1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

2396 Commits

Author SHA1 Message Date
NIIBE Yutaka
cea6925fa4 ecc-sos: Fix ECDH.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix deallocation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-20 12:03:07 +09:00
NIIBE Yutaka
705954149b ecc-sos: Fix exporting secret key for SOS.
* g10/export.c (transfer_format_to_openpgp): Use SOS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-19 11:17:02 +09:00
NIIBE Yutaka
8513ab8bf3 ecc-sos: Use opaque for key from agent.
* g10/export.c (cleartext_secret_key_to_openpgp): Use /q.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-14 14:56:23 +09:00
NIIBE Yutaka
93cefe9497 ecc-sos: Compatible mode for SOS.
* g10/build-packet.c (sos_write): Add an argument COMPAT.  When
COMPAT=1, NBITS specifies number of bits when interpreted as MPI,
except the case when the first octet is zero.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-14 14:28:39 +09:00
NIIBE Yutaka
58ad686bfe ecc-sos: No need to expose sos_write.
* g10/build-packet.c (sos_write): Rename from gpg_sos_write.
* g10/packet.h (gpg_sos_write): Remove.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-14 14:10:23 +09:00
NIIBE Yutaka
e02347b2ab ecc-sos: Clean up use of mpi_get_opaque.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Tidy up.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-12 13:42:07 +09:00
NIIBE Yutaka
e6c975280a ecc-sos: Remove zero-octet removal on write.
* g10/build-packet.c (gpg_mpi_write): Don't remove zero bits.
* g10/packet.h (CALC_NBITS): Remove.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-08 11:42:20 +09:00
NIIBE Yutaka
70af2165ec ecc-sos: Fix gpg_mpi_write for opaque bit string.
* g10/build-packet.c (gpg_mpi_write): Handle opaque bit string
when it's has exact number of bits.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 19:00:38 +09:00
NIIBE Yutaka
4cc4ff03a2 ecc-sos: Fix reading SEXP from agent.
* g10/keygen.c (ecckey_from_sexp): Use GCRYMPI_FMT_OPAQUE.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 13:12:09 +09:00
NIIBE Yutaka
a9b31fc3e4 ecc-sos: Fix parsing key for EdDSA/ECDH.
* g10/parse-packet.c (parse_key): Read by sos_read.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 11:56:28 +09:00
NIIBE Yutaka
ed4c1e213a ecc-sos: public key is MPI with the prefix 0x40.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
f27a581090 sos: don't change NBITS.
For SOS, an ECC point with prefix 0x40 can be represented in two ways.
One for 0x40 interpreted as 7-bit, another as 8-bit (MSB is zero).

This matters for fingerprint computation, so, the representation
should be preserved, or we should use another flag to hold the
difference in the representation...

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
638328a33d sos: Fix fingerprint computation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
3fae9540c6 Fix exporting key for ECC.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
0e40b033b8 gpg: Fix for the condition calling gpg_sos_write.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
5b094067f7 gpg: Use opaque MPI for shared point.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
b73fef0376 gpg: Implement the fix-up of zero for SOS.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
ac977526ac gpg: Use opaque MPI for ECDH.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
c31fd44737 gpg: Use GCRYMPI_FLAG_USER2 for SOS, and hash_public_key with that.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
93bcc87bd0 Add sos_read.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:07 +09:00
NIIBE Yutaka
120f4e8c67 gpg: Use opaque byte MPI interface for ECC key.
* g10/keygen.c (ecckey_from_sexp): Parse by GCRYMPI_FMT_OPAQUE.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:07 +09:00
NIIBE Yutaka
2096965c53 gpg: Introduce SOS (Simply Octet String) support.
* g10/build-packet.c (gpg_sos_write): New.
(do_key): Use gpg_sos_write.
(do_signature): Use gpg_sos_write for EdDSA.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:07 +09:00
Werner Koch
cec397e002
gpg: Make AEAD modes subject to compliance checks.
* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
--

Note that the AEAD modes are not yet approved for --compliance=de-vs

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:52:29 +02:00
Werner Koch
5c47e7825b
indent: Some typo and indentation changes for gpg.
--
2020-04-15 22:23:10 +02:00
Werner Koch
df0edaf91a
gpg: Fix broken setting of AEAD algo.
* g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
--

With the old code and using libgcrypt 1.9 would have switched from the
high performance OCB to the ugly EAX mode.  We are free software, we
are OCB.
2020-04-15 22:21:46 +02:00
NIIBE Yutaka
fd79cadf7b gpg: ECDH: Accept longer padding.
* g10/pubkey-enc.c (get_it): Remove check which mandates shorter
padding.

