security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Allow setting of the passphrase encoding of pkcs#12 files.

Browse source 
New option --p12-charset.
This commit is contained in:
Werner Koch 2007-03-20 10:00:55 +00:00
parent 083010a53d
commit fd628ffda1
10 changed files with 130 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

5
agent/ChangeLog
View file

@ -1,3 +1,8 @@
2007-03-20 Werner Koch <wk@g10code.com>
* protect-tool.c: New option --p12-charset.
* minip12.c (p12_build): Implement it.
2007-03-19 Werner Koch <wk@g10code.com>
* minip12.c: Include iconv.h.

71
agent/minip12.c
View file

@ -28,11 +28,11 @@
#include <assert.h>
#include <gcrypt.h>
#include <iconv.h>
#include <errno.h>
#ifdef TEST
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
#endif
#include "../jnlib/logging.h"
@ -518,6 +518,10 @@ decrypt_block (const void *ciphertext, unsigned char *plaintext, size_t length,
"ISO-8859-8",
"ISO-8859-9",
"KOI8-R",
"IBM437",
"IBM850",
"EUC-JP",
"BIG5",
NULL
};
int charsetidx = 0;
@ -2139,25 +2143,75 @@ build_cert_sequence (unsigned char *buffer, size_t buflen,
}
/* Expect the RSA key parameters in KPARMS and a password in
PW. Create a PKCS structure from it and return it as well as the
length in R_LENGTH; return NULL in case of an error. */
/* Expect the RSA key parameters in KPARMS and a password in PW.
Create a PKCS structure from it and return it as well as the length
in R_LENGTH; return NULL in case of an error. If CHARSET is not
NULL, re-encode PW to that character set. */
unsigned char *
p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
const char *pw, size_t *r_length)
const char *pw, const char *charset, size_t *r_length)
{
unsigned char *buffer;
unsigned char *buffer = NULL;
size_t n, buflen;
char salt[8];
struct buffer_s seqlist[3];
int seqlistidx = 0;
unsigned char sha1hash[20];
char keyidstr[8+1];
char *pwbuf = NULL;
size_t pwbufsize = 0;
n = buflen = 0; /* (avoid compiler warning). */
memset (sha1hash, 0, 20);
*keyidstr = 0;
if (charset && pw && *pw)
{
iconv_t cd;
const char *inptr;
char *outptr;
size_t inbytes, outbytes;
/* We assume that the converted passphrase is at max 2 times
longer than its utf-8 encoding. */
pwbufsize = strlen (pw)*2 + 1;
pwbuf = gcry_malloc_secure (pwbufsize);
if (!pwbuf)
{
log_error ("out of secure memory while converting passphrase\n");
goto failure;
}
cd = iconv_open (charset, "utf-8");
if (cd == (iconv_t)(-1))
{
log_error ("can't convert passphrase to"
" requested charset `%s': %s\n",
charset, strerror (errno));
gcry_free (pwbuf);
goto failure;
}
inptr = pw;
inbytes = strlen (pw);
outptr = pwbuf;
outbytes = pwbufsize - 1;
if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
&outptr, &outbytes) == (size_t)-1)
{
log_error ("error converting passphrase to"
" requested charset `%s': %s\n",
charset, strerror (errno));
gcry_free (pwbuf);
iconv_close (cd);
goto failure;
}
*outptr = 0;
iconv_close (cd);
pw = pwbuf;
}
if (cert && certlen)
{
/* Calculate the hash value we need for the bag attributes. */
@ -2219,6 +2273,11 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
buffer = create_final (seqlist, pw, &buflen);
failure:
if (pwbuf)
{
wipememory (pwbuf, pwbufsize);
gcry_free (pwbuf);
}
for ( ; seqlistidx; seqlistidx--)
gcry_free (seqlist[seqlistidx].buffer);

3
agent/minip12.h
View file

@ -31,7 +31,8 @@ gcry_mpi_t *p12_parse (const unsigned char *buffer, size_t length,
unsigned char *p12_build (gcry_mpi_t *kparms,
unsigned char *cert, size_t certlen,
const char *pw, size_t *r_length);
const char *pw, const char *charset,
size_t *r_length);
#endif /*MINIP12_H*/

12
agent/protect-tool.c
View file

@ -65,6 +65,7 @@ enum cmd_and_opt_values
oP12Import,
oP12Export,
oP12Charset,
oStore,
oForce,
oHaveCert,
@ -96,6 +97,7 @@ static int opt_have_cert;
static const char *opt_passphrase;
static char *opt_prompt;
static int opt_status_msg;
static const char *opt_p12_charset;
static char *get_passphrase (int promptno, int opt_check);
static char *get_new_passphrase (int promptno);
@ -118,8 +120,10 @@ static ARGPARSE_OPTS opts[] = {
{ oShowShadowInfo, "show-shadow-info", 256, "return the shadow info"},
{ oShowKeygrip, "show-keygrip", 256, "show the \"keygrip\""},
{ oP12Import, "p12-import", 256, "import a PKCS-12 encoded private key"},
{ oP12Export, "p12-export", 256, "export a private key PKCS-12 encoded"},
{ oP12Import, "p12-import", 256, "import a pkcs#12 encoded private key"},
{ oP12Export, "p12-export", 256, "export a private key pkcs#12 encoded"},
{ oP12Charset,"p12-charset", 2,
"|NAME|set charset for a new PKCS#12 passphrase to NAME" },
{ oHaveCert, "have-cert", 0, "certificate to export provided on STDIN"},
{ oStore, "store", 0, "store the created key in the appropriate place"},
{ oForce, "force", 0, "force overwriting"},
@ -127,6 +131,7 @@ static ARGPARSE_OPTS opts[] = {
{ oHomedir, "homedir", 2, "@" },
{ oPrompt, "prompt", 2, "|ESCSTRING|use ESCSTRING as prompt in pinentry"},
{ oStatusMsg, "enable-status-msg", 0, "@"},
{0}
};
@ -987,7 +992,7 @@ export_p12_file (const char *fname)
kparms[8] = NULL;
key = p12_build (kparms, cert, certlen,
(pw=get_new_passphrase (3)), &keylen);
(pw=get_new_passphrase (3)), opt_p12_charset, &keylen);
release_passphrase (pw);
xfree (cert);
for (i=0; i < 8; i++)
@ -1101,6 +1106,7 @@ main (int argc, char **argv )
case oShowKeygrip: cmd = oShowKeygrip; break;
case oP12Import: cmd = oP12Import; break;
case oP12Export: cmd = oP12Export; break;
case oP12Charset: opt_p12_charset = pargs.r.ret_str; break;
case oPassphrase: opt_passphrase = pargs.r.ret_str; break;
case oStore: opt_store = 1; break;