[Pkg-gnupg-commit] [gnupg2] 42/159: g10: Remove deprecated internal functions.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 27 13:23:52 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 72eaff1aa610f3c89a755f212760157e1932d847
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Fri Dec 18 10:18:22 2015 +0900
g10: Remove deprecated internal functions.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
--
Now, key generation is done by gpg-agent. Asking passphrase is done
through pinentry invoked by gpg-agent. It is done by
new internal function of card_store_key_with_backup.
---
g10/keygen.c | 404 -----------------------------------------------------------
1 file changed, 404 deletions(-)
diff --git a/g10/keygen.c b/g10/keygen.c
index 9259ff3..c50e04d 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2701,56 +2701,6 @@ ask_user_id (int mode, int full, KBNODE keyblock)
}
-/* MODE 0 - standard
- 1 - Ask for passphrase of the card backup key. */
-#if 0
-static DEK *
-do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
-{
- DEK *dek = NULL;
- STRING2KEY *s2k;
- const char *errtext = NULL;
- const char *custdesc = NULL;
-
- tty_printf(_("You need a Passphrase to protect your secret key.\n\n") );
-
- if (mode == 1)
- custdesc = _("Please enter a passphrase to protect the off-card "
- "backup of the new encryption key.");
-
- s2k = xmalloc_secure( sizeof *s2k );
- for(;;) {
- s2k->mode = opt.s2k_mode;
- s2k->hash_algo = S2K_DIGEST_ALGO;
- dek = passphrase_to_dek_ext (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
- errtext, custdesc, NULL, r_canceled);
- if (!dek && *r_canceled) {
- xfree(dek); dek = NULL;
- xfree(s2k); s2k = NULL;
- break;
- }
- else if( !dek ) {
- errtext = N_("passphrase not correctly repeated; try again");
- tty_printf(_("%s.\n"), _(errtext));
- }
- else if( !dek->keylen ) {
- xfree(dek); dek = NULL;
- xfree(s2k); s2k = NULL;
- tty_printf(_(
- "You don't want a passphrase - this is probably a *bad* idea!\n"
- "I will do it anyway. You can change your passphrase at any time,\n"
- "using this program with the option \"--edit-key\".\n\n"));
- break;
- }
- else
- break; /* okay */
- }
- *ret_s2k = s2k;
- return dek;
-}
-#endif /* 0 */
-
-
/* Basic key generation. Here we divert to the actual generation
routines based on the requested algorithm. */
static int
@@ -3850,104 +3800,6 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
}
-#if 0 /* not required */
-/* Generate a raw key and return it as a secret key packet. The
- function will ask for the passphrase and return a protected as well
- as an unprotected copy of a new secret key packet. 0 is returned
- on success and the caller must then free the returned values. */
-static int
-generate_raw_key (int algo, unsigned int nbits, u32 created_at,
- PKT_secret_key **r_sk_unprotected,
- PKT_secret_key **r_sk_protected)
-{
- int rc;
- DEK *dek = NULL;
- STRING2KEY *s2k = NULL;
- PKT_secret_key *sk = NULL;
- int i;
- size_t nskey, npkey;
- gcry_sexp_t s_parms, s_key;
- int canceled;
-
- npkey = pubkey_get_npkey (algo);
- nskey = pubkey_get_nskey (algo);
- assert (nskey <= PUBKEY_MAX_NSKEY && npkey < nskey);
-
- if (nbits < 512)
- {
- nbits = 512;
- log_info (_("keysize invalid; using %u bits\n"), nbits );
- }
-
- if ((nbits % 32))
- {
- nbits = ((nbits + 31) / 32) * 32;
- log_info(_("keysize rounded up to %u bits\n"), nbits );
- }
-
- dek = do_ask_passphrase (&s2k, 1, &canceled);
- if (canceled)
- {
- rc = gpg_error (GPG_ERR_CANCELED);
- goto leave;
- }
-
- sk = xmalloc_clear (sizeof *sk);
- sk->timestamp = created_at;
- sk->version = 4;
- sk->pubkey_algo = algo;
-
- if ( !is_RSA (algo) )
- {
- log_error ("only RSA is supported for offline generated keys\n");
- rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
- goto leave;
- }
- rc = gcry_sexp_build (&s_parms, NULL,
- "(genkey(rsa(nbits %d)))",
- (int)nbits);
- if (rc)
- log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
