security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

* keygen.c (generate_subkeypair): Detect primary key on-card and

Browse Source 
ask for the passphrase.  Return an error if the primary key is a
plain stub.

* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys.  Reported by
Dany Nativel.  These are bugs #401 and #402.
This commit is contained in:
Werner Koch 2005-01-27 11:48:33 +00:00
parent 963748d1b5
commit d96f816f89
3 changed files with 75 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
g10/ChangeLog
View File

@ -1,3 +1,13 @@
2005-01-27 Werner Koch <wk@g10code.com>
* keygen.c (generate_subkeypair): Detect primary key on-card and
ask for the passphrase. Return an error if the primary key is a
plain stub.
* keyedit.c (change_passphrase): Don't ever change any stub key.
Print a note if a key consists of only stub keys. Reported by
Dany Nativel. These are bugs #401 and #402.
2005-01-26 Werner Koch <wk@g10code.com> 2005-01-26 Werner Koch <wk@g10code.com>
* ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround

51
g10/keyedit.c
View File

@ -1069,6 +1069,7 @@ change_passphrase( KBNODE keyblock )
PKT_secret_key *sk; PKT_secret_key *sk;
char *passphrase = NULL; char *passphrase = NULL;
int no_primary_secrets = 0; int no_primary_secrets = 0;
int any;
node = find_kbnode( keyblock, PKT_SECRET_KEY ); node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node ) { if( !node ) {
@ -1077,6 +1078,25 @@ change_passphrase( KBNODE keyblock )
} }
sk = node->pkt->pkt.secret_key; sk = node->pkt->pkt.secret_key;
for (any = 0, node=keyblock; node; node = node->next) {
if (node->pkt->pkttype == PKT_SECRET_KEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY) {
PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
if (!(tmpsk->is_protected
&& (tmpsk->protect.s2k.mode == 1001
|| tmpsk->protect.s2k.mode == 1002))) {
any = 1;
break;
}
}
}
if (!any) {
tty_printf (_("Key has only stub or on-card key items - "
"no passphrase to change.\n"));
goto leave;
}
/* See how to handle this key. */
switch( is_secret_key_protected( sk ) ) { switch( is_secret_key_protected( sk ) ) {
case -1: case -1:
rc = G10ERR_PUBKEY_ALGO; rc = G10ERR_PUBKEY_ALGO;
@ -1089,6 +1109,10 @@ change_passphrase( KBNODE keyblock )
tty_printf(_("Secret parts of primary key are not available.\n")); tty_printf(_("Secret parts of primary key are not available.\n"));
no_primary_secrets = 1; no_primary_secrets = 1;
} }
else if( sk->protect.s2k.mode == 1002 ) {
tty_printf(_("Secret parts of primary key are store on-card.\n"));
no_primary_secrets = 1;
}
else { else {
tty_printf(_("Key is protected.\n")); tty_printf(_("Key is protected.\n"));
rc = check_secret_key( sk, 0 ); rc = check_secret_key( sk, 0 );
@ -1098,14 +1122,18 @@ change_passphrase( KBNODE keyblock )
break; break;
} }
/* unprotect all subkeys (use the supplied passphrase or ask)*/ /* Unprotect all subkeys (use the supplied passphrase or ask)*/
for(node=keyblock; !rc && node; node = node->next ) { for(node=keyblock; !rc && node; node = node->next ) {
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key; PKT_secret_key *subsk = node->pkt->pkt.secret_key;
set_next_passphrase( passphrase ); if ( !(subsk->is_protected
rc = check_secret_key( subsk, 0 ); && (subsk->protect.s2k.mode == 1001
if( !rc && !passphrase ) || subsk->protect.s2k.mode == 1002))) {
passphrase = get_last_passphrase(); set_next_passphrase( passphrase );
rc = check_secret_key( subsk, 0 );
if( !rc && !passphrase )
passphrase = get_last_passphrase();
}
} }
} }
@ -1149,13 +1177,18 @@ change_passphrase( KBNODE keyblock )
for(node=keyblock; !rc && node; node = node->next ) { for(node=keyblock; !rc && node; node = node->next ) {
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key; PKT_secret_key *subsk = node->pkt->pkt.secret_key;
subsk->protect.algo = dek->algo; if ( !(subsk->is_protected
subsk->protect.s2k = *s2k; && (subsk->protect.s2k.mode == 1001
rc = protect_secret_key( subsk, dek ); || subsk->protect.s2k.mode == 1002))) {
subsk->protect.algo = dek->algo;
subsk->protect.s2k = *s2k;
rc = protect_secret_key( subsk, dek );
}
} }
} }
if( rc ) if( rc )
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); log_error("protect_secret_key failed: %s\n",
g10_errstr(rc) );
else else
changed++; changed++;
break; break;

32
g10/keygen.c
View File

@ -1,6 +1,6 @@
/* keygen.c - generate a key pair /* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2004 Free Software Foundation, Inc. * 2004, 2005 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -3002,6 +3002,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
DEK *dek = NULL; DEK *dek = NULL;
STRING2KEY *s2k = NULL; STRING2KEY *s2k = NULL;
u32 cur_time; u32 cur_time;
int ask_pass = 0;
/* break out the primary secret key */ /* break out the primary secret key */
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY ); node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
@ -3032,20 +3033,31 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
goto leave; goto leave;
} }
/* unprotect to get the passphrase */ if (pri_sk->is_protected && pri_sk->protect.s2k.mode == 1001) {
tty_printf(_("Secret parts of primary key are not available.\n"));
rc = G10ERR_NO_SECKEY;
goto leave;
}
/* Unprotect to get the passphrase. */
switch( is_secret_key_protected( pri_sk ) ) { switch( is_secret_key_protected( pri_sk ) ) {
case -1: case -1:
rc = G10ERR_PUBKEY_ALGO; rc = G10ERR_PUBKEY_ALGO;
break; break;
case 0: case 0:
tty_printf("This key is not protected.\n"); tty_printf(_("This key is not protected.\n"));
break; break;
case -2:
tty_printf(_("Secret parts of primary key are store on-card.\n"));
ask_pass = 1;
break;
default: default:
tty_printf("Key is protected.\n"); tty_printf(_("Key is protected.\n"));
rc = check_secret_key( pri_sk, 0 ); rc = check_secret_key( pri_sk, 0 );
if( !rc ) if( !rc )
passphrase = get_last_passphrase(); passphrase = get_last_passphrase();
break; break;
} }
if( rc ) if( rc )
goto leave; goto leave;
@ -3058,7 +3070,9 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
_("Really create? (y/N) "))) _("Really create? (y/N) ")))
goto leave; goto leave;
if( passphrase ) { if (ask_pass)
dek = do_ask_passphrase (&s2k);
else if (passphrase) {
s2k = m_alloc_secure( sizeof *s2k ); s2k = m_alloc_secure( sizeof *s2k );
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO; s2k->hash_algo = S2K_DIGEST_ALGO;