1
/* pksign.c - public key signing (well, actually using a secret key)
2
* Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
4
* This file is part of GnuPG.
6
* GnuPG is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* GnuPG is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
35
do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash,
47
s = gcry_md_algo_name (algo);
48
if (s && strlen (s) < 16)
50
for (i=0; i < strlen (s); i++)
51
tmp[i] = tolower (s[i]);
55
rc = gcry_sexp_build (&hash, NULL,
56
"(data (flags pkcs1) (hash %s %b))",
63
rc = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, md, mdlen, NULL);
66
rc = gcry_sexp_build (&hash, NULL,
67
"(data (flags raw) (value %m))",
69
gcry_mpi_release (mpi);
79
/* SIGN whatever information we have accumulated in CTRL and return
80
the signature S-Expression. */
82
agent_pksign_do (CTRL ctrl, const char *desc_text,
83
gcry_sexp_t *signature_sexp, int ignore_cache)
85
gcry_sexp_t s_skey = NULL, s_sig = NULL;
86
unsigned char *shadow_info = NULL;
87
unsigned int rc = 0; /* FIXME: gpg-error? */
89
if (! ctrl->have_keygrip)
90
return gpg_error (GPG_ERR_NO_SECKEY);
92
rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip,
93
&shadow_info, ignore_cache, &s_skey);
96
log_error ("failed to read the secret key\n");
102
/* divert operation to the smartcard */
104
unsigned char *buf = NULL;
107
rc = divert_pksign (ctrl,
109
ctrl->digest.valuelen,
114
log_error ("smartcard signing failed: %s\n", gpg_strerror (rc));
117
len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
120
rc = gcry_sexp_sscan (&s_sig, NULL, buf, len);
124
log_error ("failed to convert sigbuf returned by divert_pksign "
125
"into S-Exp: %s", gpg_strerror (rc));
131
/* no smartcard, but a private key */
133
gcry_sexp_t s_hash = NULL;
135
/* put the hash into a sexp */
136
rc = do_encode_md (ctrl->digest.value,
137
ctrl->digest.valuelen,
140
ctrl->digest.raw_value);
146
log_debug ("skey: ");
147
gcry_sexp_dump (s_skey);
151
rc = gcry_pk_sign (&s_sig, s_hash, s_skey);
152
gcry_sexp_release (s_hash);
155
log_error ("signing failed: %s\n", gpg_strerror (rc));
161
log_debug ("result: ");
162
gcry_sexp_dump (s_sig);
168
*signature_sexp = s_sig;
170
gcry_sexp_release (s_skey);
176
/* SIGN whatever information we have accumulated in CTRL and write it
179
agent_pksign (CTRL ctrl, const char *desc_text,
180
membuf_t *outbuf, int ignore_cache)
182
gcry_sexp_t s_sig = NULL;
187
rc = agent_pksign_do (ctrl, desc_text, &s_sig, ignore_cache);
191
len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, NULL, 0);
194
len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, buf, len);
197
put_membuf (outbuf, buf, len);
200
gcry_sexp_release (s_sig);