security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

Editorial cleanups of keygen.c

Browse Source 
Also fixed a regression introduced by me in pubkey_enc.c.
Added extra checks.  Removed unused code.
This commit is contained in:
Werner Koch 2011-01-25 16:54:18 +01:00
parent b9958bba10
commit 638dca5dbc
6 changed files with 167 additions and 258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
g10/ChangeLog
View File

@ -1,3 +1,21 @@
2011-01-25 Werner Koch <wk@g10code.com>
* pubkey-enc.c (get_it): Fix assertion.
Use GPG_ERR_WRONG_SECKEY instead of log_fatal. Add safety checks
for NFRAME.
* main.h (KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY):
Move back to ..
* keygen.c: .. here.
(pk_ecc_keypair_gen): Make static.
(common_key_gen): Fold back into ..
(common_gen): .. this.
(delme__pk_ecc_build_sexp): Remove unused function.
(pk_ecc_keypair_gen): Fold it into ..
(gen_ecc): .. this.
(ask_keysize): Use proper rounding for ECC.
* verify-stubs.c: Remove.
2011-01-20 Werner Koch <wk@g10code.com> 2011-01-20 Werner Koch <wk@g10code.com>
* keyserver.c: Rewrite most stuff for use with dirmngr. Get rid * keyserver.c: Rewrite most stuff for use with dirmngr. Get rid

3
g10/Makefile.am
View File

@ -111,8 +111,7 @@ gpg2_SOURCES = gpg.c \
gpgv2_SOURCES = gpgv.c \ gpgv2_SOURCES = gpgv.c \
$(common_source) \ $(common_source) \
verify.c \ verify.c
verify-stubs.c
#gpgd_SOURCES = gpgd.c \ #gpgd_SOURCES = gpgd.c \
# ks-proto.h \ # ks-proto.h \

