aboutsummaryrefslogtreecommitdiffstats
path: root/sm (follow)
Commit message (Collapse)AuthorAgeFilesLines
* g10,sm: Use gnupg_access at two more placesWerner Koch2020-10-261-1/+1
| | | | --
* Replace most calls to open by a new wrapper.Werner Koch2020-10-201-1/+1
| | | | | | | | | | | | * common/sysutils.c (any8bitchar) [W32]: New. (gnupg_open): New. Replace most calls to open by this. * common/iobuf.c (any8bitchar) [W32]: New. (direct_open) [W32]: Use CreateFileW if needed. -- This is yet another step for full Unicode support on Windows. GnuPG-bug-id: 5098
* Replace most of the remaining stdio calls by estream calls.Werner Koch2020-10-203-26/+28
| | | | | | | | | | | | -- We need to use es_fopen on Windows to cope with non-ascii file names. This is quite a large but fortunately straightforward change. At a very few places we keep using stdio (for example due to the use of popen). GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* Replace all calls to access by gnupg_accessWerner Koch2020-10-202-5/+6
| | | | | | | | | | | | | | | | * common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
* gpgsm: Fix detection of too old keyboxd.Werner Koch2020-10-051-3/+4
| | | | | * sm/keydb.c (warn_version_mismatch): Add arg ctrl and pass on. (create_new_context): Pass ctrl to warn function.
* sm: Fix returning of the ephemeral flag in keyboxd mode.Werner Koch2020-09-221-6/+8
| | | | * sm/keydb.c (search_status_cb): Skip over the ubid.
* sm: Implement delete key in keyboxd modeWerner Koch2020-09-212-5/+29
| | | | | | | | | * sm/keydb.c (keydb_delete): Implement keyboxd mode. (keydb_update_cert): Disable unused function. * kbx/backend-sqlite.c (be_sqlite_delete): Delete from issuer. -- Signed-off-by: Werner Koch <[email protected]>
* sm: Implement initial support for keyboxd.Werner Koch2020-09-1010-91/+382
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (MAX_FINGERPRINT_LEN): New. * sm/keydb.c (struct keydb_local_s): Change definition of search_result. (keydb_get_cert): Implement keyboxd mode. (keydb_get_flags): Temporary hack for keyboxd mode. Needs to be fixed. (struct store_parm_s, store_inq_cb): New. (keydb_insert_cert): Implement keyboxd mode. (keydb_locate_writable): Make static. (keydb_search_reset): Implement keyboxd mode. (search_status_cb): New. (keydb_search): Implement keyboxd mode. Replace return code -1 by GPG_ERR_NOT_FOUND. (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND. * sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by GPG_ERR_NOT_FOUND. (list_internal_keys): Ditto. * sm/sign.c (add_certificate_list): Ditto. * sm/certchain.c (find_up_search_by_keyid): Ditto. (find_up_external, find_up, find_up_dirmngr): Ditto. (gpgsm_walk_cert_chain): Ditto. (get_regtp_ca_info): Ditto. * sm/certlist.c (gpgsm_add_to_certlist): Ditto. (gpgsm_find_cert): Ditto. * sm/delete.c (delete_one): Ditto. * sm/export.c (gpgsm_export): Ditto. (gpgsm_p12_export): Ditto. * sm/import.c (gpgsm_import_files): Ditto. -- Note that keyboxd is not yet able to handle the ephemeral flag. This needs fixing here and in keyboxd. Delete et al. is also not yet implemented. A basic key listing works, though. Signed-off-by: Werner Koch <[email protected]>
* keyboxd: Use D-lines instead of a separate thread.Werner Koch2020-09-101-1/+1
| | | | | | | | | | | | | | | * kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'. * g10/call-keyboxd.c (open_context): Set DLINES to true. * sm/keydb.c (open_context): Ditto. -- This allows to compile time switch between the D-line and the fd-passing data communication between gpg/gpgsm and keyboxd. A quick test with about 3000 OpenPGP keys showed that D-lines are only 10% slower than the fd-passing based implementation. Given that the thread adds extra complexity we go for now with the D-line approach. Signed-off-by: Werner Koch <[email protected]>
* kbx: Change X.509 S/N search definition.Werner Koch2020-09-091-8/+4
| | | | | | | | | | | * kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload SNLLEN with a hex flag. Add SNHEX. * kbx/keybox-search.c (keybox_search): Adjust. * common/userids.c (classify_user_id): Adjust. * sm/keydb.c (keydb_search_desc_dump): Adjust. * g10/keydb.c (keydb_search_desc_dump): Adjust. Signed-off-by: Werner Koch <[email protected]>
