mirror of git://git.gnupg.org/gnupg.git
agent,ecc: Use of opaque MPI for ECC, fixup 'd'.
* agent/Makefile.am: Add sexp-secret.c. * agent/agent.h: New function declarations. * agent/sexp-secret.c: New. * agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key. * agent/protect-tool.c (read_and_unprotect): Fix up private part, calling fixup_when_ecc_private_key. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka
parent
2b11851624
commit
47c1c329ed
|
|
@ -45,6 +45,7 @@ gpg_agent_SOURCES = \
|
|||
cache.c \
|
||||
trans.c \
|
||||
findkey.c \
|
||||
sexp-secret.c \
|
||||
pksign.c \
|
||||
pkdecrypt.c \
|
||||
genkey.c \
|
||||
|
|
@ -75,6 +76,7 @@ gpg_agent_DEPENDENCIES = $(resource_objs)
|
|||
|
||||
gpg_protect_tool_SOURCES = \
|
||||
protect-tool.c \
|
||||
sexp-secret.c \
|
||||
protect.c cvt-openpgp.c
|
||||
|
||||
gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) \
|
||||
|
|
|
|||
|
|
@ -642,4 +642,9 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
|
|||
gcry_mpi_t *mpi_array, int arraysize,
|
||||
gcry_sexp_t *r_curve, gcry_sexp_t *r_flags);
|
||||
|
||||
/*-- sexp-secret.c --*/
|
||||
gpg_error_t fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p);
|
||||
gpg_error_t sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
|
||||
unsigned char *buf);
|
||||
|
||||
#endif /*AGENT_H*/
|
||||
|
|
|
|||
|
|
@ -968,7 +968,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
|
|||
{
|
||||
gpg_error_t err;
|
||||
unsigned char *buf;
|
||||
size_t len, buflen, erroff;
|
||||
size_t len, erroff;
|
||||
gcry_sexp_t s_skey;
|
||||
nvc_t keymeta = NULL;
|
||||
char *desc_text_buffer = NULL; /* Used in case we extend DESC_TEXT. */
|
||||
|
|
@ -1117,10 +1117,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
|
|||
return err;
|
||||
}
|
||||
|
||||
buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
|
||||
err = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
|
||||
wipememory (buf, buflen);
|
||||
err = sexp_sscan_private_key (result, &erroff, buf);
|
||||
xfree (buf);
|
||||
nvc_release (keymeta);
|
||||
xfree (desc_text_buffer);
|
||||
if (err)
|
||||
{
|
||||
log_error ("failed to build S-Exp (off=%u): %s\n",
|
||||
|
|
@ -1130,15 +1130,9 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
|
|||
xfree (*r_passphrase);
|
||||
*r_passphrase = NULL;
|
||||
}
|
||||
nvc_release (keymeta);
|
||||
xfree (desc_text_buffer);
|
||||
return err;
|
||||
}
|
||||
|
||||
*result = s_skey;
|
||||
nvc_release (keymeta);
|
||||
xfree (desc_text_buffer);
|
||||
return 0;
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -372,7 +372,7 @@ read_and_protect (const char *fname)
|
|||
static void
|
||||
read_and_unprotect (ctrl_t ctrl, const char *fname)
|
||||
{
|
||||
int rc;
|
||||
gpg_error_t err;
|
||||
unsigned char *key;
|
||||
unsigned char *result;
|
||||
size_t resultlen;
|
||||
|
|
@ -383,15 +383,15 @@ read_and_unprotect (ctrl_t ctrl, const char *fname)
|
|||
if (!key)
|
||||
return;
|
||||
|
||||
rc = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
|
||||
protected_at, &result, &resultlen);
|
||||
err = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
|
||||
protected_at, &result, &resultlen);
|
||||
release_passphrase (pw);
|
||||
xfree (key);
|
||||
if (rc)
|
||||
if (err)
|
||||
{
|
||||
if (opt_status_msg)
|
||||
log_info ("[PROTECT-TOOL:] bad-passphrase\n");
|
||||
log_error ("unprotecting the key failed: %s\n", gpg_strerror (rc));
|
||||
log_error ("unprotecting the key failed: %s\n", gpg_strerror (err));
|
||||
return;
|
||||
}
|
||||
if (opt.verbose)
|
||||
|
|
@ -404,6 +404,12 @@ read_and_unprotect (ctrl_t ctrl, const char *fname)
|
|||
log_info ("key protection done at [unknown]\n");
|
||||
}
|
||||
|
||||
err = fixup_when_ecc_private_key (result, &resultlen);
|
||||
if (err)
|
||||
{
|
||||
log_error ("malformed key: %s\n", gpg_strerror (err));
|
||||
return;
|
||||
}
|
||||
if (opt_armor)
|
||||
{
|
||||
char *p = make_advanced (result, resultlen);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,128 @@
|
|||
/* sexp-secret.c - SEXP handling of the secret key
|
||||
* Copyright (C) 2020 g10 Code GmbH.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
* GnuPG is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* GnuPG is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
#include "agent.h"
|
||||
#include "../common/sexp-parse.h"
|
||||
|
||||
/*
|
||||
* When it's for ECC, fixup private key part in the cannonical SEXP
|
||||
* representation in BUF. If not ECC, do nothing.