--

According to the section 8 of RFC 6637, the sender MAY use 21 bytes of
padding for AES-128 to provide 40-byte "m".

Reported-by: Metin Savignano
GnuPG-bug-id: 4908
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-04-08 09:29:43 +09:00
Werner Koch
15352b0eac
gpg,card: Use the new MANUFACTURER attribute.
* tools/gpg-card.h (struct card_info_s): Add manufacturer fields.
* tools/card-call-scd.c (release_card_info): Release them.
(learn_status_cb): Parse MANUFACTURER attribute.
* tools/gpg-card.c (get_manufacturer): Remove.
(list_card): Use the new attribute.
* g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields.
* g10/call-agent.c (agent_release_card_info): Release them.
(learn_status_cb): Parse MANUFACTURER attribute.
* g10/card-util.c (get_manufacturer): Remove.
(current_card_status): Use new attribute.
--

This does away with the duplicated OpenPGP vendor tables; they are now
at a better place (app-openpgp.c).

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-03 10:44:32 +02:00
NIIBE Yutaka
ba247a114c gpg: Add regular expression support.
* AUTHORS, COPYING.other: Update.
* Makefile.am (SUBDIRS): Add regexp sub directory.
* configure.ac (DISABLE_REGEX): Remove.
* g10/Makefile.am (needed_libs): Add libregexp.a.
* g10/trustdb.c: Remove DISABLE_REGEX support.
* regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
  regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
* regexp/UnicodeData.txt: New from Unicode.
* regexp/Makefile.am, regexp/parse-unidata.awk: New.
* tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
* tools/Makefile.am: Remove DISABLE_REGEX support.

GnuPG-bug-id: 4843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-04-03 15:30:08 +09:00
Werner Koch
4287f89557
gpg: Also allow a v5 fingerprint for --trusted-key.
* g10/trustdb.c (tdb_register_trusted_key): Add case for 32 octet
fingerprints.
--
GnuPG-bug-id: 4855

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-18 13:56:43 +01:00
Daniel Kahn Gillmor
810ea2cc68
gpg: Update --trusted-key to accept fingerprint as well as long key id.
* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
as long key ID.
* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
--

GnuPG-bug-id: 4855
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Fixed uses or return and kept the old string to avoid breaking
translations.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-18 13:50:52 +01:00
Werner Koch
161a098be6
gpg: Fix key expiration and usage for keys created at the Epoch.
* g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in
account.
--

Keys created at the Epoch have a creation time of 0; when figuring out
the latest signature with properties to apply to a key the usual
comparison A > B does not work if A is always 0.  We now special case
this for the expiration and usage data.

Co-authored-by: gniibe@fsij.org
GnuPG-bug-id: 4670
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-18 12:30:06 +01:00
Werner Koch
451cd1b392
gpgconf: Further simplify the gpgconf option processing.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list.  Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--

There is no need to read the list of options from the components
unless they convey a default value.  It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed.   Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:12:41 +01:00
Werner Koch
6b306f45f4
gpg: New option --auto-key-import
* g10/gpg.c (opts): New options --auto-key-import,
--no-auto-key-import, and --no-include-key-block.
(gpgconf_list): Add them.
* g10/options.h (opt): Add field flags.auto_key_import.
* g10/mainproc.c (check_sig_and_print): Use flag to enable that
feature.
* tools/gpgconf-comp.c: Give the new options a Basic config level.
--

Note that the --no variants of the options are intended for easy
disabling at the command line.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 18:04:47 +01:00
Werner Koch
6a4443c842
gpg: Make use of the included key block in a signature.
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters.  Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--

This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.

There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported.  The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time.  However,
the new user id is not imported.  Now when trying to reply to that
last mail, no key will be found.  We need to see whether we can update
a key in such a case.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 17:14:34 +01:00
Werner Koch
865d485180
gpg: New option --include-key-block.
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--

This patch adds support for a to be proposed OpenPGP ferature:

  Introduce the Key Block subpacket to align OpenPGP with CMS.

