* agent/agent.h (agent_card_ecc_kem): New.
* agent/divert-scd.c (agent_card_ecc_kem): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key): New.
(ecc_extract_sk_from_key): New.
(ecc_raw_kem, get_cardkey, ecc_get_curve): New.
(ecc_pgp_kem_decrypt): Support a key on smartcard for ECC.
(composite_pgp_kem_decrypt): Handle a case of a key on smartcard.
* common/sexputil.c (get_ecc_curve_from_key): New.
* common/util.h (get_ecc_curve_from_key): New.
--
GnuPG-bug-id: 7097
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms.
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber.
* common/sexputil.c (get_pk_algo_from_key): Increase buffer for use
with "kyber1024".
* g10/call-agent.c (agent_get_keyinfo): Fix warning.
* g10/keygen.c (do_create_from_keygrip): Support Kyber.
(ask_algo): Ditto.
--
To test create a standard key and the use --edit-key and "addkey" with
selection 13 and use the comma delimited keygrips.
GnuPG-bug-id: 7014
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
keys.
(pubkey_algo_string): Ditto.
* scd/app-openpgp.c (do_writekey): Switch key attributes
--
The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key. We had
this only in GENKEY.
GnuPG-bug-id: 6378
* configure.ac: Require at least Libgcrypt 1.9.0. Remove all
GCRYPT_VERSION_NUMBER dependent code.
--
Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (cmp_canon_sexp): New.
(cmp_canon_sexp_def_tcmp): New.
* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
--
To be used to fix
GnuPG-bug-id: 5061
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sexputil.c (cipher_mode_to_string): New.
* sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
(gpgsm_decrypt): Show key algo and fingerprint
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey
algo name function
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (hash_algo_to_string): New.
--
Libgcrypt expects lowercase names and it is cumbersome to downcase
those retrieved via gcry_md_algo_name. It is easier and also faster
to use a dedicated map function.
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
* tools/card-tool-misc.c (pubkey_algo_string): Move to ...
* common/sexputil.c (pubkey_algo_string): here.
--
The new gpg format for public key algorithms is useful at other places
as well. Thus we make this new function available. Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h (get_pk_algo_from_key): New.
* common/sexputil.c (get_pk_algo_from_key): The implementation.
* agent/gpg-agent.c: Remove include of openpgpdefs.h.
* agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
(ssh_key_types): Update with GCRY_PK_*.
(make_cstring, sexp_extract_identifier): Remove.
(sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
(ssh_key_to_blob): Use cadr to get value list.
(ssh_key_type_lookup): Lookup with integer ALGO.
(ssh_receive_key): Follow the change of ssh_key_type_lookup.
(ssh_send_key_public): Likewise. Use get_pk_algo_from_key to get ALGO.
--
This fixes the regresson introduced by the commit
894789c3299dc47a8c1ccaaa7070382f0fae0262.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/exechelp-posix.c: Remove weak pragmas.
* common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
const.
--
We do not use Pth anymore and thus there is no more need for the weak
pragmas.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
char * vs. unsigned char * warnings. The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
sm/
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
this filter. Changed all callers.
* certchain.c (find_up_search_by_keyid): New helper.
(find_up): Also try using the AKI.keyIdentifier.
(find_up_external): Ditto.