aboutsummaryrefslogtreecommitdiffstats
path: root/agent
diff options
context:
space:
mode:
Diffstat (limited to 'agent')
-rw-r--r--agent/agent.h6
-rw-r--r--agent/call-scd.c30
-rw-r--r--agent/command.c12
-rw-r--r--agent/divert-scd.c9
-rw-r--r--agent/pkdecrypt.c10
5 files changed, 53 insertions, 14 deletions
diff --git a/agent/agent.h b/agent/agent.h
index 885e7fe75..ae4e4686f 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -370,7 +370,7 @@ int agent_pksign (ctrl_t ctrl, const char *cache_nonce,
/*-- pkdecrypt.c --*/
int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *ciphertext, size_t ciphertextlen,
- membuf_t *outbuf);
+ membuf_t *outbuf, int *r_padding);
/*-- genkey.c --*/
int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent);
@@ -425,7 +425,7 @@ int divert_pksign (ctrl_t ctrl,
int divert_pkdecrypt (ctrl_t ctrl,
const unsigned char *cipher,
const unsigned char *shadow_info,
- char **r_buf, size_t *r_len);
+ char **r_buf, size_t *r_len, int *r_padding);
int divert_generic_cmd (ctrl_t ctrl,
const char *cmdline, void *assuan_context);
int divert_writekey (ctrl_t ctrl, int force, const char *serialno,
@@ -459,7 +459,7 @@ int agent_card_pkdecrypt (ctrl_t ctrl,
int (*getpin_cb)(void *, const char *, char*,size_t),
void *getpin_cb_arg,
const unsigned char *indata, size_t indatalen,
- char **r_buf, size_t *r_buflen);
+ char **r_buf, size_t *r_buflen, int *r_padding);
int agent_card_readcert (ctrl_t ctrl,
const char *id, char **r_buf, size_t *r_buflen);
int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf);
diff --git a/agent/call-scd.c b/agent/call-scd.c
index a334b15a1..a6c429c41 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -1,6 +1,7 @@
/* call-scd.c - fork of the scdaemon to do SC operations
* Copyright (C) 2001, 2002, 2005, 2007, 2010,
* 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
*
* This file is part of GnuPG.
*
@@ -874,14 +875,36 @@ agent_card_pksign (ctrl_t ctrl,
return unlock_scd (ctrl, 0);
}
-/* Decipher INDATA using the current card. Note that the returned value is */
+
+
+
+/* Check whether there is any padding info from scdaemon. */
+static gpg_error_t
+padding_info_cb (void *opaque, const char *line)
+{
+ int *r_padding = opaque;
+ const char *s;
+
+ if ((s=has_leading_keyword (line, "PADDING")))
+ {
+ *r_padding = atoi (s);
+ }
+
+ return 0;
+}
+
+
+/* Decipher INDATA using the current card. Note that the returned
+ value is not an s-expression but the raw data as returned by
+ scdaemon. The padding information is stored at R_PADDING with -1
+ for not known. */
int
agent_card_pkdecrypt (ctrl_t ctrl,
const char *keyid,
int (*getpin_cb)(void *, const char *, char*, size_t),
void *getpin_cb_arg,
const unsigned char *indata, size_t indatalen,
- char **r_buf, size_t *r_buflen)
+ char **r_buf, size_t *r_buflen, int *r_padding)
{
int rc, i;
char *p, line[ASSUAN_LINELENGTH];
@@ -890,6 +913,7 @@ agent_card_pkdecrypt (ctrl_t ctrl,
size_t len;
*r_buf = NULL;
+ *r_padding = -1; /* Unknown. */
rc = start_scd (ctrl);
if (rc)
return rc;
@@ -923,7 +947,7 @@ agent_card_pkdecrypt (ctrl_t ctrl,
rc = assuan_transact (ctrl->scd_local->ctx, line,
membuf_data_cb, &data,
inq_needpin, &inqparm,
- NULL, NULL);
+ padding_info_cb, r_padding);
if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED ||
gpg_err_code(rc) == GPG_ERR_ASS_CANCELED))
rc = cancel_inquire (ctrl, rc);
diff --git a/agent/command.c b/agent/command.c
index 8e5d1803a..938778ac4 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -865,6 +865,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
unsigned char *value;
size_t valuelen;
membuf_t outbuf;
+ int padding;
(void)line;
@@ -879,12 +880,19 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
init_membuf (&outbuf, 512);
rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
- value, valuelen, &outbuf);
+ value, valuelen, &outbuf, &padding);
xfree (value);
if (rc)
clear_outbuf (&outbuf);
else
- rc = write_and_clear_outbuf (ctx, &outbuf);
+ {
+ if (padding != -1)
+ rc = print_assuan_status (ctx, "PADDING", "%d", padding);
+ else
+ rc = 0;
+ if (!rc)
+ rc = write_and_clear_outbuf (ctx, &outbuf);
+ }
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
return leave_cmd (ctx, rc);
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index f0d847389..ceef588fb 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -383,12 +383,13 @@ divert_pksign (ctrl_t ctrl,
/* Decrypt the the value given asn an S-expression in CIPHER using the
key identified by SHADOW_INFO and return the plaintext in an
- allocated buffer in R_BUF. */
+ allocated buffer in R_BUF. The padding information is stored at
+ R_PADDING with -1 for not known. */
int
divert_pkdecrypt (ctrl_t ctrl,
const unsigned char *cipher,
const unsigned char *shadow_info,
- char **r_buf, size_t *r_len)
+ char **r_buf, size_t *r_len, int *r_padding)
{
int rc;
char *kid;
@@ -399,6 +400,8 @@ divert_pkdecrypt (ctrl_t ctrl,
char *plaintext;
size_t plaintextlen;
+ *r_padding = -1;
+
s = cipher;
if (*s != '(')
return gpg_error (GPG_ERR_INV_SEXP);
@@ -436,7 +439,7 @@ divert_pkdecrypt (ctrl_t ctrl,
rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl,
ciphertext, ciphertextlen,
- &plaintext, &plaintextlen);
+ &plaintext, &plaintextlen, r_padding);
if (!rc)
{
*r_buf = plaintext;
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index 7df7f1d38..9924d6dff 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -32,11 +32,12 @@
/* DECRYPT the stuff in ciphertext which is expected to be a S-Exp.
Try to get the key from CTRL and write the decoded stuff back to
- OUTFP. */
+ OUTFP. The padding information is stored at R_PADDING with -1
+ for not known. */
int
agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *ciphertext, size_t ciphertextlen,
- membuf_t *outbuf)
+ membuf_t *outbuf, int *r_padding)
{
gcry_sexp_t s_skey = NULL, s_cipher = NULL, s_plain = NULL;
unsigned char *shadow_info = NULL;
@@ -44,6 +45,8 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
char *buf = NULL;
size_t len;
+ *r_padding = -1;
+
if (!ctrl->have_keygrip)
{
log_error ("speculative decryption not yet supported\n");
@@ -85,7 +88,8 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
goto leave;
}
- rc = divert_pkdecrypt (ctrl, ciphertext, shadow_info, &buf, &len );
+ rc = divert_pkdecrypt (ctrl, ciphertext, shadow_info,
+ &buf, &len, r_padding);
if (rc)
{
log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc));
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 07:06:05 +0000