diff options
| author | Werner Koch <wk@gnupg.org> | 2021-03-29 14:48:11 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2021-03-29 14:49:08 +0200 |
| commit | a494b29af9cc9c4c8c8323bae20e845d5a390448 (patch) | |
| tree | e17f010a84c7b912ecb2aea8aa0380e437ffb857 /scd/app-help.c | |
| parent | gpg: Allow ECDH with a smartcard returning just the x-ccordinate. (diff) | |
| download | gnupg2-a494b29af9cc9c4c8c8323bae20e845d5a390448.tar.xz gnupg2-a494b29af9cc9c4c8c8323bae20e845d5a390448.zip | |
scd:p15: Support ECDSA and ECDH for CardOS.
* scd/iso7816.c (iso7816_pso_csv): New.
* scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if
needed.
* scd/app-p15.c (CARD_PRODUCT_RSCS): New.
(struct prkdf_object_s): Add fields is_ecc, token_label, and
tokenflags.
(do_deinit): Free new fields.
(cardproduct2str): New.
(read_ef_prkdf): Set new is_ecc flag.
(read_ef_tokeninfo): Store some data and move Tokeninfo diags to ...
(read_p15_info): here. set the product info here after all data has
been gathered.
(send_keypairinfo): Chnage the way the gpgusage flags are used.
(make_pin_prompt): If the token has a label and the current cert has
no CN, show the label as holder info.
(do_sign): Support ECDSA. Take care of the gpgusage flags.
(do_decipher): Support ECDH. Take care of the gpgusage flags.
--
This has been tested with Trusted Object Manager generated cards by
Rohde & Schwarz Cybersecurity.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'scd/app-help.c')
| -rw-r--r-- | scd/app-help.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/scd/app-help.c b/scd/app-help.c index b599add71..7774b5465 100644 --- a/scd/app-help.c +++ b/scd/app-help.c @@ -76,6 +76,7 @@ app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip, err = gcry_sexp_sscan (&s_pkey, NULL, pk, pklen); if (err) return err; /* Can't parse that S-expression. */ + if (!gcry_pk_get_keygrip (s_pkey, array)) { gcry_sexp_release (s_pkey); @@ -143,12 +144,14 @@ app_help_pubkey_from_cert (const void *cert, size_t certlen, { gpg_error_t err; ksba_cert_t kc; - unsigned char *pk; - size_t pklen; + unsigned char *pk, *fixed_pk; + size_t pklen, fixed_pklen; *r_pk = NULL; *r_pklen = 0; + pk = NULL; /*(avoid cc warning)*/ + err = ksba_cert_new (&kc); if (err) return err; @@ -165,6 +168,16 @@ app_help_pubkey_from_cert (const void *cert, size_t certlen, } pklen = gcry_sexp_canon_len (pk, 0, NULL, &err); + err = uncompress_ecc_q_in_canon_sexp (pk, pklen, &fixed_pk, &fixed_pklen); + if (err) + goto leave; + if (fixed_pk) + { + ksba_free (pk); pk = NULL; + pk = fixed_pk; + pklen = fixed_pklen; + } + leave: if (!err) { |