1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-15 00:29:49 +02:00

gpg: Let --card--status create a shadow key (card key stub).

* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo.  Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--

The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2014-12-12 12:35:45 +01:00
parent 193815030d
commit f3f9f9b284
6 changed files with 26 additions and 40 deletions

View File

@ -492,7 +492,7 @@ int agent_card_scd (ctrl_t ctrl, const char *cmdline,
/*-- learncard.c --*/ /*-- learncard.c --*/
int agent_handle_learn (ctrl_t ctrl, void *assuan_context); int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context);
#endif /*AGENT_H*/ #endif /*AGENT_H*/

View File

@ -1619,21 +1619,26 @@ cmd_get_confirmation (assuan_context_t ctx, char *line)
static const char hlp_learn[] = static const char hlp_learn[] =
"LEARN [--send]\n" "LEARN [--send][--sendinfo]\n"
"\n" "\n"
"Learn something about the currently inserted smartcard. With\n" "Learn something about the currently inserted smartcard. With\n"
"--send the new certificates are send back."; "--sendinfo information about the card is returned; with --send\n"
"the available certificates are returned as D lines.";
static gpg_error_t static gpg_error_t
cmd_learn (assuan_context_t ctx, char *line) cmd_learn (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
int rc; gpg_error_t err;
int send, sendinfo;
send = has_option (line, "--send");
sendinfo = send? 1 : has_option (line, "--sendinfo");
if (ctrl->restricted) if (ctrl->restricted)
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
rc = agent_handle_learn (ctrl, has_option (line, "--send")? ctx : NULL); err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL);
return leave_cmd (ctx, rc); return leave_cmd (ctx, err);
} }

View File

@ -296,10 +296,10 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context)
return 0; return 0;
} }
/* Perform the learn operation. If ASSUAN_CONTEXT is not NULL all new /* Perform the learn operation. If ASSUAN_CONTEXT is not NULL and
certificates are send back via Assuan. */ SEND is true all new certificates are send back via Assuan. */
int int
agent_handle_learn (ctrl_t ctrl, void *assuan_context) agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context)
{ {
int rc; int rc;
@ -369,7 +369,7 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context)
log_info (" id: %s (type=%d)\n", log_info (" id: %s (type=%d)\n",
citem->id, citem->type); citem->id, citem->type);
if (assuan_context) if (assuan_context && send)
{ {
rc = send_cert_back (ctrl, citem->id, assuan_context); rc = send_cert_back (ctrl, citem->id, assuan_context);
if (rc) if (rc)
@ -439,9 +439,9 @@ agent_handle_learn (ctrl_t ctrl, void *assuan_context)
} }
if (opt.verbose) if (opt.verbose)
log_info ("stored\n"); log_info (" id: %s - shadow key created\n", item->id);
if (assuan_context) if (assuan_context && send)
{ {
CERTINFO citem; CERTINFO citem;

View File

@ -655,6 +655,7 @@ agent_scd_learn (struct agent_card_info_s *info)
{ {
int rc; int rc;
struct default_inq_parm_s parm; struct default_inq_parm_s parm;
struct agent_card_info_s dummyinfo;
memset (&parm, 0, sizeof parm); memset (&parm, 0, sizeof parm);
@ -674,42 +675,25 @@ agent_scd_learn (struct agent_card_info_s *info)
if (rc) if (rc)
return rc; return rc;
if (!info)
info = &dummyinfo;
parm.ctx = agent_ctx; parm.ctx = agent_ctx;
memset (info, 0, sizeof *info); memset (info, 0, sizeof *info);
rc = assuan_transact (agent_ctx, "SCD LEARN --force", rc = assuan_transact (agent_ctx, "LEARN --sendinfo",
dummy_data_cb, NULL, default_inq_cb, &parm, dummy_data_cb, NULL, default_inq_cb, &parm,
learn_status_cb, info); learn_status_cb, info);
/* Also try to get the key attributes. */ /* Also try to get the key attributes. */
if (!rc) if (!rc)
agent_scd_getattr ("KEY-ATTR", info); agent_scd_getattr ("KEY-ATTR", info);
if (info == &dummyinfo)
agent_release_card_info (info);
return rc; return rc;
} }
/* Call the agent to learn about the current smartcard. This is
currently only used to have the agent create the shadow key. */
gpg_error_t
agent_learn (void)
{
gpg_error_t err;
struct default_inq_parm_s parm;
memset (&parm, 0, sizeof parm);
err = start_agent (NULL, 1);
if (err)
return err;
parm.ctx = agent_ctx;
err = assuan_transact (agent_ctx, "LEARN",
dummy_data_cb, NULL, default_inq_cb, &parm,
NULL, NULL);
return err;
}
int int
agent_keytocard (const char *hexgrip, int keyno, int force, agent_keytocard (const char *hexgrip, int keyno, int force,
const char *serialno, const char *timestamp) const char *serialno, const char *timestamp)

View File

@ -78,9 +78,6 @@ void agent_release_card_info (struct agent_card_info_s *info);
/* Return card info. */ /* Return card info. */
int agent_scd_learn (struct agent_card_info_s *info); int agent_scd_learn (struct agent_card_info_s *info);
/* Let the agent learn about the current card. */
gpg_error_t agent_learn (void);
/* Update INFO with the attribute NAME. */ /* Update INFO with the attribute NAME. */
int agent_scd_getattr (const char *name, struct agent_card_info_s *info); int agent_scd_getattr (const char *name, struct agent_card_info_s *info);

View File

@ -4447,7 +4447,7 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
/* Send the learn command so that the agent creates a shadow key for /* Send the learn command so that the agent creates a shadow key for
card key. We need to do that now so that we are able to create card key. We need to do that now so that we are able to create
the self-signatures. */ the self-signatures. */
err = agent_learn (); err = agent_scd_learn (NULL);
if (err) if (err)
{ {
/* Oops: Card removed during generation. */ /* Oops: Card removed during generation. */