1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-08 23:37:47 +02:00

g10: Remove deprecated internal functions.

* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.

--

Now, key generation is done by gpg-agent.  Asking passphrase is done
through pinentry invoked by gpg-agent.  It is done by
new internal function of card_store_key_with_backup.
This commit is contained in:
NIIBE Yutaka 2015-12-18 10:18:22 +09:00
parent b30c15bf7c
commit 72eaff1aa6

View File

@ -2701,56 +2701,6 @@ ask_user_id (int mode, int full, KBNODE keyblock)
}
/* MODE 0 - standard
1 - Ask for passphrase of the card backup key. */
#if 0
static DEK *
do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
{
DEK *dek = NULL;
STRING2KEY *s2k;
const char *errtext = NULL;
const char *custdesc = NULL;
tty_printf(_("You need a Passphrase to protect your secret key.\n\n") );
if (mode == 1)
custdesc = _("Please enter a passphrase to protect the off-card "
"backup of the new encryption key.");
s2k = xmalloc_secure( sizeof *s2k );
for(;;) {
s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
dek = passphrase_to_dek_ext (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
errtext, custdesc, NULL, r_canceled);
if (!dek && *r_canceled) {
xfree(dek); dek = NULL;
xfree(s2k); s2k = NULL;
break;
}
else if( !dek ) {
errtext = N_("passphrase not correctly repeated; try again");
tty_printf(_("%s.\n"), _(errtext));
}
else if( !dek->keylen ) {
xfree(dek); dek = NULL;
xfree(s2k); s2k = NULL;
tty_printf(_(
"You don't want a passphrase - this is probably a *bad* idea!\n"
"I will do it anyway. You can change your passphrase at any time,\n"
"using this program with the option \"--edit-key\".\n\n"));
break;
}
else
break; /* okay */
}
*ret_s2k = s2k;
return dek;
}
#endif /* 0 */
/* Basic key generation. Here we divert to the actual generation
routines based on the requested algorithm. */
static int
@ -3850,104 +3800,6 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
}
#if 0 /* not required */
/* Generate a raw key and return it as a secret key packet. The
function will ask for the passphrase and return a protected as well
as an unprotected copy of a new secret key packet. 0 is returned
on success and the caller must then free the returned values. */
static int
generate_raw_key (int algo, unsigned int nbits, u32 created_at,
PKT_secret_key **r_sk_unprotected,
PKT_secret_key **r_sk_protected)
{
int rc;
DEK *dek = NULL;
STRING2KEY *s2k = NULL;
PKT_secret_key *sk = NULL;
int i;
size_t nskey, npkey;
gcry_sexp_t s_parms, s_key;
int canceled;
npkey = pubkey_get_npkey (algo);
nskey = pubkey_get_nskey (algo);
assert (nskey <= PUBKEY_MAX_NSKEY && npkey < nskey);
if (nbits < 512)
{
nbits = 512;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
if ((nbits % 32))
{
nbits = ((nbits + 31) / 32) * 32;
log_info(_("keysize rounded up to %u bits\n"), nbits );
}
dek = do_ask_passphrase (&s2k, 1, &canceled);
if (canceled)
{
rc = gpg_error (GPG_ERR_CANCELED);
goto leave;
}
sk = xmalloc_clear (sizeof *sk);
sk->timestamp = created_at;
sk->version = 4;
sk->pubkey_algo = algo;
if ( !is_RSA (algo) )
{
log_error ("only RSA is supported for offline generated keys\n");
rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
goto leave;
}
rc = gcry_sexp_build (&s_parms, NULL,
"(genkey(rsa(nbits %d)))",
(int)nbits);
if (rc)
log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&s_key, s_parms);
gcry_sexp_release (s_parms);
if (rc)
{
log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
