Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas K. Huettel (dilfridge) <dilfridge@gentoo.org>2013-04-07 14:44:39 +0200
committerAndreas K. Huettel (dilfridge) <dilfridge@gentoo.org>2013-04-07 14:44:39 +0200
commitff25c606dd12653a4af140567c704d3f75d15208 (patch)
tree71efaf3c7fbac68dfa80b4f6bf199f63f0c5f32a
parent[app-crypt/gnupg] copy from main tree (diff)
downloaddilfridge-ff25c606dd12653a4af140567c704d3f75d15208.tar.gz
dilfridge-ff25c606dd12653a4af140567c704d3f75d15208.tar.bz2
dilfridge-ff25c606dd12653a4af140567c704d3f75d15208.zip
[app-crypt/gnupg] made unkeyworded version with 4096bit card key patch
Package-Manager: portage-2.2.0_alpha171
Diffstat
-rw-r--r--app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch184
-rw-r--r--app-crypt/gnupg/gnupg-2.0.19-r2.ebuild (renamed from app-crypt/gnupg/gnupg-2.0.19-r1.ebuild)3
2 files changed, 186 insertions, 1 deletions
diff --git a/app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch b/app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch
new file mode 100644
index 0000000..39810e0
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.0.19-card4096.patch
@@ -0,0 +1,184 @@
+From ab4ea45f54006eba55db11263431c4c0c4f557dc Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Tue, 6 Nov 2012 14:39:22 +0100
+Subject: [PATCH] Allow decryption with card keys > 3072 bit
+
+* scd/command.c (MAXLEN_SETDATA): New.
+(cmd_setdata): Add option --append.
+* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data
+
+* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
+(app_select_openpgp): Store manufacturer.
+(do_decipher): Print a note for broken cards.
+
+--
+
+Please note that I was not able to run a full test because I only have
+broken cards (S/N < 346) available.
+
+--
+
+Had to re-do the patch because of a whitespace change that made one hunk
+fail. dilfridge@gentoo.org
+
+---
+ g10/call-agent.c | 22 ++++++++++++++--------
+ scd/app-openpgp.c | 10 ++++++++++
+ scd/command.c | 38 ++++++++++++++++++++++++++++++++------
+ 3 files changed, 56 insertions(+), 14 deletions(-)
+
+diff -ruN gnupg-2.0.19.orig/g10/call-agent.c gnupg-2.0.19/g10/call-agent.c
+--- gnupg-2.0.19.orig/g10/call-agent.c 2012-03-27 10:00:37.000000000 +0200
++++ gnupg-2.0.19/g10/call-agent.c 2013-04-06 23:16:53.000000000 +0200
+@@ -1034,7 +1034,7 @@
+
+
+ /* Decrypt INDATA of length INDATALEN using the card identified by
+- SERIALNO. Return the plaintext in a nwly allocated buffer stored
++ SERIALNO. Return the plaintext in a newly allocated buffer stored
+ at the address of R_BUF.
+
+ Note, we currently support only RSA or more exactly algorithms
+@@ -1058,20 +1058,26 @@
+ return rc;
+
+ /* FIXME: use secure memory where appropriate */
+- if (indatalen*2 + 50 > DIM(line))
+- return gpg_error (GPG_ERR_GENERAL);
+
+ rc = select_openpgp (serialno);
+ if (rc)
+ return rc;
+
+- sprintf (line, "SCD SETDATA ");
+- p = line + strlen (line);
+- for (i=0; i < indatalen ; i++, p += 2 )
+- sprintf (p, "%02X", indata[i]);
+- rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
++ for (len = 0; len < indatalen;)
++ {
++ p = stpcpy (line, "SCD SETDATA ");
++ if (len)
++ p = stpcpy (p, "--append ");
++ for (i=0; len < indatalen && (i*2 < DIM(line)-50); i++, len++)
++ {
++ sprintf (p, "%02X", indata[len]);
++ p += 2;
++ }
++ rc = assuan_transact (agent_ctx, line,
++ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return rc;
++ }
+
+ init_membuf (&data, 1024);
+ snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno);
+diff -ruN gnupg-2.0.19.orig/scd/app-openpgp.c gnupg-2.0.19/scd/app-openpgp.c
