security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

Changes to be used with the new libksba interface. 

libgcrypt-1.1.5 is required (cvs or tarball)
This commit is contained in:
Werner Koch 2001-12-18 17:37:48 +00:00
parent 73d2214abb
commit 56172ce393
16 changed files with 228 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
kbx/ChangeLog
View File

@ -1,3 +1,14 @@
2001-12-18 Werner Koch <wk@gnupg.org>
* keybox-blob.c (_keybox_create_x509_blob): Use
gcry_sexp_canon_len to get the length of the serial number.
(_keybox_release_blob): Need to use a new serialbuf to free the memory.
2001-12-17 Werner Koch <wk@gnupg.org>
* keybox-search.c: Changed the way the serial number is
represented.
2001-12-15 Werner Koch <wk@gnupg.org> 2001-12-15 Werner Koch <wk@gnupg.org>
* keybox-search.c (blob_cmp_name): There is no terminating 0 stored * keybox-search.c (blob_cmp_name): There is no terminating 0 stored

14
kbx/keybox-blob.c
View File

@ -172,7 +172,8 @@ struct keyboxblob {
size_t bloblen; size_t bloblen;
/* stuff used only by keybox_create_blob */ /* stuff used only by keybox_create_blob */
unsigned char *serial; unsigned char *serialbuf;
const unsigned char *serial;
size_t seriallen; size_t seriallen;
int nkeys; int nkeys;
struct keyboxblob_key *keys; struct keyboxblob_key *keys;
@ -820,7 +821,14 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
p = ksba_cert_get_serial (cert); p = ksba_cert_get_serial (cert);
if (p) if (p)
{ {
size_t n = (p[0] << 24) | (p[1] << 16) | (p[2] <<8) | p[3]; size_t n;
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
if (!n)
return KEYBOX_General_Error;
blob->serialbuf = p;
for (; n && *p != ':'; n--, p++)
;
p++;
blob->seriallen = n; blob->seriallen = n;
blob->serial = p; blob->serial = p;
} }
@ -960,7 +968,7 @@ _keybox_release_blob (KEYBOXBLOB blob)
return; return;
/* hmmm: release membuf here?*/ /* hmmm: release membuf here?*/
xfree (blob->keys ); xfree (blob->keys );
xfree (blob->serial); xfree (blob->serialbuf);
for (i=0; i < blob->nuids; i++) for (i=0; i < blob->nuids; i++)
xfree (blob->uids[i].name); xfree (blob->uids[i].name);
xfree (blob->uids ); xfree (blob->uids );

2
kbx/keybox-search-desc.h
View File

@ -53,7 +53,7 @@ struct keydb_search_desc {
int (*skipfnc)(void *,void*); /* used to be: void*, u32* */ int (*skipfnc)(void *,void*); /* used to be: void*, u32* */
void *skipfncvalue; void *skipfncvalue;
const unsigned char *sn; const unsigned char *sn;
int sn_is_string; /* very ugly */ int snlen; /* -1 := sn is a hex string */
union { union {
const char *name; const char *name;
unsigned char fpr[24]; unsigned char fpr[24];

