[rs-commit] r44 - /redwax-signtext/trunk/src/linux/crypto.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Mon Sep 12 19:31:30 CEST 2022
Author: minfrin at redwax.eu
Date: Mon Sep 12 19:31:29 2022
New Revision: 44
Log:
Move all signerinfo manipulation after the setting of certificates.
Modified:
redwax-signtext/trunk/src/linux/crypto.c
Modified: redwax-signtext/trunk/src/linux/crypto.c
==============================================================================
--- redwax-signtext/trunk/src/linux/crypto.c (original)
+++ redwax-signtext/trunk/src/linux/crypto.c Mon Sep 12 19:31:29 2022
@@ -912,6 +912,8 @@
GcrPkcs11Certificate *certificate;
GError *gerror = NULL;
+ gpg_error_t err;
+
g_printerr("crypto_sign_lookup\n");
certificate = GCR_PKCS11_CERTIFICATE(gcr_pkcs11_certificate_lookup_issuer_finish(res, &gerror));
@@ -926,8 +928,6 @@
const guint8 *der;
gsize der_len;
- gpg_error_t err;
-
der = gcr_certificate_get_der_data(GCR_CERTIFICATE(certificate), &der_len);
if (!der) {
gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "Certificate could not be decoded");
@@ -952,13 +952,104 @@
goto fatal;
}
- ksba_cert_release (cert);
+// ksba_cert_release (cert);
gcr_pkcs11_certificate_lookup_issuer_async(GCR_CERTIFICATE(certificate), instance->signtext->cancellable, crypto_sign_lookup, instance);
}
else {
+
+ GTimeZone *utc;
+ GDateTime *now;
+ ksba_isotime_t signed_time;
+
+ err = ksba_writer_new (&instance->w);
+ if (err) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_writer_new failed: %s", gpg_strerror (err));
+ goto fatal;
+ }
+
+ err = ksba_writer_set_cb (instance->w, pem_writer_cb, instance);
+ if (err) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_writer_set_cb failed: %s", gpg_strerror (err));
+ goto fatal;
+ }
+
+ err = ksba_cms_set_reader_writer (instance->cms, NULL, instance->w);
+ if (err) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_set_reader_writer failed: %s", gpg_strerror (err));
+ goto fatal;
+ }
+
+ err = ksba_cms_add_digest_algo (instance->cms, instance->hash_oid);
+ if (err) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_add_digest_algo '%s' failed: %s", instance->hash_oid, gpg_strerror (err));
+ goto fatal;
+ }
+
+ err = gcry_md_open (&instance->data_md, 0, 0);
+ if (err) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "gcry_md_open failed: %s", gpg_strerror (err));
+ goto fatal;
+ }
+
+ gcry_md_enable (instance->data_md, instance->hash_alg);
+
+ g_printerr("crypto_sign_lookup: after\n");
+
+ if (instance->detached) {
+
+ GtkTextIter start_iter, end_iter;
+ char *text;
+
+ unsigned char *digest;
+ size_t digest_len;
+
+ /*
+ * Hash the content of the buffer in one go.
