security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-02 16:43:03 +01:00
Code Activity

* cardglue.c (pin_cb): Detect whether an admin or regular PIN is

Browse Source 
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.

* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.

* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
This commit is contained in:
Werner Koch 2003-10-08 15:21:20 +00:00
parent fcbd46e070
commit 72c648c035
11 changed files with 550 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
g10/ChangeLog
View File

@ -1,3 +1,23 @@
2003-10-08 Werner Koch <wk@gnupg.org>
* cardglue.c (pin_cb): Detect whether an admin or regular PIN is
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.
* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.
* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
2003-10-02 Werner Koch <wk@gnupg.org> 2003-10-02 Werner Koch <wk@gnupg.org>
* cardglue.c (learn_status_cb): Release values before assignment * cardglue.c (learn_status_cb): Release values before assignment

20
g10/Makefile.am
View File

@ -142,12 +142,16 @@ install-data-local:
# Helper to update some source files. # Helper to update some source files.
update-source-from-gnupg-2: update-source-from-gnupg-2:
test -d ../../gnupg-1.9/scd @set -e; \
@for i in $(card_support_source_scd); do \ if test -d ../../gnupg-1.9/scd; then dir="../../gnupg-1.9"; \
cp ../../gnupg-1.9/scd/$$i $$i; echo $$i; \ elif test -d ../../gnupg/scd; then dir="../../gnupg"; \
done else exit 1; \
@for i in $(card_support_source_g10); do \ fi; \
cp ../../gnupg-1.9/g10/$$i $$i; echo $$i; \ for i in $(card_support_source_scd); do \
done cp $$dir/scd/$$i $$i; echo $$i; \
@echo "Please remember to update the ChangeLog accordingly!" done ;\
for i in $(card_support_source_g10); do \
cp $$dir/g10/$$i $$i; echo $$i; \
done ; \
echo "Please remember to update the ChangeLog accordingly!"

25
g10/app-openpgp.c
View File

@ -425,6 +425,8 @@ do_getattr (APP app, CTRL ctrl, const char *name)
{ "CA-FPR", 0x00C6, 3 }, { "CA-FPR", 0x00C6, 3 },
{ "CHV-STATUS", 0x00C4, 1 }, { "CHV-STATUS", 0x00C4, 1 },
{ "SIG-COUNTER", 0x0093, 2 }, { "SIG-COUNTER", 0x0093, 2 },
{ "SERIALNO", 0x004F, -1 },
{ "AID", 0x004F },
{ NULL, 0 } { NULL, 0 }
}; };
int idx, i; int idx, i;
@ -437,6 +439,29 @@ do_getattr (APP app, CTRL ctrl, const char *name)
if (!table[idx].name) if (!table[idx].name)
return gpg_error (GPG_ERR_INV_NAME); return gpg_error (GPG_ERR_INV_NAME);
if (table[idx].special == -1)
{
/* The serial number is very special. We could have used the
AID DO to retrieve it, but we have it already in the app
context and the stanmp argument is required anyway which we
can't by other means. The AID DO is available anyway but not
hex formatted. */
char *serial;
time_t stamp;
char tmp[50];
if (!app_get_serial_and_stamp (app, &serial, &stamp))
{
sprintf (tmp, "%lu", (unsigned long)stamp);
send_status_info (ctrl, "SERIALNO",
serial, strlen (serial),
tmp, strlen (tmp),
NULL, 0);
xfree (serial);
}
return 0;
}
relptr = get_one_do (app->slot, table[idx].tag, &value, &valuelen); relptr = get_one_do (app->slot, table[idx].tag, &value, &valuelen);
if (relptr) if (relptr)
{ {