339
g10/keygen.c
View File

@ -1,6 +1,6 @@
/* keygen.c - generate a key pair /* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
* 2006, 2007, 2009, 2010 Free Software Foundation, Inc. * 2007, 2009, 2010, 2011 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -18,7 +18,6 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>. * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/ */
#warning wk: check these changes.
#include <config.h> #include <config.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -51,6 +50,11 @@
#define DEFAULT_STD_ALGO GCRY_PK_RSA #define DEFAULT_STD_ALGO GCRY_PK_RSA
#define DEFAULT_STD_KEYSIZE 2048 #define DEFAULT_STD_KEYSIZE 2048
/* Flag bits used during key generation. */
#define KEYGEN_FLAG_NO_PROTECTION 1
#define KEYGEN_FLAG_TRANSIENT_KEY 2
/* Maximum number of supported algorithm preferences. */
#define MAX_PREFS 30 #define MAX_PREFS 30
enum para_name { enum para_name {
@ -1128,16 +1132,17 @@ key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
} }
/* Common code for the key generation fucntion gen_xxx. */
static int static int
common_key_gen (const char *keyparms, int algo, const char *algoelem, common_gen (const char *keyparms, int algo, const char *algoelem,
int keygen_flags, char **cache_nonce_addr, PKT_public_key **pk_out) kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
{ {
int err; int err;
PACKET *pkt;
PKT_public_key *pk; PKT_public_key *pk;
gcry_sexp_t s_key; gcry_sexp_t s_key;
*pk_out = NULL;
err = agent_genkey (NULL, cache_nonce_addr, keyparms, err = agent_genkey (NULL, cache_nonce_addr, keyparms,
!!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key); !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key);
if (err) if (err)
@ -1154,7 +1159,10 @@ common_key_gen (const char *keyparms, int algo, const char *algoelem,
return err; return err;
} }
pk->timestamp = timestamp;
pk->version = 4; pk->version = 4;
if (expireval)
pk->expiredate = pk->timestamp + expireval;
pk->pubkey_algo = algo; pk->pubkey_algo = algo;
err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem); err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem);
@ -1167,45 +1175,21 @@ common_key_gen (const char *keyparms, int algo, const char *algoelem,
} }
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
*pk_out = pk; pkt = xtrycalloc (1, sizeof *pkt);
if (!pkt)
{
err = gpg_error_from_syserror ();
free_public_key (pk);
return err;
}
pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
pkt->pkt.public_key = pk;
add_kbnode (pub_root, new_kbnode (pkt));
return 0; return 0;
} }
/* Common code for the key generation fucntion gen_xxx. */
static int
common_gen (const char *keyparms, int algo, const char *algoelem,
kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
{
PKT_public_key *pk;
int err;
err = common_key_gen( keyparms, algo, algoelem, keygen_flags, cache_nonce_addr, &pk );
if( !err ) {
PACKET *pkt;
pk->timestamp = timestamp;
if (expireval)
pk->expiredate = pk->timestamp + expireval;
pkt = xtrycalloc (1, sizeof *pkt);
if (!pkt)
{
err = gpg_error_from_syserror ();
free_public_key (pk);
return err;
}
pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
pkt->pkt.public_key = pk;
add_kbnode (pub_root, new_kbnode (pkt));
}
return err;
}
/* /*
* Generate an Elgamal key. * Generate an Elgamal key.
@ -1343,40 +1327,14 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
return err; return err;
} }
/* Returns allocated ECC key generation S-explression
call gcry_sexp_release ( out ) to free it.