59
kbx/keybox-search.c
View File

@ -30,6 +30,12 @@
*(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
struct sn_array_s {
int snlen;
unsigned char *sn;
};
static ulong static ulong
get32 (const byte *buffer) get32 (const byte *buffer)
@ -68,18 +74,14 @@ blob_get_type (KEYBOXBLOB blob)
static int static int
blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn) blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
{ {
size_t snlen;
const unsigned char *buffer; const unsigned char *buffer;
size_t length; size_t length;
size_t pos, off; size_t pos, off;
size_t nkeys, keyinfolen; size_t nkeys, keyinfolen;
size_t nserial; size_t nserial;
snlen = (sn[0] << 24) | (sn[1] << 16) | (sn[2] << 8) | sn[3];
sn += 4;
buffer = _keybox_get_blob_image (blob, &length); buffer = _keybox_get_blob_image (blob, &length);
if (length < 40) if (length < 40)
return 0; /* blob too short */ return 0; /* blob too short */
@ -284,7 +286,8 @@ has_issuer (KEYBOXBLOB blob, const char *name)
} }
static int static int
has_issuer_sn (KEYBOXBLOB blob, const char *name, const unsigned char *sn) has_issuer_sn (KEYBOXBLOB blob, const char *name,
const unsigned char *sn, int snlen)
{ {
size_t namelen; size_t namelen;
@ -296,18 +299,18 @@ has_issuer_sn (KEYBOXBLOB blob, const char *name, const unsigned char *sn)
namelen = strlen (name); namelen = strlen (name);
return (blob_cmp_sn (blob, sn) return (blob_cmp_sn (blob, sn, snlen)
&& blob_cmp_name (blob, 0 /* issuer */, name, namelen)); && blob_cmp_name (blob, 0 /* issuer */, name, namelen));
} }
static int static int
has_sn (KEYBOXBLOB blob, const unsigned char *sn) has_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
{ {
return_val_if_fail (sn, 0); return_val_if_fail (sn, 0);
if (blob_get_type (blob) != BLOBTYPE_X509) if (blob_get_type (blob) != BLOBTYPE_X509)
return 0; return 0;
return blob_cmp_sn (blob, sn); return blob_cmp_sn (blob, sn, snlen);
} }
static int static int
@ -357,12 +360,12 @@ has_mail (KEYBOXBLOB blob, const char *name)
static void static void
release_sn_array (unsigned char **array, size_t size) release_sn_array (struct sn_array_s *array, size_t size)
{ {
size_t n; size_t n;
for (n=0; n < size; n++) for (n=0; n < size; n++)
xfree (array[n]); xfree (array[n].sn);
xfree (array); xfree (array);
} }
@ -402,7 +405,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
size_t n; size_t n;
int need_words, any_skip; int need_words, any_skip;
KEYBOXBLOB blob = NULL; KEYBOXBLOB blob = NULL;
unsigned char **sn_array = NULL; struct sn_array_s *sn_array = NULL;
if (!hd) if (!hd)
return KEYBOX_Invalid_Value; return KEYBOX_Invalid_Value;
@ -437,7 +440,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
} }
if (desc[n].skipfnc) if (desc[n].skipfnc)
any_skip = 1; any_skip = 1;
if (desc[n].sn_is_string && !sn_array) if (desc[n].snlen == -1 && !sn_array)
{ {
sn_array = xtrycalloc (ndesc, sizeof *sn_array); sn_array = xtrycalloc (ndesc, sizeof *sn_array);
if (!sn_array) if (!sn_array)
@ -469,7 +472,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
{ {
if (!desc[n].sn) if (!desc[n].sn)
; ;
else if (desc[n].sn_is_string) else if (desc[n].snlen == -1)
{ {
unsigned char *sn; unsigned char *sn;
@ -478,13 +481,14 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
; ;
odd = (i & 1); odd = (i & 1);
snlen = (i+1)/2; snlen = (i+1)/2;
sn_array[n] = xtrymalloc (4+snlen); sn_array[n].sn = xtrymalloc (snlen);
if (!sn_array[n]) if (!sn_array[n].sn)
{ {
release_sn_array (sn_array, n); release_sn_array (sn_array, n);
return (hd->error = KEYBOX_Out_Of_Core); return (hd->error = KEYBOX_Out_Of_Core);
} }
sn = sn_array[n] + 4; sn_array[n].snlen = snlen;
sn = sn_array[n].sn;
s = desc[n].sn; s = desc[n].sn;
if (odd) if (odd)
{ {
@ -493,26 +497,21 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
} }
for (; *s && *s != '/'; s += 2) for (; *s && *s != '/'; s += 2)
*sn++ = xtoi_2 (s); *sn++ = xtoi_2 (s);
assert (sn - sn_array[n] == 4+snlen);
sn = sn_array[n];
sn[0] = snlen >> 24;
sn[1] = snlen >> 16;
sn[2] = snlen >> 8;
sn[3] = snlen;
} }
else else
{ {
const unsigned char *sn; const unsigned char *sn;
sn = desc[n].sn; sn = desc[n].sn;
snlen = (sn[0] << 24) | (sn[1] << 16) | (sn[2] << 8) | sn[3]; snlen = desc[n].snlen;
sn_array[n] = xtrymalloc (4+snlen); sn_array[n].sn = xtrymalloc (snlen);
if (!sn_array[n]) if (!sn_array[n].sn)
{ {
release_sn_array (sn_array, n); release_sn_array (sn_array, n);
return (hd->error = KEYBOX_Out_Of_Core); return (hd->error = KEYBOX_Out_Of_Core);
} }
memcpy (sn_array[n], sn, 4+snlen); sn_array[n].snlen = snlen;
memcpy (sn_array[n].sn, sn, snlen);
} }
} }
} }
@ -552,11 +551,13 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
break; break;
case KEYDB_SEARCH_MODE_ISSUER_SN: case KEYDB_SEARCH_MODE_ISSUER_SN:
if (has_issuer_sn (blob, desc[n].u.name, if (has_issuer_sn (blob, desc[n].u.name,
sn_array? sn_array[n] : desc[n].sn)) sn_array? sn_array[n].sn : desc[n].sn,
sn_array? sn_array[n].snlen : desc[n].snlen))
goto found; goto found;
break; break;
case KEYDB_SEARCH_MODE_SN: case KEYDB_SEARCH_MODE_SN:
if (has_sn (blob, sn_array? sn_array[n] : desc[n].sn)) if (has_sn (blob, sn_array? sn_array[n].sn : desc[n].sn,
sn_array? sn_array[n].snlen : desc[n].snlen))
goto found; goto found;
break; break;
case KEYDB_SEARCH_MODE_SUBJECT: case KEYDB_SEARCH_MODE_SUBJECT:

