2003-06-18 19:56:13 +00:00
|
|
|
/* pkglue.c - public key operations glue code
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
* Copyright (C) 2000, 2003, 2010 Free Software Foundation, Inc.
|
|
|
|
* Copyright (C) 2014 Werner Koch
|
2024-04-15 09:23:16 +02:00
|
|
|
* Copyright (C) 2024 g10 Code GmbH.
|
2003-06-18 19:56:13 +00:00
|
|
|
*
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
*
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 19:49:40 +00:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-06-18 19:56:13 +00:00
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2024-04-15 09:23:16 +02:00
|
|
|
* SPDX-License-Identifier: GPL-3.0-or-later
|
2003-06-18 19:56:13 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <errno.h>
|
|
|
|
|
|
|
|
#include "gpg.h"
|
2017-03-07 20:21:23 +09:00
|
|
|
#include "../common/util.h"
|
2003-06-18 19:56:13 +00:00
|
|
|
#include "pkglue.h"
|
2011-01-05 17:33:17 -08:00
|
|
|
#include "main.h"
|
2011-01-25 20:28:25 +01:00
|
|
|
#include "options.h"
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2024-04-23 11:20:37 +02:00
|
|
|
|
|
|
|
/* Maximum buffer sizes required for ECC KEM. */
|
|
|
|
#define ECC_POINT_LEN_MAX (1+2*64)
|
|
|
|
#define ECC_HASH_LEN_MAX 64
|
|
|
|
|
|
|
|
|
2015-11-16 12:41:46 +01:00
|
|
|
/* FIXME: Better change the function name because mpi_ is used by
|
2011-01-21 12:00:57 +01:00
|
|
|
gcrypt macros. */
|
2011-01-05 17:33:17 -08:00
|
|
|
gcry_mpi_t
|
2013-11-15 08:59:45 +01:00
|
|
|
get_mpi_from_sexp (gcry_sexp_t sexp, const char *item, int mpifmt)
|
2003-08-25 21:12:43 +00:00
|
|
|
{
|
|
|
|
gcry_sexp_t list;
|
|
|
|
gcry_mpi_t data;
|
2011-02-02 17:40:32 +01:00
|
|
|
|
2003-08-25 21:12:43 +00:00
|
|
|
list = gcry_sexp_find_token (sexp, item, 0);
|
2016-04-29 11:05:24 +02:00
|
|
|
log_assert (list);
|
2013-11-15 08:59:45 +01:00
|
|
|
data = gcry_sexp_nth_mpi (list, 1, mpifmt);
|
2016-04-29 11:05:24 +02:00
|
|
|
log_assert (data);
|
2003-08-25 21:12:43 +00:00
|
|
|
gcry_sexp_release (list);
|
|
|
|
return data;
|
|
|
|
}
|
|
|
|
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2021-12-10 15:39:32 +09:00
|
|
|
/*
|
|
|
|
* SOS (Simply, Octet String) is an attempt to handle opaque octet
|
|
|
|
* string in OpenPGP, where well-formed MPI cannot represent octet
|
|
|
|
* string with leading zero octets.
|
|
|
|
*
|
|
|
|
* To retain maximum compatibility to existing MPI handling, SOS
|
|
|
|
* has same structure, but allows leading zero octets. When there
|
|
|
|
* is no leading zero octets, SOS representation is as same as MPI one.
|
|
|
|
* With leading zero octets, NBITS is 8*(length of octets), regardless
|
|
|
|
* of leading zero bits.
|
|
|
|
*/
|
2020-06-09 10:32:47 +09:00
|
|
|
/* Extract SOS representation from SEXP for PARAM, return the result
|
2021-12-10 15:39:32 +09:00
|
|
|
* in R_SOS. It is represented by opaque MPI with GCRYMPI_FLAG_USER2
|
|
|
|
* flag. */
|
2020-06-09 10:32:47 +09:00
|
|
|
gpg_error_t
|
|
|
|
sexp_extract_param_sos (gcry_sexp_t sexp, const char *param, gcry_mpi_t *r_sos)
|
|
|
|
{
|
|
|
|
gpg_error_t err;
|
|
|
|
gcry_sexp_t l2 = gcry_sexp_find_token (sexp, param, 0);
|
|
|
|
|
|
|
|
*r_sos = NULL;
|
|
|
|
if (!l2)
|
|
|
|
err = gpg_error (GPG_ERR_NO_OBJ);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
size_t buflen;
|
|
|
|
void *p0 = gcry_sexp_nth_buffer (l2, 1, &buflen);
|
|
|
|
|
|
|
|
if (!p0)
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
gcry_mpi_t sos;
|
|
|
|
unsigned int nbits = buflen*8;
|
|
|
|
unsigned char *p = p0;
|
|
|
|
|
2020-10-30 15:21:20 +09:00
|
|
|
if (*p && nbits >= 8 && !(*p & 0x80))
|
2020-06-09 10:32:47 +09:00
|
|
|
if (--nbits >= 7 && !(*p & 0x40))
|
|
|
|
if (--nbits >= 6 && !(*p & 0x20))
|
|
|
|
if (--nbits >= 5 && !(*p & 0x10))
|
|
|
|
if (--nbits >= 4 && !(*p & 0x08))
|
|
|
|
if (--nbits >= 3 && !(*p & 0x04))
|
|
|
|
if (--nbits >= 2 && !(*p & 0x02))
|
|
|
|
if (--nbits >= 1 && !(*p & 0x01))
|
|
|
|
--nbits;
|
|
|
|
|
|
|
|
sos = gcry_mpi_set_opaque (NULL, p0, nbits);
|
|
|
|
if (sos)
|
|
|
|
{
|
|
|
|
gcry_mpi_set_flag (sos, GCRYMPI_FLAG_USER2);
|
|
|
|
*r_sos = sos;
|
|
|
|
err = 0;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
}
|
|
|
|
gcry_sexp_release (l2);
|
|
|
|
}
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2021-12-10 15:39:32 +09:00
|
|
|
/* "No leading zero octets" (nlz) version of the function above.
|
|
|
|
*
|
|
|
|
* This routine is used for backward compatibility to existing
|
|
|
|
* implementation with the weird handling of little endian integer
|
|
|
|
* representation with leading zero octets. For the sake of
|
|
|
|
* "well-fomed" MPI, which is designed for big endian integer, leading
|
|
|
|
* zero octets are removed when output, and they are recovered at
|
|
|
|
* input.