88
g10/card-util.c
View File

@ -241,6 +241,17 @@ print_isoname (FILE *fp, const char *text, const char *tag, const char *name)
tty_fprintf (fp, "\n"); tty_fprintf (fp, "\n");
} }
/* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
static int
fpr_is_zero (const char *fpr)
{
int i;
for (i=0; i < 20 && !fpr[i]; i++)
;
return (i == 20);
}
/* Print all available information about the current card. */ /* Print all available information about the current card. */
void void
@ -569,6 +580,76 @@ toggle_forcesig (void)
} }
static void
generate_card_keys (void)
{
struct agent_card_info_s info;
int rc;
int forced_chv1;
memset (&info, 0, sizeof info);
rc = agent_scd_getattr ("KEY-FPR", &info);
if (!rc)
rc = agent_scd_getattr ("SERIALNO", &info);
if (!rc)
rc = agent_scd_getattr ("CHV-STATUS", &info);
if (!rc)
rc = agent_scd_getattr ("DISP-NAME", &info);
if (rc)
{
log_error ("error getting current key info: %s\n", gpg_strerror (rc));
return;
}
if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
|| (info.fpr2valid && !fpr_is_zero (info.fpr2))
|| (info.fpr3valid && !fpr_is_zero (info.fpr3)))
{
tty_printf ("\n");
log_info ("NOTE: keys are already stored on the card!\n");
tty_printf ("\n");
if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
_("Replace existing keys? ")))
{
agent_release_card_info (&info);
return;
}
}
else if (!info.disp_name || !*info.disp_name)
{
tty_printf ("\n");
tty_printf (_("Please note that the factory settings of the PINs are\n"
" PIN = \"%s\" Admin PIN = \"%s\"\n"
"You should change them using the command --change-pin\n"),
"123456", "12345678");
tty_printf ("\n");
}
forced_chv1 = !info.chv1_cached;
if (forced_chv1)
{ /* Switch of the forced mode so that during key generation we
don't get bothered with PIN queries for each
self-signature. */
rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1);
if (rc)
{
log_error ("error clearing forced signature PIN flag: %s\n",
gpg_strerror (rc));
return;
}
}
generate_keypair (NULL, info.serialno);
agent_release_card_info (&info);
if (forced_chv1)
{ /* Switch back to forced state. */
rc = agent_scd_setattr ("CHV-STATUS-1", "", 1);
if (rc)
{
log_error ("error setting forced signature PIN flag: %s\n",
gpg_strerror (rc));
return;
}
}
}
/* Menu to edit all user changeable values on an OpenPGP card. Only /* Menu to edit all user changeable values on an OpenPGP card. Only
Key creation is not handled here. */ Key creation is not handled here. */
@ -579,7 +660,7 @@ card_edit (STRLIST commands)
cmdNOP = 0, cmdNOP = 0,
cmdQUIT, cmdHELP, cmdLIST, cmdDEBUG, cmdQUIT, cmdHELP, cmdLIST, cmdDEBUG,
cmdNAME, cmdURL, cmdLOGIN, cmdLANG, cmdSEX, cmdNAME, cmdURL, cmdLOGIN, cmdLANG, cmdSEX,
cmdFORCESIG, cmdFORCESIG, cmdGENERATE,
cmdINVCMD cmdINVCMD
}; };
@ -601,6 +682,7 @@ card_edit (STRLIST commands)
{ N_("lang") , cmdLANG , N_("change the language preferences") }, { N_("lang") , cmdLANG , N_("change the language preferences") },
{ N_("sex") , cmdSEX , N_("change card holder's sex") }, { N_("sex") , cmdSEX , N_("change card holder's sex") },
{ N_("forcesig"), cmdFORCESIG, N_("toggle the signature force PIN flag") }, { N_("forcesig"), cmdFORCESIG, N_("toggle the signature force PIN flag") },
{ N_("generate"), cmdGENERATE, N_("generate new keys") },
{ NULL, cmdINVCMD } { NULL, cmdINVCMD }
}; };
@ -725,6 +807,10 @@ card_edit (STRLIST commands)
toggle_forcesig (); toggle_forcesig ();
break; break;
case cmdGENERATE:
generate_card_keys ();
break;
case cmdQUIT: case cmdQUIT:
goto leave; goto leave;

