security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Fixed the ECC interface to Libgcrypt to be ABI compatible with the previous version. 

Quite some changes were needed but in the end we have less code than
before.  Instead of trying to do everything with MPIs and pass them
back and forth between Libgcrypt and GnuPG, we know use the
S-expression based interface and make heavy use of our opaque MPI
feature.

Encryption, decryption, signing and verification work with
self-generared keys.

Import and export does not yet work; thus it was not possible to check
the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
This commit is contained in:
Werner Koch 2011-01-31 15:44:24 +01:00
parent 0fb0bb8d9a
commit 328a642aa5
9 changed files with 119 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
agent/ChangeLog
View File

@ -1,7 +1,8 @@
2011-01-27 Werner Koch <wk@g10code.com>
2011-01-31 Werner Koch <wk@g10code.com>
* protect.c (protect_info): Adjust ECDSA and ECDH parameter names.
Add "ecc".
* findkey.c (key_parms_from_sexp): Ditto.
2011-01-19 Werner Koch <wk@g10code.com>

4
agent/findkey.c
View File

@ -729,12 +729,12 @@ key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list,
else if (n==5 && !memcmp (name, "ecdsa", 5))
{
algoname = "ecdsa";
elems = "cq";
elems = "pabgnq";
}
else if (n==4 && !memcmp (name, "ecdh", 4))
{
algoname = "ecdh";
elems = "cqp";
elems = "pabgnq";
}
else if (n==3 && !memcmp (name, "elg", 3))
{

7
g10/ChangeLog
View File

@ -1,3 +1,10 @@
2011-01-31 Werner Koch <wk@g10code.com>
* ecdh.c (pk_ecdh_encrypt_with_shared_point): Return an opaque MPI.
* build-packet.c (mpi_write): Rename to gpg_mpi_write and make global.
(write_size_body_mpi): Remove.
2011-01-30 Werner Koch <wk@g10code.com>

51
g10/build-packet.c
View File

@ -157,8 +157,8 @@ build_packet( IOBUF out, PACKET *pkt )
/*
* Write the mpi A to OUT.
*/
static int
mpi_write (iobuf_t out, gcry_mpi_t a)
gpg_error_t
gpg_mpi_write (iobuf_t out, gcry_mpi_t a)
{
int rc;
@ -191,45 +191,6 @@ mpi_write (iobuf_t out, gcry_mpi_t a)
}
/*
* Write a special size+body mpi A, to OUT. The format of the content
* of the MPI is one byte LEN, following by LEN bytes.
*/
gpg_error_t
write_size_body_mpi (iobuf_t out, gcry_mpi_t a)
{
gpg_error_t err;
byte buffer[256]; /* Fixed buffer for a public parameter, max possible */
size_t nbytes = (mpi_get_nbits (a)+7)/8;
if (nbytes > sizeof(buffer))
{
log_error("mpi with size+body is too large (%u bytes)\n", nbytes);
return gpg_error (GPG_ERR_TOO_LARGE);
}
err = gcry_mpi_print (GCRYMPI_FMT_USG, buffer, sizeof(buffer), &nbytes, a);
if (err)
{
log_error ("failed to exported size+body mpi\n");
return err;
}
if (nbytes < 2 || buffer[0] != nbytes-1)
{
if (nbytes > 2)
log_error ("internal size mismatch in mpi size+body: "
"%02x != %02x (other bytes: %02x %02x ... %02x %02x)\n",
buffer[0], nbytes-1, buffer[1], buffer[2], buffer[nbytes-2],
buffer[nbytes-1]);
else
log_error ("internal size mismatch in mpi size+body: "
"only %d bytes\n", nbytes);
return gpg_error (GPG_ERR_INV_DATA);
}
return iobuf_write (out, buffer, nbytes);
}
/* Calculate the length of a packet described by PKT. */
u32
calc_packet_length( PACKET *pkt )
@ -341,7 +302,7 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
for (i=0; i < npkey; i++ )
{
err = mpi_write (a, pk->pkey[i]);
err = gpg_mpi_write (a, pk->pkey[i]);
if (err)
goto leave;
}
@ -436,7 +397,7 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
{
/* Non-protected key. */
for ( ; i < nskey; i++ )
if ( (err = mpi_write (a, pk->pkey[i])))
if ( (err = gpg_mpi_write (a, pk->pkey[i])))
goto leave;
write_16 (a, ski->csum );
}
@ -512,7 +473,7 @@ do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
write_fake_data( a, enc->data[0] );
for (i=0; i < n && !rc ; i++ )
rc = mpi_write (a, enc->data[i]);
rc = gpg_mpi_write (a, enc->data[i]);
if (!rc)
{
@ -1170,7 +1131,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
if ( !n )
write_fake_data( a, sig->data[0] );
for (i=0; i < n && !rc ; i++ )
rc = mpi_write(a, sig->data[i] );
rc = gpg_mpi_write (a, sig->data[i] );
if (!rc)
{

