security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

Key generation and signing using the OpenPGP card does rudimentary work.

Browse source
This commit is contained in:
Werner Koch 2003-06-27 20:53:09 +00:00
parent ed0d33f1d0
commit f5db59fc21
50 changed files with 1535 additions and 449 deletions
Download patch file Download diff file Expand all files Collapse all files

11
sm/ChangeLog
View file

@ -1,3 +1,14 @@
2003-06-24 Werner Koch <wk@gnupg.org>
* server.c (gpgsm_status_with_err_code): New.
* verify.c (gpgsm_verify): Use it here instead of the old
tokenizing version.
* verify.c (strtimestamp): Renamed to strtimestamp_r
Adjusted for changes in the libgcrypt API. Some more fixes for the
libgpg-error stuff.
2003-06-04 Werner Koch <wk@gnupg.org>
* call-agent.c (init_membuf,put_membuf,get_membuf): Removed.

88
sm/call-agent.c
View file

@ -26,15 +26,17 @@
#include <unistd.h>
#include <time.h>
#include <assert.h>
#include <gcrypt.h>
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
#include <assuan.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <assuan.h>
#include "i18n.h"
#include "keydb.h" /* fixme: Move this to import.c */
#include "../common/membuf.h"
static ASSUAN_CONTEXT agent_ctx = NULL;
static int force_pipe_server = 0;
@ -54,77 +56,9 @@ struct genkey_parm_s {
struct learn_parm_s {
int error;
ASSUAN_CONTEXT ctx;
struct membuf *data;
membuf_t *data;
};
struct membuf {
size_t len;
size_t size;
char *buf;
int out_of_core;
};
/* A simple implemnation of a dynamic buffer. Use init_membuf() to
create a buffer, put_membuf to append bytes and get_membuf to
release and return the buffer. Allocation errors are detected but
only returned at the final get_membuf(), this helps not to clutter
the code with out of core checks. */
static void
init_membuf (struct membuf *mb, int initiallen)
{
mb->len = 0;
mb->size = initiallen;
mb->out_of_core = 0;
mb->buf = xtrymalloc (initiallen);
if (!mb->buf)
mb->out_of_core = 1;
}
static void
put_membuf (struct membuf *mb, const void *buf, size_t len)
{
if (mb->out_of_core)
return;
if (mb->len + len >= mb->size)
{
char *p;
mb->size += len + 1024;
p = xtryrealloc (mb->buf, mb->size);
if (!p)
{
mb->out_of_core = 1;
return;
}
mb->buf = p;
}
memcpy (mb->buf + mb->len, buf, len);
mb->len += len;
}
static void *
get_membuf (struct membuf *mb, size_t *len)
{
char *p;
if (mb->out_of_core)
{
xfree (mb->buf);
mb->buf = NULL;
return NULL;
}
p = mb->buf;
*len = mb->len;
mb->buf = NULL;
mb->out_of_core = 1; /* don't allow a reuse */
return p;
}
/* Try to connect to the agent via socket or fork it off and work by
@ -354,7 +288,7 @@ start_agent (void)
static AssuanError
membuf_data_cb (void *opaque, const void *buffer, size_t length)
{
struct membuf *data = opaque;
membuf_t *data = opaque;
if (buffer)
put_membuf (data, buffer, length);
@ -373,7 +307,7 @@ gpgsm_agent_pksign (const char *keygrip,
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
struct membuf data;
membuf_t data;
size_t len;
*r_buf = NULL;
@ -448,7 +382,7 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
{
int rc;
char line[ASSUAN_LINELENGTH];
struct membuf data;
membuf_t data;
struct cipher_parm_s cipher_parm;
size_t n, len;
char *buf, *endp;
@ -534,7 +468,7 @@ gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
{
int rc;
struct genkey_parm_s gk_parm;
struct membuf data;
membuf_t data;
size_t len;
char *buf;
@ -710,7 +644,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
keydb_store_cert (cert, 1, NULL);
}
else if (rc)
log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
log_error ("invalid certificate: %s\n", gpg_strerror (rc));
else
{
int existed;
@ -735,7 +669,7 @@ gpgsm_agent_learn ()
{
int rc;
struct learn_parm_s learn_parm;
struct membuf data;
membuf_t data;
size_t len;
rc = start_agent ();

