diff options
| author | Werner Koch <wk@gnupg.org> | 2002-02-28 12:07:59 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2002-02-28 12:07:59 +0100 |
| commit | 56341c289cabffb7f468f7a3ee706626a9106a96 (patch) | |
| tree | 41fdd684c4cfdd7a164f22ae3fc56ba061d19a6c /agent/pksign.c | |
| parent | * assuan-client.c (assuan_transact): Add 2 more arguments to (diff) | |
| download | gnupg2-56341c289cabffb7f468f7a3ee706626a9106a96.tar.xz gnupg2-56341c289cabffb7f468f7a3ee706626a9106a96.zip | |
Changes needed to support smartcards. Well, only _support_. There is
no real code yet.
Diffstat (limited to 'agent/pksign.c')
| -rw-r--r-- | agent/pksign.c | 48 |
1 files changed, 30 insertions, 18 deletions
diff --git a/agent/pksign.c b/agent/pksign.c index 9d1ad4f67..6ec37cd14 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -90,6 +90,7 @@ agent_pksign (CTRL ctrl, FILE *outfp) { GCRY_SEXP s_skey = NULL, s_hash = NULL, s_sig = NULL; GCRY_MPI frame = NULL; + unsigned char *shadow_info = NULL; int rc; char *buf = NULL; size_t len; @@ -97,39 +98,50 @@ agent_pksign (CTRL ctrl, FILE *outfp) if (!ctrl->have_keygrip) return seterr (No_Secret_Key); - s_skey = agent_key_from_file (ctrl->keygrip); - if (!s_skey) + s_skey = agent_key_from_file (ctrl->keygrip, &shadow_info); + if (!s_skey && !shadow_info) { log_error ("failed to read the secret key\n"); rc = seterr (No_Secret_Key); goto leave; } - /* put the hash into a sexp */ + /* put the hash into a sexp FIXME: this belongs into libgcrypt/divert-scd.c*/ rc = do_encode_md (ctrl->digest.value, ctrl->digest.valuelen, ctrl->digest.algo, gcry_pk_get_nbits (s_skey), &frame); if (rc) - goto leave; + goto leave; if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) ) BUG (); - if (DBG_CRYPTO) - { - log_debug ("skey: "); - gcry_sexp_dump (s_skey); + if (!s_skey) + { /* divert operation to the smartcard */ + rc = divert_pksign (&s_sig, s_hash, shadow_info); + if (rc) + { + log_error ("smartcard signing failed: %s\n", gnupg_strerror (rc)); + goto leave; + } } - - - /* sign */ - rc = gcry_pk_sign (&s_sig, s_hash, s_skey); - if (rc) - { - log_error ("signing failed: %s\n", gcry_strerror (rc)); - rc = map_gcry_err (rc); - goto leave; + else + { /* no smartcard, but a private key */ + if (DBG_CRYPTO) + { + log_debug ("skey: "); + gcry_sexp_dump (s_skey); + } + + /* sign */ + rc = gcry_pk_sign (&s_sig, s_hash, s_skey); + if (rc) + { + log_error ("signing failed: %s\n", gcry_strerror (rc)); + rc = map_gcry_err (rc); + goto leave; + } } if (DBG_CRYPTO) @@ -138,7 +150,6 @@ agent_pksign (CTRL ctrl, FILE *outfp) gcry_sexp_dump (s_sig); } - len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, NULL, 0); assert (len); buf = xmalloc (len); @@ -156,6 +167,7 @@ agent_pksign (CTRL ctrl, FILE *outfp) gcry_sexp_release (s_sig); gcry_mpi_release (frame); xfree (buf); + xfree (shadow_info); return rc; } |