--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384.
* g10/pkglue.c (do_encrypt_kem): Ditto.
--
GnuPG-bug-id: 6815
Note, this needs the very latest Libgcrypt to work properly
* g10/pkglue.c (do_encrypt_kem): Support cv25519 w/o 0x40
prefix. Support X448.
(ECC_POINT_LEN_MAX): New.
(ECC_HASH_LEN_MAX): New.
* common/openpgp-oid.c (oidtable): Support X448 KEM.
--
This needs more work. For example we should use a parameter table
like what we do in agent/pkdecrypt.c.
GnuPG-bug-id: 6815
* common/openpgp-oid.c (openpgp_is_curve_supported): Allow the
abbreviated curve name.
* g10/pkglue.c (pk_encrypt): Add debug output.
* g10/seskey.c (encode_session_key): Handle Kyber session key like
ECDH. This is just a stub.
* g10/keygen.c (ecckey_from_sexp): Use the modern OID for cv25519.
(parse_key_parameter_part): Allow more Kyber variants.
--
Test by creating an ed25519 key and using
gpg --quick-add-key --batch --passphrase "" <fingerprint> <algo>
to create several subkeys. Tested with ALGOs:
kyber768
kyber1024
ky768_cv25519
ky768_bp256
kyber768_nistp256
ky1024_cv448
All curves capable of encryption should work.
GnuPG-bug-id: 6815
* agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms.
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber.
* common/sexputil.c (get_pk_algo_from_key): Increase buffer for use
with "kyber1024".
* g10/call-agent.c (agent_get_keyinfo): Fix warning.
* g10/keygen.c (do_create_from_keygrip): Support Kyber.
(ask_algo): Ditto.
--
To test create a standard key and the use --edit-key and "addkey" with
selection 13 and use the comma delimited keygrips.
GnuPG-bug-id: 7014
* common/openpgp-oid.c (oidtable): Add column "abbr" and set them for
Brainpool.
(openpgp_oid_to_curve): Rename arg "canon" to "mode" and implement
mode 2.
--
For dual algorithms (PQC) we need shorter versions of brainpool to
avoid names which otherwise might be capped when printed.
* common/openpgp-oid.c (openpgp_curve_to_oid): Repalce strmcp by
ascii_strcasecmp.
(openpgp_oid_or_name_to_curve): Ditto.
(openpgp_is_curve_supported): Ditto.
(get_keyalgo_string): Ditto.
--
It was just to hard to remember the correct capitalization of
names like brainpoolP512r1.
* common/openpgp-oid.c (oidtable): Add them.
(oid_ed25519_v5, oid_cv25519_v5): New.
(openpgp_oidbuf_is_ed25519): Take new OID in account.
(openpgp_oidbuf_is_cv25519): Ditto.
--
ed25519 is used in GnuPG and other implementations since 2015 and thus
we can't simply switch to the shorter OIDs. However, we have not
widely used them with v5 keys (only ed448 forced the use of v5) and
thus it might be possible to use the new OIDs with v5 keys.
Note that Libgcrypt supports the new OIDs even in 1.8.
common/openpgp-oid.c (oidtable): Ed448 uses 456-bit signature.
--
While the curve itself is 448-bit, the signature size is 456-bit.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
conversion.
* dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
int to float.
* sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
(gpgsm_get_key_algo_info2): new.
(gpgsm_pubkey_algo_string): New.
* sm/keylist.c (list_cert_colon): Put curve into field 17
(list_cert_raw): Print the unified key algotithm string instead of the
algo and size.
(list_cert_std): Ditto.
--
It is important to known whether a 256 bit ECC uses a NIST or a
Brainpool curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
* common/openpgp-oid.c (openpgp_oid_or_name_to_curve): New.
(get_keyalgo_string): Use it.
--
We do not always have an OID, so except the name or the alias of the
curve as well. This creates a second entry mapping to the same name
but that does not matter.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_oid_to_str): Remove duplicated call.
--
The removed function was already called. No memleak etc, though.
Fixes-commit: 4a1558d0c7190cf13d35385e47291a7aa121be3e
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (struct keyalgo_string_s): New.
(keyalgo_strings): New.
(keyalgo_strings_size, keyalgo_strings_used): New.
(get_keyalgo_string): New.
--
This function is intended as a more general version of gpg's
pubkey_string function. It has the advantage to avoid mallocs and
uses static table of algorithm strings instead. There should be only
a few dozen of such strings (if at all) and thus all those allocations
we do internally in gpg's pubkey_string and the static buffers all
over the place are not too nice.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (map_pk_gcry_to_openpgp): Move to ...
