aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2004-02-13 17:06:50 +0000
committerWerner Koch <[email protected]>2004-02-13 17:06:50 +0000
commit01486117e893f1a57460297937e6f6ff03fe6359 (patch)
tree18287194edd8a6b448d8d1841f154344bdf995ea
parent* command.c (cmd_setkeydesc): New. (diff)
downloadgnupg-01486117e893f1a57460297937e6f6ff03fe6359.tar.gz
gnupg-01486117e893f1a57460297937e6f6ff03fe6359.zip
* certcheck.c (gpgsm_create_cms_signature): Format a description
for use by the pinentry. * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP. * certdump.c (format_name_cookie, format_name_writer) (gpgsm_format_name): New. (gpgsm_format_serial): New. (gpgsm_format_keydesc): New. * call-agent.c (gpgsm_agent_pksign): New arg DESC. (gpgsm_agent_pkdecrypt): Ditto.
Diffstat
-rw-r--r--sm/ChangeLog10
-rw-r--r--sm/call-agent.c24
-rw-r--r--sm/certcheck.c7
-rw-r--r--sm/certdump.c183
-rw-r--r--sm/certreqgen.c2
-rw-r--r--sm/decrypt.c15
-rw-r--r--sm/gpgsm.h8
7 files changed, 236 insertions, 13 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog
index 2e78d1f41..4af2437d3 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,5 +1,15 @@
2004-02-13 Werner Koch <[email protected]>
+ * certcheck.c (gpgsm_create_cms_signature): Format a description
+ for use by the pinentry.
+ * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
+ * certdump.c (format_name_cookie, format_name_writer)
+ (gpgsm_format_name): New.
+ (gpgsm_format_serial): New.
+ (gpgsm_format_keydesc): New.
+ * call-agent.c (gpgsm_agent_pksign): New arg DESC.
+ (gpgsm_agent_pkdecrypt): Ditto.
+
* encrypt.c (init_dek): Check for too weak algorithms.
* import.c (parse_p12, popen_protect_tool): New.
diff --git a/sm/call-agent.c b/sm/call-agent.c
index fe740964b..30a1b6480 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -301,7 +301,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
/* Call the agent to do a sign operation using the key identified by
the hex string KEYGRIP. */
int
-gpgsm_agent_pksign (const char *keygrip,
+gpgsm_agent_pksign (const char *keygrip, const char *desc,
unsigned char *digest, size_t digestlen, int digestalgo,
char **r_buf, size_t *r_buflen )
{
@@ -328,6 +328,16 @@ gpgsm_agent_pksign (const char *keygrip,
if (rc)
return map_assuan_err (rc);
+ if (desc)
+ {
+ snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return map_assuan_err (rc);
+ }
+
sprintf (line, "SETHASH %d ", digestalgo);
p = line + strlen (line);
for (i=0; i < digestlen ; i++, p += 2 )
@@ -376,7 +386,7 @@ inq_ciphertext_cb (void *opaque, const char *keyword)
/* Call the agent to do a decrypt operation using the key identified by
the hex string KEYGRIP. */
int
-gpgsm_agent_pkdecrypt (const char *keygrip,
+gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen )
{
@@ -411,6 +421,16 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
if (rc)
return map_assuan_err (rc);
+ if (desc)
+ {
+ snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return map_assuan_err (rc);
+ }
+
init_membuf (&data, 1024);
cipher_parm.ctx = agent_ctx;
cipher_parm.ciphertext = ciphertext;
diff --git a/sm/certcheck.c b/sm/certcheck.c
index 47cae13c0..dbd0ff1ba 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -282,16 +282,19 @@ gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
char **r_sigval)
{
int rc;
- char *grip;
+ char *grip, *desc;
size_t siglen;
grip = gpgsm_get_keygrip_hexstring (cert);
if (!grip)
return gpg_error (GPG_ERR_BAD_CERT);
- rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo),
+ desc = gpgsm_format_keydesc (cert);
+
+ rc = gpgsm_agent_pksign (grip, desc, gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), mdalgo,
r_sigval, &siglen);
+ xfree (desc);