*/
static int
delme__pk_ecc_build_sexp( int qbits, int algo, int is_long_term, gcry_sexp_t *out ) {
gcry_mpi_t kek_params;
char *kek_params_s;
int rc;
if( is_long_term && algo == PUBKEY_ALGO_ECDH )
kek_params = pk_ecdh_default_params_to_mpi( qbits );
else
kek_params = NULL;
if( kek_params ) { /* Create an S-expression string out QBITS, ALGO and the TRANSIENT
kek_params_s = mpi2hex( kek_params ); flag. On success a malloced string is returned, on failure NULL
mpi_release( kek_params ); and ERRNO is set. */
} static char *
pk_ecc_build_key_params (int qbits, int algo, int transient)
rc = gcry_sexp_build (out, NULL, {
algo == PUBKEY_ALGO_ECDSA ?
"(genkey(ecdsa(nbits %d)(qbits %d)))" :
"(genkey(ecdh(nbits %d)(qbits %d)(transient-key %d)(kek-params %s)))",
(int)qbits, (int)qbits, (int)(is_long_term==0), kek_params_s);
xfree( kek_params_s );
if (rc) {
log_debug("ec gen gcry_sexp_build failed: %s\n", gpg_strerror (rc));
return rc;
}
return 0;
}
static char *
pk_ecc_build_key_params( int qbits, int algo, int transient ) {
byte *kek_params = NULL; byte *kek_params = NULL;
size_t kek_params_size; size_t kek_params_size;
char nbitsstr[35]; char nbitsstr[35];
@ -1384,141 +1342,104 @@ pk_ecc_build_key_params( int qbits, int algo, int transient ) {
char *keyparms; char *keyparms;
int n; int n;
/* KEK parameters are only needed for long term key generation */ /* KEK parameters are only needed for long term key generation. */
if( !transient && algo == PUBKEY_ALGO_ECDH ) if (!transient && algo == PUBKEY_ALGO_ECDH)
kek_params = pk_ecdh_default_params( qbits, &kek_params_size ); kek_params = pk_ecdh_default_params (qbits, &kek_params_size);
else else
kek_params = NULL; kek_params = NULL;
snprintf (nbitsstr, sizeof nbitsstr, "%u", qbits); snprintf (nbitsstr, sizeof nbitsstr, "%u", qbits);
snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits); snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits);
if( algo == PUBKEY_ALGO_ECDSA || kek_params == NULL ) if (algo == PUBKEY_ALGO_ECDSA || !kek_params)
keyparms = xtryasprintf ( {
"(genkey(%s(nbits %zu:%s)(qbits %zu:%s)(transient-key 1:%d)))", keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)"
algo == PUBKEY_ALGO_ECDSA ? "ecdsa" : "ecdh", /**/ "(qbits %zu:%s)"
strlen (nbitsstr), nbitsstr, /**/ "(transient-key 1:%d)))",
strlen (qbitsstr), qbitsstr, algo == PUBKEY_ALGO_ECDSA ? "ecdsa" : "ecdh",
transient ); strlen (nbitsstr), nbitsstr,
else { strlen (qbitsstr), qbitsstr,
assert( kek_params != NULL ); transient);
keyparms = xtryasprintf (
"(genkey(ecdh(nbits %zu:%s)(qbits %zu:%s)(transient-key 1:%d)(kek-params %u:",
strlen (nbitsstr), nbitsstr,
strlen (qbitsstr), qbitsstr,
transient,
(unsigned)kek_params_size );
if( keyparms != NULL ) {
n = strlen(keyparms);
keyparms = xtryrealloc( keyparms, n + kek_params_size + 4 );
} }
if( keyparms == NULL ) { else
xfree( kek_params ); {
return NULL; assert (kek_params);
keyparms = xtryasprintf ("(genkey(ecdh(nbits %zu:%s)"
/**/ "(qbits %zu:%s)"
/**/ "(transient-key 1:%d)"
/**/ "(kek-params %zu:",
strlen (nbitsstr), nbitsstr,
strlen (qbitsstr), qbitsstr,
transient,
kek_params_size);
if (keyparms)
{
n = strlen (keyparms);
keyparms = xtryrealloc (keyparms, n + kek_params_size + 4);
}
if (!keyparms)
{
xfree (kek_params);
return NULL;
}
memcpy (keyparms+n, kek_params, kek_params_size);
xfree (kek_params);
memcpy (keyparms+n+kek_params_size, ")))", 4);
} }
memcpy( keyparms+n, kek_params, kek_params_size );
xfree( kek_params );
