security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-11 22:01:08 +02:00
Code Activity

Print NO_SECKEY status line in gpgsm.

Browse Source 
This fixes bug#1020.
This commit is contained in:
Werner Koch 2009-03-25 16:05:16 +00:00
parent 6dc17a2b4d
commit ceb42db4dd
12 changed files with 62 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
agent/ChangeLog
View File

@ -1,5 +1,8 @@
2009-03-25 Werner Koch <wk@g10code.com> 2009-03-25 Werner Koch <wk@g10code.com>
* pkdecrypt.c (agent_pkdecrypt): Return a specific error message
if the key is not available.
* gpg-agent.c (main): Print a started message to show the real pid. * gpg-agent.c (main): Print a started message to show the real pid.
2009-03-20 Werner Koch <wk@g10code.com> 2009-03-20 Werner Koch <wk@g10code.com>

5
agent/pkdecrypt.c
View File

@ -69,7 +69,10 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
CACHE_MODE_NORMAL, &s_skey); CACHE_MODE_NORMAL, &s_skey);
if (rc) if (rc)
{ {
log_error ("failed to read the secret key\n"); if (gpg_err_code (rc) == GPG_ERR_ENOENT)
rc = gpg_error (GPG_ERR_NO_SECKEY);
else
log_error ("failed to read the secret key\n");
goto leave; goto leave;
} }

12
doc/DETAILS
View File

@ -309,12 +309,12 @@ more arguments in future versions.
since epoch or an ISO 8601 string which can be detected by the since epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside. presence of the letter 'T' inside.
ENC_TO <long_keyid> <keytype> <keylength>
ENC_TO <long keyid> <keytype> <keylength> The message is encrypted to this LONG_KEYID. KEYTYPE is the
The message is encrypted to this keyid. numerical value of the public key algorithm or 0 if it is not
keytype is the numerical value of the public key algorithm, known, KEYLENGTH is the length of the key or 0 if it is not
keylength is the length of the key or 0 if it is not known known (which is currently always the case). Gpg prints this
(which is currently always the case). line always; Gpgsm only if it knows the certificate.
NODATA <what> NODATA <what>
No data has been found. Codes for what are: No data has been found. Codes for what are:

4
g10/ChangeLog
View File

@ -1,3 +1,7 @@
2009-03-25 Werner Koch <wk@g10code.com>
* mainproc.c (print_pkenc_list): Use snprintf.
2009-03-17 Werner Koch <wk@g10code.com> 2009-03-17 Werner Koch <wk@g10code.com>
* call-agent.c (my_percent_plus_escape): Remove. * call-agent.c (my_percent_plus_escape): Remove.

4
g10/mainproc.c
View File

@ -469,8 +469,8 @@ print_pkenc_list( struct kidlist_item *list, int failed )
if( list->reason == G10ERR_NO_SECKEY ) { if( list->reason == G10ERR_NO_SECKEY ) {
if( is_status_enabled() ) { if( is_status_enabled() ) {
char buf[20]; char buf[20];
sprintf(buf,"%08lX%08lX", (ulong)list->kid[0], snprintf (buf, sizeof buf, "%08lX%08lX",
(ulong)list->kid[1] ); (ulong)list->kid[0], (ulong)list->kid[1]);
write_status_text( STATUS_NO_SECKEY, buf ); write_status_text( STATUS_NO_SECKEY, buf );
} }
} }

7
sm/ChangeLog
View File

@ -1,3 +1,10 @@
2009-03-25 Werner Koch <wk@g10code.com>
* decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY
stati. Fixes bug#1020.
* fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
change all callers.
2009-03-23 Werner Koch <wk@g10code.com> 2009-03-23 Werner Koch <wk@g10code.com>
* delete.c (delete_one): Also delete ephemeral certificates if * delete.c (delete_one): Also delete ephemeral certificates if

2
sm/certdump.c
View File

@ -952,7 +952,7 @@ gpgsm_format_keydesc (ksba_cert_t cert)
"created %s, expires %s.\n" ), "created %s, expires %s.\n" ),
subject? subject:"?", subject? subject:"?",
sn? sn: "?", sn? sn: "?",
gpgsm_get_short_fingerprint (cert), gpgsm_get_short_fingerprint (cert, NULL),
created, expires); created, expires);
i18n_switchback (orig_codeset); i18n_switchback (orig_codeset);