* sm: New options to prepare the use of keyboxd.Werner Koch2020-09-036-81/+423
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/Makefile.am (AM_CFLAGS): Add npth flags. (common_libs): Use npth version of the lib. (gpgsm_LDADD): Add npth libs. * sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New. (opts): New options --use-keyboxd and --keyboxd-program. (main): Set them. (gpgsm_deinit_default_ctrl): New. (main): Call it. * sm/server.c (gpgsm_server): Ditto. * sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program. (keydb_local_s): New type. (struct server_control_s): Add field keybd_local. * sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h. (struct keydb_local_s): New. (struct keydb_handle): Add fields for keyboxd use. (gpgsm_keydb_deinit_session_data): New. (warn_version_mismatch): New. (create_new_context): New. (open_context): New. (keydb_new): Implement keyboxd mode. (keydb_release): Ditto. (keydb_get_resource_name): Ditto. * sm/keydb.c: Add stub support for all other functions. Signed-off-by: Werner Koch <[email protected]>
* sm: Add arg ctrl to keydb_new.Werner Koch2020-09-0313-22/+24
| | | | | | | * sm/keydb.c (keydb_new): Add arg and change all callers. -- This will be used later.
* Use only one copy of the warn_server_mismatch function.Werner Koch2020-09-012-67/+6
| | | | | | | | | | | | | | | | | * common/asshelp.c (warn_server_version_mismatch): New. Actually a slightly modified version of warn_version_mismatch found in other modules. * common/status.c (gnupg_status_strings): New. * g10/cpr.c (write_status_strings2): New. * g10/call-agent.c (warn_version_mismatch): Use the new unified warn_server_version_mismatch function. * g10/call-dirmngr.c (warn_version_mismatch): Ditto. * g10/call-keyboxd.c (warn_version_mismatch): Ditto. * sm/call-agent.c (warn_version_mismatch): Ditto. * sm/call-dirmngr.c (warn_version_mismatch): Ditto. * tools/card-call-scd.c (warn_version_mismatch): Ditto. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix a bug in the rfc2253 parserWerner Koch2020-08-281-1/+1
| | | | | | | | | | | | | * sm/certdump.c (parse_dn_part): Fix parser flaw. -- This could in theory result in reading bytes after a after Nul in a string and thus possible segv on unallocated memory or reading other parts of the memory. However, it is harmless because the rfc2253 strings have been constructed by libksba. GnuPG-bug-id: 5037 Signed-off-by: Werner Koch <[email protected]>
* sm: Do not require a default keyring for --gpgconf-list.Werner Koch2020-08-251-0/+1
| | | | | | | | * sm/gpgsm.c (main): No default keyring for gpgconf mode. -- GnuPG-bug-id: 4867 Signed-off-by: Werner Koch <[email protected]>
* build: New configure option --disable-testsWerner Koch2020-08-201-0/+4
| | | | | | | | * configure.ac: Add option --disable-tests. Print warnings in the summary. (DISABLE_TESTS): New am_conditional. -- GnuPG-bug-id: 4960
* gpg,gpgsm: Record the creation time of a private key.Werner Koch2020-08-191-3/+11
| | | | | | | | | | | | | | | | | * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. (gpgsm_agent_import_key): Ditto. * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. (agent_import_key): Ditto. * g10/import.c (transfer_secret_keys): Pass the creation date to the agent. * g10/keygen.c (common_gen): Ditto. -- Having the creation time in the private key file makes it a lot easier to re-create an OpenPGP public keyblock in case it was accidentally lost. Signed-off-by: Werner Koch <[email protected]>
* Silence compiler warnings.NIIBE Yutaka2020-08-191-1/+1
| | | | | | | | | | * common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum conversion. * dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from int to float. * sm/gpgsm.c (parse_keyserver_line): Initialize ERR. Signed-off-by: NIIBE Yutaka <[email protected]>
* Add --chuid to gpg, gpg-card, and gpg-connect-agent.Werner Koch2020-08-141-6/+10
| | | | | | | | | | | | | | | | | | | * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <[email protected]>
