[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.1-35-g6801616

by NIIBE Yutaka cvs at cvs.gnupg.org
Mon Nov 6 12:17:54 CET 2017


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  680161647ad56d1ca92988f80bcc4d6fcb20b1eb (commit)
       via  f183b9768b42a6792c55a6129488bd8fbf5e8e6d (commit)
      from  6070f5a61d4d17ff437c69e1b708d49d107c22dc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 680161647ad56d1ca92988f80bcc4d6fcb20b1eb
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Nov 1 10:19:35 2017 +0900

    g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
    
    * g10/keygen.c (pSUBKEYGRIP): New.
    (read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
    (do_generate_keypair): Support pSUBKEYGRIP.
    
    --
    
    In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
    Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.
    
    GnuPG-bug-id: 3478
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
    (cherry picked from commit 6c63a04569c07c9c2817c7c530a92ccfa58155cc)

diff --git a/g10/keygen.c b/g10/keygen.c
index 8f30b7e..38686b2 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -90,7 +90,8 @@ enum para_name {
   pCARDBACKUPKEY,
   pHANDLE,
   pKEYSERVER,
-  pKEYGRIP
+  pKEYGRIP,
+  pSUBKEYGRIP,
 };
 
 struct para_data_s {
@@ -3649,6 +3650,8 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
         { "Handle",         pHANDLE },
         { "Keyserver",      pKEYSERVER },
         { "Keygrip",        pKEYGRIP },
+        { "Key-Grip",       pKEYGRIP },
+        { "Subkey-grip",    pSUBKEYGRIP },
         { NULL, 0 }
     };
     IOBUF fp;
@@ -4697,8 +4700,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
   if (!err && card && get_parameter (para, pAUTHKEYTYPE))
     {
       err = gen_card_key (3, get_parameter_algo( para, pAUTHKEYTYPE, NULL ),
-                          0, pub_root, &timestamp,
-                          get_parameter_u32 (para, pKEYEXPIRE));
+                          0, pub_root, &timestamp, expire);
       if (!err)
         err = write_keybinding (ctrl, pub_root, pri_psk, NULL,
                                 PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
@@ -4706,11 +4708,18 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 
   if (!err && get_parameter (para, pSUBKEYTYPE))
     {
-      sub_psk = NULL;
+      int subkey_algo = get_parameter_algo (para, pSUBKEYTYPE, NULL);
+
       s = NULL;
-      if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY)))
+      key_from_hexgrip = get_parameter_value (para, pSUBKEYGRIP);
+      if (key_from_hexgrip)
+        err = do_create_from_keygrip (ctrl, subkey_algo, key_from_hexgrip,
+                                      pub_root, timestamp,
+                                      get_parameter_u32 (para, pSUBKEYEXPIRE),
+                                      1);
+      else if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY)))
         {
-          err = do_create (get_parameter_algo (para, pSUBKEYTYPE, NULL),
+          err = do_create (subkey_algo,
                            get_parameter_uint (para, pSUBKEYLENGTH),
                            get_parameter_value (para, pSUBKEYCURVE),
                            pub_root,
@@ -4736,9 +4745,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
         }
       else
         {
-          err = gen_card_key (2, get_parameter_algo (para, pSUBKEYTYPE, NULL),
-                              0, pub_root, &timestamp,
-                              get_parameter_u32 (para, pKEYEXPIRE));
+          err = gen_card_key (2, subkey_algo, 0, pub_root, &timestamp, expire);
         }
 
       if (!err)

commit f183b9768b42a6792c55a6129488bd8fbf5e8e6d
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Mon Oct 30 11:59:11 2017 +0900

    g10: Simplify "factory-reset" procedure.
    
    * g10/card-util.c (factory_reset): Simplify.
    
    --
    
    In this summer, I got report about old code before this change didn't
    work with newer Yubikey.  I got another report test version of OpenPGP
    card V3.3 implementation didn't work, either.  Then, I confirmed that
    according to the OpenPGP card specification, the procedure of old code
    is not expected by its author.
    
    This change simplify "factory-reset" as simple.
    
    Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
    change.  That's because the factory-reset feature of Gnuk was
    introduced by reading the implementation of GnuPG, instead of reading
    the specification.  Gnuk 1.2.5 and later works well.  All OpenPGPcard
    implementations I have work well (2.0, 2.1, 2.2, test version of 3).
    
    GnuPG-bug-id: 3286
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
    (cherry picked from commit d63b7966cdd72548c60466c620de5cd6104a779e)

diff --git a/g10/card-util.c b/g10/card-util.c
index ef67610..a396b7d 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1760,9 +1760,6 @@ factory_reset (void)
         scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
         scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
         scd apdu 00 e6 00 00
-        scd reset
-        scd serialno undefined
-        scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
         scd apdu 00 44 00 00
         /echo Card has been reset to factory defaults
 
@@ -1837,17 +1834,6 @@ factory_reset (void)
         goto leave;
     }
 
-  /* The card is in termination state - reset and select again.  */
-  err = send_apdu (NULL, "RESET", 0);
-  if (err)
-    goto leave;
-  err = send_apdu ("undefined", "dummy select", 0);
-  if (err)
-    goto leave;
-
-  /* Select the OpenPGP application. (no error checking here). */
-  send_apdu ("00A4040006D27600012401", "SELECT AID", 0xffff);
-
   /* Send activate datafile command.  This is used without
      confirmation if the card is already in termination state.  */
   err = send_apdu ("00440000", "ACTIVATE DF", 0);

-----------------------------------------------------------------------

Summary of changes:
 g10/card-util.c | 14 --------------
 g10/keygen.c    | 25 ++++++++++++++++---------
 2 files changed, 16 insertions(+), 23 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list