  This new subpacket may be used similar to the CertificateSet of
  CMS (RFC-5652) and thus allows to start encrypted communication
  after having received a signed message.  In practice a stripped down
  version of the key should be including having only the key material
  and the self-signatures which are really useful and shall be used by
  the recipient to reply encrypted.

  #### Key Block

  (1 octet with value 0, N octets of key data)

  This subpacket MAY be used to convey key data along with a signature
  of class 0x00, 0x01, or 0x02.  It MUST contain the key used to create
  the signature; either as the primary key or as a subkey.  The key
  SHOULD contain a primary or subkey capable of encryption and the
  entire key must be a valid OpenPGP key including at least one User ID
  packet and the corresponding self-signatures.

  Implementations MUST ignore this subpacket if the first octet does not
  have a value of zero or if the key data does not represent a valid
  transferable public key.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 13:34:49 +01:00
Werner Koch
32493ce50a
gpg: Add property "fpr" for use by --export-filter.
* g10/export.c (push_export_filters): New.
(pop_export_filters): New.
(export_pubkey_buffer): Add args prefix and prefixlen.  Adjust
callers.
* g10/import.c (impex_filter_getval): Add property "fpr".
* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
--

The push and pop feature will help us to use the export filter
internally in gpg.  Same for the export_pubkey_buffer change.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 13:19:31 +01:00
Werner Koch
90fb4a69d2
doc: Add a comment to explain the signature postscript.
--

Hal Finney explained this on January 22, 2004 on a question from Peter
Gutmann on the WG list.
2020-03-12 11:05:37 +01:00
Werner Koch
41eb5108ce
gpg: Re-group the options in the --help output.
* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
use ARGPARSE_ignore and remove the code in the option switch.
--

This looks better and is also required for further simplifications of
gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 15:18:27 +01:00
Werner Koch
4423e9dcde
gpgconf: Support reading global options (part 2).
* tools/gpgconf-comp.c: Remove all regular option descriptions.  They
are now read in from the component.  Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--

This second part removes all regular option descriptions because they
can be read from the components.  A few were missing in the components
and thus moved to there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-06 10:09:26 +01:00
Werner Koch
a94daa6549
card: Add yet another vendor.
--
2020-03-03 13:37:28 +01:00
Werner Koch
3c4ab531eb
card: Add new vendor.
--
2020-03-03 11:55:08 +01:00
Werner Koch
79f2318aa5
gpg: Re-enable versioned config files
* g10/gpg.c (main): Use ARGPARSE_FLAG_USERVERS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-25 15:18:55 +01:00
Werner Koch
7e8f28653c
gpg: Re-add checking of config file permissions.
* g10/gpg.c (main): Re-add permission checking of the user config
file.  Re-add code to check against the SE-Linux secured file list.
(get_default_configname): Remove unused func.
* configure.ac (SAFE_VERSION, SAFE_VERSION_DOT)
(SAFE_VERSION_DASH): Remove.
--

Die to the switch to the new option parser, the permissions were not
anymore checked.  This patch fixes this.  Note that there there is no
checking for the global config file because that file is not expected
to be user modifiable.

This patch also adds checking against the list of SE-linux secured
files.  However, like in the old code the checking does not work in
practise because the to be checked files are added to the the list
only after option parsing.  Tested using temporary debug code.

The SAFE_VERSION macros were used for RISC OS, which is not anymore
supported, and only in the now removed get_default_configname.  There
purpose was that a RISC OS could use a modified config.h here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-25 14:09:46 +01:00
Werner Koch
2c823bd878
Use gpgrt's new option parser for gpgc, gpgsm, and gpg-agent.
* g10/gpgv.c: Use new option parser.
* sm/gpgsm.c: Ditto.
* agent/gpg-agent.c: Ditto.
(opts): Add option --no-options.
--

This is the next part of changes.  The latest libgpg-error is required
so that that re-reading options (SIGHUP) works.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 14:59:58 +01:00
Werner Koch
0e8f6e2aa9
gpg: Use gpgrt's new option parser to provide a global conf file.
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h.  Do this also for all main modules which use our option
parser except for gpg.  Replace calls to strusage by calls to
gpgrt_strusage everywhere.

