Fix assuan context things.

Signed-off-by: NIIBE Yutaka <[email protected]>
author: NIIBE Yutaka <[email protected]> 2023-03-03 03:02:07 +0000
committer: NIIBE Yutaka <[email protected]> 2023-03-03 03:02:07 +0000
commit: 20ba5794bf2205963058bd14edc7623da7ca2583 (patch)
tree: fd3b2eb2137685d7a23c198f474dc846e512daa8
parent: Implement token_sign. (diff)
download: gnupg-20ba5794bf2205963058bd14edc7623da7ca2583.tar.gz
gnupg-20ba5794bf2205963058bd14edc7623da7ca2583.zip
4 files changed, 28 insertions, 135 deletions
diff --git a/tkd/command.c b/tkd/command.c
index e658eb9ee..5e49eb63b 100644
--- a/tkd/command.c
+++ b/tkd/command.c
@@ -32,7 +32,6 @@
 #endif
 
 #include "tkdaemon.h"
-#include <assuan.h>
 #include "../common/asshelp.h"
 #include "../common/server-help.h"
 #include "../common/ssh-utils.h"
@@ -200,7 +199,7 @@ cmd_slotlist (assuan_context_t ctx, char *line)
   line = skip_options (line);
   (void)line;
 
-  err = token_slotlist (ctrl);
+  err = token_slotlist (ctrl, ctx);
   return err;
 }
 
@@ -238,7 +237,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
   if (strlen (keygrip) != 40)
     err = gpg_error (GPG_ERR_INV_ID);
 
-  err = token_readkey (ctrl, keygrip, opt_info, &pk, &pklen);
+  err = token_readkey (ctrl, ctx, keygrip, opt_info, &pk, &pklen);
   if (err)
     goto leave;
 
@@ -344,7 +343,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
   if (strlen (keygrip) != 40)
     err = gpg_error (GPG_ERR_INV_ID);
 
-  err = token_sign (ctrl, keygrip, hash_algo, &outdata, &outdatalen);
+  err = token_sign (ctrl, ctx, keygrip, hash_algo, &outdata, &outdatalen);
   if (err)
     {
       log_error ("token_sign failed: %s\n", gpg_strerror (err));
@@ -424,7 +423,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
   else
     keygrip = skip_options (line);
 
-  err = token_keyinfo (ctrl, keygrip, opt_data, cap);
+  err = token_keyinfo (ctrl, ctx, keygrip, opt_data, cap);
 
   return err;
 }
diff --git a/tkd/pkcs11.c b/tkd/pkcs11.c
index 0d6bf45cc..0e0b81cb1 100644
--- a/tkd/pkcs11.c
+++ b/tkd/pkcs11.c
@@ -4,10 +4,9 @@
 #include <string.h>
 #include <dlfcn.h>
 
-#include <gpg-error.h>
-#include <gcrypt.h>
-#include <assuan.h>
+#include "tkdaemon.h"
 
+#include <gcrypt.h>
 #include "../common/util.h"
 #include "pkcs11.h"
 
@@ -503,6 +502,7 @@ detect_private_keys (struct token *token)
           return -1;
         }
     }
+  return 0;
 }
 
 static long
@@ -591,6 +591,7 @@ check_public_keys (struct token *token)
           return -1;
         }
     }
+  return 0;
 }
 
 #if 0
@@ -728,12 +729,13 @@ find_key (struct cryptoki *ck, const char *keygrip, struct key **r_key)
   return -1;
 }
 
-static long
+static gpg_error_t
 do_pksign (struct key *key, int hash_algo,
            const unsigned char *u_data, unsigned long u_data_len,
            unsigned char **r_signature,
            unsigned long *r_signature_len)
 {
+  gpg_error_t err = 0;
   unsigned long r = 0;
   struct token *token = key->token;
   struct cryptoki *ck = token->ck;
@@ -783,7 +785,11 @@ do_pksign (struct key *key, int hash_algo,
     {
       mechanism = CKM_EDDSA;
       siglen = ((nbits+7)/8)*2;
+      memcpy (data, u_data, u_data_len);
+      data_len = u_data_len;
     }
+  else
+    return gpg_error (GPG_ERR_BAD_SECKEY);
 
   mechanism_struct.mechanism = mechanism;
   mechanism_struct.parameter = NULL;
@@ -819,123 +825,10 @@ do_pksign (struct key *key, int hash_algo,
   return 0;
 }
 
