mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-23 15:07:03 +01:00
agent: Add debug output for failed RSA signature verification
* agent/pksign.c (agent_pksign_do): Support ECC and DSA verification and print some debug info in the error case. -- Note that the addition of do_encode_dsa has no immediate effect because we use the code only for RSA. However, for debugging it can be useful to change the code to check also other created signatures. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
935765b451
commit
6de1ec3ba5
@ -554,6 +554,8 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
|
|||||||
"(data (flags raw) (value %b))",
|
"(data (flags raw) (value %b))",
|
||||||
(int)datalen, data);
|
(int)datalen, data);
|
||||||
}
|
}
|
||||||
|
else if (algo == GCRY_PK_DSA || algo == GCRY_PK_ECC)
|
||||||
|
err = do_encode_dsa (data, datalen, algo, sexp_key, &s_hash);
|
||||||
else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
|
else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
|
||||||
err = do_encode_raw_pkcs1 (data, datalen,
|
err = do_encode_raw_pkcs1 (data, datalen,
|
||||||
gcry_pk_get_nbits (sexp_key), &s_hash);
|
gcry_pk_get_nbits (sexp_key), &s_hash);
|
||||||
@ -569,6 +571,12 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
|
|||||||
{
|
{
|
||||||
log_error (_("checking created signature failed: %s\n"),
|
log_error (_("checking created signature failed: %s\n"),
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
|
if (DBG_CRYPTO)
|
||||||
|
{
|
||||||
|
gcry_log_debugsxp ("verify s_hsh", s_hash);
|
||||||
|
gcry_log_debugsxp ("verify s_sig", s_sig);
|
||||||
|
gcry_log_debugsxp ("verify s_key", sexp_key);
|
||||||
|
}
|
||||||
gcry_sexp_release (s_sig);
|
gcry_sexp_release (s_sig);
|
||||||
s_sig = NULL;
|
s_sig = NULL;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user