diff options
| author | Werner Koch <[email protected]> | 2014-01-30 17:48:37 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-01-30 17:48:37 +0000 |
| commit | b7f8dec6325f1c80640f878ed3080bbc194fbc78 (patch) | |
| tree | 6542c393a37d2d322adf3721e3f52ad79005fa56 /g10/seskey.c | |
| parent | gpg: Remove cipher.h and put algo ids into a common file. (diff) | |
| download | gnupg-b7f8dec6325f1c80640f878ed3080bbc194fbc78.tar.gz gnupg-b7f8dec6325f1c80640f878ed3080bbc194fbc78.zip | |
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/seskey.c')
| -rw-r--r-- | g10/seskey.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/g10/seskey.c b/g10/seskey.c index 7d0429278..410f0bfa6 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -255,20 +255,20 @@ gcry_mpi_t encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) { gcry_mpi_t frame; - int pkalgo; size_t mdlen; assert (hash_algo); assert (pk); - pkalgo = map_pk_openpgp_to_gcry (pk->pubkey_algo); - - if (pkalgo == GCRY_PK_ECDSA && openpgp_oid_is_ed25519 (pk->pkey[0])) + if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA) { + /* EdDSA signs data of arbitrary length. Thus no special + treatment is required. */ frame = gcry_mpi_set_opaque_copy (NULL, gcry_md_read (md, hash_algo), 8*gcry_md_get_algo_dlen (hash_algo)); } - else if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA) + else if (pk->pubkey_algo == PUBKEY_ALGO_DSA + || pk->pubkey_algo == PUBKEY_ALGO_ECDSA) { /* It's a DSA signature, so find out the size of q. */ @@ -276,11 +276,10 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) /* pkey[1] is Q for ECDSA, which is an uncompressed point, i.e. 04 <x> <y> */ - if (pkalgo == GCRY_PK_ECDSA) + if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA) qbits = ecdsa_qbits_from_Q (qbits); /* Make sure it is a multiple of 8 bits. */ - if ((qbits%8)) { log_error(_("DSA requires the hash length to be a" @@ -297,7 +296,8 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) if (qbits < 160) { log_error (_("%s key %s uses an unsafe (%zu bit) hash\n"), - gcry_pk_algo_name (pkalgo), keystr_from_pk (pk), qbits); + openpgp_pk_algo_name (pk->pubkey_algo), + keystr_from_pk (pk), qbits); return NULL; } @@ -305,7 +305,7 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) /* ECDSA 521 is special has it is larger than the largest hash we have (SHA-512). Thus we chnage the size for further processing to 512. */ - if (pkalgo == GCRY_PK_ECDSA && qbits > 512) + if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA && qbits > 512) qbits = 512; /* Check if we're too short. Too long is safe as we'll @@ -315,8 +315,8 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) { log_error (_("%s key %s requires a %zu bit or larger hash " "(hash is %s)\n"), - gcry_pk_algo_name (pkalgo), - keystr_from_pk(pk), qbits, + openpgp_pk_algo_name (pk->pubkey_algo), + keystr_from_pk (pk), qbits, gcry_md_algo_name (hash_algo)); return NULL; } |