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename.
Change all 4 callers.
(map_openpgp_pk_to_gcry): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
to ...
(openpgp_oidbuf_to_str): new.
(openpgp_oidbuf_is_ed25519): New.
(openpgp_oidbuf_is_cv25519): New.
--
At some places it is more convenient (and faster) to directly work on
buffers and avoid the way via opaque MPIs. These 3 new functions
allow for that.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--
This new option is intended to be used in the forthcoming
--set-profile command of gpgconf. It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
canonical name of the curve and alias.
--
Only alias (the name for print) was allowed before this change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
(openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change
callers.
--
We use "cv25519" everywhere else and thus the test function should not
have a surprising name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c: Include openpgpdefs.h.
(oidtable): Add field pubkey_algo.
(openpgp_is_curve_supported): New.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (oidtable): Change alias.
--
This is a cosmetic change so that common and expected common
algorithms line up nicely in a keylisting. For example:
pub ed25519/C68CE6D1ED0319C8 2015-08-06
uid [ultimate] Curve25519 Test 150806.1
sub cv25519/49238B9F0712C9BF 2015-08-06
sub rsa2048/8AEAF74014699D2C 2015-08-06
sub cv25519/8EC3776830B08736 2015-08-06
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.
--
When libgcrypt has Curve25519, GnuPG now supports Curve25519.
* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.
--
Change the function so that caller can select canonical name of curve
or name for printing. Suggested by wk.
* common/openpgp-oid.c (openpgp_oid_to_str): Take care of
gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF.
--
It is possible that an opaque MPI stores just a NULL pointer. Take
care of that before incrementing the pointer. We return an error in
this case because at least a length byte is required.
Found due to hint from stack 0.3:
bug: anti-simplify
model: |
%tobool15 = icmp ne i8* %incdec.ptr, null, !dbg !567
--> true
stack:
- /home/wk/s/gnupg/common/openpgp-oid.c:220:0
ncore: 1
core:
- /home/wk/s/gnupg/common/openpgp-oid.c:212:0
- pointer overflow
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
* common/t-openpgp-oid.c (BADOID): New.
(test_openpgp_oid_to_str): Add test cases.
--
The code has an obvious error by not considering invalid encoding for
arc-2. A first byte of 0x80 can be used to make a value of less then
80 and we then subtract 80 from that value as required by the OID
encoding rules. Due to the unsigned integer this results in a pretty
long value which won't fit anymore into the allocated buffer.
The fix is obvious. Also added a few simple test cases. Note that we
keep on using sprintf instead of snprintf because managing the
remaining length of the buffer would probably be more error prone than
assuring that the buffer is large enough. Getting rid of sprintf
altogether by using direct conversion along with membuf_t like code
might be possible.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.
--
Due to the previous change we now usually store the OID with the
private key and not the name. Thus during import we do not anymore
need to map the name to an oid but can use the oid directly. We fix
that by extending openpgp_curve_to_oid to allow an oidstr as input.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey. Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp): Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
"NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.
* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
* g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
* g10/options.h (struct opt): Add field legacy_list_mode.
* g10/keydb.h (PUBKEY_STRING_SIZE): New.
* g10/keyid.c (pubkey_string): New.
* g10/import.c (import_one, import_secret_one): Use pubkey_string.
* g10/keylist.c (print_seckey_info): Ditto.
(print_pubkey_info, print_card_key_info): Ditto.
(list_keyblock_print): Ditto.
* g10/mainproc.c (list_node): Ditto.
* g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
* g10/keyedit.c (show_key_with_all_names): Ditto. Also change the
format.
(show_basic_key_info): Ditto.
* common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
(openpgp_oid_to_curve): Downcase "ed25519"
--
For ECC it seems to be better to show the name of the curve and not
just the size of the prime field. The curve name does not anymore fit
into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length
format does not work either. Thus the new format uses
"rsa2048" - RSA with 2048 bit
"elg1024" - Elgamal with 1024 bit
"ed25519" - ECC using the curve Ed25519.
"E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
unless --legacy-list-mode is given. In does not anymore line up
nicely in columns thus I expect further changes to this new format.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
Ed25519. Add brainpool OIDs.
(openpgp_oid_to_curve): Ditto.
--
This change is required to the change in Libgcrypt. Note that we will
likely use a different OpenPGP algorithm ID for EdDSA and thus the
current Ed25519 implementation will not stay with us.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New. Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case. Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--
Be warned that this code is subject to further changes and that the
format will very likely change before a release. There are also known
bugs and missing code.
Signed-off-by: Werner Koch <wk@gnupg.org>