security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

sm: Support creation of EdDSA certificates. 

* sm/misc.c (transform_sigval): Support EdDSA.
* sm/certreqgen.c (create_request): Support EdDSA cert creation.
* sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
hash algos.
* sm/call-agent.c (struct sethash_inq_parm_s): New.
(sethash_inq_cb): New.
(gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.
--

Tested using a parameter file

    Key-Type: EdDSA
    Key-Length: 1024
    Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test ed25519

where the keygrip is from a gpg generated Ed25519 key.  ECDSA was
tested using

    Key-Type: ECDSA
    Key-Length: 1024
    Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test nistp256

and RSA using

    Key-Type: RSA
    Key-Length: 2048
    Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test rsa

The command used in all cases is

  gpgsm -v --gen-key --batch  a.parm >a.crt
  gpgsm -v --import <a.crt

More support, in particular in the user interface, is required and
will follow soon.

GnuPG-bug-id: 4888
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-05-18 19:32:30 +02:00
parent b18fb0264a
commit 6dc3846d78
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 184 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
sm/call-agent.c
View File

@ -76,6 +76,13 @@ struct import_key_parm_s
size_t keylen; size_t keylen;
}; };
struct sethash_inq_parm_s
{
assuan_context_t ctx;
const void *data;
size_t datalen;
};
struct default_inq_parm_s struct default_inq_parm_s
{ {
ctrl_t ctrl; ctrl_t ctrl;
@ -257,8 +264,29 @@ default_inq_cb (void *opaque, const char *line)
/* This is the inquiry callback required by the SETHASH command. */
static gpg_error_t
sethash_inq_cb (void *opaque, const char *line)
{
gpg_error_t err = 0;
struct sethash_inq_parm_s *parm = opaque;
if (has_leading_keyword (line, "TBSDATA"))
{
err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
}
else
log_error ("ignoring gpg-agent inquiry '%s'\n", line);
return err;
}
/* Call the agent to do a sign operation using the key identified by /* Call the agent to do a sign operation using the key identified by
the hex string KEYGRIP. */ * the hex string KEYGRIP. If DIGESTALGO is given (DIGEST,DIGESTLEN)
* gives the to be signed hash created using the given algo. If
* DIGESTALGO is not given (i.e. zero) (DIGEST,DIGESTALGO) give the
* entire data to-be-signed. */
int int
gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc, gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
unsigned char *digest, size_t digestlen, int digestalgo, unsigned char *digest, size_t digestlen, int digestalgo,
@ -277,7 +305,7 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
inq_parm.ctrl = ctrl; inq_parm.ctrl = ctrl;
inq_parm.ctx = agent_ctx; inq_parm.ctx = agent_ctx;
if (digestlen*2 + 50 > DIM(line)) if (digestalgo && digestlen*2 + 50 > DIM(line))
return gpg_error (GPG_ERR_GENERAL); return gpg_error (GPG_ERR_GENERAL);
rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
@ -298,11 +326,26 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
return rc; return rc;
} }
sprintf (line, "SETHASH %d ", digestalgo); if (!digestalgo)
p = line + strlen (line); {
for (i=0; i < digestlen ; i++, p += 2 ) struct sethash_inq_parm_s sethash_inq_parm;
sprintf (p, "%02X", digest[i]);
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); sethash_inq_parm.ctx = agent_ctx;
sethash_inq_parm.data = digest;
sethash_inq_parm.datalen = digestlen;
rc = assuan_transact (agent_ctx, "SETHASH --inquire",
NULL, NULL, sethash_inq_cb, &sethash_inq_parm,
NULL, NULL);
}
else
{
snprintf (line, sizeof line, "SETHASH %d ", digestalgo);
p = line + strlen (line);
for (i=0; i < digestlen ; i++, p += 2 )
sprintf (p, "%02X", digest[i]);
rc = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
}
if (rc) if (rc)
return rc; return rc;

