mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
gpg: Pass ECDH parameters to OpenPGP smartcards
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. -- Backported from 2.4 - here the gpg part. See-commit: c03ba92576e34f791430ab1c68814ff16c81407b This is related to GnuPG-bug-id: 6378
This commit is contained in:
parent
d03d0add12
commit
92af3f88a9
@ -957,7 +957,8 @@ agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
|
|||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
agent_keytocard (const char *hexgrip, int keyno, int force,
|
agent_keytocard (const char *hexgrip, int keyno, int force,
|
||||||
const char *serialno, const char *timestamp)
|
const char *serialno, const char *timestamp,
|
||||||
|
const char *ecdh_param_str)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
char line[ASSUAN_LINELENGTH];
|
char line[ASSUAN_LINELENGTH];
|
||||||
@ -965,8 +966,9 @@ agent_keytocard (const char *hexgrip, int keyno, int force,
|
|||||||
|
|
||||||
memset (&parm, 0, sizeof parm);
|
memset (&parm, 0, sizeof parm);
|
||||||
|
|
||||||
snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
|
snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s%s%s",
|
||||||
force?"--force ": "", hexgrip, serialno, keyno, timestamp);
|
force?"--force ": "", hexgrip, serialno, keyno, timestamp,
|
||||||
|
ecdh_param_str? " ":"", ecdh_param_str? ecdh_param_str:"");
|
||||||
|
|
||||||
rc = start_agent (NULL, 1);
|
rc = start_agent (NULL, 1);
|
||||||
if (rc)
|
if (rc)
|
||||||
|
@ -104,7 +104,8 @@ int agent_scd_getattr (const char *name, struct agent_card_info_s *info);
|
|||||||
|
|
||||||
/* Send the KEYTOCARD command. */
|
/* Send the KEYTOCARD command. */
|
||||||
int agent_keytocard (const char *hexgrip, int keyno, int force,
|
int agent_keytocard (const char *hexgrip, int keyno, int force,
|
||||||
const char *serialno, const char *timestamp);
|
const char *serialno, const char *timestamp,
|
||||||
|
const char *ecdh_param_str);
|
||||||
|
|
||||||
/* Send a SETATTR command to the SCdaemon. */
|
/* Send a SETATTR command to the SCdaemon. */
|
||||||
gpg_error_t agent_scd_setattr (const char *name,
|
gpg_error_t agent_scd_setattr (const char *name,
|
||||||
|
@ -1749,8 +1749,9 @@ card_store_subkey (KBNODE node, int use, strlist_t *processed_keys)
|
|||||||
int keyno;
|
int keyno;
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
char *hexgrip;
|
char *hexgrip = NULL;
|
||||||
int rc;
|
int rc;
|
||||||
|
char *ecdh_param_str = NULL;
|
||||||
gnupg_isotime_t timebuf;
|
gnupg_isotime_t timebuf;
|
||||||
|
|
||||||
log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
|
log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
|
||||||
@ -1824,8 +1825,17 @@ card_store_subkey (KBNODE node, int use, strlist_t *processed_keys)
|
|||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
epoch2isotime (timebuf, (time_t)pk->timestamp);
|
epoch2isotime (timebuf, (time_t)pk->timestamp);
|
||||||
rc = agent_keytocard (hexgrip, keyno, rc, info.serialno, timebuf);
|
if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
|
||||||
|
{
|
||||||
|
ecdh_param_str = ecdh_param_str_from_pk (pk);
|
||||||
|
if (!ecdh_param_str)
|
||||||
|
{
|
||||||
|
err = gpg_error_from_syserror ();
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
rc = agent_keytocard (hexgrip, keyno, rc, info.serialno,
|
||||||
|
timebuf, ecdh_param_str);
|
||||||
if (rc)
|
if (rc)
|
||||||
log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
|
log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
|
||||||
else
|
else
|
||||||
@ -1834,9 +1844,10 @@ card_store_subkey (KBNODE node, int use, strlist_t *processed_keys)
|
|||||||
if (processed_keys)
|
if (processed_keys)
|
||||||
add_to_strlist (processed_keys, hexgrip);
|
add_to_strlist (processed_keys, hexgrip);
|
||||||
}
|
}
|
||||||
xfree (hexgrip);
|
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
