mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
Even less prompts for a new key now.
This commit is contained in:
parent
31bc3c8edd
commit
a0b9ebfb7d
@ -13,6 +13,7 @@
|
|||||||
* agent.h (CACHE_MODE_NONCE): New.
|
* agent.h (CACHE_MODE_NONCE): New.
|
||||||
* pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE.
|
* pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE.
|
||||||
* findkey.c (agent_key_from_file): Ditto.
|
* findkey.c (agent_key_from_file): Ditto.
|
||||||
|
(unprotect): Implement it.
|
||||||
|
|
||||||
2010-08-31 Werner Koch <wk@g10code.com>
|
2010-08-31 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
@ -275,7 +275,7 @@ modify_description (const char *in, const char *comment, char **result)
|
|||||||
description used for the pinentry. If LOOKUP_TTL is given this
|
description used for the pinentry. If LOOKUP_TTL is given this
|
||||||
function is used to lookup the default ttl. */
|
function is used to lookup the default ttl. */
|
||||||
static int
|
static int
|
||||||
unprotect (ctrl_t ctrl, const char *desc_text,
|
unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
|
||||||
unsigned char **keybuf, const unsigned char *grip,
|
unsigned char **keybuf, const unsigned char *grip,
|
||||||
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl)
|
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl)
|
||||||
{
|
{
|
||||||
@ -288,6 +288,26 @@ unprotect (ctrl_t ctrl, const char *desc_text,
|
|||||||
|
|
||||||
bin2hex (grip, 20, hexgrip);
|
bin2hex (grip, 20, hexgrip);
|
||||||
|
|
||||||
|
/* Initially try to get it using a cache nonce. */
|
||||||
|
if (cache_nonce)
|
||||||
|
{
|
||||||
|
void *cache_marker;
|
||||||
|
const char *pw;
|
||||||
|
|
||||||
|
pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, &cache_marker);
|
||||||
|
if (pw)
|
||||||
|
{
|
||||||
|
rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen);
|
||||||
|
agent_unlock_cache_entry (&cache_marker);
|
||||||
|
if (!rc)
|
||||||
|
{
|
||||||
|
xfree (*keybuf);
|
||||||
|
*keybuf = result;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* First try to get it from the cache - if there is none or we can't
|
/* First try to get it from the cache - if there is none or we can't
|
||||||
unprotect it, we fall back to ask the user */
|
unprotect it, we fall back to ask the user */
|
||||||
if (cache_mode != CACHE_MODE_IGNORE)
|
if (cache_mode != CACHE_MODE_IGNORE)
|
||||||
@ -560,7 +580,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
|
|||||||
|
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
rc = unprotect (ctrl, desc_text_final, &buf, grip,
|
rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
|
||||||
cache_mode, lookup_ttl);
|
cache_mode, lookup_ttl);
|
||||||
if (rc)
|
if (rc)
|
||||||
log_error ("failed to unprotect the secret key: %s\n",
|
log_error ("failed to unprotect the secret key: %s\n",
|
||||||
|
@ -1,12 +1,25 @@
|
|||||||
2010-09-01 Werner Koch <wk@g10code.com>
|
2010-09-01 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* sign.c (do_sign, write_signature_packets, complete_sig): Add arg
|
||||||
|
CACHE_NONCE.
|
||||||
|
(make_keysig_packet): Ditto.
|
||||||
|
* keygen.c (make_backsig, write_direct_sig, write_selfsigs)
|
||||||
|
(write_keybinding): Add arg CACHE_NONCE.
|
||||||
|
(do_generate_keypair): Use cache_nonce to avoid a pinentry for the
|
||||||
|
self-signatures.
|
||||||
|
|
||||||
|
* passphrase.c (gpg_format_keydesc): Remove now superfluous
|
||||||
|
algo_name fallback.
|
||||||
|
|
||||||
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, common_gen): Add
|
* keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, common_gen): Add
|
||||||
arg CACHE_NONCE_ADDR.
|
arg CACHE_NONCE_ADDR.
|
||||||
(generate_subkeypair): Pass NULL for CACHE_NONCE_ADDR.
|
(generate_subkeypair): Pass NULL for CACHE_NONCE_ADDR.
|
||||||
(do_generate_keypair): Add cache nonce handling.
|
(do_generate_keypair): Add cache nonce handling.