83
g10/cardglue.c
View File

@ -184,6 +184,13 @@ app_set_default_reader_port (const char *portstr)
} }
void
card_set_reader_port (const char *portstr)
{
app_set_default_reader_port (portstr);
}
/* Retrieve the serial number and the time of the last update of the /* Retrieve the serial number and the time of the last update of the
card. The serial number is returned as a malloced string (hex card. The serial number is returned as a malloced string (hex
encoded) in SERIAL and the time of update is returned in STAMP. If encoded) in SERIAL and the time of update is returned in STAMP. If
@ -493,7 +500,10 @@ pin_cb (void *opaque, const char *info, char **retstr)
*retstr = NULL; *retstr = NULL;
log_debug ("asking for PIN '%s'\n", info); log_debug ("asking for PIN '%s'\n", info);
value = ask_passphrase (info, "Enter PIN: ", &canceled); value = ask_passphrase (info,
info && strstr (info, "dmin")?
_("Enter Admin PIN: ") : _("Enter PIN: "),
&canceled);
if (!value && canceled) if (!value && canceled)
return -1; return -1;
else if (!value) else if (!value)
@ -519,19 +529,86 @@ agent_scd_setattr (const char *name,
return app->fnc.setattr (app, name, pin_cb, NULL, value, valuelen); return app->fnc.setattr (app, name, pin_cb, NULL, value, valuelen);
} }
static int
genkey_status_cb (void *opaque, const char *line)
{
struct agent_card_genkey_s *parm = opaque;
const char *keyword = line;
int keywordlen;
log_debug ("got status line `%s'\n", line);
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
while (spacep (line))
line++;
if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
{
parm->fprvalid = unhexify_fpr (line, parm->fpr);
}
if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen))
{
MPI a;
const char *name = line;
char *buf;
while (!spacep (line))
line++;
while (spacep (line))
line++;
buf = xmalloc ( 2 + strlen (line) + 1);
strcpy (stpcpy (buf, "0x"), line);
a = mpi_alloc (300);
if( mpi_fromstr (a, buf) )
log_error ("error parsing received key data\n");
else if (*name == 'n' && spacep (name+1))
parm->n = a;
else if (*name == 'e' && spacep (name+1))
parm->e = a;
else
{
log_info ("unknown parameter name in received key data\n");
mpi_free (a);
}
xfree (buf);
}
else if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
{
parm->created_at = (u32)strtoul (line, NULL, 10);
}
return 0;
}
/* Send a GENKEY command to the SCdaemon. */ /* Send a GENKEY command to the SCdaemon. */
int int
agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force) agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force)
{ {
APP app;
char keynostr[20];
struct ctrl_ctx_s ctrl;
return gpg_error (GPG_ERR_CARD); app = current_app? current_app : open_card ();
if (!app)
return gpg_error (GPG_ERR_CARD);
memset (info, 0, sizeof *info);
sprintf (keynostr, "%d", keyno);
ctrl.status_cb = genkey_status_cb;
ctrl.status_cb_arg = info;
return app->fnc.genkey (app, &ctrl, keynostr,
force? 1:0,
pin_cb, NULL);
} }
/* Send a PKSIGN command to the SCdaemon. */ /* Send a PKSIGN command to the SCdaemon. */
int int
agent_scd_pksign (const char *serialno, int hashalgo, agent_scd_pksign (const char *serialno, int hashalgo,
const unsigned char *indata, size_t indatalen, const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen) unsigned char **r_buf, size_t *r_buflen)
{ {
APP app; APP app;

5
g10/cardglue.h
View File

@ -67,6 +67,7 @@ typedef struct app_ctx_s *APP;
typedef struct ctrl_ctx_s *CTRL; typedef struct ctrl_ctx_s *CTRL;
#define GPG_ERR_GENERAL G10ERR_GENERAL
#define GPG_ERR_BAD_PIN G10ERR_BAD_PASS #define GPG_ERR_BAD_PIN G10ERR_BAD_PASS
#define GPG_ERR_CARD G10ERR_GENERAL #define GPG_ERR_CARD G10ERR_GENERAL
#define GPG_ERR_EEXIST G10ERR_FILE_EXISTS #define GPG_ERR_EEXIST G10ERR_FILE_EXISTS
@ -107,6 +108,8 @@ typedef int gpg_err_code_t;
#define gnupg_get_time() make_timestamp () #define gnupg_get_time() make_timestamp ()
void card_set_reader_port (const char *portstr);
char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen, char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
PKT_secret_key *sk); PKT_secret_key *sk);
void send_status_info (CTRL ctrl, const char *keyword, ...); void send_status_info (CTRL ctrl, const char *keyword, ...);
@ -143,7 +146,7 @@ int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force);
/* Send a PKSIGN command to the SCdaemon. */ /* Send a PKSIGN command to the SCdaemon. */
int agent_scd_pksign (const char *keyid, int hashalgo, int agent_scd_pksign (const char *keyid, int hashalgo,
const unsigned char *indata, size_t indatalen, const unsigned char *indata, size_t indatalen,
char **r_buf, size_t *r_buflen); unsigned char **r_buf, size_t *r_buflen);
/* Send a PKDECRYPT command to the SCdaemon. */ /* Send a PKDECRYPT command to the SCdaemon. */
int agent_scd_pkdecrypt (const char *serialno, int agent_scd_pkdecrypt (const char *serialno,

7
g10/g10.c
View File

@ -51,6 +51,7 @@
#include "g10defs.h" #include "g10defs.h"
#include "keyserver-internal.h" #include "keyserver-internal.h"
#include "exec.h" #include "exec.h"
#include "cardglue.h"
enum cmd_and_opt_values enum cmd_and_opt_values
{ {
@ -1425,7 +1426,7 @@ main( int argc, char **argv )
case aCardEdit: set_cmd (&cmd, aCardEdit); break; case aCardEdit: set_cmd (&cmd, aCardEdit); break;
case aChangePIN: set_cmd (&cmd, aChangePIN); break; case aChangePIN: set_cmd (&cmd, aChangePIN); break;
case oReaderPort: case oReaderPort:
app_set_default_reader_port (pargs.r.ret_str); card_set_reader_port (pargs.r.ret_str);
break; break;
case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break; case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break;
case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break; case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break;
@ -2603,12 +2604,12 @@ main( int argc, char **argv )
if( opt.batch ) { if( opt.batch ) {
if( argc > 1 ) if( argc > 1 )
wrong_args("--gen-key [parameterfile]"); wrong_args("--gen-key [parameterfile]");
generate_keypair( argc? *argv : NULL ); generate_keypair( argc? *argv : NULL, NULL );
} }
else { else {
if( argc ) if( argc )
wrong_args("--gen-key"); wrong_args("--gen-key");
generate_keypair(NULL); generate_keypair(NULL, NULL);
} }
break; break;

