NIIBE Yutaka
e249f51c64
ecc-sos, agent: More fixes for fixup of ECC private key.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-04 10:48:39 +09:00
NIIBE Yutaka
d1af7b781c
ecc-sos,agent: Fix sexp parsing of private key.
...
* agent/sexp-secret.c (fixup_when_ecc_private_key): Correctly parse
SEXP.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-03 20:27:29 +09:00
NIIBE Yutaka
5f3fcb579f
ecc-sos, agent: Add fixing up private key part for leading zero.
...
GnuPG-bug-id: 4956
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-03 13:01:35 +09:00
NIIBE Yutaka
3d3f99d76a
Revert "ecc-sos: Add special leading zero octet removal."
...
This reverts commit 1c4291c3951dc73db1511f6198555c2a7642bf12.
2020-06-01 11:39:00 +09:00
NIIBE Yutaka
2fc7fbc46b
ecc-sos: SOS as Strange Octet String.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-27 16:15:26 +09:00
NIIBE Yutaka
1c4291c395
ecc-sos: Add special leading zero octet removal.
...
* agent/cvt-openpgp.c (extract_private_key): Remove leading zeros.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-27 12:06:27 +09:00
NIIBE Yutaka
6d226ec8bd
ecc-sos: Fix SOS handling and revert change of cvt protocol.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-26 15:20:40 +09:00
NIIBE Yutaka
85acf0699e
ecc-sos: Unsigned integer for SSH, more.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-26 14:20:38 +09:00
NIIBE Yutaka
df3628f958
ecc-sos: Use unsigned integer format for SSH.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-26 14:19:44 +09:00
NIIBE Yutaka
324dbe3eb5
ecc-sos: When reading private key, it's unsigned.
...
* agent/findkey.c (agent_public_key_from_file): Use 'M' format.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-26 12:50:22 +09:00
NIIBE Yutaka
f3d07c634e
agent: SSH clean up.
...
* agent/command-ssh.c (ssh_receive_key): Use sexp_key_construct for
EdDSA.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-26 11:53:56 +09:00
NIIBE Yutaka
cbf30c1da9
ecc-sos: Backport master change for ECDH.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-25 14:20:04 +09:00
NIIBE Yutaka
bdf0fb3158
Revert "ecc-sos: Fix SOS handling in do_unprotect."
...
This reverts commit 43c0c19fcae57529ea57079e034827372ed0b2b7.
2020-05-25 14:03:46 +09:00
NIIBE Yutaka
43c0c19fca
ecc-sos: Fix SOS handling in do_unprotect.
...
* agent/cvt-openpgp.c (do_unprotect): Exclude the case when
the first byte is zero.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-20 18:33:51 +09:00
NIIBE Yutaka
bc3d003e00
ecc-sos: Avoid using gcry_mpi_print and gcry_mpi_scan.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-20 15:15:44 +09:00
NIIBE Yutaka
cea6925fa4
ecc-sos: Fix ECDH.
...
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix deallocation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-20 12:03:07 +09:00
NIIBE Yutaka
0691234951
agent: Don't use gcry_mpi_scan when not needed.
...
* agent/pksign.c (do_encode_md): Use %b to build sexp.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-19 11:35:52 +09:00
NIIBE Yutaka
705954149b
ecc-sos: Fix exporting secret key for SOS.
...
* g10/export.c (transfer_format_to_openpgp): Use SOS.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-19 11:17:02 +09:00
NIIBE Yutaka
37aa23c55c
ecc-sos: Fix gpg-agent for SOS handling.
...
* agent/cvt-openpgp.c (scan_pgp_format): New.
(do_unprotect): Fix NBITS in SOS. Use scan_pgp_format.
(convert_from_openpgp_main): Always use opaque MPI.
Use GCRYMPI_FLAG_USER1 for encrypted data.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-18 15:45:31 +09:00
NIIBE Yutaka
1e079f4601
ecc-sos: gpg-agent access ECC public key as opaque string.
...
* agent/cvt-openpgp.c (extract_private_key): Use "/q" for public key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-14 16:45:15 +09:00
NIIBE Yutaka
8513ab8bf3
ecc-sos: Use opaque for key from agent.
...
* g10/export.c (cleartext_secret_key_to_openpgp): Use /q.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-14 14:56:23 +09:00
NIIBE Yutaka
93cefe9497
ecc-sos: Compatible mode for SOS.
...
* g10/build-packet.c (sos_write): Add an argument COMPAT. When
COMPAT=1, NBITS specifies number of bits when interpreted as MPI,
except the case when the first octet is zero.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-14 14:28:39 +09:00
NIIBE Yutaka
58ad686bfe
ecc-sos: No need to expose sos_write.
...
* g10/build-packet.c (sos_write): Rename from gpg_sos_write.
* g10/packet.h (gpg_sos_write): Remove.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-14 14:10:23 +09:00
NIIBE Yutaka
e02347b2ab
ecc-sos: Clean up use of mpi_get_opaque.
...
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Tidy up.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-12 13:42:07 +09:00
NIIBE Yutaka
e6c975280a
ecc-sos: Remove zero-octet removal on write.
...
* g10/build-packet.c (gpg_mpi_write): Don't remove zero bits.
* g10/packet.h (CALC_NBITS): Remove.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-08 11:42:20 +09:00
NIIBE Yutaka
70af2165ec
ecc-sos: Fix gpg_mpi_write for opaque bit string.
