Compute the fingerprint for ECDH only on demand.

This also fixes a failed assertion when using a v3 key where the
fingerprint size is not 20.

g10/ChangeLog

@@ -1,5 +1,11 @@
 2011-02-02  Werner Koch  <wk@g10code.com>
 
+	* encrypt.c (write_pubkey_enc_from_list): Don't compute the
+	fingerprint.
+	* pkglue.c (pk_encrypt): Replace PK_FP by PK and compute the
+	fingerprint only when needed.
+	* pkglue.h: Include packet.h.
+
 	* import.c (transfer_secret_keys): Make sure keyids are available.
 
 	* keyid.c (hash_public_key): Adjust for the ECC case.

g10/encrypt.c

@@ -876,8 +876,6 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
   for ( ; pk_list; pk_list = pk_list->next )
     {
       gcry_mpi_t frame;
-      byte fp[MAX_FINGERPRINT_LEN]; 
-      size_t fpn;
 
       pk = pk_list->pk;
 
@@ -894,9 +892,6 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
           compliance_failure();
         }
 
-      fingerprint_from_pk (pk, fp, &fpn);
-      assert (fpn == 20);
-
       /* Okay, what's going on: We have the session key somewhere in
        * the structure DEK and want to encode this session key in an
        * integer value of n bits. pubkey_nbits gives us the number of
@@ -911,7 +906,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
        * build_packet().  */
       frame = encode_session_key (pk->pubkey_algo, dek,
                                   pubkey_nbits (pk->pubkey_algo, pk->pkey));
-      rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, fp, pk->pkey);
+      rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, pk, pk->pkey);
       gcry_mpi_release (frame);
       if (rc)
         log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) );

g10/pkglue.c

@@ -151,10 +151,11 @@ pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey)
 /****************
  * Emulate our old PK interface here - sometime in the future we might
  * change the internal design to directly fit to libgcrypt.
+ * PK is only required to compute the fingerprint for ECDH.
  */
 int
 pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
-            const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t *pkey)
+            PKT_public_key *pk, gcry_mpi_t *pkey)
 {
   gcry_sexp_t s_ciph, s_data, s_pkey;
   int rc;
@@ -183,6 +184,8 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
     {
       gcry_mpi_t k;
       char *curve;
+      byte fp[MAX_FINGERPRINT_LEN];
+      size_t fpn;
 
       rc = pk_ecdh_generate_ephemeral_key (pkey, &k);
       if (rc)
@@ -218,6 +221,8 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
   else if (algo == PUBKEY_ALGO_ECDH)
     {
       gcry_mpi_t shared, public, result;
+      byte fp[MAX_FINGERPRINT_LEN];
+      size_t fpn;
 
       /* Get the shared point and the ephemeral public key.  */
       shared = mpi_from_sexp (s_ciph, "s");
@@ -232,8 +237,12 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
         }
 
       result = NULL;
+      fingerprint_from_pk (pk, fp, &fpn);
+      if (fpn != 20)
+        rc = gpg_error (GPG_ERR_INV_LENGTH);
+      else
         rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
-                                              pk_fp, data, pkey, &result);
+                                                fp, data, pkey, &result);
       gcry_mpi_release (shared);
       if (!rc)
         {

g10/pkglue.h

@@ -20,14 +20,15 @@
 #ifndef GNUPG_G10_PKGLUE_H
 #define GNUPG_G10_PKGLUE_H
 
+#include "packet.h"  /* For PKT_public_key.  */
+
 /*-- pkglue.c --*/
 gcry_mpi_t mpi_from_sexp (gcry_sexp_t sexp, const char * item);
 
 int pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data,
                gcry_mpi_t *pkey);
 int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
-		const byte fp[MAX_FINGERPRINT_LEN],
-                gcry_mpi_t *pkey);
+		PKT_public_key *pk, gcry_mpi_t *pkey);
 int pk_check_secret_key (int algo, gcry_mpi_t *skey);