6
sm/call-dirmngr.c
View file

@ -28,10 +28,10 @@
#include <assert.h>
#include <ctype.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <assuan.h>
#include "gpgsm.h"
#include "i18n.h"
struct membuf {
@ -263,7 +263,7 @@ inq_certificate (void *opaque, const char *line)
err = gpgsm_find_cert (line, &cert);
if (err)
{
log_error ("certificate not found: %s\n", gnupg_strerror (err));
log_error ("certificate not found: %s\n", gpg_strerror (err));
rc = ASSUAN_Inquire_Error;
}
else
@ -533,7 +533,7 @@ run_command_inq_cb (void *opaque, const char *line)
err = gpgsm_find_cert (line, &cert);
if (err)
{
log_error ("certificate not found: %s\n", gnupg_strerror (err));
log_error ("certificate not found: %s\n", gpg_strerror (err));
rc = ASSUAN_Inquire_Error;
}
else

10
sm/certchain.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
@ -302,7 +302,7 @@ find_up (KEYDB_HANDLE kh, KsbaCert cert, const char *issuer)
log_info (_("number of issuers matching: %d\n"), count);
if (rc)
{
log_error ("external key lookup failed: %s\n", gnupg_strerror (rc));
log_error ("external key lookup failed: %s\n", gpg_strerror (rc));
rc = -1;
}
else if (!count)
@ -585,7 +585,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
else
{
log_error (_("checking the trust list failed: %s\n"),
gnupg_strerror (rc));
gpg_strerror (rc));
}
break; /* okay, a self-signed certicate is an end-point */
@ -655,8 +655,10 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
rc = gpgsm_cert_use_cert_p (issuer_cert);
if (rc)
{
char numbuf[50];
sprintf (numbuf, "%d", rc);
gpgsm_status2 (ctrl, STATUS_ERROR, "certcert.issuer.keyusage",
gnupg_error_token (rc), NULL);
numbuf, NULL);
rc = 0;
}

52
sm/certcheck.c
View file

@ -27,17 +27,17 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
static int
do_encode_md (GCRY_MD_HD md, int algo, unsigned int nbits,
GCRY_MPI *r_val)
do_encode_md (gcry_md_hd_t md, int algo, unsigned int nbits,
gcry_mpi_t *r_val)
{
int nframe = (nbits+7) / 8;
byte *frame;
@ -104,12 +104,12 @@ int
gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
{
const char *algoid;
GCRY_MD_HD md;
gcry_md_hd_t md;
int rc, algo;
GCRY_MPI frame;
gcry_mpi_t frame;
KsbaSexp p;
size_t n;
GCRY_SEXP s_sig, s_hash, s_pkey;
gcry_sexp_t s_sig, s_hash, s_pkey;
algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert)));
if (!algo)
@ -117,11 +117,11 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
return gpg_error (GPG_ERR_GENERAL);
}
md = gcry_md_open (algo, 0);
if (!md)
rc = gcry_md_open (&md, algo, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gcry_strerror (-1));
return gpg_error (GPG_ERR_GENERAL);
log_error ("md_open failed: %s\n", gpg_strerror (rc));
return rc;
}
if (DBG_HASHING)
gcry_md_start_debug (md, "hash.cert");
@ -157,9 +157,9 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
ksba_free (p);
if (rc)
{
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
gcry_md_close (md);
return map_gcry_err (rc);
return rc;
}
p = ksba_cert_get_public_key (issuer_cert);
@ -176,10 +176,10 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
ksba_free (p);
if (rc)
{
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
gcry_md_close (md);
gcry_sexp_release (s_sig);
return map_gcry_err (rc);
return rc;
}
rc = do_encode_md (md, algo, gcry_pk_get_nbits (s_pkey), &frame);
@ -199,24 +199,24 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_CRYPTO)
log_debug ("gcry_pk_verify: %s\n", gcry_strerror (rc));
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
gcry_md_close (md);
gcry_sexp_release (s_sig);
gcry_sexp_release (s_hash);
gcry_sexp_release (s_pkey);
return map_gcry_err (rc);
return rc;
}
int
gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
GCRY_MD_HD md, int algo)
gcry_md_hd_t md, int algo)
{
int rc;
KsbaSexp p;
GCRY_MPI frame;
GCRY_SEXP s_sig, s_hash, s_pkey;
gcry_mpi_t frame;
gcry_sexp_t s_sig, s_hash, s_pkey;
size_t n;
n = gcry_sexp_canon_len (sigval, 0, NULL, NULL);
@ -228,8 +228,8 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
rc = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
if (rc)
{
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
return map_gcry_err (rc);
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
return rc;
}
p = ksba_cert_get_public_key (cert);
@ -248,9 +248,9 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
ksba_free (p);
if (rc)
{
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
gcry_sexp_release (s_sig);
return map_gcry_err (rc);
return rc;
}
@ -268,17 +268,17 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_CRYPTO)
log_debug ("gcry_pk_verify: %s\n", gcry_strerror (rc));
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
gcry_sexp_release (s_sig);
gcry_sexp_release (s_hash);
gcry_sexp_release (s_pkey);
return map_gcry_err (rc);
return rc;
}
int
gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
gpgsm_create_cms_signature (KsbaCert cert, gcry_md_hd_t md, int mdalgo,
char **r_sigval)
{
int rc;