goto leave;
}
rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
gcry_sexp_release (s_key);
if (rc)
{
log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
goto leave;
}
for (i=npkey; i < nskey; i++)
sk->csum += checksum_mpi (sk->skey[i]);
if (r_sk_unprotected)
*r_sk_unprotected = copy_secret_key (NULL, sk);
rc = genhelp_protect (dek, s2k, sk);
if (rc)
goto leave;
if (r_sk_protected)
{
*r_sk_protected = sk;
sk = NULL;
}
leave:
if (sk)
free_secret_key (sk);
xfree (dek);
xfree (s2k);
return rc;
}
#endif /* ENABLE_CARD_SUPPORT */
/* Create and delete a dummy packet to start off a list of kbnodes. */
static void
start_tree(KBNODE *tree)
@ -4724,259 +4576,3 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif /*!ENABLE_CARD_SUPPORT*/
}
static int
gen_card_key_with_backup (int algo, int keyno, int is_primary,
KBNODE pub_root, u32 timestamp,
u32 expireval, struct para_data_s *para)
{
#if ENABLE_CARD_SUPPORT && 0
/* FIXME: Move this to gpg-agent. */
int rc;
const char *s;
PACKET *pkt;
PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
PKT_public_key *pk;
size_t n;
int i;
unsigned int nbits;
/* Get the size of the key directly from the card. */
{
struct agent_card_info_s info;
memset (&info, 0, sizeof info);
if (!agent_scd_getattr ("KEY-ATTR", &info)
&& info.key_attr[1].algo)
nbits = info.key_attr[1].nbits;
else
nbits = 1024; /* All pre-v2.0 cards. */
agent_release_card_info (&info);
}
/* Create a key of this size in memory. */
rc = generate_raw_key (algo, nbits, timestamp,
&sk_unprotected, &sk_protected);
if (rc)
return rc;
/* Store the key to the card. */
rc = save_unprotected_key_to_card (sk_unprotected, keyno);
if (rc)
{
log_error (_("storing key onto card failed: %s\n"), gpg_strerror (rc));
free_secret_key (sk_unprotected);
free_secret_key (sk_protected);
write_status_errcode ("save_key_to_card", rc);
return rc;
}
/* Get rid of the secret key parameters and store the serial numer. */
sk = sk_unprotected;
n = pubkey_get_nskey (sk->pubkey_algo);
for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
{
gcry_mpi_release (sk->skey[i]);
sk->skey[i] = NULL;
}
i = pubkey_get_npkey (sk->pubkey_algo);
sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
sk->is_protected = 1;
sk->protect.s2k.mode = 1002;
s = get_parameter_value (para, pSERIALNO);
assert (s);
for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
sk->protect.ivlen++, s += 2)
sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
/* Now write the *protected* secret key to the file. */
{
char name_buffer[50];
char *fname;
IOBUF fp;
mode_t oldmask;
keyid_from_sk (sk, NULL);
snprintf (name_buffer, sizeof name_buffer, "sk_%08lX%08lX.gpg",
(ulong)sk->keyid[0], (ulong)sk->keyid[1]);
fname = make_filename (backup_dir, name_buffer, NULL);
/* Note that the umask call is not anymore needed because
iobuf_create now takes care of it. However, it does not harm
and thus we keep it. */
oldmask = umask (077);
if (is_secured_filename (fname))
{
fp = NULL;
gpg_err_set_errno (EPERM);
}
else
fp = iobuf_create (fname, 1);
umask (oldmask);
if (!fp)
{
rc = gpg_error_from_syserror ();
log_error (_("can't create backup file '%s': %s\n"),
fname, strerror(errno) );
xfree (fname);
free_secret_key (sk_unprotected);
free_secret_key (sk_protected);
return rc;
}
pkt = xcalloc (1, sizeof *pkt);
pkt->pkttype = PKT_SECRET_KEY;
pkt->pkt.secret_key = sk_protected;
sk_protected = NULL;
rc = build_packet (fp, pkt);
if (rc)
{
log_error("build packet failed: %s\n", gpg_strerror (rc));
iobuf_cancel (fp);
