security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* sign.c (gpgsm_sign): Include the error source in the final error 

message.
* decrypt.c (gpgsm_decrypt): Ditto.

* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.

* gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.
This commit is contained in:
Werner Koch 2004-05-11 15:36:48 +00:00
parent ac791c0a9a
commit fdb1933917
6 changed files with 106 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sm/ChangeLog
View File

@ -1,5 +1,15 @@
2004-05-11 Werner Koch <wk@gnupg.org> 2004-05-11 Werner Koch <wk@gnupg.org>
* sign.c (gpgsm_sign): Include the error source in the final error
message.
* decrypt.c (gpgsm_decrypt): Ditto.
* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.
* gpgsm.c: New option --debug-allow-core-dump. * gpgsm.c: New option --debug-allow-core-dump.
* gpgsm.h (opt): Add member CONFIG_FILENAME. * gpgsm.h (opt): Add member CONFIG_FILENAME.

3
sm/decrypt.c
View File

@ -495,7 +495,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
if (rc) if (rc)
{ {
gpgsm_status (ctrl, STATUS_DECRYPTION_FAILED, NULL); gpgsm_status (ctrl, STATUS_DECRYPTION_FAILED, NULL);
log_error ("message decryption failed: %s\n", gpg_strerror (rc)); log_error ("message decryption failed: %s <%s>\n",
gpg_strerror (rc), gpg_strsource (rc));
} }
ksba_cms_release (cms); ksba_cms_release (cms);
gpgsm_destroy_reader (b64reader); gpgsm_destroy_reader (b64reader);

60
sm/fingerprint.c
View File

@ -198,6 +198,66 @@ gpgsm_get_keygrip_hexstring (ksba_cert_t cert)
} }
/* Return the PK algorithm used by CERT as well as the length in bits
of the public key at NBITS. */
int
gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits)
{
gcry_sexp_t s_pkey;
int rc;
ksba_sexp_t p;
size_t n;
gcry_sexp_t l1, l2;
const char *name;
char namebuf[128];
if (nbits)
*nbits = 0;
p = ksba_cert_get_public_key (cert);
if (!p)
return 0;
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
if (!n)
{
xfree (p);
return 0;
}
rc = gcry_sexp_sscan (&s_pkey, NULL, p, n);
xfree (p);
if (rc)
return 0;
if (nbits)
*nbits = gcry_pk_get_nbits (s_pkey);
/* Breaking the algorithm out of the S-exp is a bit of a challenge ... */
l1 = gcry_sexp_find_token (s_pkey, "public-key", 0);
if (!l1)
{
gcry_sexp_release (s_pkey);
return 0;
}
l2 = gcry_sexp_cadr (l1);
gcry_sexp_release (l1);
l1 = l2;
name = gcry_sexp_nth_data (l1, 0, &n);
if (name)
{
if (n > sizeof namebuf -1)
n = sizeof namebuf -1;
memcpy (namebuf, name, n);
namebuf[n] = 0;
}
else
*namebuf = 0;
gcry_sexp_release (l1);
gcry_sexp_release (s_pkey);
return gcry_pk_map_name (namebuf);
}
/* For certain purposes we need a certificate id which has an upper /* For certain purposes we need a certificate id which has an upper
limit of the size. We use the hash of the issuer name and the limit of the size. We use the hash of the issuer name and the

1
sm/gpgsm.h
View File

@ -179,6 +179,7 @@ char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert); unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
char *gpgsm_get_keygrip (ksba_cert_t cert, char *array); char *gpgsm_get_keygrip (ksba_cert_t cert, char *array);
char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert); char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
char *gpgsm_get_certid (ksba_cert_t cert); char *gpgsm_get_certid (ksba_cert_t cert);

26
sm/keylist.c
View File

@ -296,6 +296,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
char *fpr; char *fpr;
ksba_isotime_t t; ksba_isotime_t t;
gpg_error_t valerr; gpg_error_t valerr;
int algo;
unsigned int nbits;
if (ctrl->with_validation) if (ctrl->with_validation)
valerr = gpgsm_validate_chain (ctrl, cert, NULL, 1, NULL, 0); valerr = gpgsm_validate_chain (ctrl, cert, NULL, 1, NULL, 0);
@ -330,10 +332,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
fputs (truststring, fp); fputs (truststring, fp);
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
fprintf (fp, ":%u:%d:%s:", algo = gpgsm_get_key_algo_info (cert, &nbits);
/*keylen_of_cert (cert)*/1024, fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);
/* pubkey_algo_of_cert (cert)*/1,
fpr+24);
/* We assume --fixed-list-mode for gpgsm */ /* We assume --fixed-list-mode for gpgsm */
ksba_cert_get_validity (cert, 0, t); ksba_cert_get_validity (cert, 0, t);
@ -547,6 +547,14 @@ list_cert_raw (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
s = get_oid_desc (oid, NULL); s = get_oid_desc (oid, NULL);
fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":""); fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
{
const char *algoname;
unsigned int nbits;
algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
fprintf (fp, " keyType: %u bit %s\n", nbits, algoname? algoname:"?");
}
/* authorityKeyIdentifier */ /* authorityKeyIdentifier */
fputs (" authKeyId: ", fp); fputs (" authKeyId: ", fp);
err = ksba_cert_get_auth_key_id (cert, NULL, &name, &sexp); err = ksba_cert_get_auth_key_id (cert, NULL, &name, &sexp);
@ -829,6 +837,16 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,
gpgsm_print_time (fp, t); gpgsm_print_time (fp, t);
putc ('\n', fp); putc ('\n', fp);
{
const char *algoname;
unsigned int nbits;
algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));
fprintf (fp, " key type: %u bit %s\n", nbits, algoname? algoname:"?");
}
err = ksba_cert_get_key_usage (cert, &kusage); err = ksba_cert_get_key_usage (cert, &kusage);
if (gpg_err_code (err) != GPG_ERR_NO_DATA) if (gpg_err_code (err) != GPG_ERR_NO_DATA)
{ {

18
sm/sign.c
View File

@ -616,12 +616,15 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
gcry_md_close (md); gcry_md_close (md);
goto leave; goto leave;
} }
rc = asprintf (&buf, "%c %d %d 00 %s %s", {
detached? 'D':'S', int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL);
GCRY_PK_RSA, /* FIXME: get pk algo from cert */ rc = asprintf (&buf, "%c %d %d 00 %s %s",
algo, detached? 'D':'S',
signed_at, pkalgo,
fpr); algo,
signed_at,
fpr);
}
xfree (fpr); xfree (fpr);
if (rc < 0) if (rc < 0)
{ {
@ -651,7 +654,8 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
leave: leave:
if (rc) if (rc)
log_error ("error creating signature: %s\n", gpg_strerror (rc)); log_error ("error creating signature: %s <%s>\n",
gpg_strerror (rc), gpg_strsource (rc) );
if (release_signerlist) if (release_signerlist)
gpgsm_release_certlist (signerlist); gpgsm_release_certlist (signerlist);
ksba_cms_release (cms); ksba_cms_release (cms);