aboutsummaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/Makefile.am6
-rw-r--r--tools/gpg-card.c4
-rw-r--r--tools/gpg-pair-tool.c92
-rw-r--r--tools/gpgconf-comp.c2
4 files changed, 25 insertions, 79 deletions
diff --git a/tools/Makefile.am b/tools/Makefile.am
index fb37c05e7..9df9d4c46 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -49,7 +49,7 @@ else
gpg_wks_server =
endif
-libexec_PROGRAMS = gpg-wks-client gpg-pair-tool
+libexec_PROGRAMS = gpg-wks-client
bin_PROGRAMS = gpgconf gpg-connect-agent gpg-card ${symcryptrun}
if !HAVE_W32_SYSTEM
@@ -187,6 +187,8 @@ gpg_wks_client_LDADD = $(libcommon) \
$(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
$(LIBINTL) $(LIBICONV)
+if HAVE_NEWER_LIBGCRYPT
+libexec_PROGRAMS += gpg-pair-tool
gpg_pair_tool_SOURCES = \
gpg-pair-tool.c
@@ -194,7 +196,7 @@ gpg_pair_tool_CFLAGS = $(GPG_ERROR_CFLAGS) $(INCICONV)
gpg_pair_tool_LDADD = $(libcommon) \
$(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
$(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
-
+endif
# Make sure that all libs are build before we use them. This is
# important for things like make -j2.
diff --git a/tools/gpg-card.c b/tools/gpg-card.c
index ddc4d12bf..e9dc8ebfd 100644
--- a/tools/gpg-card.c
+++ b/tools/gpg-card.c
@@ -815,7 +815,7 @@ list_openpgp (card_info_t info, estream_t fp)
print_string (fp, "Language prefs ...: ", info->disp_lang);
tty_fprintf (fp, "Salutation .......: %s\n",
info->disp_sex == 1? _("Mr."):
- info->disp_sex == 2? _("Mrs.") : "");
+ info->disp_sex == 2? _("Ms.") : "");
print_string (fp, "URL of public key : ", info->pubkey_url);
print_string (fp, "Login data .......: ", info->login_data);
if (info->private_do[0])
@@ -1464,7 +1464,7 @@ cmd_salut (card_info_t info, const char *argstr)
str = "9";
else
{
- data = tty_get (_("Salutation (M = Mr., F = Mrs., or space): "));
+ data = tty_get (_("Salutation (M = Mr., F = Ms., or space): "));
trim_spaces (data);
tty_kill_prompt ();
if (*data == CONTROL_D)
diff --git a/tools/gpg-pair-tool.c b/tools/gpg-pair-tool.c
index 9a781def1..4a18b97bd 100644
--- a/tools/gpg-pair-tool.c
+++ b/tools/gpg-pair-tool.c
@@ -1021,50 +1021,31 @@ create_dh_keypair (unsigned char *dh_secret, size_t dh_secret_len,
unsigned char *dh_public, size_t dh_public_len)
{
gpg_error_t err;
- gcry_sexp_t sexp;
- gcry_sexp_t s_keypair;
- gcry_buffer_t secret;
- gcry_buffer_t public;
- unsigned char publicbuf[33];
+ unsigned char *p;
/* We need a temporary buffer for the public key. Check the length
* for the later memcpy. */
- if (dh_public_len < 32)
+ if (dh_public_len < 32 || dh_secret_len < 32)
return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
- secret.size = dh_secret_len;
- secret.data = dh_secret;
- secret.off = 0;
- public.size = sizeof publicbuf;
- public.data = publicbuf;
- public.off = 0;
+ if (gcry_ecc_get_algo_keylen (GCRY_ECC_CURVE25519) > dh_public_len)
+ return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
- err = gcry_sexp_build (&sexp, NULL,
