diff options
| author | Andrey Jivsov <[email protected]> | 2011-01-06 01:33:17 +0000 |
|---|---|---|
| committer | Andrey Jivsov <[email protected]> | 2011-01-06 01:33:17 +0000 |
| commit | e0972d3d962548972872d889b362560e499340d1 (patch) | |
| tree | 26c597a42968ecef26bb7c36b9850b26cb17ebf5 /agent | |
| parent | Make sure that --disable-optimization works in its attempt to replace -Ox wit... (diff) | |
| download | gnupg-e0972d3d962548972872d889b362560e499340d1.tar.gz gnupg-e0972d3d962548972872d889b362560e499340d1.zip | |
Integrating http://code.google.com/p/gnupg-ecc/source/detail?r=15 .
The following works:
gpg2 --gen-key (ECC)
gpg2 --list-keys
gpg2 --list-packets ~/.gnupg/pubring.gpg
gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>
ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/cvt-openpgp.c | 54 | ||||
| -rw-r--r-- | agent/findkey.c | 10 | ||||
| -rw-r--r-- | agent/protect.c | 35 |
3 files changed, 83 insertions, 16 deletions
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index e6a14c436..3dba79ebd 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -27,6 +27,7 @@ #include "agent.h" #include "i18n.h" #include "cvt-openpgp.h" +#include "../include/cipher.h" /* for PUBKEY_ALGO_ECDSA, PUBKEY_ALGO_ECDH */ /* Helper to pass data via the callback to do_unprotect. */ @@ -49,7 +50,12 @@ struct try_do_unprotect_arg_s gcry_sexp_t *r_key; }; - +/* TODO: it is also in misc, which is not linked with the agent */ +static int +map_pk_openpgp_to_gcry (int algo) +{ + return (algo==PUBKEY_ALGO_ECDSA ? GCRY_PK_ECDSA : (algo==PUBKEY_ALGO_ECDH ? GCRY_PK_ECDH : algo)); +} /* Compute the keygrip from the public key and store it at GRIP. */ static gpg_error_t @@ -80,6 +86,12 @@ get_keygrip (int pubkey_algo, gcry_mpi_t *pkey, unsigned char *grip) "(public-key(rsa(n%m)(e%m)))", pkey[0], pkey[1]); break; + case GCRY_PK_ECDSA: + case GCRY_PK_ECDH: + err = gcry_sexp_build (&s_pkey, NULL, + "(public-key(ecc(c%m)(q%m)))", pkey[0], pkey[1]); + break; + default: err = gpg_error (GPG_ERR_PUBKEY_ALGO); break; @@ -94,7 +106,9 @@ get_keygrip (int pubkey_algo, gcry_mpi_t *pkey, unsigned char *grip) /* Convert a secret key given as algorithm id and an array of key - parameters into our s-expression based format. */ + parameters into our s-expression based format. + pubkey_algo is a libgcrypt ID + */ static gpg_error_t convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey) { @@ -103,6 +117,8 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey) *r_key = NULL; + pubkey_algo = map_pk_openpgp_to_gcry( pubkey_algo ); + switch (pubkey_algo) { case GCRY_PK_DSA: @@ -128,6 +144,18 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey) skey[5]); break; + case GCRY_PK_ECDSA: + err = gcry_sexp_build (&s_skey, NULL, + "(private-key(ecdsa(c%m)(q%m)(d%m)))", + skey[0], skey[1], skey[2]); + break; + + case GCRY_PK_ECDH: + err = gcry_sexp_build (&s_skey, NULL, + "(private-key(ecdh(c%m)(q%m)(p%m)(d%m)))", + skey[0], skey[1], skey[2], skey[3]); + break; + default: err = gpg_error (GPG_ERR_PUBKEY_ALGO); break; @@ -202,6 +230,10 @@ do_unprotect (const char *passphrase, *r_key = NULL; + /* Unfortunately, the OpenPGP PK algorithm numbers need to be re-mapped for Libgcrypt + */ + pubkey_algo = map_pk_openpgp_to_gcry( pubkey_algo ); + /* Count the actual number of MPIs is in the array and set the remainder to NULL for easier processing later on. */ for (skeylen = 0; skey[skeylen]; skeylen++) @@ -219,9 +251,6 @@ do_unprotect (const char *passphrase, if (gcry_pk_test_algo (pubkey_algo)) { - /* The algorithm numbers are Libgcrypt numbers but fortunately - the OpenPGP algorithm numbers map one-to-one to the Libgcrypt - numbers. */ log_info (_("public key algorithm %d (%s) is not supported\n"), pubkey_algo, gcry_pk_algo_name (pubkey_algo)); return gpg_error (GPG_ERR_PUBKEY_ALGO); @@ -632,7 +661,7 @@ convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, string = gcry_sexp_nth_string (list, 1); if (!string) goto bad_seckey; - pubkey_algo = gcry_pk_map_name (string); + pubkey_algo = gcry_pk_map_name (string); /* ligcrypt IDs */ xfree (string); if (gcry_pk_algo_info (pubkey_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey) @@ -999,6 +1028,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, } algo = gcry_pk_map_name (name); + log_debug ( "convert to openpgp begin for algo=%s\n", name ); xfree (name); switch (algo) @@ -1007,7 +1037,8 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, case GCRY_PK_ELG: algoname = "elg"; npkey = 3; elems = "pgyx"; break; case GCRY_PK_ELG_E: algoname = "elg"; npkey = 3; elems = "pgyx"; break; case GCRY_PK_DSA: algoname = "dsa"; npkey = 4; elems = "pqgyx"; break; - case GCRY_PK_ECDSA: algoname = "ecdsa"; npkey = 6; elems = "pabgnqd"; break; + case