security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

experiment: Fix importing new448 secret key.

Browse Source 
--

Because secret key may be encrypted one, it can be only fixed up
(removing the prefix) at gpg-agent side.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2021-10-27 15:33:06 +09:00
parent a07ae85ec7
commit 0683e88d30
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/cvt-openpgp.c
View File

@ -498,6 +498,10 @@ do_unprotect (const char *passphrase,
actual_csum += (nbits >> 8); actual_csum += (nbits >> 8);
actual_csum += (nbits & 0xff); actual_csum += (nbits & 0xff);
actual_csum += checksum (buffer, nbytes); actual_csum += checksum (buffer, nbytes);
tmpmpi = skey[i];
skey[i] = openpgp_ecc_parse_key (pubkey_algo, curve, tmpmpi);
gcry_mpi_release (tmpmpi);
} }
else else
{ {
@ -638,7 +642,8 @@ do_unprotect (const char *passphrase,
{ {
if (scan_pgp_format (&tmpmpi, pubkey_algo, p, ndata, &nbytes)) if (scan_pgp_format (&tmpmpi, pubkey_algo, p, ndata, &nbytes))
break; break;
skey[i] = tmpmpi; skey[i] = openpgp_ecc_parse_key (pubkey_algo, curve, tmpmpi);
gcry_mpi_release (tmpmpi);
ndata -= nbytes; ndata -= nbytes;
p += nbytes; p += nbytes;
} }

2
g10/export.c
View File

@ -753,7 +753,7 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
break; break;
case GCRY_PK_ECC: case GCRY_PK_ECC:
err = match_curve_skey_pk (key, pk, is_448); err = match_curve_skey_pk (key, pk, &is_448);
if (err) if (err)
goto leave; goto leave;
else else

6
g10/import.c
View File

@ -2494,7 +2494,6 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
while ((node = walk_kbnode (sec_keyblock, &ctx, 0))) while ((node = walk_kbnode (sec_keyblock, &ctx, 0)))
{ {
gcry_mpi_t ecc_pubkey = NULL; gcry_mpi_t ecc_pubkey = NULL;
gcry_mpi_t ecc_seckey = NULL;
if (node->pkt->pkttype != PKT_SECRET_KEY if (node->pkt->pkttype != PKT_SECRET_KEY
&& node->pkt->pkttype != PKT_SECRET_SUBKEY) && node->pkt->pkttype != PKT_SECRET_SUBKEY)
@ -2586,9 +2585,7 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
put_membuf_str (&mbuf, " e %m"); put_membuf_str (&mbuf, " e %m");
else else
put_membuf_str (&mbuf, " _ %m"); put_membuf_str (&mbuf, " _ %m");
ecc_seckey = openpgp_ecc_parse_key (pk->pubkey_algo, format_args[j++] = pk->pkey + i;
curvename, pk->pkey[i]);
format_args[j++] = &ecc_seckey;
/* Simple hack to print a warning for an invalid key /* Simple hack to print a warning for an invalid key
* in case of cv25519. We have only opaque MPIs here. */ * in case of cv25519. We have only opaque MPIs here. */
@ -2638,7 +2635,6 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
xfree (format); xfree (format);
} }
gcry_mpi_release (ecc_pubkey); gcry_mpi_release (ecc_pubkey);
gcry_mpi_release (ecc_seckey);
if (err) if (err)
{ {
log_error ("error building skey array: %s\n", gpg_strerror (err)); log_error ("error building skey array: %s\n", gpg_strerror (err));