diff options
| author | Werner Koch <[email protected]> | 2020-05-18 17:32:30 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-05-18 17:32:30 +0000 |
| commit | 6dc3846d78192e393be73c16c72750734a9174d1 (patch) | |
| tree | 386632ce393788ee429cf39f5a22223eaf0fe176 /sm/certcheck.c | |
| parent | agent: Allow to use SETHASH for arbitrary data. (diff) | |
| download | gnupg-6dc3846d78192e393be73c16c72750734a9174d1.tar.gz gnupg-6dc3846d78192e393be73c16c72750734a9174d1.zip | |
sm: Support creation of EdDSA certificates.
* sm/misc.c (transform_sigval): Support EdDSA.
* sm/certreqgen.c (create_request): Support EdDSA cert creation.
* sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
hash algos.
* sm/call-agent.c (struct sethash_inq_parm_s): New.
(sethash_inq_cb): New.
(gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.
--
Tested using a parameter file
Key-Type: EdDSA
Key-Length: 1024
Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0
Key-Usage: sign
Serial: random
Name-DN: CN=dummy test ed25519
where the keygrip is from a gpg generated Ed25519 key. ECDSA was
tested using
Key-Type: ECDSA
Key-Length: 1024
Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C
Key-Usage: sign
Serial: random
Name-DN: CN=dummy test nistp256
and RSA using
Key-Type: RSA
Key-Length: 2048
Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E
Key-Usage: sign
Serial: random
Name-DN: CN=dummy test rsa
The command used in all cases is
gpgsm -v --gen-key --batch a.parm >a.crt
gpgsm -v --import <a.crt
More support, in particular in the user interface, is required and
will follow soon.
GnuPG-bug-id: 4888
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'sm/certcheck.c')
| -rw-r--r-- | sm/certcheck.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/sm/certcheck.c b/sm/certcheck.c index 3dcac2ffa..3604ac788 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -360,6 +360,8 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) int use_eddsa = 0; unsigned int saltlen; + /* Note that we map the 4 algos which current Libgcrypt versions are + * not aware of the OID. */ algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert))); if (!algo && algoid && !strcmp (algoid, "1.2.840.113549.1.1.10")) use_pss = 1; @@ -367,6 +369,14 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) use_eddsa = 1; else if (algoid && !strcmp (algoid, "1.3.101.113")) use_eddsa = 2; + else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.1")) + algo = GCRY_MD_SHA224; /* ecdsa-with-sha224 */ + else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.2")) + algo = GCRY_MD_SHA256; /* ecdsa-with-sha256 */ + else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.3")) + algo = GCRY_MD_SHA384; /* ecdsa-with-sha384 */ + else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.4")) + algo = GCRY_MD_SHA512; /* ecdsa-with-sha512 */ else if (!algo) { log_error ("unknown digest algorithm '%s' used in certificate\n", |