[PATCH scute] Build a second library which uses the signing key.

Sat May 19 21:43:25 CEST 2018

Hi,

> This patch introduces the configure switch --enable-sigkey which
> enables building of scutesig.so which uses the signature key.

Thanks.

However I propose (see the patch below) a slightly modified version
in which the --enable-signing-key flag simply changes the key to
use from the authentication key to the signing key, without building
a second library. This avoid further code duplication in
src/Makefile.am and makes a less intrusive patch.

If you need both a scute using the authentication key and a scute
using the signing key, then you just have to configure and build
twice (first without the --enable-signing-key flag, then with it)
and rename one of the two libraries accordingly.

-- >8 --
Subject: [PATCH scute] Allow to use the signing key.

* configure.ac: New flag --enable-signing-key.
* src/slots.c (slot_init): Use the signing key.
(session_sign): Likewise.
--

This patch allows to build a version of Scute which uses the
signing key instead of the authentication key.

Suggested-by: Dirk Gottschalk <dirk.gottschalk1980 at googlemail.com>
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 configure.ac |  7 +++++++
 src/slots.c  | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/configure.ac b/configure.ac
index 3615a49..7848690 100644
--- a/configure.ac
+++ b/configure.ac
@@ -313,6 +313,13 @@ else
 fi
 AM_CONDITIONAL(HAVE_GPGSM, test "$GPGSM" != "no")
 
+# Use signing key?
+AC_ARG_ENABLE([signing-key],
+              AS_HELP_STRING([--enable-signing-key],
+                             [Use signing key instead of authentication key]))
+if test "$enable_signing_key" = yes ; then
+  AC_DEFINE(ENABLE_SIGNING_KEY,1,[Whether to use the signing key.])
+fi
 
 dnl Check for GPGSM version requirement.
 GPGSM_VERSION=unknown
diff --git a/src/slots.c b/src/slots.c
index fc69d15..f414331 100644
--- a/src/slots.c
+++ b/src/slots.c
@@ -385,7 +385,12 @@ slot_init (slot_iterator_t id)
   gpg_error_t err = 0;
   struct slot *slot = scute_table_data (slots, id);
 
+#if ENABLE_SIGNING_KEY
+  err = scute_gpgsm_get_cert (slot->info.grip1, 1, add_object, slot);
+#else
   err = scute_gpgsm_get_cert (slot->info.grip3, 3, add_object, slot);
+#endif
+
   if (err)
     goto init_out;
 
@@ -1033,8 +1038,14 @@ session_sign (slot_iterator_t id, session_iterator_t sid,
     }
 
   sig_len = *pulSignatureLen;
+#if ENABLE_SIGNING_KEY
+  err = scute_agent_sign (slot->info.grip1, pData, ulDataLen,
+			  pSignature, &sig_len);
+#else
   err = scute_agent_sign (slot->info.grip3, pData, ulDataLen,
 			  pSignature, &sig_len);
+#endif
+
   /* FIXME: Oh well.  */
   if (gpg_err_code (err) == GPG_ERR_INV_ARG)
     return CKR_BUFFER_TOO_SMALL;
-- 
2.14.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180519/8fbcb3df/attachment-0001.sig>
