diff options
| author | Werner Koch <[email protected]> | 2025-11-16 16:49:52 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-11-16 16:57:14 +0000 |
| commit | 47bab26daf035ffdce97e4957bdb6ad12dbea506 (patch) | |
| tree | efb6029844d8de1169d206730cee85af50fb2760 /g10/import.c | |
| parent | gpg: Change the mode1003 format for composite keys. (diff) | |
| download | gnupg-47bab26daf035ffdce97e4957bdb6ad12dbea506.tar.gz gnupg-47bab26daf035ffdce97e4957bdb6ad12dbea506.zip | |
gpg: Allow the import of Kyber secret keys.
* g10/import.c (transfer_secret_keys): Handle mode 1003.
* g10/call-agent.c (agent_import_key): Add arg mode1003.
* common/sexputil.c (make_canon_sexp): Create in secmem when the input
was in secmem.
* agent/findkey.c (agent_write_private_key): Add arg 'linkattr' and
change all callers.
* agent/command.c (cmd_import_key): Add option '--mode1003'.
Reorganize code and implement support for composite keys.
--
GnuPG-bug-id: 7315
Diffstat (limited to 'g10/import.c')
| -rw-r--r-- | g10/import.c | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/g10/import.c b/g10/import.c index ebfd73805..9affe057c 100644 --- a/g10/import.c +++ b/g10/import.c @@ -2853,7 +2853,31 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, continue; } - err = build_classic_transfer_sexp (pk, &tmpsexp); + tmpsexp = NULL; + if (ski->s2k.mode == 1003) + { + const void *tmpbuf; + unsigned int tmpbuflen; + int npkey; + + /* Fixme: Check that the public key parameters in pkey match + * those in the s-expression of the secret key. */ + npkey = pubkey_get_npkey (pk->pubkey_algo); + if (npkey+1 > PUBKEY_MAX_NSKEY) + err = gpg_error (GPG_ERR_BAD_SECKEY); + else if (!pk->pkey[npkey] + || !gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE)) + err = gpg_error (GPG_ERR_BAD_SECKEY); + else + { + tmpbuf = gcry_mpi_get_opaque (pk->pkey[npkey], &tmpbuflen); + tmpbuflen = (tmpbuflen +7)/8; /* Fixup bits to bytes */ + err = gcry_sexp_new (&tmpsexp, tmpbuf, tmpbuflen, 0); + } + } + else + err = build_classic_transfer_sexp (pk, &tmpsexp); + xfree (transferkey); transferkey = NULL; if (!err) @@ -2883,7 +2907,8 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, /* Send the wrapped key to the agent. */ { char *desc = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_IMPORT, 1); - err = agent_import_key (ctrl, desc, &cache_nonce, + err = agent_import_key (ctrl, desc, ski->s2k.mode == 1003, + &cache_nonce, wrappedkey, wrappedkeylen, batch, force, pk->keyid, pk->main_keyid, pk->pubkey_algo, pk->timestamp); |