xfree (grip);
return rc;
}
diff --git a/sm/certdump.c b/sm/certdump.c
index 26f3f7e2c..598ce7448 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -1,5 +1,5 @@
/* certdump.c - Dump a certificate for debugging
- * Copyright (C) 2001 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2004 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -94,6 +94,41 @@ gpgsm_dump_serial (ksba_const_sexp_t p)
}
}
+
+char *
+gpgsm_format_serial (ksba_const_sexp_t p)
+{
+ unsigned long n;
+ char *endp;
+ char *buffer;
+ int i;
+
+ if (!p)
+ return NULL;
+
+ if (*p != '(')
+ BUG (); /* Not a valid S-expression. */
+
+ p++;
+ n = strtoul (p, &endp, 10);
+ p = endp;
+ if (*p!=':')
+ BUG (); /* Not a valid S-expression. */
+ p++;
+
+ buffer = xtrymalloc (n*2+1);
+ if (buffer)
+ {
+ for (i=0; n; n--, p++, i+=2)
+ sprintf (buffer+i, "%02X", *(unsigned char *)p);
+ buffer[i] = 0;
+ }
+ return buffer;
+}
+
+
+
+
void
gpgsm_print_time (FILE *fp, ksba_isotime_t t)
{
@@ -479,3 +514,149 @@ gpgsm_print_name (FILE *fp, const char *name)
+/* A cookie structure used for the memory stream. */
+struct format_name_cookie
+{
+ char *buffer; /* Malloced buffer with the data to deliver. */
+ size_t size; /* Allocated size of this buffer. */
+ size_t len; /* strlen (buffer). */
+ int error; /* system error code if any. */
+};
+
+/* The writer function for the memory stream. */
+static int
+format_name_writer (void *cookie, const char *buffer, size_t size)
+{
+ struct format_name_cookie *c = cookie;
+ char *p;
+
+ if (c->buffer)
+ p = xtryrealloc (c->buffer, c->size + size + 1);
+ else
+ p = xtrymalloc (size + 1);
+ if (!p)
+ {
+ c->error = errno;
+ xfree (c->buffer);
+ errno = c->error;
+ return -1;
+ }
+ c->buffer = p;
+ memcpy (p + c->len, buffer, size);
+ c->len += size;
+ p[c->len] = 0; /* Terminate string. */
+
+ return size;
+}
+
+/* Format NAME which is expected to be in rfc2253 format into a better
+ human readable format. Caller must free the returned string. NULL
+ is returned in case of an error. */
+char *
+gpgsm_format_name (const char *name)
+{
+#if defined (HAVE_FOPENCOOKIE)|| defined (HAVE_FUNOPEN)
+ FILE *fp;
+ struct format_name_cookie cookie;
+
+ memset (&cookie, 0, sizeof cookie);
+
+#ifdef HAVE_FOPENCOOKIE
+ {
+ cookie_io_functions_t io = { NULL };
+ io.write = format_name_writer;
+
+ fp = fopencookie (&cookie, "w", io);
+ }
+#else /*!HAVE_FOPENCOOKIE*/
+ {
+ fp = funopen (&cookie, NULL, format_name_writer, NULL, NULL);
+ }
+#endif /*!HAVE_FOPENCOOKIE*/
+ if (!fp)
+ {
+ int save_errno = errno;
+ log_error ("error creating memory stream: %s\n", strerror (errno));
+ errno = save_errno;
+ return NULL;
+ }
+ gpgsm_print_name (fp, name);
+ fclose (fp);
+ if (cookie.error || !cookie.buffer)
+ {
+ xfree (cookie.buffer);
+ errno = cookie.error;
+ return NULL;
+ }
+ return cookie.buffer;
+#else /* No fun - use the name verbatim. */
+ return xtrystrdup (name);
+#endif /* No fun. */
+}
+
+
+/* Create a key description for the CERT, this may be passed to the
+ pinentry. The caller must free the returned string. NULL may be
+ returned on error. */
+char *
+gpgsm_format_keydesc (ksba_cert_t cert)
+{
+ char *name, *subject, *buffer, *p;
+ const char *s;
+ ksba_isotime_t t;
+ char created[20];
+ char *sn;
+ ksba_sexp_t sexp;
+
+ name = ksba_cert_get_subject (cert, 0);
+ subject = name? gpgsm_format_name (name) : NULL;
+ ksba_free (name); name = NULL;
+
+ sexp = ksba_cert_get_serial (cert);
+ sn = sexp? gpgsm_format_serial (sexp) : NULL;
+ ksba_free (sexp);
+
+ ksba_cert_get_validity (cert, 0, t);
+ if (t && *t)
+ sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6);
+ else
+ *created = 0;
+
+ if ( asprintf (&name,
