[svn] ksba - r271 - in trunk: src tests
svn author wk
cvs at cvs.gnupg.org
Fri Apr 20 12:53:08 CEST 2007
Author: wk
Date: 2007-04-20 12:53:07 +0200 (Fri, 20 Apr 2007)
New Revision: 271
Modified:
trunk/src/ChangeLog
trunk/src/cert.c
trunk/src/keyinfo.c
trunk/tests/ChangeLog
trunk/tests/Makefile.am
trunk/tests/cert-basic.c
Log:
Support more curves. Add a few tweaks for ECC.
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2007-04-18 13:01:12 UTC (rev 270)
+++ trunk/src/ChangeLog 2007-04-20 10:53:07 UTC (rev 271)
@@ -1,3 +1,18 @@
+2007-04-20 Werner Koch <wk at g10code.com>
+
+ * keyinfo.c: Add OIDs for brainpool curves.
+
+2007-04-19 Werner Koch <wk at g10code.com>
+
+ * keyinfo.c (pk_algo_table): Removed the ecdsa entry.
+ (sig_algo_table): Add X9.62 ecc signature algorithm entries.
+ (_ksba_parse_algorithm_identifier): Replace by a call to
+ _ksba_parse_algorithm_identifier2.
+ (_ksba_parse_algorithm_identifier2): Add hack to cope with
+ ecdsaWithSpecified.
+ * cert.c (ksba_cert_get_digest_algo): Use of
+ _ksba_parse_algorithm_identifier to parse the OID.
+
2007-04-06 Werner Koch <wk at g10code.com>
* keyinfo.c (curve_names): New.
Modified: trunk/src/cert.c
===================================================================
--- trunk/src/cert.c 2007-04-18 13:01:12 UTC (rev 270)
+++ trunk/src/cert.c 2007-04-20 10:53:07 UTC (rev 271)
@@ -426,8 +426,10 @@
const char *
ksba_cert_get_digest_algo (ksba_cert_t cert)
{
+ gpg_error_t err;
AsnNode n;
char *algo;
+ size_t nread;
if (!cert)
{
@@ -443,11 +445,22 @@
if (cert->cache.digest_algo)
return cert->cache.digest_algo;
- n = _ksba_asn_find_node (cert->root,
- "Certificate.signatureAlgorithm.algorithm");
- algo = _ksba_oid_node_to_str (cert->image, n);
- if (!algo)
- cert->last_error = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+/* n = _ksba_asn_find_node (cert->root, */
+/* "Certificate.signatureAlgorithm.algorithm"); */
+/* algo = _ksba_oid_node_to_str (cert->image, n); */
+/* if (!algo) */
+/* cert->last_error = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); */
+/* else */
+/* cert->cache.digest_algo = algo; */
+
+ n = _ksba_asn_find_node (cert->root, "Certificate.signatureAlgorithm");
+ if (!n || n->off == -1)
+ err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ else
+ err = _ksba_parse_algorithm_identifier (cert->image + n->off,
+ n->nhdr + n->len, &nread, &algo);
+ if (err)
+ cert->last_error = err;
else
cert->cache.digest_algo = algo;
Modified: trunk/src/keyinfo.c
===================================================================
--- trunk/src/keyinfo.c 2007-04-18 13:01:12 UTC (rev 270)
+++ trunk/src/keyinfo.c 2007-04-20 10:53:07 UTC (rev 271)
@@ -50,31 +50,30 @@
};
static struct algo_table_s pk_algo_table[] = {
+
{ /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */
"1.2.840.113549.1.1.1", /* rsaEncryption (RSAES-PKCA1-v1.5) */
"\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9,
1, 0, "rsa", "-ne", "\x30\x02\x02" },
+
{ /* iso.member-body.us.rsadsi.pkcs.pkcs-1.7 */
"1.2.840.113549.1.1.7", /* RSAES-OAEP */
"\x2a\x86\x48\x86\xf7\x0d\x01\x01\x07", 9,
0, 0, "rsa", "-ne", "\x30\x02\x02"}, /* (patent problems) */
+
{ /* */
"2.5.8.1.1", /* rsa (ambiguous due to missing padding rules)*/
"\x55\x08\x01\x01", 4,