-#ifdef TESTING
-int
-main (int argc, const char *argv[])
-{
-  long r;
-  struct cryptoki *ck = ck_instance;
-  unsigned long num_slots = MAX_SLOTS;
-  ck_slot_id_t  slot_list[MAX_SLOTS];
-  int i;
-  const unsigned char *pin = NULL;
-  int pin_len = -1;
-  const char *keygrip = NULL;
-  int num_tokens = 0;
-
-  r = get_function_list (ck, argv[1]);
-  if (r)
-    {
-      return 1;
-    }
-
-  if (argc >= 3)
-    keygrip = argv[2];
-
-  if (argc >= 4)
-    {
-      pin = argv[3];
-      pin_len = strlen (argv[3]);
-    }
-
-  r = get_slot_list (ck, &num_slots, slot_list);
-  if (r)
-    {
-      return 1;
-    }
-
-  for (i = 0; i < num_slots; i++)
-    {
-      struct ck_token_info tk_info;
-      struct token *token = &ck->token_list[num_tokens]; /* Allocate one token in CK */
-
-      token->ck = ck;
-      token->valid = 0;
-      token->slot_id = slot_list[i];
-
-      if (get_token_info (token, &tk_info) == 0)
-        {
-          if ((tk_info.flags & CKF_TOKEN_INITIALIZED) == 0
-              || (tk_info.flags & CKF_USER_PIN_LOCKED) != 0)
-            continue;
-
-          token->login_required = (tk_info.flags & CKF_LOGIN_REQUIRED);
-
-          r = open_session (token);
-          if (r)
-            {
-              printf ("Error at open_session: %d\n", r);
-              continue;
-            }
-
-          /* XXX: Support each PIN for each token.  */
-          if (token->login_required && pin)
-            login (token, pin, pin_len);
-
-	  puts ("************");
-          num_tokens++;
-	  r = learn_keys (token);
-        }
-    }
-
-  ck->num_slots = num_tokens;
-
-  if (keygrip)
-    {
-      struct key *k;
-
-      r = find_key (ck, keygrip, &k);
-      if (!r)
-        {
-          unsigned char sig[1024];
-          unsigned long siglen = sizeof (sig);
-
-          printf ("key object id: %d\n", k->p11_keyid);
-          printf ("key type: %d\n", k->key_type);
-          puts (k->keygrip);
-
-          r = do_pksign (k, "test test", 9, sig, &siglen);
-          if (!r)
-            {
-              int i;
-
-              for (i = 0; i < siglen; i++)
-                printf ("%02x", sig[i]);
-              puts ("");
-            }
-        }
-    }
-
-  for (i = 0; i < num_slots; i++)
-    {
-      struct token *token = &ck->token_list[i];
-
-      if (token->valid && token->login_required && pin)
-        logout (token);
-
-      close_session (token);
-    }
-
-  ck->f->C_Finalize (NULL);
-  return 0;
-}
-#else
-#include "../common/util.h"
-
 #define ENVNAME "PKCS11_MODULE"
 
 gpg_error_t
-token_slotlist (ctrl_t ctrl)
+token_slotlist (ctrl_t ctrl, assuan_context_t ctx)
 {
   gpg_error_t err;
 
@@ -949,6 +842,7 @@ token_slotlist (ctrl_t ctrl)
   char *module_name;
 
   (void)ctrl;
+  (void)ctx;
   module_name = getenv (ENVNAME);
   if (!module_name)
     return gpg_error (GPG_ERR_NO_NAME);
@@ -1006,7 +900,7 @@ token_slotlist (ctrl_t ctrl)
 }
 
 gpg_error_t
-token_sign (ctrl_t ctrl,
+token_sign (ctrl_t ctrl, assuan_context_t ctx,
             const char *keygrip, int hash_algo,
             unsigned char **r_outdata,
             size_t *r_outdatalen)
@@ -1016,6 +910,7 @@ token_sign (ctrl_t ctrl,
   struct cryptoki *ck = ck_instance;
   unsigned long r;
 