}
else
{
unsigned char array[MAX_FINGERPRINT_LEN];
char *fprbuf, *p;
iobuf_close (fp);
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
log_info (_("Note: backup of card key saved to '%s'\n"), fname);
fingerprint_from_sk (sk, array, &n);
p = fprbuf = xmalloc (MAX_FINGERPRINT_LEN*2 + 1 + 1);
for (i=0; i < n ; i++, p += 2)
sprintf (p, "%02X", array[i]);
*p++ = ' ';
*p = 0;
write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED,
fprbuf,
fname, strlen (fname),
0);
xfree (fprbuf);
}
free_packet (pkt);
xfree (pkt);
xfree (fname);
if (rc)
{
free_secret_key (sk_unprotected);
return rc;
}
}
/* Create the public key from the secret key. */
pk = xcalloc (1, sizeof *pk );
pk->timestamp = sk->timestamp;
pk->version = sk->version;
if (expireval)
pk->expiredate = sk->expiredate = sk->timestamp + expireval;
pk->pubkey_algo = sk->pubkey_algo;
n = pubkey_get_npkey (sk->pubkey_algo);
for (i=0; i < n; i++)
pk->pkey[i] = mpi_copy (sk->skey[i]);
/* Build packets and add them to the node lists. */
pkt = xcalloc (1,sizeof *pkt);
pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
pkt->pkt.public_key = pk;
add_kbnode(pub_root, new_kbnode( pkt ));
pkt = xcalloc (1,sizeof *pkt);
pkt->pkttype = is_primary ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
pkt->pkt.secret_key = sk;
add_kbnode(sec_root, new_kbnode( pkt ));
return 0;
#else
# if __GCC__ && ENABLE_CARD_SUPPORT
# warning Card support still missing
# endif
(void)algo;
(void)keyno;
(void)is_primary;
(void)pub_root;
(void)timestamp;
(void)expireval;
(void)para;
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif /*!ENABLE_CARD_SUPPORT*/
}
#if 0
int
save_unprotected_key_to_card (PKT_public_key *sk, int keyno)
{
int rc;
unsigned char *rsa_n = NULL;
unsigned char *rsa_e = NULL;
unsigned char *rsa_p = NULL;
unsigned char *rsa_q = NULL;
size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
unsigned char *sexp = NULL;
unsigned char *p;
char numbuf[55], numbuf2[50];
assert (is_RSA (sk->pubkey_algo));
assert (!sk->is_protected);
/* Copy the parameters into straight buffers. */
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[3]);
gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[4]);
if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
{
rc = GPG_ERR_INV_ARG;
goto leave;
}
/* Put the key into an S-expression. */
sexp = p = xmalloc_secure (30
+ rsa_n_len + rsa_e_len + rsa_p_len + rsa_q_len
+ 4*sizeof (numbuf) + 25 + sizeof(numbuf) + 20);
p = stpcpy (p,"(11:private-key(3:rsa(1:n");
sprintf (numbuf, "%u:", (unsigned int)rsa_n_len);
p = stpcpy (p, numbuf);
memcpy (p, rsa_n, rsa_n_len);
p += rsa_n_len;
sprintf (numbuf, ")(1:e%u:", (unsigned int)rsa_e_len);
p = stpcpy (p, numbuf);
memcpy (p, rsa_e, rsa_e_len);
p += rsa_e_len;
sprintf (numbuf, ")(1:p%u:", (unsigned int)rsa_p_len);
p = stpcpy (p, numbuf);
memcpy (p, rsa_p, rsa_p_len);
p += rsa_p_len;
sprintf (numbuf, ")(1:q%u:", (unsigned int)rsa_q_len);
p = stpcpy (p, numbuf);
memcpy (p, rsa_q, rsa_q_len);
p += rsa_q_len;
p = stpcpy (p,"))(10:created-at");
sprintf (numbuf2, "%lu", (unsigned long)sk->timestamp);
sprintf (numbuf, "%lu:", (unsigned long)strlen (numbuf2));
p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))");
/* Fixme: Unfortunately we don't have the serialnumber available -
thus we can't pass it down to the agent. */
rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp);
leave:
xfree (sexp);
xfree (rsa_n);
xfree (rsa_e);
xfree (rsa_p);
xfree (rsa_q);
return rc;
}
#endif /*ENABLE_CARD_SUPPORT*/