security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-30 22:08:02 +02:00
Code Activity

agent: Minor change to the KEYTOCARD command.

Browse Source 
* agent/command.c (cmd_keytocard): Make timestamp optional.  Use
modern parser function.
* agent/call-scd.c (agent_card_writekey): Rename an arg and for
clarity return gpg_error_t instead of int.
* agent/divert-scd.c (divert_writekey): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-03-05 12:08:27 +01:00
parent 86c241a8c9
commit bcc89a6df2
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 56 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
agent/agent.h
View File

@ -548,8 +548,9 @@ int divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
char **r_buf, size_t *r_len, int *r_padding); char **r_buf, size_t *r_len, int *r_padding);
int divert_generic_cmd (ctrl_t ctrl, int divert_generic_cmd (ctrl_t ctrl,
const char *cmdline, void *assuan_context); const char *cmdline, void *assuan_context);
int divert_writekey (ctrl_t ctrl, int force, const char *serialno, gpg_error_t divert_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata, size_t keydatalen); const char *keyref,
const char *keydata, size_t keydatalen);
/*-- call-scd.c --*/ /*-- call-scd.c --*/
@ -586,12 +587,12 @@ int agent_card_pkdecrypt (ctrl_t ctrl,
int agent_card_readcert (ctrl_t ctrl, int agent_card_readcert (ctrl_t ctrl,
const char *id, char **r_buf, size_t *r_buflen); const char *id, char **r_buf, size_t *r_buflen);
int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf); int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf);
int agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, gpg_error_t agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata, const char *keyref,
size_t keydatalen, const char *keydata, size_t keydatalen,
int (*getpin_cb)(void *, const char *, int (*getpin_cb)(void *, const char *,
const char *, char*, size_t), const char *, char*, size_t),
void *getpin_cb_arg); void *getpin_cb_arg);
gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result); gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result);
gpg_error_t agent_card_cardlist (ctrl_t ctrl, strlist_t *result); gpg_error_t agent_card_cardlist (ctrl_t ctrl, strlist_t *result);
int agent_card_scd (ctrl_t ctrl, const char *cmdline, int agent_card_scd (ctrl_t ctrl, const char *cmdline,

23
agent/call-scd.c
View File

@ -1075,23 +1075,26 @@ inq_writekey_parms (void *opaque, const char *line)
} }
int /* Call scd to write a key to a card under the id KEYREF. */
gpg_error_t
agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata, size_t keydatalen, const char *keyref,
const char *keydata, size_t keydatalen,
int (*getpin_cb)(void *, const char *, int (*getpin_cb)(void *, const char *,
const char *, char*, size_t), const char *, char*, size_t),
void *getpin_cb_arg) void *getpin_cb_arg)
{ {
int rc; gpg_error_t err;
char line[ASSUAN_LINELENGTH]; char line[ASSUAN_LINELENGTH];
struct inq_needpin_parm_s parms; struct inq_needpin_parm_s parms;
(void)serialno; (void)serialno;
rc = start_scd (ctrl);
if (rc)
return rc;
snprintf (line, DIM(line), "WRITEKEY %s%s", force ? "--force " : "", id); err = start_scd (ctrl);
if (err)
return err;
snprintf (line, DIM(line), "WRITEKEY %s%s", force ? "--force " : "", keyref);
parms.ctx = ctrl->scd_local->ctx; parms.ctx = ctrl->scd_local->ctx;
parms.getpin_cb = getpin_cb; parms.getpin_cb = getpin_cb;
parms.getpin_cb_arg = getpin_cb_arg; parms.getpin_cb_arg = getpin_cb_arg;
@ -1100,9 +1103,9 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
parms.keydata = keydata; parms.keydata = keydata;
parms.keydatalen = keydatalen; parms.keydatalen = keydatalen;
rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL, err = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL,
inq_writekey_parms, &parms, NULL, NULL); inq_writekey_parms, &parms, NULL, NULL);
return unlock_scd (ctrl, rc); return unlock_scd (ctrl, err);
} }