|
|
|
|
*
|
|
|
|
* Extract SOS representation from SEXP for PARAM, removing leading
|
|
|
|
* zeros, return the result in R_SOS. */
|
|
|
|
gpg_error_t
|
|
|
|
sexp_extract_param_sos_nlz (gcry_sexp_t sexp, const char *param,
|
|
|
|
gcry_mpi_t *r_sos)
|
|
|
|
{
|
|
|
|
gpg_error_t err;
|
|
|
|
gcry_sexp_t l2 = gcry_sexp_find_token (sexp, param, 0);
|
|
|
|
|
|
|
|
*r_sos = NULL;
|
|
|
|
if (!l2)
|
|
|
|
err = gpg_error (GPG_ERR_NO_OBJ);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
size_t buflen;
|
|
|
|
const void *p0 = gcry_sexp_nth_data (l2, 1, &buflen);
|
|
|
|
|
|
|
|
if (!p0)
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
gcry_mpi_t sos;
|
|
|
|
unsigned int nbits = buflen*8;
|
|
|
|
const unsigned char *p = p0;
|
|
|
|
|
|
|
|
/* Strip leading zero bits. */
|
|
|
|
for (; nbits >= 8 && !*p; p++, nbits -= 8)
|
|
|
|
;
|
|
|
|
|
|
|
|
if (nbits >= 8 && !(*p & 0x80))
|
|
|
|
if (--nbits >= 7 && !(*p & 0x40))
|
|
|
|
if (--nbits >= 6 && !(*p & 0x20))
|
|
|
|
if (--nbits >= 5 && !(*p & 0x10))
|
|
|
|
if (--nbits >= 4 && !(*p & 0x08))
|
|
|
|
if (--nbits >= 3 && !(*p & 0x04))
|
|
|
|
if (--nbits >= 2 && !(*p & 0x02))
|
|
|
|
if (--nbits >= 1 && !(*p & 0x01))
|
|
|
|
--nbits;
|
|
|
|
|
|
|
|
sos = gcry_mpi_set_opaque_copy (NULL, p, nbits);
|
|
|
|
if (sos)
|
|
|
|
{
|
|
|
|
gcry_mpi_set_flag (sos, GCRYMPI_FLAG_USER2);
|
|
|
|
*r_sos = sos;
|
|
|
|
err = 0;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
}
|
|
|
|
gcry_sexp_release (l2);
|
|
|
|
}
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-06-09 15:45:51 +09:00
|
|
|
static byte *
|
|
|
|
get_data_from_sexp (gcry_sexp_t sexp, const char *item, size_t *r_size)
|
|
|
|
{
|
|
|
|
gcry_sexp_t list;
|
|
|
|
size_t valuelen;
|
|
|
|
const char *value;
|
|
|
|
byte *v;
|
|
|
|
|
2020-06-23 10:10:29 +09:00
|
|
|
if (DBG_CRYPTO)
|
|
|
|
log_printsexp ("get_data_from_sexp:", sexp);
|
2020-06-09 15:45:51 +09:00
|
|
|
|
|
|
|
list = gcry_sexp_find_token (sexp, item, 0);
|
|
|
|
log_assert (list);
|
|
|
|
value = gcry_sexp_nth_data (list, 1, &valuelen);
|
|
|
|
log_assert (value);
|
|
|
|
v = xtrymalloc (valuelen);
|
|
|
|
memcpy (v, value, valuelen);
|
|
|
|
gcry_sexp_release (list);
|
|
|
|
*r_size = valuelen;
|
|
|
|
return v;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2003-06-18 19:56:13 +00:00
|
|
|
/****************
|
|
|
|
* Emulate our old PK interface here - sometime in the future we might
|
|
|
|
* change the internal design to directly fit to libgcrypt.
|
|
|
|
*/
|
|
|
|
int
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
|
|
|
|
gcry_mpi_t *data, gcry_mpi_t *pkey)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
|
|
|
gcry_sexp_t s_sig, s_hash, s_pkey;
|
|
|
|
int rc;
|
|
|
|
|
2011-01-21 12:00:57 +01:00
|
|
|
/* Make a sexp from pkey. */
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
if (pkalgo == PUBKEY_ALGO_DSA)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_pkey, NULL,
|
|
|
|
"(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
|
|
|
|
pkey[0], pkey[1], pkey[2], pkey[3]);
|
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_ELGAMAL_E || pkalgo == PUBKEY_ALGO_ELGAMAL)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_pkey, NULL,
|
|
|
|
"(public-key(elg(p%m)(g%m)(y%m)))",
|
|
|
|
pkey[0], pkey[1], pkey[2]);
|
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_RSA || pkalgo == PUBKEY_ALGO_RSA_S)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_pkey, NULL,
|
|
|
|
"(public-key(rsa(n%m)(e%m)))", pkey[0], pkey[1]);
|
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_ECDSA)
|
2011-01-05 17:33:17 -08:00
|
|
|
{
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
char *curve = openpgp_oid_to_str (pkey[0]);
|
|
|
|
if (!curve)
|
|
|
|
rc = gpg_error_from_syserror ();
|
|
|
|
else
|
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_pkey, NULL,
|
|
|
|
"(public-key(ecdsa(curve %s)(q%m)))",
|
|
|
|
curve, pkey[1]);
|
|
|
|
xfree (curve);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (pkalgo == PUBKEY_ALGO_EDDSA)
|
|
|
|
{
|
|
|
|
char *curve = openpgp_oid_to_str (pkey[0]);
|
|
|
|
if (!curve)
|
|
|
|
rc = gpg_error_from_syserror ();
|
2011-01-31 09:27:06 +01:00
|
|
|
else
|
|
|
|
{
|
2020-06-24 10:05:03 +09:00
|
|
|
const char *fmt;
|
|
|
|
|
|
|
|
if (openpgp_oid_is_ed25519 (pkey[0]))
|
|
|
|
fmt = "(public-key(ecc(curve %s)(flags eddsa)(q%m)))";
|
|
|
|
else
|
|
|
|
fmt = "(public-key(ecc(curve %s)(q%m)))";
|
|
|
|
|
|
|
|
rc = gcry_sexp_build (&s_pkey, NULL, fmt, curve, pkey[1]);
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
xfree (curve);
|
2011-01-31 09:27:06 +01:00
|
|
|
}
|
2011-01-05 17:33:17 -08:00
|
|
