security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

Add key->flags member.

Browse Source 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-03-03 14:02:04 +09:00
parent 20ba5794bf
commit 601e1e28df
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
1 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
tkd/pkcs11.c
View File

@ -50,18 +50,24 @@ enum key_type {
KEY_EDDSA, KEY_EDDSA,
}; };
#define KEY_FLAGS_VALID (1 << 0)
#define KEY_FLAGS_NO_PUBKEY (1 << 1)
#define KEY_FLAGS_USAGE_SIGN (1 << 2)
#define KEY_FLAGS_USAGE_DECRYPT (1 << 3)
struct key { struct key {
struct token *token; /* Back pointer. */ struct token *token; /* Back pointer. */
int valid; unsigned long flags;
ck_object_handle_t p11_keyid;
char keygrip[2*KEYGRIP_LEN+1];
int key_type; int key_type;
char keygrip[2*KEYGRIP_LEN+1];
gcry_sexp_t pubkey;
/* PKCS#11 interface */
unsigned char label[256]; unsigned char label[256];
unsigned long label_len; unsigned long label_len;
unsigned char id[256]; unsigned char id[256];
unsigned long id_len; unsigned long id_len;
gcry_sexp_t pubkey; ck_object_handle_t p11_keyid;
ck_mechanism_type_t mechanism; /* for PKCS#11 interface */ ck_mechanism_type_t mechanism;
}; };
struct token { struct token {
@ -317,10 +323,10 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
unsigned char ecpoint[256]; unsigned char ecpoint[256];
struct ck_attribute templ[3]; struct ck_attribute templ[3];
unsigned long mechanisms[3]; unsigned long mechanisms[3];
unsigned char supported;
if (keytype == CKK_RSA) if (keytype == CKK_RSA)
{ {
k->valid = 1;
if (update_keyid) if (update_keyid)
k->p11_keyid = obj; k->p11_keyid = obj;
k->key_type = KEY_RSA; k->key_type = KEY_RSA;
@ -336,10 +342,12 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
err = ck->f->C_GetAttributeValue (token->session, obj, templ, 2); err = ck->f->C_GetAttributeValue (token->session, obj, templ, 2);
if (err) if (err)
{ {
k->valid = -1; k->flags |= KEY_FLAGS_NO_PUBKEY;
return 1; return 1;
} }
k->flags |= KEY_FLAGS_VALID;
k->flags &= ~KEY_FLAGS_NO_PUBKEY;
if ((modulus[0] & 0x80)) if ((modulus[0] & 0x80))
{ {
memmove (modulus+1, modulus, templ[1].ulValueLen); memmove (modulus+1, modulus, templ[1].ulValueLen);
@ -363,7 +371,6 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
char *curve_oid = NULL; char *curve_oid = NULL;
const char *curve; const char *curve;
k->valid = 1;
if (update_keyid) if (update_keyid)
k->p11_keyid = obj; k->p11_keyid = obj;
k->key_type = KEY_EC; k->key_type = KEY_EC;
@ -379,10 +386,12 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
err = ck->f->C_GetAttributeValue (token->session, obj, templ, 2); err = ck->f->C_GetAttributeValue (token->session, obj, templ, 2);
if (err) if (err)
{ {
k->valid = -1; k->flags |= KEY_FLAGS_NO_PUBKEY;
return 1; return 1;
} }
k->flags |= KEY_FLAGS_VALID;
k->flags &= ~KEY_FLAGS_NO_PUBKEY;
/* Found an ECC key. */ /* Found an ECC key. */
log_debug ("ECC: %ld %ld\n", log_debug ("ECC: %ld %ld\n",
templ[0].ulValueLen, templ[0].ulValueLen,
@ -423,6 +432,26 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
} }
} }
templ[0].type = CKA_SIGN;
templ[0].pValue = (void *)&supported;
templ[0].ulValueLen = sizeof (supported);
err = ck->f->C_GetAttributeValue (token->session, obj, templ, 1);
if (!err && supported)
{
k->flags |= KEY_FLAGS_USAGE_SIGN;
}
templ[0].type = CKA_DECRYPT;
templ[0].pValue = (void *)&supported;
templ[0].ulValueLen = sizeof (supported);
err = ck->f->C_GetAttributeValue (token->session, obj, templ, 1);
if (!err && supported)
{
k->flags |= KEY_FLAGS_USAGE_DECRYPT;
}
return 0; return 0;
} }
@ -456,7 +485,7 @@ detect_private_keys (struct token *token)
struct key *k = &token->key_list[cnt]; /* Allocate a key. */ struct key *k = &token->key_list[cnt]; /* Allocate a key. */
k->token = token; k->token = token;
k->valid = 0; k->flags = 0;
/* Portable way to get objects... is get it one by one. */ /* Portable way to get objects... is get it one by one. */
err = ck->f->C_FindObjects (token->session, &obj, 1, &any); err = ck->f->C_FindObjects (token->session, &obj, 1, &any);
@ -565,7 +594,7 @@ check_public_keys (struct token *token)
{ {
k = &token->key_list[i]; k = &token->key_list[i];
if (k->valid == -1 if ((k->flags & KEY_FLAGS_NO_PUBKEY)
&& k->label_len == templ[0].ulValueLen && k->label_len == templ[0].ulValueLen
&& memcmp (label, k->label, k->label_len) == 0 && memcmp (label, k->label, k->label_len) == 0
&& ((keytype == CKK_RSA && k->key_type == KEY_RSA) && ((keytype == CKK_RSA && k->key_type == KEY_RSA)
@ -685,8 +714,8 @@ learn_keys (struct token *token)
{ {
struct key *k = &token->key_list[i]; struct key *k = &token->key_list[i];
if (k->valid == -1) if ((k->flags & KEY_FLAGS_NO_PUBKEY))
k->valid = 0; k->flags &= ~KEY_FLAGS_NO_PUBKEY;
} }
#if 0 #if 0
@ -714,7 +743,7 @@ find_key (struct cryptoki *ck, const char *keygrip, struct key **r_key)
{ {
struct key *k = &token->key_list[j]; struct key *k = &token->key_list[j];
if (k->valid != 1) if ((k->flags & KEY_FLAGS_VALID) == 0)
continue; continue;
if (memcmp (k->keygrip, keygrip, 40) == 0) if (memcmp (k->keygrip, keygrip, 40) == 0)