memcpy( keyparms+n+kek_params_size, ")))", 4 );
}
return keyparms; return keyparms;
} }
/* This common function is used in this file and also to generate ephemeral keys for ECDH.
* Caller must call free_public_key and free_secret_key */
int
pk_ecc_keypair_gen( PKT_public_key **pk_out, int algo, int keygen_flags, char **cache_nonce_addr, unsigned nbits) {
int err;
unsigned int qbits;
char *keyparms;
// PUBKEY_ALGO_ECDH, PUBKEY_ALGO_ECDSA
static const char * const ec_pub_params[2] = { "cqp", "cq" };
//static const char * const ec_priv_params[2] = { "cqpd", "cqd" };
assert( algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH ); /*
assert( PUBKEY_ALGO_ECDSA == PUBKEY_ALGO_ECDH + 1 ); * Generate an ECC key
*pk_out = NULL;
if( pubkey_get_npkey (PUBKEY_ALGO_ECDSA) != 2 || pubkey_get_nskey (PUBKEY_ALGO_ECDSA) != 3 ||
pubkey_get_npkey (PUBKEY_ALGO_ECDH) != 3 || pubkey_get_nskey (PUBKEY_ALGO_ECDH) != 4 )
{
log_info(_("incompatible version of gcrypt library (expect named curve logic for ECC)\n") );
return GPG_ERR_EPROGMISMATCH;
}
if ( nbits != 256 && nbits != 384 && nbits != 521 )
{
log_info(_("keysize invalid; using 256 bits instead of passed in %d\n"), nbits );
}
/*
Figure out a q size based on the key size. See gen_dsa for more details.
Due to 8-bit rounding we may get 528 here instead of 521
*/
nbits = qbits = (nbits < 521 ? nbits : 521 );
keyparms = pk_ecc_build_key_params(qbits, algo, !!((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION)) );
if (!keyparms) {
err = gpg_error_from_syserror ();
log_error ("ec pk_ecc_build_key_params failed: %s\n", gpg_strerror (err) );
}
else
{
err = common_key_gen (keyparms, algo, ec_pub_params[algo-PUBKEY_ALGO_ECDH],
keygen_flags, cache_nonce_addr, pk_out);
xfree (keyparms);
}
#if 0
/* always allocase seckey_info for EC keys. TODO: is this needed? */
if( *pk_out ) {
struct seckey_info *ski;
(*pk_out)->seckey_info = ski = xtrycalloc (1, sizeof *ski);
if (!(*pk_out)->seckey_info) {
free_public_key(*pk_out);
*pk_out = NULL;
return gpg_error_from_syserror ();
}
ski->is_protected = 0;
ski->algo = 0;
}
#endif
return err;
}
/****************
* Generate an ECC OpenPGP key
*/ */
static gpg_error_t static gpg_error_t
gen_ecc (int algo, unsigned int nbits, KBNODE pub_root, gen_ecc (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey, u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr) int keygen_flags, char **cache_nonce_addr)
{ {
int rc; int err;
PACKET *pkt; unsigned int qbits;
PKT_public_key *pk; char *keyparms;
rc = pk_ecc_keypair_gen( &pk, algo, keygen_flags, cache_nonce_addr, nbits ); assert (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH);
if( rc )
return rc;
/* the rest is very similar to common_gen */ if (pubkey_get_npkey (PUBKEY_ALGO_ECDSA) != 2
|| pubkey_get_nskey (PUBKEY_ALGO_ECDSA) != 3
|| pubkey_get_npkey (PUBKEY_ALGO_ECDH) != 3
|| pubkey_get_nskey (PUBKEY_ALGO_ECDH) != 4)
{
log_error ("broken version of Libgcrypt\n");
return gpg_error (GPG_ERR_INTERNAL); /* ABI silently changed. */
}
pk->timestamp = timestamp; if (nbits != 256 && nbits != 384 && nbits != 521)
if (expireval) {
pk->expiredate = pk->timestamp + expireval; log_info (_("keysize invalid; using %u bits\n"), 256);
/* FIXME: Where do we set it to 256? */
}
//assert( pk->seckey_info != NULL ); /* Figure out a Q size based on the key size. See gen_dsa for more
/// TODO: the new agent-based model doesn't return private portion here (the pkey array is allocated, but private MPIs are NULL, so this will cause a crash... ) details. Due to 8-bit rounding we may get 528 here instead of 521. */
