aboutsummaryrefslogtreecommitdiffstats
path: root/agent/pksign.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd: fix for 64-bit arch.NIIBE Yutaka2015-03-091-2/+3
| | | | | | | | | | * agent/pksign.c (agent_pksign_do): Use int. * scd/app-openpgp.c (get_public_key): Likewise. -- On 64-bit architecture, int and size_t might be different. For the first argument for '%b', int is expected.
* Change a couple of files to use abbreviated copyright notes.Werner Koch2014-11-041-2/+2
| | | | | | | | | -- Also fixed some of my own copyright notices due to the termination of my assignment. The one displayed by --version is kept at FSF because we had contributors in 2014 with FSF assignments and it gives the FSF some visibility.
* agent: Init a local variable in the error case.Werner Koch2014-09-181-1/+3
| | | | * agent/pksign.c (do_encode_md): Init HASH on error.
* agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.Werner Koch2014-08-181-1/+2
| | | | | | * agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY. * agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY. * agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
* agent: Support EdDSA.NIIBE Yutaka2014-04-081-5/+16
| | | | * agent/pksign.c (agent_pksign_do): Handle EdDSA signature.
* agent: Cleanups to prepare implementation of Ed25519.Werner Koch2014-03-221-14/+27
| | | | | | | | | | | | * agent/cvt-openpgp.c: Remove. (convert_to_openpgp): Use gcry_sexp_extract_param. * agent/findkey.c (is_eddsa): New. (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA. * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and OVERRIDEDATALEN. * common/ssh-utils.c (is_eddsa): New. (get_fingerprint): Take care or EdDSA.
* agent: API change of agent_key_from_file.NIIBE Yutaka2014-03-111-16/+5
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Always return S-expression. * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO. (cmd_export_key): Likewise. Free SHADOW_INFO. (cmd_keytocard): Likewise. Release S_SKEY. * agent/pkdecrypt.c (agent_pkdecrypt): Likewise. * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to know the key type. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.Werner Koch2014-01-301-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a string. * g10/keygen.c (check_keygrip): Adjust for change. * sm/certreqgen-ui.c (check_keygrip): Likewise. * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry. * g10/misc.c (map_pk_openpgp_to_gcry): Remove. (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2. (openpgp_pk_test_algo2): Rewrite. (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA. (openpgp_pk_algo_name): Rewrite to remove need for gcry calls. (pubkey_get_npkey, pubkey_get_nskey): Ditto. (pubkey_get_nsig, pubkey_get_nenc): Ditto. * g10/keygen.c(do_create_from_keygrip): Support EdDSA. (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto. * g10/build-packet.c (do_key): Ditto. * g10/export.c (transfer_format_to_openpgp): Ditto. * g10/getkey.c (cache_public_key): Ditto. * g10/import.c (transfer_secret_keys): Ditto. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. * g10/mainproc.c (proc_pubkey_enc): Ditto. * g10/parse-packet.c (parse_key): Ditto, * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto. * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name. * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only OpenPGP algo ids and support EdDSA. * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids. * g10/seskey.c (encode_md_value): Ditto. -- This patch separates Libgcrypt and OpenPGP public key algorithms ids and in most cases completely removes the Libgcrypt ones. This is useful because for Libgcrypt we specify the algorithm in the S-expressions and the public key ids are not anymore needed. This patch also adds some support for PUBKEY_ALGO_EDDSA which will eventually be used instead of merging EdDSA with ECDSA. As of now an experimental algorithm id is used but the plan is to write an I-D so that we can get a new id from the IETF. Note that EdDSA (Ed25519) does not yet work and that more changes are required. The ECC support is still broken right now. Needs to be fixed. Signed-off-by: Werner Koch <[email protected]>
* gpg: Rework ECC support and add experimental support for Ed25519.Werner Koch2013-11-151-9/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc". (agent_is_dsa_key): Ditto. (agent_is_eddsa_key): New. Not finished, though. * agent/pksign.c (do_encode_eddsa): New. (agent_pksign_do): Use gcry_log_debug functions. * agent/protect.c (agent_protect): Parse a flags parameter. * g10/keygen.c (gpg_curve_to_oid): Move to ... * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename. (oid_ed25519): New. (openpgp_oid_is_ed25519): New. (openpgp_oid_to_curve): New. * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New. * g10/build-packet.c (gpg_mpi_write): Write the length header also for opaque MPIs. (gpg_mpi_write_nohdr): New. (do_key): Use gpg_mpi_write_nohdr depending on algorithm. (do_pubkey_enc): Ditto. * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use gpg_mpi_write_nohdr. * g10/export.c (transfer_format_to_openpgp): * g10/keygen.c (ecckey_from_sexp): Return the error. (gen_ecc): Repalce arg NBITS by CURVE. (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve". (ask_curve): New. (generate_keypair, generate_subkeypair): Use ask_curve. (do_generate_keypair): Also pass curve name. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print curve name. * g10/parse-packet.c (mpi_read): Remove workaround for Libcgrypt < 1.5. (parse_key): Fix ECC case. Print the curve name. * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp. (pk_verify, pk_check_secret_key): Add special case for Ed25519. * g10/seskey.c (encode_md_value): Ditto. * g10/sign.c (do_sign, hash_for, sign_file): Ditto. -- Be warned that this code is subject to further changes and that the format will very likely change before a release. There are also known bugs and missing code. Signed-off-by: Werner Koch <[email protected]>
* Require Libgcrypt 1.6Werner Koch2013-11-151-26/+5
| | | | | | | | | | * agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check -- Now that we have decided on a release plan for Libgcrypt 1.6 and given all the improvements it makes more sense to make use of these improvements than to clutter the GnuPG code with workarounds for older Libgcrypt versions.
