security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

scd:openpgp: Fix writing ECC key to card.

Browse Source 
* scd/app-openpgp.c (build_privkey_template): Adding another argument
of ecc_d_fixed_len to handle variable-size MPI.

--

Backport from master commit of:
	a25c99b156ca9acaa7712e9c09a6df0a7a23c833

GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2020-12-03 15:04:14 +09:00
parent acafa695e1
commit 5a03bf6130
1 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
scd/app-openpgp.c
View File

@ -3254,6 +3254,7 @@ build_privkey_template (app_t app, int keyno,
static gpg_error_t static gpg_error_t
build_ecc_privkey_template (app_t app, int keyno, build_ecc_privkey_template (app_t app, int keyno,
const unsigned char *ecc_d, size_t ecc_d_len, const unsigned char *ecc_d, size_t ecc_d_len,
size_t ecc_d_fixed_len,
const unsigned char *ecc_q, size_t ecc_q_len, const unsigned char *ecc_q, size_t ecc_q_len,
unsigned char **result, size_t *resultlen) unsigned char **result, size_t *resultlen)
{ {
@ -3269,6 +3270,18 @@ build_ecc_privkey_template (app_t app, int keyno,
size_t template_size; size_t template_size;
int pubkey_required; int pubkey_required;
/* This case doesn't occur in GnuPG 2.3 or later, because
agent/sexp-secret.c does the fixup. */
if (ecc_d_fixed_len < ecc_d_len)
{
if (ecc_d_fixed_len != ecc_d_len - 1 || *ecc_d)
return gpg_error (GPG_ERR_INV_OBJ);
/* Remove the additional zero. */
ecc_d_len--;
ecc_d++;
}
pubkey_required = !!(app->app_local->keyattr[keyno].ecc.flags pubkey_required = !!(app->app_local->keyattr[keyno].ecc.flags
& ECC_FLAG_PUBKEY); & ECC_FLAG_PUBKEY);
@ -3279,8 +3292,8 @@ build_ecc_privkey_template (app_t app, int keyno,
datalen = 0; datalen = 0;
tp = privkey; tp = privkey;
tp += add_tlv (tp, 0x92, ecc_d_len); tp += add_tlv (tp, 0x92, ecc_d_fixed_len);
datalen += ecc_d_len; datalen += ecc_d_fixed_len;
if (pubkey_required) if (pubkey_required)
{ {
@ -3323,8 +3336,14 @@ build_ecc_privkey_template (app_t app, int keyno,
memcpy (tp, suffix, suffix_len); memcpy (tp, suffix, suffix_len);
tp += suffix_len; tp += suffix_len;
memcpy (tp, ecc_d, ecc_d_len); if (ecc_d_fixed_len > ecc_d_len)
tp += ecc_d_len; {
memset (tp, 0, ecc_d_fixed_len - ecc_d_len);
memcpy (tp + ecc_d_fixed_len - ecc_d_len, ecc_d, ecc_d_len);
}
else
memcpy (tp, ecc_d, ecc_d_len);
tp += ecc_d_fixed_len;
if (pubkey_required) if (pubkey_required)
{ {
@ -3843,6 +3862,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
unsigned int n; unsigned int n;
size_t oid_len; size_t oid_len;
unsigned char fprbuf[20]; unsigned char fprbuf[20];
size_t ecc_d_fixed_len;
/* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)): /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)):
curve = "NIST P-256" */ curve = "NIST P-256" */
@ -3985,7 +4005,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
else else
algo = PUBKEY_ALGO_ECDSA; algo = PUBKEY_ALGO_ECDSA;
oidstr = openpgp_curve_to_oid (curve, NULL); oidstr = openpgp_curve_to_oid (curve, &n);
ecc_d_fixed_len = (n+7)/8;
err = openpgp_oid_from_str (oidstr, &oid); err = openpgp_oid_from_str (oidstr, &oid);
if (err) if (err)
goto leave; goto leave;
@ -4050,7 +4071,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
int exmode; int exmode;
err = build_ecc_privkey_template (app, keyno, err = build_ecc_privkey_template (app, keyno,
ecc_d, ecc_d_len, ecc_d, ecc_d_len, ecc_d_fixed_len,
ecc_q, ecc_q_len, ecc_q, ecc_q_len,
&template, &template_len); &template, &template_len);
if (err) if (err)