///pk->seckey_info->csum = checksum_mpi ( pk->pkey[algo==PUBKEY_ALGO_ECDSA ? 2 : 3] ); /* corresponds to 'd' in 'cqd' or 'cqpd' */ nbits = qbits = (nbits < 521 ? nbits : 521 );
pkt = xmalloc_clear(sizeof *pkt); keyparms = pk_ecc_build_key_params
pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY; (qbits, algo, !!( (keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
pkt->pkt.public_key = pk; && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION)) );
add_kbnode(pub_root, new_kbnode( pkt )); if (!keyparms)
{
err = gpg_error_from_syserror ();
log_error ("ecc pk_ecc_build_key_params failed: %s\n",
gpg_strerror (err));
}
else
{
err = common_gen (keyparms, algo,
algo == PUBKEY_ALGO_ECDSA? "cq" : "cqp",
pub_root, timestamp, expireval, is_subkey,
keygen_flags, cache_nonce_addr);
xfree (keyparms);
}
return 0; return 0;
} }
@ -1755,7 +1676,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
} }
tty_printf (_(" (%d) ECDSA and ECDH\n"), 9 ); tty_printf (_(" (%d) ECDSA and ECDH\n"), 9 );
for(;;) for(;;)
{ {
*r_usage = 0; *r_usage = 0;
@ -1877,7 +1798,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
tty_printf(_("%s keys may be between %u and %u bits long.\n"), tty_printf(_("%s keys may be between %u and %u bits long.\n"),
openpgp_pk_algo_name (algo), min, max); openpgp_pk_algo_name (algo), min, max);
for(;;) for (;;)
{ {
char *prompt, *answer; char *prompt, *answer;
@ -1899,28 +1820,34 @@ ask_keysize (int algo, unsigned int primary_keysize)
break; break;
} }
tty_printf(_("Requested keysize is %u bits\n"), nbits ); tty_printf (_("Requested keysize is %u bits\n"), nbits);
leave: leave:
if( algo == PUBKEY_ALGO_DSA && (nbits % 64) ) if (algo == PUBKEY_ALGO_DSA && (nbits % 64))
{ {
if( !(algo == PUBKEY_ALGO_ECDSA && nbits==521) ) { nbits = ((nbits + 63) / 64) * 64;
nbits = ((nbits + 63) / 64) * 64; if (!autocomp)
if (!autocomp) tty_printf (_("rounded up to %u bits\n"), nbits);
tty_printf(_("rounded up to %u bits\n"), nbits );
}
} }
else if( algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA ) { else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
if( nbits != 256 && nbits != 384 && nbits != 521 ) { {
nbits = min; if (nbits != 256 && nbits != 384 && nbits != 521)
tty_printf(_("unsupported ECDH value, corrected to the minimum %u bits\n"), nbits ); {
} if (nbits < 256)
} nbits = 256;
else if( (nbits % 32) ) else if (nbits < 384)
nbits = 384;
else
nbits = 521;
if (!autocomp)
tty_printf (_("rounded to %u bits\n"), nbits);
}
}
else if ((nbits % 32))
{ {
nbits = ((nbits + 31) / 32) * 32; nbits = ((nbits + 31) / 32) * 32;
if (!autocomp) if (!autocomp)
tty_printf(_("rounded up to %u bits\n"), nbits ); tty_printf (_("rounded up to %u bits\n"), nbits );
} }
return nbits; return nbits;
@ -2405,7 +2332,7 @@ do_create (int algo, unsigned int nbits, KBNODE pub_root,
else if (algo == PUBKEY_ALGO_DSA) else if (algo == PUBKEY_ALGO_DSA)
err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
keygen_flags, cache_nonce_addr); keygen_flags, cache_nonce_addr);
else if( algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH ) else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH)
err = gen_ecc (algo, nbits, pub_root, timestamp, expiredate, is_subkey, err = gen_ecc (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
keygen_flags, cache_nonce_addr); keygen_flags, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_RSA) else if (algo == PUBKEY_ALGO_RSA)