2
sm/certdump.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"

2
sm/certlist.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"

26
sm/certreqgen.c
View file

@ -96,10 +96,10 @@ EOF
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
@ -489,7 +489,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{
r = get_parameter (para, pKEYTYPE);
log_error ("line %d: key generation failed: %s\n",
r->lnr, gnupg_strerror (rc));
r->lnr, gpg_strerror (rc));
return rc;
}
@ -508,7 +508,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
{
KsbaCertreq cr;
KsbaError err;
GCRY_MD_HD md;
gcry_md_hd_t md;
KsbaStopReason stopreason;
int rc = 0;
const char *s;
@ -517,11 +517,10 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
if (!cr)
return gpg_error (GPG_ERR_ENOMEM);
md = gcry_md_open (GCRY_MD_SHA1, 0);
if (!md)
rc = gcry_md_open (&md, GCRY_MD_SHA1, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gcry_strerror (-1));
rc = map_gcry_err (gcry_errno ());
log_error ("md_open failed: %s\n", gpg_strerror (rc));
goto leave;
}
if (DBG_HASHING)
@ -585,7 +584,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
}
if (stopreason == KSBA_SR_NEED_SIG)
{
GCRY_SEXP s_pkey;
gcry_sexp_t s_pkey;
size_t n;
unsigned char grip[20], hexgrip[41];
char *sigval;
@ -601,8 +600,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
rc = gcry_sexp_sscan (&s_pkey, NULL, public, n);
if (rc)
{
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
rc = map_gcry_err (rc);
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
goto leave;
}
if ( !gcry_pk_get_keygrip (s_pkey, grip) )
@ -623,7 +621,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
&sigval, &siglen);
if (rc)
{
log_error ("signing failed: %s\n", gnupg_strerror (rc));
log_error ("signing failed: %s\n", gpg_strerror (rc));
goto leave;
}
@ -671,7 +669,7 @@ gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gnupg_strerror (rc));
log_error ("can't create writer: %s\n", gpg_strerror (rc));
goto leave;
}
@ -679,14 +677,14 @@ gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
if (rc)
{
log_error ("error creating certificate request: %s\n",
gnupg_strerror (rc));
gpg_strerror (rc));
goto leave;
}
rc = gpgsm_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gnupg_strerror (rc));
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}

