From f60dc501d2958a1d80de7a114d2f4eedc267f2d7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Sat, 24 Nov 2001 22:20:38 +0000 Subject: [PATCH] Introduced the keygrip --- sm/fingerprint.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ sm/gpgsm.h | 3 +++ sm/keylist.c | 3 +++ 3 files changed, 63 insertions(+) diff --git a/sm/fingerprint.c b/sm/fingerprint.c index c6571ab14..29023c2ce 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -124,4 +124,61 @@ gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo) return buf; } + +/* Return the sop called KEYGRIP which is the SHA-1 hash of the public + key parameters expressed as an canoncial encoded S-Exp. array must + be 20 bytes long. returns the array or a newly allocated one if the + passed one was NULL */ +char * +gpgsm_get_keygrip (KsbaCert cert, char *array) +{ + GCRY_SEXP s_pkey; + int rc, len; + char *buf, *p; + + p = ksba_cert_get_public_key (cert); + if (!p) + return NULL; /* oops */ + + if (DBG_X509) + log_debug ("get_keygrip, public key: %s\n", p); + rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p)); + if (rc) + { + log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); + return NULL; + } + /* and now convert it into canoncial form - fixme: we should modify + libksba to return it in this form */ + len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); + assert (len); + buf = xmalloc (len); + len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len); + assert (len); + + if (!array) + array = xmalloc (20); + + gcry_md_hash_buffer (GCRY_MD_SHA1, array, buf, len); + xfree (buf); + + return array; +} + +/* Return an allocated buffer with the keygrip of CERT in from of an + hexstring. NULL is returned in case of error */ +char * +gpgsm_get_keygrip_hexstring (KsbaCert cert) +{ + unsigned char grip[20]; + char *buf, *p; + int i; + + gpgsm_get_keygrip (cert, grip); + buf = p = xmalloc (20*2+1); + for (i=0; i < 20; i++, p += 2 ) + sprintf (p, "%02X", grip[i]); + return buf; +} + diff --git a/sm/gpgsm.h b/sm/gpgsm.h index f1d4fca4d..178607169 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -101,6 +101,9 @@ void gpgsm_status (CTRL ctrl, int no, const char *text); char *gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len); char *gpgsm_get_fingerprint_string (KsbaCert cert, int algo); char *gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo); +char *gpgsm_get_keygrip (KsbaCert cert, char *array); +char *gpgsm_get_keygrip_hexstring (KsbaCert cert); + /*-- certdump.c --*/ void gpgsm_dump_cert (const char *text, KsbaCert cert); diff --git a/sm/keylist.c b/sm/keylist.c index f47a0b79e..19bc9dd40 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -104,6 +104,9 @@ list_cert_colon (KsbaCert cert, FILE *fp) p = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); fprintf (fp, "fpr:::::::::%s:\n", p); xfree (p); + p = gpgsm_get_keygrip_hexstring (cert); + fprintf (fp, "grp:::::::::%s:\n", p?p:""); + xfree (p); if (opt.with_key_data) print_key_data (cert, fp);