33
sm/ChangeLog
View File

@ -1,5 +1,38 @@
2001-12-18 Werner Koch <wk@gnupg.org>
* verify.c (print_integer_sexp): Renamed from print_integer and
print the serial number according to the S-Exp rules.
* decrypt.c (print_integer_sexp): Ditto.
2001-12-17 Werner Koch <wk@gnupg.org>
* keylist.c (list_cert_colon): Changed for new return value of
get_serial.
* keydb.c (keydb_search_issuer_sn): Ditto.
* certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp
returingin functions.
* fingerprint.c (gpgsm_get_keygrip): Ditto.
* encrypt.c (encrypt_dek): Ditto
* certcheck.c (gpgsm_check_cms_signature): Ditto
* decrypt.c (prepare_decryption): Ditto.
* call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen,
use KsbaSexp type and calculate the length.
* certdump.c (print_sexp): Remaned from print_integer, changed caller.
* Makefile.am: Use the LIBGCRYPT and LIBKSBA variables.
* fingerprint.c (gpgsm_get_keygrip): Use the new
gcry_pk_get_keygrip to calculate the grip - note the algorithm and
therefore the grip values changed.
2001-12-15 Werner Koch <wk@gnupg.org> 2001-12-15 Werner Koch <wk@gnupg.org>
* certcheck.c (gpgsm_check_cms_signature): Removed the faked-key
kludge.
(gpgsm_create_cms_signature): Removed the commented fake key
code. This makes the function pretty simple.
* gpgsm.c (main): Renamed the default key database to "keyring.kbx". * gpgsm.c (main): Renamed the default key database to "keyring.kbx".
* decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*. * decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*.

8
sm/Makefile.am
View File

@ -20,9 +20,9 @@
bin_PROGRAMS = gpgsm bin_PROGRAMS = gpgsm
INCLUDES = -I$(top_srcdir)/common -I$(top_srcdir)/intl INCLUDES = -I$(top_srcdir)/common -I$(top_srcdir)/intl \
$(LIBGCRYPT_CFLAGS) $(LIBKSBA_CFLAGS)
LDFLAGS = @LDFLAGS@ LDFLAGS = @LDFLAGS@
#$(LIBGCRYPT_LIBS)
gpgsm_SOURCES = \ gpgsm_SOURCES = \
gpgsm.c gpgsm.h \ gpgsm.c gpgsm.h \
@ -45,8 +45,6 @@ gpgsm_SOURCES = \
gpgsm_LDADD = ../jnlib/libjnlib.a ../assuan/libassuan.a ../kbx/libkeybox.a \ gpgsm_LDADD = ../jnlib/libjnlib.a ../assuan/libassuan.a ../kbx/libkeybox.a \
../common/libcommon.a \ ../common/libcommon.a $(LIBGCRYPT_LIBS) $(LIBKSBA_LIBS)
../../libksba/src/.libs/libksba.a \
../../libgcrypt/src/.libs/libgcrypt.so.1

