summaryrefslogtreecommitdiffstats
path: root/sm/fingerprint.c
diff options
context:
space:
mode:
Diffstat (limited to 'sm/fingerprint.c')
-rw-r--r--sm/fingerprint.c57
1 files changed, 57 insertions, 0 deletions
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index c6571ab14..29023c2ce 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -124,4 +124,61 @@ gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo)
return buf;
}
+
+/* Return the sop called KEYGRIP which is the SHA-1 hash of the public
+ key parameters expressed as an canoncial encoded S-Exp. array must
+ be 20 bytes long. returns the array or a newly allocated one if the
+ passed one was NULL */
+char *
+gpgsm_get_keygrip (KsbaCert cert, char *array)
+{
+ GCRY_SEXP s_pkey;
+ int rc, len;
+ char *buf, *p;
+
+ p = ksba_cert_get_public_key (cert);
+ if (!p)
+ return NULL; /* oops */
+
+ if (DBG_X509)
+ log_debug ("get_keygrip, public key: %s\n", p);
+ rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p));
+ if (rc)
+ {
+ log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc));
+ return NULL;
+ }
+ /* and now convert it into canoncial form - fixme: we should modify
+ libksba to return it in this form */
+ len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
+ assert (len);
+ buf = xmalloc (len);
+ len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len);
+ assert (len);
+
+ if (!array)
+ array = xmalloc (20);
+
+ gcry_md_hash_buffer (GCRY_MD_SHA1, array, buf, len);
+ xfree (buf);
+
+ return array;
+}
+
+/* Return an allocated buffer with the keygrip of CERT in from of an
+ hexstring. NULL is returned in case of error */
+char *
+gpgsm_get_keygrip_hexstring (KsbaCert cert)
+{
+ unsigned char grip[20];
+ char *buf, *p;
+ int i;
+
+ gpgsm_get_keygrip (cert, grip);
+ buf = p = xmalloc (20*2+1);
+ for (i=0; i < 20; i++, p += 2 )
+ sprintf (p, "%02X", grip[i]);
+ return buf;
+}
+