6
g10/gpgv.c
View File

@ -385,9 +385,9 @@ void rndlinux_constructor(void) {}
/* Stubs to avoid linking to ../util/ttyio.c */ /* Stubs to avoid linking to ../util/ttyio.c */
int tty_batchmode( int onoff ) { return 0; } int tty_batchmode( int onoff ) { return 0; }
void tty_printf( const char *fmt, ... ) { } void tty_printf( const char *fmt, ... ) { }
void tty_print_string( byte *p, size_t n ) { } void tty_print_string( const byte *p, size_t n ) { }
void tty_print_utf8_string( byte *p, size_t n ) {} void tty_print_utf8_string( const byte *p, size_t n ) {}
void tty_print_utf8_string2( byte *p, size_t n, size_t max_n ) {} void tty_print_utf8_string2( const byte *p, size_t n, size_t max_n ) {}
char *tty_get( const char *prompt ) { return NULL;} char *tty_get( const char *prompt ) { return NULL;}
char *tty_get_hidden( const char *prompt ) {return NULL; } char *tty_get_hidden( const char *prompt ) {return NULL; }
void tty_kill_prompt(void) {} void tty_kill_prompt(void) {}

430
g10/keygen.c
View File

@ -36,6 +36,7 @@
#include "trustdb.h" #include "trustdb.h"
#include "status.h" #include "status.h"
#include "i18n.h" #include "i18n.h"
#include "cardglue.h"
#define MAX_PREFS 30 #define MAX_PREFS 30
@ -46,6 +47,7 @@ enum para_name {
pSUBKEYTYPE, pSUBKEYTYPE,
pSUBKEYLENGTH, pSUBKEYLENGTH,
pSUBKEYUSAGE, pSUBKEYUSAGE,
pAUTHKEYTYPE,
pNAMEREAL, pNAMEREAL,
pNAMEEMAIL, pNAMEEMAIL,
pNAMECOMMENT, pNAMECOMMENT,
@ -57,7 +59,8 @@ enum para_name {
pSUBKEYEXPIRE, /* in n seconds */ pSUBKEYEXPIRE, /* in n seconds */
pPASSPHRASE, pPASSPHRASE,
pPASSPHRASE_DEK, pPASSPHRASE_DEK,
pPASSPHRASE_S2K pPASSPHRASE_S2K,
pSERIALNO
}; };
struct para_data_s { struct para_data_s {
@ -109,9 +112,12 @@ static int nzip_prefs;
static int mdc_available,ks_modify; static int mdc_available,ks_modify;
static void do_generate_keypair( struct para_data_s *para, static void do_generate_keypair( struct para_data_s *para,
struct output_control_s *outctrl ); struct output_control_s *outctrl, int card );
static int write_keyblock( IOBUF out, KBNODE node ); static int write_keyblock( IOBUF out, KBNODE node );
#ifdef ENABLE_CARD_SUPPORT
static int gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root,
u32 expireval, struct para_data_s *para);
#endif
static void static void
write_uid( KBNODE root, const char *s ) write_uid( KBNODE root, const char *s )
@ -1762,7 +1768,7 @@ get_parameter_revkey( struct para_data_s *para, enum para_name key )
static int static int
proc_parameter_file( struct para_data_s *para, const char *fname, proc_parameter_file( struct para_data_s *para, const char *fname,
struct output_control_s *outctrl ) struct output_control_s *outctrl, int card )
{ {
struct para_data_s *r; struct para_data_s *r;
const char *s1, *s2, *s3; const char *s1, *s2, *s3;
@ -1874,7 +1880,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
return -1; return -1;
} }
do_generate_keypair( para, outctrl ); do_generate_keypair( para, outctrl, card );
return 0; return 0;
} }
@ -1958,7 +1964,7 @@ read_parameter_file( const char *fname )
outctrl.dryrun = 1; outctrl.dryrun = 1;
else if( !ascii_strcasecmp( keyword, "%commit" ) ) { else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
outctrl.lnr = lnr; outctrl.lnr = lnr;
proc_parameter_file( para, fname, &outctrl ); proc_parameter_file( para, fname, &outctrl, 0 );
release_parameter_list( para ); release_parameter_list( para );
para = NULL; para = NULL;
} }
@ -2018,7 +2024,7 @@ read_parameter_file( const char *fname )
if( keywords[i].key == pKEYTYPE && para ) { if( keywords[i].key == pKEYTYPE && para ) {
outctrl.lnr = lnr; outctrl.lnr = lnr;
proc_parameter_file( para, fname, &outctrl ); proc_parameter_file( para, fname, &outctrl, 0 );
release_parameter_list( para ); release_parameter_list( para );
para = NULL; para = NULL;
} }
@ -2046,7 +2052,7 @@ read_parameter_file( const char *fname )
} }
else if( para ) { else if( para ) {
outctrl.lnr = lnr; outctrl.lnr = lnr;
proc_parameter_file( para, fname, &outctrl ); proc_parameter_file( para, fname, &outctrl, 0 );
} }
if( outctrl.use_files ) { /* close open streams */ if( outctrl.use_files ) { /* close open streams */
@ -2064,91 +2070,146 @@ read_parameter_file( const char *fname )
} }
/**************** /*