7
sm/call-agent.c
View File

@ -273,7 +273,7 @@ inq_ciphertext_cb (void *opaque, const char *keyword)
the hex string KEYGRIP. */ the hex string KEYGRIP. */
int int
gpgsm_agent_pkdecrypt (const char *keygrip, gpgsm_agent_pkdecrypt (const char *keygrip,
const char *ciphertext, size_t ciphertextlen, KsbaConstSexp ciphertext,
char **r_buf, size_t *r_buflen ) char **r_buf, size_t *r_buflen )
{ {
int rc; int rc;
@ -282,11 +282,16 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
struct cipher_parm_s cipher_parm; struct cipher_parm_s cipher_parm;
size_t n, len; size_t n, len;
char *buf, *endp; char *buf, *endp;
size_t ciphertextlen;
if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen) if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
return GNUPG_Invalid_Value; return GNUPG_Invalid_Value;
*r_buf = NULL; *r_buf = NULL;
ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
if (!ciphertextlen)
return GNUPG_Invalid_Value;
rc = start_agent (); rc = start_agent ();
if (rc) if (rc)
return rc; return rc;

147
sm/certcheck.c
View File

@ -107,7 +107,8 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
GCRY_MD_HD md; GCRY_MD_HD md;
int rc, algo; int rc, algo;
GCRY_MPI frame; GCRY_MPI frame;
char *p; KsbaSexp p;
size_t n;
GCRY_SEXP s_sig, s_hash, s_pkey; GCRY_SEXP s_sig, s_hash, s_pkey;
algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert))); algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert)));
@ -132,11 +133,14 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
} }
gcry_md_final (md); gcry_md_final (md);
p = ksba_cert_get_sig_val (cert); /* fixme: check p*/ p = ksba_cert_get_sig_val (cert);
if (DBG_X509) n = gcry_sexp_canon_len (p, 0, NULL, NULL);
log_debug ("signature: %s\n", p); if (!n)
{
rc = gcry_sexp_sscan ( &s_sig, NULL, p, strlen(p)); log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug;
}
rc = gcry_sexp_sscan ( &s_sig, NULL, p, n);
if (rc) if (rc)
{ {
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
@ -144,10 +148,13 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
} }
p = ksba_cert_get_public_key (issuer_cert); p = ksba_cert_get_public_key (issuer_cert);
if (DBG_X509) n = gcry_sexp_canon_len (p, 0, NULL, NULL);
log_debug ("issuer public key: %s\n", p); if (!n)
{
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p)); log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug;
}
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
if (rc) if (rc)
{ {
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
@ -174,46 +181,38 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
int int
gpgsm_check_cms_signature (KsbaCert cert, const char *sigval, gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
GCRY_MD_HD md, int algo) GCRY_MD_HD md, int algo)
{ {
int rc; int rc;
char *p; KsbaSexp p;
GCRY_MPI frame; GCRY_MPI frame;
GCRY_SEXP s_sig, s_hash, s_pkey; GCRY_SEXP s_sig, s_hash, s_pkey;
size_t n;
rc = gcry_sexp_sscan (&s_sig, NULL, sigval, strlen(sigval)); n = gcry_sexp_canon_len (sigval, 0, NULL, NULL);
if (!n)
{
log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug;
}
rc = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
if (rc) if (rc)
{ {
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
return map_gcry_err (rc); return map_gcry_err (rc);
} }
if (getenv ("GPGSM_FAKE_KEY")) p = ksba_cert_get_public_key (cert);
{
const char n[] = "#8732A669BB7C5057AD070EFA54E035C86DF474F7A7EBE2435"
"3DADEB86FFE74C32AEEF9E5C6BD7584CB572520167B3E8C89A1FA75C74FF9E938"
"2710F3B270B638EB96E7486491D81C53CA8A50B4E840B1C7458A4A1E52EC18D681"
"8A2805C9165827F77EF90D55014E4B2AF9386AE8F6462F46A547CB593ABD509311"
"4D3D16375F#";
