agent: Add pin length field to the shadowed private key format.

This is not yet fully implemented. It will eventually allow to support pinpad equipped readers which do not support variable length pin lengths. * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and parse pinlen info. Change all callers to pass NULL for it.
2012-02-07 14:17:33 +01:00 · 2012-02-07 14:17:33 +01:00 · b817ae7df9
parent 12ea5c904c
commit b817ae7df9
5 changed files with 41 additions and 5 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -394,7 +394,7 @@ int agent_shadow_key (const unsigned char *pubkey,
 int agent_get_shadow_info (const unsigned char *shadowkey,
                           unsigned char const **shadow_info);
 gpg_error_t parse_shadow_info (const unsigned char *shadow_info,
-                               char **r_hexsn, char **r_idstr);
+                               char **r_hexsn, char **r_idstr, int *r_pinlen);
 gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
                                 int s2kmode,
                                 const unsigned char *s2ksalt,
--- a/agent/command.c
+++ b/agent/command.c
@ -1090,7 +1090,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,

  if (shadow_info)
    {
-      err = parse_shadow_info (shadow_info, &serialno, &idstr);
+      err = parse_shadow_info (shadow_info, &serialno, &idstr, NULL);
      if (err)
        goto leave;
    }
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@ -44,7 +44,7 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)

  *r_kid = NULL;

-  rc = parse_shadow_info (shadow_info, &want_sn, &want_kid);
+  rc = parse_shadow_info (shadow_info, &want_sn, &want_kid, NULL);
  if (rc)
    return rc;

--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@ -155,7 +155,12 @@ to keys stored on a token:
 The currently used protocol is "ti-v1" (token info version 1).  The
 second list with the information has this layout:

-(card_serial_number id_string_of_key)
+(card_serial_number id_string_of_key fixed_pin_length)
+
+FIXED_PIN_LENGTH is optional.  It can be used to store the length of
+the PIN; a value of 0 indicates that this information is not
+available.  The rationale for this field is that some pinpad equipped
+readers don't allow passing a variable length PIN.

 More items may be added to the list.

--- a/agent/protect.c
+++ b/agent/protect.c
@ -1272,7 +1272,7 @@ agent_get_shadow_info (const unsigned char *shadowkey,
   required, NULL may be passed for them.  */
 gpg_error_t
 parse_shadow_info (const unsigned char *shadow_info,
-                   char **r_hexsn, char **r_idstr)
+                   char **r_hexsn, char **r_idstr, int *r_pinlen)
 {
  const unsigned char *s;
  size_t n;
@ -1281,6 +1281,8 @@ parse_shadow_info (const unsigned char *shadow_info,
    *r_hexsn = NULL;
  if (r_idstr)
    *r_idstr = NULL;
+  if (r_pinlen)
+    *r_pinlen = 0;

  s = shadow_info;
  if (*s != '(')
@ -1325,5 +1327,34 @@ parse_shadow_info (const unsigned char *shadow_info,
      (*r_idstr)[n] = 0;
    }

+  /* Parse the optional PINLEN.  */
+  n = snext (&s);
+  if (!n)
+    return 0;
+
+  if (r_pinlen)
+    {
+      char *tmpstr = xtrymalloc (n+1);
+      if (!tmpstr)
+        {
+          if (r_hexsn)
+            {
+              xfree (*r_hexsn);
+              *r_hexsn = NULL;
+            }
+          if (r_idstr)
+            {
+              xfree (*r_idstr);
+              *r_idstr = NULL;
+            }
+          return gpg_error_from_syserror ();
+        }
+      memcpy (tmpstr, s, n);
+      tmpstr[n] = 0;
+
+      *r_pinlen = (int)strtol (tmpstr, NULL, 10);
+      xfree (tmpstr);
+    }
+
  return 0;
 }