78
agent/command.c
View File

@ -2484,19 +2484,23 @@ cmd_delete_key (assuan_context_t ctx, char *line)
#endif #endif
static const char hlp_keytocard[] = static const char hlp_keytocard[] =
"KEYTOCARD [--force] <hexstring_with_keygrip> <serialno> <id> <timestamp>\n" "KEYTOCARD [--force] <hexgrip> <serialno> <keyref> [<timestamp>]\n"
"\n"; "\n"
"TIMESTAMP is required for OpenPGP and defaults to the Epoch."
;
static gpg_error_t static gpg_error_t
cmd_keytocard (assuan_context_t ctx, char *line) cmd_keytocard (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
int force; int force;
gpg_error_t err = 0; gpg_error_t err = 0;
char *argv[5];
int argc;
unsigned char grip[20]; unsigned char grip[20];
const char *serialno, *timestamp_str, *keyref;
gcry_sexp_t s_skey = NULL; gcry_sexp_t s_skey = NULL;
unsigned char *keydata; unsigned char *keydata;
size_t keydatalen; size_t keydatalen;
const char *serialno, *timestamp_str, *id;
unsigned char *shadow_info = NULL; unsigned char *shadow_info = NULL;
time_t timestamp; time_t timestamp;
@ -2506,7 +2510,14 @@ cmd_keytocard (assuan_context_t ctx, char *line)
force = has_option (line, "--force"); force = has_option (line, "--force");
line = skip_options (line); line = skip_options (line);
err = parse_keygrip (ctx, line, grip); argc = split_fields (line, argv, DIM (argv));
if (argc < 3)
{
err = gpg_error (GPG_ERR_MISSING_VALUE);
goto leave;
}
err = parse_keygrip (ctx, argv[0], grip);
if (err) if (err)
goto leave; goto leave;
@ -2516,39 +2527,9 @@ cmd_keytocard (assuan_context_t ctx, char *line)
goto leave; goto leave;
} }
/* Fixme: Replace the parsing code by split_fields(). */ serialno = argv[1];
line += 40; keyref = argv[2];
while (*line && (*line == ' ' || *line == '\t')) timestamp_str = argc > 3? argv[3] : "19700101T000000";
line++;
serialno = line;
while (*line && (*line != ' ' && *line != '\t'))
line++;
if (!*line)
{
err = gpg_error (GPG_ERR_MISSING_VALUE);
goto leave;
}
*line = '\0';
line++;
while (*line && (*line == ' ' || *line == '\t'))
line++;
id = line;
while (*line && (*line != ' ' && *line != '\t'))
line++;
if (!*line)
{
err = gpg_error (GPG_ERR_MISSING_VALUE);
goto leave;
}
*line = '\0';
line++;
while (*line && (*line == ' ' || *line == '\t'))
line++;
timestamp_str = line;
while (*line && (*line != ' ' && *line != '\t'))
line++;
if (*line)
*line = '\0';
if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1)) if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1))
{ {
@ -2560,38 +2541,37 @@ cmd_keytocard (assuan_context_t ctx, char *line)
&shadow_info, CACHE_MODE_IGNORE, NULL, &shadow_info, CACHE_MODE_IGNORE, NULL,
&s_skey, NULL); &s_skey, NULL);
if (err) if (err)
{ goto leave;
xfree (shadow_info);
goto leave;
}
if (shadow_info) if (shadow_info)
{ {
/* Key is on a smartcard already. */ /* Key is already on a smartcard - we can't extract it. */
xfree (shadow_info);
gcry_sexp_release (s_skey);
err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); err = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
goto leave; goto leave;
} }
keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); /* Note: We can't use make_canon_sexp because we need to allocate a
* few extra bytes for our hack below. */
keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
keydata = xtrymalloc_secure (keydatalen + 30); keydata = xtrymalloc_secure (keydatalen + 30);
if (keydata == NULL) if (keydata == NULL)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
gcry_sexp_release (s_skey);
goto leave; goto leave;
} }
gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen); gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen);
gcry_sexp_release (s_skey); gcry_sexp_release (s_skey);
s_skey = NULL;
keydatalen--; /* Decrement for last '\0'. */ keydatalen--; /* Decrement for last '\0'. */
/* Add timestamp "created-at" in the private key */ /* Hack to insert the timestamp "created-at" into the private key. */
snprintf (keydata+keydatalen-1, 30, KEYTOCARD_TIMESTAMP_FORMAT, timestamp); snprintf (keydata+keydatalen-1, 30, KEYTOCARD_TIMESTAMP_FORMAT, timestamp);
keydatalen += 10 + 19 - 1; keydatalen += 10 + 19 - 1;
err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen);
err = divert_writekey (ctrl, force, serialno, keyref, keydata, keydatalen);
xfree (keydata); xfree (keydata);
leave: leave:
gcry_sexp_release (s_skey);
xfree (shadow_info);
return leave_cmd (ctx, err); return leave_cmd (ctx, err);
} }

9
agent/divert-scd.c
View File

@ -597,12 +597,13 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
return rc; return rc;
} }
int
gpg_error_t
divert_writekey (ctrl_t ctrl, int force, const char *serialno, divert_writekey (ctrl_t ctrl, int force, const char *serialno,
const char *id, const char *keydata, size_t keydatalen) const char *keyref, const char *keydata, size_t keydatalen)
{ {
return agent_card_writekey (ctrl, force, serialno, id, keydata, keydatalen, return agent_card_writekey (ctrl, force, serialno, keyref,
getpin_cb, ctrl); keydata, keydatalen, getpin_cb, ctrl);
} }
int int