1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
gnupg/agent/sexp-secret.c
NIIBE Yutaka a763bb2580 gpg,agent: Support Ed448 signing.
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-24 10:05:03 +09:00

143 lines
3.9 KiB
C

/* sexp-secret.c - SEXP handling of the secret key
* Copyright (C) 2020 g10 Code GmbH.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include <config.h>
#include "agent.h"
#include "../common/sexp-parse.h"
/*
* When it's for ECC, fixup private key part in the cannonical SEXP
* representation in BUF. If not ECC, do nothing.
*/
gpg_error_t
fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p)
{
const unsigned char *s;
char curve_name[256];
size_t n;
size_t buflen = *buflen_p;
s = buf;
if (*s != '(')
return gpg_error (GPG_ERR_INV_SEXP);
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (smatch (&s, n, "shadowed-private-key"))
return 0; /* Nothing to do. */
if (!smatch (&s, n, "private-key"))
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++;
n = snext (&s);
if (!smatch (&s, n, "ecc"))
return 0;
/* It's ECC */
while (*s == '(')
{
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (n == 5 && !memcmp (s, "curve", 5))
{
s += n;
n = snext (&s);
if (!n || n >= sizeof curve_name)
return gpg_error (GPG_ERR_INV_SEXP);
memcpy (curve_name, s, n);
curve_name[n] = 0;
s += n;
}
else if (n == 1 && *s == 'd')
{
unsigned char *s0;
size_t n0;
s += n;
s0 = (unsigned char *)s;
n = snext (&s);
n0 = s - s0;
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
else if (!*s /* Leading 0x00 added at the front for classic curve */
&& strcmp (curve_name, "Ed25519")
&& strcmp (curve_name, "Ed448")
&& strcmp (curve_name, "X448"))
{
size_t numsize;
n--;
buflen--;
numsize = snprintf (s0, s-s0+1, "%u:", (unsigned int)n);
memmove (s0+numsize, s+1, buflen - (s - buf));
memset (s0+numsize+buflen - (s - buf), 0, (n0 - numsize) + 1);
buflen -= (n0 - numsize);
s = s0+numsize+n;
*buflen_p = buflen;
}
else
s += n;
}
else
{
s += n;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
s += n;
}
if ( *s != ')' )
return gpg_error (GPG_ERR_INV_SEXP);
s++;
}
if (*s != ')')
return gpg_error (GPG_ERR_INV_SEXP);
s++;
return 0;
}
/*
* Scan BUF to get SEXP, put into RESULT. Error offset will be in the
* pointer at R_ERROFF. For ECC, the private part 'd' will be fixed
* up; That part may have 0x00 prefix of signed MPI encoding, which is
* incompatible to opaque MPI handling.
*/
gpg_error_t
sexp_sscan_private_key (gcry_sexp_t *result, size_t *r_erroff,
unsigned char *buf)
{
gpg_error_t err;
size_t buflen, buflen0;
buflen = buflen0 = gcry_sexp_canon_len (buf, 0, NULL, NULL);
err = fixup_when_ecc_private_key (buf, &buflen);
if (!err)
err = gcry_sexp_sscan (result, r_erroff, (char*)buf, buflen0);
wipememory (buf, buflen0);
return err;
}