From 4a5bd1720f5a3dbb26f5daeb03725cae29be7e24 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Tue, 6 Oct 2015 15:10:25 +0900 Subject: [PATCH] agent: Fix verification of signature for smartcard. * agent/pksign.c (agent_pksign_do): Use public key smartcard. -- Since gcry_pk_verify can't handle shadowed private key, public key SEXP should be prepared for smartcard. --- agent/pksign.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/agent/pksign.c b/agent/pksign.c index 243c49df9..e079c3f60 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -291,6 +291,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, { gcry_sexp_t s_skey = NULL, s_sig = NULL; gcry_sexp_t s_hash = NULL; + gcry_sexp_t s_pkey = NULL; unsigned char *shadow_info = NULL; unsigned int rc = 0; /* FIXME: gpg-error? */ const unsigned char *data; @@ -331,6 +332,13 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, int is_ECDSA = 0; int is_EdDSA = 0; + rc = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey); + if (rc) + { + log_error ("failed to read the public key\n"); + goto leave; + } + if (agent_is_eddsa_key (s_skey)) is_EdDSA = 1; else @@ -497,7 +505,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, ctrl->digest.raw_value); } - rc = gcry_pk_verify (s_sig, s_hash, s_skey); + rc = gcry_pk_verify (s_sig, s_hash, s_pkey? s_pkey: s_skey); if (rc) { @@ -512,6 +520,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, *signature_sexp = s_sig; + gcry_sexp_release (s_pkey); gcry_sexp_release (s_skey); gcry_sexp_release (s_hash); xfree (shadow_info);