+--- gnupg-2.0.19.orig/scd/app-openpgp.c 2012-03-27 10:00:38.000000000 +0200
++++ gnupg-2.0.19/scd/app-openpgp.c 2013-04-06 23:16:53.000000000 +0200
+@@ -158,6 +158,8 @@
+
+ unsigned char status_indicator; /* The card status indicator. */
+
++ unsigned int manufacturer:16; /* Manufacturer ID from the s/n. */
++
+ /* Keep track of the ISO card capabilities. */
+ struct
+ {
+@@ -3426,6 +3428,12 @@
+ indata, indatalen, le_value, padind,
+ outdata, outdatalen);
+ xfree (fixbuf);
++
++ if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */
++ && app->app_local->manufacturer == 5
++ && app->card_version == 0x0200)
++ log_info ("NOTE: Cards with manufacturer id 5 and s/n <= 346 (0x15a)"
++ " do not work with encryption keys > 2048 bits\n");
+ }
+
+ return rc;
+@@ -3713,6 +3721,8 @@
+ goto leave;
+ }
+
++ app->app_local->manufacturer = manufacturer;
++
+ if (app->card_version >= 0x0200)
+ app->app_local->extcap.is_v2 = 1;
+
+diff -ruN gnupg-2.0.19.orig/scd/command.c gnupg-2.0.19/scd/command.c
+--- gnupg-2.0.19.orig/scd/command.c 2012-03-27 10:00:38.000000000 +0200
++++ gnupg-2.0.19/scd/command.c 2013-04-06 23:22:55.000000000 +0200
+@@ -46,6 +46,9 @@
+ /* Maximum allowed size of key data as used in inquiries. */
+ #define MAXLEN_KEYDATA 4096
+
++/* Maximum allowed total data size for SETDATA. */
++#define MAXLEN_SETDATA 4096
++
+ /* Maximum allowed size of certificate data as used in inquiries. */
+ #define MAXLEN_CERTDATA 16384
+
+@@ -799,17 +802,24 @@
+
+
+ static const char hlp_setdata[] =
+- "SETDATA <hexstring> \n"
++ "SETDATA [--append] <hexstring>\n"
+ "\n"
+- "The client should use this command to tell us the data he want to sign.";
++ "The client should use this command to tell us the data he want to sign.\n"
++ "With the option --append, the data is appended to the data set by a\n"
++ "previous SETDATA command.";
+ static gpg_error_t
+ cmd_setdata (assuan_context_t ctx, char *line)
+ {
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+- int n;
++ int append;
++ int n, i, off;
+ char *p;
+ unsigned char *buf;
+
++ append = (ctrl->in_data.value && has_option (line, "--append"));
++
++ line = skip_options (line);
++
+ if (locked_session && locked_session != ctrl->server_local)
+ return gpg_error (GPG_ERR_LOCKED);
+
+@@ -823,14 +833,30 @@
+ if ((n&1))
+ return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits");
+ n /= 2;
++ if (append)
++ {
++ if (ctrl->in_data.valuelen + n > MAXLEN_SETDATA)
++ return set_error (GPG_ERR_TOO_LARGE,
++ "limit on total size of data reached");
++ buf = xtrymalloc (ctrl->in_data.valuelen + n);
++ }
++ else
+ buf = xtrymalloc (n);
+ if (!buf)
+ return out_of_core ();
+
++ if (append)
++ {
++ memcpy (buf, ctrl->in_data.value, ctrl->in_data.valuelen);
++ off = ctrl->in_data.valuelen;
++ }
++ else
++ off = 0;
++ for (p=line, i=0; i < n; p += 2, i++)
++ buf[off+i] = xtoi_2 (p);
++
+ ctrl->in_data.value = buf;
+- ctrl->in_data.valuelen = n;
+- for (p=line, n=0; n < ctrl->in_data.valuelen; p += 2, n++)
+- buf[n] = xtoi_2 (p);
++ ctrl->in_data.valuelen = off + n;
+ return 0;
+ }
+
diff --git a/app-crypt/gnupg/gnupg-2.0.19-r1.ebuild b/app-crypt/gnupg/gnupg-2.0.19-r2.ebuild
index b39f854..2e9624c 100644
--- a/app-crypt/gnupg/gnupg-2.0.19-r1.ebuild
+++ b/app-crypt/gnupg/gnupg-2.0.19-r2.ebuild
@@ -13,7 +13,7 @@ SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS=""
IUSE="adns bzip2 doc ldap nls mta readline static selinux smartcard usb"
COMMON_DEPEND_LIBS="
@@ -58,6 +58,7 @@ REQUIRED_USE="smartcard? ( !static )"
src_prepare() {
epatch "${FILESDIR}"/${PN}-2.0.17-gpgsm-gencert.patch
+ epatch "${FILESDIR}"/${PN}-2.0.19-card4096.patch
}
src_configure() {