diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2015-12-18 02:18:22 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2015-12-18 02:18:22 +0100 |
| commit | 72eaff1aa610f3c89a755f212760157e1932d847 (patch) | |
| tree | 39fd821f4b19856086d7f3af98d2236f921a3b7a /g10/keygen.c | |
| parent | g10: Fix a regression for generating card key with backup. (diff) | |
| download | gnupg2-72eaff1aa610f3c89a755f212760157e1932d847.tar.xz gnupg2-72eaff1aa610f3c89a755f212760157e1932d847.zip | |
g10: Remove deprecated internal functions.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
--
Now, key generation is done by gpg-agent. Asking passphrase is done
through pinentry invoked by gpg-agent. It is done by
new internal function of card_store_key_with_backup.
Diffstat (limited to 'g10/keygen.c')
| -rw-r--r-- | g10/keygen.c | 404 |
1 files changed, 0 insertions, 404 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 9259ff328..c50e04d5c 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2701,56 +2701,6 @@ ask_user_id (int mode, int full, KBNODE keyblock) } -/* MODE 0 - standard - 1 - Ask for passphrase of the card backup key. */ -#if 0 -static DEK * -do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled) -{ - DEK *dek = NULL; - STRING2KEY *s2k; - const char *errtext = NULL; - const char *custdesc = NULL; - - tty_printf(_("You need a Passphrase to protect your secret key.\n\n") ); - - if (mode == 1) - custdesc = _("Please enter a passphrase to protect the off-card " - "backup of the new encryption key."); - - s2k = xmalloc_secure( sizeof *s2k ); - for(;;) { - s2k->mode = opt.s2k_mode; - s2k->hash_algo = S2K_DIGEST_ALGO; - dek = passphrase_to_dek_ext (NULL, 0, opt.s2k_cipher_algo, s2k, 2, - errtext, custdesc, NULL, r_canceled); - if (!dek && *r_canceled) { - xfree(dek); dek = NULL; - xfree(s2k); s2k = NULL; - break; - } - else if( !dek ) { - errtext = N_("passphrase not correctly repeated; try again"); - tty_printf(_("%s.\n"), _(errtext)); - } - else if( !dek->keylen ) { - xfree(dek); dek = NULL; - xfree(s2k); s2k = NULL; - tty_printf(_( - "You don't want a passphrase - this is probably a *bad* idea!\n" - "I will do it anyway. You can change your passphrase at any time,\n" - "using this program with the option \"--edit-key\".\n\n")); - break; - } - else - break; /* okay */ - } - *ret_s2k = s2k; - return dek; -} -#endif /* 0 */ - - /* Basic key generation. Here we divert to the actual generation routines based on the requested algorithm. */ static int @@ -3850,104 +3800,6 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname, } -#if 0 /* not required */ -/* Generate a raw key and return it as a secret key packet. The - function will ask for the passphrase and return a protected as well - as an unprotected copy of a new secret key packet. 0 is returned - on success and the caller must then free the returned values. */ -static int -generate_raw_key (int algo, unsigned int nbits, u32 created_at, - PKT_secret_key **r_sk_unprotected, - PKT_secret_key **r_sk_protected) -{ - int rc; - DEK *dek = NULL; - STRING2KEY *s2k = NULL; - PKT_secret_key *sk = NULL; - int i; - size_t nskey, npkey; - gcry_sexp_t s_parms, s_key; - int canceled; - - npkey = pubkey_get_npkey (algo); - nskey = pubkey_get_nskey (algo); - assert (nskey <= PUBKEY_MAX_NSKEY && npkey < nskey); - - if (nbits < 512) - { - nbits = 512; - log_info (_("keysize invalid; using %u bits\n"), nbits ); - } - - if ((nbits % 32)) - { - nbits = ((nbits + 31) / 32) * 32; - log_info(_("keysize rounded up to %u bits\n"), nbits ); - } - - dek = do_ask_passphrase (&s2k, 1, &canceled); - if (canceled) - { - rc = gpg_error (GPG_ERR_CANCELED); - goto leave; - } - - sk = xmalloc_clear (sizeof *sk); - sk->timestamp = created_at; - sk->version = 4; - sk->pubkey_algo = algo; - - if ( !is_RSA (algo) ) - { - log_error ("only RSA is supported for offline generated keys\n"); - rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); - goto leave; - } - rc = gcry_sexp_build (&s_parms, NULL, - "(genkey(rsa(nbits %d)))", - (int)nbits); - if (rc) - log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc)); - rc = gcry_pk_genkey (&s_key, s_parms); - gcry_sexp_release (s_parms); - if (rc) - { - log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) ); - goto leave; - } - rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu"); - gcry_sexp_release (s_key); - if (rc) - { - log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) ); - goto leave; - } - - for (i=npkey; i < nskey; i++) - sk->csum += checksum_mpi (sk->skey[i]); - - if (r_sk_unprotected) - *r_sk_unprotected = copy_secret_key (NULL, sk); - - rc = genhelp_protect (dek, s2k, sk); - if (rc) - goto leave; - - if (r_sk_protected) - { - *r_sk_protected = sk; - sk = NULL; - } - - leave: - if (sk) - free_secret_key (sk); - xfree (dek); - xfree (s2k); - return rc; -} -#endif /* ENABLE_CARD_SUPPORT */ - /* Create and delete a dummy packet to start off a list of kbnodes. */ static void start_tree(KBNODE *tree) @@ -4724,259 +4576,3 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root, return gpg_error (GPG_ERR_NOT_SUPPORTED); #endif /*!ENABLE_CARD_SUPPORT*/ } - - - -static int -gen_card_key_with_backup (int algo, int keyno, int is_primary, - KBNODE pub_root, u32 timestamp, - u32 expireval, struct para_data_s *para) -{ -#if ENABLE_CARD_SUPPORT && 0 - /* FIXME: Move this to gpg-agent. */ - int rc; - const char *s; - PACKET *pkt; - PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL; - PKT_public_key *pk; - size_t n; - int i; - unsigned int nbits; - - /* Get the size of the key directly from the card. */ - { - struct agent_card_info_s info; - - memset (&info, 0, sizeof info); - if (!agent_scd_getattr ("KEY-ATTR", &info) - && info.key_attr[1].algo) - nbits = info.key_attr[1].nbits; - else - nbits = 1024; /* All pre-v2.0 cards. */ - agent_release_card_info (&info); - } - - /* Create a key of this size in memory. */ - rc = generate_raw_key (algo, nbits, timestamp, - &sk_unprotected, &sk_protected); - if (rc) - return rc; - - /* Store the key to the card. */ - rc = save_unprotected_key_to_card (sk_unprotected, keyno); - if (rc) - { - log_error (_("storing key onto card failed: %s\n"), gpg_strerror (rc)); - free_secret_key (sk_unprotected); - free_secret_key (sk_protected); - write_status_errcode ("save_key_to_card", rc); - return rc; - } - - /* Get rid of the secret key parameters and store the serial numer. */ - sk = sk_unprotected; - n = pubkey_get_nskey (sk->pubkey_algo); - for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++) - { - gcry_mpi_release (sk->skey[i]); - sk->skey[i] = NULL; - } - i = pubkey_get_npkey (sk->pubkey_algo); - sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8); - sk->is_protected = 1; - sk->protect.s2k.mode = 1002; - s = get_parameter_value (para, pSERIALNO); - assert (s); - for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1]; - sk->protect.ivlen++, s += 2) - sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s); - - /* Now write the *protected* secret key to the file. */ - { - char name_buffer[50]; - char *fname; - IOBUF fp; - mode_t oldmask; - - keyid_from_sk (sk, NULL); - snprintf (name_buffer, sizeof name_buffer, "sk_%08lX%08lX.gpg", - (ulong)sk->keyid[0], (ulong)sk->keyid[1]); - - fname = make_filename (backup_dir, name_buffer, NULL); - /* Note that the umask call is not anymore needed because - iobuf_create now takes care of it. However, it does not harm - and thus we keep it. */ - oldmask = umask (077); - if (is_secured_filename (fname)) - { - fp = NULL; - gpg_err_set_errno (EPERM); - } - else - fp = iobuf_create (fname, 1); - umask (oldmask); - if (!fp) - { - rc = gpg_error_from_syserror (); - log_error (_("can't create backup file '%s': %s\n"), - fname, strerror(errno) ); - xfree (fname); - free_secret_key (sk_unprotected); - free_secret_key (sk_protected); - return rc; - } - - pkt = xcalloc (1, sizeof *pkt); - pkt->pkttype = PKT_SECRET_KEY; - pkt->pkt.secret_key = sk_protected; - sk_protected = NULL; - - rc = build_packet (fp, pkt); - if (rc) - { - log_error("build packet failed: %s\n", gpg_strerror (rc)); - iobuf_cancel (fp); - } - else - { - unsigned char array[MAX_FINGERPRINT_LEN]; - char *fprbuf, *p; - - iobuf_close (fp); - iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); - log_info (_("Note: backup of card key saved to '%s'\n"), fname); - - fingerprint_from_sk (sk, array, &n); - p = fprbuf = xmalloc (MAX_FINGERPRINT_LEN*2 + 1 + 1); - for (i=0; i < n ; i++, p += 2) - sprintf (p, "%02X", array[i]); - *p++ = ' '; - *p = 0; - - write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED, - fprbuf, - fname, strlen (fname), - 0); - xfree (fprbuf); - } - free_packet (pkt); - xfree (pkt); - xfree (fname); - if (rc) - { - free_secret_key (sk_unprotected); - return rc; - } - } - - /* Create the public key from the secret key. */ - pk = xcalloc (1, sizeof *pk ); - pk->timestamp = sk->timestamp; - pk->version = sk->version; - if (expireval) - pk->expiredate = sk->expiredate = sk->timestamp + expireval; - pk->pubkey_algo = sk->pubkey_algo; - n = pubkey_get_npkey (sk->pubkey_algo); - for (i=0; i < n; i++) - pk->pkey[i] = mpi_copy (sk->skey[i]); - - /* Build packets and add them to the node lists. */ - pkt = xcalloc (1,sizeof *pkt); - pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY; - pkt->pkt.public_key = pk; - add_kbnode(pub_root, new_kbnode( pkt )); - - pkt = xcalloc (1,sizeof *pkt); - pkt->pkttype = is_primary ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY; - pkt->pkt.secret_key = sk; - add_kbnode(sec_root, new_kbnode( pkt )); - - return 0; -#else -# if __GCC__ && ENABLE_CARD_SUPPORT -# warning Card support still missing -# endif - (void)algo; - (void)keyno; - (void)is_primary; - (void)pub_root; - (void)timestamp; - (void)expireval; - (void)para; - return gpg_error (GPG_ERR_NOT_SUPPORTED); -#endif /*!ENABLE_CARD_SUPPORT*/ -} - - -#if 0 -int -save_unprotected_key_to_card (PKT_public_key *sk, int keyno) -{ - int rc; - unsigned char *rsa_n = NULL; - unsigned char *rsa_e = NULL; - unsigned char *rsa_p = NULL; - unsigned char *rsa_q = NULL; - size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len; - unsigned char *sexp = NULL; - unsigned char *p; - char numbuf[55], numbuf2[50]; - - assert (is_RSA (sk->pubkey_algo)); - assert (!sk->is_protected); - - /* Copy the parameters into straight buffers. */ - gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]); - gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]); - gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[3]); - gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[4]); - if (!rsa_n || !rsa_e || !rsa_p || !rsa_q) - { - rc = GPG_ERR_INV_ARG; - goto leave; - } - - /* Put the key into an S-expression. */ - sexp = p = xmalloc_secure (30 - + rsa_n_len + rsa_e_len + rsa_p_len + rsa_q_len - + 4*sizeof (numbuf) + 25 + sizeof(numbuf) + 20); - - p = stpcpy (p,"(11:private-key(3:rsa(1:n"); - sprintf (numbuf, "%u:", (unsigned int)rsa_n_len); - p = stpcpy (p, numbuf); - memcpy (p, rsa_n, rsa_n_len); - p += rsa_n_len; - - sprintf (numbuf, ")(1:e%u:", (unsigned int)rsa_e_len); - p = stpcpy (p, numbuf); - memcpy (p, rsa_e, rsa_e_len); - p += rsa_e_len; - - sprintf (numbuf, ")(1:p%u:", (unsigned int)rsa_p_len); - p = stpcpy (p, numbuf); - memcpy (p, rsa_p, rsa_p_len); - p += rsa_p_len; - - sprintf (numbuf, ")(1:q%u:", (unsigned int)rsa_q_len); - p = stpcpy (p, numbuf); - memcpy (p, rsa_q, rsa_q_len); - p += rsa_q_len; - - p = stpcpy (p,"))(10:created-at"); - sprintf (numbuf2, "%lu", (unsigned long)sk->timestamp); - sprintf (numbuf, "%lu:", (unsigned long)strlen (numbuf2)); - p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))"); - - /* Fixme: Unfortunately we don't have the serialnumber available - - thus we can't pass it down to the agent. */ - rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp); - - leave: - xfree (sexp); - xfree (rsa_n); - xfree (rsa_e); - xfree (rsa_p); - xfree (rsa_q); - return rc; -} -#endif /*ENABLE_CARD_SUPPORT*/ |