security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

Editorial changes and allow building with old libgcrypts.

Browse source 
Changed order of some conditional to make to put the special case into
the true branch.  Indentation changes.  Minor other changes to make the
ECC code more similar to the rest of our code.

It builds but many sefltests still fail.  Need to fix that before
using it with an ECDH enabled libgcrypt.

[/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP.
	(HAVE_GCRY_PK_ECDH): Add new test.

[agent/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.

[include/]
2011-01-21  Werner Koch  <wk@g10code.com>

	* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
	because we now require libgcrypt 1.4.6.
	(GCRY_PK_ECDH): Add replacement.
This commit is contained in:
Werner Koch 2011-01-21 12:00:57 +01:00
parent a66772aa63
commit 90b0ff23b7
29 changed files with 873 additions and 763 deletions
Download patch file Download diff file Expand all files Collapse all files

4
agent/ChangeLog
View file

@ -1,3 +1,7 @@
2011-01-21 Werner Koch <wk@g10code.com>
* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.
2010-12-02 Werner Koch <wk@g10code.com>
* gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL) [W32CE]: Set to 60

31
agent/cvt-openpgp.c
View file

@ -28,6 +28,13 @@
#include "i18n.h"
#include "cvt-openpgp.h"
/* Macros for compatibility with older libgcrypt versions. */
#ifndef HAVE_GCRY_PK_ECDSA
# define GCRY_PK_ECDH 302
#endif
/* Helper to pass data via the callback to do_unprotect. */
struct try_do_unprotect_arg_s
@ -100,8 +107,8 @@ get_keygrip (int pubkey_algo, gcry_mpi_t *pkey, unsigned char *grip)
/* Convert a secret key given as algorithm id and an array of key
parameters into our s-expression based format.
pubkey_algo is a libgcrypt ID
parameters into our s-expression based format. Note that
PUBKEY_ALGO is a standard id and not an OpenPGP id.
*/
static gpg_error_t
convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey)
@ -111,7 +118,8 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey)
*r_key = NULL;
pubkey_algo = map_pk_openpgp_to_gcry( pubkey_algo );
/* FIXME: This is not consistent with the above comment. */
pubkey_algo = map_pk_openpgp_to_gcry (pubkey_algo);
switch (pubkey_algo)
{
@ -224,9 +232,9 @@ do_unprotect (const char *passphrase,
*r_key = NULL;
/* Unfortunately, the OpenPGP PK algorithm numbers need to be re-mapped for Libgcrypt
*/
pubkey_algo = map_pk_openpgp_to_gcry( pubkey_algo );
/* Unfortunately, the OpenPGP PK algorithm numbers need to be
re-mapped for Libgcrypt. */
pubkey_algo = map_pk_openpgp_to_gcry (pubkey_algo);
/* Count the actual number of MPIs is in the array and set the
remainder to NULL for easier processing later on. */
@ -655,7 +663,7 @@ convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp,
string = gcry_sexp_nth_string (list, 1);
if (!string)
goto bad_seckey;
pubkey_algo = gcry_pk_map_name (string); /* ligcrypt IDs */
pubkey_algo = gcry_pk_map_name (string);
xfree (string);
if (gcry_pk_algo_info (pubkey_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
@ -1022,7 +1030,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
}
algo = gcry_pk_map_name (name);
log_debug ( "convert to openpgp begin for algo=%s\n", name );
xfree (name);
switch (algo)
@ -1052,7 +1059,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
err = apply_protection (array, npkey, nskey, passphrase,
GCRY_CIPHER_AES, protect_iv, sizeof protect_iv,
3, GCRY_MD_SHA1, salt, s2k_count);
///log_debug ( "convert to openpgp: after applying protection, err = %d\n", err );
/* Turn it into the transfer key S-expression. Note that we always
return a protected key. */
if (!err)
@ -1082,8 +1088,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
put_membuf_str (&mbuf, ")\n");
put_membuf (&mbuf, "", 1);
///log_debug ( "convert to openpgp: calling gcry_sexp_build\n" );
tmpkey = NULL;
{
char *format = get_membuf (&mbuf, NULL);
@ -1093,7 +1097,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
err = gcry_sexp_build_array (&tmpkey, NULL, format, format_args);
xfree (format);
}
///log_debug ( "convert to openpgp: calling gcry_sexp_build before err=%d\n", err );
if (!err)
err = gcry_sexp_build (&tmpsexp, NULL,
"(openpgp-private-key\n"
@ -1106,7 +1109,6 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
(int)sizeof protect_iv, protect_iv,
(int)sizeof salt, salt,
countbuf);
///log_debug ( "convert to openpgp: after gcry_sexp_build, err = %d\n", err );
gcry_sexp_release (tmpkey);
if (!err)
err = make_canon_sexp_pad (tmpsexp, 0, r_transferkey, r_transferkeylen);
@ -1116,8 +1118,5 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
for (i=0; i < DIM (array); i++)
gcry_mpi_release (array[i]);
log_debug ( "convert to openpgp end with err=%d\n", err );
return err;
}