44
sm/decrypt.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
@ -38,7 +38,7 @@ struct decrypt_filter_parm_s {
int algo;
int mode;
int blklen;
GCRY_CIPHER_HD hd;
gcry_cipher_hd_t hd;
char iv[16];
size_t ivlen;
int any_data; /* dod we push anything through the filter at all? */
@ -65,7 +65,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
&seskey, &seskeylen);
if (rc)
{
log_error ("error decrypting session key: %s\n", gnupg_strerror (rc));
log_error ("error decrypting session key: %s\n", gpg_strerror (rc));
goto leave;
}
@ -113,17 +113,15 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
if (DBG_CRYPTO)
log_printhex ("session key:", seskey+n, seskeylen-n);
parm->hd = gcry_cipher_open (parm->algo, parm->mode, 0);
if (!parm->hd)
rc = gcry_cipher_open (&parm->hd, parm->algo, parm->mode, 0);
if (rc)
{
rc = gcry_errno ();
log_error ("error creating decryptor: %s\n", gcry_strerror (rc));
rc = map_gcry_err (rc);
log_error ("error creating decryptor: %s\n", gpg_strerror (rc));
goto leave;
}
rc = gcry_cipher_setkey (parm->hd, seskey+n, seskeylen-n);
if (rc == GCRYERR_WEAK_KEY)
if (gpg_err_code (rc) == GPG_ERR_WEAK_KEY)
{
log_info (_("WARNING: message was encrypted with "
"a weak key in the symmetric cipher.\n"));
@ -131,8 +129,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
}
if (rc)
{
log_error("key setup failed: %s\n", gcry_strerror(rc) );
rc = map_gcry_err (rc);
log_error("key setup failed: %s\n", gpg_strerror(rc) );
goto leave;
}
@ -277,14 +274,14 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gnupg_strerror (rc));
log_error ("can't create reader: %s\n", gpg_strerror (rc));
goto leave;
}
rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gnupg_strerror (rc));
log_error ("can't create writer: %s\n", gpg_strerror (rc));
goto leave;
}
@ -334,8 +331,13 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
else if (!algoid)
log_info (_("(this does not seem to be an encrypted"
" message)\n"));
gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.algorithm",
gnupg_error_token (rc), algoid?algoid:"?", NULL);
{
char numbuf[50];
sprintf (numbuf, "%d", rc);
gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.algorithm",
numbuf, algoid?algoid:"?", NULL);
}
goto leave;
}
dfparm.algo = algo;
@ -383,14 +385,14 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (rc)
{
log_error ("failed to find the certificate: %s\n",
gnupg_strerror(rc));
gpg_strerror(rc));
goto oops;
}
rc = keydb_get_cert (kh, &cert);
if (rc)
{
log_error ("failed to get cert: %s\n", gnupg_strerror (rc));
log_error ("failed to get cert: %s\n", gpg_strerror (rc));
goto oops;
}
/* Just in case there is a problem with the own
@ -399,8 +401,10 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
rc = gpgsm_cert_use_decrypt_p (cert);
if (rc)
{
char numbuf[50];
sprintf (numbuf, "%d", rc);
gpgsm_status2 (ctrl, STATUS_ERROR, "decrypt.keyusage",
gnupg_error_token (rc), NULL);
numbuf, NULL);
rc = 0;
}
@ -424,7 +428,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (rc)
{
log_debug ("decrypting session key failed: %s\n",
gnupg_strerror (rc));
gpg_strerror (rc));
}
else
{ /* setup the bulk decrypter */
@ -479,7 +483,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
rc = gpgsm_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gnupg_strerror (rc));
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}
gpgsm_status (ctrl, STATUS_DECRYPTION_OKAY, NULL);

10
sm/delete.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
@ -49,7 +49,7 @@ delete_one (CTRL ctrl, const char *username)
if (rc)
{
log_error (_("certificate `%s' not found: %s\n"),
username, gnupg_strerror (rc));
username, gpg_strerror (rc));
gpgsm_status2 (ctrl, STATUS_DELETE_PROBLEM, "1", NULL);
goto leave;
}
@ -100,7 +100,7 @@ delete_one (CTRL ctrl, const char *username)
if (rc == -1)
rc = gpg_error (GPG_ERR_NO_PUBKEY);
log_error (_("certificate `%s' not found: %s\n"),
username, gnupg_strerror (rc));
username, gpg_strerror (rc));
gpgsm_status2 (ctrl, STATUS_DELETE_PROBLEM, "3", NULL);
goto leave;
}
@ -113,7 +113,7 @@ delete_one (CTRL ctrl, const char *username)
if (rc)
{
log_error ("problem re-searching certificate: %s\n",
gnupg_strerror (rc));
gpg_strerror (rc));
goto leave;
}
@ -156,7 +156,7 @@ gpgsm_delete (CTRL ctrl, STRLIST names)
if (rc)
{
log_error (_("deleting certificate \"%s\" failed: %s\n"),
names->d, gnupg_strerror (rc) );
names->d, gpg_strerror (rc) );
return rc;
}
}

