sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.

* common/sexputil.c (pubkey_algo_to_string): New. * sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC. * sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms. * sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA. * sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey algo name function Signed-off-by: Werner Koch <wk@gnupg.org>
2024-12-22 10:19:57 +01:00 · 2020-05-08 14:14:01 +02:00 · 2020-05-08 14:14:01 +02:00 · 34b628db46
commit 34b628db46
parent a759fa963a
6 changed files with 31 additions and 8 deletions
--- a/common/sexputil.c
+++ b/common/sexputil.c
@ -642,6 +642,23 @@ pubkey_algo_string (gcry_sexp_t s_pkey, enum gcry_pk_algos *r_algoid)
 }


+/* Map a pubkey algo id from gcrypt to a string.  This is the same as
+ * gcry_pk_algo_name but makes sure that the ECC algo identifiers are
+ * not all mapped to "ECC".  */
+const char *
+pubkey_algo_to_string (int algo)
+{
+  if (algo == GCRY_PK_ECDSA)
+    return "ECDSA";
+  else if (algo == GCRY_PK_ECDH)
+    return "ECDH";
+  else if (algo == GCRY_PK_EDDSA)
+    return "EdDSA";
+  else
+    return gcry_pk_algo_name (algo);
+}
+
+
 /* Map a hash algo id from gcrypt to a string.  This is the same as
 * gcry_md_algo_name but the returned string is lower case, as
 * expected by libksba and it avoids some overhead.  */
--- a/common/util.h
+++ b/common/util.h
@ -202,6 +202,7 @@ int get_pk_algo_from_key (gcry_sexp_t key);
 int get_pk_algo_from_canon_sexp (const unsigned char *keydata,
                                 size_t keydatalen);
 char *pubkey_algo_string (gcry_sexp_t s_pkey, enum gcry_pk_algos *r_algoid);
+const char *pubkey_algo_to_string (int algo);
 const char *hash_algo_to_string (int algo);

 /*-- convert.c --*/
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -74,11 +74,11 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
  size_t nframe;
  unsigned char *frame;

-  if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA)
+  if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
    {
      unsigned int qbits;

-      if ( pkalgo == GCRY_PK_ECDSA )
+      if ( pkalgo == GCRY_PK_ECC )
        qbits = gcry_pk_get_nbits (pkey);
      else
        qbits = get_dsa_qbits (pkey);
@ -210,10 +210,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey)
    algo = GCRY_PK_RSA;
  else if (n==3 && !memcmp (name, "dsa", 3))
    algo = GCRY_PK_DSA;
-  /* Because this function is called only for verification we can
-     assume that ECC actually means ECDSA.  */
  else if (n==3 && !memcmp (name, "ecc", 3))
-    algo = GCRY_PK_ECDSA;
+    algo = GCRY_PK_ECC;
  else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
    algo = GCRY_PK_RSA;
  else
--- a/sm/certreqgen-ui.c
+++ b/sm/certreqgen-ui.c
@ -113,7 +113,9 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
    case GCRY_PK_RSA:   return "RSA";
    case GCRY_PK_DSA:   return "DSA";
    case GCRY_PK_ELG:   return "ELG";
-    case GCRY_PK_EDDSA: return "ECDSA";
+    case GCRY_PK_ECC:   return "ECC";
+    case GCRY_PK_ECDSA: return "ECDSA";
+    case GCRY_PK_EDDSA: return "EdDSA";
    default: return NULL;
    }
 }
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -510,6 +510,7 @@ our_pk_test_algo (int algo)
    {
    case GCRY_PK_RSA:
    case GCRY_PK_ECDSA:
+    case GCRY_PK_EDDSA:
      return gcry_pk_test_algo (algo);
    default:
      return 1;
--- a/sm/verify.c
+++ b/sm/verify.c
@ -457,13 +457,17 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
      pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
      pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
      pkalgo = gpgsm_get_key_algo_info (cert, &nbits);
+      /* Remap the ECC algo to the algo we use.  Note that EdDSA has
+       * already been mapped.  */
+      if (pkalgo == GCRY_PK_ECC)
+        pkalgo = GCRY_PK_ECDSA;

      /* Print infos about the signature.  */
      log_info (_("Signature made "));
      if (*sigtime)
        {
          /* We take the freedom as noted in RFC3339 to use a space
-           * instead of the :T" delimiter between date and time..  We
+           * instead of the "T" delimiter between date and time.  We
           * also append a separate UTC instead of a "Z" or "+00:00"
           * suffix because that makes it clear to everyone what kind
           * of time this is.  */
@ -477,7 +481,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
        {
          log_info (_("algorithm:"));
          log_printf (" %s + %s",
-                      gcry_pk_algo_name (pkalgo),
+                      pubkey_algo_to_string (pkalgo),
                      gcry_md_algo_name (sigval_hash_algo));
          if (algo != sigval_hash_algo)
            log_printf (" (%s)", gcry_md_algo_name (algo));