|
||||||
|
|
||||||
* import.c (transfer_secret_keys): Support a cache nonce.
|
* import.c (transfer_secret_keys): Support a cache nonce.
|
||||||
* call-agent.c (cache_nonce_status_cb): New.
|
* call-agent.c (cache_nonce_status_cb): New.
|
||||||
(agent_genkey, agent_import_key): Add arg CACHE_NONCE_ADDR.
|
(agent_genkey, agent_import_key): Add arg CACHE_NONCE_ADDR.
|
||||||
|
(agent_pksign): Ditto.
|
||||||
|
|
||||||
2010-08-30 Werner Koch <wk@g10code.com>
|
2010-08-30 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
@ -1549,9 +1549,11 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
|
|||||||
the hex string KEYGRIP. DESC is a description of the key to be
|
the hex string KEYGRIP. DESC is a description of the key to be
|
||||||
displayed if the agent needs to ask for the PIN. DIGEST and
|
displayed if the agent needs to ask for the PIN. DIGEST and
|
||||||
DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
|
DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id
|
||||||
used to compute the digest. */
|
used to compute the digest. If CACHE_NONCE is used the agent is
|
||||||
|
advised to firts try a passphrase associated with that nonce. */
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
|
agent_pksign (ctrl_t ctrl, const char *cache_nonce,
|
||||||
|
const char *keygrip, const char *desc,
|
||||||
unsigned char *digest, size_t digestlen, int digestalgo,
|
unsigned char *digest, size_t digestlen, int digestalgo,
|
||||||
gcry_sexp_t *r_sigval)
|
gcry_sexp_t *r_sigval)
|
||||||
{
|
{
|
||||||
@ -1598,7 +1600,11 @@ agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
|
|||||||
return err;
|
return err;
|
||||||
|
|
||||||
init_membuf (&data, 1024);
|
init_membuf (&data, 1024);
|
||||||
err = assuan_transact (agent_ctx, "PKSIGN",
|
|
||||||
|
snprintf (line, sizeof line, "PKSIGN%s%s",
|
||||||
|
cache_nonce? " -- ":"",
|
||||||
|
cache_nonce? cache_nonce:"");
|
||||||
|
err = assuan_transact (agent_ctx, line,
|
||||||
membuf_data_cb, &data, default_inq_cb, ctrl,
|
membuf_data_cb, &data, default_inq_cb, ctrl,
|
||||||
NULL, NULL);
|
NULL, NULL);
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -154,7 +154,8 @@ gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
|
|||||||
gcry_sexp_t *r_pubkey);
|
gcry_sexp_t *r_pubkey);
|
||||||
|
|
||||||
/* Create a signature. */
|
/* Create a signature. */
|
||||||
gpg_error_t agent_pksign (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
|
gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
|
||||||
|
const char *hexkeygrip, const char *desc,
|
||||||
unsigned char *digest, size_t digestlen,
|
unsigned char *digest, size_t digestlen,
|
||||||
int digestalgo,
|
int digestalgo,
|
||||||
gcry_sexp_t *r_sigval);
|
gcry_sexp_t *r_sigval);
|
||||||
|
@ -1244,6 +1244,9 @@ transfer_secret_keys (ctrl_t ctrl, kbnode_t sec_keyblock)
|
|||||||
u32 keyid[2];
|
u32 keyid[2];
|
||||||
char *orig_codeset;
|
char *orig_codeset;
|
||||||
|
|
||||||
|
/* FIXME: We should use gpg_format_keydesc, however that
|
||||||
|
requires a public key structure. It might be useful to
|
||||||
|
merge the secret and public key structures. */
|
||||||
keyid_from_sk (sk, keyid);
|
keyid_from_sk (sk, keyid);
|
||||||
uid = get_user_id (keyid, &uidlen);
|
uid = get_user_id (keyid, &uidlen);
|
||||||
orig_codeset = i18n_switchto_utf8 ();
|
orig_codeset = i18n_switchto_utf8 ();
|
||||||
|
@ -1083,7 +1083,8 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
|
|||||||
NULL,
|
NULL,
|
||||||
pk,
|
pk,
|
||||||
0x13, 0, force_v4 ? 4 : 0, 0, 0,
|
0x13, 0, force_v4 ? 4 : 0, 0, 0,
|
||||||
keygen_add_std_prefs, primary_pk);
|
keygen_add_std_prefs, primary_pk,
|
||||||
|
NULL);
|
||||||
else
|
else
|
||||||
rc = make_keysig_packet (&sig, primary_pk,
|
rc = make_keysig_packet (&sig, primary_pk,
|
||||||
node->pkt->pkt.user_id,
|
node->pkt->pkt.user_id,
|
||||||
@ -1091,7 +1092,8 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
|
|||||||
pk,
|
pk,
|
||||||
class, 0, force_v4 ? 4 : 0,
