diff options
Diffstat (limited to 'sm/fingerprint.c')
-rw-r--r-- | sm/fingerprint.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/sm/fingerprint.c b/sm/fingerprint.c index c6571ab14..29023c2ce 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -124,4 +124,61 @@ gpgsm_get_fingerprint_hexstring (KsbaCert cert, int algo) return buf; } + +/* Return the sop called KEYGRIP which is the SHA-1 hash of the public + key parameters expressed as an canoncial encoded S-Exp. array must + be 20 bytes long. returns the array or a newly allocated one if the + passed one was NULL */ +char * +gpgsm_get_keygrip (KsbaCert cert, char *array) +{ + GCRY_SEXP s_pkey; + int rc, len; + char *buf, *p; + + p = ksba_cert_get_public_key (cert); + if (!p) + return NULL; /* oops */ + + if (DBG_X509) + log_debug ("get_keygrip, public key: %s\n", p); + rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p)); + if (rc) + { + log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); + return NULL; + } + /* and now convert it into canoncial form - fixme: we should modify + libksba to return it in this form */ + len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); + assert (len); + buf = xmalloc (len); + len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len); + assert (len); + + if (!array) + array = xmalloc (20); + + gcry_md_hash_buffer (GCRY_MD_SHA1, array, buf, len); + xfree (buf); + + return array; +} + +/* Return an allocated buffer with the keygrip of CERT in from of an + hexstring. NULL is returned in case of error */ +char * +gpgsm_get_keygrip_hexstring (KsbaCert cert) +{ + unsigned char grip[20]; + char *buf, *p; + int i; + + gpgsm_get_keygrip (cert, grip); + buf = p = xmalloc (20*2+1); + for (i=0; i < 20; i++, p += 2 ) + sprintf (p, "%02X", grip[i]); + return buf; +} + |