serialno, int hashalgo,
return map_assuan_err (rc);
init_membuf (&data, 1024);
snprintf (line, DIM(line)-1, "SCD PKSIGN %s", serialno);
#if 0
if (!hashalgo) /* Temporary test hack. */
snprintf (line, DIM(line)-1, "SCD PKAUTH %s", serialno);
else
#endif
snprintf (line, DIM(line)-1, "SCD PKSIGN %s", serialno);
line[DIM(line)-1] = 0;
rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data,
NULL, NULL, NULL, NULL);
@ -738,3 +755,34 @@ agent_scd_pkdecrypt (const char *serialno,
return 0;
}
/* Change the PIN of an OpenPGP card or reset the retry counter.
CHVNO 1: Change the digital signature PIN
2: Change the decryption and authentication PIN
3: Change the admin PIN
101: Set a new digital signature PIN and reset the retry counter
102: Set a decryption and authentication PIN
and reset the retry counter
*/
int
agent_scd_change_pin (int chvno)
{
int rc;
char line[ASSUAN_LINELENGTH];
const char *reset = "";
if (chvno >= 100)
reset = "--reset";
chvno %= 100;
rc = start_agent ();
if (rc)
return rc;
snprintf (line, DIM(line)-1, "SCD PASSWD %s %d", reset, chvno);
line[DIM(line)-1] = 0;
rc = assuan_transact (agent_ctx, line, NULL, NULL,
NULL, NULL, NULL, NULL);
return map_assuan_err (rc);
}

6
g10/call-agent.h
View File

@ -42,6 +42,10 @@ struct agent_card_genkey_s {
gcry_mpi_t e;
};
/* Release the card info structure. */
void agent_release_card_info (struct agent_card_info_s *info);
/* Return card info. */
int agent_learn (struct agent_card_info_s *info);
@ -66,6 +70,8 @@ int agent_scd_pkdecrypt (const char *serialno,
const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen);
/* Change the PIN of an OpenPGP card or reset the retry counter. */
int agent_scd_change_pin (int chvno);
#endif /*GNUPG_G10_CALL_AGENT_H*/

117
g10/card-util.c Normal file
View File

@ -0,0 +1,117 @@
/* card-util.c - Utility functions for the OpenPGP card.
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include "gpg.h"
#include "util.h"
#include "i18n.h"
#include "options.h"
#include "main.h"
#include "call-agent.h"
/* Change the PIN of a an OpenPGP card. This is an interactive
function. */
void
change_pin (int chvno)
{
struct agent_card_info_s info;
int rc;
int reset_mode = 0;
rc = agent_learn (&info);
if (rc)
{
log_error (_("OpenPGP card not available: %s\n"),
gpg_strerror (rc));
return;
}
log_info (_("OpenPGP card no. %s detected\n"),
info.serialno? info.serialno : "[none]");
agent_release_card_info (&info);
if (opt.batch)
{
log_error (_("sorry, can't do this in batch mode\n"));
return;
}
for (;;)
{
char *answer;
int reread = 0;
tty_printf ("\n");
tty_printf ("1 - change signature PIN\n"
"2 - change decryption and authentication PIN\n"
"3 - change Admin's PIN\n"
"R - toggle reset retry counter mode\n"
"Q - quit\n");
tty_printf ("\n");
if (reset_mode)
{
tty_printf ("Reset Retry Counter mode active\n");
tty_printf ("\n");
}
answer = cpr_get("cardutil.change_pin.menu",_("Your selection? "));
cpr_kill_prompt();
if (strlen (answer) != 1)
continue;
rc = 0;
if (reset_mode && *answer == '3')
{
tty_printf ("Sorry, reset of the Admin PIN's retry counter "
"is not possible.\n");
}
else if (*answer == '1' || *answer == '2' || *answer == '3')
{
rc = agent_scd_change_pin (*answer - '0' + (reset_mode?100:0));
if (rc)
tty_printf ("Error changing/resetting the PIN: %s\n",
gpg_strerror (rc));
else
tty_printf ("New PIN successfully set.\n");
}
else if (*answer == 'r' || *answer == 'R')
{
reset_mode = !reset_mode;
}
else if (*answer == 'q' || *answer == 'Q')
{
break;
}
}
}

15
g10/g10.c
View File

@ -128,6 +128,7 @@ enum cmd_and_opt_values { aNull = 0,
aPipeMode,
aRebuildKeydbCaches,
aRefreshKeys,
aChangePIN,
oTextmode,
oNoTextmode,
@ -362,6 +363,8 @@ static ARGPARSE_OPTS opts[] = {
{ aExportSecretSub, "export-secret-subkeys" , 256, "@" },
{ aImport, "import", 256 , N_("import/merge keys")},
{ aFastImport, "fast-import", 256 , "@"},
{ aChangePIN, "change-pin", 256, N_("change a card's PIN")},
{ aListPackets, "list-packets",256,N_("list only the sequence of packets")},
{ aExportOwnerTrust,
"export-ownertrust", 256, N_("export the ownertrust values")},
@ -1441,6 +1444,8 @@ main( int argc, char **argv )
case aPipeMode: set_cmd( &cmd, aPipeMode); break;
case aRebuildKeydbCaches: set_cmd( &cmd, aRebuildKeydbCaches); break;
case aChangePIN: set_cmd (&cmd, aChangePIN); break;
case oArmor: opt.armor = 1; opt.no_armor=0; break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
case oQuiet: opt.quiet = 1; break;
@ -2341,6 +2346,7 @@ main( int argc, char **argv )
case aDeArmor:
case aEnArmor:
case aFixTrustDB:
case aChangePIN:
break;
case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
@ -2861,6 +2867,15 @@ main( int argc, char **argv )
keydb_rebuild_caches ();
break;
case aChangePIN:
if (!argc)
change_pin (0);
else if (argc == 1)
change_pin ( atoi (*argv));
else
wrong_args ("--change-pin [no]");
break;
case aListPackets:
opt.list_packets=2;
default:

44
g10/keygen.c
View File

@ -50,6 +50,7 @@ enum para_name {
pSUBKEYTYPE,
pSUBKEYLENGTH,
pSUBKEYUSAGE,
pAUTHKEYTYPE,
pNAMEREAL,
pNAMEEMAIL,
pNAMECOMMENT,
@ -2134,6 +2135,12 @@ generate_keypair( const char *fname )
strcpy (r->u.value, "encrypt");
r->next = para;
para = r;
r = xcalloc (1, sizeof *r + 20 );
r->key = pAUTHKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
}
else
{
@ -2409,6 +2416,18 @@ do_generate_keypair (struct para_data_s *para,
did_sub = 1;
}
if (card && get_parameter (para, pAUTHKEYTYPE))
{
rc = gen_card_key (PUBKEY_ALGO_RSA, 3, pub_root, sec_root,
get_parameter_u32 (para, pKEYEXPIRE), para);
/* FIXME: Change the usage to AUTH. */
if (!rc)
rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_SIG);
if (!rc)
rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_SIG);
}
if (!rc && outctrl->use_files)
{ /* direct write to specified files */
@ -2832,8 +2851,7 @@ check_smartcard (char **r_serialno)
tty_printf ("\n"
"N - change cardholder name\n"
"U - change public key URL\n"
"K - generate signature and encryption key\n"
"A - generate authentication key\n"
"K - generate all keys\n"
"Q - quit\n"
"\n");
@ -2856,7 +2874,8 @@ check_smartcard (char **r_serialno)
else if ( *answer == 'K' || *answer == 'k')
{
if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
|| (info.fpr2valid && !fpr_is_zero (info.fpr2)))
|| (info.fpr2valid && !fpr_is_zero (info.fpr2))
|| (info.fpr3valid && !fpr_is_zero (info.fpr3)))
{
tty_printf ("\n");
log_error ("WARNING: key does already exists!\n");
@ -2874,11 +2893,6 @@ check_smartcard (char **r_serialno)
break;
}
}
else if ( *answer == 'A' || *answer == 'a' )
{
tty_printf (_("Generation of authentication key"
" not yet implemented\n"));
}
else if ( *answer == 'q' || *answer == 'Q')
{
rc = -1;
@ -2887,9 +2901,7 @@ check_smartcard (char **r_serialno)
if (reread)
{
xfree (info.serialno); info.serialno = NULL;
xfree (info.disp_name); info.disp_name = NULL;
xfree (info.pubkey_url); info.pubkey_url = NULL;
agent_release_card_info (&info);
rc = agent_learn (&info);
if (rc)
{
@ -2902,11 +2914,11 @@ check_smartcard (char **r_serialno)
}
if (r_serialno && rc > 0)
*r_serialno = info.serialno;
else
xfree (info.serialno);
xfree (info.disp_name);
xfree (info.pubkey_url);
{
*r_serialno = info.serialno;
info.serialno = NULL;
}
agent_release_card_info (&info);
return rc;
}

2
g10/keyid.c
View File

@ -62,7 +62,7 @@ do_fingerprint_md( PKT_public_key *pk )
gcry_md_open (&md, pk->version < 4 ? DIGEST_ALGO_RMD160
: DIGEST_ALGO_SHA1, 0);
gcry_md_start_debug (md, "fpr");
n = pk->version < 4 ? 8 : 6;
for(i=0; i < npkey; i++ ) {
size_t nbytes;

3
g10/main.h
View File

@ -254,6 +254,9 @@ int hash_datafiles( MD_HANDLE md, MD_HANDLE md2,
/*-- pipemode.c --*/
void run_in_pipemode (void);
/*-- card-util.c --*/
void change_pin (int no);
/*-- signal.c --*/
void init_signals(void);
void pause_on_sigusr( int which );

38
g10/sign.c
View File

@ -275,7 +275,43 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
sig->digest_algo = digest_algo;
sig->digest_start[0] = dp[0];
sig->digest_start[1] = dp[1];
if (sk->is_protected && sk->protect.s2k.mode == 1002)
#if 0
if (sk->is_protected && sk->protect.s2k.mode == 1002 && !sk->is_primary)
{ /* Temporary hack to test tey auth command. */
char *rbuf;
size_t rbuflen;
char *snbuf;
char *tmpbuf;
size_t tmp_n;
frame = encode_md_value( sk->pubkey_algo, md,
digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
if (!frame)
return GPG_ERR_GENERAL;
if (gcry_mpi_aprint (GCRYMPI_FMT_USG, (void **)&tmpbuf, &tmp_n, frame ))
BUG ();
for (; tmp_n && *tmpbuf; tmp_n--, tmpbuf++)
;
assert (tmp_n);
tmp_n--;
tmpbuf++;
snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
rc = agent_scd_pksign (snbuf, 0,
tmpbuf, tmp_n,
&rbuf, &rbuflen);
xfree (snbuf);
if (!rc)
{
unsigned int nbytes = rbuflen;
if (gcry_mpi_scan (&sig->data[0], GCRYMPI_FMT_USG, rbuf, &nbytes ))
BUG ();
}
}
else
#endif
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{ /* FIXME: Note that we do only support RSA for now. */
char *rbuf;
size_t rbuflen;