security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

scd: Pass ctrl parameter to more app functions. 

* scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function
pointers for readkey, setattr, sign, auth, decipher, and check_pin.
--

This is a yet another patch to allow for easier backporting.
This commit is contained in:
Werner Koch 2021-02-19 09:50:22 +01:00
parent f8588369bc
commit 669786cf64
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 63 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
scd/app-common.h
View File

@ -120,25 +120,26 @@ struct app_ctx_s {
gpg_error_t (*learn_status) (app_t app, ctrl_t ctrl, unsigned int flags);
gpg_error_t (*readcert) (app_t app, const char *certid,
unsigned char **cert, size_t *certlen);
gpg_error_t (*readkey) (app_t app, int advanced, const char *certid,
unsigned char **pk, size_t *pklen);
gpg_error_t (*readkey) (app_t app, ctrl_t ctrl,
int advanced, const char *certid,
unsigned char **pk, size_t *pklen);
gpg_error_t (*getattr) (app_t app, ctrl_t ctrl, const char *name);
gpg_error_t (*setattr) (app_t app, const char *name,
gpg_error_t (*setattr) (app_t app, ctrl_t ctrl, const char *name,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const unsigned char *value, size_t valuelen);
gpg_error_t (*sign) (app_t app,
gpg_error_t (*sign) (app_t app, ctrl_t ctrl,
const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen );
gpg_error_t (*auth) (app_t app, const char *keyidstr,
gpg_error_t (*auth) (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen);
gpg_error_t (*decipher) (app_t app, const char *keyidstr,
gpg_error_t (*decipher) (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -163,7 +164,7 @@ struct app_ctx_s {
const char *chvnostr, unsigned int flags,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);
gpg_error_t (*check_pin) (app_t app, const char *keyidstr,
gpg_error_t (*check_pin) (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg);

4
scd/app-dinsig.c
View File

@ -386,7 +386,7 @@ verify_pin (app_t app,
that callback should return the PIN in an allocated buffer and
store that in the 3rd argument. */
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -408,6 +408,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
+ the largest OID _prefix above. */
int datalen;
(void)ctrl;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
if (indatalen != 20 && indatalen != 16 && indatalen != 32

18
scd/app-nks.c
View File

@ -608,7 +608,7 @@ do_readcert (app_t app, const char *certid,
certificate parsing code in commands.c:cmd_readkey. For internal
use PK and PKLEN may be NULL to just check for an existing key. */
static gpg_error_t
do_readkey (app_t app, int advanced, const char *keyid,
do_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid,
unsigned char **pk, size_t *pklen)
{
gpg_error_t err;
@ -616,6 +616,8 @@ do_readkey (app_t app, int advanced, const char *keyid,
size_t buflen[2];
unsigned short path[1] = { 0x4500 };
(void)ctrl;
if (advanced)
return GPG_ERR_NOT_SUPPORTED;
@ -683,7 +685,6 @@ do_writekey (app_t app, ctrl_t ctrl,
size_t rsa_n_len, rsa_e_len;
unsigned int nbits;
(void)ctrl;
(void)pincb;
(void)pincb_arg;
@ -692,7 +693,7 @@ do_writekey (app_t app, ctrl_t ctrl,
else
return gpg_error (GPG_ERR_INV_ID);
if (!force && !do_readkey (app, 0, keyid, NULL, NULL))
if (!force && !do_readkey (app, ctrl, 0, keyid, NULL, NULL))
return gpg_error (GPG_ERR_EEXIST);
/* Parse the S-expression. */
@ -841,7 +842,7 @@ verify_pin (app_t app, int pwid, const char *desc,
that callback should return the PIN in an allocated buffer and
store that in the 3rd argument. */
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -861,6 +862,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
+ the largest OID prefix. */
size_t datalen;
(void)ctrl;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
switch (indatalen)
@ -976,7 +979,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
If a PIN is required the PINCB will be used to ask for the PIN; it
should return the PIN in an allocated buffer and put it into PIN. */
static gpg_error_t
do_decipher (app_t app, const char *keyidstr,
do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -988,6 +991,7 @@ do_decipher (app_t app, const char *keyidstr,
int fid;
int kid;
(void)ctrl;
(void)r_info;
if (!keyidstr || !*keyidstr || !indatalen)
@ -1263,7 +1267,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
/* Perform a simple verify operation. KEYIDSTR should be NULL or empty. */
static gpg_error_t
do_check_pin (app_t app, const char *pwidstr,
do_check_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
@ -1272,6 +1276,8 @@ do_check_pin (app_t app, const char *pwidstr,
int is_sigg;
const char *desc;
(void)ctrl;
desc = parse_pwidstr (pwidstr, 0, &is_sigg, &pwid);
if (!desc)
return gpg_error (GPG_ERR_INV_ID);