+ _("Please enter the passphrase to unlock the"
+ " secret key for:\n"
+ "\"%s\"\n"
+ "S/N %s, ID %08lX, created %s" ),
+ subject? subject:"?",
+ sn? sn: "?",
+ gpgsm_get_short_fingerprint (cert),
+ created) < 0)
+ {
+ int save_errno = errno;
+ xfree (subject);
+ xfree (sn);
+ errno = save_errno;
+ return NULL;
+ }
+
+ xfree (subject);
+ xfree (sn);
+
+ buffer = p = xtrymalloc (strlen (name) * 3 + 1);
+ for (s=name; *s; s++)
+ {
+ if (*s < ' ' || *s == '+')
+ {
+ sprintf (p, "%%%02X", *(unsigned char *)s);
+ p += 3;
+ }
+ else if (*s == ' ')
+ *p++ = '+';
+ else
+ *p++ = *s;
+ }
+ *p = 0;
+ free (name);
+
+ return buffer;
+}
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index cffa564bd..a0addd2b4 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -614,7 +614,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public,
for (n=0; n < 20; n++)
sprintf (hexgrip+n*2, "%02X", grip[n]);
- rc = gpgsm_agent_pksign (hexgrip,
+ rc = gpgsm_agent_pksign (hexgrip, NULL,
gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_get_algo_dlen (GCRY_MD_SHA1),
GCRY_MD_SHA1,
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 427466a49..76524b51f 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -54,14 +54,15 @@ struct decrypt_filter_parm_s {
/* Decrypt the session key and fill in the parm structure. The
algo and the IV is expected to be already in PARM. */
static int
-prepare_decryption (const char *hexkeygrip, ksba_const_sexp_t enc_val,
+prepare_decryption (const char *hexkeygrip, const char *desc,
+ ksba_const_sexp_t enc_val,
struct decrypt_filter_parm_s *parm)
{
char *seskey = NULL;
size_t n, seskeylen;
int rc;
- rc = gpgsm_agent_pkdecrypt (hexkeygrip, enc_val,
+ rc = gpgsm_agent_pkdecrypt (hexkeygrip, desc, enc_val,
&seskey, &seskeylen);
if (rc)
{
@@ -356,6 +357,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
ksba_sexp_t serial;
ksba_sexp_t enc_val;
char *hexkeygrip = NULL;
+ char *desc = NULL;
rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
if (rc == -1 && recp)
@@ -402,6 +404,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
}
hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
+ desc = gpgsm_format_keydesc (cert);
oops:
xfree (issuer);
@@ -416,12 +419,12 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
recp);
else
{
- rc = prepare_decryption (hexkeygrip, enc_val, &dfparm);
+ rc = prepare_decryption (hexkeygrip, desc, enc_val, &dfparm);
xfree (enc_val);
if (rc)
{
- log_debug ("decrypting session key failed: %s\n",
- gpg_strerror (rc));
+ log_info ("decrypting session key failed: %s\n",
+ gpg_strerror (rc));
}
else
{ /* setup the bulk decrypter */
@@ -431,6 +434,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
&dfparm);
}
}
+ xfree (hexkeygrip);
+ xfree (desc);
}
if (!any_key)
{
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 2132c564e..eb40b1c49 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -197,6 +197,10 @@ void gpgsm_dump_serial (ksba_const_sexp_t p);
void gpgsm_dump_time (ksba_isotime_t t);
void gpgsm_dump_string (const char *string);
+char *gpgsm_format_serial (ksba_const_sexp_t p);
+char *gpgsm_format_name (const char *name);
+
+char *gpgsm_format_keydesc (ksba_cert_t cert);
/*-- certcheck.c --*/
@@ -260,12 +264,12 @@ int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
/*-- call-agent.c --*/
-int gpgsm_agent_pksign (const char *keygrip,
+int gpgsm_agent_pksign (const char *keygrip, const char *desc,
unsigned char *digest,
size_t digestlen,
int digestalgo,
char **r_buf, size_t *r_buflen);
-int gpgsm_agent_pkdecrypt (const char *keygrip,
+int gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen);
int gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 10:18:51 +0000