10
sm/certcheck.c
View File

@ -360,6 +360,8 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
int use_eddsa = 0; int use_eddsa = 0;
unsigned int saltlen; unsigned int saltlen;
/* Note that we map the 4 algos which current Libgcrypt versions are
* not aware of the OID. */
algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert))); algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert)));
if (!algo && algoid && !strcmp (algoid, "1.2.840.113549.1.1.10")) if (!algo && algoid && !strcmp (algoid, "1.2.840.113549.1.1.10"))
use_pss = 1; use_pss = 1;
@ -367,6 +369,14 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
use_eddsa = 1; use_eddsa = 1;
else if (algoid && !strcmp (algoid, "1.3.101.113")) else if (algoid && !strcmp (algoid, "1.3.101.113"))
use_eddsa = 2; use_eddsa = 2;
else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.1"))
algo = GCRY_MD_SHA224; /* ecdsa-with-sha224 */
else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.2"))
algo = GCRY_MD_SHA256; /* ecdsa-with-sha256 */
else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.3"))
algo = GCRY_MD_SHA384; /* ecdsa-with-sha384 */
else if (!algo && algoid && !strcmp (algoid, "1.2.840.10045.4.3.4"))
algo = GCRY_MD_SHA512; /* ecdsa-with-sha512 */
else if (!algo) else if (!algo)
{ {
log_error ("unknown digest algorithm '%s' used in certificate\n", log_error ("unknown digest algorithm '%s' used in certificate\n",

91
sm/certreqgen.c
View File

@ -67,6 +67,7 @@
#include "keydb.h" #include "keydb.h"
#include "../common/i18n.h" #include "../common/i18n.h"
#include "../common/membuf.h"
enum para_name enum para_name
@ -835,6 +836,8 @@ create_request (ctrl_t ctrl,
ksba_isotime_t atime; ksba_isotime_t atime;
int certmode = 0; int certmode = 0;
int mdalgo; int mdalgo;
membuf_t tbsbuffer;
membuf_t *tbsmb = NULL;
err = ksba_certreq_new (&cr); err = ksba_certreq_new (&cr);
if (err) if (err)
@ -842,21 +845,31 @@ create_request (ctrl_t ctrl,
len = gcry_sexp_canon_len (public, 0, NULL, NULL); len = gcry_sexp_canon_len (public, 0, NULL, NULL);
if (get_pk_algo_from_canon_sexp (public, len) == GCRY_PK_EDDSA) if (get_pk_algo_from_canon_sexp (public, len) == GCRY_PK_EDDSA)
mdalgo = GCRY_MD_SHA512;
else if ((string = get_parameter_value (para, pHASHALGO, 0)))
mdalgo = gcry_md_map_name (string);
else
mdalgo = GCRY_MD_SHA256;
rc = gcry_md_open (&md, mdalgo, 0);
if (rc)
{ {
log_error ("md_open failed: %s\n", gpg_strerror (rc)); mdalgo = GCRY_MD_SHA512;
goto leave; md = NULL; /* We sign the data and not a hash. */
init_membuf (&tbsbuffer, 2048);
tbsmb = &tbsbuffer;
ksba_certreq_set_hash_function
(cr, (void (*)(void *, const void*,size_t))put_membuf, tbsmb);
}
else
{
if ((string = get_parameter_value (para, pHASHALGO, 0)))
mdalgo = gcry_md_map_name (string);
else
mdalgo = GCRY_MD_SHA256;
rc = gcry_md_open (&md, mdalgo, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gpg_strerror (rc));