191
g10/ecdh.c
View File

@ -1,5 +1,5 @@
/* ecdh.c - ECDH public key operations used in public key glue code
* Copyright (C) 2010 Free Software Foundation, Inc.
* Copyright (C) 2010, 2011 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -105,11 +105,13 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
gpg_error_t err;
byte *secret_x;
int secret_x_size;
byte kdf_params[256];
int kdf_params_size=0;
int nbits;
unsigned int nbits;
const unsigned char *kdf_params;
size_t kdf_params_size;
int kdf_hash_algo;
int kdf_encr_algo;
unsigned char message[256];
size_t message_size;
*r_result = NULL;
@ -137,12 +139,11 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
return err;
}
/* fixme: explain what we are doing. */
secret_x_size = (nbits+7)/8;
assert (nbytes > secret_x_size);
memmove (secret_x, secret_x+1, secret_x_size);
memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
if (DBG_CIPHER)
log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size );
}
@ -155,38 +156,34 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
* current secret_x with a value derived from it. This will become
* a KEK.
*/
{
IOBUF obuf = iobuf_temp();
err = write_size_body_mpi (obuf, pkey[2]); /* KEK params */
kdf_params_size = iobuf_temp_to_buffer (obuf,
kdf_params, sizeof(kdf_params));
if (DBG_CIPHER)
log_printhex ("ecdh KDF public key params are:",
kdf_params, kdf_params_size );
/* Expect 4 bytes 03 01 hash_alg symm_alg. */
if (kdf_params_size != 4 || kdf_params[0] != 3 || kdf_params[1] != 1)
return GPG_ERR_BAD_PUBKEY;
kdf_hash_algo = kdf_params[2];
kdf_encr_algo = kdf_params[3];
if (DBG_CIPHER)
log_debug ("ecdh KDF algorithms %s+%s with aeswrap\n",
gcry_md_algo_name (kdf_hash_algo),
openpgp_cipher_algo_name (kdf_encr_algo));
if (kdf_hash_algo != GCRY_MD_SHA256
&& kdf_hash_algo != GCRY_MD_SHA384
&& kdf_hash_algo != GCRY_MD_SHA512)
return GPG_ERR_BAD_PUBKEY;
if (kdf_encr_algo != GCRY_CIPHER_AES128
&& kdf_encr_algo != GCRY_CIPHER_AES192
&& kdf_encr_algo != GCRY_CIPHER_AES256)
return GPG_ERR_BAD_PUBKEY;
}
if (!gcry_mpi_get_flag (pkey[2], GCRYMPI_FLAG_OPAQUE))
return GPG_ERR_BUG;
kdf_params = gcry_mpi_get_opaque (pkey[2], &nbits);
kdf_params_size = (nbits+7)/8;
if (DBG_CIPHER)
log_printhex ("ecdh KDF params:", kdf_params, kdf_params_size);
/* Expect 4 bytes 03 01 hash_alg symm_alg. */
if (kdf_params_size != 4 || kdf_params[0] != 3 || kdf_params[1] != 1)
return GPG_ERR_BAD_PUBKEY;
kdf_hash_algo = kdf_params[2];
kdf_encr_algo = kdf_params[3];
if (DBG_CIPHER)
log_debug ("ecdh KDF algorithms %s+%s with aeswrap\n",
openpgp_md_algo_name (kdf_hash_algo),
openpgp_cipher_algo_name (kdf_encr_algo));
if (kdf_hash_algo != GCRY_MD_SHA256
&& kdf_hash_algo != GCRY_MD_SHA384
&& kdf_hash_algo != GCRY_MD_SHA512)
return GPG_ERR_BAD_PUBKEY;
if (kdf_encr_algo != GCRY_CIPHER_AES128
&& kdf_encr_algo != GCRY_CIPHER_AES192
&& kdf_encr_algo != GCRY_CIPHER_AES256)
return GPG_ERR_BAD_PUBKEY;
/* Build kdf_params. */
{
@ -194,18 +191,17 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
obuf = iobuf_temp();
/* variable-length field 1, curve name OID */
err = write_size_body_mpi (obuf, pkey[0]);
err = gpg_mpi_write (obuf, pkey[0]);
/* fixed-length field 2 */
iobuf_put (obuf, PUBKEY_ALGO_ECDH);
/* variable-length field 3, KDF params */
err = (err ? err : write_size_body_mpi ( obuf, pkey[2] ));
err = (err ? err : gpg_mpi_write (obuf, pkey[2]));
/* fixed-length field 4 */
iobuf_write (obuf, "Anonymous Sender ", 20);
/* fixed-length field 5, recipient fp */
iobuf_write (obuf, pk_fp, 20);
kdf_params_size = iobuf_temp_to_buffer (obuf,
kdf_params, sizeof(kdf_params));
message_size = iobuf_temp_to_buffer (obuf, message, sizeof message);