|
}
|
2003-06-18 19:56:13 +00:00
|
|
|
else
|
|
|
|
return GPG_ERR_PUBKEY_ALGO;
|
|
|
|
|
|
|
|
if (rc)
|
2009-02-24 11:47:25 +00:00
|
|
|
BUG (); /* gcry_sexp_build should never fail. */
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2011-01-21 12:00:57 +01:00
|
|
|
/* Put hash into a S-Exp s_hash. */
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
if (pkalgo == PUBKEY_ALGO_EDDSA)
|
2013-11-15 08:59:45 +01:00
|
|
|
{
|
2020-06-24 10:05:03 +09:00
|
|
|
const char *fmt;
|
|
|
|
|
|
|
|
if (openpgp_oid_is_ed25519 (pkey[0]))
|
|
|
|
fmt = "(data(flags eddsa)(hash-algo sha512)(value %m))";
|
|
|
|
else
|
|
|
|
fmt = "(data(value %m))";
|
|
|
|
|
|
|
|
if (gcry_sexp_build (&s_hash, NULL, fmt, hash))
|
2013-11-15 08:59:45 +01:00
|
|
|
BUG (); /* gcry_sexp_build should never fail. */
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
|
|
|
|
BUG (); /* gcry_sexp_build should never fail. */
|
|
|
|
}
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2009-02-24 11:47:25 +00:00
|
|
|
/* Put data into a S-Exp s_sig. */
|
|
|
|
s_sig = NULL;
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
if (pkalgo == PUBKEY_ALGO_DSA)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
2003-08-07 07:05:38 +00:00
|
|
|
if (!data[0] || !data[1])
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_MPI);
|
|
|
|
else
|
|
|
|
rc = gcry_sexp_build (&s_sig, NULL,
|
|
|
|
"(sig-val(dsa(r%m)(s%m)))", data[0], data[1]);
|
2003-06-18 19:56:13 +00:00
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_ECDSA)
|
2011-01-05 17:33:17 -08:00
|
|
|
{
|
|
|
|
if (!data[0] || !data[1])
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_MPI);
|
|
|
|
else
|
|
|
|
rc = gcry_sexp_build (&s_sig, NULL,
|
|
|
|
"(sig-val(ecdsa(r%m)(s%m)))", data[0], data[1]);
|
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_EDDSA)
|
|
|
|
{
|
2016-08-25 15:18:51 +02:00
|
|
|
gcry_mpi_t r = data[0];
|
|
|
|
gcry_mpi_t s = data[1];
|
|
|
|
|
2020-06-24 10:05:03 +09:00
|
|
|
if (openpgp_oid_is_ed25519 (pkey[0]))
|
2016-08-25 15:18:51 +02:00
|
|
|
{
|
2020-06-24 10:05:03 +09:00
|
|
|
size_t rlen, slen, n; /* (bytes) */
|
|
|
|
char buf[64];
|
|
|
|
unsigned int nbits;
|
|
|
|
unsigned int neededfixedlen = 256 / 8;
|
2020-06-09 10:32:47 +09:00
|
|
|
|
2020-06-24 10:05:03 +09:00
|
|
|
log_assert (neededfixedlen <= sizeof buf);
|
2020-06-09 10:32:47 +09:00
|
|
|
|
2020-06-24 10:05:03 +09:00
|
|
|
if (!r || !s)
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_MPI);
|
|
|
|
else if ((rlen = (gcry_mpi_get_nbits (r)+7)/8) > neededfixedlen || !rlen)
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_MPI);
|
|
|
|
else if ((slen = (gcry_mpi_get_nbits (s)+7)/8) > neededfixedlen || !slen)
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_MPI);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* We need to fixup the length in case of leading zeroes.
|
|
|
|
* OpenPGP does not allow leading zeroes and the parser for
|
|
|
|
* the signature packet has no information on the use curve,
|
|
|
|
* thus we need to do it here. We won't do it for opaque
|
|
|
|
* MPIs under the assumption that they are known to be fine;
|
|
|
|
* we won't see them here anyway but the check is anyway
|
|
|
|
* required. Fixme: A nifty feature for gcry_sexp_build
|
|
|
|
* would be a format to left pad the value (e.g. "%*M"). */
|
|
|
|
rc = 0;
|
|
|
|
|
|
|
|
if (rlen < neededfixedlen
|
|
|
|
&& !gcry_mpi_get_flag (r, GCRYMPI_FLAG_OPAQUE)
|
|
|
|
&& !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, r)))
|
|
|
|
{
|
|
|
|
log_assert (n < neededfixedlen);
|
|
|
|
memmove (buf + (neededfixedlen - n), buf, n);
|
|
|
|
memset (buf, 0, neededfixedlen - n);
|
|
|
|
r = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
|
|
|
|
}
|
|
|
|
else if (rlen < neededfixedlen
|
|
|
|
&& gcry_mpi_get_flag (r, GCRYMPI_FLAG_OPAQUE))
|
|
|
|
{
|
|
|
|
const unsigned char *p;
|
|
|
|
|
|
|
|
p = gcry_mpi_get_opaque (r, &nbits);
|
|
|
|
n = (nbits+7)/8;
|
|
|
|
memcpy (buf + (neededfixedlen - n), p, n);
|
|
|
|
memset (buf, 0, neededfixedlen - n);
|
|
|
|
gcry_mpi_set_opaque_copy (r, buf, neededfixedlen * 8);
|
|
|
|
}
|
|
|
|
if (slen < neededfixedlen
|
|
|
|
&& !gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE)
|
|
|
|
&& !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, s)))
|
|
|
|
{
|
|
|
|
log_assert (n < neededfixedlen);
|
|
|
|
memmove (buf + (neededfixedlen - n), buf, n);
|
|
|
|
memset (buf, 0, neededfixedlen - n);
|
|
|
|
s = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
|
|
|
|
}
|
|
|
|
else if (slen < neededfixedlen
|
|
|
|
&& gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE))
|
|
|
|
{
|
