mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Compute the fingerprint for ECDH only on demand.
This also fixes a failed assertion when using a v3 key where the fingerprint size is not 20.
This commit is contained in:
parent
4659c923a0
commit
20f429f735
@ -1,5 +1,11 @@
|
|||||||
2011-02-02 Werner Koch <wk@g10code.com>
|
2011-02-02 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* encrypt.c (write_pubkey_enc_from_list): Don't compute the
|
||||||
|
fingerprint.
|
||||||
|
* pkglue.c (pk_encrypt): Replace PK_FP by PK and compute the
|
||||||
|
fingerprint only when needed.
|
||||||
|
* pkglue.h: Include packet.h.
|
||||||
|
|
||||||
* import.c (transfer_secret_keys): Make sure keyids are available.
|
* import.c (transfer_secret_keys): Make sure keyids are available.
|
||||||
|
|
||||||
* keyid.c (hash_public_key): Adjust for the ECC case.
|
* keyid.c (hash_public_key): Adjust for the ECC case.
|
||||||
|
@ -876,8 +876,6 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
|
|||||||
for ( ; pk_list; pk_list = pk_list->next )
|
for ( ; pk_list; pk_list = pk_list->next )
|
||||||
{
|
{
|
||||||
gcry_mpi_t frame;
|
gcry_mpi_t frame;
|
||||||
byte fp[MAX_FINGERPRINT_LEN];
|
|
||||||
size_t fpn;
|
|
||||||
|
|
||||||
pk = pk_list->pk;
|
pk = pk_list->pk;
|
||||||
|
|
||||||
@ -894,9 +892,6 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
|
|||||||
compliance_failure();
|
compliance_failure();
|
||||||
}
|
}
|
||||||
|
|
||||||
fingerprint_from_pk (pk, fp, &fpn);
|
|
||||||
assert (fpn == 20);
|
|
||||||
|
|
||||||
/* Okay, what's going on: We have the session key somewhere in
|
/* Okay, what's going on: We have the session key somewhere in
|
||||||
* the structure DEK and want to encode this session key in an
|
* the structure DEK and want to encode this session key in an
|
||||||
* integer value of n bits. pubkey_nbits gives us the number of
|
* integer value of n bits. pubkey_nbits gives us the number of
|
||||||
@ -911,7 +906,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
|
|||||||
* build_packet(). */
|
* build_packet(). */
|
||||||
frame = encode_session_key (pk->pubkey_algo, dek,
|
frame = encode_session_key (pk->pubkey_algo, dek,
|
||||||
pubkey_nbits (pk->pubkey_algo, pk->pkey));
|
pubkey_nbits (pk->pubkey_algo, pk->pkey));
|
||||||
rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, fp, pk->pkey);
|
rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, pk, pk->pkey);
|
||||||
gcry_mpi_release (frame);
|
gcry_mpi_release (frame);
|
||||||
if (rc)
|
if (rc)
|
||||||
log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) );
|
log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) );
|
||||||
|
15
g10/pkglue.c
15
g10/pkglue.c
@ -151,10 +151,11 @@ pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey)
|
|||||||
/****************
|
/****************
|
||||||
* Emulate our old PK interface here - sometime in the future we might
|
* Emulate our old PK interface here - sometime in the future we might
|
||||||
* change the internal design to directly fit to libgcrypt.
|
* change the internal design to directly fit to libgcrypt.
|
||||||
|
* PK is only required to compute the fingerprint for ECDH.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
|
pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
|
||||||
const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t *pkey)
|
PKT_public_key *pk, gcry_mpi_t *pkey)
|
||||||
{
|
{
|
||||||
gcry_sexp_t s_ciph, s_data, s_pkey;
|
gcry_sexp_t s_ciph, s_data, s_pkey;
|
||||||
int rc;
|
int rc;
|
||||||
@ -183,6 +184,8 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
|
|||||||
{
|
{
|
||||||
gcry_mpi_t k;
|
gcry_mpi_t k;
|
||||||
char *curve;
|
char *curve;
|
||||||
|
byte fp[MAX_FINGERPRINT_LEN];
|
||||||
|
size_t fpn;
|
||||||
|
|
||||||
rc = pk_ecdh_generate_ephemeral_key (pkey, &k);
|
rc = pk_ecdh_generate_ephemeral_key (pkey, &k);
|
||||||
if (rc)
|
if (rc)
|
||||||
@ -218,6 +221,8 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
|
|||||||
else if (algo == PUBKEY_ALGO_ECDH)
|
else if (algo == PUBKEY_ALGO_ECDH)
|
||||||
{
|
{
|
||||||
gcry_mpi_t shared, public, result;
|
gcry_mpi_t shared, public, result;
|
||||||
|
byte fp[MAX_FINGERPRINT_LEN];
|
||||||
|
size_t fpn;
|
||||||
|
|
||||||
/* Get the shared point and the ephemeral public key. */
|
/* Get the shared point and the ephemeral public key. */
|
||||||
shared = mpi_from_sexp (s_ciph, "s");
|
shared = mpi_from_sexp (s_ciph, "s");
|
||||||
@ -232,8 +237,12 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
|
|||||||
}
|
}
|
||||||
|
|
||||||
result = NULL;
|
result = NULL;
|
||||||
rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
|
fingerprint_from_pk (pk, fp, &fpn);
|
||||||
pk_fp, data, pkey, &result);
|
if (fpn != 20)
|
||||||
|
rc = gpg_error (GPG_ERR_INV_LENGTH);
|
||||||
|
else
|
||||||
|
rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
|
||||||
|
fp, data, pkey, &result);
|
||||||
gcry_mpi_release (shared);
|
gcry_mpi_release (shared);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
|
@ -20,14 +20,15 @@
|
|||||||
#ifndef GNUPG_G10_PKGLUE_H
|
#ifndef GNUPG_G10_PKGLUE_H
|
||||||
#define GNUPG_G10_PKGLUE_H
|
#define GNUPG_G10_PKGLUE_H
|
||||||
|
|
||||||
|
#include "packet.h" /* For PKT_public_key. */
|
||||||
|
|
||||||
/*-- pkglue.c --*/
|
/*-- pkglue.c --*/
|
||||||
gcry_mpi_t mpi_from_sexp (gcry_sexp_t sexp, const char * item);
|
gcry_mpi_t mpi_from_sexp (gcry_sexp_t sexp, const char * item);
|
||||||
|
|
||||||
int pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data,
|
int pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data,
|
||||||
gcry_mpi_t *pkey);
|
gcry_mpi_t *pkey);
|
||||||
int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
|
int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
|
||||||
const byte fp[MAX_FINGERPRINT_LEN],
|
PKT_public_key *pk, gcry_mpi_t *pkey);
|
||||||
gcry_mpi_t *pkey);
|
|
||||||
int pk_check_secret_key (int algo, gcry_mpi_t *skey);
|
int pk_check_secret_key (int algo, gcry_mpi_t *skey);
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user