xfree (hexgrip);
|
||||||
|
xfree (ecdh_param_str);
|
||||||
agent_release_card_info (&info);
|
agent_release_card_info (&info);
|
||||||
return okay;
|
return okay;
|
||||||
}
|
}
|
||||||
|
@ -552,6 +552,7 @@ char *format_hexfingerprint (const char *fingerprint,
|
|||||||
char *buffer, size_t buflen);
|
char *buffer, size_t buflen);
|
||||||
gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array);
|
gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array);
|
||||||
gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip);
|
gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip);
|
||||||
|
char *ecdh_param_str_from_pk (PKT_public_key *pk);
|
||||||
|
|
||||||
|
|
||||||
/*-- kbnode.c --*/
|
/*-- kbnode.c --*/
|
||||||
|
22
g10/keygen.c
22
g10/keygen.c
@ -5128,22 +5128,41 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
|
|||||||
char *cache_nonce = NULL;
|
char *cache_nonce = NULL;
|
||||||
void *kek = NULL;
|
void *kek = NULL;
|
||||||
size_t keklen;
|
size_t keklen;
|
||||||
|
char *ecdh_param_str = NULL;
|
||||||
|
|
||||||
sk = copy_public_key (NULL, sub_psk);
|
sk = copy_public_key (NULL, sub_psk);
|
||||||
if (!sk)
|
if (!sk)
|
||||||
return gpg_error_from_syserror ();
|
return gpg_error_from_syserror ();
|
||||||
|
|
||||||
epoch2isotime (timestamp, (time_t)sk->timestamp);
|
epoch2isotime (timestamp, (time_t)sk->timestamp);
|
||||||
|
if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
|
||||||
|
{
|
||||||
|
ecdh_param_str = ecdh_param_str_from_pk (sk);
|
||||||
|
if (!ecdh_param_str)
|
||||||
|
{
|
||||||
|
free_public_key (sk);
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
}
|
||||||
|
}
|
||||||
err = hexkeygrip_from_pk (sk, &hexgrip);
|
err = hexkeygrip_from_pk (sk, &hexgrip);
|
||||||
if (err)
|
if (err)
|
||||||
|
{
|
||||||
|
xfree (ecdh_param_str);
|
||||||
|
free_public_key (sk);
|
||||||
return err;
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
memset(&info, 0, sizeof (info));
|
memset(&info, 0, sizeof (info));
|
||||||
rc = agent_scd_getattr ("SERIALNO", &info);
|
rc = agent_scd_getattr ("SERIALNO", &info);
|
||||||
if (rc)
|
if (rc)
|
||||||
|
{
|
||||||
|
xfree (ecdh_param_str);
|
||||||
|
free_public_key (sk);
|
||||||
return (gpg_error_t)rc;
|
return (gpg_error_t)rc;
|
||||||
|
}
|
||||||
|
|
||||||
rc = agent_keytocard (hexgrip, 2, 1, info.serialno, timestamp);
|
rc = agent_keytocard (hexgrip, 2, 1, info.serialno,
|
||||||
|
timestamp, ecdh_param_str);
|
||||||
xfree (info.serialno);
|
xfree (info.serialno);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
@ -5186,6 +5205,7 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
|
|||||||
agent_scd_learn (NULL, 1);
|
agent_scd_learn (NULL, 1);
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
xfree (ecdh_param_str);
|
||||||
xfree (cache_nonce);
|
xfree (cache_nonce);
|
||||||
gcry_cipher_close (cipherhd);
|
gcry_cipher_close (cipherhd);
|
||||||
xfree (kek);
|
xfree (kek);
|
||||||
|
22
g10/keyid.c
22
g10/keyid.c
@ -994,3 +994,25 @@ hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip)
|
|||||||
}
|
}
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return a hexfied malloced string of the ECDH parameters for an ECDH
|
||||||
|
* key from the public key PK. Returns NULL on error. */
|
||||||
|
char *
|
||||||
|
ecdh_param_str_from_pk (PKT_public_key *pk)
|
||||||
|
{
|
||||||
|
const unsigned char *s;
|
||||||
|
unsigned int n;
|
||||||
|
|
||||||
|
if (!pk
|
||||||
|
|| pk->pubkey_algo != PUBKEY_ALGO_ECDH
|
||||||
|
|| !gcry_mpi_get_flag (pk->pkey[2], GCRYMPI_FLAG_OPAQUE)
|
||||||
|
|| !(s = gcry_mpi_get_opaque (pk->pkey[2], &n)) || !n)
|
||||||
|
{
|
||||||
|
gpg_err_set_errno (EINVAL);
|
||||||
|
return NULL; /* Invalid parameter */
|
||||||
|
}
|
||||||
|
|
||||||
|
n = (n+7)/8;
|
||||||
|
return bin2hex (s, n, NULL);
|
||||||
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user