42
sm/encrypt.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
@ -38,7 +38,7 @@
struct dek_s {
const char *algoid;
int algo;
GCRY_CIPHER_HD chd;
gcry_cipher_hd_t chd;
char key[32];
int keylen;
char iv[32];
@ -89,37 +89,37 @@ init_dek (DEK dek)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
}
dek->chd = gcry_cipher_open (dek->algo, mode, GCRY_CIPHER_SECURE);
if (!dek->chd)
rc = gcry_cipher_open (&dek->chd, dek->algo, mode, GCRY_CIPHER_SECURE);
if (rc)
{
log_error ("failed to create cipher context: %s\n", gcry_strerror (-1));
return gpg_error (GPG_ERR_GENERAL);
log_error ("failed to create cipher context: %s\n", gpg_strerror (rc));
return rc;
}
for (i=0; i < 8; i++)
{
gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
rc = gcry_cipher_setkey (dek->chd, dek->key, dek->keylen);
if (rc != GCRYERR_WEAK_KEY)
if (gpg_err_code (rc) != GPG_ERR_WEAK_KEY)
break;
log_info(_("weak key created - retrying\n") );
}
if (rc)
{
log_error ("failed to set the key: %s\n", gcry_strerror (rc));
log_error ("failed to set the key: %s\n", gpg_strerror (rc));
gcry_cipher_close (dek->chd);
dek->chd = NULL;
return map_gcry_err (rc);
return rc;
}
gcry_randomize (dek->iv, dek->ivlen, GCRY_STRONG_RANDOM);
rc = gcry_cipher_setiv (dek->chd, dek->iv, dek->ivlen);
if (rc)
{
log_error ("failed to set the IV: %s\n", gcry_strerror (rc));
log_error ("failed to set the IV: %s\n", gpg_strerror (rc));
gcry_cipher_close (dek->chd);
dek->chd = NULL;
return map_gcry_err (rc);
return rc;
}
return 0;
@ -129,14 +129,14 @@ init_dek (DEK dek)
/* Encode the session key. NBITS is the number of bits which should be
used for packing the session key. returns: An mpi with the session
key (caller must free) */
static GCRY_MPI
static gcry_mpi_t
encode_session_key (DEK dek, unsigned int nbits)
{
int nframe = (nbits+7) / 8;
byte *p;
byte *frame;
int i,n;
MPI a;
gcry_mpi_t a;
if (dek->keylen + 7 > nframe || !nframe)
log_bug ("can't encode a %d bit key in a %d bits frame\n",
@ -206,7 +206,7 @@ encode_session_key (DEK dek, unsigned int nbits)
static int
encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
{
GCRY_SEXP s_ciph, s_data, s_pkey;
gcry_sexp_t s_ciph, s_data, s_pkey;
int rc;
KsbaSexp buf;
size_t len;
@ -230,14 +230,14 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
xfree (buf); buf = NULL;
if (rc)
{
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
return map_gcry_err (rc);
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
return rc;
}
/* put the encoded cleartext into a simple list */
{
/* fixme: actually the pkcs-1 encoding should go into libgcrypt */
GCRY_MPI data = encode_session_key (dek, gcry_pk_get_nbits (s_pkey));
gcry_mpi_t data = encode_session_key (dek, gcry_pk_get_nbits (s_pkey));
if (!data)
{
gcry_mpi_release (data);
@ -404,7 +404,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gnupg_strerror (rc));
log_error ("can't create writer: %s\n", gpg_strerror (rc));
goto leave;
}
@ -449,7 +449,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
if (rc)
{
log_error ("failed to create the session key: %s\n",
gnupg_strerror (rc));
gpg_strerror (rc));
goto leave;
}
@ -482,7 +482,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
if (rc)
{
log_error ("encryption failed for recipient no. %d: %s\n",
recpno, gnupg_strerror (rc));
recpno, gpg_strerror (rc));
goto leave;
}
@ -532,7 +532,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
rc = gpgsm_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gnupg_strerror (rc));
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}
log_info ("encrypted data created\n");

10
sm/export.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
static void print_short_info (KsbaCert cert, FILE *fp);
@ -85,7 +85,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
if (rc)
{
log_error ("key `%s' not found: %s\n",
sl->d, gnupg_strerror (rc));
sl->d, gpg_strerror (rc));
rc = 0;
}
else
@ -121,7 +121,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
rc = keydb_get_cert (hd, &cert);
if (rc)
{
log_error ("keydb_get_cert failed: %s\n", gnupg_strerror (rc));
log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
goto leave;
}
@ -147,7 +147,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
rc = gpgsm_create_writer (&b64writer, ctrl, fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gnupg_strerror (rc));
log_error ("can't create writer: %s\n", gpg_strerror (rc));
goto leave;
}
}
@ -176,7 +176,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
cert = NULL;
}
if (rc && rc != -1)
log_error ("keydb_search failed: %s\n", gnupg_strerror (rc));
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
else if (b64writer)
{
rc = gpgsm_finish_writer (b64writer);