* Generate a keypair * Generate a keypair (fname is only used in batch mode) If
* (fname is only used in batch mode) * CARD_SERIALNO is not NULL the fucntion will create the keys on an
* OpenPGP Card.
*/ */
void void
generate_keypair( const char *fname ) generate_keypair( const char *fname, const char *card_serialno )
{ {
unsigned int nbits; unsigned int nbits;
char *uid = NULL; char *uid = NULL;
DEK *dek; DEK *dek;
STRING2KEY *s2k; STRING2KEY *s2k;
int algo; int algo;
unsigned int use; unsigned int use;
int both = 0; int both = 0;
u32 expire; u32 expire;
struct para_data_s *para = NULL; struct para_data_s *para = NULL;
struct para_data_s *r; struct para_data_s *r;
struct output_control_s outctrl; struct output_control_s outctrl;
memset( &outctrl, 0, sizeof( outctrl ) ); memset( &outctrl, 0, sizeof( outctrl ) );
if( opt.batch ) { if (opt.batch && card_serialno)
read_parameter_file( fname ); {
return; /* We don't yet support unattended key generation. */
log_error (_("sorry, can't do this in batch mode\n"));
return;
} }
if (opt.batch)
{
read_parameter_file( fname );
return;
}
algo = ask_algo( 0, &use ); if (card_serialno)
if( !algo ) { /* default: DSA with ElG subkey of the specified size */ {
both = 1; #ifdef ENABLE_CARD_SUPPORT
r = m_alloc_clear( sizeof *r + 20 ); r = xcalloc (1, sizeof *r + strlen (card_serialno) );
r->key = pKEYTYPE; r->key = pSERIALNO;
sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA ); strcpy( r->u.value, card_serialno);
r->next = para; r->next = para;
para = r; para = r;
tty_printf(_("DSA keypair will have 1024 bits.\n"));
r = m_alloc_clear( sizeof *r + 20 ); algo = PUBKEY_ALGO_RSA;
r->key = pKEYLENGTH;
strcpy( r->u.value, "1024" ); r = xcalloc (1, sizeof *r + 20 );
r->next = para; r->key = pKEYTYPE;
para = r; sprintf( r->u.value, "%d", algo );
r = m_alloc_clear( sizeof *r + 20 ); r->next = para;
r->key = pKEYUSAGE; para = r;
strcpy( r->u.value, "sign" ); r = xcalloc (1, sizeof *r + 20 );
r->next = para; r->key = pKEYUSAGE;
para = r; strcpy (r->u.value, "sign");
r->next = para;
para = r;
r = xcalloc (1, sizeof *r + 20 );
r->key = pSUBKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
r = xcalloc (1, sizeof *r + 20 );
r->key = pSUBKEYUSAGE;
strcpy (r->u.value, "encrypt");
r->next = para;
para = r;
r = xcalloc (1, sizeof *r + 20 );
r->key = pAUTHKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
#endif /*ENABLE_CARD_SUPPORT*/
}
else
{
algo = ask_algo( 0, &use );
if( !algo )
{ /* default: DSA with ElG subkey of the specified size */
both = 1;
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE;
sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA );
r->next = para;
para = r;
tty_printf(_("DSA keypair will have 1024 bits.\n"));
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYLENGTH;
strcpy( r->u.value, "1024" );
r->next = para;
para = r;
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYUSAGE;
strcpy( r->u.value, "sign" );
r->next = para;
para = r;
algo = PUBKEY_ALGO_ELGAMAL_E;
r = m_alloc_clear( sizeof *r + 20 );
r->key = pSUBKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
r = m_alloc_clear( sizeof *r + 20 );
r->key = pSUBKEYUSAGE;
strcpy( r->u.value, "encrypt" );
r->next = para;
para = r;
}
else
{
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
if (use)
{
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYUSAGE;
sprintf( r->u.value, "%s%s",
(use & PUBKEY_USAGE_SIG)? "sign ":"",
(use & PUBKEY_USAGE_ENC)? "encrypt ":"" );
r->next = para;
para = r;
}
}
nbits = ask_keysize( algo );
r = m_alloc_clear( sizeof *r + 20 );
r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
sprintf( r->u.value, "%u", nbits);
r->next = para;
para = r;
}
algo = PUBKEY_ALGO_ELGAMAL_E; expire = ask_expire_interval(0);
r = m_alloc_clear( sizeof *r + 20 );
r->key = pSUBKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
r = m_alloc_clear( sizeof *r + 20 );
r->key = pSUBKEYUSAGE;
strcpy( r->u.value, "encrypt" );
r->next = para;
para = r;
}
else {
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE;
sprintf( r->u.value, "%d", algo );
r->next = para;
para = r;
if (use) {
r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYUSAGE;
sprintf( r->u.value, "%s%s",
(use & PUBKEY_USAGE_SIG)? "sign ":"",
(use & PUBKEY_USAGE_ENC)? "encrypt ":"" );