|
|
|
const unsigned char *p;
|
|
|
|
|
|
|
|
p = gcry_mpi_get_opaque (s, &nbits);
|
|
|
|
n = (nbits+7)/8;
|
|
|
|
memcpy (buf + (neededfixedlen - n), p, n);
|
|
|
|
memset (buf, 0, neededfixedlen - n);
|
|
|
|
gcry_mpi_set_opaque_copy (s, buf, neededfixedlen * 8);
|
|
|
|
}
|
2020-06-09 10:32:47 +09:00
|
|
|
}
|
2020-06-24 10:05:03 +09:00
|
|
|
}
|
|
|
|
else
|
|
|
|
rc = 0;
|
2016-08-25 15:18:51 +02:00
|
|
|
|
2020-06-24 10:05:03 +09:00
|
|
|
if (!rc)
|
|
|
|
rc = gcry_sexp_build (&s_sig, NULL,
|
|
|
|
"(sig-val(eddsa(r%M)(s%M)))", r, s);
|
2016-08-25 15:18:51 +02:00
|
|
|
|
2020-06-24 10:05:03 +09:00
|
|
|
if (r != data[0])
|
|
|
|
gcry_mpi_release (r);
|
|
|
|
if (s != data[1])
|
|
|
|
gcry_mpi_release (s);
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
}
|
|
|
|
else if (pkalgo == PUBKEY_ALGO_ELGAMAL || pkalgo == PUBKEY_ALGO_ELGAMAL_E)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
2003-08-07 07:05:38 +00:00
|
|
|
if (!data[0] || !data[1])
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_MPI);
|
|
|
|
else
|
|
|
|
rc = gcry_sexp_build (&s_sig, NULL,
|
|
|
|
"(sig-val(elg(r%m)(s%m)))", data[0], data[1]);
|
2003-06-18 19:56:13 +00:00
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_RSA || pkalgo == PUBKEY_ALGO_RSA_S)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
2003-08-07 07:05:38 +00:00
|
|
|
if (!data[0])
|
|
|
|
rc = gpg_error (GPG_ERR_BAD_MPI);
|
|
|
|
else
|
|
|
|
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", data[0]);
|
2003-06-18 19:56:13 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
BUG ();
|
|
|
|
|
2009-02-24 11:47:25 +00:00
|
|
|
if (!rc)
|
|
|
|
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
|
2003-06-18 19:56:13 +00:00
|
|
|
|
|
|
|
gcry_sexp_release (s_sig);
|
|
|
|
gcry_sexp_release (s_hash);
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2024-04-18 14:37:40 +02:00
|
|
|
#if GCRY_KEM_MLKEM1024_ENCAPS_LEN < GCRY_KEM_MLKEM768_ENCAPS_LEN \
|
|
|
|
|| GCRY_KEM_MLKEM1024_SHARED_LEN < GCRY_KEM_MLKEM768_SHARED_LEN
|
|
|
|
# error Bad Kyber constants in Libgcrypt
|
|
|
|
#endif
|
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
/* Core of the encryption for KEM algorithms. See pk_decrypt for a
|
|
|
|
* description of the arguments. */
|
|
|
|
static gpg_error_t
|
|
|
|
do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo,
|
|
|
|
gcry_mpi_t *resarr)
|
|
|
|
{
|
2024-04-15 12:16:40 +02:00
|
|
|
gpg_error_t err;
|
|
|
|
int i;
|
|
|
|
unsigned int nbits, n;
|
|
|
|
gcry_sexp_t s_data = NULL;
|
|
|
|
gcry_cipher_hd_t hd = NULL;
|
2024-04-18 14:37:40 +02:00
|
|
|
char *ecc_oid = NULL;
|
|
|
|
enum gcry_kem_algos kyber_algo, ecc_algo;
|
2024-04-15 12:16:40 +02:00
|
|
|
|
|
|
|
const unsigned char *ecc_pubkey;
|
|
|
|
size_t ecc_pubkey_len;
|
|
|
|
const unsigned char *kyber_pubkey;
|
|
|
|
size_t kyber_pubkey_len;
|
|
|
|
const unsigned char *seskey;
|
|
|
|
size_t seskey_len;
|
|
|
|
unsigned char *enc_seskey = NULL;
|
|
|
|
size_t enc_seskey_len;
|
2024-04-23 11:20:37 +02:00
|
|
|
int ecc_hash_algo;
|
2024-04-15 12:16:40 +02:00
|
|
|
|
2024-04-23 11:20:37 +02:00
|
|
|
unsigned char ecc_ct[ECC_POINT_LEN_MAX];
|
|
|
|
unsigned char ecc_ecdh[ECC_POINT_LEN_MAX];
|
|
|
|
unsigned char ecc_ss[ECC_HASH_LEN_MAX];
|
|
|
|
size_t ecc_ct_len, ecc_ecdh_len, ecc_ss_len;
|
2024-04-15 12:16:40 +02:00
|
|
|
|
2024-04-18 14:37:40 +02:00
|
|
|
unsigned char kyber_ct[GCRY_KEM_MLKEM1024_ENCAPS_LEN];
|
|
|
|
unsigned char kyber_ss[GCRY_KEM_MLKEM1024_SHARED_LEN];
|
|
|
|
size_t kyber_ct_len, kyber_ss_len;
|
2024-04-15 12:16:40 +02:00
|
|
|
|
|
|
|
char fixedinfo[1+MAX_FINGERPRINT_LEN];
|
|
|
|
int fixedlen;
|
|
|
|
|
|
|
|
unsigned char kek[32]; /* AES-256 is mandatory. */
|
|
|
|
size_t kek_len = 32;
|
|
|
|
|
|
|
|
/* For later error checking we make sure the array is cleared. */
|
|
|
|
resarr[0] = resarr[1] = resarr[2] = NULL;
|
|
|
|
|
|
|
|
/* As of now we use KEM only for the combined Kyber and thus a
|
|
|
|
* second public key is expected. Right now we take the keys
|
|
|
|
* directly from the PK->data elements. */
|
|
|
|
|
2024-04-18 14:37:40 +02:00
|
|
|
ecc_oid = openpgp_oid_to_str (pk->pkey[0]);
|
|
|
|
if (!ecc_oid)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
log_error ("%s: error getting OID for ECC key\n", __func__);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
ecc_algo = openpgp_oid_to_kem_algo (ecc_oid);
|
|
|
|
if (ecc_algo == GCRY_KEM_RAW_X25519)
|
|
|
|
{
|
|
|
|
if (!strcmp (ecc_oid, "1.3.6.1.4.1.3029.1.5.1"))
|
|
|
|
log_info ("Warning: "
|
|
|
|
"legacy OID for cv25519 accepted during develpment\n");
|
|
|
|
ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
