[PATCH] gpg: Update card-edit wizard to support ECC key generation

Arnaud Fontaine arnaud.fontaine at ssi.gouv.fr
Fri Oct 14 15:30:10 CEST 2016


* g10/card-util.c: Ask for key size only for RSA key generation.
* g10/keygen.c: Add algo parameter to deal with ECC key generation.
---
 g10/card-util.c | 51 +++++++++++++++++++++++++++++----------------------
 g10/keygen.c    | 17 ++++++-----------
 2 files changed, 35 insertions(+), 33 deletions(-)

diff --git a/g10/card-util.c b/g10/card-util.c
index 2cb44f9..6574241 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1277,7 +1277,7 @@ show_keysize_warning (void)
    select the prompt.  Returns 0 to use the default size (i.e. NBITS)
    or the selected size.  */
 static unsigned int
-ask_card_keysize (int keyno, unsigned int nbits)
+ask_card_rsa_keysize (int keyno, unsigned int nbits)
 {
   unsigned int min_nbits = 1024;
   unsigned int max_nbits = 4096;
@@ -1327,7 +1327,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
 /* Change the size of key KEYNO (0..2) to NBITS and show an error
    message if that fails.  */
 static gpg_error_t
-do_change_keysize (int keyno, unsigned int nbits)
+do_change_rsa_keysize (int keyno, unsigned int nbits)
 {
   gpg_error_t err;
   char args[100];
@@ -1406,15 +1406,18 @@ generate_card_keys (ctrl_t ctrl)
        for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
         {
-          nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
-          if (nbits && do_change_keysize (keyno, nbits))
+          if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
             {
-              /* Error: Better read the default key size again.  */
-              agent_release_card_info (&info);
-              if (get_info_for_key_operation (&info))
-                goto leave;
-              /* Ask again for this key size. */
-              keyno--;
+              nbits = ask_card_rsa_keysize (keyno,
info.key_attr[keyno].nbits);
+              if (nbits && do_change_rsa_keysize (keyno, nbits))
+                {
+                  /* Error: Better read the default key size again.  */
+                  agent_release_card_info (&info);
+                  if (get_info_for_key_operation (&info))
+                    goto leave;
+                  /* Ask again for this key size. */
+                  keyno--;
+                }
             }
         }
       /* Note that INFO has not be synced.  However we will only use
@@ -1483,21 +1486,25 @@ card_generate_subkey (KBNODE pub_keyblock)
      key size.  */
   if (info.is_v2 && info.extcap.aac)
     {
-      unsigned int nbits;
 -    ask_again:
-      nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
-      if (nbits && do_change_keysize (keyno-1, nbits))
+      if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA)
         {
-          /* Error: Better read the default key size again.  */
-          agent_release_card_info (&info);
-          err = get_info_for_key_operation (&info);
-          if (err)
-            goto leave;
-          goto ask_again;
+          unsigned int nbits;
+
+        ask_again:
+          nbits = ask_card_rsa_keysize (keyno-1,
info.key_attr[keyno-1].nbits);
+          if (nbits && do_change_rsa_keysize (keyno-1, nbits))
+            {
+              /* Error: Better read the default key size again.  */
+              agent_release_card_info (&info);
+              err = get_info_for_key_operation (&info);
+              if (err)
+                goto leave;
+              goto ask_again;
+            }
         }
-      /* Note that INFO has not be synced.  However we will only use
-         the serialnumber and thus it won't harm.  */
+        /* Note that INFO has not be synced.  However we will only use
+           the serialnumber and thus it won't harm.  */
     }
    err = generate_card_subkeypair (pub_keyblock, keyno, info.serialno);
diff --git a/g10/keygen.c b/g10/keygen.c
index 9cf314d..84dcbc1 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -154,7 +154,7 @@ static gpg_error_t parse_algo_usage_expire (ctrl_t
ctrl, int for_subkey,
 static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 				 struct output_control_s *outctrl, int card );
 static int write_keyblock (iobuf_t out, kbnode_t node);
-static gpg_error_t gen_card_key (int algo, int keyno, int is_primary,
+static gpg_error_t gen_card_key (int keyno, int is_primary,
                                  kbnode_t pub_root,
                                  u32 *timestamp, u32 expireval);
 @@ -4238,7 +4238,7 @@ do_generate_keypair (ctrl_t ctrl, struct
para_data_s *para,
                      get_parameter_passphrase (para),
                      &cache_nonce, NULL);
   else
-    err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
+    err = gen_card_key (1, 1, pub_root,
                         &timestamp,
                         get_parameter_u32 (para, pKEYEXPIRE));
 @@ -4277,7 +4277,7 @@ do_generate_keypair (ctrl_t ctrl, struct
para_data_s *para,
    if (!err && card && get_parameter (para, pAUTHKEYTYPE))
     {
-      err = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root,
+      err = gen_card_key (3, 0, pub_root,
                           &timestamp,
                           get_parameter_u32 (para, pKEYEXPIRE));
       if (!err)
@@ -4317,7 +4317,7 @@ do_generate_keypair (ctrl_t ctrl, struct
para_data_s *para,
         }
       else
         {
-          err = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, &timestamp,
+          err = gen_card_key (2, 0, pub_root, &timestamp,
                               get_parameter_u32 (para, pKEYEXPIRE));
         }
 @@ -4749,7 +4749,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
   gpg_error_t err = 0;
   kbnode_t node;
   PKT_public_key *pri_pk = NULL;
-  int algo;
   unsigned int use;
   u32 expire;
   u32 cur_time;
@@ -4800,7 +4799,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
       goto leave;
     }
 -  algo = PUBKEY_ALGO_RSA;
   expire = ask_expire_interval (0, NULL);
   if (keyno == 1)
     use = PUBKEY_USAGE_SIG;
@@ -4817,7 +4815,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
    /* Note, that depending on the backend, the card key generation may
      update CUR_TIME.  */
-  err = gen_card_key (algo, keyno, 0, pub_keyblock, &cur_time, expire);
+  err = gen_card_key (keyno, 0, pub_keyblock, &cur_time, expire);
   /* Get the pointer to the generated public subkey packet.  */
   if (!err)
     {
@@ -4865,7 +4863,7 @@ write_keyblock( IOBUF out, KBNODE node )
  /* Note that timestamp is an in/out arg. */
 static gpg_error_t
-gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
+gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
               u32 *timestamp, u32 expireval)
 {
 #ifdef ENABLE_CARD_SUPPORT
@@ -4874,9 +4872,6 @@ gen_card_key (int algo, int keyno, int is_primary,
kbnode_t pub_root,
   PACKET *pkt;
   PKT_public_key *pk;
 -  if (algo != PUBKEY_ALGO_RSA)
-    return gpg_error (GPG_ERR_PUBKEY_ALGO);
-
   pk = xtrycalloc (1, sizeof *pk );
   if (!pk)
     return gpg_error_from_syserror ();
-- 
2.9.3




More information about the Gnupg-devel mailing list