5
g10/main.h
View File

@ -260,11 +260,6 @@ gpg_error_t generate_card_subkeypair (kbnode_t pub_keyblock,
int save_unprotected_key_to_card (PKT_public_key *sk, int keyno); int save_unprotected_key_to_card (PKT_public_key *sk, int keyno);
#endif #endif
#define KEYGEN_FLAG_NO_PROTECTION 1
#define KEYGEN_FLAG_TRANSIENT_KEY 2
int pk_ecc_keypair_gen (PKT_public_key **pk_out, int algo,
int keygen_flags, char **cache_nonce_addr,
unsigned nbits);
/*-- openfile.c --*/ /*-- openfile.c --*/
int overwrite_filep( const char *fname ); int overwrite_filep( const char *fname );

29
g10/pubkey-enc.c
View File

@ -145,18 +145,17 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
gcry_sexp_t s_data; gcry_sexp_t s_data;
char *desc; char *desc;
char *keygrip; char *keygrip;
byte fp[MAX_FINGERPRINT_LEN]; byte fp[MAX_FINGERPRINT_LEN];
size_t fpn; size_t fpn;
const int gcry_pkalgo = map_pk_openpgp_to_gcry( sk->pubkey_algo ); const int pkalgo = map_pk_openpgp_to_gcry (sk->pubkey_algo);
/* Get the keygrip. */ /* Get the keygrip. */
err = hexkeygrip_from_pk (sk, &keygrip); err = hexkeygrip_from_pk (sk, &keygrip);
if (err) if (err)
goto leave; goto leave;
/* Convert the data to an S-expression. */ /* Convert the data to an S-expression. */
if (gcry_pkalgo == GCRY_PK_ELG ||gcry_pkalgo == GCRY_PK_ELG_E) if (pkalgo == GCRY_PK_ELG || pkalgo == GCRY_PK_ELG_E)
{ {
if (!enc->data[0] || !enc->data[1]) if (!enc->data[0] || !enc->data[1])
err = gpg_error (GPG_ERR_BAD_MPI); err = gpg_error (GPG_ERR_BAD_MPI);
@ -164,7 +163,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
err = gcry_sexp_build (&s_data, NULL, "(enc-val(elg(a%m)(b%m)))", err = gcry_sexp_build (&s_data, NULL, "(enc-val(elg(a%m)(b%m)))",
enc->data[0], enc->data[1]); enc->data[0], enc->data[1]);
} }
else if (gcry_pkalgo == GCRY_PK_RSA || gcry_pkalgo == GCRY_PK_RSA_E) else if (pkalgo == GCRY_PK_RSA || pkalgo == GCRY_PK_RSA_E)
{ {
if (!enc->data[0]) if (!enc->data[0])
err = gpg_error (GPG_ERR_BAD_MPI); err = gpg_error (GPG_ERR_BAD_MPI);
@ -172,12 +171,12 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
err = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", err = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))",
enc->data[0]); enc->data[0]);
} }
else if (gcry_pkalgo == GCRY_PK_ECDH ) else if (pkalgo == GCRY_PK_ECDH)
{ {
if (!enc->data[0] || !enc->data[1]) if (!enc->data[0] || !enc->data[1])
err = gpg_error (GPG_ERR_BAD_MPI); err = gpg_error (GPG_ERR_BAD_MPI);
else else
err = gcry_sexp_build (&s_data, NULL, "(enc-val(ecdh(a%m)(b%m)))", err = gcry_sexp_build (&s_data, NULL, "(enc-val(ecdh(a%m)(b%m)))",
enc->data[0], enc->data[1]); enc->data[0], enc->data[1]);
} }
else else
@ -186,8 +185,9 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
if (err) if (err)
goto leave; goto leave;
fingerprint_from_pk( sk, fp, &fpn ); /* fixme: only needed for ECDH. Don't compute always. */
assert( fpn == 20 ); fingerprint_from_pk (sk, fp, &fpn);
assert (fpn == 20);
/* Decrypt. */ /* Decrypt. */
desc = gpg_format_keydesc (sk, 0, 1); desc = gpg_format_keydesc (sk, 0, 1);
@ -222,12 +222,12 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
{ {
gcry_mpi_t shared_mpi; gcry_mpi_t shared_mpi;
gcry_mpi_t decoded; gcry_mpi_t decoded;
/* At the beginning the frame are the bytes of shared point MPI. */ /* At the beginning the frame are the bytes of shared point MPI. */
err = gcry_mpi_scan (&shared_mpi, GCRYMPI_FMT_USG, frame, nframe, NULL); err = gcry_mpi_scan (&shared_mpi, GCRYMPI_FMT_USG, frame, nframe, NULL);
if (err) if (err)
{ {
log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err)); err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave; goto leave;
} }
@ -247,13 +247,14 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
/* Allow double padding for the benefit of DEK size concealment. /* Allow double padding for the benefit of DEK size concealment.
Higher than this is wasteful. */ Higher than this is wasteful. */
if (frame[nframe-1] > 8*2 || nframe <= 8) if (!nframe || frame[nframe-1] > 8*2 || nframe <= 8
|| frame[nframe-1] > nframe)
{ {
err = gpg_error (GPG_ERR_WRONG_SECKEY); err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave; goto leave;
} }
nframe -= frame[nframe-1]; /* Remove padding. */ nframe -= frame[nframe-1]; /* Remove padding. */
assert (n); /* (used just below) */ assert (!n); /* (used just below) */
} }
else else
{ {

31
g10/verify-stubs.c
View File

@ -1,31 +0,0 @@
/* To satisfy the linker for the gpgv target
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include "gpg.h"
#include "main.h"
int
pk_ecc_keypair_gen (PKT_public_key **pk_out, int algo, int keygen_flags,
char **cache_nonce_addr, unsigned nbits)
{
return GPG_ERR_NOT_IMPLEMENTED;
}