|
class, 0, force_v4 ? 4 : 0,
|
||||||
timestamp, duration,
|
timestamp, duration,
|
||||||
sign_mk_attrib, &attrib);
|
sign_mk_attrib, &attrib,
|
||||||
|
NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
||||||
@ -3222,7 +3224,7 @@ menu_adduid (KBNODE pub_keyblock, int photo, const char *photo_name)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, 0,
|
err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, 0,
|
||||||
keygen_add_std_prefs, pk);
|
keygen_add_std_prefs, pk, NULL);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("signing failed: %s\n", g10_errstr (err));
|
log_error ("signing failed: %s\n", g10_errstr (err));
|
||||||
@ -3610,7 +3612,7 @@ menu_addrevoker (KBNODE pub_keyblock, int sensitive)
|
|||||||
/* The 1F signature must be at least v4 to carry the revocation key
|
/* The 1F signature must be at least v4 to carry the revocation key
|
||||||
subpacket. */
|
subpacket. */
|
||||||
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 4, 0, 0,
|
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 4, 0, 0,
|
||||||
keygen_add_revkey, &revkey);
|
keygen_add_revkey, &revkey, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error ("signing failed: %s\n", g10_errstr (rc));
|
log_error ("signing failed: %s\n", g10_errstr (rc));
|
||||||
@ -3810,7 +3812,7 @@ menu_backsign (KBNODE pub_keyblock)
|
|||||||
/* Now we can get to work. */
|
/* Now we can get to work. */
|
||||||
|
|
||||||
rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk,
|
rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk,
|
||||||
timestamp);
|
timestamp, NULL);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
PKT_signature *newsig;
|
PKT_signature *newsig;
|
||||||
@ -4901,7 +4903,7 @@ reloop: /* (must use this, because we are modifing the list) */
|
|||||||
rc = make_keysig_packet (&sig, primary_pk,
|
rc = make_keysig_packet (&sig, primary_pk,
|
||||||
unode->pkt->pkt.user_id,
|
unode->pkt->pkt.user_id,
|
||||||
NULL, signerkey, 0x30, 0, 0, 0, 0,
|
NULL, signerkey, 0x30, 0, 0, 0, 0,
|
||||||
sign_mk_attrib, &attrib);
|
sign_mk_attrib, &attrib, NULL);
|
||||||
free_public_key (signerkey);
|
free_public_key (signerkey);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
@ -4993,7 +4995,7 @@ menu_revuid (KBNODE pub_keyblock)
|
|||||||
|
|
||||||
rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0,
|
rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0,
|
||||||
(reason == NULL) ? 3 : 0, timestamp, 0,
|
(reason == NULL) ? 3 : 0, timestamp, 0,
|
||||||
sign_mk_attrib, &attrib);
|
sign_mk_attrib, &attrib, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
||||||
@ -5055,7 +5057,7 @@ menu_revkey (KBNODE pub_keyblock)
|
|||||||
|
|
||||||
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk,
|
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk,
|
||||||
0x20, 0, opt.force_v4_certs ? 4 : 0, 0, 0,
|
0x20, 0, opt.force_v4_certs ? 4 : 0, 0, 0,
|
||||||
revocation_reason_build_cb, reason);
|
revocation_reason_build_cb, reason, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
||||||
@ -5115,7 +5117,8 @@ menu_revsubkey (KBNODE pub_keyblock)
|
|||||||
|
|
||||||
node->flag &= ~NODFLG_SELKEY;
|
node->flag &= ~NODFLG_SELKEY;
|
||||||
rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk,
|
rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk,
|
||||||
0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib);
|
0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib,
|
||||||
|
NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
log_error (_("signing failed: %s\n"), g10_errstr (rc));
|
||||||
|
31
g10/keygen.c
31
g10/keygen.c
@ -824,7 +824,7 @@ keygen_add_revkey (PKT_signature *sig, void *opaque)
|
|||||||
gpg_error_t
|
gpg_error_t
|
||||||
make_backsig (PKT_signature *sig, PKT_public_key *pk,
|
make_backsig (PKT_signature *sig, PKT_public_key *pk,
|
||||||
PKT_public_key *sub_pk, PKT_public_key *sub_psk,
|
PKT_public_key *sub_pk, PKT_public_key *sub_psk,
|
||||||
u32 timestamp)
