[PATCH] gpg: Update card-edit wizard to support ECC key generation
Arnaud Fontaine
arnaud.fontaine at ssi.gouv.fr
Fri Oct 14 15:30:10 CEST 2016
* g10/card-util.c: Ask for key size only for RSA key generation.
* g10/keygen.c: Add algo parameter to deal with ECC key generation.
---
g10/card-util.c | 51 +++++++++++++++++++++++++++++----------------------
g10/keygen.c | 17 ++++++-----------
2 files changed, 35 insertions(+), 33 deletions(-)
diff --git a/g10/card-util.c b/g10/card-util.c
index 2cb44f9..6574241 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1277,7 +1277,7 @@ show_keysize_warning (void)
select the prompt. Returns 0 to use the default size (i.e. NBITS)
or the selected size. */
static unsigned int
-ask_card_keysize (int keyno, unsigned int nbits)
+ask_card_rsa_keysize (int keyno, unsigned int nbits)
{
unsigned int min_nbits = 1024;
unsigned int max_nbits = 4096;
@@ -1327,7 +1327,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
/* Change the size of key KEYNO (0..2) to NBITS and show an error
message if that fails. */
static gpg_error_t
-do_change_keysize (int keyno, unsigned int nbits)
+do_change_rsa_keysize (int keyno, unsigned int nbits)
{
gpg_error_t err;
char args[100];
@@ -1406,15 +1406,18 @@ generate_card_keys (ctrl_t ctrl)
for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
{
- nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
- if (nbits && do_change_keysize (keyno, nbits))
+ if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
{
- /* Error: Better read the default key size again. */
- agent_release_card_info (&info);
- if (get_info_for_key_operation (&info))
- goto leave;
- /* Ask again for this key size. */
- keyno--;
+ nbits = ask_card_rsa_keysize (keyno,
info.key_attr[keyno].nbits);
+ if (nbits && do_change_rsa_keysize (keyno, nbits))
+ {
+ /* Error: Better read the default key size again. */
+ agent_release_card_info (&info);
+ if (get_info_for_key_operation (&info))
+ goto leave;
+ /* Ask again for this key size. */
+ keyno--;
+ }
}
}
/* Note that INFO has not be synced. However we will only use
@@ -1483,21 +1486,25 @@ card_generate_subkey (KBNODE pub_keyblock)
key size. */
if (info.is_v2 && info.extcap.aac)
{
- unsigned int nbits;
- ask_again:
- nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
- if (nbits && do_change_keysize (keyno-1, nbits))
+ if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA)
{
- /* Error: Better read the default key size again. */
- agent_release_card_info (&info);
- err = get_info_for_key_operation (&info);
- if (err)
- goto leave;
- goto ask_again;
+ unsigned int nbits;
+
+ ask_again:
+ nbits = ask_card_rsa_keysize (keyno-1,
info.key_attr[keyno-1].nbits);
+ if (nbits && do_change_rsa_keysize (keyno-1, nbits))
+ {
+ /* Error: Better read the default key size again. */
+ agent_release_card_info (&info);
+ err = get_info_for_key_operation (&info);
+ if (err)
+ goto leave;
+ goto ask_again;
+ }
}
- /* Note that INFO has not be synced. However we will only use
- the serialnumber and thus it won't harm. */
+ /* Note that INFO has not be synced. However we will only use
+ the serialnumber and thus it won't harm. */
}
err = generate_card_subkeypair (pub_keyblock, keyno, info.serialno);
diff --git a/g10/keygen.c b/g10/keygen.c
index 9cf314d..84dcbc1 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -154,7 +154,7 @@ static gpg_error_t parse_algo_usage_expire (ctrl_t
ctrl, int for_subkey,
static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
struct output_control_s *outctrl, int card );
static int write_keyblock (iobuf_t out, kbnode_t node);
-static gpg_error_t gen_card_key (int algo, int keyno, int is_primary,
+static gpg_error_t gen_card_key (int keyno, int is_primary,
kbnode_t pub_root,
u32 *timestamp, u32 expireval);
@@ -4238,7 +4238,7 @@ do_generate_keypair (ctrl_t ctrl, struct
para_data_s *para,
get_parameter_passphrase (para),
&cache_nonce, NULL);
else
- err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
+ err = gen_card_key (1, 1, pub_root,
×tamp,
get_parameter_u32 (para, pKEYEXPIRE));
@@ -4277,7 +4277,7 @@ do_generate_keypair (ctrl_t ctrl, struct
para_data_s *para,
if (!err && card && get_parameter (para, pAUTHKEYTYPE))
{
- err = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root,
+ err = gen_card_key (3, 0, pub_root,
×tamp,
get_parameter_u32 (para, pKEYEXPIRE));
if (!err)
@@ -4317,7 +4317,7 @@ do_generate_keypair (ctrl_t ctrl, struct
para_data_s *para,
}
else
{
- err = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, ×tamp,
+ err = gen_card_key (2, 0, pub_root, ×tamp,
get_parameter_u32 (para, pKEYEXPIRE));
}
@@ -4749,7 +4749,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
gpg_error_t err = 0;
kbnode_t node;
PKT_public_key *pri_pk = NULL;
- int algo;
unsigned int use;
u32 expire;
u32 cur_time;
@@ -4800,7 +4799,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
goto leave;
}
- algo = PUBKEY_ALGO_RSA;
expire = ask_expire_interval (0, NULL);
if (keyno == 1)
use = PUBKEY_USAGE_SIG;
@@ -4817,7 +4815,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
/* Note, that depending on the backend, the card key generation may
update CUR_TIME. */
- err = gen_card_key (algo, keyno, 0, pub_keyblock, &cur_time, expire);
+ err = gen_card_key (keyno, 0, pub_keyblock, &cur_time, expire);
/* Get the pointer to the generated public subkey packet. */
if (!err)
{
@@ -4865,7 +4863,7 @@ write_keyblock( IOBUF out, KBNODE node )
/* Note that timestamp is an in/out arg. */
static gpg_error_t
-gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
+gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
u32 *timestamp, u32 expireval)
{
#ifdef ENABLE_CARD_SUPPORT
@@ -4874,9 +4872,6 @@ gen_card_key (int algo, int keyno, int is_primary,
kbnode_t pub_root,
PACKET *pkt;
PKT_public_key *pk;
- if (algo != PUBKEY_ALGO_RSA)
- return gpg_error (GPG_ERR_PUBKEY_ALGO);
-
pk = xtrycalloc (1, sizeof *pk );
if (!pk)
return gpg_error_from_syserror ();
--
2.9.3
More information about the Gnupg-devel
mailing list