security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-13 00:09:51 +02:00
Code Activity

Allow generation of card keys up to 4096 bit.

Browse Source 
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.
This commit is contained in:
Werner Koch 2011-07-07 11:20:53 +02:00
parent 3fe9938202
commit fb44677c9f
6 changed files with 173 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -1,6 +1,10 @@
Noteworthy changes in version 2.0.18 (unreleased)
-------------------------------------------------
* Allow generation of card keys up to 4096 bit.
* Bug fix for newer versions of Libgcrypt.
Noteworthy changes in version 2.0.17 (2011-01-13)
-------------------------------------------------

90
g10/call-agent.c
View File

@ -76,6 +76,12 @@ struct genkey_parm_s
size_t sexplen;
};
struct scd_genkey_parm_s
{
struct agent_card_genkey_s *cgk;
char *savedbytes; /* Malloced space to save key parameter chunks. */
};
static gpg_error_t learn_status_cb (void *opaque, const char *line);
@ -694,14 +700,44 @@ agent_scd_writekey (int keyno, const char *serialno,
static gpg_error_t
scd_genkey_cb_append_savedbytes (struct scd_genkey_parm_s *parm,
const char *line)
{
gpg_error_t err = 0;
char *p;
if (!parm->savedbytes)
{
parm->savedbytes = xtrystrdup (line);
if (!parm->savedbytes)
err = gpg_error_from_syserror ();
}
else
{
p = xtrymalloc (strlen (parm->savedbytes) + strlen (line) + 1);
if (!p)
err = gpg_error_from_syserror ();
else
{
strcpy (stpcpy (p, parm->savedbytes), line);
xfree (parm->savedbytes);
parm->savedbytes = p;
}
}
return err;
}
/* Status callback for the SCD GENKEY command. */
static gpg_error_t
scd_genkey_cb (void *opaque, const char *line)
{
struct agent_card_genkey_s *parm = opaque;
struct scd_genkey_parm_s *parm = opaque;
const char *keyword = line;
int keywordlen;
gpg_error_t rc;
gpg_error_t rc = 0;
for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
;
@ -710,7 +746,7 @@ scd_genkey_cb (void *opaque, const char *line)
if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
{
parm->fprvalid = unhexify_fpr (line, parm->fpr);
parm->cgk->fprvalid = unhexify_fpr (line, parm->cgk->fpr);
}
else if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen))
{
@ -722,29 +758,47 @@ scd_genkey_cb (void *opaque, const char *line)
while (spacep (line))
line++;
rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, line, 0, NULL);
if (rc)
log_error ("error parsing received key data: %s\n", gpg_strerror (rc));
else if (*name == 'n' && spacep (name+1))
parm->n = a;
else if (*name == 'e' && spacep (name+1))
parm->e = a;
if (*name == '-' && spacep (name+1))
rc = scd_genkey_cb_append_savedbytes (parm, line);
else
{
log_info ("unknown parameter name in received key data\n");
gcry_mpi_release (a);
if (parm->savedbytes)
{
rc = scd_genkey_cb_append_savedbytes (parm, line);
if (!rc)
rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX,
parm->savedbytes, 0, NULL);
}
else
rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, line, 0, NULL);
if (rc)
log_error ("error parsing received key data: %s\n",
gpg_strerror (rc));
else if (*name == 'n' && spacep (name+1))
parm->cgk->n = a;
else if (*name == 'e' && spacep (name+1))
parm->cgk->e = a;
else
{
log_info ("unknown parameter name in received key data\n");
gcry_mpi_release (a);
rc = gpg_error (GPG_ERR_INV_PARAMETER);
}
xfree (parm->savedbytes);
parm->savedbytes = NULL;
}
}
else if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
{
parm->created_at = (u32)strtoul (line, NULL, 10);
parm->cgk->created_at = (u32)strtoul (line, NULL, 10);
}
else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
{
write_status_text (STATUS_PROGRESS, line);
}
return 0;
return rc;
}
/* Send a GENKEY command to the SCdaemon. SERIALNO is not used in
@ -759,9 +813,13 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
int rc;
char line[ASSUAN_LINELENGTH];
gnupg_isotime_t tbuf;
struct scd_genkey_parm_s parms;
(void)serialno;
memset (&parms, 0, sizeof parms);
parms.cgk = info;
rc = start_agent (1);
if (rc)
return rc;
@ -781,7 +839,9 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
memset (info, 0, sizeof *info);
rc = assuan_transact (agent_ctx, line,
NULL, NULL, default_inq_cb, NULL,
scd_genkey_cb, info);
scd_genkey_cb, &parms);
xfree (parms.savedbytes);
status_sc_op_failure (rc);
return rc;