|
u32 timestamp, const char *cache_nonce)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
PKT_signature *backsig;
|
PKT_signature *backsig;
|
||||||
@ -832,7 +832,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
|
|||||||
cache_public_key (sub_pk);
|
cache_public_key (sub_pk);
|
||||||
|
|
||||||
err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
|
err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
|
||||||
0, 0, timestamp, 0, NULL, NULL);
|
0, 0, timestamp, 0, NULL, NULL, cache_nonce);
|
||||||
if (err)
|
if (err)
|
||||||
log_error ("make_keysig_packet failed for backsig: %s\n", g10_errstr(err));
|
log_error ("make_keysig_packet failed for backsig: %s\n", g10_errstr(err));
|
||||||
else
|
else
|
||||||
@ -918,7 +918,8 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
|
|||||||
the timestamp to set on the signature. */
|
the timestamp to set on the signature. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
write_direct_sig (KBNODE root, PKT_public_key *psk,
|
write_direct_sig (KBNODE root, PKT_public_key *psk,
|
||||||
struct revocation_key *revkey, u32 timestamp)
|
struct revocation_key *revkey, u32 timestamp,
|
||||||
|
const char *cache_nonce)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
PACKET *pkt;
|
PACKET *pkt;
|
||||||
@ -942,7 +943,7 @@ write_direct_sig (KBNODE root, PKT_public_key *psk,
|
|||||||
/* Make the signature. */
|
/* Make the signature. */
|
||||||
err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
|
err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
|
||||||
0, 0, timestamp, 0,
|
0, 0, timestamp, 0,
|
||||||
keygen_add_revkey, revkey);
|
keygen_add_revkey, revkey, cache_nonce);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err) );
|
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err) );
|
||||||
@ -963,7 +964,7 @@ write_direct_sig (KBNODE root, PKT_public_key *psk,
|
|||||||
signature. */
|
signature. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
write_selfsigs (KBNODE root, PKT_public_key *psk,
|
write_selfsigs (KBNODE root, PKT_public_key *psk,
|
||||||
unsigned int use, u32 timestamp)
|
unsigned int use, u32 timestamp, const char *cache_nonce)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
PACKET *pkt;
|
PACKET *pkt;
|
||||||
@ -997,7 +998,7 @@ write_selfsigs (KBNODE root, PKT_public_key *psk,
|
|||||||
/* Make the signature. */
|
/* Make the signature. */
|
||||||
err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
|
err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
|
||||||
0, 0, timestamp, 0,
|
0, 0, timestamp, 0,
|
||||||
keygen_add_std_prefs, pk);
|
keygen_add_std_prefs, pk, cache_nonce);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
|
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
|
||||||
@ -1019,7 +1020,7 @@ write_selfsigs (KBNODE root, PKT_public_key *psk,
|
|||||||
used if USE has the PUBKEY_USAGE_SIG capability. */
|
used if USE has the PUBKEY_USAGE_SIG capability. */
|
||||||
static int
|
static int
|
||||||
write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
|
write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
|
||||||
unsigned int use, u32 timestamp)
|
unsigned int use, u32 timestamp, const char *cache_nonce)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
PACKET *pkt;
|
PACKET *pkt;
|
||||||
@ -1056,7 +1057,8 @@ write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
|
|||||||
oduap.pk = sub_pk;
|
oduap.pk = sub_pk;
|
||||||
err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
|
err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
|
||||||
0, 0, timestamp, 0,
|
0, 0, timestamp, 0,
|
||||||
keygen_add_key_flags_and_expire, &oduap);
|
keygen_add_key_flags_and_expire, &oduap,
|
||||||
|
cache_nonce);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
|
log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
|
||||||
@ -1066,7 +1068,7 @@ write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
|
|||||||
/* Make a backsig. */
|