goto leave;
}
if (DBG_HASHING)
gcry_md_debug (md, "cr.cri");
ksba_certreq_set_hash_function (cr, HASH_FNC, md);
} }
if (DBG_HASHING)
gcry_md_debug (md, "cr.cri");
ksba_certreq_set_hash_function (cr, HASH_FNC, md);
ksba_certreq_set_writer (cr, writer); ksba_certreq_set_writer (cr, writer);
err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0)); err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0));
@ -1150,6 +1163,7 @@ create_request (ctrl_t ctrl,
{ {
unsigned char *siginfo; unsigned char *siginfo;
err = transform_sigval (sigkey, err = transform_sigval (sigkey,
gcry_sexp_canon_len (sigkey, 0, NULL, NULL), gcry_sexp_canon_len (sigkey, 0, NULL, NULL),
mdalgo, &siginfo, NULL); mdalgo, &siginfo, NULL);
@ -1320,6 +1334,8 @@ create_request (ctrl_t ctrl,
char hexgrip[41]; char hexgrip[41];
unsigned char *sigval, *newsigval; unsigned char *sigval, *newsigval;
size_t siglen; size_t siglen;
void *tbsdata;
size_t tbsdatalen;
n = gcry_sexp_canon_len (sigkey, 0, NULL, NULL); n = gcry_sexp_canon_len (sigkey, 0, NULL, NULL);
if (!n) if (!n)
@ -1348,11 +1364,26 @@ create_request (ctrl_t ctrl,
certmode? "certificate":"CSR", hexgrip); certmode? "certificate":"CSR", hexgrip);
if (carddirect && !certmode) if (carddirect && !certmode)
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL, {
gcry_md_read (md, mdalgo), if (tbsmb)
gcry_md_get_algo_dlen (mdalgo), {
mdalgo, tbsdata = get_membuf (tbsmb, &tbsdatalen);
&sigval, &siglen); tbsmb = NULL;
if (!tbsdata)
rc = gpg_error_from_syserror ();
else
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
tbsdata, tbsdatalen, 0,
&sigval, &siglen);
xfree (tbsdata);
}
else
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
gcry_md_read (md, mdalgo),
gcry_md_get_algo_dlen (mdalgo),
mdalgo,
&sigval, &siglen);
}
else else
{ {
char *orig_codeset; char *orig_codeset;
@ -1364,11 +1395,25 @@ create_request (ctrl_t ctrl,
" the passphrase for the key you just created once" " the passphrase for the key you just created once"
" more.\n")); " more.\n"));
i18n_switchback (orig_codeset); i18n_switchback (orig_codeset);
rc = gpgsm_agent_pksign (ctrl, hexgrip, desc, if (tbsmb)
gcry_md_read(md, mdalgo), {
gcry_md_get_algo_dlen (mdalgo), tbsdata = get_membuf (tbsmb, &tbsdatalen);
mdalgo, tbsmb = NULL;
&sigval, &siglen); if (!tbsdata)
rc = gpg_error_from_syserror ();
else
rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
tbsdata, tbsdatalen, 0,
&sigval, &siglen);
xfree (tbsdata);
}
else
rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo),
mdalgo,
&sigval, &siglen);
xfree (desc); xfree (desc);
} }
if (rc) if (rc)
@ -1398,6 +1443,8 @@ create_request (ctrl_t ctrl,
leave: leave:
if (tbsmb)
xfree (get_membuf (tbsmb, NULL));
gcry_md_close (md); gcry_md_close (md);
ksba_certreq_release (cr); ksba_certreq_release (cr);
return rc; return rc;

90
sm/misc.c
View File

@ -101,7 +101,7 @@ setup_pinentry_env (void)
function ignores missing parameters so that it can also be used to function ignores missing parameters so that it can also be used to
create an siginfo value as expected by ksba_certreq_set_siginfo. create an siginfo value as expected by ksba_certreq_set_siginfo.
To create a siginfo s-expression a public-key s-expression may be To create a siginfo s-expression a public-key s-expression may be
used instead of a sig-val. We only support RSA for now. */ used instead of a sig-val. */
gpg_error_t gpg_error_t
transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo, transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
unsigned char **r_newsigval, size_t *r_newsigvallen) unsigned char **r_newsigval, size_t *r_newsigvallen)
@ -115,6 +115,7 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
size_t rsa_s_len, ecc_r_len, ecc_s_len; size_t rsa_s_len, ecc_r_len, ecc_s_len;
const char *oid; const char *oid;
gcry_sexp_t sexp; gcry_sexp_t sexp;
const char *eddsa_curve = NULL;
rsa_s = ecc_r = ecc_s = NULL; rsa_s = ecc_r = ecc_s = NULL;
rsa_s_len = ecc_r_len = ecc_s_len = 0; rsa_s_len = ecc_r_len = ecc_s_len = 0;
@ -144,6 +145,8 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
if (toklen == 3 && !memcmp ("rsa", tok, 3)) if (toklen == 3 && !memcmp ("rsa", tok, 3))
pkalgo = GCRY_PK_RSA; pkalgo = GCRY_PK_RSA;
else if (toklen == 3 && !memcmp ("ecc", tok, 3))
pkalgo = GCRY_PK_ECC;
else if (toklen == 5 && !memcmp ("ecdsa", tok, 5)) else if (toklen == 5 && !memcmp ("ecdsa", tok, 5))
pkalgo = GCRY_PK_ECC; pkalgo = GCRY_PK_ECC;
else if (toklen == 5 && !memcmp ("eddsa", tok, 5)) else if (toklen == 5 && !memcmp ("eddsa", tok, 5))
@ -191,6 +194,18 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
*mpi_len = toklen; *mpi_len = toklen;
} }
} }
else if (toklen == 5 && !memcmp (tok, "curve", 5))
{
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
return err;
if ((toklen == 7 && !memcmp (tok, "Ed25519", 7))
|| (toklen == 22 && !memcmp (tok, "1.3.6.1.4.1.11591.15.1", 22))
|| (toklen == 11 && !memcmp (tok, "1.3.101.112", 11)))
eddsa_curve = "1.3.101.112";
else if ((toklen == 5 && !memcmp (tok, "Ed448", 5))
|| (toklen == 11 && !memcmp (tok, "1.3.101.113", 11)))
eddsa_curve = "1.3.101.113";
}
/* Skip to the end of the list. */ /* Skip to the end of the list. */
last_depth2 = depth; last_depth2 = depth;
@ -203,50 +218,55 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
if (err) if (err)
return err; return err;
/* Map the hash algorithm to an OID. */ if (eddsa_curve)
if (mdalgo < 0 || mdalgo > (1<<15) || pkalgo < 0 || pkalgo > (1<<15)) oid = eddsa_curve;
return gpg_error (GPG_ERR_DIGEST_ALGO); else
switch (mdalgo | (pkalgo << 16))
{ {
case GCRY_MD_SHA1 | (GCRY_PK_RSA << 16): /* Map the hash algorithm to an OID. */
oid = "1.2.840.113549.1.1.5"; /* sha1WithRSAEncryption */ if (mdalgo < 0 || mdalgo > (1<<15) || pkalgo < 0 || pkalgo > (1<<15))
break; return gpg_error (GPG_ERR_DIGEST_ALGO);
case GCRY_MD_SHA256 | (GCRY_PK_RSA << 16): switch (mdalgo | (pkalgo << 16))
oid = "1.2.840.113549.1.1.11"; /* sha256WithRSAEncryption */ {
break; case GCRY_MD_SHA1 | (GCRY_PK_RSA << 16):
oid = "1.2.840.113549.1.1.5"; /* sha1WithRSAEncryption */
break;
case GCRY_MD_SHA384 | (GCRY_PK_RSA << 16): case GCRY_MD_SHA256 | (GCRY_PK_RSA << 16):
oid = "1.2.840.113549.1.1.12"; /* sha384WithRSAEncryption */ oid = "1.2.840.113549.1.1.11"; /* sha256WithRSAEncryption */
break; break;
case GCRY_MD_SHA512 | (GCRY_PK_RSA << 16): case GCRY_MD_SHA384 | (GCRY_PK_RSA << 16):
oid = "1.2.840.113549.1.1.13"; /* sha512WithRSAEncryption */ oid = "1.2.840.113549.1.1.12"; /* sha384WithRSAEncryption */
break; break;
case GCRY_MD_SHA224 | (GCRY_PK_ECC << 16): case GCRY_MD_SHA512 | (GCRY_PK_RSA << 16):
oid = "1.2.840.10045.4.3.1"; /* ecdsa-with-sha224 */ oid = "1.2.840.113549.1.1.13"; /* sha512WithRSAEncryption */
break; break;
case GCRY_MD_SHA256 | (GCRY_PK_ECC << 16): case GCRY_MD_SHA224 | (GCRY_PK_ECC << 16):
oid = "1.2.840.10045.4.3.2"; /* ecdsa-with-sha256 */ oid = "1.2.840.10045.4.3.1"; /* ecdsa-with-sha224 */
break; break;
case GCRY_MD_SHA384 | (GCRY_PK_ECC << 16): case GCRY_MD_SHA256 | (GCRY_PK_ECC << 16):
oid = "1.2.840.10045.4.3.3"; /* ecdsa-with-sha384 */ oid = "1.2.840.10045.4.3.2"; /* ecdsa-with-sha256 */
break; break;
case GCRY_MD_SHA512 | (GCRY_PK_ECC << 16): case GCRY_MD_SHA384 | (GCRY_PK_ECC << 16):
oid = "1.2.840.10045.4.3.4"; /* ecdsa-with-sha512 */ oid = "1.2.840.10045.4.3.3"; /* ecdsa-with-sha384 */
break; break;
case GCRY_MD_SHA512 | (GCRY_PK_EDDSA << 16): case GCRY_MD_SHA512 | (GCRY_PK_ECC << 16):
oid = "1.3.101.112"; /* ed25519 */ oid = "1.2.840.10045.4.3.4"; /* ecdsa-with-sha512 */
break; break;
default: case GCRY_MD_SHA512 | (GCRY_PK_EDDSA << 16):
return gpg_error (GPG_ERR_DIGEST_ALGO); oid = "1.3.101.112"; /* ed25519 */
break;
default:
return gpg_error (GPG_ERR_DIGEST_ALGO);
}
} }
if (is_pubkey) if (is_pubkey)