- "(genkey(ecc(curve Curve25519)(flags djb-tweak)))");
- if (err)
- return err;
- err = gcry_pk_genkey (&s_keypair, sexp);
- gcry_sexp_release (sexp);
- if (err)
- return err;
- err = gcry_sexp_extract_param (s_keypair, "key-data!private-key",
- "&dq", &secret, &public, NULL);
- gcry_sexp_release (s_keypair);
+ p = gcry_random_bytes (32, GCRY_VERY_STRONG_RANDOM);
+ if (!p)
+ return gpg_error_from_syserror ();
+
+ memcpy (dh_secret, p, 32);
+ xfree (p);
+
+ err = gcry_ecc_mul_point (GCRY_ECC_CURVE25519, dh_public, dh_secret, NULL);
if (err)
return err;
- /* Gcrypt prepends a 0x40 indicator - remove that. */
- if (public.len == 33)
- {
- public.len = 32;
- memmove (public.data, publicbuf+1, 32);
- }
- memcpy (dh_public, public.data, public.len);
-
if (DBG_CRYPTO)
{
- log_printhex (secret.data, secret.len, "DH secret:");
- log_printhex (public.data, public.len, "DH public:");
+ log_printhex (dh_secret, 32, "DH secret:");
+ log_printhex (dh_public, 32, "DH public:");
}
return 0;
@@ -1189,52 +1170,15 @@ compute_master_secret (unsigned char *master, size_t masterlen,
const unsigned char *pk_b, size_t pk_b_len)
{
gpg_error_t err;
- gcry_sexp_t s_sk_a = NULL;
- gcry_sexp_t s_pk_b = NULL;
- gcry_sexp_t s_shared = NULL;
- gcry_sexp_t s_tmp;
- const char *s;
- size_t n;
log_assert (masterlen == 32);
+ log_assert (sk_a_len == 32);
+ log_assert (pk_b_len == 32);
- err = gcry_sexp_build (&s_sk_a, NULL, "%b", (int)sk_a_len, sk_a);
- if (!err)
- err = gcry_sexp_build (&s_pk_b, NULL,
- "(public-key(ecdh(curve Curve25519)"
- " (flags djb-tweak)(q%b)))",
- (int)pk_b_len, pk_b);
- if (err)
- {
- log_error ("error building S-expression: %s\n", gpg_strerror (err));
- goto leave;
- }
-
- err = gcry_pk_encrypt (&s_shared, s_sk_a, s_pk_b);
+ err = gcry_ecc_mul_point (GCRY_ECC_CURVE25519, master, sk_a, pk_b);
if (err)
- {
- log_error ("error computing DH: %s\n", gpg_strerror (err));
- goto leave;
- }
- /* gcry_log_debugsxp ("sk_a", s_sk_a); */
- /* gcry_log_debugsxp ("pk_b", s_pk_b); */
- /* gcry_log_debugsxp ("shared", s_shared); */
+ log_error ("error computing DH: %s\n", gpg_strerror (err));
- s_tmp = gcry_sexp_find_token (s_shared, "s", 0);
- if (!s_tmp || !(s = gcry_sexp_nth_data (s_tmp, 1, &n))
- || n != 33 || s[0] != 0x40)
- {
- err = gpg_error (GPG_ERR_INTERNAL);
- log_error ("error computing DH: %s\n", gpg_strerror (err));
- goto leave;
- }
- memcpy (master, s+1, 32);
-
-
- leave:
- gcry_sexp_release (s_sk_a);
- gcry_sexp_release (s_pk_b);
- gcry_sexp_release (s_shared);
return err;
}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 628ca358f..e6dc91d21 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -1283,7 +1283,7 @@ gc_component_launch (int component)
gc_component[component].name);
if (!opt.quiet)
log_info (_("Note: Use the command \"%s%s\" to get details.\n"),
- "gpgconf --check-options ", gc_component[component].name);
+ gc_component[component].name, " --gpgconf-test");
gpgconf_failure (0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 05:15:46 +0000