r->next = para;
para = r;
}
}
nbits = ask_keysize( algo );
r = m_alloc_clear( sizeof *r + 20 );
r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
sprintf( r->u.value, "%u", nbits);
r->next = para;
para = r;
expire = ask_expire_interval(0);
r = m_alloc_clear( sizeof *r + 20 ); r = m_alloc_clear( sizeof *r + 20 );
r->key = pKEYEXPIRE; r->key = pKEYEXPIRE;
r->u.expire = expire; r->u.expire = expire;
@ -2161,19 +2222,21 @@ generate_keypair( const char *fname )
para = r; para = r;
uid = ask_user_id(0); uid = ask_user_id(0);
if( !uid ) { if( !uid )
{
log_error(_("Key generation canceled.\n")); log_error(_("Key generation canceled.\n"));
release_parameter_list( para ); release_parameter_list( para );
return; return;
} }
r = m_alloc_clear( sizeof *r + strlen(uid) ); r = m_alloc_clear( sizeof *r + strlen(uid) );
r->key = pUSERID; r->key = pUSERID;
strcpy( r->u.value, uid ); strcpy( r->u.value, uid );
r->next = para; r->next = para;
para = r; para = r;
dek = do_ask_passphrase( &s2k ); dek = card_serialno? NULL : do_ask_passphrase( &s2k );
if( dek ) { if( dek )
{
r = m_alloc_clear( sizeof *r ); r = m_alloc_clear( sizeof *r );
r->key = pPASSPHRASE_DEK; r->key = pPASSPHRASE_DEK;
r->u.dek = dek; r->u.dek = dek;
@ -2184,9 +2247,9 @@ generate_keypair( const char *fname )
r->u.s2k = s2k; r->u.s2k = s2k;
r->next = para; r->next = para;
para = r; para = r;
} }
proc_parameter_file( para, "[internal]", &outctrl ); proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno);
release_parameter_list( para ); release_parameter_list( para );
} }
@ -2211,7 +2274,7 @@ print_status_key_created (int letter, PKT_public_key *pk)
static void static void
do_generate_keypair( struct para_data_s *para, do_generate_keypair( struct para_data_s *para,
struct output_control_s *outctrl ) struct output_control_s *outctrl, int card )
{ {
KBNODE pub_root = NULL; KBNODE pub_root = NULL;
KBNODE sec_root = NULL; KBNODE sec_root = NULL;
@ -2270,7 +2333,11 @@ do_generate_keypair( struct para_data_s *para,
assert( outctrl->sec.stream ); assert( outctrl->sec.stream );
if( opt.verbose ) { if( opt.verbose ) {
log_info(_("writing public key to `%s'\n"), outctrl->pub.fname ); log_info(_("writing public key to `%s'\n"), outctrl->pub.fname );
log_info(_("writing secret key to `%s'\n"), outctrl->sec.fname ); if (card)
log_info (_("writing secret key stub to `%s'\n"),
outctrl->sec.fname);
else
log_info(_("writing secret key to `%s'\n"), outctrl->sec.fname );
} }
} }
@ -2283,13 +2350,26 @@ do_generate_keypair( struct para_data_s *para,
pub_root = make_comment_node("#"); delete_kbnode(pub_root); pub_root = make_comment_node("#"); delete_kbnode(pub_root);
sec_root = make_comment_node("#"); delete_kbnode(sec_root); sec_root = make_comment_node("#"); delete_kbnode(sec_root);
rc = do_create( get_parameter_algo( para, pKEYTYPE ), if (!card)
get_parameter_uint( para, pKEYLENGTH ), {
pub_root, sec_root, rc = do_create( get_parameter_algo( para, pKEYTYPE ),
get_parameter_dek( para, pPASSPHRASE_DEK ), get_parameter_uint( para, pKEYLENGTH ),
get_parameter_s2k( para, pPASSPHRASE_S2K ), pub_root, sec_root,
&sk, get_parameter_dek( para, pPASSPHRASE_DEK ),
get_parameter_u32( para, pKEYEXPIRE ) ); get_parameter_s2k( para, pPASSPHRASE_S2K ),
&sk,
get_parameter_u32( para, pKEYEXPIRE ) );
}
else
{
rc = gen_card_key (PUBKEY_ALGO_RSA, 1, pub_root, sec_root,
get_parameter_u32 (para, pKEYEXPIRE), para);
if (!rc)
{
sk = sec_root->next->pkt->pkt.secret_key;
assert (sk);
}
}
if(!rc && (revkey=get_parameter_revkey(para,pREVOKER))) if(!rc && (revkey=get_parameter_revkey(para,pREVOKER)))
{ {
@ -2310,24 +2390,44 @@ do_generate_keypair( struct para_data_s *para,
get_parameter_uint (para, pKEYUSAGE)); get_parameter_uint (para, pKEYUSAGE));
} }
if( get_parameter( para, pSUBKEYTYPE ) ) { if( get_parameter( para, pSUBKEYTYPE ) )
rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ), {
get_parameter_uint( para, pSUBKEYLENGTH ), if (!card)
pub_root, sec_root, {
get_parameter_dek( para, pPASSPHRASE_DEK ), rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ),
get_parameter_s2k( para, pPASSPHRASE_S2K ), get_parameter_uint( para, pSUBKEYLENGTH ),
NULL, pub_root, sec_root,
get_parameter_u32( para, pSUBKEYEXPIRE ) ); get_parameter_dek( para, pPASSPHRASE_DEK ),