...
* g10/build-packet.c (gpg_mpi_write): Handle opaque bit string
when it's has exact number of bits.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 19:00:38 +09:00
NIIBE Yutaka
4cc4ff03a2
ecc-sos: Fix reading SEXP from agent.
...
* g10/keygen.c (ecckey_from_sexp): Use GCRYMPI_FMT_OPAQUE.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 13:12:09 +09:00
NIIBE Yutaka
a9b31fc3e4
ecc-sos: Fix parsing key for EdDSA/ECDH.
...
* g10/parse-packet.c (parse_key): Read by sos_read.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 11:56:28 +09:00
NIIBE Yutaka
ed4c1e213a
ecc-sos: public key is MPI with the prefix 0x40.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
f27a581090
sos: don't change NBITS.
...
For SOS, an ECC point with prefix 0x40 can be represented in two ways.
One for 0x40 interpreted as 7-bit, another as 8-bit (MSB is zero).
This matters for fingerprint computation, so, the representation
should be preserved, or we should use another flag to hold the
difference in the representation...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
638328a33d
sos: Fix fingerprint computation.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
f031b0fb6c
agent: Fix converting to OpenPGP.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
3fae9540c6
Fix exporting key for ECC.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
0e40b033b8
gpg: Fix for the condition calling gpg_sos_write.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
5b094067f7
gpg: Use opaque MPI for shared point.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
b73fef0376
gpg: Implement the fix-up of zero for SOS.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
ac977526ac
gpg: Use opaque MPI for ECDH.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
c31fd44737
gpg: Use GCRYMPI_FLAG_USER2 for SOS, and hash_public_key with that.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:08 +09:00
NIIBE Yutaka
93bcc87bd0
Add sos_read.
...
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:07 +09:00
NIIBE Yutaka
120f4e8c67
gpg: Use opaque byte MPI interface for ECC key.
...
* g10/keygen.c (ecckey_from_sexp): Parse by GCRYMPI_FMT_OPAQUE.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:07 +09:00
NIIBE Yutaka
2096965c53
gpg: Introduce SOS (Simply Octet String) support.
...
* g10/build-packet.c (gpg_sos_write): New.
(do_key): Use gpg_sos_write.
(do_signature): Use gpg_sos_write for EdDSA.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-04 10:57:07 +09:00
Werner Koch
5da6925a33
sm: Add support to export ECC private keys.
...
* sm/minip12.c [TEST]: Remove test code. Include util.h, tlv.h. and
openpgpdefs.h. Remove the class and tag constants and replace them by
those from tlv.h.
(builder_add_oid, builder_add_mpi): New.
(build_key_sequence): Rename to ...
(build_rsa_key_sequence): this.
(build_ecc_key_sequence): New.
(p12_build): Call RSA or ECC builder.
(p12_raw_build): Ditto.
* sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
(sexp_to_kparms): Support ECC.
* sm/t-minip12.c: New to replace the former TEST code in minip12.h.
--
GnuPG-bug-id: 4921
2020-04-27 19:54:39 +02:00
Werner Koch
5ea878274e
common: Add an easy to use DER builder.
...
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
--
Such code should actually go into libksba and we will eventually do
that. However, for now it is easier to keep it here.
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-24 15:37:48 +02:00
Werner Koch
c03f80dc19
sm: Minor debug output format changes.
...
--
2020-04-23 10:00:18 +02:00
Werner Koch
95d83cf906
sm: Support decryption of ECDH data.
...
* sm/decrypt.c: Include tlv.h.
(string_from_gcry_buffer): New.
(hash_ecc_cms_shared_info): New.
(ecdh_decrypt): New.
(prepare_decryption): Support ECDH. Add arg pk_algo.
(gpgsm_decrypt): Lift some variables from an inner code block.
--
Note: This has only been tested with a single messages created by
OpenSSL and taken from the Mozilla bug tracker. In particular the
code to included UserKeyingMaterial (ukm) has not been tested.
GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-23 09:59:13 +02:00
Werner Koch
5d015b38eb
common: Add functions to help create DER objects.
...
* common/tlv.c (put_tlv_to_membuf): New.
(get_tlv_length): New.
* common/tlv.h: Include membuf.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-23 09:51:15 +02:00
Werner Koch
8dfef5197a
sm: Support import of PKCS#12 encoded ECC private keys.
...
* sm/minip12.c: Include ksba.h.
(oid_pcPublicKey): New const.
(parse_bag_data): Add arg 'r-curve'. Support parsing of ECC private
keys.
(p12_parse): Add arg 'r_curve'.
* sm/import.c (parse_p12): Support ECC import.
--
GnuPG-bug-id: 4921
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-21 21:05:39 +02:00
Werner Koch
a6d2f31337
sm: Replace some debug message by log_error or log_info
...
--
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-21 21:05:32 +02:00
Werner Koch
f05a32e5c9
scd:nks: Allow retrieving certificates from a Signature Card v.20
...
* scd/app-nks.c: Major rework to support non-RSA cards.
--
This is a fist step so support this ECC card. The code has been
reworked while taking care that old cards should keep on working.
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-17 16:09:58 +02:00
Werner Koch
3633ca6e21
scd: Detect missing card in "getinfo all_active_apps".
...
* scd/app.c (send_card_and_app_list): Detect no app case.
--
This is a minor nug fix to return a better error message.
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-17 16:09:54 +02:00