24
sm/decrypt.c
View File

@ -362,6 +362,9 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
ksba_sexp_t enc_val; ksba_sexp_t enc_val;
char *hexkeygrip = NULL; char *hexkeygrip = NULL;
char *desc = NULL; char *desc = NULL;
char kidbuf[16+1];
*kidbuf = 0;
rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
if (rc == -1 && recp) if (rc == -1 && recp)
@ -394,6 +397,25 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
log_error ("failed to get cert: %s\n", gpg_strerror (rc)); log_error ("failed to get cert: %s\n", gpg_strerror (rc));
goto oops; goto oops;
} }
/* Print the ENC_TO status line. Note that we can
do so only if we have the certificate. This is
in contrast to gpg where the keyID is commonly
included in the encrypted messages. It is too
cumbersome to retrieve the used algorithm, thus
we don't print it for now. We also record the
keyid for later use. */
{
unsigned long kid[2];
kid[0] = gpgsm_get_short_fingerprint (cert, kid+1);
snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX",
kid[1], kid[0]);
gpgsm_status2 (ctrl, STATUS_ENC_TO,
kidbuf, "0", "0", NULL);
}
/* Just in case there is a problem with the own /* Just in case there is a problem with the own
certificate we print this message - should never certificate we print this message - should never
happen of course */ happen of course */
@ -430,6 +452,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
{ {
log_info ("decrypting session key failed: %s\n", log_info ("decrypting session key failed: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
if (gpg_err_code (rc) == GPG_ERR_NO_SECKEY && *kidbuf)
gpgsm_status2 (ctrl, STATUS_NO_SECKEY, kidbuf, NULL);
} }
else else
{ /* setup the bulk decrypter */ { /* setup the bulk decrypter */

7
sm/fingerprint.c
View File

@ -140,13 +140,16 @@ gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo)
} }
/* Return a certificate ID. These are the last 4 bytes of the SHA-1 /* Return a certificate ID. These are the last 4 bytes of the SHA-1
fingerprint. */ fingerprint. If R_HIGH is not NULL the next 4 bytes are stored
there. */
unsigned long unsigned long
gpgsm_get_short_fingerprint (ksba_cert_t cert) gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
{ {
unsigned char digest[20]; unsigned char digest[20];
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
if (r_high)
*r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]);
return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]); return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
} }

5
sm/gpgsm.h
View File

@ -229,7 +229,7 @@ int gpgsm_parse_validation_model (const char *model);
/*-- server.c --*/ /*-- server.c --*/
void gpgsm_server (certlist_t default_recplist); void gpgsm_server (certlist_t default_recplist);
gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text); gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...); gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0);
gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text, gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
gpg_err_code_t ec); gpg_err_code_t ec);
gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl, gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
@ -240,7 +240,8 @@ unsigned char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
unsigned char *array, int *r_len); unsigned char *array, int *r_len);
char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo); char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo); char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert); unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
unsigned long *r_high);
unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array); unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert); char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits); int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);

4
sm/keylist.c
View File

@ -672,7 +672,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
(void)have_secret; (void)have_secret;
es_fprintf (fp, " ID: 0x%08lX\n", es_fprintf (fp, " ID: 0x%08lX\n",
gpgsm_get_short_fingerprint (cert)); gpgsm_get_short_fingerprint (cert, NULL));
sexp = ksba_cert_get_serial (cert); sexp = ksba_cert_get_serial (cert);
es_fputs (" S/N: ", fp); es_fputs (" S/N: ", fp);
@ -1042,7 +1042,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
(void)have_secret; (void)have_secret;
es_fprintf (fp, " ID: 0x%08lX\n", es_fprintf (fp, " ID: 0x%08lX\n",
gpgsm_get_short_fingerprint (cert)); gpgsm_get_short_fingerprint (cert, NULL));
sexp = ksba_cert_get_serial (cert); sexp = ksba_cert_get_serial (cert);
es_fputs (" S/N: ", fp); es_fputs (" S/N: ", fp);

2
sm/verify.c
View File

@ -450,7 +450,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
else else
log_printf (_("[date not given]")); log_printf (_("[date not given]"));
log_printf (_(" using certificate ID 0x%08lX\n"), log_printf (_(" using certificate ID 0x%08lX\n"),
gpgsm_get_short_fingerprint (cert)); gpgsm_get_short_fingerprint (cert, NULL));
if (msgdigest) if (msgdigest)