1, 0, "ambiguous-rsa", "-ne", "\x30\x02\x02" },
+
{ /* iso.member-body.us.x9-57.x9cm.1 */
"1.2.840.10040.4.1", /* dsa */
"\x2a\x86\x48\xce\x38\x04\x01", 7,
1, 0, "dsa", "y", "\x02" },
/* FIXME: Need code to extract p,q,g from the parameters */
- { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */
- "1.2.840.10045.4.1", /* ecdsa */
- "\x2a\x86\x48\xce\x3d\x04\x01", 7,
- 1, 1, "ecdsa", "q", "\x80" },
-
{ /* iso.member-body.us.ansi-x9-62.2.1 */
- "1.2.840.10045.2.1", /* ecdsa or ecdh */
+ "1.2.840.10045.2.1", /* ecPublicKey */
"\x2a\x86\x48\xce\x3d\x02\x01", 7,
1, 1,"ecc", "q", "\x80" },
@@ -105,6 +104,33 @@
"\x2a\x86\x48\xce\x3d\x04\x01", 7,
1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 },
+ { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-specified */
+ "1.2.840.10045.4.3",
+ "\x2a\x86\x48\xce\x3d\x04\x03", 7,
+ 1, 1, "ecdsa", "-rs", "\x30\x02\x02", 0 },
+ /* The digest algorithm is given by the parameter. */
+
+
+ { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha224 */
+ "1.2.840.10045.4.3.1",
+ "\x2a\x86\x48\xce\x3d\x04\x03\x01", 8,
+ 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA224 },
+
+ { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha256 */
+ "1.2.840.10045.4.3.2",
+ "\x2a\x86\x48\xce\x3d\x04\x03\x02", 8,
+ 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA256 },
+
+ { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha384 */
+ "1.2.840.10045.4.3.3",
+ "\x2a\x86\x48\xce\x3d\x04\x03\x03", 8,
+ 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA384 },
+
+ { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha512 */
+ "1.2.840.10045.4.3.4",
+ "\x2a\x86\x48\xce\x3d\x04\x03\x04", 8,
+ 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA512 },
+
{ /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */
"1.2.840.113549.1.1.1", /* rsaEncryption used without hash algo*/
"\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9,
@@ -163,10 +189,24 @@
{ "1.2.840.10045.3.1.1", "prime192v1" },
{ "1.2.840.10045.3.1.1", "secp192r1" },
+ { "1.3.132.0.33", "secp224r1" },
+
{ "1.2.840.10045.3.1.7", "NIST P-256", },
{ "1.2.840.10045.3.1.7", "prime256v1" },
{ "1.2.840.10045.3.1.7", "secp256r1" },
+ { "1.3.132.0.34", "secp384r1" },
+
+ { "1.3.132.0.35", "secp521r1" },
+
+ { "1.3.36.3.3.2.8.1.1.1" , "brainpoolP160r1" },
+ { "1.3.36.3.3.2.8.1.1.3" , "brainpoolP192r1" },
+ { "1.3.36.3.3.2.8.1.1.5" , "brainpoolP224r1" },
+ { "1.3.36.3.3.2.8.1.1.7" , "brainpoolP256r1" },
+ { "1.3.36.3.3.2.8.1.1.9" , "brainpoolP320r1" },
+ { "1.3.36.3.3.2.8.1.1.11", "brainpoolP384r1" },
+ { "1.3.36.3.3.2.8.1.1.13", "brainpoolP512r1" },
+
{ NULL, NULL}
};
@@ -359,6 +399,19 @@
derlen -= len;
seqlen -= len;
}
+ else if (r_parm_pos && r_parm_len && c == 0x30)
+ {
+ /* This is a sequence. */
+ if (r_parm_type)
+ *r_parm_type = TYPE_SEQUENCE;
+ TLV_LENGTH();
+ *r_parm_pos = startparm - start;
+ *r_parm_len = len + (der - startparm);
+ seqlen -= der - startparm;
+ der += len;
+ derlen -= len;
+ seqlen -= len;
+ }
else
{
/* printf ("parameter: with tag %02x - ignored\n", c); */
@@ -399,21 +452,8 @@
_ksba_parse_algorithm_identifier (const unsigned char *der, size_t derlen,
size_t *r_nread, char **r_oid)
{
- gpg_error_t err;
- int is_bitstr;
- size_t nread, off, len;
-
- /* fixme: get_algorithm might return the error invalid keyinfo -
