From b73d8ed06ffef8d2fd70ab2e48da9ef515472fe9 Mon Sep 17 00:00:00 2001 From: Andrey Jivsov Date: Wed, 12 Jan 2011 21:14:45 -0800 Subject: Fixed key generation with P-521. Confirmed that signature generation and verification work. --- agent/pksign.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'agent/pksign.c') diff --git a/agent/pksign.c b/agent/pksign.c index ac5f4e1a0..a6dbf2509 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -119,12 +119,15 @@ do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, gpg_error_t err; gcry_sexp_t hash; unsigned int qbits; + int gcry_pkalgo; *r_hash = NULL; - if (dsaalgo == GCRY_PK_ECDSA) + gcry_pkalgo = map_pk_openpgp_to_gcry( dsaalgo ); + + if (gcry_pkalgo == GCRY_PK_ECDSA) qbits = gcry_pk_get_nbits (pkey); - else if (dsaalgo == GCRY_PK_DSA) + else if (gcry_pkalgo == GCRY_PK_DSA) qbits = get_dsa_qbits (pkey); else return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); @@ -143,20 +146,25 @@ do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, if (qbits < 160) { log_error (_("%s key uses an unsafe (%u bit) hash\n"), - gcry_pk_algo_name (dsaalgo), qbits); + gcry_pk_algo_name (gcry_pkalgo), qbits); return gpg_error (GPG_ERR_INV_LENGTH); } /* Check if we're too short. Too long is safe as we'll automatically left-truncate. */ - if (mdlen < qbits/8) + + /* This check would require the use of SHA512 with ECDSA 512. I think this is overkill to fail in this case. + * Therefore, relax the check, but only for ECDSA keys. We may need to adjust it later for general case. + * ( Note that the check is really a bug for ECDSA 521 as the only hash that matches it is SHA 512, but 512 < 521 ). + */ + if( mdlen < ((gcry_pkalgo==GCRY_PK_ECDSA && qbits>521) ? 512 : qbits) ) { log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"), - mdlen*8, + mdlen, gcry_pk_get_nbits (pkey), - gcry_pk_algo_name (dsaalgo)); + gcry_pk_algo_name (gcry_pkalgo)); /* FIXME: we need to check the requirements for ECDSA. */ - if (mdlen < 20 || dsaalgo == GCRY_PK_DSA) + if (mdlen < 20 || gcry_pkalgo == GCRY_PK_DSA) return gpg_error (GPG_ERR_INV_LENGTH); } -- cgit v1.2.3 From 27929981fc23fabecf6af9fa1361361b821bb2fd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 21 Jan 2011 15:22:41 +0100 Subject: Make most of the selftests work. Note that there is still a problem with tests/openpgp/sigs.test while using the option --digest-algo SHA256. --- agent/pksign.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'agent/pksign.c') diff --git a/agent/pksign.c b/agent/pksign.c index a6dbf2509..0414bc347 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -113,21 +113,21 @@ get_dsa_qbits (gcry_sexp_t key) /* Encode a message digest for use with an DSA algorithm. */ static gpg_error_t -do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, +do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, gcry_sexp_t *r_hash) { gpg_error_t err; gcry_sexp_t hash; unsigned int qbits; - int gcry_pkalgo; + int pkalgo; *r_hash = NULL; - gcry_pkalgo = map_pk_openpgp_to_gcry( dsaalgo ); + pkalgo = map_pk_openpgp_to_gcry (dsaalgo); - if (gcry_pkalgo == GCRY_PK_ECDSA) + if (pkalgo == GCRY_PK_ECDSA) qbits = gcry_pk_get_nbits (pkey); - else if (gcry_pkalgo == GCRY_PK_DSA) + else if (pkalgo == GCRY_PK_DSA) qbits = get_dsa_qbits (pkey); else return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); @@ -146,25 +146,28 @@ do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, if (qbits < 160) { log_error (_("%s key uses an unsafe (%u bit) hash\n"), - gcry_pk_algo_name (gcry_pkalgo), qbits); + gcry_pk_algo_name (pkalgo), qbits); return gpg_error (GPG_ERR_INV_LENGTH); } /* Check if we're too short. Too long is safe as we'll - automatically left-truncate. */ - - /* This check would require the use of SHA512 with ECDSA 512. I think this is overkill to fail in this case. - * Therefore, relax the check, but only for ECDSA keys. We may need to adjust it later for general case. - * ( Note that the check is really a bug for ECDSA 521 as the only hash that matches it is SHA 512, but 512 < 521 ). + * automatically left-truncate. + * + * This check would require the use of SHA512 with ECDSA 512. I + * think this is overkill to fail in this case. Therefore, relax + * the check, but only for ECDSA keys. We may need to adjust it + * later for general case. (Note that the check is really a bug for + * ECDSA 521 as the only hash that matches it is SHA 512, but 512 < + * 521 ). */ - if( mdlen < ((gcry_pkalgo==GCRY_PK_ECDSA && qbits>521) ? 512 : qbits) ) + if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8) { log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"), - mdlen, + mdlen*8, gcry_pk_get_nbits (pkey), - gcry_pk_algo_name (gcry_pkalgo)); + gcry_pk_algo_name (pkalgo)); /* FIXME: we need to check the requirements for ECDSA. */ - if (mdlen < 20 || gcry_pkalgo == GCRY_PK_DSA) + if (mdlen < 20 || pkalgo == GCRY_PK_DSA) return gpg_error (GPG_ERR_INV_LENGTH); } -- cgit v1.2.3