* gpgsm: New option --chuid.Werner Koch2020-08-061-1/+12
| | | | | | | | | | * sm/gpgsm.c (oChUid, opts): New option --chuid. (main): Implement option. -- This option will at least be useful for Scute. Signed-off-by: Werner Koch <[email protected]>
* sm: Also show the SHA-256 fingerprint.Werner Koch2020-08-041-1/+13
| | | | | | | | * sm/keylist.c (list_cert_colon): Emit a new "fp2" record. (list_cert_raw): Print the SHA2 fingerprint. (list_cert_std): Ditto. Signed-off-by: Werner Koch <[email protected]>
* w32: Add NETLIBS for sm/t-minip12.NIIBE Yutaka2020-07-301-1/+1
| | | | | | | | | * sm/Makefile.am (t_minip12_LDADD): Add NETLIBS. -- GnuPG-bug-id: 4944 Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Add link to $(NETLIB) for -lws2_32.NIIBE Yutaka2020-07-301-1/+1
| | | | | | | | | | | * dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS). * sm/Makefile.am (gpgsm_LDADD): Ditto. * tools/Makefile.am (gpg_wks_client_LDADD): Ditto. -- GnuPG-bug-id: 4994 Signed-off-by: NIIBE Yutaka <[email protected]>
* Do not use the pinentry's qualitybarWerner Koch2020-07-081-1/+1
| | | | | | | | | | | | | | | | * agent/genkey.c (agent_ask_new_passphrase): No qualitybar. * g10/call-agent.c (agent_get_passphrase): Ditto. * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. -- The concept of a passphrase quality indicator is anyway questionable because user are smart enough to trick them out and they also tend to limit the actually used entropy. Except for the red/green switching (to show whether constraints are fulfilled) our qualitybar is pretty bad and thus worse than none. Signed-off-by: Werner Koch <[email protected]>
* gpgsm: Replace all assert calls by log_assert.Werner Koch2020-07-0819-44/+29
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* sm: Exclude rsaPSS from de-vs compliance mode.Werner Koch2020-07-038-76/+145
| | | | | | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix regression in Friday's commitWerner Koch2020-06-291-2/+2
| | | | | | | | * sm/gpgsm.c (main): Set ERR also for encrypt. -- Fixes-commit: ccbb0cfeefed096a9841b6557d10eef12d55b721 Signed-off-by: Werner Koch <[email protected]>
* sm: Try not to output a partial new message after an error.Werner Koch2020-06-261-2/+19
| | | | | | | | | | | | | | | | | * sm/gpgsm.c (main) <aSign,aEncr>: Uses gpgrt_fcancel on error. -- When creating a signature or encrypting and the respective key is not available or the user canceled the PIN entry gpgsm prints the initial part of the message due to internal buffering in gpgrt. By using gpgrt_fcancel we can avoid this at least as long as the data is less than the standard buffer size (which is currently 8k). If is not a complete solution but the best we can do easily. Outputting to the tty is anyway more of a testing aid than for real use. This makes use of the new gpgrt_fcancel API. Signed-off-by: Werner Koch <[email protected]>
* sm: Print the serial number of a cert also in decimal.Werner Koch2020-06-263-3/+89
| | | | | | | | | | | | * sm/certdump.c: Include membuf.h. (gpgsm_print_serial_decimal): New. * sm/keylist.c (list_cert_raw): Print s/n also in decimal (list_cert_std): Ditto. -- Many CA's print the serial number in decimal on their cards. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix support verification of nistp521 signatures.Werner Koch2020-06-251-1/+1
| | | | | | | | * sm/certcheck.c (do_encode_md): Fix obvious bug. -- Fixes-commit: 596212e71abf33b30608348b782c093dace83110 Signed-off-by: Werner Koch <[email protected]>
* sm: Support verification of nistp521 signatures.Werner Koch2020-06-171-5/+8
| | | | | | | | | | | * sm/certcheck.c (do_encode_md): Take care of nistp521. -- That curve is a bit odd in that it does not match a common hash digest length. We fix that here for just this case instead of writing more general code to support all allowed cases (i.e. hash shorter than Q). Signed-off-by: Werner Koch <[email protected]>
* sm: Fix recently introduced regression in CSR creation.Werner Koch2020-06-031-1/+5
| | | | | | | | * sm/certreqgen.c (create_request): Also set SIGKEYLEN. -- Fixes-commit: 44676819f2873705b78849e7b2fd22214b691642 Signed-off-by: Werner Koch <[email protected]>