* Switch to deterministic DSA.Werner Koch2013-09-081-5/+35
| | | | | | | | | | | | | | | | | | * agent/pksign.c (rfc6979_hash_algo_string): New. (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979. -- Now that we have a good (and not NSA/NIST demanded ;-) specification on how to use DSA without a random nonce, we take advantage of it and thus avoid pitfalls related to a misbehaving RNG during signature creation. Note that OpenPGP has the option of using a longer hash algorithm but truncated to what is suitable for the used DSA key size. The hash used as input to RFC-6979 will also be one with an appropriate digest length but not a truncated one. This is allowed by RFC-6979. Signed-off-by: Werner Koch <[email protected]>
* agent: pksign result conversion to sexp to upper layer.NIIBE Yutaka2013-02-281-6/+86
| | | | | | | | | | | * agent/agent.h (divert_pksign): Add R_SIGLEN argument. * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN. * agent/call-scd.c (agent_card_pksign): Move composition of S-expression to... * agent/pksign.c (agent_pksign_do): ... here. -- Composing S-expression would be better to be done by SCDaemon.
* Fix ECDSA 521 bit signing.Werner Koch2011-02-071-1/+3
| | | | | This fix also allows the creation and use of an 521 bit ECDH key which used to fail while creating the binding signature.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-18/+18
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Make most of the selftests work.Werner Koch2011-01-211-15/+18
| | | | | Note that there is still a problem with tests/openpgp/sigs.test while using the option --digest-algo SHA256.
* Fixed key generation with P-521. Confirmed that signature generation and ↵Andrey Jivsov2011-01-131-7/+15
| | | | verification work.
* More agent support for gpg.Werner Koch2010-10-131-2/+0
|
* Exporting secret keys via gpg-agent is now basically supported.Werner Koch2010-10-011-1/+3
| | | | | | A couple of forward ported changes. Doc updates.
* s/CACHE_MODE_IMPGEN/CACHE_MODE_NONCE/.Werner Koch2010-09-011-6/+10
| | | | | Prepare for more use cases of the cache nonce.
* Import OpenPGP keys into the agent.Werner Koch2010-08-311-6/+20
|
* More changes on the way to remove secring.gpg.Werner Koch2010-04-211-2/+106
|
* Fix bug #1053Werner Koch2009-05-151-4/+7
| | | | | Add option --qualitybar to command GET_PASSPHRASE.
* Remove hacks which are not anymore needed since we now require Libgcrypt 1.4Werner Koch2008-09-291-1/+1
|
* Support the Certifciate DO of the v2 OpenPGP cards.Werner Koch2008-09-231-1/+1
|
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Add TLS hash modeWerner Koch2006-10-061-8/+63
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* gcc-4 defaults forced me to edit many many files to get rid of theWerner Koch2005-06-161-1/+1
| | | | | | | char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
* New debugging optionhs, updates to the manual.Werner Koch2005-06-071-9/+9
|
* * call-scd.c (init_membuf, put_membuf, get_membuf): Removed. WeWerner Koch2004-12-201-5/+3
| | | | | | | | | | | | | | | now use the identical implementation from ../common/membuf.c. * pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use membuf functions to return the value. * pkdecrypt.c (agent_pkdecrypt): Ditto. * genkey.c (agent_genkey): Ditto. * command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced assuan_get_data_fp() by a the membuf scheme. (clear_outbuf, write_and_clear_outbuf): New. * membuf.c (put_membuf): Wipe out buffer after a failed realloc.
