From a766a37290cf334d5eead1041ea271a5d714d66f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 13 May 2009 11:42:34 +0000
Subject: [PATCH] Print keyid in gpg --list-packets. Add some not yet code to
 app-nks.c Changed batch mode expiration time computation

---
 g10/ChangeLog      |  7 ++++
 g10/keygen.c       |  8 +++-
 g10/parse-packet.c | 10 +++++
 scd/ChangeLog      |  4 ++
 scd/apdu.c         |  4 +-
 scd/app-nks.c      | 93 +++++++++++++++++++++++++++++++++++++++++++++-
 6 files changed, 121 insertions(+), 5 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 3ed1e5c7a..ef51b4a77 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,12 @@
+2009-05-13  Werner Koch  <wk@g10code.com>
+
+	* keygen.c (parse_expire_string): Base ISO date string at noon.
+	Also allow full ISO timestamp.
+
 2009-05-11  Werner Koch  <wk@g10code.com>
 
+	* parse-packet.c (parse_key): Print the key id in list mode.
+
 	* skclist.c (build_sk_list): Use log_info for "duplicated entry".
 	Fixes bug#1045.
 
diff --git a/g10/keygen.c b/g10/keygen.c
index 6a37471cb..8afa74e3e 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1799,13 +1799,17 @@ parse_expire_string( const char *string )
   u32 seconds;
   u32 abs_date = 0;
   u32 curtime = make_timestamp ();
+  time_t tt;
   
   if (!*string)
     seconds = 0;
   else if (!strncmp (string, "seconds=", 8))
     seconds = atoi (string+8);
-  else if ((abs_date = scan_isodatestr(string)) && abs_date > curtime)
-    seconds = abs_date - curtime;
+  else if ((abs_date = scan_isodatestr(string))
+           && (abs_date+86400/2) > curtime)
+    seconds = (abs_date+86400/2) - curtime;
+  else if ((tt = isotime2epoch (string)) != (time_t)(-1))
+    seconds = (u32)tt - curtime;
   else if ((mult = check_valid_days (string)))
     seconds = atoi (string) * 86400L * mult;
   else
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 57f94cd85..fd01e7635 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1672,6 +1672,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
     int npkey, nskey;
     int is_v4=0;
     int rc=0;
+    u32 keyid[2];
 
     (void)hdr;
 
@@ -1997,6 +1998,9 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 		fprintf (listfp, "\tchecksum: %04hx\n", sk->csum);
 	    }
 	}
+
+        if (list_mode)
+          keyid_from_sk (sk, keyid);
     }
     else {
 	PKT_public_key *pk = pkt->pkt.public_key;
@@ -2021,8 +2025,14 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	}
         if (rc)
             goto leave;
+        if (list_mode)
+          keyid_from_pk (pk, keyid);
     }
 
+    if (list_mode)
+      fprintf (listfp, "\tkeyid: %08lX%08lX\n", 
+               (ulong)keyid[0], (ulong)keyid[1]);
+
   leave:
     iobuf_skip_rest(inp, pktlen, 0);
     return rc;
diff --git a/scd/ChangeLog b/scd/ChangeLog
index 1ac95859b..60af202f2 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,3 +1,7 @@
+2009-05-11  Werner Koch  <wk@g10code.com>
+
+	* apdu.c (send_le): Replace log_error by log_info.
+
 2009-05-08  Werner Koch  <wk@g10code.com>
 
 	* app-openpgp.c (do_genkey): Allow larger key sizes.
diff --git a/scd/apdu.c b/scd/apdu.c
index 219dda04b..568f5cb97 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -3000,8 +3000,8 @@ send_le (int slot, int class, int ins, int p0, int p1,
       rc = send_apdu (slot, apdu, apdulen, result, &resultlen, pininfo);
       if (rc || resultlen < 2)
         {
-          log_error ("apdu_send_simple(%d) failed: %s\n",
-                     slot, apdu_strerror (rc));
+          log_info ("apdu_send_simple(%d) failed: %s\n",
+                    slot, apdu_strerror (rc));
           unlock_slot (slot);
           return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
         }
diff --git a/scd/app-nks.c b/scd/app-nks.c
index 7e6c7f9a8..53435c360 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -666,6 +666,97 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
 }
 
