security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Code Activity

Yubikey PIV now somehow works.

Browse Source 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-02-24 11:41:26 +09:00
parent 0f5e9dea89
commit c0a5dd3dcf
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
1 changed files with 31 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
tkd/pksign.c
View File

@ -309,9 +309,13 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
unsigned long mechanisms[3]; unsigned long mechanisms[3];
int i; int i;
/* Yubkey YKCS doesn't offer CKA_ALLOWED_MECHANISMS,
unfortunately. */
#if 0
templ[0].type = CKA_ALLOWED_MECHANISMS; templ[0].type = CKA_ALLOWED_MECHANISMS;
templ[0].pValue = (void *)mechanisms; templ[0].pValue = (void *)mechanisms;
templ[0].ulValueLen = sizeof (mechanisms); templ[0].ulValueLen = sizeof (mechanisms);
#endif
if (keytype == CKK_RSA) if (keytype == CKK_RSA)
{ {
@ -320,15 +324,15 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
k->p11_keyid = obj; k->p11_keyid = obj;
k->key_type = KEY_RSA; k->key_type = KEY_RSA;
templ[1].type = CKA_MODULUS; templ[0].type = CKA_MODULUS;
templ[1].pValue = (void *)modulus; templ[0].pValue = (void *)modulus;
templ[1].ulValueLen = sizeof (modulus); templ[0].ulValueLen = sizeof (modulus);
templ[2].type = CKA_PUBLIC_EXPONENT; templ[1].type = CKA_PUBLIC_EXPONENT;
templ[2].pValue = (void *)exponent; templ[1].pValue = (void *)exponent;
templ[2].ulValueLen = sizeof (exponent); templ[1].ulValueLen = sizeof (exponent);
err = ck->f->C_GetAttributeValue (token->session, obj, templ, 3); err = ck->f->C_GetAttributeValue (token->session, obj, templ, 2);
if (err) if (err)
{ {
k->valid = -1; k->valid = -1;
@ -338,19 +342,18 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
if ((modulus[0] & 0x80)) if ((modulus[0] & 0x80))
{ {
memmove (modulus+1, modulus, templ[1].ulValueLen); memmove (modulus+1, modulus, templ[1].ulValueLen);
templ[1].ulValueLen++; templ[0].ulValueLen++;
modulus[0] = 0; modulus[0] = 0;
} }
/* Found a RSA key. */ /* Found a RSA key. */
printf ("RSA: %d %d %d\n", printf ("RSA: %d %d\n",
templ[0].ulValueLen, templ[0].ulValueLen,
templ[1].ulValueLen, templ[1].ulValueLen);
templ[2].ulValueLen);
puts ("Public key:"); puts ("Public key:");
compute_keygrip_rsa (k->keygrip, compute_keygrip_rsa (k->keygrip,
modulus, templ[1].ulValueLen, modulus, templ[0].ulValueLen,
exponent, templ[2].ulValueLen); exponent, templ[1].ulValueLen);
puts (k->keygrip); puts (k->keygrip);
} }
else if (keytype == CKK_EC) else if (keytype == CKK_EC)
@ -363,15 +366,15 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
k->p11_keyid = obj; k->p11_keyid = obj;
k->key_type = KEY_EC; k->key_type = KEY_EC;
templ[1].type = CKA_EC_PARAMS; templ[0].type = CKA_EC_PARAMS;
templ[1].pValue = ecparams; templ[0].pValue = ecparams;
templ[1].ulValueLen = sizeof (ecparams); templ[0].ulValueLen = sizeof (ecparams);
templ[2].type = CKA_EC_POINT; templ[1].type = CKA_EC_POINT;
templ[2].pValue = (void *)ecpoint; templ[1].pValue = (void *)ecpoint;
templ[2].ulValueLen = sizeof (ecpoint); templ[1].ulValueLen = sizeof (ecpoint);
err = ck->f->C_GetAttributeValue (token->session, obj, templ, 3); err = ck->f->C_GetAttributeValue (token->session, obj, templ, 2);
if (err) if (err)
{ {
k->valid = -1; k->valid = -1;
@ -379,18 +382,17 @@ examine_public_key (struct token *token, struct key *k, unsigned long keytype,
} }
/* Found an ECC key. */ /* Found an ECC key. */
printf ("ECC: %d %d %d\n", printf ("ECC: %d %d\n",
templ[0].ulValueLen, templ[0].ulValueLen,
templ[1].ulValueLen, templ[1].ulValueLen);
templ[2].ulValueLen);
curve_oid = openpgp_oidbuf_to_str (ecparams+1, templ[1].ulValueLen-1); curve_oid = openpgp_oidbuf_to_str (ecparams+1, templ[0].ulValueLen-1);
curve = openpgp_oid_to_curve (curve_oid, 1); curve = openpgp_oid_to_curve (curve_oid, 1);
xfree (curve_oid); xfree (curve_oid);
puts ("Public key:"); puts ("Public key:");
puts (curve); puts (curve);
compute_keygrip_ec (k->keygrip, curve, ecpoint, templ[2].ulValueLen); compute_keygrip_ec (k->keygrip, curve, ecpoint, templ[1].ulValueLen);
puts (k->keygrip); puts (k->keygrip);
} }
@ -460,8 +462,8 @@ detect_private_keys (struct token *token)
k->id_len = templ[2].ulValueLen; k->id_len = templ[2].ulValueLen;
k->id[k->id_len] = 0; k->id[k->id_len] = 0;
printf ("handle: %ld label: %s key_type: %d id: %s\n", printf ("slot: %x handle: %ld label: %s key_type: %d id: %s\n",
obj, k->label, keytype, k->id); token->slot_id, obj, k->label, keytype, k->id);
if (examine_public_key (token, k, keytype, 1, obj)) if (examine_public_key (token, k, keytype, 1, obj))
continue; continue;
@ -549,8 +551,8 @@ check_public_keys (struct token *token)
if (i == token->num_keys) if (i == token->num_keys)
continue; continue;
printf ("pub: handle: %ld label: %s key_type: %d id: %s\n", printf ("pub: slot: %x handle: %ld label: %s key_type: %d id: %s\n",
obj, label, keytype, id); token->slot_id, obj, label, keytype, id);
if (examine_public_key (token, k, keytype, 0, obj)) if (examine_public_key (token, k, keytype, 0, obj))
continue; continue;