31
scd/app-openpgp.c
View File

@ -247,7 +247,7 @@ struct app_local_s {
static unsigned long convert_sig_counter_value (const unsigned char *value,
size_t valuelen);
static unsigned long get_sig_counter (app_t app);
static gpg_error_t do_auth (app_t app, const char *keyidstr,
static gpg_error_t do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -1977,13 +1977,15 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
buffer. On error PK and PKLEN are not changed and an error code is
returned. */
static gpg_error_t
do_readkey (app_t app, int advanced, const char *keyid,
do_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid,
unsigned char **pk, size_t *pklen)
{
gpg_error_t err;
int keyno;
unsigned char *buf;
(void)ctrl;
if (!strcmp (keyid, "OPENPGP.1"))
keyno = 0;
else if (!strcmp (keyid, "OPENPGP.2"))
@ -2557,7 +2559,7 @@ verify_chv3 (app_t app,
/* Handle the SETATTR operation. All arguments are already basically
checked. */
static gpg_error_t
do_setattr (app_t app, const char *name,
do_setattr (app_t app, ctrl_t ctrl, const char *name,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const unsigned char *value, size_t valuelen)
@ -2595,6 +2597,8 @@ do_setattr (app_t app, const char *name,
};
int exmode;
(void)ctrl;
for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
;
if (!table[idx].name)
@ -2667,8 +2671,6 @@ do_writecert (app_t app, ctrl_t ctrl,
void *pincb_arg,
const unsigned char *certdata, size_t certdatalen)
{
(void)ctrl;
if (strcmp (certidstr, "OPENPGP.3"))
return gpg_error (GPG_ERR_INV_ID);
if (!certdata || !certdatalen)
@ -2677,7 +2679,8 @@ do_writecert (app_t app, ctrl_t ctrl,
return gpg_error (GPG_ERR_NOT_SUPPORTED);
if (certdatalen > app->app_local->extcap.max_certlen_3)
return gpg_error (GPG_ERR_TOO_LARGE);
return do_setattr (app, "CERT-3", pincb, pincb_arg, certdata, certdatalen);
return do_setattr (app, ctrl, "CERT-3", pincb, pincb_arg,
certdata, certdatalen);
}
@ -4488,7 +4491,7 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth)
operation to the auth command.
*/
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -4602,7 +4605,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
/* Redirect to the AUTH command if asked to. */
if (use_auth)
{
return do_auth (app, "OPENPGP.3", pincb, pincb_arg,
return do_auth (app, ctrl, "OPENPGP.3", pincb, pincb_arg,
data, datalen,
outdata, outdatalen);
}
@ -4677,7 +4680,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
not match the one required for the requested action (e.g. the
serial number does not match). */
static gpg_error_t
do_auth (app_t app, const char *keyidstr,
do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -4685,6 +4688,8 @@ do_auth (app_t app, const char *keyidstr,
{
int rc;
(void)ctrl;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA
@ -4744,7 +4749,7 @@ do_auth (app_t app, const char *keyidstr,
static gpg_error_t
do_decipher (app_t app, const char *keyidstr,
do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -4758,6 +4763,8 @@ do_decipher (app_t app, const char *keyidstr,
int padind = 0;
int fixuplen = 0;
(void)ctrl;
if (!keyidstr || !*keyidstr || !indatalen)
return gpg_error (GPG_ERR_INV_VALUE);
@ -4980,13 +4987,15 @@ do_decipher (app_t app, const char *keyidstr,
the "[CHV3]" being a literal string: The Admin Pin is checked if
and only if the retry counter is still at 3. */
static gpg_error_t
do_check_pin (app_t app, const char *keyidstr,
do_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
{
int rc;
int admin_pin = 0;
(void)ctrl;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);