if( !rc ) get_parameter_s2k( para, pPASSPHRASE_S2K ),
rc = write_keybinding(pub_root, pub_root, sk, NULL,
get_parameter_uint (para, pSUBKEYUSAGE)); get_parameter_u32( para, pSUBKEYEXPIRE ) );
if( !rc ) }
rc = write_keybinding(sec_root, pub_root, sk, else
get_parameter_uint (para, pSUBKEYUSAGE)); {
rc = gen_card_key (PUBKEY_ALGO_RSA, 2, pub_root, sec_root,
get_parameter_u32 (para, pKEYEXPIRE), para);
}
if( !rc )
rc = write_keybinding(pub_root, pub_root, sk,
get_parameter_uint (para, pSUBKEYUSAGE));
if( !rc )
rc = write_keybinding(sec_root, pub_root, sk,
get_parameter_uint (para, pSUBKEYUSAGE));
did_sub = 1; did_sub = 1;
} }
if (card && get_parameter (para, pAUTHKEYTYPE))
{
rc = gen_card_key (PUBKEY_ALGO_RSA, 3, pub_root, sec_root,
get_parameter_u32 (para, pKEYEXPIRE), para);
if (!rc)
rc = write_keybinding (pub_root, pub_root, sk, PUBKEY_USAGE_AUTH);
if (!rc)
rc = write_keybinding (sec_root, pub_root, sk, PUBKEY_USAGE_AUTH);
}
if( !rc && outctrl->use_files ) { /* direct write to specified files */ if( !rc && outctrl->use_files ) { /* direct write to specified files */
rc = write_keyblock( outctrl->pub.stream, pub_root ); rc = write_keyblock( outctrl->pub.stream, pub_root );
if( rc ) if( rc )
@ -2359,8 +2459,12 @@ do_generate_keypair( struct para_data_s *para,
if (!rc && opt.verbose) { if (!rc && opt.verbose) {
log_info(_("writing public key to `%s'\n"), log_info(_("writing public key to `%s'\n"),
keydb_get_resource_name (pub_hd)); keydb_get_resource_name (pub_hd));
log_info(_("writing secret key to `%s'\n"), if (card)
keydb_get_resource_name (sec_hd)); log_info (_("writing secret key stub to `%s'\n"),
keydb_get_resource_name (sec_hd));
else
log_info(_("writing secret key to `%s'\n"),
keydb_get_resource_name (sec_hd));
} }
if (!rc) { if (!rc) {
@ -2426,8 +2530,8 @@ do_generate_keypair( struct para_data_s *para,
} }
release_kbnode( pub_root ); release_kbnode( pub_root );
release_kbnode( sec_root ); release_kbnode( sec_root );
if( sk ) /* the unprotected secret key */ if( sk && !card) /* the unprotected secret key unless we have a */
free_secret_key(sk); free_secret_key(sk); /* shallow copy in card mode. */
} }
@ -2554,3 +2658,81 @@ write_keyblock( IOBUF out, KBNODE node )
} }
return 0; return 0;
} }
static int
gen_card_key (int algo, int keyno, KBNODE pub_root, KBNODE sec_root,
u32 expireval, struct para_data_s *para)
{
#ifdef ENABLE_CARD_SUPPORT
int rc;
const char *s;
struct agent_card_genkey_s info;
PACKET *pkt;
PKT_secret_key *sk;
PKT_public_key *pk;
assert (algo == PUBKEY_ALGO_RSA);
rc = agent_scd_genkey (&info, keyno, 1);
/* if (gpg_err_code (rc) == GPG_ERR_EEXIST) */
/* { */
/* tty_printf ("\n"); */
/* log_error ("WARNING: key does already exists!\n"); */
/* tty_printf ("\n"); */
/* if ( cpr_get_answer_is_yes( "keygen.card.replace_key", */
/* _("Replace existing key? "))) */
/* rc = agent_scd_genkey (&info, keyno, 1); */
/* } */
if (rc)
{
log_error ("key generation failed: %s\n", gpg_strerror (rc));
return rc;
}
if ( !info.n || !info.e )
{
log_error ("communication error with SCD\n");
mpi_free (info.n);
mpi_free (info.e);
return gpg_error (GPG_ERR_GENERAL);
}
pk = xcalloc (1, sizeof *pk );
sk = xcalloc (1, sizeof *sk );
sk->timestamp = pk->timestamp = info.created_at;
sk->version = pk->version = 4;
if (expireval)
sk->expiredate = pk->expiredate = pk->timestamp + expireval;
sk->pubkey_algo = pk->pubkey_algo = algo;
pk->pkey[0] = info.n;
pk->pkey[1] = info.e;
sk->skey[0] = mpi_copy (pk->pkey[0]);
sk->skey[1] = mpi_copy (pk->pkey[1]);
sk->skey[2] = mpi_set_opaque (NULL, xstrdup ("dummydata"), 10);
sk->is_protected = 1;
sk->protect.s2k.mode = 1002;
s = get_parameter_value (para, pSERIALNO);
if (s)
{
for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
sk->protect.ivlen++, s += 2)
sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
}
pkt = xcalloc (1,sizeof *pkt);
pkt->pkttype = keyno == 1 ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
pkt->pkt.public_key = pk;
add_kbnode(pub_root, new_kbnode( pkt ));
pkt = xcalloc (1,sizeof *pkt);
pkt->pkttype = keyno == 1 ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
pkt->pkt.secret_key = sk;
add_kbnode(sec_root, new_kbnode( pkt ));
return 0;
#else
return -1;
#endif /*!ENABLE_CARD_SUPPORT*/
}