 
+/* Handle the WRITEKEY command for NKS.  This function expects a
+   canonical encoded S-expression with the public key in KEYDATA and
+   its length in KEYDATALEN.  The only supported KEYID is
+   "$IFDAUTHKEY" to store the terminal key on the card.  Bit 0 of
+   FLAGS indicates whether an existing key shall get overwritten.
+   PINCB and PINCB_ARG are the usual arguments for the pinentry
+   callback.  */
+static gpg_error_t
+do_writekey (app_t app, ctrl_t ctrl,
+             const char *keyid, unsigned int flags,
+             gpg_error_t (*pincb)(void*, const char *, char **),
+             void *pincb_arg,
+             const unsigned char *keydata, size_t keydatalen)
+{
+  gpg_error_t err;
+  int force = (flags & 1);
+  const unsigned char *rsa_n = NULL;
+  const unsigned char *rsa_e = NULL;
+  size_t rsa_n_len, rsa_e_len;
+  unsigned int nbits;
+
+  (void)ctrl;
+  (void)pincb;
+  (void)pincb_arg;
+
+  if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
+    ;
+  else
+    return gpg_error (GPG_ERR_INV_ID);
+  
+  if (!force && !do_readkey (app, keyid, NULL, NULL))
+    return gpg_error (GPG_ERR_EEXIST);
+
+  /* Parse the S-expression.  */
+  err = get_rsa_pk_from_canon_sexp (keydata, keydatalen,
+                                    &rsa_n, &rsa_n_len, &rsa_e, &rsa_e_len);
+  if (err) 
+    goto leave;
+
+  /* Check that the parameters match the requirements.  */
+  nbits = app_help_count_bits (rsa_n, rsa_n_len);
+  if (nbits != 1024)
+    {
+      log_error (_("RSA modulus missing or not of size %d bits\n"), 1024);
+      err = gpg_error (GPG_ERR_BAD_PUBKEY);
+      goto leave;
+    }
+
+  nbits = app_help_count_bits (rsa_e, rsa_e_len);
+  if (nbits < 2 || nbits > 32)
+    {
+      log_error (_("RSA public exponent missing or larger than %d bits\n"),
+                 32);
+      err = gpg_error (GPG_ERR_BAD_PUBKEY);
+      goto leave;
+    }
+
+/*   /\* Store them.  *\/ */
+/*   err = verify_pin (app, 0, NULL, pincb, pincb_arg); */
+/*   if (err) */
+/*     goto leave; */
+
+  /* Send the MSE:Store_Public_Key.  */
+  err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+/*   mse = xtrymalloc (1000); */
+  
+/*   mse[0] = 0x80; /\* Algorithm reference.  *\/ */
+/*   mse[1] = 1; */
+/*   mse[2] = 0x17; */
+/*   mse[3] = 0x84; /\* Private key reference.  *\/ */
+/*   mse[4] = 1; */
+/*   mse[5] = 0x77; */
+/*   mse[6] = 0x7F; /\* Public key parameter.  *\/ */
+/*   mse[7] = 0x49; */
+/*   mse[8] = 0x81; */
+/*   mse[9] = 3 + 0x80 + 2 + rsa_e_len; */
+/*   mse[10] = 0x81; /\* RSA modulus of 128 byte.  *\/ */
+/*   mse[11] = 0x81; */
+/*   mse[12] = rsa_n_len; */
+/*   memcpy (mse+12, rsa_n, rsa_n_len); */
+/*   mse[10] = 0x82; /\* RSA public exponent of up to 4 bytes.  *\/ */
+/*   mse[12] = rsa_e_len; */
+/*   memcpy (mse+12, rsa_e, rsa_e_len); */
+/*   err = iso7816_manage_security_env (app->slot, 0x81, 0xB6, */
+/*                                      mse, sizeof mse); */
+
+ leave:
+  return err;
+}
+
+
 static gpg_error_t
 basic_pin_checks (const char *pinvalue, int minlen, int maxlen)
 {
@@ -1309,7 +1400,7 @@ app_select_nks (app_t app)
       app->fnc.readkey = do_readkey;
       app->fnc.getattr = do_getattr;
       app->fnc.setattr = NULL;
-      app->fnc.writekey = NULL;
+      app->fnc.writekey = do_writekey;
       app->fnc.genkey = NULL;
       app->fnc.sign = do_sign;
       app->fnc.auth = NULL;