GCRY_PK_ECDSA: algoname = "ecdsa"; npkey = 2; elems = "cqd"; break; + case GCRY_PK_ECDH: algoname = "ecdh"; npkey = 3; elems = "cqpd"; break; default: algoname = ""; npkey = 0; elems = NULL; break; } assert (!elems || strlen (elems) < DIM (array) ); @@ -1027,6 +1058,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, err = apply_protection (array, npkey, nskey, passphrase, GCRY_CIPHER_AES, protect_iv, sizeof protect_iv, 3, GCRY_MD_SHA1, salt, s2k_count); + ///log_debug ( "convert to openpgp: after applying protection, err = %d\n", err ); /* Turn it into the transfer key S-expression. Note that we always return a protected key. */ if (!err) @@ -1037,7 +1069,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, int format_args_buf_int[1]; void *format_args[10+2]; size_t n; - gcry_sexp_t tmpkey, tmpsexp; + gcry_sexp_t tmpkey, tmpsexp = NULL; snprintf (countbuf, sizeof countbuf, "%lu", s2k_count); @@ -1056,6 +1088,8 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, put_membuf_str (&mbuf, ")\n"); put_membuf (&mbuf, "", 1); + ///log_debug ( "convert to openpgp: calling gcry_sexp_build\n" ); + tmpkey = NULL; { char *format = get_membuf (&mbuf, NULL); @@ -1065,6 +1099,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, err = gcry_sexp_build_array (&tmpkey, NULL, format, format_args); xfree (format); } + ///log_debug ( "convert to openpgp: calling gcry_sexp_build before err=%d\n", err ); if (!err) err = gcry_sexp_build (&tmpsexp, NULL, "(openpgp-private-key\n" @@ -1077,6 +1112,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, (int)sizeof protect_iv, protect_iv, (int)sizeof salt, salt, countbuf); + ///log_debug ( "convert to openpgp: after gcry_sexp_build, err = %d\n", err ); gcry_sexp_release (tmpkey); if (!err) err = make_canon_sexp_pad (tmpsexp, 0, r_transferkey, r_transferkeylen); @@ -1085,6 +1121,8 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, for (i=0; i < DIM (array); i++) gcry_mpi_release (array[i]); + + log_debug ( "convert to openpgp end with err=%d\n", err ); return err; } diff --git a/agent/findkey.c b/agent/findkey.c index 91fb8c14c..02e938e6e 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -726,6 +726,16 @@ key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list, algoname = "dsa"; elems = "pqgy"; } + else if (n==5 && !memcmp (name, "ecdsa", 5)) + { + algoname = "ecdsa"; + elems = "cq"; + } + else if (n==4 && !memcmp (name, "ecdh", 4)) + { + algoname = "ecdh"; + elems = "cqp"; + } else if (n==3 && !memcmp (name, "elg", 3)) { algoname = "elg"; diff --git a/agent/protect.c b/agent/protect.c index 795d06231..d14665363 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -52,6 +52,8 @@ static struct { { "rsa", "nedpqu", 2, 5 }, { "dsa", "pqgyx", 4, 4 }, { "elg", "pgyx", 3, 3 }, + { "ecdsa","cqd", 2, 2 }, + { "ecdh", "cqpd", 3, 3 }, { NULL } }; @@ -426,6 +428,9 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char *p; gcry_md_hd_t md; + if (opt.debug & DBG_CRYPTO_VALUE) + log_info ("Protecting key=%s, passphrase=%s\n", plainkey, passphrase); + /* Create an S-expression with the protected-at timestamp. */ memcpy (timestamp_exp, "(12:protected-at15:", 19); gnupg_get_isotime (timestamp_exp+19); @@ -454,37 +459,51 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, for (infidx=0; protect_info[infidx].algo && !smatch (&s, n, protect_info[infidx].algo); infidx++) ; - if (!protect_info[infidx].algo) + if (!protect_info[infidx].algo) { + log_info ("Unsupported alg %d for protection\n", protect_info[infidx].algo); return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + } prot_begin = prot_end = NULL; for (i=0; (c=protect_info[infidx].parmlist[i]); i++) { if (i == protect_info[infidx].prot_from) prot_begin = s; - if (*s != '(') + if (*s != '(') { + log_info ("Unbalanced bracket in S-expression #1\n"); return gpg_error (GPG_ERR_INV_SEXP); + } depth++; s++; n = snext (&s); - if (!n) + if (!n) { + log_info ("Cannot get the length of S-expression field\n"); return gpg_error (GPG_ERR_INV_SEXP); - if (n != 1 || c != *s) + } + if (n != 1 || c != *s) { + log_info ("Invalid length in S-expression field\n"); return gpg_error (GPG_ERR_INV_SEXP); - s += n; + } + s += n; n = snext (&s); - if (!n) + if (!n) { + log_info ("Invalid fieled in S-expression field\n"); return gpg_error (GPG_ERR_INV_SEXP); + } s +=n; /* skip value */ - if (*s != ')') + if (*s != ')') { + log_info ("Unbalanced bracket in S-expression #2\n"); return gpg_error (GPG_ERR_INV_SEXP); + } depth--; if (i == protect_info[infidx].prot_to) prot_end = s; s++; } - if (*s != ')' || !prot_begin || !prot_end ) + if (*s != ')' || !prot_begin || !prot_end ) { + log_info ("Unbalanced bracket in S-expression #3\n"); return gpg_error (GPG_ERR_INV_SEXP); + } depth--; hash_end = s; s++; |