1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Compute the fingerprint for ECDH only on demand.

This also fixes a failed assertion when using a v3 key where the
fingerprint size is not 20.
This commit is contained in:
Werner Koch 2011-02-02 17:40:32 +01:00
parent 4659c923a0
commit 20f429f735
4 changed files with 90 additions and 79 deletions

View File

@ -1,5 +1,11 @@
2011-02-02 Werner Koch <wk@g10code.com> 2011-02-02 Werner Koch <wk@g10code.com>
* encrypt.c (write_pubkey_enc_from_list): Don't compute the
fingerprint.
* pkglue.c (pk_encrypt): Replace PK_FP by PK and compute the
fingerprint only when needed.
* pkglue.h: Include packet.h.
* import.c (transfer_secret_keys): Make sure keyids are available. * import.c (transfer_secret_keys): Make sure keyids are available.
* keyid.c (hash_public_key): Adjust for the ECC case. * keyid.c (hash_public_key): Adjust for the ECC case.

View File

@ -876,8 +876,6 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
for ( ; pk_list; pk_list = pk_list->next ) for ( ; pk_list; pk_list = pk_list->next )
{ {
gcry_mpi_t frame; gcry_mpi_t frame;
byte fp[MAX_FINGERPRINT_LEN];
size_t fpn;
pk = pk_list->pk; pk = pk_list->pk;
@ -894,9 +892,6 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
compliance_failure(); compliance_failure();
} }
fingerprint_from_pk (pk, fp, &fpn);
assert (fpn == 20);
/* Okay, what's going on: We have the session key somewhere in /* Okay, what's going on: We have the session key somewhere in
* the structure DEK and want to encode this session key in an * the structure DEK and want to encode this session key in an
* integer value of n bits. pubkey_nbits gives us the number of * integer value of n bits. pubkey_nbits gives us the number of
@ -911,7 +906,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
* build_packet(). */ * build_packet(). */
frame = encode_session_key (pk->pubkey_algo, dek, frame = encode_session_key (pk->pubkey_algo, dek,
pubkey_nbits (pk->pubkey_algo, pk->pkey)); pubkey_nbits (pk->pubkey_algo, pk->pkey));
rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, fp, pk->pkey); rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, pk, pk->pkey);
gcry_mpi_release (frame); gcry_mpi_release (frame);
if (rc) if (rc)
log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) ); log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) );

View File

@ -151,10 +151,11 @@ pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey)
/**************** /****************
* Emulate our old PK interface here - sometime in the future we might * Emulate our old PK interface here - sometime in the future we might
* change the internal design to directly fit to libgcrypt. * change the internal design to directly fit to libgcrypt.
* PK is only required to compute the fingerprint for ECDH.
*/ */
int int
pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t *pkey) PKT_public_key *pk, gcry_mpi_t *pkey)
{ {
gcry_sexp_t s_ciph, s_data, s_pkey; gcry_sexp_t s_ciph, s_data, s_pkey;
int rc; int rc;
@ -183,6 +184,8 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
{ {
gcry_mpi_t k; gcry_mpi_t k;
char *curve; char *curve;
byte fp[MAX_FINGERPRINT_LEN];
size_t fpn;
rc = pk_ecdh_generate_ephemeral_key (pkey, &k); rc = pk_ecdh_generate_ephemeral_key (pkey, &k);
if (rc) if (rc)
@ -218,6 +221,8 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
else if (algo == PUBKEY_ALGO_ECDH) else if (algo == PUBKEY_ALGO_ECDH)
{ {
gcry_mpi_t shared, public, result; gcry_mpi_t shared, public, result;
byte fp[MAX_FINGERPRINT_LEN];
size_t fpn;
/* Get the shared point and the ephemeral public key. */ /* Get the shared point and the ephemeral public key. */
shared = mpi_from_sexp (s_ciph, "s"); shared = mpi_from_sexp (s_ciph, "s");
@ -232,8 +237,12 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
} }
result = NULL; result = NULL;
fingerprint_from_pk (pk, fp, &fpn);
if (fpn != 20)
rc = gpg_error (GPG_ERR_INV_LENGTH);
else
rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared, rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
pk_fp, data, pkey, &result); fp, data, pkey, &result);
gcry_mpi_release (shared); gcry_mpi_release (shared);
if (!rc) if (!rc)
{ {

View File

@ -20,14 +20,15 @@
#ifndef GNUPG_G10_PKGLUE_H #ifndef GNUPG_G10_PKGLUE_H
#define GNUPG_G10_PKGLUE_H #define GNUPG_G10_PKGLUE_H
#include "packet.h" /* For PKT_public_key. */
/*-- pkglue.c --*/ /*-- pkglue.c --*/
gcry_mpi_t mpi_from_sexp (gcry_sexp_t sexp, const char * item); gcry_mpi_t mpi_from_sexp (gcry_sexp_t sexp, const char * item);
int pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, int pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data,
gcry_mpi_t *pkey); gcry_mpi_t *pkey);
int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
const byte fp[MAX_FINGERPRINT_LEN], PKT_public_key *pk, gcry_mpi_t *pkey);
gcry_mpi_t *pkey);
int pk_check_secret_key (int algo, gcry_mpi_t *skey); int pk_check_secret_key (int algo, gcry_mpi_t *skey);