diff options
| author | Werner Koch <wk@gnupg.org> | 2009-08-05 13:24:43 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2009-08-05 13:24:43 +0200 |
| commit | e57d2a86300b86799aa86f8172dfc0bae5db9bb4 (patch) | |
| tree | d672f0589d85ebe4595ea6741b0d162d45af9d4e /scd/app-openpgp.c | |
| parent | * gpg.c (main): --pgp6 includes --disable-mdc. (diff) | |
| download | gnupg2-e57d2a86300b86799aa86f8172dfc0bae5db9bb4.tar.xz gnupg2-e57d2a86300b86799aa86f8172dfc0bae5db9bb4.zip | |
Ask for the keysize when generating a new card key.
Diffstat (limited to 'scd/app-openpgp.c')
| -rw-r--r-- | scd/app-openpgp.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index d2b2bdd3f..2c10cd9bf 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -214,6 +214,11 @@ static gpg_error_t do_auth (app_t app, const char *keyidstr, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen); static void parse_algorithm_attribute (app_t app, int keyno); +static gpg_error_t change_keyattr_from_string + (app_t app, + gpg_error_t (*pincb)(void*, const char *, char **), + void *pincb_arg, + const void *value, size_t valuelen); @@ -1793,6 +1798,7 @@ do_setattr (app_t app, const char *name, { "CERT-3", 0x7F21, 3, 0, 1 }, { "SM-KEY-ENC", 0x00D1, 3, 0, 1 }, { "SM-KEY-MAC", 0x00D2, 3, 0, 1 }, + { "KEY-ATTR", 0, 0, 3, 1 }, { NULL, 0 } }; int exmode; @@ -1804,6 +1810,9 @@ do_setattr (app_t app, const char *name, if (table[idx].need_v2 && !app->app_local->extcap.is_v2) return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported. */ + if (table[idx].special == 3) + return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen); + switch (table[idx].need_chv) { case 2: @@ -2404,6 +2413,45 @@ change_keyattr (app_t app, int keyno, unsigned int nbits, } +/* Helper to process an setattr command for name KEY-ATTR. It expects + a string "--force <keyno> <algo> <nbits>" in (VALUE,VALUELEN). */ +static gpg_error_t +change_keyattr_from_string (app_t app, + gpg_error_t (*pincb)(void*, const char *, char **), + void *pincb_arg, + const void *value, size_t valuelen) +{ + gpg_error_t err; + char *string; + int keyno, algo; + unsigned int nbits; + + /* VALUE is expected to be a string but not guaranteed to be + terminated. Thus copy it to an allocated buffer first. */ + string = xtrymalloc (valuelen+1); + if (!string) + return gpg_error_from_syserror (); + memcpy (string, value, valuelen); + string[valuelen] = 0; + + /* Because this function deletes the key we require the string + "--force" in the data to make clear that something serious might + happen. */ + if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3) + err = gpg_error (GPG_ERR_INV_DATA); + else if (keyno < 1 || keyno > 3) + err = gpg_error (GPG_ERR_INV_ID); + else if (algo != 1) + err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA. */ + else if (nbits < 1024) + err = gpg_error (GPG_ERR_TOO_SHORT); + else + err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg); + + xfree (string); + return err; +} + /* Handle the WRITEKEY command for OpenPGP. This function expects a canonical encoded S-expression with the secret key in KEYDATA and |