2
agent/gpg-agent.c
View file

@ -2304,6 +2304,8 @@ check_for_running_agent (int silent, int mode)
}
/* TODO: it is also in misc, which is not linked with the agent */
/* FIXME: The agent should not know about openpgp internals - weel
except for some stuff in cvt-openpgp. */
int
map_pk_openpgp_to_gcry (int algo)
{

37
agent/protect.c
View file

@ -43,7 +43,7 @@
/* A table containing the information needed to create a protected
private key */
private key. */
static struct {
const char *algo;
const char *parmlist;
@ -428,9 +428,6 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char *p;
gcry_md_hd_t md;
if (opt.debug & DBG_CRYPTO_VALUE)
log_info ("Protecting key=%s, passphrase=%s\n", plainkey, passphrase);
/* Create an S-expression with the protected-at timestamp. */
memcpy (timestamp_exp, "(12:protected-at15:", 19);
gnupg_get_isotime (timestamp_exp+19);
@ -459,55 +456,41 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
for (infidx=0; protect_info[infidx].algo
&& !smatch (&s, n, protect_info[infidx].algo); infidx++)
;
if (!protect_info[infidx].algo) {
log_info ("Unsupported alg %d for protection\n", protect_info[infidx].algo);
if (!protect_info[infidx].algo)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
}
prot_begin = prot_end = NULL;
for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
{
if (i == protect_info[infidx].prot_from)
prot_begin = s;
if (*s != '(') {
log_info ("Unbalanced bracket in S-expression #1\n");
if (*s != '(')
return gpg_error (GPG_ERR_INV_SEXP);
}
depth++;
s++;
n = snext (&s);
if (!n) {
log_info ("Cannot get the length of S-expression field\n");
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
}
if (n != 1 || c != *s) {
log_info ("Invalid length in S-expression field\n");
if (n != 1 || c != *s)
return gpg_error (GPG_ERR_INV_SEXP);
}
s += n;
s += n;
n = snext (&s);
if (!n) {
log_info ("Invalid fieled in S-expression field\n");
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
}
s +=n; /* skip value */
if (*s != ')') {
log_info ("Unbalanced bracket in S-expression #2\n");
if (*s != ')')
return gpg_error (GPG_ERR_INV_SEXP);
}
depth--;
if (i == protect_info[infidx].prot_to)
prot_end = s;
s++;
}
if (*s != ')' || !prot_begin || !prot_end ) {
log_info ("Unbalanced bracket in S-expression #3\n");
if (*s != ')' || !prot_begin || !prot_end )
return gpg_error (GPG_ERR_INV_SEXP);
}
depth--;
hash_end = s;
s++;
/* skip to the end of the S-exp */
/* Skip to the end of the S-expression. */
assert (depth == 1);
rc = sskip (&s, &depth);
if (rc)