|
|
|
|
ecc_pubkey_len = (nbits+7)/8;
|
2024-04-23 11:20:37 +02:00
|
|
|
if (ecc_pubkey_len == 33 && *ecc_pubkey == 0x40)
|
|
|
|
{
|
|
|
|
ecc_pubkey++; /* Remove the 0x40 prefix. */
|
|
|
|
ecc_pubkey_len--;
|
|
|
|
}
|
|
|
|
if (ecc_pubkey_len != 32)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: ECC public key length invalid (%zu)\n",
|
|
|
|
__func__, ecc_pubkey_len);
|
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
ecc_ct_len = ecc_ecdh_len = 32;
|
|
|
|
ecc_ss_len = 32;
|
|
|
|
ecc_hash_algo = GCRY_MD_SHA3_256;
|
|
|
|
}
|
|
|
|
else if (ecc_algo == GCRY_KEM_RAW_X448)
|
|
|
|
{
|
|
|
|
ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
|
|
|
|
ecc_pubkey_len = (nbits+7)/8;
|
|
|
|
if (ecc_pubkey_len != 56)
|
2024-04-18 14:37:40 +02:00
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: ECC public key length invalid (%zu)\n",
|
|
|
|
__func__, ecc_pubkey_len);
|
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
2024-04-23 11:20:37 +02:00
|
|
|
ecc_ct_len = ecc_ecdh_len = 56;
|
|
|
|
ecc_ss_len = 64;
|
|
|
|
ecc_hash_algo = GCRY_MD_SHA3_512;
|
2024-04-18 14:37:40 +02:00
|
|
|
}
|
2024-04-23 16:25:05 +02:00
|
|
|
else if (ecc_algo == GCRY_KEM_RAW_BP256)
|
|
|
|
{
|
|
|
|
ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
|
|
|
|
ecc_pubkey_len = (nbits+7)/8;
|
|
|
|
if (ecc_pubkey_len != 65)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: ECC public key length invalid (%zu)\n",
|
|
|
|
__func__, ecc_pubkey_len);
|
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
ecc_ct_len = ecc_ecdh_len = 65;
|
|
|
|
ecc_ss_len = 32;
|
|
|
|
ecc_hash_algo = GCRY_MD_SHA3_256;
|
|
|
|
}
|
|
|
|
else if (ecc_algo == GCRY_KEM_RAW_BP384)
|
|
|
|
{
|
|
|
|
ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
|
|
|
|
ecc_pubkey_len = (nbits+7)/8;
|
|
|
|
if (ecc_pubkey_len != 97)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: ECC public key length invalid (%zu)\n",
|
|
|
|
__func__, ecc_pubkey_len);
|
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
ecc_ct_len = ecc_ecdh_len = 97;
|
|
|
|
ecc_ss_len = 64;
|
|
|
|
ecc_hash_algo = GCRY_MD_SHA3_512;
|
|
|
|
}
|
2024-04-23 17:40:27 +02:00
|
|
|
else if (ecc_algo == GCRY_KEM_RAW_BP512)
|
|
|
|
{
|
|
|
|
ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
|
|
|
|
ecc_pubkey_len = (nbits+7)/8;
|
|
|
|
if (ecc_pubkey_len != 129)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: ECC public key length invalid (%zu)\n",
|
|
|
|
__func__, ecc_pubkey_len);
|
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
ecc_ct_len = ecc_ecdh_len = 129;
|
|
|
|
ecc_ss_len = 64;
|
|
|
|
ecc_hash_algo = GCRY_MD_SHA3_512;
|
|
|
|
}
|
2024-04-18 14:37:40 +02:00
|
|
|
else
|
2024-04-15 12:16:40 +02:00
|
|
|
{
|
|
|
|
if (opt.verbose)
|
2024-04-18 14:37:40 +02:00
|
|
|
log_info ("%s: ECC curve %s not supported\n", __func__, ecc_oid);
|
2024-04-15 12:16:40 +02:00
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
2024-04-18 14:37:40 +02:00
|
|
|
|
|
|
|
|
2024-04-15 12:16:40 +02:00
|
|
|
if (DBG_CRYPTO)
|
2024-04-18 14:37:40 +02:00
|
|
|
{
|
|
|
|
log_debug ("ECC curve: %s\n", ecc_oid);
|
|
|
|
log_printhex (ecc_pubkey, ecc_pubkey_len, "ECC pubkey:");
|
|
|
|
}
|
2024-04-15 12:16:40 +02:00
|
|
|
|
2024-04-18 14:37:40 +02:00
|
|
|
err = gcry_kem_encap (ecc_algo,
|
2024-04-15 12:16:40 +02:00
|
|
|
ecc_pubkey, ecc_pubkey_len,
|
|
|
|
ecc_ct, ecc_ct_len,
|
|
|
|
ecc_ecdh, ecc_ecdh_len,
|
|
|
|
NULL, 0);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
2024-04-18 14:37:40 +02:00
|
|
|
log_info ("%s: gcry_kem_encap for ECC (%s) failed\n",
|
|
|
|
__func__, ecc_oid);
|
2024-04-15 12:16:40 +02:00
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
if (DBG_CRYPTO)
|
|
|
|
{
|
|
|
|
log_printhex (ecc_ct, ecc_ct_len, "ECC ephem:");
|
|
|
|
log_printhex (ecc_ecdh, ecc_ecdh_len, "ECC ecdh:");
|
|
|
|
}
|
|
|
|
err = gnupg_ecc_kem_kdf (ecc_ss, ecc_ss_len,
|
2024-04-23 11:20:37 +02:00
|
|
|
ecc_hash_algo,
|
2024-04-15 12:16:40 +02:00
|
|
|
ecc_ecdh, ecc_ecdh_len,
|
|
|
|
ecc_ct, ecc_ct_len,
|
|
|
|
ecc_pubkey, ecc_pubkey_len);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: kdf for ECC failed\n", __func__);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
if (DBG_CRYPTO)
|
|
|
|
log_printhex (ecc_ss, ecc_ss_len, "ECC shared:");
|
|
|
|
|
|
|
|
kyber_pubkey = gcry_mpi_get_opaque (pk->pkey[2], &nbits);
|
|
|
|
kyber_pubkey_len = (nbits+7)/8;
|
2024-04-18 14:37:40 +02:00
|
|
|
if (kyber_pubkey_len == GCRY_KEM_MLKEM768_PUBKEY_LEN)
|
|
|
|
{
|
|
|
|
kyber_algo = GCRY_KEM_MLKEM768;
|
|
|
|
kyber_ct_len = GCRY_KEM_MLKEM768_ENCAPS_LEN;
|
|
|
|
kyber_ss_len = GCRY_KEM_MLKEM768_SHARED_LEN;
|
|
|
|
}