- rc = gcry_pk_genkey (&s_key, s_parms);
- gcry_sexp_release (s_parms);
- if (rc)
- {
- log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
- goto leave;
- }
- rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
- gcry_sexp_release (s_key);
- if (rc)
- {
- log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
- goto leave;
- }
-
- for (i=npkey; i < nskey; i++)
- sk->csum += checksum_mpi (sk->skey[i]);
-
- if (r_sk_unprotected)
- *r_sk_unprotected = copy_secret_key (NULL, sk);
-
- rc = genhelp_protect (dek, s2k, sk);
- if (rc)
- goto leave;
-
- if (r_sk_protected)
- {
- *r_sk_protected = sk;
- sk = NULL;
- }
-
- leave:
- if (sk)
- free_secret_key (sk);
- xfree (dek);
- xfree (s2k);
- return rc;
-}
-#endif /* ENABLE_CARD_SUPPORT */
-
/* Create and delete a dummy packet to start off a list of kbnodes. */
static void
start_tree(KBNODE *tree)
@@ -4724,259 +4576,3 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif /*!ENABLE_CARD_SUPPORT*/
}
-
-
-
-static int
-gen_card_key_with_backup (int algo, int keyno, int is_primary,
- KBNODE pub_root, u32 timestamp,
- u32 expireval, struct para_data_s *para)
-{
-#if ENABLE_CARD_SUPPORT && 0
- /* FIXME: Move this to gpg-agent. */
- int rc;
- const char *s;
- PACKET *pkt;
- PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
- PKT_public_key *pk;
- size_t n;
- int i;
- unsigned int nbits;
-
- /* Get the size of the key directly from the card. */
- {
- struct agent_card_info_s info;
-
- memset (&info, 0, sizeof info);
- if (!agent_scd_getattr ("KEY-ATTR", &info)
- && info.key_attr[1].algo)
- nbits = info.key_attr[1].nbits;
- else
- nbits = 1024; /* All pre-v2.0 cards. */
- agent_release_card_info (&info);
- }
-
- /* Create a key of this size in memory. */
- rc = generate_raw_key (algo, nbits, timestamp,
- &sk_unprotected, &sk_protected);
- if (rc)
- return rc;
-
- /* Store the key to the card. */
- rc = save_unprotected_key_to_card (sk_unprotected, keyno);
- if (rc)
- {
- log_error (_("storing key onto card failed: %s\n"), gpg_strerror (rc));
- free_secret_key (sk_unprotected);
- free_secret_key (sk_protected);
- write_status_errcode ("save_key_to_card", rc);
- return rc;
- }
-
- /* Get rid of the secret key parameters and store the serial numer. */
- sk = sk_unprotected;
- n = pubkey_get_nskey (sk->pubkey_algo);
- for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
- {
- gcry_mpi_release (sk->skey[i]);
- sk->skey[i] = NULL;
- }
- i = pubkey_get_npkey (sk->pubkey_algo);
- sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
- sk->is_protected = 1;
- sk->protect.s2k.mode = 1002;
- s = get_parameter_value (para, pSERIALNO);
- assert (s);
- for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
- sk->protect.ivlen++, s += 2)
- sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
-
- /* Now write the *protected* secret key to the file. */
- {
- char name_buffer[50];
- char *fname;
- IOBUF fp;
- mode_t oldmask;
-
- keyid_from_sk (sk, NULL);
- snprintf (name_buffer, sizeof name_buffer, "sk_%08lX%08lX.gpg",
- (ulong)sk->keyid[0], (ulong)sk->keyid[1]);
-
- fname = make_filename (backup_dir, name_buffer, NULL);
- /* Note that the umask call is not anymore needed because
- iobuf_create now takes care of it. However, it does not harm
- and thus we keep it. */
- oldmask = umask (077);
- if (is_secured_filename (fname))
- {
- fp = NULL;
- gpg_err_set_errno (EPERM);
- }
- else
- fp = iobuf_create (fname, 1);
- umask (oldmask);
- if (!fp)
- {
- rc = gpg_error_from_syserror ();
- log_error (_("can't create backup file '%s': %s\n"),
- fname, strerror(errno) );
- xfree (fname);
- free_secret_key (sk_unprotected);
- free_secret_key (sk_protected);
- return rc;
- }
-
- pkt = xcalloc (1, sizeof *pkt);
- pkt->pkttype = PKT_SECRET_KEY;
- pkt->pkt.secret_key = sk_protected;
- sk_protected = NULL;
-
- rc = build_packet (fp, pkt);
- if (rc)
- {
- log_error("build packet failed: %s\n", gpg_strerror (rc));
- iobuf_cancel (fp);
