On Scute v1.4.0 support key length up to 4096, proceed s-expressions on common way

[Oleg Gurevich]

Hello,

would you please take a look on following patch.

This way supports key sizes up to 4096 bit.
And, as Werner wrote, proceeds s-expressions on common way.

It would be greate to hear your opinion about it.



mit freundlichen Grüßen/ с уважением/ best regards

Oleg Gurevich

PGP Key: E74A0B0C
PGP fingerprint: 38A0 D0CC BD23 1707 B0AF  D158 E9D7 6E3F E74A 0B0C



diff --git a/src/agent.c b/src/agent.c
index 9265ca2..39d554b 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -954,8 +954,8 @@ scute_agent_check_status (void)
 }

 ^L
-/* Enough space to hold a 2048 bit RSA signature in an S-expression.  */
-#define MAX_SIGNATURE_LEN 350
+/* Enough space to hold a 4096 bit RSA signature in an S-expression.  */
+#define MAX_SIGNATURE_LEN 640

 struct signature
 {
@@ -981,13 +981,27 @@ pksign_cb (void *opaque, const void *buffer,
size_t length)
 }


-#define SIG_PREFIX   "(7:sig-val(3:rsa(1:s128:"
-#define SIG_PREFIX_2 "(7:sig-val(3:rsa(1:s256:"
-#define SIG_PREFIX_LEN (sizeof (SIG_PREFIX) - 1)
+#define SIG_PREFIX_1024   "(7:sig-val(3:rsa(1:s128:"
+#define SIG_PREFIX_2048   "(7:sig-val(3:rsa(1:s256:"
+#define SIG_PREFIX_3076   "(7:sig-val(3:rsa(1:s384:"
+#define SIG_PREFIX_4096   "(7:sig-val(3:rsa(1:s512:"
+
 #define SIG_POSTFIX ")))"
 #define SIG_POSTFIX_LEN (sizeof (SIG_POSTFIX) - 1)
-#define SIG_LEN 128
-#define SIG_LEN_2 256
+
+struct s_expression {
+    unsigned int sig_len;
+    char *prefix;
+    unsigned int prefix_len;
+
+} supported_expr[] = {
+  128, SIG_PREFIX_1024, sizeof (SIG_PREFIX_1024) - 1,
+  256, SIG_PREFIX_2048, sizeof (SIG_PREFIX_2048) - 1,
+  384, SIG_PREFIX_3076, sizeof (SIG_PREFIX_3076) - 1,
+  512, SIG_PREFIX_4096, sizeof (SIG_PREFIX_4096) - 1,
+};
+#define MAX_SIG_LEN 512
+#define MIN_SIG_LEN 128

 /* Call the agent to learn about a smartcard.  */
 gpg_error_t
@@ -996,7 +1010,7 @@ scute_agent_sign (char *grip, unsigned char *data,
int len,
 {
   char cmd[150];
   gpg_error_t err;
-#define MAX_DATA_LEN 36
+#define MAX_DATA_LEN 128
   unsigned char pretty_data[2 * MAX_DATA_LEN + 1];
   int i;
   struct signature sig;
@@ -1009,14 +1023,14 @@ scute_agent_sign (char *grip, unsigned char
*data, int len,
   if (sig_result == NULL)
     {
       /* FIXME:  We return the largest supported size - is that
correct?  */
-      *sig_len = SIG_LEN_2;
+      *sig_len = MAX_SIG_LEN;
       return 0;
     }

   if (len > MAX_DATA_LEN)
     return gpg_error (GPG_ERR_INV_ARG);

-  if (grip == NULL || sig_result == NULL || *sig_len < SIG_LEN)
+  if (grip == NULL || sig_result == NULL || *sig_len < MIN_SIG_LEN)
     return gpg_error (GPG_ERR_INV_ARG);

   snprintf (cmd, sizeof (cmd), "SIGKEY %s", grip);
@@ -1041,31 +1055,30 @@ scute_agent_sign (char *grip, unsigned char
*data, int len,
     return err;

   /* FIXME: we need a real parser to cope with all kind of
S-expressions.  */
-  if (sig.len == SIG_PREFIX_LEN + SIG_LEN_2 + SIG_POSTFIX_LEN)
-    {
-      if (memcmp (sig.data, SIG_PREFIX_2, SIG_PREFIX_LEN))
-        return gpg_error (GPG_ERR_BAD_SIGNATURE);
-      if (memcmp (sig.data + sig.len - SIG_POSTFIX_LEN,
-                  SIG_POSTFIX, SIG_POSTFIX_LEN))
-        return gpg_error (GPG_ERR_BAD_SIGNATURE);
-      memcpy (sig_result, sig.data + SIG_PREFIX_LEN, SIG_LEN_2);
-      *sig_len = SIG_LEN_2;
-    }
-  else
+  /* FIXME: better ? */
+  err = GPG_ERR_BAD_SIGNATURE;
+  for(i = 0; i < sizeof(supported_expr) / sizeof(struct s_expression); i++)
     {
-      if (sig.len != SIG_PREFIX_LEN + SIG_LEN + SIG_POSTFIX_LEN)
-        return gpg_error (GPG_ERR_BAD_SIGNATURE);
-      if (memcmp (sig.data, SIG_PREFIX, SIG_PREFIX_LEN))
-        return gpg_error (GPG_ERR_BAD_SIGNATURE);
-      if (memcmp (sig.data + sig.len - SIG_POSTFIX_LEN,
-                  SIG_POSTFIX, SIG_POSTFIX_LEN))
-        return gpg_error (GPG_ERR_BAD_SIGNATURE);
-      memcpy (sig_result, sig.data + SIG_PREFIX_LEN, SIG_LEN);
-      *sig_len = SIG_LEN;
+      if( sig.len == supported_expr[i].prefix_len +
supported_expr[i].sig_len + SIG_POSTFIX_LEN )
+        {
+          // check prefix matching
+          if (memcmp (sig.data, supported_expr[i].prefix,
supported_expr[i].prefix_len))
+            return gpg_error (GPG_ERR_BAD_SIGNATURE);
+          // check postfix matching
+          if(memcmp(sig.data + sig.len - SIG_POSTFIX_LEN, SIG_POSTFIX,
SIG_POSTFIX_LEN))
+            return gpg_error (GPG_ERR_BAD_SIGNATURE);
+          // copy sig into result
+          memcpy (sig_result, sig.data + supported_expr[i].prefix_len,
supported_expr[i].sig_len);
+          *sig_len = supported_expr[i].sig_len;
+          err = 0;
+          break;
+
+        }
     }
-
-
+  if(err)
+    return gpg_error (err);
   return 0;
+
 }

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151118/a36ae198/attachment.sig>