[git] GnuPG - branch, master, updated. gnupg-2.1.15-259-gdafce6f
by NIIBE Yutaka
cvs at cvs.gnupg.org
Fri Oct 21 07:19:31 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via dafce6f698bec6e9d4c0125b90754d0687294e86 (commit)
via 161cb22f13bcd8cbdb08558d9926b2168a8297ac (commit)
from 6e85ac77af594035137950d801d8a1bacce548a3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dafce6f698bec6e9d4c0125b90754d0687294e86
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Fri Oct 21 14:15:05 2016 +0900
g10: Don't ask keysize for for non-RSA card.
* g10/card-util.c (card_status): Bug fix for keyno.
(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
(generate_card_keys): Only ask keysize when RSA.
(card_generate_subkey): Likewise.
--
Co-authored-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/g10/card-util.c b/g10/card-util.c
index 2cb44f9..2f3f714 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -476,7 +476,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
for (i=0; i < DIM (info.key_attr); i++)
- if (info.key_attr[0].algo == PUBKEY_ALGO_RSA)
+ if (info.key_attr[i].algo == PUBKEY_ALGO_RSA)
es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1,
info.key_attr[i].algo, info.key_attr[i].nbits);
else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
@@ -1277,7 +1277,7 @@ show_keysize_warning (void)
select the prompt. Returns 0 to use the default size (i.e. NBITS)
or the selected size. */
static unsigned int
-ask_card_keysize (int keyno, unsigned int nbits)
+ask_card_rsa_keysize (int keyno, unsigned int nbits)
{
unsigned int min_nbits = 1024;
unsigned int max_nbits = 4096;
@@ -1327,7 +1327,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
/* Change the size of key KEYNO (0..2) to NBITS and show an error
message if that fails. */
static gpg_error_t
-do_change_keysize (int keyno, unsigned int nbits)
+do_change_rsa_keysize (int keyno, unsigned int nbits)
{
gpg_error_t err;
char args[100];
@@ -1406,15 +1406,18 @@ generate_card_keys (ctrl_t ctrl)
for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
{
- nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
- if (nbits && do_change_keysize (keyno, nbits))
+ if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
{
- /* Error: Better read the default key size again. */
- agent_release_card_info (&info);
- if (get_info_for_key_operation (&info))
- goto leave;
- /* Ask again for this key size. */
- keyno--;
+ nbits = ask_card_rsa_keysize (keyno, info.key_attr[keyno].nbits);
+ if (nbits && do_change_rsa_keysize (keyno, nbits))
+ {
+ /* Error: Better read the default key size again. */
+ agent_release_card_info (&info);
+ if (get_info_for_key_operation (&info))
+ goto leave;
+ /* Ask again for this key size. */
+ keyno--;
+ }
}
}
/* Note that INFO has not be synced. However we will only use
@@ -1483,18 +1486,21 @@ card_generate_subkey (KBNODE pub_keyblock)
key size. */
if (info.is_v2 && info.extcap.aac)
{
- unsigned int nbits;
-
- ask_again:
- nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
- if (nbits && do_change_keysize (keyno-1, nbits))
+ if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA)
{
- /* Error: Better read the default key size again. */
- agent_release_card_info (&info);
- err = get_info_for_key_operation (&info);
- if (err)
- goto leave;
- goto ask_again;
+ unsigned int nbits;
+
+ ask_again:
+ nbits = ask_card_rsa_keysize (keyno-1, info.key_attr[keyno-1].nbits);
+ if (nbits && do_change_rsa_keysize (keyno-1, nbits))
+ {
+ /* Error: Better read the default key size again. */
+ agent_release_card_info (&info);
+ err = get_info_for_key_operation (&info);
+ if (err)
+ goto leave;
+ goto ask_again;
+ }
}
/* Note that INFO has not be synced. However we will only use
the serialnumber and thus it won't harm. */
commit 161cb22f13bcd8cbdb08558d9926b2168a8297ac
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Fri Oct 21 13:59:09 2016 +0900
g10: Support ECC for gen_card_key.
* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
(do_generate_keypair, generate_card_subkeypair): Follow the change.
--
ALGO is determined by the key attribute of the card.
Co-authored-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/g10/keygen.c b/g10/keygen.c
index 5ff89f6..64e0d43 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -154,8 +154,7 @@ static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
struct output_control_s *outctrl, int card );
static int write_keyblock (iobuf_t out, kbnode_t node);
-static gpg_error_t gen_card_key (int algo, int keyno, int is_primary,
- kbnode_t pub_root,
+static gpg_error_t gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
u32 *timestamp, u32 expireval);
@@ -4238,8 +4237,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
get_parameter_passphrase (para),
&cache_nonce, NULL);
else
- err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
- ×tamp,
+ err = gen_card_key (1, 1, pub_root, ×tamp,
get_parameter_u32 (para, pKEYEXPIRE));
/* Get the pointer to the generated public key packet. */
@@ -4277,8 +4275,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
if (!err && card && get_parameter (para, pAUTHKEYTYPE))
{
- err = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root,
- ×tamp,
+ err = gen_card_key (3, 0, pub_root, ×tamp,
get_parameter_u32 (para, pKEYEXPIRE));
if (!err)
err = write_keybinding (pub_root, pri_psk, NULL,
@@ -4317,7 +4314,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
}
else
{
- err = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, ×tamp,
+ err = gen_card_key (2, 0, pub_root, ×tamp,
get_parameter_u32 (para, pKEYEXPIRE));
}
@@ -4749,7 +4746,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
gpg_error_t err = 0;
kbnode_t node;
PKT_public_key *pri_pk = NULL;
- int algo;
unsigned int use;
u32 expire;
u32 cur_time;
@@ -4800,7 +4796,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
goto leave;
}
- algo = PUBKEY_ALGO_RSA;
expire = ask_expire_interval (0, NULL);
if (keyno == 1)
use = PUBKEY_USAGE_SIG;
@@ -4817,7 +4812,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
/* Note, that depending on the backend, the card key generation may
update CUR_TIME. */
- err = gen_card_key (algo, keyno, 0, pub_keyblock, &cur_time, expire);
+ err = gen_card_key (keyno, 0, pub_keyblock, &cur_time, expire);
/* Get the pointer to the generated public subkey packet. */
if (!err)
{
@@ -4865,21 +4860,29 @@ write_keyblock( IOBUF out, KBNODE node )
/* Note that timestamp is an in/out arg. */
static gpg_error_t
-gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
+gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
u32 *timestamp, u32 expireval)
{
#ifdef ENABLE_CARD_SUPPORT
gpg_error_t err;
+ struct agent_card_info_s info;
+ int algo;
PACKET *pkt;
PKT_public_key *pk;
char keyid[10];
unsigned char *public;
gcry_sexp_t s_key;
- snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
+ err = agent_scd_getattr ("KEY-ATTR", &info);
+ if (err)
+ {
+ log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
+ return err;
+ }
- if (algo != PUBKEY_ALGO_RSA)
- return gpg_error (GPG_ERR_PUBKEY_ALGO);
+ algo = info.key_attr[keyno-1].algo;
+
+ snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
pk = xtrycalloc (1, sizeof *pk );
if (!pk)
@@ -4954,7 +4957,6 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
return 0;
#else
- (void)algo;
(void)keyno;
(void)is_primary;
(void)pub_root;
-----------------------------------------------------------------------
Summary of changes:
g10/card-util.c | 50 ++++++++++++++++++++++++++++----------------------
g10/keygen.c | 32 +++++++++++++++++---------------
2 files changed, 45 insertions(+), 37 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list