diff options
| author | Werner Koch <[email protected]> | 2013-11-15 07:59:45 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2013-11-15 08:01:11 +0000 |
| commit | 402aa0f94854bb00475c934be5ca6043a4632126 (patch) | |
| tree | 8ecfd73ed627790d25acf9d8c4cbd1813801d0e5 /agent/protect.c | |
| parent | kbx: Fix possible segv in kbxdump. (diff) | |
| download | gnupg-402aa0f94854bb00475c934be5ca6043a4632126.tar.gz gnupg-402aa0f94854bb00475c934be5ca6043a4632126.zip | |
gpg: Rework ECC support and add experimental support for Ed25519.
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New. Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case. Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--
Be warned that this code is subject to further changes and that the
format will very likely change before a release. There are also known
bugs and missing code.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'agent/protect.c')
| -rw-r--r-- | agent/protect.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/agent/protect.c b/agent/protect.c index b29f494fb..749867cc1 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -467,6 +467,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, int depth = 0; unsigned char *p; gcry_md_hd_t md; + int have_curve = 0; /* Create an S-expression with the protected-at timestamp. */ memcpy (timestamp_exp, "(12:protected-at15:", 19); @@ -499,6 +500,11 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, if (!protect_info[infidx].algo) return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + /* The parser below is a complete mess: To make it robust for ECC + use we should reorder the s-expression to include only what we + really need and thus guarantee the right order for saving stuff. + This should be done before calling this function and maybe with + the help of the new gcry_sexp_extract_param. */ parmlist = protect_info[infidx].parmlist; prot_from_idx = protect_info[infidx].prot_from; prot_to_idx = protect_info[infidx].prot_to; @@ -522,10 +528,19 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, /* This is a private ECC key but the first parameter is the name of the curve. We change the parameter list here to the one we expect in this case. */ + have_curve = 1; parmlist = "?qd"; prot_from_idx = 2; prot_to_idx = 2; } + else if (n == 5 && !memcmp (s, "flags", 5) + && i == 1 && have_curve) + { + /* "curve" followed by "flags": Change again. */ + parmlist = "??qd"; + prot_from_idx = 3; + prot_to_idx = 3; + } else return gpg_error (GPG_ERR_INV_SEXP); } |