security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

gpg: Introduce magic value 25519 to switch a card to ECC.

Browse Source 
* g10/card-util.c (show_keysize_warning): Slightly change the text.
(ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--

This is kludge to make it easier for gnuk to be switched into ECC
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-11-02 17:11:03 +01:00
parent 1651310203
commit ea09b6cded
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 59 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
g10/card-util.c
View File

@ -1317,12 +1317,11 @@ show_keysize_warning (void)
return; return;
shown = 1; shown = 1;
tty_printf tty_printf
(_("Note: There is no guarantee that the card " (_("Note: There is no guarantee that the card supports the requested\n"
"supports the requested size.\n" " key type or size. If the key generation does not succeed,\n"
" If the key generation does not succeed, " " please check the documentation of your card to see which\n"
"please check the\n" " key types and sizes are supported.\n")
" documentation of your card to see what " );
"sizes are allowed.\n"));
} }
@ -1353,40 +1352,61 @@ ask_card_keyattr (int keyno, unsigned int nbits)
xfree (prompt); xfree (prompt);
xfree (answer); xfree (answer);
if (req_nbits != nbits && (req_nbits % 32) ) if (req_nbits == 25519)
{ {
req_nbits = ((req_nbits + 31) / 32) * 32; if (req_nbits == nbits)
tty_printf (_("rounded up to %u bits\n"), req_nbits); return 0; /* Use default. */
}
if (req_nbits == nbits) tty_printf (_("The card will now be re-configured"
return 0; /* Use default. */ " to generate a key of type: %s\n"),
keyno==1? "cv25519":"ed25519");
if (req_nbits < min_nbits || req_nbits > max_nbits) show_keysize_warning ();
{ return req_nbits;
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
"RSA", min_nbits, max_nbits);
} }
else else
{ {
tty_printf (_("The card will now be re-configured " if (req_nbits != nbits && (req_nbits % 32) )
"to generate a key of %u bits\n"), req_nbits); {
show_keysize_warning (); req_nbits = ((req_nbits + 31) / 32) * 32;
return req_nbits; tty_printf (_("rounded up to %u bits\n"), req_nbits);
}
if (req_nbits == nbits)
return 0; /* Use default. */
if (req_nbits < min_nbits || req_nbits > max_nbits)
{
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
"RSA", min_nbits, max_nbits);
}
else
{
tty_printf (_("The card will now be re-configured"
" to generate a key of %u bits\n"), req_nbits);
show_keysize_warning ();
return req_nbits;
}
} }
} }
} }
/* Change the size of key KEYNO (0..2) to NBITS and show an error /* Change the size of key KEYNO (0..2) to NBITS and show an error
message if that fails. */ * message if that fails. Using the magic value 25519 for NBITS
* switches to ed25519 or cv25519 depending on the KEYNO. */
static gpg_error_t static gpg_error_t
do_change_keyattr (int keyno, unsigned int nbits) do_change_keyattr (int keyno, unsigned int nbits)
{ {
gpg_error_t err; gpg_error_t err;
char args[100]; char args[100];
snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits); if (nbits == 25519)
snprintf (args, sizeof args, "--force %d %d %s",
keyno+1,
keyno == 1? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_EDDSA,
keyno == 1? "cv25519" : "ed25519");
else
snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits);
err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL); err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
if (err) if (err)
log_error (_("error changing size of key %d to %u bits: %s\n"), log_error (_("error changing size of key %d to %u bits: %s\n"),
@ -1460,9 +1480,15 @@ generate_card_keys (ctrl_t ctrl)
for (keyno = 0; keyno < DIM (info.key_attr); keyno++) for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
{ {
if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA) if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA
|| info.key_attr[keyno].algo == PUBKEY_ALGO_ECDH
|| info.key_attr[keyno].algo == PUBKEY_ALGO_EDDSA)
{ {
nbits = ask_card_keyattr (keyno, info.key_attr[keyno].nbits); if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
nbits = ask_card_keyattr (keyno, info.key_attr[keyno].nbits);
else
nbits = ask_card_keyattr (keyno, 25519 /* magic */);
if (nbits && do_change_keyattr (keyno, nbits)) if (nbits && do_change_keyattr (keyno, nbits))
{ {
/* Error: Better read the default key size again. */ /* Error: Better read the default key size again. */
@ -1540,12 +1566,18 @@ card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
key size. */ key size. */
if (info.is_v2 && info.extcap.aac) if (info.is_v2 && info.extcap.aac)
{ {
if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA) if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA
|| info.key_attr[keyno].algo == PUBKEY_ALGO_ECDH
|| info.key_attr[keyno].algo == PUBKEY_ALGO_EDDSA)
{ {
unsigned int nbits; unsigned int nbits;
ask_again: ask_again:
nbits = ask_card_keyattr (keyno-1, info.key_attr[keyno-1].nbits); if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
nbits = ask_card_keyattr (keyno-1, info.key_attr[keyno-1].nbits);
else
nbits = ask_card_keyattr (keyno-1, 25519);
if (nbits && do_change_keyattr (keyno-1, nbits)) if (nbits && do_change_keyattr (keyno-1, nbits))
{ {
/* Error: Better read the default key size again. */ /* Error: Better read the default key size again. */