+ */
+ gtk_text_buffer_get_start_iter( instance->buffer, &start_iter);
+ gtk_text_buffer_get_end_iter( instance->buffer, &end_iter);
+
+ text = gtk_text_buffer_get_text( instance->buffer, &start_iter, &end_iter, FALSE);
+
+ gcry_md_write (instance->data_md, text, strlen(text));
+
+ g_free(text);
+
+ digest = gcry_md_read (instance->data_md, instance->hash_alg);
+ digest_len = gcry_md_get_algo_dlen (instance->hash_alg);
+ if (!digest || !digest_len) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "gcry_md_read / gcry_md_get_algo_dlen failed");
+ goto fatal;
+ }
+
+ err = ksba_cms_set_message_digest (instance->cms, 0, digest, digest_len);
+ if (err) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_set_message_digest failed: %s", gpg_strerror (err));
+ goto fatal;
+ }
+
+ }
+
+ utc = g_time_zone_new_utc();
+ now = g_date_time_new_now(utc);
+
+ snprintf (signed_time, 16, "%04d%02d%02dT%02d%02d%02d",
+ g_date_time_get_year(now), g_date_time_get_month(now), g_date_time_get_day_of_month(now),
+ g_date_time_get_hour(now), g_date_time_get_minute(now), g_date_time_get_second(now));
+
+ g_date_time_unref(now);
+ g_time_zone_unref(utc);
+
+g_printerr("crypto_sign_lookup: %.16s\n", signed_time);
+
+ err = ksba_cms_set_signing_time (instance->cms, 0, signed_time);
+ if (err) {
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_set_signing_time failed: %s", gpg_strerror (err));
+ goto fatal;
+ }
crypto_open_session (instance);
@@ -987,9 +1078,6 @@
crypto_sign(SignTextInstance *instance)
{
GError *gerror = NULL;
- GTimeZone *utc;
- GDateTime *now;
- ksba_isotime_t signed_time;
const guint8 *der;
gsize der_len;
gpg_error_t err;
@@ -1084,94 +1172,13 @@
goto fatal;
}
- err = ksba_cms_add_digest_algo (instance->cms, instance->hash_oid);
+ err = ksba_cms_add_cert (instance->cms, instance->signer);
if (err) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_add_digest_algo '%s' failed: %s", instance->hash_oid, gpg_strerror (err));
+ gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_add_cert failed: %s", gpg_strerror (err));
goto fatal;
}
- err = gcry_md_open (&instance->data_md, 0, 0);
- if (err) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "gcry_md_open failed: %s", gpg_strerror (err));
- goto fatal;
- }
-
- gcry_md_enable (instance->data_md, instance->hash_alg);
-
- g_printerr("crypto_sign: after\n");
-
- if (instance->detached) {
-
- GtkTextIter start_iter, end_iter;
- char *text;
-
- unsigned char *digest;
- size_t digest_len;
-
- /*
- * Hash the content of the buffer in one go.
- */
- gtk_text_buffer_get_start_iter( instance->buffer, &start_iter);
- gtk_text_buffer_get_end_iter( instance->buffer, &end_iter);
-
- text = gtk_text_buffer_get_text( instance->buffer, &start_iter, &end_iter, FALSE);
-
- gcry_md_write (instance->data_md, text, strlen(text));
-
- g_free(text);
-
- digest = gcry_md_read (instance->data_md, instance->hash_alg);
- digest_len = gcry_md_get_algo_dlen (instance->hash_alg);
- if (!digest || !digest_len) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "gcry_md_read / gcry_md_get_algo_dlen failed");
- goto fatal;
- }
-
- err = ksba_cms_set_message_digest (instance->cms, 0, digest, digest_len);
- if (err) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_set_message_digest failed: %s", gpg_strerror (err));
- goto fatal;
- }
-
- }
-
- utc = g_time_zone_new_utc();
- now = g_date_time_new_now(utc);
-
- snprintf (signed_time, 16, "%04d%02d%02dT%02d%02d%02d",
- g_date_time_get_year(now), g_date_time_get_month(now), g_date_time_get_day_of_month(now),
- g_date_time_get_hour(now), g_date_time_get_minute(now), g_date_time_get_second(now));
-
- g_date_time_unref(now);
- g_time_zone_unref(utc);
-
-g_printerr("crypto_sign: %.16s\n", signed_time);
-
- err = ksba_cms_set_signing_time (instance->cms, 0, signed_time);
- if (err) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_set_signing_time failed: %s", gpg_strerror (err));
- goto fatal;
- }
-
//ksba_cert_release (instance->signer);
-
- err = ksba_writer_new (&instance->w);
- if (err) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_writer_new failed: %s", gpg_strerror (err));
- goto fatal;
- }
-
- err = ksba_writer_set_cb (instance->w, pem_writer_cb, instance);
- if (err) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_writer_set_cb failed: %s", gpg_strerror (err));
- goto fatal;
- }
-
- err = ksba_cms_set_reader_writer (instance->cms, NULL, instance->w);
- if (err) {
- gerror = g_error_new(RST_CORE_ERROR, RST_CORE_ERROR_SIGN_ERROR, "ksba_cms_set_reader_writer failed: %s", gpg_strerror (err));
- goto fatal;
- }
gcr_pkcs11_certificate_lookup_issuer_async(GCR_CERTIFICATE(instance->certificate), instance->signtext->cancellable, crypto_sign_lookup, instance);
More information about the rs-commit
mailing list