16
sm/fingerprint.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
/* Return the fingerprint of the certificate (we can't put this into
libksba because we need libgcrypt support). The caller must
@ -45,7 +45,7 @@
char *
gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len)
{
GCRY_MD_HD md;
gcry_md_hd_t md;
int rc, len;
if (!algo)
@ -59,10 +59,10 @@ gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len)
if (r_len)
*r_len = len;
md = gcry_md_open (algo, 0);
if (!md)
rc = gcry_md_open (&md, algo, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gcry_strerror (-1));
log_error ("md_open failed: %s\n", gpg_strerror (rc));
memset (array, 0xff, len); /* better return an invalid fpr than NULL */
return array;
}
@ -143,7 +143,7 @@ gpgsm_get_short_fingerprint (KsbaCert cert)
char *
gpgsm_get_keygrip (KsbaCert cert, char *array)
{
GCRY_SEXP s_pkey;
gcry_sexp_t s_pkey;
int rc;
KsbaSexp p;
size_t n;
@ -164,7 +164,7 @@ gpgsm_get_keygrip (KsbaCert cert, char *array)
xfree (p);
if (rc)
{
log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (rc));
return NULL;
}
array = gcry_pk_get_keygrip (s_pkey, array);

6
sm/gpgsm.c
View file

@ -27,10 +27,10 @@
#include <unistd.h>
#include <fcntl.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <assuan.h> /* malloc hooks */
#include "gpgsm.h"
#include "../kbx/keybox.h" /* malloc hooks */
#include "i18n.h"
#include "keydb.h"
@ -1095,7 +1095,7 @@ main ( int argc, char **argv)
if (rc)
{
log_error (_("can't sign using `%s': %s\n"),
sl->d, gnupg_strerror (rc));
sl->d, gpg_strerror (rc));
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
gpg_err_code (rc) == -1? "1":
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
@ -1117,7 +1117,7 @@ main ( int argc, char **argv)
if (rc)
{
log_error (_("can't encrypt to `%s': %s\n"),
sl->d, gnupg_strerror (rc));
sl->d, gpg_strerror (rc));
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
gpg_err_code (rc) == -1? "1":
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":

6
sm/gpgsm.h
View file

@ -152,6 +152,8 @@ void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
void gpgsm_server (void);
void gpgsm_status (CTRL ctrl, int no, const char *text);
void gpgsm_status2 (CTRL ctrl, int no, ...);
void gpgsm_status_with_err_code (CTRL ctrl, int no, const char *text,
gpg_err_code_t ec);
/*-- fingerprint --*/
char *gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len);
@ -188,9 +190,9 @@ void gpgsm_dump_string (const char *string);
/*-- certcheck.c --*/
int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert);
int gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
GCRY_MD_HD md, int hash_algo);
gcry_md_hd_t md, int hash_algo);
/* fixme: move create functions to another file */
int gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
int gpgsm_create_cms_signature (KsbaCert cert, gcry_md_hd_t md, int mdalgo,
char **r_sigval);

2
sm/import.c
View file

@ -27,10 +27,10 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"

8
sm/keydb.c
View file

@ -231,7 +231,7 @@ keydb_add_resource (const char *url, int force, int secret)
leave:
if (rc)
log_error ("keyblock resource `%s': %s\n", filename, gnupg_strerror(rc));
log_error ("keyblock resource `%s': %s\n", filename, gpg_strerror(rc));
else if (secret)
any_secret = 1;
else
@ -1255,14 +1255,14 @@ keydb_store_cert (KsbaCert cert, int ephemeral, int *existed)
return 0; /* okay */
}
log_error (_("problem looking for existing certificate: %s\n"),
gnupg_strerror (rc));
gpg_strerror (rc));
return rc;
}
rc = keydb_locate_writable (kh, 0);
if (rc)
{
log_error (_("error finding writable keyDB: %s\n"), gnupg_strerror (rc));
log_error (_("error finding writable keyDB: %s\n"), gpg_strerror (rc));
keydb_release (kh);
return rc;
}
@ -1270,7 +1270,7 @@ keydb_store_cert (KsbaCert cert, int ephemeral, int *existed)
rc = keydb_insert_cert (kh, cert);
if (rc)
{
log_error (_("error storing certificate: %s\n"), gnupg_strerror (rc));
log_error (_("error storing certificate: %s\n"), gpg_strerror (rc));
keydb_release (kh);
return rc;
}