- }
- else
- {
- unsigned char array[MAX_FINGERPRINT_LEN];
- char *fprbuf, *p;
-
- iobuf_close (fp);
- iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
- log_info (_("Note: backup of card key saved to '%s'\n"), fname);
-
- fingerprint_from_sk (sk, array, &n);
- p = fprbuf = xmalloc (MAX_FINGERPRINT_LEN*2 + 1 + 1);
- for (i=0; i < n ; i++, p += 2)
- sprintf (p, "%02X", array[i]);
- *p++ = ' ';
- *p = 0;
-
- write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED,
- fprbuf,
- fname, strlen (fname),
- 0);
- xfree (fprbuf);
- }
- free_packet (pkt);
- xfree (pkt);
- xfree (fname);
- if (rc)
- {
- free_secret_key (sk_unprotected);
- return rc;
- }
- }
-
- /* Create the public key from the secret key. */
- pk = xcalloc (1, sizeof *pk );
- pk->timestamp = sk->timestamp;
- pk->version = sk->version;
- if (expireval)
- pk->expiredate = sk->expiredate = sk->timestamp + expireval;
- pk->pubkey_algo = sk->pubkey_algo;
- n = pubkey_get_npkey (sk->pubkey_algo);
- for (i=0; i < n; i++)
- pk->pkey[i] = mpi_copy (sk->skey[i]);
-
- /* Build packets and add them to the node lists. */
- pkt = xcalloc (1,sizeof *pkt);
- pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
- pkt->pkt.public_key = pk;
- add_kbnode(pub_root, new_kbnode( pkt ));
-
- pkt = xcalloc (1,sizeof *pkt);
- pkt->pkttype = is_primary ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
- pkt->pkt.secret_key = sk;
- add_kbnode(sec_root, new_kbnode( pkt ));
-
- return 0;
-#else
-# if __GCC__ && ENABLE_CARD_SUPPORT
-# warning Card support still missing
-# endif
- (void)algo;
- (void)keyno;
- (void)is_primary;
- (void)pub_root;
- (void)timestamp;
- (void)expireval;
- (void)para;
- return gpg_error (GPG_ERR_NOT_SUPPORTED);
-#endif /*!ENABLE_CARD_SUPPORT*/
-}
-
-
-#if 0
-int
-save_unprotected_key_to_card (PKT_public_key *sk, int keyno)
-{
- int rc;
- unsigned char *rsa_n = NULL;
- unsigned char *rsa_e = NULL;
- unsigned char *rsa_p = NULL;
- unsigned char *rsa_q = NULL;
- size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
- unsigned char *sexp = NULL;
- unsigned char *p;
- char numbuf[55], numbuf2[50];
-
- assert (is_RSA (sk->pubkey_algo));
- assert (!sk->is_protected);
-
- /* Copy the parameters into straight buffers. */
- gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
- gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
- gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[3]);
- gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[4]);
- if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
- {
- rc = GPG_ERR_INV_ARG;
- goto leave;
- }
-
- /* Put the key into an S-expression. */
- sexp = p = xmalloc_secure (30
- + rsa_n_len + rsa_e_len + rsa_p_len + rsa_q_len
- + 4*sizeof (numbuf) + 25 + sizeof(numbuf) + 20);
-
- p = stpcpy (p,"(11:private-key(3:rsa(1:n");
- sprintf (numbuf, "%u:", (unsigned int)rsa_n_len);
- p = stpcpy (p, numbuf);
- memcpy (p, rsa_n, rsa_n_len);
- p += rsa_n_len;
-
- sprintf (numbuf, ")(1:e%u:", (unsigned int)rsa_e_len);
- p = stpcpy (p, numbuf);
- memcpy (p, rsa_e, rsa_e_len);
- p += rsa_e_len;
-
- sprintf (numbuf, ")(1:p%u:", (unsigned int)rsa_p_len);
- p = stpcpy (p, numbuf);
- memcpy (p, rsa_p, rsa_p_len);
- p += rsa_p_len;
-
- sprintf (numbuf, ")(1:q%u:", (unsigned int)rsa_q_len);
- p = stpcpy (p, numbuf);
- memcpy (p, rsa_q, rsa_q_len);
- p += rsa_q_len;
-
- p = stpcpy (p,"))(10:created-at");
- sprintf (numbuf2, "%lu", (unsigned long)sk->timestamp);
- sprintf (numbuf, "%lu:", (unsigned long)strlen (numbuf2));
- p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))");
-
- /* Fixme: Unfortunately we don't have the serialnumber available -
- thus we can't pass it down to the agent. */
- rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp);
-
- leave:
- xfree (sexp);
- xfree (rsa_n);
- xfree (rsa_e);
- xfree (rsa_p);
- xfree (rsa_q);
- return rc;
-}
-#endif /*ENABLE_CARD_SUPPORT*/
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list