const char e[] = "#11#";
char *tmp;
log_debug ("Using HARDWIRED public key\n");
asprintf (&tmp, "(public-key(rsa(n %s)(e %s)))", n, e);
/* asprintf does not use our allocation fucntions, so we can't
use our free */
p = xstrdup (tmp);
free (tmp);
}
else
{
p = ksba_cert_get_public_key (cert);
}
if (DBG_X509) if (DBG_X509)
log_debug ("public key: %s\n", p); log_debug ("public key: %s\n", p);
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p)); n = gcry_sexp_canon_len (p, 0, NULL, NULL);
if (!n)
{
log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug;
}
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
if (rc) if (rc)
{ {
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
@ -244,78 +243,6 @@ int
gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo, gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
char **r_sigval) char **r_sigval)
{ {
#if 0
/* our sample key */
const char n[] = "#8732A669BB7C5057AD070EFA54E035C86DF474F7A7EBE2435"
"3DADEB86FFE74C32AEEF9E5C6BD7584CB572520167B3E8C89A1FA75C74FF9E938"
"2710F3B270B638EB96E7486491D81C53CA8A50B4E840B1C7458A4A1E52EC18D681"
"8A2805C9165827F77EF90D55014E4B2AF9386AE8F6462F46A547CB593ABD509311"
"4D3D16375F#";
const char e[] = "#11#";
const char d[] = "#07F3EBABDDDA22D7FB1E8869140D30571586D9B4370DE02213F"
"DD0DDAC3C24FC6BEFF0950BB0CAAD755F7AA788DA12BCF90987341AC8781CC7115"
"B59A115B05D9D99B3D7AF77854DC2EE6A36154512CC0EAD832601038A88E837112"
"AB2A39FD9FBE05E30D6FFA6F43D71C59F423CA43BC91C254A8C89673AB61F326B0"
"762FBC9#";
const char p[] = "#B2ABAD4328E66303E206C53CFBED17F18F712B1C47C966EE13DD"
"AA9AD3616A610ADF513F8376FA48BAE12FED64CECC1E73091A77B45119AF0FC1286A"
"85BD9BBD#";
const char q[] = "#C1B648B294BB9AEE7FEEB77C4F64E9333E4EA9A7C54D521356FB"
"BBB7558A0E7D6331EC7B42E3F0CD7BBBA9B7A013422F615F10DCC1E8462828BF8FC7"
"39C5E34B#";
const char u[] = "#A9B5EFF9C80A4A356B9A95EB63E381B262071E5CE9C1F32FF03"
"83AD8289BED8BC690555E54411FA2FDB9B49638A21B2046C325F5633B4B1ECABEBFD"
"1B3519072#";
GCRY_SEXP s_skey, s_hash, s_sig;
GCRY_MPI frame;
int rc;
char *buf;
size_t len;
/* create a secret key as an sexp */
log_debug ("Using HARDWIRED secret key\n");
asprintf (&buf, "(private-key(oid.1.2.840.113549.1.1.1"
"(n %s)(e %s)(d %s)(p %s)(q %s)(u %s)))",
n, e, d, p, q, u);
/* asprintf does not use our allocation fucntions, so we can't
use our free */
rc = gcry_sexp_sscan (&s_skey, NULL, buf, strlen(buf));
free (buf);
if (rc)
{
log_error ("failed to build S-Exp: %s\n", gcry_strerror (rc));
return map_gcry_err (rc);
}
/* put the hash into a sexp */
rc = do_encode_md (md, mdalgo, gcry_pk_get_nbits (s_skey), &frame);
if (rc)
{
/* fixme: clean up some things */
return rc;
}
if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
BUG ();
/* sign */
rc = gcry_pk_sign (&s_sig, s_hash, s_skey);
if (rc)
{
log_error ("signing failed: %s\n", gcry_strerror (rc));
return map_gcry_err (rc);
}
len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len);
buf = xmalloc (len);
len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
*r_sigval = buf;
#else
int rc; int rc;
char *grip; char *grip;
size_t siglen; size_t siglen;
@ -330,10 +257,8 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
xfree (grip); xfree (grip);
/* FIXME: we should check that the returnes S-Exp is valid fits int /* FIXME: we should check that the returnes S-Exp is valid fits int
siglen. It ould probaly be a good idea to scan and print it siglen. It ould probaly be a good idea to scan and print it
again to make this sure and be sure that we have canocical again to make this sure and be sure that we have canoncical
encoding */ encoding */
#endif
return rc; return rc;
} }