/* Make a backsig. */
|
||||||
if (use & PUBKEY_USAGE_SIG)
|
if (use & PUBKEY_USAGE_SIG)
|
||||||
{
|
{
|
||||||
err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp);
|
err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -3254,13 +3256,14 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
|
if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
|
||||||
err = write_direct_sig (pub_root, pri_psk, revkey, timestamp);
|
err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce);
|
||||||
|
|
||||||
if (!err && (s = get_parameter_value (para, pUSERID)))
|
if (!err && (s = get_parameter_value (para, pUSERID)))
|
||||||
{
|
{
|
||||||
write_uid (pub_root, s );
|
write_uid (pub_root, s );
|
||||||
err = write_selfsigs (pub_root, pri_psk,
|
err = write_selfsigs (pub_root, pri_psk,
|
||||||
get_parameter_uint (para, pKEYUSAGE), timestamp);
|
get_parameter_uint (para, pKEYUSAGE), timestamp,
|
||||||
|
cache_nonce);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Write the auth key to the card before the encryption key. This
|
/* Write the auth key to the card before the encryption key. This
|
||||||
@ -3277,7 +3280,7 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
get_parameter_u32 (para, pKEYEXPIRE), para);
|
get_parameter_u32 (para, pKEYEXPIRE), para);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = write_keybinding (pub_root, pri_psk, NULL,
|
err = write_keybinding (pub_root, pri_psk, NULL,
|
||||||
PUBKEY_USAGE_AUTH, timestamp);
|
PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!err && get_parameter (para, pSUBKEYTYPE))
|
if (!err && get_parameter (para, pSUBKEYTYPE))
|
||||||
@ -3327,7 +3330,7 @@ do_generate_keypair (struct para_data_s *para,
|
|||||||
if (!err)
|
if (!err)
|
||||||
err = write_keybinding (pub_root, pri_psk, sub_psk,
|
err = write_keybinding (pub_root, pri_psk, sub_psk,
|
||||||
get_parameter_uint (para, pSUBKEYUSAGE),
|
get_parameter_uint (para, pSUBKEYUSAGE),
|
||||||
timestamp);
|
timestamp, cache_nonce);
|
||||||
did_sub = 1;
|
did_sub = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3526,7 +3529,7 @@ generate_subkeypair (KBNODE keyblock)
|
|||||||
sub_psk = node->pkt->pkt.public_key;
|
sub_psk = node->pkt->pkt.public_key;
|
||||||
|
|
||||||
/* Write the binding signature. */
|
/* Write the binding signature. */
|
||||||
err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time);
|
err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, NULL);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
@ -201,7 +201,8 @@ int encrypt_filter (void *opaque, int control,
|
|||||||
|
|
||||||
|
|
||||||
/*-- sign.c --*/
|
/*-- sign.c --*/
|
||||||
int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md);
|
int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md,
|
||||||
|
const char *cache_nonce);
|
||||||
int sign_file( strlist_t filenames, int detached, strlist_t locusr,
|
int sign_file( strlist_t filenames, int detached, strlist_t locusr,
|
||||||
int do_encrypt, strlist_t remusr, const char *outfile );
|
int do_encrypt, strlist_t remusr, const char *outfile );
|
||||||
int clearsign_file( const char *fname, strlist_t locusr, const char *outfile );
|
int clearsign_file( const char *fname, strlist_t locusr, const char *outfile );
|
||||||
@ -241,7 +242,7 @@ int keygen_add_notations(PKT_signature *sig,void *opaque);
|
|||||||
int keygen_add_revkey(PKT_signature *sig, void *opaque);
|
int keygen_add_revkey(PKT_signature *sig, void *opaque);
|
||||||
gpg_error_t make_backsig (PKT_signature *sig, PKT_public_key *pk,
|
gpg_error_t make_backsig (PKT_signature *sig, PKT_public_key *pk,
|
||||||
PKT_public_key *sub_pk, PKT_public_key *sub_psk,
|
PKT_public_key *sub_pk, PKT_public_key *sub_psk,
|
||||||
u32 timestamp);
|
u32 timestamp, const char *cache_nonce);
|
||||||
gpg_error_t generate_subkeypair (kbnode_t pub_keyblock);
|
gpg_error_t generate_subkeypair (kbnode_t pub_keyblock);
|
||||||
#ifdef ENABLE_CARD_SUPPORT
|
#ifdef ENABLE_CARD_SUPPORT
|
||||||
int generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
|
int generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
|
||||||
|
@ -502,7 +502,8 @@ int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|
|||||||
PKT_public_key *pksk, int sigclass, int digest_algo,
|
PKT_public_key *pksk, int sigclass, int digest_algo,
|
||||||
int sigversion, u32 timestamp, u32 duration,
|
int sigversion, u32 timestamp, u32 duration,
|
||||||
int (*mksubpkt)(PKT_signature *, void *),
|
int (*mksubpkt)(PKT_signature *, void *),
|
||||||
void *opaque );
|
void *opaque,
|
||||||
|
const char *cache_nonce);
|
||||||
int update_keysig_packet( PKT_signature **ret_sig,
|
int update_keysig_packet( PKT_signature **ret_sig,
|
||||||
PKT_signature *orig_sig,
|
PKT_signature *orig_sig,
|
||||||
PKT_public_key *pk,
|
PKT_public_key *pk,
|
||||||
|
@ -700,8 +700,6 @@ gpg_format_keydesc (PKT_public_key *pk, int escaped)
|
|||||||
char *desc;
|
char *desc;
|
||||||
|
|
||||||
algo_name = gcry_pk_algo_name (pk->pubkey_algo);
|
algo_name = gcry_pk_algo_name (pk->pubkey_algo);
|
||||||
if (!algo_name)
|
|
||||||
algo_name = "?";
|
|
||||||
timestr = strtimestamp (pk->timestamp);
|
timestr = strtimestamp (pk->timestamp);
|
||||||
uid = get_user_id (pk->keyid, &uidlen);
|
uid = get_user_id (pk->keyid, &uidlen);
|
||||||
|
|
||||||
|
@ -339,7 +339,8 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
|
|||||||
/* create it */
|
/* create it */
|
||||||
rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0,
|
rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0,
|
||||||
0, 0, 0,
|
0, 0, 0,
|
||||||
revocation_reason_build_cb, reason );
|
revocation_reason_build_cb, reason,
|
||||||
|
NULL);
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
|
log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -525,7 +526,7 @@ gen_revoke (const char *uname)
|
|||||||
/* create it */
|
/* create it */
|
||||||
rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
|
rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
|
||||||
opt.force_v4_certs?4:0, 0, 0,
|
opt.force_v4_certs?4:0, 0, 0,
|
||||||
revocation_reason_build_cb, reason );
|
revocation_reason_build_cb, reason, NULL);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc));
|
log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc));
|
||||||
|
35
g10/sign.c
35
g10/sign.c
@ -242,10 +242,11 @@ mpi_from_sexp (gcry_sexp_t sexp, const char * item)
|
|||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Perform the sign operation. If CACHE_NONCE is given the agent is
|
||||||
|
advised to use that cached passphrase fro the key. */
|
||||||
static int
|
static int
|
||||||
do_sign (PKT_public_key *pksk, PKT_signature *sig,
|
do_sign (PKT_public_key *pksk, PKT_signature *sig,
|
||||||
gcry_md_hd_t md, int mdalgo)
|
gcry_md_hd_t md, int mdalgo, const char *cache_nonce)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
gcry_mpi_t frame;
|
gcry_mpi_t frame;
|
||||||
@ -314,7 +315,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
|
|||||||
gcry_sexp_t s_sigval;
|
gcry_sexp_t s_sigval;
|
||||||
|
|
||||||
desc = gpg_format_keydesc (pksk, 1);
|
desc = gpg_format_keydesc (pksk, 1);
|
||||||
err = agent_pksign (NULL/*ctrl*/, hexgrip, desc,
|
err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc,
|
||||||
dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
|
dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
|
||||||
&s_sigval);
|
&s_sigval);
|
||||||
xfree (desc);
|
xfree (desc);
|
||||||
@ -378,12 +379,13 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
|
|||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md)
|
complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md,
|
||||||
|
const char *cache_nonce)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
/* if (!(rc = check_secret_key (pksk, 0))) */
|
/* if (!(rc = check_secret_key (pksk, 0))) */
|
||||||
rc = do_sign (pksk, sig, md, 0);
|
