diff options
| author | Werner Koch <[email protected]> | 2020-08-10 08:01:03 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-08-10 08:22:42 +0000 |
| commit | bb096905b9ee1f5175efee1ab6c98045a26a2678 (patch) | |
| tree | f7d44f717d0cb5657b92a92ce517ab583ddd5895 /agent/pksign.c | |
| parent | gpg: Fix trustdb for v5key. (diff) | |
| download | gnupg-bb096905b9ee1f5175efee1ab6c98045a26a2678.tar.gz gnupg-bb096905b9ee1f5175efee1ab6c98045a26a2678.zip | |
agent: Add option --pss to pksign to be used by smartcards.
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--
This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'agent/pksign.c')
| -rw-r--r-- | agent/pksign.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/agent/pksign.c b/agent/pksign.c index 0640b04ef..6d13278ff 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -497,6 +497,12 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, err = do_encode_dsa (data, datalen, algo, s_skey, &s_hash); + else if (ctrl->digest.is_pss) + { + log_info ("signing with rsaPSS is currently only supported" + " for (some) smartcards\n"); + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + } else err = do_encode_md (data, datalen, ctrl->digest.algo, @@ -540,7 +546,13 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, if (s_hash == NULL) { - if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) + if (ctrl->digest.is_pss) + { + err = gcry_sexp_build (&s_hash, NULL, + "(data (flags raw) (value %b))", + (int)datalen, data); + } + else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) err = do_encode_raw_pkcs1 (data, datalen, gcry_pk_get_nbits (sexp_key), &s_hash); else |