experiment: Fix importing new448 secret key.

-- Because secret key may be encrypted one, it can be only fixed up (removing the prefix) at gpg-agent side. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-07 23:27:48 +02:00 · 2021-10-27 15:33:06 +09:00 · 2021-10-27 15:33:06 +09:00 · 0683e88d30
commit 0683e88d30
parent a07ae85ec7
3 changed files with 8 additions and 7 deletions
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@ -498,6 +498,10 @@ do_unprotect (const char *passphrase,
              actual_csum += (nbits >> 8);
              actual_csum += (nbits & 0xff);
              actual_csum += checksum (buffer, nbytes);
+
+	      tmpmpi = skey[i];
+              skey[i] = openpgp_ecc_parse_key (pubkey_algo, curve, tmpmpi);
+              gcry_mpi_release (tmpmpi);
            }
          else
            {
@ -638,7 +642,8 @@ do_unprotect (const char *passphrase,
            {
              if (scan_pgp_format (&tmpmpi, pubkey_algo, p, ndata, &nbytes))
                break;
-              skey[i] = tmpmpi;
+              skey[i] = openpgp_ecc_parse_key (pubkey_algo, curve, tmpmpi);
+              gcry_mpi_release (tmpmpi);
              ndata -= nbytes;
              p += nbytes;
            }
--- a/g10/export.c
+++ b/g10/export.c
@ -753,7 +753,7 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
      break;

    case GCRY_PK_ECC:
-      err = match_curve_skey_pk (key, pk, is_448);
+      err = match_curve_skey_pk (key, pk, &is_448);
      if (err)
        goto leave;
      else
--- a/g10/import.c
+++ b/g10/import.c
@ -2494,7 +2494,6 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
  while ((node = walk_kbnode (sec_keyblock, &ctx, 0)))
    {
      gcry_mpi_t ecc_pubkey = NULL;
-      gcry_mpi_t ecc_seckey = NULL;

      if (node->pkt->pkttype != PKT_SECRET_KEY
          && node->pkt->pkttype != PKT_SECRET_SUBKEY)
@ -2586,9 +2585,7 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
                    put_membuf_str (&mbuf, " e %m");
                  else
                    put_membuf_str (&mbuf, " _ %m");
-                  ecc_seckey = openpgp_ecc_parse_key (pk->pubkey_algo,
-                                                      curvename, pk->pkey[i]);
-                  format_args[j++] = &ecc_seckey;
+                  format_args[j++] = pk->pkey + i;

                  /* Simple hack to print a warning for an invalid key
                   * in case of cv25519.  We have only opaque MPIs here. */
@ -2638,7 +2635,6 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
          xfree (format);
        }
      gcry_mpi_release (ecc_pubkey);
-      gcry_mpi_release (ecc_seckey);
      if (err)
        {
          log_error ("error building skey array: %s\n", gpg_strerror (err));