2
g10/card-util.c
View File

@ -1284,7 +1284,7 @@ static unsigned int
ask_card_keysize (int keyno, unsigned int nbits)
{
unsigned int min_nbits = 1024;
unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan. */
unsigned int max_nbits = 4096;
char *prompt, *answer;
unsigned int req_nbits;

25
scd/app-openpgp.c
View File

@ -756,20 +756,29 @@ static void
send_key_data (ctrl_t ctrl, const char *name,
const unsigned char *a, size_t alen)
{
char *buf;
char *buffer, *buf;
size_t buflen;
buf = bin2hex (a, alen, NULL);
if (!buf)
buffer = buf = bin2hex (a, alen, NULL);
if (!buffer)
{
log_error ("memory allocation error in send_key_data\n");
return;
}
buflen = strlen (buffer);
/* 768 is the hexified size for the modulus of an 3072 bit key. We
use extra chunks to transmit larger data (i.e for 4096 bit). */
for ( ;buflen > 768; buflen -= 768, buf += 768)
send_status_info (ctrl, "KEY-DATA",
"-", 1,
buf, 768,
NULL, 0);
send_status_info (ctrl, "KEY-DATA",
name, (size_t)strlen(name),
buf, (size_t)strlen (buf),
buf, buflen,
NULL, 0);
xfree (buf);
xfree (buffer);
}
@ -2365,7 +2374,7 @@ change_keyattr (app_t app, int keyno, unsigned int nbits,
assert (keyno >=0 && keyno <= 2);
if (nbits > 3072)
if (nbits > 4096)
return gpg_error (GPG_ERR_TOO_LARGE);
/* Read the current attributes into a buffer. */
@ -2823,7 +2832,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
already lead to a 527 byte long status line and thus a 4096 bit
key would exceed the Assuan line length limit. */
keybits = app->app_local->keyattr[keyno].n_bits;
if (keybits > 3072)
if (keybits > 4096)
return gpg_error (GPG_ERR_TOO_LARGE);
/* Prepare for key generation by verifying the Admin PIN. */
@ -3377,6 +3386,8 @@ do_decipher (app_t app, const char *keyidstr,
fixuplen = 256 - indatalen;
else if (indatalen >= (384-16) && indatalen < 384) /* 3072 bit key. */
fixuplen = 384 - indatalen;
else if (indatalen >= (512-16) && indatalen < 512) /* 4096 bit key. */
fixuplen = 512 - indatalen;
else
fixuplen = 0;

8
scd/command.c
View File

@ -1287,11 +1287,15 @@ static const char hlp_genkey[] =
"\n"
"Generate a key on-card identified by NO, which is application\n"
"specific. Return values are application specific. For OpenPGP\n"
"cards 2 status lines are returned:\n"
"cards 3 status lines are returned:\n"
"\n"
" S KEY-FPR <hexstring>\n"
" S KEY-CREATED-AT <seconds_since_epoch>\n"
" S KEY-DATA [p|n] <hexdata>\n"
" S KEY-DATA [-|p|n] <hexdata>\n"
"\n"
" 'p' and 'n' are the names of the RSA parameters; '-' is used to\n"
" indicate that HEXDATA is the first chunk of a parameter given\n"
" by the next KEY-DATA.\n"
"\n"
"--force is required to overwrite an already existing key. The\n"
"KEY-CREATED-AT is required for further processing because it is\n"