iobuf_close (obuf);
if (err)
return err;
@ -223,10 +219,10 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
err = gcry_md_open (&h, kdf_hash_algo, 0);
if(err)
log_bug ("gcry_md_open failed for algo %d: %s",
kdf_hash_algo, gpg_strerror (gcry_error(err)));
gcry_md_write(h, "\x00\x00\x00\x01", 4); /* counter = 1 */
gcry_md_write(h, secret_x, secret_x_size); /* x of the point X */
gcry_md_write(h, kdf_params, kdf_params_size); /* KDF parameters */
kdf_hash_algo, gpg_strerror (err));
gcry_md_write(h, "\x00\x00\x00\x01", 4); /* counter = 1 */
gcry_md_write(h, secret_x, secret_x_size); /* x of the point X */
gcry_md_write(h, kdf_params, kdf_params_size);/* KDF parameters */
gcry_md_final (h);
@ -320,13 +316,13 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
if (DBG_CIPHER)
log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] );
err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG,
data_buf, 1+data_buf[0], NULL);
/* (byte)size + aeswrap of DEK */
xfree( data_buf );
if (err)
result = gcry_mpi_set_opaque (NULL, data_buf, 8 * (1+data_buf[0]));
if (!result)
{
log_error ("ecdh failed to create an MPI: %s\n", gpg_strerror (err));
err = gpg_error_from_syserror ();
xfree (data_buf);
log_error ("ecdh failed to create an MPI: %s\n",
gpg_strerror (err));
return err;
}
@ -335,55 +331,62 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
else
{
byte *in;
const void *p;
err = gcry_mpi_print (GCRYMPI_FMT_USG, data_buf, data_buf_size,
&nbytes, data/*in*/);
if (nbytes != data_buf_size || data_buf[0] != data_buf_size-1)
p = gcry_mpi_get_opaque (data, &nbits);
nbytes = (nbits+7)/8;
if (!p || nbytes > data_buf_size || !nbytes)
{
xfree (data_buf);
return GPG_ERR_BAD_MPI;
}
memcpy (data_buf, p, nbytes);
if (data_buf[0] != nbytes-1)
{
log_error ("ecdh inconsistent size\n");
xfree (data_buf);
return GPG_ERR_BAD_MPI;
}
in = data_buf+data_buf_size;
data_buf_size = data_buf[0];
if (DBG_CIPHER)
log_printhex ("ecdh decrypting :", data_buf+1, data_buf_size);
err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1,
data_buf_size);
gcry_cipher_close (hd);
if (err)
{
log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
gpg_strerror (err));
xfree (data_buf);
return err;
}
data_buf_size -= 8;
if (DBG_CIPHER)
log_printhex ("ecdh decrypted to :", in, data_buf_size);
/* Padding is removed later. */
/* if (in[data_buf_size-1] > 8 ) */
/* { */
/* log_error("ecdh failed at decryption: invalid padding. %02x > 8\n", */
/* in[data_buf_size-1] ); */
/* return GPG_ERR_BAD_KEY; */
/* } */
in = data_buf+data_buf_size;
data_buf_size = data_buf[0];
if (DBG_CIPHER)
log_printhex ("ecdh decrypting :", data_buf+1, data_buf_size);
err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1,
data_buf_size);
gcry_cipher_close (hd);
if (err)
{
log_error ("ecdh failed in gcry_cipher_decrypt: %s\n",
gpg_strerror (err));
xfree (data_buf);
return err;
}
data_buf_size -= 8;
if (DBG_CIPHER)
log_printhex ("ecdh decrypted to :", in, data_buf_size);
/* Padding is removed later. */
/* if (in[data_buf_size-1] > 8 ) */
/* { */
/* log_error("ecdh failed at decryption: invalid padding. %02x > 8\n", */
/* in[data_buf_size-1] ); */
/* return GPG_ERR_BAD_KEY; */
/* } */
err = gcry_mpi_scan ( &result, GCRYMPI_FMT_USG, in, data_buf_size, NULL);
xfree (data_buf);
if (err)
{
log_error ("ecdh failed to create a plain text MPI: %s\n",
gpg_strerror (err));
return err;
}
*r_result = result;
err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, in, data_buf_size, NULL);
xfree (data_buf);
if (err)
{
log_error ("ecdh failed to create a plain text MPI: %s\n",
gpg_strerror (err));
return err;
}
*r_result = result;
}
}

