mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
* keygen.c (gen_card_key): Add optional argument to return a pointer
(not a copy) of the stub secret key for the secret key we just generated on the card. (generate_card_subkeypair): Use it here so that the signing key on the card can use the card to generate the 0x19 backsig on the primary key. Noted by Janko Heilgeist and Jonas Oberg.
This commit is contained in:
parent
91dbfce3b7
commit
7211ee589a
@ -1,5 +1,12 @@
|
|||||||
2006-06-09 David Shaw <dshaw@jabberwocky.com>
|
2006-06-09 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keygen.c (gen_card_key): Add optional argument to return a
|
||||||
|
pointer (not a copy) of the stub secret key for the secret key we
|
||||||
|
just generated on the card.
|
||||||
|
(generate_card_subkeypair): Use it here so that the signing key on
|
||||||
|
the card can use the card to generate the 0x19 backsig on the
|
||||||
|
primary key. Noted by Janko Heilgeist and Jonas Oberg.
|
||||||
|
|
||||||
* parse-packet.c (parse_user_id): Cap the user ID size at 2048
|
* parse-packet.c (parse_user_id): Cap the user ID size at 2048
|
||||||
bytes. This prevents a memory allocation attack with a very large
|
bytes. This prevents a memory allocation attack with a very large
|
||||||
user ID. A very large packet length could even cause the
|
user ID. A very large packet length could even cause the
|
||||||
|
21
g10/keygen.c
21
g10/keygen.c
@ -122,6 +122,7 @@ static void do_generate_keypair( struct para_data_s *para,
|
|||||||
static int write_keyblock( IOBUF out, KBNODE node );
|
static int write_keyblock( IOBUF out, KBNODE node );
|
||||||
static int gen_card_key (int algo, int keyno, int is_primary,
|
static int gen_card_key (int algo, int keyno, int is_primary,
|
||||||
KBNODE pub_root, KBNODE sec_root,
|
KBNODE pub_root, KBNODE sec_root,
|
||||||
|
PKT_secret_key **ret_sk,
|
||||||
u32 expireval, struct para_data_s *para);
|
u32 expireval, struct para_data_s *para);
|
||||||
static int gen_card_key_with_backup (int algo, int keyno, int is_primary,
|
static int gen_card_key_with_backup (int algo, int keyno, int is_primary,
|
||||||
KBNODE pub_root, KBNODE sec_root,
|
KBNODE pub_root, KBNODE sec_root,
|
||||||
@ -937,7 +938,6 @@ write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk,
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* sub_sk is currently unused (reserved for backsigs) */
|
|
||||||
static int
|
static int
|
||||||
write_keybinding( KBNODE root, KBNODE pub_root,
|
write_keybinding( KBNODE root, KBNODE pub_root,
|
||||||
PKT_secret_key *pri_sk, PKT_secret_key *sub_sk,
|
PKT_secret_key *pri_sk, PKT_secret_key *sub_sk,
|
||||||
@ -2908,7 +2908,7 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root,
|
rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root, NULL,
|
||||||
get_parameter_u32 (para, pKEYEXPIRE), para);
|
get_parameter_u32 (para, pKEYEXPIRE), para);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
@ -2944,7 +2944,7 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
|
|
||||||
if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
|
if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
|
||||||
{
|
{
|
||||||
rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root,
|
rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL,
|
||||||
get_parameter_u32 (para, pKEYEXPIRE), para);
|
get_parameter_u32 (para, pKEYEXPIRE), para);
|
||||||
|
|
||||||
if (!rc)
|
if (!rc)
|
||||||
@ -2980,6 +2980,7 @@ do_generate_keypair( struct para_data_s *para,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
rc = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, sec_root,
|
rc = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, sec_root,
|
||||||
|
NULL,
|
||||||
get_parameter_u32 (para, pKEYEXPIRE), para);
|
get_parameter_u32 (para, pKEYEXPIRE), para);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3238,7 +3239,7 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
|
|||||||
{
|
{
|
||||||
int okay=0, rc=0;
|
int okay=0, rc=0;
|
||||||
KBNODE node;
|
KBNODE node;
|
||||||
PKT_secret_key *pri_sk = NULL;
|
PKT_secret_key *pri_sk = NULL, *sub_sk;
|
||||||
int algo;
|
int algo;
|
||||||
unsigned int use;
|
unsigned int use;
|
||||||
u32 expire;
|
u32 expire;
|
||||||
@ -3318,11 +3319,12 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
|
|||||||
|
|
||||||
if (passphrase)
|
if (passphrase)
|
||||||
set_next_passphrase (passphrase);
|
set_next_passphrase (passphrase);
|
||||||
rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock, expire, para);
|
rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock,
|
||||||
|
&sub_sk, expire, para);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, NULL, use);
|
rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk, use);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, NULL, use);
|
rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk, use);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
okay = 1;
|
okay = 1;
|
||||||
@ -3369,7 +3371,7 @@ write_keyblock( IOBUF out, KBNODE node )
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
gen_card_key (int algo, int keyno, int is_primary,
|
gen_card_key (int algo, int keyno, int is_primary,
|
||||||
KBNODE pub_root, KBNODE sec_root,
|
KBNODE pub_root, KBNODE sec_root, PKT_secret_key **ret_sk,
|
||||||
u32 expireval, struct para_data_s *para)
|
u32 expireval, struct para_data_s *para)
|
||||||
{
|
{
|
||||||
#ifdef ENABLE_CARD_SUPPORT
|
#ifdef ENABLE_CARD_SUPPORT
|
||||||
@ -3430,6 +3432,9 @@ gen_card_key (int algo, int keyno, int is_primary,
|
|||||||
sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
|
sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ret_sk )
|
||||||
|
*ret_sk = sk;
|
||||||
|
|
||||||
pkt = xcalloc (1,sizeof *pkt);
|
pkt = xcalloc (1,sizeof *pkt);
|
||||||
pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
|
pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
|
||||||
pkt->pkt.public_key = pk;
|
pkt->pkt.public_key = pk;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user