gpg: Changes to allow direct key generation from an OpenPGP card.

* g10/call-agent.h (struct keypair_info_s): Add fields keytime and
usage.
* g10/call-agent.c (struct keypairinfo_cb_parm_s): New.
(scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data.
(agent_scd_keypairinfo): Change accordingly.
(agent_scd_readkey): Add arg ctrl and change callers.  Change return
arg from an strlist_t to a keypair_info_t.
(readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME.
* g10/keygen.c (pSUBKEYCREATIONDATE): New.
(pAUTHKEYCREATIONDATE): New.
(get_parameter_u32): Allow for new parameters.
(do_create_from_keygrip): For card keys use direct scd call which does
not create a stub file.
(ask_algo): Rework to use the new keypair_info_t as return from
agent_scd_keypairinfo.
(parse_key_parameter_part): Likewise.  Also get and return the key
creation time using a arg.
(parse_key_parameter_string): New args r_keytime and r_subkeytime.
(parse_algo_usage_expire): New arg r_keytime.
(proc_parameter_file): Ignore the explict pCREATIONDATE for card keys.
(quickgen_set_para): New arg keytime.
(quick_generate_keypair): Get the keytimes and set the pCARDKEY flag.
(generate_keypair): Likewise.
(do_generate_keypair): Implement the cardkey with keytime thingy.
(generate_subkeypair): Use the keytime parameters.
* g10/keygen.c (pAUTHKEYCREATIONDATE): New.  Not yet set but may come
handy later.
(get_parameter_u32): Take care of that.
(do_generate_keypair): For cardkeys sign with the current time.
--

Key generation direct from the card used to work for all cards except
the OpenPGP cards. The key generation from card using an OpenPGP card
is special because the fingerprint is stored on the card and we must
make sure that the newly created key has the same fingerprint.  This
requires that we take the key creation date as stored on the card into
account.

Along with the recent change in gpg-agent this change also fixes a
problem with existing stub files.

Note that with a key take from a card the self-signature are created
with the current time and not the creation time.  This allows to
better distinguish keys created using the same card.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 8 insertions, 5 deletions

diff --git a/g10/call-agent.h b/g10/call-agent.h
index d4586fa0a..b8199db15 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -82,9 +82,12 @@ struct agent_card_info_s
 struct keypair_info_s
 {
   struct keypair_info_s *next;
-  char keygrip[41];
-  char *serialno;
-  char *idstr;     /* (aka keyref) */
+  char keygrip[2 * KEYGRIP_LEN + 1];  /* Stored in hex.  */
+  char *serialno;      /* NULL or the malloced serialno.  */
+  char *idstr;         /* Malloced keyref (e.g. "OPENPGP.1") */
+  unsigned int usage;  /* Key usage flags.  */
+  u32 keytime;         /* Key creation time from the card's DO.  */
+  int algo;            /* Helper to store the pubkey algo.       */
 };
 typedef struct keypair_info_s *keypair_info_t;
 
@@ -96,7 +99,7 @@ int agent_scd_learn (struct agent_card_info_s *info, int force);
 
 /* Get the keypariinfo directly from scdaemon.  */
 gpg_error_t agent_scd_keypairinfo (ctrl_t ctrl, const char *keyref,
-                                   strlist_t *r_list);
+                                   keypair_info_t *r_list);
 
 /* Return list of cards.  */
 int agent_scd_cardlist (strlist_t *result);
@@ -140,7 +143,7 @@ int agent_scd_readcert (const char *certidstr,
                         void **r_buf, size_t *r_buflen);
 
 /* Send a READKEY command to the SCdaemon.  */
-gpg_error_t agent_scd_readkey (const char *keyrefstr,
+gpg_error_t agent_scd_readkey (ctrl_t ctrl, const char *keyrefstr,
                                gcry_sexp_t *r_result, u32 *r_keytime);
 
 /* Change the PIN of an OpenPGP card or reset the retry counter. */