|
|
|
|
else if (kyber_pubkey_len == GCRY_KEM_MLKEM1024_PUBKEY_LEN)
|
|
|
|
{
|
|
|
|
kyber_algo = GCRY_KEM_MLKEM1024;
|
|
|
|
kyber_ct_len = GCRY_KEM_MLKEM1024_ENCAPS_LEN;
|
|
|
|
kyber_ss_len = GCRY_KEM_MLKEM1024_SHARED_LEN;
|
|
|
|
}
|
|
|
|
else
|
2024-04-15 12:16:40 +02:00
|
|
|
{
|
|
|
|
if (opt.verbose)
|
2024-04-18 14:37:40 +02:00
|
|
|
log_info ("%s: Kyber public key length invalid (%zu)\n",
|
|
|
|
__func__, kyber_pubkey_len);
|
2024-04-15 12:16:40 +02:00
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
if (DBG_CRYPTO)
|
|
|
|
log_printhex (kyber_pubkey, kyber_pubkey_len, "|!trunc|Kyber pubkey:");
|
|
|
|
|
2024-04-18 14:37:40 +02:00
|
|
|
err = gcry_kem_encap (kyber_algo,
|
2024-04-15 12:16:40 +02:00
|
|
|
kyber_pubkey, kyber_pubkey_len,
|
|
|
|
kyber_ct, kyber_ct_len,
|
|
|
|
kyber_ss, kyber_ss_len,
|
|
|
|
NULL, 0);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: gcry_kem_encap for ECC failed\n", __func__);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (DBG_CRYPTO)
|
|
|
|
{
|
|
|
|
log_printhex (kyber_ct, kyber_ct_len, "|!trunc|Kyber ephem:");
|
|
|
|
log_printhex (kyber_ss, kyber_ss_len, "Kyber shared:");
|
|
|
|
}
|
|
|
|
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2024-04-15 12:16:40 +02:00
|
|
|
fixedinfo[0] = seskey_algo;
|
|
|
|
v5_fingerprint_from_pk (pk, fixedinfo+1, NULL);
|
|
|
|
fixedlen = 33;
|
|
|
|
|
|
|
|
err = gnupg_kem_combiner (kek, kek_len,
|
|
|
|
ecc_ss, ecc_ss_len, ecc_ct, ecc_ct_len,
|
|
|
|
kyber_ss, kyber_ss_len, kyber_ct, kyber_ct_len,
|
|
|
|
fixedinfo, fixedlen);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: KEM combiner failed\n", __func__);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
if (DBG_CRYPTO)
|
|
|
|
log_printhex (kek, kek_len, "KEK:");
|
|
|
|
|
|
|
|
err = gcry_cipher_open (&hd, GCRY_CIPHER_AES256,
|
|
|
|
GCRY_CIPHER_MODE_AESWRAP, 0);
|
|
|
|
if (!err)
|
|
|
|
err = gcry_cipher_setkey (hd, kek, kek_len);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_error ("%s: failed to initialize AESWRAP: %s\n", __func__,
|
|
|
|
gpg_strerror (err));
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = gcry_sexp_build (&s_data, NULL, "%m", data);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
n = gcry_cipher_get_algo_keylen (seskey_algo);
|
|
|
|
seskey = gcry_mpi_get_opaque (data, &nbits);
|
|
|
|
seskey_len = (nbits+7)/8;
|
|
|
|
if (seskey_len != n)
|
|
|
|
{
|
|
|
|
if (opt.verbose)
|
|
|
|
log_info ("%s: session key length %zu"
|
|
|
|
" does not match the length for algo %d\n",
|
|
|
|
__func__, seskey_len, seskey_algo);
|
|
|
|
err = gpg_error (GPG_ERR_INV_DATA);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
if (DBG_CRYPTO)
|
|
|
|
log_printhex (seskey, seskey_len, "seskey:");
|
|
|
|
|
|
|
|
enc_seskey_len = 1 + seskey_len + 8;
|
|
|
|
enc_seskey = xtrymalloc (enc_seskey_len);
|
|
|
|
if (!enc_seskey || enc_seskey_len > 254)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
|
|
|
|
enc_seskey[0] = enc_seskey_len - 1;
|
|
|
|
err = gcry_cipher_encrypt (hd, enc_seskey+1, enc_seskey_len-1,
|
|
|
|
seskey, seskey_len);
|
|
|
|
if (err)
|
|
|
|
{
|
|
|
|
log_error ("%s: wrapping session key failed\n", __func__);
|
|
|
|
goto leave;
|
|
|
|
}
|
|
|
|
if (DBG_CRYPTO)
|
|
|
|
log_printhex (enc_seskey, enc_seskey_len, "enc_seskey:");
|
|
|
|
|
|
|
|
resarr[0] = gcry_mpi_set_opaque_copy (NULL, ecc_ct, 8 * ecc_ct_len);
|
|
|
|
if (resarr[0])
|
|
|
|
resarr[1] = gcry_mpi_set_opaque_copy (NULL, kyber_ct, 8 * kyber_ct_len);
|
|
|
|
if (resarr[1])
|
|
|
|
resarr[2] = gcry_mpi_set_opaque_copy (NULL, enc_seskey, 8 * enc_seskey_len);
|
|
|
|
if (!resarr[0] || !resarr[1] || !resarr[2])
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
for (i=0; i < 3; i++)
|
|
|
|
gcry_mpi_release (resarr[i]), resarr[i] = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
leave:
|
2024-04-23 11:20:37 +02:00
|
|
|
wipememory (ecc_ct, sizeof ecc_ct);
|
|
|
|
wipememory (ecc_ecdh, sizeof ecc_ecdh);
|
|
|
|
wipememory (ecc_ss, sizeof ecc_ss);
|
2024-04-18 14:37:40 +02:00
|
|
|
wipememory (kyber_ct, sizeof kyber_ct);
|
|
|
|
wipememory (kyber_ss, sizeof kyber_ss);
|
2024-04-15 12:16:40 +02:00
|
|
|
wipememory (kek, kek_len);
|
|
|
|
xfree (enc_seskey);
|
|
|
|
gcry_cipher_close (hd);
|
2024-04-18 14:37:40 +02:00
|
|
|
xfree (ecc_oid);
|
2024-04-15 12:16:40 +02:00
|
|
|
return err;
|
2024-04-15 09:23:16 +02:00
|
|
|
}
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
|
|
|
|
/* Core of the encryption for the ECDH algorithms. See pk_decrypt for
|
|
|
|
* a description of the arguments. */
|
|
|
|
static gpg_error_t
|
|
|
|
do_encrypt_ecdh (PKT_public_key *pk, gcry_mpi_t data, gcry_mpi_t *resarr)