26
sm/certdump.c
View File

@ -34,20 +34,29 @@
#include "keydb.h" #include "keydb.h"
static void static void
print_integer (unsigned char *p) print_sexp (KsbaConstSexp p)
{ {
unsigned long len; unsigned long n;
KsbaConstSexp endp;
if (!p) if (!p)
log_printf ("none"); log_printf ("none");
else else
{ {
len = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; n = strtoul (p, (char**)&endp, 10);
for (p+=4; len; len--, p++) p = endp;
log_printf ("%02X", *p); if (*p!=':')
log_printf ("ERROR - invalid value");
else
{
for (p++; n; n--, p++)
log_printf ("%02X", *p);
}
} }
} }
static void static void
print_time (time_t t) print_time (time_t t)
{ {
@ -81,6 +90,7 @@ print_dn (char *p)
void void
gpgsm_dump_cert (const char *text, KsbaCert cert) gpgsm_dump_cert (const char *text, KsbaCert cert)
{ {
KsbaSexp sexp;
unsigned char *p; unsigned char *p;
char *dn; char *dn;
time_t t; time_t t;
@ -88,10 +98,10 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
log_debug ("BEGIN Certificate `%s':\n", text? text:""); log_debug ("BEGIN Certificate `%s':\n", text? text:"");
if (cert) if (cert)
{ {
p = ksba_cert_get_serial (cert); sexp = ksba_cert_get_serial (cert);
log_debug (" serial: "); log_debug (" serial: ");
print_integer (p); print_sexp (sexp);
ksba_free (p); ksba_free (sexp);
log_printf ("\n"); log_printf ("\n");
t = ksba_cert_get_validity (cert, 0); t = ksba_cert_get_validity (cert, 0);

27
sm/decrypt.c
View File

@ -51,7 +51,7 @@ struct decrypt_filter_parm_s {
static void static void
print_integer (unsigned char *p) print_integer_sexp (unsigned char *p)
{ {
unsigned long len; unsigned long len;
@ -59,23 +59,30 @@ print_integer (unsigned char *p)
log_printf ("none"); log_printf ("none");
else else
{ {
len = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; len = gcry_sexp_canon_len (p, 0, NULL, NULL);
for (p+=4; len; len--, p++) if (!len)
log_printf ("%02X", *p); log_printf ("invalid encoding");
else
{
for (; len && *p != ':'; len--, p++)
;
for (p++; len; len--, p++)
log_printf ("%02X", *p);
}
} }
} }
/* decrypt the session key and fill in the parm structure. The /* decrypt the session key and fill in the parm structure. The
algo and the IV is expected to be already in PARM. */ algo and the IV is expected to be already in PARM. */
static int static int
prepare_decryption (const char *hexkeygrip, const char *enc_val, prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
struct decrypt_filter_parm_s *parm) struct decrypt_filter_parm_s *parm)
{ {
char *seskey = NULL; char *seskey = NULL;
size_t n, seskeylen; size_t n, seskeylen;
int rc; int rc;
rc = gpgsm_agent_pkdecrypt (hexkeygrip, enc_val, strlen (enc_val), rc = gpgsm_agent_pkdecrypt (hexkeygrip, enc_val,
&seskey, &seskeylen); &seskey, &seskeylen);
if (rc) if (rc)
{ {
@ -348,8 +355,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
for (recp=0; recp < 1; recp++) for (recp=0; recp < 1; recp++)
{ {
char *issuer; char *issuer;
unsigned char *serial; KsbaSexp serial;
char *enc_val; KsbaSexp enc_val;
char *hexkeygrip = NULL; char *hexkeygrip = NULL;
err = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); err = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
@ -363,7 +370,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
log_debug ("recp %d - issuer: `%s'\n", log_debug ("recp %d - issuer: `%s'\n",
recp, issuer? issuer:"[NONE]"); recp, issuer? issuer:"[NONE]");
log_debug ("recp %d - serial: ", recp); log_debug ("recp %d - serial: ", recp);
print_integer (serial); print_integer_sexp (serial);
log_printf ("\n"); log_printf ("\n");
keydb_search_reset (kh); keydb_search_reset (kh);
@ -395,8 +402,6 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
recp); recp);
else else
{ {
log_debug ("recp %d - enc-val: `%s'\n",
recp, enc_val);
rc = prepare_decryption (hexkeygrip, enc_val, rc = prepare_decryption (hexkeygrip, enc_val,
&dfparm); &dfparm);
xfree (enc_val); xfree (enc_val);