9
sm/keylist.c
View file

@ -1,5 +1,5 @@
/* keylist.c
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -27,10 +27,11 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
@ -460,7 +461,7 @@ list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
if (rc)
{
log_error ("key `%s' not found: %s\n",
sl->d, gnupg_strerror (rc));
sl->d, gpg_strerror (rc));
rc = 0;
}
else
@ -535,7 +536,7 @@ list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
cert = NULL;
}
if (rc && rc != -1)
log_error ("keydb_search failed: %s\n", gnupg_strerror (rc));
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
leave:
ksba_cert_release (cert);

11
sm/server.c
View file

@ -991,7 +991,18 @@ gpgsm_status (CTRL ctrl, int no, const char *text)
gpgsm_status2 (ctrl, no, text, NULL);
}
void
gpgsm_status_with_err_code (CTRL ctrl, int no, const char *text,
gpg_err_code_t ec)
{
char buf[30];
sprintf (buf, "%u", (unsigned int)ec);
if (text)
gpgsm_status2 (ctrl, no, text, buf, NULL);
else
gpgsm_status2 (ctrl, no, buf, NULL);
}
#if 0
/*

36
sm/sign.c
View file

@ -27,16 +27,16 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
static void
hash_data (int fd, GCRY_MD_HD md)
hash_data (int fd, gcry_md_hd_t md)
{
FILE *fp;
char buffer[4096];
@ -61,7 +61,7 @@ hash_data (int fd, GCRY_MD_HD md)
}
static int
hash_and_copy_data (int fd, GCRY_MD_HD md, KsbaWriter writer)
hash_and_copy_data (int fd, gcry_md_hd_t md, KsbaWriter writer)
{
KsbaError err;
FILE *fp;
@ -203,7 +203,7 @@ get_default_signer (void)
rc = keydb_classify_name (opt.local_user, &desc);
if (rc)
{
log_error ("failed to find default signer: %s\n", gnupg_strerror (rc));
log_error ("failed to find default signer: %s\n", gpg_strerror (rc));
return NULL;
}
@ -302,7 +302,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
KsbaCMS cms = NULL;
KsbaStopReason stopreason;
KEYDB_HANDLE kh = NULL;
GCRY_MD_HD data_md = NULL;
gcry_md_hd_t data_md = NULL;
int signer;
const char *algoid;
int algo;
@ -322,7 +322,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gnupg_strerror (rc));
log_error ("can't create writer: %s\n", gpg_strerror (rc));
goto leave;
}
@ -394,7 +394,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (rc)
{
log_error ("failed to store list of certificates: %s\n",
gnupg_strerror(rc));
gpg_strerror(rc));
goto leave;
}
/* Set the hash algorithm we are going to use */
@ -409,11 +409,10 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
}
/* Prepare hashing (actually we are figuring out what we have set above)*/
data_md = gcry_md_open (0, 0);
if (!data_md)
rc = gcry_md_open (&data_md, 0, 0);
if (rc)
{
rc = map_gcry_err (gcry_errno());
log_error ("md_open failed: %s\n", gcry_strerror (-1));
log_error ("md_open failed: %s\n", gpg_strerror (rc));
goto leave;
}
if (DBG_HASHING)
@ -524,18 +523,17 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
}
else if (stopreason == KSBA_SR_NEED_SIG)
{ /* calculate the signature for all signers */
GCRY_MD_HD md;
gcry_md_hd_t md;
algo = GCRY_MD_SHA1;
md = gcry_md_open (algo, 0);
if (DBG_HASHING)
gcry_md_start_debug (md, "sign.attr");
if (!md)
rc = gcry_md_open (&md, algo, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gcry_strerror (-1));
log_error ("md_open failed: %s\n", gpg_strerror (rc));
goto leave;
}
if (DBG_HASHING)
gcry_md_start_debug (md, "sign.attr");
ksba_cms_set_hash_function (cms, HASH_FNC, md);
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
{
@ -605,7 +603,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
rc = gpgsm_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gnupg_strerror (rc));
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}