|
2003-06-18 19:56:13 +00:00
|
|
|
{
|
2024-04-12 10:43:12 +02:00
|
|
|
gcry_mpi_t *pkey = pk->pkey;
|
2014-09-08 18:25:06 +02:00
|
|
|
gcry_sexp_t s_ciph = NULL;
|
|
|
|
gcry_sexp_t s_data = NULL;
|
|
|
|
gcry_sexp_t s_pkey = NULL;
|
2024-04-12 10:43:12 +02:00
|
|
|
gpg_error_t err;
|
2024-04-15 09:23:16 +02:00
|
|
|
gcry_mpi_t k = NULL;
|
|
|
|
char *curve = NULL;
|
|
|
|
int with_djb_tweak_flag;
|
|
|
|
gcry_mpi_t public = NULL;
|
|
|
|
gcry_mpi_t result = NULL;
|
|
|
|
byte fp[MAX_FINGERPRINT_LEN];
|
|
|
|
byte *shared = NULL;
|
|
|
|
byte *p;
|
|
|
|
size_t nshared;
|
|
|
|
unsigned int nbits;
|
|
|
|
|
|
|
|
err = pk_ecdh_generate_ephemeral_key (pkey, &k);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
curve = openpgp_oid_to_str (pkey[0]);
|
|
|
|
if (!curve)
|
2003-07-03 18:08:16 +00:00
|
|
|
{
|
2024-04-15 09:23:16 +02:00
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
goto leave;
|
2003-07-03 18:08:16 +00:00
|
|
|
}
|
2011-01-25 20:28:25 +01:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
with_djb_tweak_flag = openpgp_oid_is_cv25519 (pkey[0]);
|
2014-09-08 18:25:06 +02:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
/* Now use the ephemeral secret to compute the shared point. */
|
|
|
|
err = gcry_sexp_build (&s_pkey, NULL,
|
|
|
|
with_djb_tweak_flag ?
|
|
|
|
"(public-key(ecdh(curve%s)(flags djb-tweak)(q%m)))"
|
|
|
|
: "(public-key(ecdh(curve%s)(q%m)))",
|
|
|
|
curve, pkey[1]);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
/* Put K into a simplified S-expression. */
|
|
|
|
err = gcry_sexp_build (&s_data, NULL, "%m", k);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
/* Run encryption. */
|
|
|
|
err = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
gcry_sexp_release (s_data); s_data = NULL;
|
|
|
|
gcry_sexp_release (s_pkey); s_pkey = NULL;
|
|
|
|
|
|
|
|
|
|
|
|
/* Get the shared point and the ephemeral public key. */
|
|
|
|
shared = get_data_from_sexp (s_ciph, "s", &nshared);
|
|
|
|
if (!shared)
|
|
|
|
{
|
|
|
|
err = gpg_error_from_syserror ();
|
|
|
|
goto leave;
|
2011-01-05 17:33:17 -08:00
|
|
|
}
|
2024-04-15 09:23:16 +02:00
|
|
|
err = sexp_extract_param_sos (s_ciph, "e", &public);
|
|
|
|
gcry_sexp_release (s_ciph); s_ciph = NULL;
|
|
|
|
if (DBG_CRYPTO)
|
2024-04-09 15:49:00 +02:00
|
|
|
{
|
2024-04-15 09:23:16 +02:00
|
|
|
log_debug ("ECDH ephemeral key:");
|
|
|
|
gcry_mpi_dump (public);
|
|
|
|
log_printf ("\n");
|
2024-04-09 15:49:00 +02:00
|
|
|
}
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
fingerprint_from_pk (pk, fp, NULL);
|
|
|
|
|
|
|
|
p = gcry_mpi_get_opaque (data, &nbits);
|
|
|
|
result = NULL;
|
|
|
|
err = pk_ecdh_encrypt_with_shared_point (shared, nshared, fp, p,
|
|
|
|
(nbits+7)/8, pkey, &result);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
resarr[0] = public; public = NULL;
|
|
|
|
resarr[1] = result; result = NULL;
|
2014-09-08 18:25:06 +02:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
leave:
|
|
|
|
gcry_mpi_release (public);
|
|
|
|
gcry_mpi_release (result);
|
|
|
|
xfree (shared);
|
|
|
|
gcry_sexp_release (s_ciph);
|
2003-06-18 19:56:13 +00:00
|
|
|
gcry_sexp_release (s_data);
|
|
|
|
gcry_sexp_release (s_pkey);
|
2024-04-15 09:23:16 +02:00
|
|
|
xfree (curve);
|
|
|
|
gcry_mpi_release (k);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Core of the encryption for RSA and Elgamal algorithms. See
|
|
|
|
* pk_decrypt for a description of the arguments. */
|
|
|
|
static gpg_error_t
|
|
|
|
do_encrypt_rsa_elg (PKT_public_key *pk, gcry_mpi_t data, gcry_mpi_t *resarr)
|
|
|
|
{
|
|
|
|
pubkey_algo_t algo = pk->pubkey_algo;
|
|
|
|
gcry_mpi_t *pkey = pk->pkey;
|
|
|
|
gcry_sexp_t s_ciph = NULL;
|
|
|
|
gcry_sexp_t s_data = NULL;
|
|
|
|
gcry_sexp_t s_pkey = NULL;
|
|
|
|
gpg_error_t err;
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
if (algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E)
|
|
|
|
err = gcry_sexp_build (&s_pkey, NULL,
|
|
|
|
"(public-key(elg(p%m)(g%m)(y%m)))",
|
|
|
|
pkey[0], pkey[1], pkey[2]);
|
|
|
|
else
|
|
|
|
err = gcry_sexp_build (&s_pkey, NULL,
|
|
|
|
"(public-key(rsa(n%m)(e%m)))",
|
|
|
|
pkey[0], pkey[1]);
|
2024-04-12 10:43:12 +02:00
|
|
|
if (err)
|
2024-04-15 09:23:16 +02:00
|
|
|
goto leave;
|
2011-02-02 17:40:32 +01:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
err = gcry_sexp_build (&s_data, NULL, "%m", data);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
2020-06-09 10:32:47 +09:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
err = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
|
|
|
|
if (err)
|
|
|
|
goto leave;
|
|
|
|
|
|
|
|