10
sm/encrypt.c
View File

@ -247,7 +247,7 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
{ {
GCRY_SEXP s_ciph, s_data, s_pkey; GCRY_SEXP s_ciph, s_data, s_pkey;
int rc; int rc;
char *buf; KsbaSexp buf;
size_t len; size_t len;
*encval = NULL; *encval = NULL;
@ -259,7 +259,13 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
log_error ("no public key for recipient\n"); log_error ("no public key for recipient\n");
return GNUPG_No_Public_Key; return GNUPG_No_Public_Key;
} }
rc = gcry_sexp_sscan (&s_pkey, NULL, buf, strlen(buf)); len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
if (!len)
{
log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug;
}
rc = gcry_sexp_sscan (&s_pkey, NULL, buf, len);
xfree (buf); buf = NULL; xfree (buf); buf = NULL;
if (rc) if (rc)
{ {

35
sm/fingerprint.c
View File

@ -125,7 +125,7 @@ gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo)
} }
/* Return the sop called KEYGRIP which is the SHA-1 hash of the public /* Return the so called KEYGRIP which is the SHA-1 hash of the public
key parameters expressed as an canoncial encoded S-Exp. array must key parameters expressed as an canoncial encoded S-Exp. array must
be 20 bytes long. returns the array or a newly allocated one if the be 20 bytes long. returns the array or a newly allocated one if the
passed one was NULL */ passed one was NULL */
@ -133,8 +133,9 @@ char *
gpgsm_get_keygrip (KsbaCert cert, char *array) gpgsm_get_keygrip (KsbaCert cert, char *array)
{ {
GCRY_SEXP s_pkey; GCRY_SEXP s_pkey;
int rc, len; int rc;
char *buf, *p; KsbaSexp p;
size_t n;
p = ksba_cert_get_public_key (cert); p = ksba_cert_get_public_key (cert);
if (!p) if (!p)
@ -142,25 +143,27 @@ gpgsm_get_keygrip (KsbaCert cert, char *array)
if (DBG_X509) if (DBG_X509)
log_debug ("get_keygrip for public key: %s\n", p); log_debug ("get_keygrip for public key: %s\n", p);
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p)); n = gcry_sexp_canon_len (p, 0, NULL, NULL);
if (!n)
{
log_error ("libksba did not return a proper S-Exp\n");
return NULL;
}
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
xfree (p);
if (rc) if (rc)
{ {
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
return NULL; return NULL;
} }
/* and now convert it into canoncial form - fixme: we should modify array = gcry_pk_get_keygrip (s_pkey, array);
libksba to return it in this form */ gcry_sexp_release (s_pkey);
len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len);
buf = xmalloc (len);
len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
if (!array) if (!array)
array = xmalloc (20); {
rc = seterr (General_Error);
gcry_md_hash_buffer (GCRY_MD_SHA1, array, buf, len); log_error ("can't calculate keygrip\n");
xfree (buf); return NULL;
}
if (DBG_X509) if (DBG_X509)
log_printhex ("keygrip=", array, 20); log_printhex ("keygrip=", array, 20);

4
sm/gpgsm.h
View File

@ -141,7 +141,7 @@ void gpgsm_dump_cert (const char *text, KsbaCert cert);
/*-- certcheck.c --*/ /*-- certcheck.c --*/
int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert); int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert);
int gpgsm_check_cms_signature (KsbaCert cert, const char *sigval, int gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
GCRY_MD_HD md, int hash_algo); GCRY_MD_HD md, int hash_algo);
/* fixme: move create functions to another file */ /* fixme: move create functions to another file */
int gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo, int gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
@ -180,7 +180,7 @@ int gpgsm_agent_pksign (const char *keygrip,
int digestalgo, int digestalgo,
char **r_buf, size_t *r_buflen); char **r_buf, size_t *r_buflen);
int gpgsm_agent_pkdecrypt (const char *keygrip, int gpgsm_agent_pkdecrypt (const char *keygrip,
const char *ciphertext, size_t ciphertextlen, KsbaConstSexp ciphertext,
char **r_buf, size_t *r_buflen); char **r_buf, size_t *r_buflen);