50
sm/verify.c
View file

@ -27,16 +27,15 @@
#include <time.h>
#include <assert.h>
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
#include "gpgsm.h"
#include "keydb.h"
#include "i18n.h"
/* fixme: Move this to jnlib */
static char *
strtimestamp (time_t atime)
strtimestamp_r (time_t atime)
{
char *buffer = xmalloc (15);
@ -59,7 +58,7 @@ strtimestamp (time_t atime)
/* Hash the data for a detached signature */
static void
hash_data (int fd, GCRY_MD_HD md)
hash_data (int fd, gcry_md_hd_t md)
{
FILE *fp;
char buffer[4096];
@ -102,7 +101,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
KsbaStopReason stopreason;
KsbaCert cert;
KEYDB_HANDLE kh;
GCRY_MD_HD data_md = NULL;
gcry_md_hd_t data_md = NULL;
int signer;
const char *algoid;
int algo;
@ -130,7 +129,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
rc = gpgsm_create_reader (&b64reader, ctrl, fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gnupg_strerror (rc));
log_error ("can't create reader: %s\n", gpg_strerror (rc));
goto leave;
}
@ -139,7 +138,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gnupg_strerror (rc));
log_error ("can't create writer: %s\n", gpg_strerror (rc));
goto leave;
}
}
@ -160,11 +159,10 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
goto leave;
}
data_md = gcry_md_open (0, 0);
if (!data_md)
rc = gcry_md_open (&data_md, 0, 0);
if (rc)
{
rc = map_gcry_err (gcry_errno());
log_error ("md_open failed: %s\n", gcry_strerror (-1));
log_error ("md_open failed: %s\n", gpg_strerror (rc));
goto leave;
}
if (DBG_HASHING)
@ -225,7 +223,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
rc = gpgsm_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gnupg_strerror (rc));
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}
}
@ -364,7 +362,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
}
else
log_error ("failed to find the certificate: %s\n",
gnupg_strerror(rc));
gpg_strerror(rc));
{
char numbuf[50];
sprintf (numbuf, "%d", rc);
@ -380,7 +378,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
rc = keydb_get_cert (kh, &cert);
if (rc)
{
log_error ("failed to get cert: %s\n", gnupg_strerror (rc));
log_error ("failed to get cert: %s\n", gpg_strerror (rc));
goto next_signer;
}
@ -395,7 +393,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (msgdigest)
{ /* Signed attributes are available. */
GCRY_MD_HD md;
gcry_md_hd_t md;
unsigned char *s;
/* check that the message digest in the signed attributes
@ -415,10 +413,10 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
goto next_signer;
}
md = gcry_md_open (algo, 0);
if (!md)
rc = gcry_md_open (&md, algo, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gcry_strerror (-1));
log_error ("md_open failed: %s\n", gpg_strerror (rc));
goto next_signer;
}
if (DBG_HASHING)
@ -445,7 +443,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
{
char *fpr;
log_error ("invalid signature: %s\n", gnupg_strerror (rc));
log_error ("invalid signature: %s\n", gpg_strerror (rc));
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
xfree (fpr);
@ -454,8 +452,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
rc = gpgsm_cert_use_verify_p (cert); /*(this displays an info message)*/
if (rc)
{
gpgsm_status2 (ctrl, STATUS_ERROR, "verify.keyusage",
gnupg_error_token (rc), NULL);
gpgsm_status_with_err_code (ctrl, STATUS_ERROR, "verify.keyusage",
gpg_err_code (rc));
rc = 0;
}
@ -474,7 +472,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
char *buf, *fpr, *tstr;
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
tstr = strtimestamp (sigtime);
tstr = strtimestamp_r (sigtime);
buf = xmalloc ( strlen(fpr) + strlen (tstr) + 120);
sprintf (buf, "%s %s %lu %lu", fpr, tstr,
(unsigned long)sigtime, (unsigned long)keyexptime );
@ -486,14 +484,16 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (rc) /* of validate_chain */
{
log_error ("invalid certification chain: %s\n", gnupg_strerror (rc));
log_error ("invalid certification chain: %s\n", gpg_strerror (rc));
if (gpg_err_code (rc) == GPG_ERR_BAD_CERT_CHAIN
|| gpg_err_code (rc) == GPG_ERR_BAD_CERT
|| gpg_err_code (rc) == GPG_ERR_BAD_CA_CERT
|| gpg_err_code (rc) == GPG_ERR_CERT_REVOKED)
gpgsm_status (ctrl, STATUS_TRUST_NEVER, gnupg_error_token (rc));
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL,
gpg_err_code (rc));
else
gpgsm_status (ctrl, STATUS_TRUST_UNDEFINED, gnupg_error_token (rc));
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL,
gpg_err_code (rc));
goto next_signer;
}