gcry_sexp_release (s_data); s_data = NULL;
|
|
|
|
gcry_sexp_release (s_pkey); s_pkey = NULL;
|
|
|
|
|
|
|
|
resarr[0] = get_mpi_from_sexp (s_ciph, "a", GCRYMPI_FMT_USG);
|
|
|
|
if (!is_RSA (algo))
|
|
|
|
resarr[1] = get_mpi_from_sexp (s_ciph, "b", GCRYMPI_FMT_USG);
|
2003-06-18 19:56:13 +00:00
|
|
|
|
2021-05-11 09:04:19 +02:00
|
|
|
leave:
|
2024-04-15 09:23:16 +02:00
|
|
|
gcry_sexp_release (s_data);
|
|
|
|
gcry_sexp_release (s_pkey);
|
2003-06-18 19:56:13 +00:00
|
|
|
gcry_sexp_release (s_ciph);
|
2024-04-12 10:43:12 +02:00
|
|
|
return err;
|
2003-06-18 19:56:13 +00:00
|
|
|
}
|
|
|
|
|
2011-01-21 12:00:57 +01:00
|
|
|
|
2024-04-15 09:23:16 +02:00
|
|
|
/*
|
|
|
|
* Emulate our old PK interface here - sometime in the future we might
|
|
|
|
* change the internal design to directly fit to libgcrypt. PK is is
|
|
|
|
* the OpenPGP public key packet, DATA is an MPI with the to be
|
|
|
|
* encrypted data, and RESARR receives the encrypted data. RESARRAY
|
|
|
|
* is expected to be an two item array which will be filled with newly
|
|
|
|
* allocated MPIs. SESKEY_ALGO is required for public key algorithms
|
|
|
|
* which do not encode it in DATA.
|
|
|
|
*/
|
|
|
|
gpg_error_t
|
|
|
|
pk_encrypt (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo,
|
|
|
|
gcry_mpi_t *resarr)
|
|
|
|
{
|
|
|
|
pubkey_algo_t algo = pk->pubkey_algo;
|
|
|
|
|
|
|
|
if (algo == PUBKEY_ALGO_KYBER)
|
|
|
|
return do_encrypt_kem (pk, data, seskey_algo, resarr);
|
|
|
|
else if (algo == PUBKEY_ALGO_ECDH)
|
|
|
|
return do_encrypt_ecdh (pk, data, resarr);
|
|
|
|
else if (algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E)
|
|
|
|
return do_encrypt_rsa_elg (pk, data, resarr);
|
|
|
|
else if (algo == PUBKEY_ALGO_RSA || algo == PUBKEY_ALGO_RSA_E)
|
|
|
|
return do_encrypt_rsa_elg (pk, data, resarr);
|
|
|
|
else
|
|
|
|
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-01-05 17:33:17 -08:00
|
|
|
/* Check whether SKEY is a suitable secret key. */
|
|
|
|
int
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
pk_check_secret_key (pubkey_algo_t pkalgo, gcry_mpi_t *skey)
|
2011-01-05 17:33:17 -08:00
|
|
|
{
|
|
|
|
gcry_sexp_t s_skey;
|
|
|
|
int rc;
|
|
|
|
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
if (pkalgo == PUBKEY_ALGO_DSA)
|
2011-01-05 17:33:17 -08:00
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_skey, NULL,
|
|
|
|
"(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
|
|
|
|
skey[0], skey[1], skey[2], skey[3], skey[4]);
|
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_ELGAMAL || pkalgo == PUBKEY_ALGO_ELGAMAL_E)
|
2011-01-05 17:33:17 -08:00
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_skey, NULL,
|
|
|
|
"(private-key(elg(p%m)(g%m)(y%m)(x%m)))",
|
|
|
|
skey[0], skey[1], skey[2], skey[3]);
|
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (is_RSA (pkalgo))
|
2011-01-05 17:33:17 -08:00
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_skey, NULL,
|
|
|
|
"(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
|
|
|
|
skey[0], skey[1], skey[2], skey[3], skey[4],
|
|
|
|
skey[5]);
|
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
else if (pkalgo == PUBKEY_ALGO_ECDSA || pkalgo == PUBKEY_ALGO_ECDH)
|
2011-01-05 17:33:17 -08:00
|
|
|
{
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
char *curve = openpgp_oid_to_str (skey[0]);
|
|
|
|
if (!curve)
|
|
|
|
rc = gpg_error_from_syserror ();
|
|
|
|
else
|
2011-01-31 09:27:06 +01:00
|
|
|
{
|
|
|
|
rc = gcry_sexp_build (&s_skey, NULL,
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
"(private-key(ecc(curve%s)(q%m)(d%m)))",
|
|
|
|
curve, skey[1], skey[2]);
|
|
|
|
xfree (curve);
|
2013-11-15 08:59:45 +01:00
|
|
|
}
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
}
|
|
|
|
else if (pkalgo == PUBKEY_ALGO_EDDSA)
|
|
|
|
{
|
|
|
|
char *curve = openpgp_oid_to_str (skey[0]);
|
|
|
|
if (!curve)
|
|
|
|
rc = gpg_error_from_syserror ();
|
2013-11-15 08:59:45 +01:00
|
|
|
else
|
|
|
|
{
|
2020-06-24 10:05:03 +09:00
|
|
|
const char *fmt;
|
|
|
|
|
|
|
|
if (openpgp_oid_is_ed25519 (skey[0]))
|
|
|
|
fmt = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))";
|
|
|
|
else
|
|
|
|
fmt = "(private-key(ecc(curve %s)(q%m)(d%m)))";
|
|
|
|
|
|
|
|
rc = gcry_sexp_build (&s_skey, NULL, fmt, curve, skey[1], skey[2]);
|
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
|
|
|
xfree (curve);
|
2011-01-31 09:27:06 +01:00
|
|
|
}
|
2011-01-05 17:33:17 -08:00
|
|
|
}
|
|
|
|
else
|
|
|
|
return GPG_ERR_PUBKEY_ALGO;
|
|
|
|
|
|
|
|
if (!rc)
|
|
|
|
{
|
|
|
|
rc = gcry_pk_testkey (s_skey);
|
|
|
|
gcry_sexp_release (s_skey);
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|