2
g10/encrypt.c
View File

@ -921,7 +921,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
{
char *ustr = get_user_id_string_native (enc->keyid);
log_info (_("%s/%s encrypted for: \"%s\"\n"),
gcry_pk_algo_name (enc->pubkey_algo),
openpgp_pk_algo_name (enc->pubkey_algo),
openpgp_cipher_algo_name (dek->algo),
ustr );
xfree (ustr);

2
g10/packet.h
View File

@ -444,7 +444,7 @@ PACKET *create_gpg_control ( ctrlpkttype_t type,
/*-- build-packet.c --*/
int build_packet( iobuf_t inp, PACKET *pkt );
gpg_error_t write_size_body_mpi (iobuf_t out, gcry_mpi_t a);
gpg_error_t gpg_mpi_write (iobuf_t out, gcry_mpi_t a);
u32 calc_packet_length( PACKET *pkt );
void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
const byte *buffer, size_t buflen );

4
g10/pkglue.c
View File

@ -220,8 +220,8 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
gcry_mpi_t shared, public, result;
/* Get the shared point and the ephemeral public key. */
shared = mpi_from_sexp (s_ciph, "a");
public = mpi_from_sexp (s_ciph, "b");
shared = mpi_from_sexp (s_ciph, "s");
public = mpi_from_sexp (s_ciph, "e");
gcry_sexp_release (s_ciph);
s_ciph = NULL;
if (DBG_CIPHER)

2
g10/pubkey-enc.c
View File

@ -176,7 +176,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
if (!enc->data[0] || !enc->data[1])
err = gpg_error (GPG_ERR_BAD_MPI);
else
err = gcry_sexp_build (&s_data, NULL, "(enc-val(ecdh(a%m)(b%m)))",
err = gcry_sexp_build (&s_data, NULL, "(enc-val(ecdh(s%m)(e%m)))",
enc->data[0], enc->data[1]);
}
else