mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a string. * g10/keygen.c (check_keygrip): Adjust for change. * sm/certreqgen-ui.c (check_keygrip): Likewise. * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry. * g10/misc.c (map_pk_openpgp_to_gcry): Remove. (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2. (openpgp_pk_test_algo2): Rewrite. (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA. (openpgp_pk_algo_name): Rewrite to remove need for gcry calls. (pubkey_get_npkey, pubkey_get_nskey): Ditto. (pubkey_get_nsig, pubkey_get_nenc): Ditto. * g10/keygen.c(do_create_from_keygrip): Support EdDSA. (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto. * g10/build-packet.c (do_key): Ditto. * g10/export.c (transfer_format_to_openpgp): Ditto. * g10/getkey.c (cache_public_key): Ditto. * g10/import.c (transfer_secret_keys): Ditto. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. * g10/mainproc.c (proc_pubkey_enc): Ditto. * g10/parse-packet.c (parse_key): Ditto, * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto. * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name. * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only OpenPGP algo ids and support EdDSA. * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids. * g10/seskey.c (encode_md_value): Ditto. -- This patch separates Libgcrypt and OpenPGP public key algorithms ids and in most cases completely removes the Libgcrypt ones. This is useful because for Libgcrypt we specify the algorithm in the S-expressions and the public key ids are not anymore needed. This patch also adds some support for PUBKEY_ALGO_EDDSA which will eventually be used instead of merging EdDSA with ECDSA. As of now an experimental algorithm id is used but the plan is to write an I-D so that we can get a new id from the IETF. Note that EdDSA (Ed25519) does not yet work and that more changes are required. The ECC support is still broken right now. Needs to be fixed. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
ea8a1685f7
commit
b7f8dec632
21 changed files with 323 additions and 253 deletions
22
g10/seskey.c
22
g10/seskey.c
|
|
@ -255,20 +255,20 @@ gcry_mpi_t
|
|||
encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
|
||||
{
|
||||
gcry_mpi_t frame;
|
||||
int pkalgo;
|
||||
size_t mdlen;
|
||||
|
||||
assert (hash_algo);
|
||||
assert (pk);
|
||||
|
||||
pkalgo = map_pk_openpgp_to_gcry (pk->pubkey_algo);
|
||||
|
||||
if (pkalgo == GCRY_PK_ECDSA && openpgp_oid_is_ed25519 (pk->pkey[0]))
|
||||
if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
|
||||
{
|
||||
/* EdDSA signs data of arbitrary length. Thus no special
|
||||
treatment is required. */
|
||||
frame = gcry_mpi_set_opaque_copy (NULL, gcry_md_read (md, hash_algo),
|
||||
8*gcry_md_get_algo_dlen (hash_algo));
|
||||
}
|
||||
else if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA)
|
||||
else if (pk->pubkey_algo == PUBKEY_ALGO_DSA
|
||||
|| pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
|
||||
{
|
||||
/* It's a DSA signature, so find out the size of q. */
|
||||
|
||||
|
|
@ -276,11 +276,10 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
|
|||
|
||||
/* pkey[1] is Q for ECDSA, which is an uncompressed point,
|
||||
i.e. 04 <x> <y> */
|
||||
if (pkalgo == GCRY_PK_ECDSA)
|
||||
if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
|
||||
qbits = ecdsa_qbits_from_Q (qbits);
|
||||
|
||||
/* Make sure it is a multiple of 8 bits. */
|
||||
|
||||
if ((qbits%8))
|
||||
{
|
||||
log_error(_("DSA requires the hash length to be a"
|
||||
|
|
@ -297,7 +296,8 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
|
|||
if (qbits < 160)
|
||||
{
|
||||
log_error (_("%s key %s uses an unsafe (%zu bit) hash\n"),
|
||||
gcry_pk_algo_name (pkalgo), keystr_from_pk (pk), qbits);
|
||||
openpgp_pk_algo_name (pk->pubkey_algo),
|
||||
keystr_from_pk (pk), qbits);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
@ -305,7 +305,7 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
|
|||
/* ECDSA 521 is special has it is larger than the largest hash
|
||||
we have (SHA-512). Thus we chnage the size for further
|
||||
processing to 512. */
|
||||
if (pkalgo == GCRY_PK_ECDSA && qbits > 512)
|
||||
if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA && qbits > 512)
|
||||
qbits = 512;
|
||||
|
||||
/* Check if we're too short. Too long is safe as we'll
|
||||
|
|
@ -315,8 +315,8 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
|
|||
{
|
||||
log_error (_("%s key %s requires a %zu bit or larger hash "
|
||||
"(hash is %s)\n"),
|
||||
gcry_pk_algo_name (pkalgo),
|
||||
keystr_from_pk(pk), qbits,
|
||||
openpgp_pk_algo_name (pk->pubkey_algo),
|
||||
keystr_from_pk (pk), qbits,
|
||||
gcry_md_algo_name (hash_algo));
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue