diff options
| author | NIIBE Yutaka <[email protected]> | 2021-10-22 06:20:00 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2021-10-22 06:20:00 +0000 |
| commit | a07ae85ec795e338af1bcbe288a3af4f21bb94ce (patch) | |
| tree | 71193124b2fece8ab8dc26422b94d3ebd36e3a1a | |
| parent | experiment: Support importing new 448 secret keys. (diff) | |
| download | gnupg-a07ae85ec795e338af1bcbe288a3af4f21bb94ce.tar.gz gnupg-a07ae85ec795e338af1bcbe288a3af4f21bb94ce.zip | |
experiment: Support exporting new 448 key (public/secret).
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | common/openpgp-misc.c | 20 | ||||
| -rw-r--r-- | common/openpgpdefs.h | 2 | ||||
| -rw-r--r-- | g10/export.c | 22 | ||||
| -rw-r--r-- | g10/keygen.c | 2 | ||||
| -rw-r--r-- | g10/pkglue.c | 2 |
5 files changed, 32 insertions, 16 deletions
diff --git a/common/openpgp-misc.c b/common/openpgp-misc.c index 0c2960c3c..2062b1d9d 100644 --- a/common/openpgp-misc.c +++ b/common/openpgp-misc.c @@ -53,34 +53,34 @@ openpgp_ecc_parse_key (pubkey_algo_t pkalgo, const char *curve, /* - * Fix up public key for OpenPGP adding the prefix. + * Fix up public/sec key for OpenPGP adding the prefix. */ gpg_error_t -openpgp_fixup_pubkey_448 (int algo, gcry_mpi_t *p_pubkey) +openpgp_fixup_key_448 (int algo, gcry_mpi_t *r_key) { - gcry_mpi_t pubkey_mpi; + gcry_mpi_t key_mpi; gcry_mpi_t a; unsigned char *p; const unsigned char *p_key; unsigned int nbits; unsigned int len; - pubkey_mpi = *p_pubkey; - *p_pubkey = NULL; - p_key = gcry_mpi_get_opaque (pubkey_mpi, &nbits); + key_mpi = *r_key; + *r_key = NULL; + p_key = gcry_mpi_get_opaque (key_mpi, &nbits); len = (nbits+7)/8; if ((algo == PUBKEY_ALGO_ECDH && len != 56) || (algo == PUBKEY_ALGO_EDDSA && len != 57) || (algo != PUBKEY_ALGO_ECDH && algo != PUBKEY_ALGO_EDDSA)) { - gcry_mpi_release (pubkey_mpi); + gcry_mpi_release (key_mpi); return gpg_error (GPG_ERR_BAD_PUBKEY); } p = xtrymalloc (1 + len); if (!p) { - gcry_mpi_release (pubkey_mpi); + gcry_mpi_release (key_mpi); return gpg_error_from_syserror (); } @@ -89,8 +89,8 @@ openpgp_fixup_pubkey_448 (int algo, gcry_mpi_t *p_pubkey) a = gcry_mpi_set_opaque (NULL, p, len*8+7); gcry_mpi_set_flag (a, GCRYMPI_FLAG_USER2); - *p_pubkey = a; - gcry_mpi_release (pubkey_mpi); + *r_key = a; + gcry_mpi_release (key_mpi); return 0; } diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h index 01a0e0edf..9552d622e 100644 --- a/common/openpgpdefs.h +++ b/common/openpgpdefs.h @@ -242,6 +242,6 @@ enum gcry_pk_algos map_openpgp_pk_to_gcry (pubkey_algo_t algo); /*-- openpgp-misc.c --*/ gcry_mpi_t openpgp_ecc_parse_key (pubkey_algo_t pkalgo, const char *curve, gcry_mpi_t key); -gpg_error_t openpgp_fixup_pubkey_448 (int algo, gcry_mpi_t *p_pubkey); +gpg_error_t openpgp_fixup_key_448 (int algo, gcry_mpi_t *p_pubkey); #endif /*GNUPG_COMMON_OPENPGPDEFS_H*/ diff --git a/g10/export.c b/g10/export.c index 98c4623cf..9453c603a 100644 --- a/g10/export.c +++ b/g10/export.c @@ -532,7 +532,8 @@ exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node) /* Return an error if the key represented by the S-expression S_KEY * and the OpenPGP key represented by PK do not use the same curve. */ static gpg_error_t -match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk) +match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk, + int *r_is_448) { gcry_sexp_t curve = NULL; gcry_sexp_t flags = NULL; @@ -544,6 +545,8 @@ match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk) int is_eddsa = 0; int idx = 0; + *r_is_448 = 0; + if (!(pk->pubkey_algo==PUBKEY_ALGO_ECDH || pk->pubkey_algo==PUBKEY_ALGO_ECDSA || pk->pubkey_algo==PUBKEY_ALGO_EDDSA)) @@ -563,7 +566,12 @@ match_curve_skey_pk (gcry_sexp_t s_key, PKT_public_key *pk) return gpg_error (GPG_ERR_UNKNOWN_CURVE); } if (!strcmp (curve_str, "Ed448")) - is_eddsa = 1; + { + is_eddsa = 1; + *r_is_448 = 1; + } + if (!strcmp (curve_str, "X448")) + *r_is_448 = 1; oidstr = openpgp_curve_to_oid (curve_str, NULL, NULL); if (!oidstr) { @@ -637,6 +645,7 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk) struct seckey_info *ski; int idx, sec_start; gcry_mpi_t pub_params[10] = { NULL }; + int is_448; /* we look for a private-key, then the first element in it tells us the type */ @@ -744,11 +753,15 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk) break; case GCRY_PK_ECC: - err = match_curve_skey_pk (key, pk); + err = match_curve_skey_pk (key, pk, is_448); if (err) goto leave; else err = sexp_extract_param_sos (key, "q", &pub_params[0]); + + if (!err && is_448) + err = openpgp_fixup_key_448 (pk->pubkey_algo, &pub_params[0]); + if (!err && (gcry_mpi_cmp(pk->pkey[1], pub_params[0]))) err = gpg_error (GPG_ERR_BAD_PUBKEY); @@ -760,6 +773,9 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk) gcry_mpi_release (pk->pkey[sec_start]); pk->pkey[sec_start] = NULL; err = sexp_extract_param_sos (key, "d", &pk->pkey[sec_start]); + if (!err && is_448) + err = openpgp_fixup_key_448 (pk->pubkey_algo, + &pk->pkey[sec_start]); } if (!err) diff --git a/g10/keygen.c b/g10/keygen.c index dd008b200..b07d878aa 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1338,7 +1338,7 @@ ecckey_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, int algo) if (openpgp_oid_is_ed448 (array[0]) || openpgp_oid_is_cv448 (array[0])) { - err = openpgp_fixup_pubkey_448 (algo, &array[1]); + err = openpgp_fixup_key_448 (algo, &array[1]); if (err) goto leave; } diff --git a/g10/pkglue.c b/g10/pkglue.c index 4f727aa32..ab77aa916 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -465,7 +465,7 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, s_ciph = NULL; if (openpgp_oid_is_cv448 (pkey[0])) { - rc = openpgp_fixup_pubkey_448 (algo, &public); + rc = openpgp_fixup_key_448 (algo, &public); if (rc) goto leave; } |