9
g10/main.h
View File

@ -143,7 +143,7 @@ void show_basic_key_info (KBNODE keyblock);
/*-- keygen.c --*/ /*-- keygen.c --*/
u32 ask_expire_interval(int object); u32 ask_expire_interval(int object);
u32 ask_expiredate(void); u32 ask_expiredate(void);
void generate_keypair( const char *fname ); void generate_keypair( const char *fname, const char *card_serialno );
int keygen_set_std_prefs (const char *string,int personal); int keygen_set_std_prefs (const char *string,int personal);
PKT_user_id *keygen_get_std_prefs (void); PKT_user_id *keygen_get_std_prefs (void);
int keygen_add_key_expire( PKT_signature *sig, void *opaque ); int keygen_add_key_expire( PKT_signature *sig, void *opaque );
@ -241,4 +241,11 @@ void pause_on_sigusr( int which );
void block_all_signals(void); void block_all_signals(void);
void unblock_all_signals(void); void unblock_all_signals(void);
#ifdef ENABLE_CARD_SUPPORT
/*-- card-util.c --*/
void change_pin (int no);
void card_status (FILE *fp);
void card_edit (STRLIST commands);
#endif
#endif /*G10_MAIN_H*/ #endif /*G10_MAIN_H*/

2
g10/sign.c
View File

@ -309,7 +309,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
if (sk->is_protected && sk->protect.s2k.mode == 1002) if (sk->is_protected && sk->protect.s2k.mode == 1002)
{ {
char *rbuf; unsigned char *rbuf;
size_t rbuflen; size_t rbuflen;
char *snbuf; char *snbuf;