* sm: Create ECC certificates with AKI and SKI by default.Werner Koch2020-05-191-31/+127
| | | | | | | | * sm/certreqgen.c (create_request): Create AKI and SKI by default. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Support creation of EdDSA certificates.Werner Koch2020-05-184-63/+183
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/misc.c (transform_sigval): Support EdDSA. * sm/certreqgen.c (create_request): Support EdDSA cert creation. * sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to hash algos. * sm/call-agent.c (struct sethash_inq_parm_s): New. (sethash_inq_cb): New. (gpgsm_agent_pksign): Add mode to pass plain data for EdDSA. -- Tested using a parameter file Key-Type: EdDSA Key-Length: 1024 Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0 Key-Usage: sign Serial: random Name-DN: CN=dummy test ed25519 where the keygrip is from a gpg generated Ed25519 key. ECDSA was tested using Key-Type: ECDSA Key-Length: 1024 Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C Key-Usage: sign Serial: random Name-DN: CN=dummy test nistp256 and RSA using Key-Type: RSA Key-Length: 2048 Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E Key-Usage: sign Serial: random Name-DN: CN=dummy test rsa The command used in all cases is gpgsm -v --gen-key --batch a.parm >a.crt gpgsm -v --import <a.crt More support, in particular in the user interface, is required and will follow soon. GnuPG-bug-id: 4888 Signed-off-by: Werner Koch <[email protected]>
* sm: Support import and verification of EdDSA certificates.Werner Koch2020-05-133-17/+143
| | | | | | | | | | | | | | * sm/certdump.c (gpgsm_get_serial): New. * sm/certcheck.c (gpgsm_check_cert_sig): Support EdDSA signatures. -- Note that this does not work with the self-signed RFC-8410 sample certificate; see the code for comments. The Ed488 case has not been tested due to a lack of support in Libgcrypt. Signed-off-by: Werner Koch <[email protected]>
* sm: Support signing using ECDSA.Werner Koch2020-05-112-32/+54
| | | | | | | | | | * sm/gpgsm.h (struct certlist_s): Add helper field pk_algo. * sm/sign.c (gpgsm_sign): Store the public key algo. Take the hash algo from the curve. Improve diagnostic output in verbose mode. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.Werner Koch2020-05-084-67/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/decrypt.c (ecdh_decrypt): Support dhSinglePass-stdDH-sha1kdf-scheme. Factor key derive code out to ... (ecdh_derive_kek): new global function. Allow for hashs shorter than the key. (hash_ecc_cms_shared_info): Make file-only. * sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the new ecdh_derive_kek. Add test code to create data using dhSinglePass-stdDH-sha1kdf-scheme. * sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf. * sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf. -- I did some test against Governikus_Signer: 2.9.2.0 MCard security Provider: 2.4.0 Algorithm catalog from: 05.12.2019 using a Signature Card v2.0 and a nistp256 certificate. Encrypting with Governikus used the stdDH-sha1kdf scheme which we can now decrypt. Encrypting with GPGSM uses for that curve the recommended scheme sha256kdf but Governikus was not able to decrypt this (no usable error message). Encrypting using stdDH-sha1kdf with GPGSM by using the new --debug-force-ecdh-sha1kdf option showed that Governikus was able to decrypt this. FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms) has this requirement: Implementations that support EnvelopedData with the ephemeral-static ECDH standard primitive: - MUST support the dhSinglePass-stdDH-sha256kdf-scheme key agreement algorithm, the id-aes128-wrap key wrap algorithm, and the id-aes128-cbc content encryption algorithm; and which Governikus seems not to fulfill. GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Print algorithm infos in data decryption mode.Werner Koch2020-05-081-0/+13
| | | | | | | | * common/sexputil.c (cipher_mode_to_string): New. * sm/decrypt.c (prepare_decryption): Show cipher algo and mode. (gpgsm_decrypt): Show key algo and fingerprint Signed-off-by: Werner Koch <[email protected]>
* sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.Werner Koch2020-05-084-8/+13
| | | | | | | | | | | * common/sexputil.c (pubkey_algo_to_string): New. * sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC. * sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms. * sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA. * sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey algo name function Signed-off-by: Werner Koch <[email protected]>
* sm: Improve readability of the data verification output.Werner Koch2020-05-081-35/+66
| | | | | | | | | | * sm/verify.c (gpgsm_verify): Print the used algorithms. -- Note that we now use the full fingerprint instead of the certificate id. This better aligns with what we do in gpg. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix annoying warning about not yet implemented --attribute.Werner Koch2020-05-071-1/+2
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* sm: Print the key types as standard key algorithm strings.Werner Koch2020-05-073-14/+84
| | | | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ... (gpgsm_get_key_algo_info2): new. (gpgsm_pubkey_algo_string): New. * sm/keylist.c (list_cert_colon): Put curve into field 17 (list_cert_raw): Print the unified key algotithm string instead of the algo and size. (list_cert_std): Ditto. -- It is important to known whether a 256 bit ECC uses a NIST or a Brainpool curve. Signed-off-by: Werner Koch <[email protected]>
* sm: Support decryption of ECDH data using a smartcard.Werner Koch2020-05-071-8/+11
| | | | | | | | | | * sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret. (prepare_decryption): Add arg nbits and pass on. (gpgsm_decrypt): Pass size of curve to prepare_decryption. -- GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Support encryption using ECDH keys.Werner Koch2020-05-043-13/+313
| | | | | | | | | | | | | | * sm/decrypt.c (hash_ecc_cms_shared_info): Make global. * sm/encrypt.c (ecdh_encrypt): New. (encrypt_dek): Add arg PK_ALGO and support ECDH. (gpgsm_encrypt): Pass PK_ALGO. -- Note: This has only been tested with a messages created and decrypted by GnuPG. GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fixes in code commentsWerner Koch2020-05-041-1/+1
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* sm: Add support to export ECC private keys.Werner Koch2020-04-274-211/+559
| | | | | | | | | | | | | | | | | | | * sm/minip12.c [TEST]: Remove test code. Include util.h, tlv.h. and openpgpdefs.h. Remove the class and tag constants and replace them by those from tlv.h. (builder_add_oid, builder_add_mpi): New. (build_key_sequence): Rename to ... (build_rsa_key_sequence): this. (build_ecc_key_sequence): New. (p12_build): Call RSA or ECC builder. (p12_raw_build): Ditto. * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC. (sexp_to_kparms): Support ECC. * sm/t-minip12.c: New to replace the former TEST code in minip12.h. -- GnuPG-bug-id: 4921
* sm: Minor debug output format changes.Werner Koch2020-04-233-3/+3
| | | | --
* sm: Support decryption of ECDH data.Werner Koch2020-04-231-37/+365
| | | | | | | | | | | | | | | | | * sm/decrypt.c: Include tlv.h. (string_from_gcry_buffer): New. (hash_ecc_cms_shared_info): New. (ecdh_decrypt): New. (prepare_decryption): Support ECDH. Add arg pk_algo. (gpgsm_decrypt): Lift some variables from an inner code block. -- Note: This has only been tested with a single messages created by OpenSSL and taken from the Mozilla bug tracker. In particular the code to included UserKeyingMaterial (ukm) has not been tested. GnuPG-bug-id: 4098 Signed-off-by: Werner Koch <[email protected]>
* sm: Support import of PKCS#12 encoded ECC private keys.Werner Koch2020-04-213-62/+198
| | | | | | | | | | | | | * sm/minip12.c: Include ksba.h. (oid_pcPublicKey): New const. (parse_bag_data): Add arg 'r-curve'. Support parsing of ECC private keys. (p12_parse): Add arg 'r_curve'. * sm/import.c (parse_p12): Support ECC import. -- GnuPG-bug-id: 4921 Signed-off-by: Werner Koch <[email protected]>
* sm: Replace some debug message by log_error or log_infoWerner Koch2020-04-212-8/+10
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 09:30:25 +0000