* g10/gpg.c (opts): Change type to gpgrt_opt_t.  Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t.  Rework the option
parser to make use of the new gpgrt_argparser.
--

This is not yet finished but a make check works.  gpg has the most
complex and oldest option handling and thus this is the first
migration target.  SE-Linux checks and version-ed config files are
missing and will be added later.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-20 11:13:32 +01:00
NIIBE Yutaka
41913d76f7 gpg: Fix default-key selection when card is available.
* g10/getkey.c (get_seckey_default_or_card): Handle the case
when card key is not suitable for requested usage.

--

Cherry-pick stable commit of:
	1cdd9e57f701f0d99d118d32adffe5216a94b0b2

GnuPG-bug-id: 4850
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-02-19 11:05:25 +09:00
Daniel Kahn Gillmor
0904b8ef34 Spelling cleanup.
No functional changes, just fixing minor spelling issues.

---

Most of these were identified from the command line by running:

  codespell \
    --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
    --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
    doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
    NEWS README README.maint TODO

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-02-18 18:07:46 -05:00
Werner Koch
86312b920a
gpg: New option --full-timestrings.
* g10/options.h (opt): Add flags.full_timestrings.
* g10/gpg.c (oFullTimestrings): New.
(opts): New option.
(main): Set new flag.
* g10/keyid.c (dateonlystr_from_pk): New.
(dateonlystr_from_sig): New.
(datestr_from_pk): Divert to isotimestamp if requested.
(datestr_from_sig): Ditto.
(expirestr_from_pk): Ditto.
(expirestr_from_sig): Ditto.
(revokestr_from_pk): Ditto.
* g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and
dateonlystr_from_pk.
--

Quite helpful for debugging keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:07:09 +01:00
Werner Koch
14ac350f86
gpg: Changes to allow direct key generation from an OpenPGP card.
* g10/call-agent.h (struct keypair_info_s): Add fields keytime and
usage.
* g10/call-agent.c (struct keypairinfo_cb_parm_s): New.
(scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data.
(agent_scd_keypairinfo): Change accordingly.
(agent_scd_readkey): Add arg ctrl and change callers.  Change return
arg from an strlist_t to a keypair_info_t.
(readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME.
* g10/keygen.c (pSUBKEYCREATIONDATE): New.
(pAUTHKEYCREATIONDATE): New.
(get_parameter_u32): Allow for new parameters.
(do_create_from_keygrip): For card keys use direct scd call which does
not create a stub file.
(ask_algo): Rework to use the new keypair_info_t as return from
agent_scd_keypairinfo.
(parse_key_parameter_part): Likewise.  Also get and return the key
creation time using a arg.
(parse_key_parameter_string): New args r_keytime and r_subkeytime.
(parse_algo_usage_expire): New arg r_keytime.
(proc_parameter_file): Ignore the explict pCREATIONDATE for card keys.
(quickgen_set_para): New arg keytime.
(quick_generate_keypair): Get the keytimes and set the pCARDKEY flag.
(generate_keypair): Likewise.
(do_generate_keypair): Implement the cardkey with keytime thingy.
(generate_subkeypair): Use the keytime parameters.
* g10/keygen.c (pAUTHKEYCREATIONDATE): New.  Not yet set but may come
handy later.
(get_parameter_u32): Take care of that.
(do_generate_keypair): For cardkeys sign with the current time.
--

Key generation direct from the card used to work for all cards except
the OpenPGP cards. The key generation from card using an OpenPGP card
is special because the fingerprint is stored on the card and we must
make sure that the newly created key has the same fingerprint.  This
requires that we take the key creation date as stored on the card into
account.

Along with the recent change in gpg-agent this change also fixes a
problem with existing stub files.

Note that with a key take from a card the self-signature are created
with the current time and not the creation time.  This allows to
better distinguish keys created using the same card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:07:04 +01:00
Werner Koch
8c63430d1a
gpg: Rename the struct card_key_info_s.
* g10/call-agent.h (struct card_key_info_s): Rename to ...
(struct keypair_info_s): this.
(keypair_info_t): New.  Use this everywhere instead of
card_key_info_s.
* g10/call-agent.c (agent_scd_free_keyinfo): Rename to ..
(free_keypair_info): this.  Change all callers.
--

The struct is also useful to store the data from KEYPAIRINFO status
lines.  Thus renaming it makes sense.  A future patch will extend the
struct.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-12 17:29:51 +01:00