+  (void)ctrl;
   /* mismatch: size_t for GnuPG, unsigned long for PKCS#11 */
   /* mismatch: application prepare buffer for PKCS#11 */
 
@@ -1024,7 +919,6 @@ token_sign (ctrl_t ctrl,
     return gpg_error (GPG_ERR_NO_SECKEY);
   else
     {
-      assuan_context_t ctx = ctrl->server_local->assuan_ctx;
       const char *cmd;
       unsigned char *value;
       size_t valuelen;
@@ -1045,20 +939,20 @@ token_sign (ctrl_t ctrl,
 }
 
 gpg_error_t
-token_readkey (ctrl_t ctrl,
+token_readkey (ctrl_t ctrl, assuan_context_t ctx,
                const char *keygrip, int opt_info,
                unsigned char **r_pk,
                size_t *r_pklen)
 {
   gpg_error_t err;
+  (void)ctrl;
   return err;
 }
 
 gpg_error_t
-token_keyinfo (ctrl_t ctrl, const char *keygrip,
-               int opt_data, int cap)
+token_keyinfo (ctrl_t ctrl, assuan_context_t ctx,
+               const char *keygrip, int opt_data, int cap)
 {
   gpg_error_t err;
   return err;
 }
-#endif
diff --git a/tkd/tkdaemon.c b/tkd/tkdaemon.c
index fb384a80f..4d1c94978 100644
--- a/tkd/tkdaemon.c
+++ b/tkd/tkdaemon.c
@@ -43,7 +43,6 @@
 #include "tkdaemon.h"
 
 #include <gcrypt.h>
-#include <assuan.h> /* malloc hooks */
 
 #include "../common/i18n.h"
 #include "../common/sysutils.h"
diff --git a/tkd/tkdaemon.h b/tkd/tkdaemon.h
index 73fa25896..a03f56c17 100644
--- a/tkd/tkdaemon.h
+++ b/tkd/tkdaemon.h
@@ -26,6 +26,7 @@
 #endif
 #define GPG_ERR_SOURCE_DEFAULT  18 // GPG_ERR_SOURCE_TKD
 #include <gpg-error.h>
+#include <assuan.h>
 
 #include <time.h>
 #include <gcrypt.h>
@@ -108,17 +109,17 @@ void send_keyinfo (ctrl_t ctrl, int data, const char *keygrip_str,
                    const char *usage);
 
 /*-- pkcs11.c --*/
-gpg_error_t token_slotlist (ctrl_t ctrl);
-gpg_error_t token_sign (ctrl_t ctrl,
+gpg_error_t token_slotlist (ctrl_t ctrl, assuan_context_t ctx);
+gpg_error_t token_sign (ctrl_t ctrl, assuan_context_t ctx,
 			const char *keygrip, int hash_algo,
 			unsigned char **r_outdata,
 			size_t *r_outdatalen);
-gpg_error_t token_readkey (ctrl_t ctrl,
+gpg_error_t token_readkey (ctrl_t ctrl, assuan_context_t ctx,
 			   const char *keygrip, int opt_info,
 			   unsigned char **r_pk,
 			   size_t *r_pklen);
-gpg_error_t token_keyinfo (ctrl_t ctrl, const char *keygrip,
-			   int opt_data, int cap);
+gpg_error_t token_keyinfo (ctrl_t ctrl, assuan_context_t ctx,
+                           const char *keygrip, int opt_data, int cap);
 
 
 #endif /*TKDAEMON_H*/
author	NIIBE Yutaka <[email protected]>	2023-03-03 03:02:07 +0000
committer	NIIBE Yutaka <[email protected]>	2023-03-03 03:02:07 +0000
commit	20ba5794bf2205963058bd14edc7623da7ca2583 (patch)
tree	fd3b2eb2137685d7a23c198f474dc846e512daa8
parent	Implement token_sign. (diff)
download	gnupg-20ba5794bf2205963058bd14edc7623da7ca2583.tar.gz gnupg-20ba5794bf2205963058bd14edc7623da7ca2583.zip