11
sm/keydb.c
View File

@ -834,14 +834,19 @@ keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
int int
keydb_search_issuer_sn (KEYDB_HANDLE hd, keydb_search_issuer_sn (KEYDB_HANDLE hd,
const char *issuer, const unsigned char *serial) const char *issuer, KsbaConstSexp serial)
{ {
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
int rc; int rc;
const unsigned char *s;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN; desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
desc.sn = serial; for (s=serial,desc.snlen = 0; digitp (s); s++)
desc.snlen = 10*desc.snlen + atoi_1 (s);
if (*s !=':')
return GNUPG_Invalid_Value;
desc.sn = s+1;
desc.u.name = issuer; desc.u.name = issuer;
rc = keydb_search (hd, &desc, 1); rc = keydb_search (hd, &desc, 1);
return rc; return rc;
@ -975,7 +980,7 @@ classify_user_id (const char *name,
return 0; /* invalid digit in serial number*/ return 0; /* invalid digit in serial number*/
} }
desc->sn = s; desc->sn = s;
desc->sn_is_string = 1; desc->snlen = -1;
if (!*si) if (!*si)
mode = KEYDB_SEARCH_MODE_SN; mode = KEYDB_SEARCH_MODE_SN;
else else

18
sm/keylist.c
View File

@ -116,7 +116,8 @@ static void
list_cert_colon (KsbaCert cert, FILE *fp) list_cert_colon (KsbaCert cert, FILE *fp)
{ {
int idx, trustletter = 0; int idx, trustletter = 0;
unsigned char *p; char *p;
KsbaSexp sexp;
fputs ("crt:", fp); fputs ("crt:", fp);
trustletter = 0; trustletter = 0;
@ -144,12 +145,17 @@ list_cert_colon (KsbaCert cert, FILE *fp)
print_time ( ksba_cert_get_validity (cert, 1), fp); print_time ( ksba_cert_get_validity (cert, 1), fp);
putc (':', fp); putc (':', fp);
putc (':', fp); putc (':', fp);
if ((p = ksba_cert_get_serial (cert))) if ((sexp = ksba_cert_get_serial (cert)))
{ {
int i, len = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; int len;
for (i=0; i < len; i++) const unsigned char *s = sexp;
fprintf (fp,"%02X", p[4+i]);
xfree (p); for (len=0; *s && *s != ':' && digitp (s); s++)
len = len*10 + atoi_1 (s);
if (*s == ':')
for (s++; len; len--, s++)
fprintf (fp,"%02X", *s);
xfree (sexp);
} }
putc (':', fp); putc (':', fp);
putc (':', fp); putc (':', fp);

21
sm/verify.c
View File

@ -85,7 +85,7 @@ store_cert (KsbaCert cert)
static void static void
print_integer (unsigned char *p) print_integer_sexp (unsigned char *p)
{ {
unsigned long len; unsigned long len;
@ -93,9 +93,16 @@ print_integer (unsigned char *p)
log_printf ("none"); log_printf ("none");
else else
{ {
len = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; len = gcry_sexp_canon_len (p, 0, NULL, NULL);
for (p+=4; len; len--, p++) if (!len)
log_printf ("%02X", *p); log_printf ("invalid encoding");
else
{
for (; len && *p != ':'; len--, p++)
;
for (p++; len; len--, p++)
log_printf ("%02X", *p);
}
} }
} }
@ -289,9 +296,9 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd)
for (signer=0; signer < 1; signer++) for (signer=0; signer < 1; signer++)
{ {
char *issuer = NULL; char *issuer = NULL;
char *sigval = NULL; KsbaSexp sigval = NULL;
time_t sigtime; time_t sigtime;
unsigned char *serial; KsbaSexp serial;
char *msgdigest = NULL; char *msgdigest = NULL;
size_t msgdigestlen; size_t msgdigestlen;
@ -300,7 +307,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd)
break; break;
log_debug ("signer %d - issuer: `%s'\n", signer, issuer? issuer:"[NONE]"); log_debug ("signer %d - issuer: `%s'\n", signer, issuer? issuer:"[NONE]");
log_debug ("signer %d - serial: ", signer); log_debug ("signer %d - serial: ", signer);
print_integer (serial); print_integer_sexp (serial);
log_printf ("\n"); log_printf ("\n");
err = ksba_cms_get_signing_time (cms, signer, &sigtime); err = ksba_cms_get_signing_time (cms, signer, &sigtime);