* 2004-09-25 Moritz Schulte <[email protected]>Moritz Schulte2004-09-261-40/+96
| | | | | | | | | | | | | | * agent.h: Declare: agent_pksign_do. (struct server_control_s): New member: raw_value. * pksign.c (do_encode_md): New argument: raw_value; support generation of raw (non-pkcs1) data objects; adjust callers. (agent_pksign_do): New function, based on code ripped out from agent_pksign. (agent_pksign): Use agent_pksign_do. * command.c (start_command_handler): Set ctrl.digest.raw_value.
* * protect-tool.c (main): Setup the used character set.Werner Koch2004-02-181-20/+8
| | | | | | | | * gpg-agent.c (main): Ditto. * gpg-agent.c (set_debug): New. New option --debug-level. (main): New option --gpgconf-list.
* * command.c (cmd_setkeydesc): New.Werner Koch2004-02-131-2/+2
| | | | | | | | | | | | (register_commands): Add command SETKEYDESC. (cmd_pksign, cmd_pkdecrypt): Use the key description. (reset_notify): Reset the description. * findkey.c (unprotect): Add arg DESC_TEXT. (agent_key_from_file): Ditto. * pksign.c (agent_pksign): Ditto. * pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an unsigned char*.
* * findkey.c (agent_key_from_file): Now return an error code soWerner Koch2004-01-161-4/+3
| | | | | | | | | that we have more detailed error messages in the upper layers. This fixes the handling pinentry's cancel button. * pksign.c (agent_pksign): Changed accordingly. * pkdecrypt.c (agent_pkdecrypt): Ditto. * command.c (cmd_passwd): Ditto.
* Mainly changes to adjust for the changed KSBA API.Werner Koch2003-11-121-2/+3
|
* * configure.ac (HAVE_LIBUSB): Added a simple test for libusb.Werner Koch2003-09-021-0/+4
| | | | | | | | * scdaemon.c, scdaemon.h: New option --pcsc-ccid. * ccid-driver.c, ccid-driver.h: New but far from being useful. * Makefile.am: Add above. * apdu.c: Add support for that ccid driver.
* 2003-08-20 Timo Schulz <[email protected]>Timo Schulz2003-08-201-2/+2
| | | | | | * pksign.c (do_encode_md): Allocate enough space. Cast md byte to unsigned char to prevent sign extension.
* Forgot to remove the unsued variable.Timo Schulz2003-08-141-2/+0
|
* 2003-08-14 Timo Schulz <[email protected]>Timo Schulz2003-08-141-47/+22
| | | | | | * pksign.c: do_encode_md: Due to the fact pkcs#1 padding is now in Libgcrypt, use the new interface.
* This commit was manufactured by cvs2svn to create branchRepo Admin2003-08-051-0/+185
| | | | 'GNUPG-1-9-BRANCH'.
* This commit was manufactured by cvs2svn to create branchRepo Admin2002-10-191-183/+0
| | | | 'GNUPG-1-9-BRANCH'.
* Minor fixesWerner Koch2002-08-091-2/+2
|
* Signing using a PKCS15 smartcard does work. How to create such a cardWerner Koch2002-03-051-24/+33
| | | | | | is of course a different thing. Note, that you need to create the shadowed-private-key file manually.
* * pksign.c (agent_pksign): Detect whether a Smartcard is to beWerner Koch2002-03-041-1/+1
| | | | | | | | | | | | used and divert the operation in this case. * pkdecrypt.c (agent_pkdecrypt): Likewise * findkey.c (agent_key_from_file): Add optional arg shadow_info and have it return information about a shadowed key. * protect.c (agent_get_shadow_info): New. * protect.c (snext,sskip,smatch): Moved to * sexp-parse.h: new file. * divert-scd.c: New.
* Changes needed to support smartcards. Well, only _support_. There isWerner Koch2002-02-281-18/+30
| | | | | no real code yet.
* Added decryption, some code cleanupWerner Koch2001-12-051-79/+35
|
* The agent does now work and read the secret keys from the directoryWerner Koch2001-11-251-35/+69
| | | | | | ~/.gnupg-test/private-keys-v1.d/<keygrip-as-20-byte-hex-number>. I will post a sample key to gpa-dev.
* As promised a agent which already does some things. Not very usefulWerner Koch2001-11-251-3/+136
| | | | | yet but may be of help for using it in ther contexts.
* Friedman is setting up his deskWerner Koch2001-11-241-0/+39
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 16:15:57 +0000