10
scd/app-p15.c
View File

@ -3622,7 +3622,7 @@ verify_pin (app_t app,
that callback should return the PIN in an allocated buffer and
store that as the 3rd argument. */
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -3651,6 +3651,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
unsigned char *dataptr;
int exmode, le_value;
(void)ctrl;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
@ -3872,7 +3873,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
must match the criteria used for the attribute $AUTHKEYID. See
do_sign for calling conventions; there is no HASHALGO, though. */
static gpg_error_t
do_auth (app_t app, const char *keyidstr,
do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -3895,7 +3896,7 @@ do_auth (app_t app, const char *keyidstr,
}
algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
return do_sign (app, keyidstr, algo, pincb, pincb_arg,
return do_sign (app, ctrl, keyidstr, algo, pincb, pincb_arg,
indata, indatalen, outdata, outdatalen);
}
@ -3905,7 +3906,7 @@ do_auth (app_t app, const char *keyidstr,
* PINCB will be used to ask for the PIN; it should return the PIN in
* an allocated buffer and put it into PIN. */
static gpg_error_t
do_decipher (app_t app, const char *keyidstr,
do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -3917,6 +3918,7 @@ do_decipher (app_t app, const char *keyidstr,
aodf_object_t aodf; /* The associated authentication object. */
int exmode, le_value, padind;
(void)ctrl;
(void)r_info;
if (!keyidstr || !*keyidstr)

12
scd/app-sc-hsm.c
View File

@ -1769,7 +1769,7 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
the ECDSA signature in X9.62 format (SEQ/INT(r)/INT(s))
*/
static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -1806,6 +1806,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
unsigned char algoid;
int sw;
(void)ctrl;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
@ -1896,7 +1898,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
must match the criteria used for the attribute $AUTHKEYID. See
do_sign for calling conventions; there is no HASHALGO, though. */
static gpg_error_t
do_auth (app_t app, const char *keyidstr,
do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -1919,7 +1921,7 @@ do_auth (app_t app, const char *keyidstr,
}
algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
return do_sign (app, keyidstr, algo, pincb, pincb_arg,
return do_sign (app, ctrl, keyidstr, algo, pincb, pincb_arg,
indata, indatalen, outdata, outdatalen);
}
@ -1968,7 +1970,7 @@ strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst,
/* Decrypt a PKCS#1 V1.5 formatted cryptogram using the referenced
key. */
static gpg_error_t
do_decipher (app_t app, const char *keyidstr,
do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *indata, size_t indatalen,
@ -1983,6 +1985,8 @@ do_decipher (app_t app, const char *keyidstr,
size_t p1blklen;
int sw;
(void)ctrl;
if (!keyidstr || !*keyidstr || !indatalen)
return gpg_error (GPG_ERR_INV_VALUE);

12
scd/app.c
View File

@ -865,7 +865,7 @@ app_readkey (app_t app, ctrl_t ctrl, int advanced, const char *keyid,
err = lock_app (app, ctrl);
if (err)
return err;
err= app->fnc.readkey (app, advanced, keyid, pk, pklen);
err= app->fnc.readkey (app, ctrl, advanced, keyid, pk, pklen);
unlock_app (app);
return err;
}
@ -928,7 +928,7 @@ app_setattr (app_t app, ctrl_t ctrl, const char *name,
err = lock_app (app, ctrl);
if (err)
return err;
err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
err = app->fnc.setattr (app, ctrl, name, pincb, pincb_arg, value, valuelen);
unlock_app (app);
return err;
}
@ -954,7 +954,7 @@ app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
err = lock_app (app, ctrl);
if (err)
return err;
err = app->fnc.sign (app, keyidstr, hashalgo,
err = app->fnc.sign (app, ctrl, keyidstr, hashalgo,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
@ -986,7 +986,7 @@ app_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
err = lock_app (app, ctrl);
if (err)
return err;
err = app->fnc.auth (app, keyidstr,
err = app->fnc.auth (app, ctrl, keyidstr,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen);
@ -1021,7 +1021,7 @@ app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
err = lock_app (app, ctrl);
if (err)
return err;
err = app->fnc.decipher (app, keyidstr,
err = app->fnc.decipher (app, ctrl, keyidstr,
pincb, pincb_arg,
indata, indatalen,
outdata, outdatalen,
@ -1183,7 +1183,7 @@ app_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr,
err = lock_app (app, ctrl);
if (err)
return err;
err = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg);
err = app->fnc.check_pin (app, ctrl, keyidstr, pincb, pincb_arg);
unlock_app (app);
if (opt.verbose)
log_info ("operation check_pin result: %s\n", gpg_strerror (err));