mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-07 23:27:48 +02:00
scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.
* scd/app-openpgp.c (check_keyidstr): Add optional arg r_use_auth to test also for OpenPGP.3. (do_sign): Enable that new mode. -- This is very useful to allow gpgsm to use a certificate based on the OpenPGP card's authentication key. That key is usually used for ssh but it makes sense to use it also for user certificate based authentication. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
e06a8e3e87
commit
4c4999b818
|
@ -4755,9 +4755,12 @@ check_against_given_fingerprint (app_t app, const char *fpr, int key)
|
||||||
|
|
||||||
When KEYNO is 0 and KEYIDSTR is for a keygrip, the keygrip should
|
When KEYNO is 0 and KEYIDSTR is for a keygrip, the keygrip should
|
||||||
be to be compared is the first one (keygrip for signing).
|
be to be compared is the first one (keygrip for signing).
|
||||||
|
When KEYNO is 1, KEYIDSTR is for a keygrip, and R_USE_AUTH is not
|
||||||
|
NULL, OpenPGP.1 is first tested and then OpenPGP.3. In the latter
|
||||||
|
case 1 is stored at R_USE_AUTH
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
check_keyidstr (app_t app, const char *keyidstr, int keyno)
|
check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
const char *s;
|
const char *s;
|
||||||
|
@ -4765,6 +4768,9 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno)
|
||||||
const char *fpr = NULL;
|
const char *fpr = NULL;
|
||||||
unsigned char tmp_sn[20]; /* Actually 16 bytes but also for the fpr. */
|
unsigned char tmp_sn[20]; /* Actually 16 bytes but also for the fpr. */
|
||||||
|
|
||||||
|
if (r_use_auth)
|
||||||
|
*r_use_auth = 0;
|
||||||
|
|
||||||
if (strlen (keyidstr) < 32)
|
if (strlen (keyidstr) < 32)
|
||||||
return gpg_error (GPG_ERR_INV_ID);
|
return gpg_error (GPG_ERR_INV_ID);
|
||||||
else
|
else
|
||||||
|
@ -4780,6 +4786,13 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno)
|
||||||
keygrip_str = app->app_local->pk[keyno?keyno-1:0].keygrip_str;
|
keygrip_str = app->app_local->pk[keyno?keyno-1:0].keygrip_str;
|
||||||
if (!strncmp (keygrip_str, keyidstr, 40))
|
if (!strncmp (keygrip_str, keyidstr, 40))
|
||||||
return 0;
|
return 0;
|
||||||
|
else if (keyno == 1 && r_use_auth
|
||||||
|
&& !strncmp (app->app_local->pk[2].keygrip_str,
|
||||||
|
keyidstr, 40))
|
||||||
|
{
|
||||||
|
*r_use_auth = 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
return gpg_error (GPG_ERR_INV_ID);
|
return gpg_error (GPG_ERR_INV_ID);
|
||||||
}
|
}
|
||||||
|
@ -4902,7 +4915,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
|
||||||
use_auth = 1;
|
use_auth = 1;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
rc = check_keyidstr (app, keyidstr, 1);
|
rc = check_keyidstr (app, keyidstr, 1, &use_auth);
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -5057,7 +5070,7 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
|
||||||
;
|
;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
rc = check_keyidstr (app, keyidstr, 3);
|
rc = check_keyidstr (app, keyidstr, 3, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -5112,7 +5125,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
|
||||||
;
|
;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
rc = check_keyidstr (app, keyidstr, 2);
|
rc = check_keyidstr (app, keyidstr, 2, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -5338,7 +5351,7 @@ do_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
|
||||||
if (!keyidstr || !*keyidstr)
|
if (!keyidstr || !*keyidstr)
|
||||||
return gpg_error (GPG_ERR_INV_VALUE);
|
return gpg_error (GPG_ERR_INV_VALUE);
|
||||||
|
|
||||||
rc = check_keyidstr (app, keyidstr, 0);
|
rc = check_keyidstr (app, keyidstr, 0, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user