diff options
Diffstat (limited to 'lib/opencdk/pubkey.c')
-rw-r--r-- | lib/opencdk/pubkey.c | 116 |
1 files changed, 38 insertions, 78 deletions
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c index 58d5c2fb25..8d4b5a906d 100644 --- a/lib/opencdk/pubkey.c +++ b/lib/opencdk/pubkey.c @@ -142,7 +142,7 @@ digest_to_sexp (gcry_sexp_t *r_md_sexp, int digest_algo, return CDK_Inv_Value; if (!mdlen) - mdlen = gcry_md_get_algo_dlen (digest_algo); + mdlen = _gnutls_hash_get_algo_len (digest_algo); if (!mdlen) return CDK_Inv_Algo; @@ -761,7 +761,7 @@ cdk_sk_unprotect (cdk_pkt_seckey_t sk, const char *pw) with the key as used by the Klima/Rosa attack */ sk->csum = 0; chksum = 1; - dlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1); + dlen = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1); if (ndata < dlen) { cdk_free (data); @@ -770,9 +770,19 @@ cdk_sk_unprotect (cdk_pkt_seckey_t sk, const char *pw) else { byte mdcheck[20]; + digest_hd_st md; + int err; - gcry_md_hash_buffer (GCRY_MD_SHA1, - mdcheck, data, ndata-dlen); + err = _gnutls_hash_init( &md, GNUTLS_DIG_SHA1); + if (err < 0) + { + cdk_free (data); + return CDK_Inv_Packet; + } + + _gnutls_hash( &md, data, ndata-dlen); + _gnutls_hash_deinit( &md, mdcheck); + if (!memcmp (mdcheck, data + ndata - dlen, dlen)) chksum = 0; /* Digest does match */ } @@ -842,10 +852,11 @@ cdk_sk_protect (cdk_pkt_seckey_t sk, const char *pw) gcry_cipher_hd_t hd = NULL; cdk_dek_t dek = NULL; cdk_s2k_t s2k; + digest_hd_st md; byte *p = NULL, buf[MAX_MPI_BYTES+2]; size_t enclen = 0, nskey, i, nbytes; - size_t dlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1); - gcry_error_t err; + size_t dlen = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1); + int err; cdk_error_t rc; nskey = cdk_pk_get_nskey (sk->pubkey_algo); @@ -915,8 +926,17 @@ cdk_sk_protect (cdk_pkt_seckey_t sk, const char *pw) sk->protect.sha1chk = 1; sk->is_protected = 1; sk->csum = 0; - - gcry_md_hash_buffer (GCRY_MD_SHA1, buf, p, enclen-dlen); + + err = _gnutls_hash_init( &md, GNUTLS_DIG_SHA1); + if (err < 0) + { + rc = map_gnutls_error(err); + goto leave; + } + + _gnutls_hash( &md, p, enclen-dlen); + _gnutls_hash_deinit( &md, buf); + memcpy (p + enclen - dlen, buf, dlen); gcry_cipher_encrypt (hd, p, enclen, NULL, 0); @@ -944,64 +964,6 @@ cdk_pk_from_secret_key (cdk_pkt_seckey_t sk, cdk_pubkey_t *ret_pk) } -#if 0 /* FIXME: Code is not finished yet. */ -cdk_error_t -cdk_pk_revoke_cert_create (cdk_pkt_seckey_t sk, int code, const char *inf, - char **ret_revcert) -{ - gcry_md_hd_t md; - cdk_subpkt_t node; - cdk_pkt_signature_t sig; - char *p = NULL, *dat; - gcry_error_t err; - cdk_error_t rc = 0; - size_t n; - - if (!sk || !ret_revcert) - return CDK_Inv_Value; - if(code < 0 || code > 3) - return CDK_Inv_Value; - - sig = cdk_calloc (1, sizeof *sig); - if (!sig) - return CDK_Out_Of_Core; - _cdk_sig_create (sk->pk, sig); - n = 1; - if (inf) - { - n += strlen (p); - p = cdk_utf8_encode (inf); - } - dat = cdk_calloc (1, n+1); - if (!dat) - { - _cdk_free_signature (sig); - return CDK_Out_Of_Core; - } - dat[0] = code; - if (inf) - memcpy (dat+1, p, strlen (p)); - cdk_free (p); - - node = cdk_subpkt_new (n); - if (node) - { - cdk_subpkt_init (node, CDK_SIGSUBPKT_REVOC_REASON, dat, n); - cdk_subpkt_add (sig->hashed, node); - } - cdk_free (dat); - - err = gcry_md_open (&md, GCRY_MD_SHA1, 0); - if (err) - rc = map_gcry_error (err); - else - _cdk_hash_pubkey (sk->pk, md, 0); - _cdk_free_signature (sig); - - return rc; -} -#endif - int _cdk_sk_get_csum (cdk_pkt_seckey_t sk) { @@ -1029,26 +991,24 @@ _cdk_sk_get_csum (cdk_pkt_seckey_t sk) cdk_error_t cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte *fpr) { - gcry_md_hd_t hd; + digest_hd_st hd; int md_algo; int dlen = 0; - gcry_error_t err; + int err; if (!pk || !fpr) return CDK_Inv_Value; if (pk->version < 4 && is_RSA (pk->pubkey_algo)) - md_algo = GCRY_MD_MD5; /* special */ + md_algo = GNUTLS_DIG_MD5; /* special */ else - md_algo = GCRY_MD_SHA1; - dlen = gcry_md_get_algo_dlen (md_algo); - err = gcry_md_open (&hd, md_algo, 0); - if (err) - return map_gcry_error (err); - _cdk_hash_pubkey (pk, hd, 1); - gcry_md_final (hd); - memcpy (fpr, gcry_md_read (hd, md_algo), dlen); - gcry_md_close (hd); + md_algo = GNUTLS_DIG_SHA1; + dlen = _gnutls_hash_get_algo_len (md_algo); + err = _gnutls_hash_init (&hd, md_algo); + if (err < 0) + return map_gnutls_error (err); + _cdk_hash_pubkey (pk, &hd, 1); + _gnutls_hash_deinit( &hd, fpr); if (dlen == 16) memset (fpr + 16, 0, 4); return 0; |