gpg: Make decryption with the OpenPGP card work.

* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2013-08-26 17:29:54 +02:00 · 2013-08-26 17:29:54 +02:00 · 780ba32336
commit 780ba32336
parent 04e2c83f18
16 changed files with 134 additions and 39 deletions
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -1816,17 +1816,34 @@ inq_ciphertext_cb (void *opaque, const char *line)
 }


+/* Check whether there is any padding info from the agent.  */
+static gpg_error_t
+padding_info_cb (void *opaque, const char *line)
+{
+  int *r_padding = opaque;
+  const char *s;
+
+  if ((s=has_leading_keyword (line, "PADDING")))
+    {
+      *r_padding = atoi (s);
+    }
+
+  return 0;
+}
+
+
 /* Call the agent to do a decrypt operation using the key identified
   by the hex string KEYGRIP and the input data S_CIPHERTEXT.  On the
   success the decoded value is stored verbatim at R_BUF and its
   length at R_BUF; the callers needs to release it.  KEYID, MAINKEYID
   and PUBKEY_ALGO are used to construct additional promots or status
-   messages. */
+   messages.   The padding information is stored at R_PADDING with -1
+   for not known.  */
 gpg_error_t
 agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
                 u32 *keyid, u32 *mainkeyid, int pubkey_algo,
                 gcry_sexp_t s_ciphertext,
-                 unsigned char **r_buf, size_t *r_buflen)
+                 unsigned char **r_buf, size_t *r_buflen, int *r_padding)
 {
  gpg_error_t err;
  char line[ASSUAN_LINELENGTH];
@ -1841,9 +1858,12 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
  dfltparm.keyinfo.mainkeyid   = mainkeyid;
  dfltparm.keyinfo.pubkey_algo = pubkey_algo;

-  if (!keygrip || strlen(keygrip) != 40 || !s_ciphertext || !r_buf || !r_buflen)
+  if (!keygrip || strlen(keygrip) != 40
+      || !s_ciphertext || !r_buf || !r_buflen || !r_padding)
    return gpg_error (GPG_ERR_INV_VALUE);
+
  *r_buf = NULL;
+  *r_padding = -1;

  err = start_agent (ctrl, 0);
  if (err)
@ -1881,7 +1901,8 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
      return err;
    err = assuan_transact (agent_ctx, "PKDECRYPT",
                           membuf_data_cb, &data,
-                           inq_ciphertext_cb, &parm, NULL, NULL);
+                           inq_ciphertext_cb, &parm,
+                           padding_info_cb, r_padding);
    xfree (parm.ciphertext);
  }
  if (err)