diff options
| author | Werner Koch <[email protected]> | 2020-03-31 17:55:15 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-03-31 17:55:15 +0000 |
| commit | 103c1576b73ed75b771a8ffd1c97628651b99797 (patch) | |
| tree | 9b033d69d2e22bdb06d04d27e7347418afb26be1 /scd/app-common.h | |
| parent | scd:p15: Read certificates in extended mode. (diff) | |
| download | gnupg-103c1576b73ed75b771a8ffd1c97628651b99797.tar.gz gnupg-103c1576b73ed75b771a8ffd1c97628651b99797.zip | |
scd:p15: Support signing with CardOS 5 cards.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto. Add field 'fid'.
(struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object. Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
(do_with_keygrip): New.
(app_select_p15): Register new function.
--
This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding. Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'scd/app-common.h')
| -rw-r--r-- | scd/app-common.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/scd/app-common.h b/scd/app-common.h index 752e75da2..57618c30f 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -216,8 +216,10 @@ app_get_slot (app_t app) /*-- app-help.c --*/ unsigned int app_help_count_bits (const unsigned char *a, size_t len); gpg_error_t app_help_get_keygrip_string_pk (const void *pk, size_t pklen, - char *hexkeygrip); -gpg_error_t app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip); + char *hexkeygrip, + gcry_sexp_t *r_pkey); +gpg_error_t app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip, + gcry_sexp_t *r_pkey); gpg_error_t app_help_pubkey_from_cert (const void *cert, size_t certlen, unsigned char **r_pk, size_t *r_pklen); size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff); |