1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

g10: Don't ask keysize for for non-RSA card.

* g10/card-util.c (card_status): Bug fix for keyno.
(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
(generate_card_keys): Only ask keysize when RSA.
(card_generate_subkey): Likewise.

--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2016-10-21 14:15:05 +09:00
parent 161cb22f13
commit dafce6f698

View File

@ -476,7 +476,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached); es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
for (i=0; i < DIM (info.key_attr); i++) for (i=0; i < DIM (info.key_attr); i++)
if (info.key_attr[0].algo == PUBKEY_ALGO_RSA) if (info.key_attr[i].algo == PUBKEY_ALGO_RSA)
es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1, es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1,
info.key_attr[i].algo, info.key_attr[i].nbits); info.key_attr[i].algo, info.key_attr[i].nbits);
else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
@ -1277,7 +1277,7 @@ show_keysize_warning (void)
select the prompt. Returns 0 to use the default size (i.e. NBITS) select the prompt. Returns 0 to use the default size (i.e. NBITS)
or the selected size. */ or the selected size. */
static unsigned int static unsigned int
ask_card_keysize (int keyno, unsigned int nbits) ask_card_rsa_keysize (int keyno, unsigned int nbits)
{ {
unsigned int min_nbits = 1024; unsigned int min_nbits = 1024;
unsigned int max_nbits = 4096; unsigned int max_nbits = 4096;
@ -1327,7 +1327,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
/* Change the size of key KEYNO (0..2) to NBITS and show an error /* Change the size of key KEYNO (0..2) to NBITS and show an error
message if that fails. */ message if that fails. */
static gpg_error_t static gpg_error_t
do_change_keysize (int keyno, unsigned int nbits) do_change_rsa_keysize (int keyno, unsigned int nbits)
{ {
gpg_error_t err; gpg_error_t err;
char args[100]; char args[100];
@ -1406,15 +1406,18 @@ generate_card_keys (ctrl_t ctrl)
for (keyno = 0; keyno < DIM (info.key_attr); keyno++) for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
{ {
nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits); if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
if (nbits && do_change_keysize (keyno, nbits))
{ {
/* Error: Better read the default key size again. */ nbits = ask_card_rsa_keysize (keyno, info.key_attr[keyno].nbits);
agent_release_card_info (&info); if (nbits && do_change_rsa_keysize (keyno, nbits))
if (get_info_for_key_operation (&info)) {
goto leave; /* Error: Better read the default key size again. */
/* Ask again for this key size. */ agent_release_card_info (&info);
keyno--; if (get_info_for_key_operation (&info))
goto leave;
/* Ask again for this key size. */
keyno--;
}
} }
} }
/* Note that INFO has not be synced. However we will only use /* Note that INFO has not be synced. However we will only use
@ -1483,18 +1486,21 @@ card_generate_subkey (KBNODE pub_keyblock)
key size. */ key size. */
if (info.is_v2 && info.extcap.aac) if (info.is_v2 && info.extcap.aac)
{ {
unsigned int nbits; if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA)
ask_again:
nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
if (nbits && do_change_keysize (keyno-1, nbits))
{ {
/* Error: Better read the default key size again. */ unsigned int nbits;
agent_release_card_info (&info);
err = get_info_for_key_operation (&info); ask_again:
if (err) nbits = ask_card_rsa_keysize (keyno-1, info.key_attr[keyno-1].nbits);
goto leave; if (nbits && do_change_rsa_keysize (keyno-1, nbits))
goto ask_again; {
/* Error: Better read the default key size again. */
agent_release_card_info (&info);
err = get_info_for_key_operation (&info);
if (err)
goto leave;
goto ask_again;
}
} }
/* Note that INFO has not be synced. However we will only use /* Note that INFO has not be synced. However we will only use
the serialnumber and thus it won't harm. */ the serialnumber and thus it won't harm. */