rc = do_sign (pksk, sig, md, 0, cache_nonce);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -675,7 +677,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
|
|||||||
static int
|
static int
|
||||||
write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
|
write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
|
||||||
int sigclass, u32 timestamp, u32 duration,
|
int sigclass, u32 timestamp, u32 duration,
|
||||||
int status_letter)
|
int status_letter, const char *cache_nonce)
|
||||||
{
|
{
|
||||||
SK_LIST sk_rover;
|
SK_LIST sk_rover;
|
||||||
|
|
||||||
@ -722,7 +724,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
|
|||||||
hash_sigversion_to_magic (md, sig);
|
hash_sigversion_to_magic (md, sig);
|
||||||
gcry_md_final (md);
|
gcry_md_final (md);
|
||||||
|
|
||||||
rc = do_sign (pk, sig, md, hash_for (pk));
|
rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
@ -1070,7 +1072,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
|
|||||||
/* write the signatures */
|
/* write the signatures */
|
||||||
rc = write_signature_packets (sk_list, out, mfx.md,
|
rc = write_signature_packets (sk_list, out, mfx.md,
|
||||||
opt.textmode && !outfile? 0x01 : 0x00,
|
opt.textmode && !outfile? 0x01 : 0x00,
|
||||||
0, duration, detached ? 'D':'S');
|
0, duration, detached ? 'D':'S', NULL);
|
||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
@ -1234,8 +1236,9 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
|||||||
afx->what = 2;
|
afx->what = 2;
|
||||||
push_armor_filter (afx, out);
|
push_armor_filter (afx, out);
|
||||||
|
|
||||||
/* write the signatures */
|
/* Write the signatures. */
|
||||||
rc=write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C');
|
rc = write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C',
|
||||||
|
NULL);
|
||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
@ -1401,7 +1404,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
|||||||
/*(current filters: zip - encrypt - armor)*/
|
/*(current filters: zip - encrypt - armor)*/
|
||||||
rc = write_signature_packets (sk_list, out, mfx.md,
|
rc = write_signature_packets (sk_list, out, mfx.md,
|
||||||
opt.textmode? 0x01 : 0x00,
|
opt.textmode? 0x01 : 0x00,
|
||||||
0, duration, 'S');
|
0, duration, 'S', NULL);
|
||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
@ -1439,8 +1442,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|
|||||||
PKT_public_key *pksk,
|
PKT_public_key *pksk,
|
||||||
int sigclass, int digest_algo,
|
int sigclass, int digest_algo,
|
||||||
int sigversion, u32 timestamp, u32 duration,
|
int sigversion, u32 timestamp, u32 duration,
|
||||||
int (*mksubpkt)(PKT_signature *, void *), void *opaque
|
int (*mksubpkt)(PKT_signature *, void *), void *opaque,
|
||||||
)
|
const char *cache_nonce)
|
||||||
{
|
{
|
||||||
PKT_signature *sig;
|
PKT_signature *sig;
|
||||||
int rc=0;
|
int rc=0;
|
||||||
@ -1533,7 +1536,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|
|||||||
hash_sigversion_to_magic (md, sig);
|
hash_sigversion_to_magic (md, sig);
|
||||||
gcry_md_final (md);
|
gcry_md_final (md);
|
||||||
|
|
||||||
rc = complete_sig (sig, pksk, md);
|
rc = complete_sig (sig, pksk, md, cache_nonce);
|
||||||
}
|
}
|
||||||
|
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
@ -1562,7 +1565,7 @@ update_keysig_packet( PKT_signature **ret_sig,
|
|||||||
PKT_public_key *subpk,
|
PKT_public_key *subpk,
|
||||||
PKT_public_key *pksk,
|
PKT_public_key *pksk,
|
||||||
int (*mksubpkt)(PKT_signature *, void *),
|
int (*mksubpkt)(PKT_signature *, void *),
|
||||||
void *opaque )
|
void *opaque)
|
||||||
{
|
{
|
||||||
PKT_signature *sig;
|
PKT_signature *sig;
|
||||||
int rc=0;
|
int rc=0;
|
||||||
@ -1619,7 +1622,7 @@ update_keysig_packet( PKT_signature **ret_sig,
|
|||||||
hash_sigversion_to_magic (md, sig);
|
hash_sigversion_to_magic (md, sig);
|
||||||
gcry_md_final (md);
|
gcry_md_final (md);
|
||||||
|
|
||||||
rc = complete_sig (sig, pksk, md);
|
rc = complete_sig (sig, pksk, md, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user