mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-20 14:37:08 +01:00
sm: Support import of PKCS#12 encoded ECC private keys.
* sm/import.c (parse_p12): Support ECC import. -- Although I extended the parser and its test the actual import missed the required code. GnuPG-bug-id: 6253 Backported-from-master: 8dfef5197af9f655697e0095c6613137d51c91e7
This commit is contained in:
parent
2e99d27bd2
commit
2e7a08a829
103
sm/import.c
103
sm/import.c
@ -718,6 +718,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
|
|||||||
gcry_sexp_t s_key = NULL;
|
gcry_sexp_t s_key = NULL;
|
||||||
unsigned char grip[20];
|
unsigned char grip[20];
|
||||||
int bad_pass = 0;
|
int bad_pass = 0;
|
||||||
|
char *curve = NULL;
|
||||||
int i;
|
int i;
|
||||||
struct store_cert_parm_s store_cert_parm;
|
struct store_cert_parm_s store_cert_parm;
|
||||||
|
|
||||||
@ -779,8 +780,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
|
|||||||
|
|
||||||
kparms = p12_parse (p12buffer + p12bufoff, p12buflen - p12bufoff,
|
kparms = p12_parse (p12buffer + p12bufoff, p12buflen - p12bufoff,
|
||||||
passphrase, store_cert_cb, &store_cert_parm,
|
passphrase, store_cert_cb, &store_cert_parm,
|
||||||
&bad_pass, NULL);
|
&bad_pass, &curve);
|
||||||
|
|
||||||
xfree (passphrase);
|
xfree (passphrase);
|
||||||
passphrase = NULL;
|
passphrase = NULL;
|
||||||
|
|
||||||
@ -791,35 +791,79 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* print_mpi (" n", kparms[0]); */
|
if (curve)
|
||||||
/* print_mpi (" e", kparms[1]); */
|
{
|
||||||
/* print_mpi (" d", kparms[2]); */
|
gcry_ctx_t ecctx = NULL;
|
||||||
/* print_mpi (" p", kparms[3]); */
|
|
||||||
/* print_mpi (" q", kparms[4]); */
|
|
||||||
/* print_mpi ("dmp1", kparms[5]); */
|
|
||||||
/* print_mpi ("dmq1", kparms[6]); */
|
|
||||||
/* print_mpi (" u", kparms[7]); */
|
|
||||||
|
|
||||||
sk.n = kparms[0];
|
/* log_debug ("curve: %s\n", curve); */
|
||||||
sk.e = kparms[1];
|
/* gcry_log_debugmpi ("MPI[0]", kparms[0]); */
|
||||||
sk.d = kparms[2];
|
|
||||||
sk.q = kparms[3];
|
|
||||||
sk.p = kparms[4];
|
|
||||||
sk.u = kparms[7];
|
|
||||||
err = rsa_key_check (&sk);
|
|
||||||
if (err)
|
|
||||||
goto leave;
|
|
||||||
/* print_mpi (" n", sk.n); */
|
|
||||||
/* print_mpi (" e", sk.e); */
|
|
||||||
/* print_mpi (" d", sk.d); */
|
|
||||||
/* print_mpi (" p", sk.p); */
|
|
||||||
/* print_mpi (" q", sk.q); */
|
|
||||||
/* print_mpi (" u", sk.u); */
|
|
||||||
|
|
||||||
/* Create an S-expression from the parameters. */
|
/* We need to get the public key. */
|
||||||
err = gcry_sexp_build (&s_key, NULL,
|
err = gcry_mpi_ec_new (&ecctx, NULL, curve);
|
||||||
"(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
|
if (err)
|
||||||
sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
|
{
|
||||||
|
log_error ("error creating context for curve '%s': %s\n",
|
||||||
|
curve, gpg_strerror (err));
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
err = gcry_mpi_ec_set_mpi ("d", kparms[0], ecctx);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
log_error ("error setting 'd' into context of curve '%s': %s\n",
|
||||||
|
curve, gpg_strerror (err));
|
||||||
|
gcry_ctx_release (ecctx);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
kparms[1] = gcry_mpi_ec_get_mpi ("q", ecctx, 1);
|
||||||
|
if (!kparms[1])
|
||||||
|
{
|
||||||
|
log_error ("error computing 'q' from 'd' for curve '%s'\n", curve);
|
||||||
|
gcry_ctx_release (ecctx);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_ctx_release (ecctx);
|
||||||
|
|
||||||
|
err = gcry_sexp_build (&s_key, NULL,
|
||||||
|
"(private-key(ecc(curve %s)(q%m)(d%m)))",
|
||||||
|
curve, kparms[1], kparms[0], NULL);
|
||||||
|
}
|
||||||
|
else /* RSA */
|
||||||
|
{
|
||||||
|
/* print_mpi (" n", kparms[0]); */
|
||||||
|
/* print_mpi (" e", kparms[1]); */
|
||||||
|
/* print_mpi (" d", kparms[2]); */
|
||||||
|
/* print_mpi (" p", kparms[3]); */
|
||||||
|
/* print_mpi (" q", kparms[4]); */
|
||||||
|
/* print_mpi ("dmp1", kparms[5]); */
|
||||||
|
/* print_mpi ("dmq1", kparms[6]); */
|
||||||
|
/* print_mpi (" u", kparms[7]); */
|
||||||
|
|
||||||
|
sk.n = kparms[0];
|
||||||
|
sk.e = kparms[1];
|
||||||
|
sk.d = kparms[2];
|
||||||
|
sk.q = kparms[3];
|
||||||
|
sk.p = kparms[4];
|
||||||
|
sk.u = kparms[7];
|
||||||
|
err = rsa_key_check (&sk);
|
||||||
|
if (err)
|
||||||
|
goto leave;
|
||||||
|
/* print_mpi (" n", sk.n); */
|
||||||
|
/* print_mpi (" e", sk.e); */
|
||||||
|
/* print_mpi (" d", sk.d); */
|
||||||
|
/* print_mpi (" p", sk.p); */
|
||||||
|
/* print_mpi (" q", sk.q); */
|
||||||
|
/* print_mpi (" u", sk.u); */
|
||||||
|
|
||||||
|
/* Create an S-expression from the parameters. */
|
||||||
|
err = gcry_sexp_build (&s_key, NULL,
|
||||||
|
"(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
|
||||||
|
sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* The next is very ugly - we really should not rely on our
|
||||||
|
* knowledge of p12_parse internals. */
|
||||||
for (i=0; i < 8; i++)
|
for (i=0; i < 8; i++)
|
||||||
gcry_mpi_release (kparms[i]);
|
gcry_mpi_release (kparms[i]);
|
||||||
gcry_free (kparms);
|
gcry_free (kparms);
|
||||||
@ -926,6 +970,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
|
|||||||
xfree (kek);
|
xfree (kek);
|
||||||
xfree (get_membuf (&p12mbuf, NULL));
|
xfree (get_membuf (&p12mbuf, NULL));
|
||||||
xfree (p12buffer);
|
xfree (p12buffer);
|
||||||
|
xfree (curve);
|
||||||
|
|
||||||
if (bad_pass)
|
if (bad_pass)
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user