|
||||
*/
|
||||
gpg_error_t
|
||||
fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p)
|
||||
{
|
||||
const unsigned char *s;
|
||||
size_t n;
|
||||
size_t buflen = *buflen_p;
|
||||
|
||||
s = buf;
|
||||
if (*s != '(')
|
||||
return gpg_error (GPG_ERR_INV_SEXP);
|
||||
s++;
|
||||
n = snext (&s);
|
||||
if (!n)
|
||||
return gpg_error (GPG_ERR_INV_SEXP);
|
||||
if (!smatch (&s, n, "private-key"))
|
||||
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
||||
if (*s != '(')
|
||||
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
|
||||
s++;
|
||||
n = snext (&s);
|
||||
if (!smatch (&s, n, "ecc"))
|
||||
return 0;
|
||||
|
||||
/* It's ECC */
|
||||
while (*s == '(')
|
||||
{
|
||||
s++;
|
||||
n = snext (&s);
|
||||
if (!n)
|
||||
return gpg_error (GPG_ERR_INV_SEXP);
|
||||
if (n == 1 && *s == 'd')
|
||||
{
|
||||
unsigned char *s0;
|
||||
size_t n0;
|
||||
|
||||
s += n;
|
||||
s0 = (unsigned char *)s;
|
||||
n = snext (&s);
|
||||
n0 = s - s0;
|
||||
|
||||
if (!n)
|
||||
return gpg_error (GPG_ERR_INV_SEXP);
|
||||
else if ((n & 1) && !*s)
|
||||
/* Detect wrongly added 0x00. */
|
||||
/* For all existing curves in libgcrypt-1.9 (so far), the
|
||||
size of private part should be even. */
|
||||
{
|
||||
size_t numsize;
|
||||
|
||||
n--;
|
||||
buflen--;
|
||||
numsize = snprintf (s0, s-s0+1, "%u:", (unsigned int)n);
|
||||
memmove (s0+numsize, s+1, buflen - (s - buf));
|
||||
memset (s0+numsize+buflen - (s - buf), 0, (n0 - numsize) + 1);
|
||||
buflen -= (n0 - numsize);
|
||||
s = s0+numsize+n;
|
||||
*buflen_p = buflen;
|
||||
}
|
||||
else
|
||||
s += n;
|
||||
}
|
||||
else
|
||||
{
|
||||
s += n;
|
||||
n = snext (&s);
|
||||
if (!n)
|
||||
return gpg_error (GPG_ERR_INV_SEXP);
|
||||
s += n;
|
||||
}
|
||||
if ( *s != ')' )
|
||||
return gpg_error (GPG_ERR_INV_SEXP);
|
||||
s++;
|
||||
}
|
||||
if (*s != ')')
|
||||
return gpg_error (GPG_ERR_INV_SEXP);
|
||||
s++;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Scan BUF to get SEXP, put into RESULT. Error offset will be in the
|
||||
* pointer at R_ERROFF. For ECC, the private part 'd' will be fixed
|
||||
* up; That part may have 0x00 prefix of signed MPI encoding, which is
|
||||
* incompatible to opaque MPI handling.
|
||||
*/
|
||||
gpg_error_t
|
||||
sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
|
||||
unsigned char *buf)
|
||||
{
|
||||
gpg_error_t err;
|
||||
size_t buflen, buflen0;
|
||||
|
||||
buflen = buflen0 = gcry_sexp_canon_len (buf, 0, NULL, NULL);
|
||||
err = fixup_when_ecc_private_key (buf, &buflen);
|
||||
if (!err)
|
||||
err = gcry_sexp_sscan (result, r_erroff, (char*)buf, buflen0);
|
||||
wipememory (buf, buflen0);
|
||||
|
||||
return err;
|
||||
}
|
||||
Loading…
Reference in New Issue