- this should be invalid algorithm identifier */
- *r_oid = NULL;
- *r_nread = 0;
- err = get_algorithm (0, der, derlen, &nread, &off, &len, &is_bitstr,
- NULL, NULL, NULL);
- if (err)
- return err;
- *r_nread = nread;
- *r_oid = ksba_oid_to_str (der+off, len);
- return *r_oid? 0 : gpg_error (GPG_ERR_ENOMEM);
+ return _ksba_parse_algorithm_identifier2 (der, derlen,
+ r_nread, r_oid, NULL, NULL);
}
gpg_error_t
@@ -424,6 +464,7 @@
gpg_error_t err;
int is_bitstr;
size_t nread, off, len, off2, len2;
+ int parm_type;
/* fixme: get_algorithm might return the error invalid keyinfo -
this should be invalid algorithm identifier */
@@ -431,13 +472,38 @@
*r_nread = 0;
off2 = len2 = 0;
err = get_algorithm (0, der, derlen, &nread, &off, &len, &is_bitstr,
- &off2, &len2, NULL);
+ &off2, &len2, &parm_type);
if (err)
return err;
*r_nread = nread;
*r_oid = ksba_oid_to_str (der+off, len);
if (!*r_oid)
return gpg_error (GPG_ERR_ENOMEM);
+
+ /* Special hack for ecdsaWithSpecified. We replace the returned OID
+ by the one in the parameter. */
+ if (off2 && len2 && parm_type == TYPE_SEQUENCE
+ && !strcmp (*r_oid, "1.2.840.10045.4.3"))
+ {
+ xfree (*r_oid);
+ *r_oid = NULL;
+ err = get_algorithm (0, der+off2, len2, &nread, &off, &len, &is_bitstr,
+ NULL, NULL, NULL);
+ if (err)
+ {
+ *r_nread = 0;
+ return err;
+ }
+ *r_oid = ksba_oid_to_str (der+off2+off, len);
+ if (!*r_oid)
+ {
+ *r_nread = 0;
+ return gpg_error (GPG_ERR_ENOMEM);
+ }
+
+ off2 = len2 = 0; /* So that R_PARM is set to NULL. */
+ }
+
if (r_parm && r_parmlen)
{
if (off2 && len2)
Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog 2007-04-18 13:01:12 UTC (rev 270)
+++ trunk/tests/ChangeLog 2007-04-20 10:53:07 UTC (rev 271)
@@ -1,3 +1,8 @@
+2007-04-20 Werner Koch <wk at g10code.com>
+
+ * cert-basic.c (main): Add option verbose
+ (one_file): Print public key and signature value in verbose mode.
+
2006-08-31 Werner Koch <wk at g10code.com>
* t-ocsp.c (one_response): Print the responder id.
Modified: trunk/tests/Makefile.am
===================================================================
--- trunk/tests/Makefile.am 2007-04-18 13:01:12 UTC (rev 270)
+++ trunk/tests/Makefile.am 2007-04-20 10:53:07 UTC (rev 271)
@@ -57,8 +57,8 @@
# installed and thus not distributed.
oidtranstbl.h: Makefile mkoidtbl.awk
set -e; f="/dev/null"; \
- for i in /usr/local/bin /usr/local/share /usr/bin \
- /usr/share /etc/dumpasn1; do \
+ for i in /etc/dumpasn1 /usr/local/bin /usr/local/share /usr/bin \
+ /usr/share ; do \
if test -f $$i/dumpasn1.cfg; then f=$$i/dumpasn1.cfg; break; fi; \
done; $(AWK) -f $(srcdir)/mkoidtbl.awk $$f >$@
Modified: trunk/tests/cert-basic.c
===================================================================
--- trunk/tests/cert-basic.c 2007-04-18 13:01:12 UTC (rev 270)
+++ trunk/tests/cert-basic.c 2007-04-20 10:53:07 UTC (rev 271)
@@ -47,6 +47,7 @@
#define xfree(a) ksba_free (a)
+static int verbose;
static int errorcount = 0;
@@ -582,6 +583,13 @@
unsigned char *der;
size_t derlen;
+ if (verbose)
+ {
+ fputs (" pubkey....: ", stdout);
+ print_sexp (public);
+ putchar ('\n');
+ }
+
err = _ksba_keyinfo_from_sexp (public, &der, &derlen);
if (err)
{
@@ -629,16 +637,17 @@
}
}
+ if (verbose)
+ {
+ sexp = ksba_cert_get_sig_val (cert);
+ fputs (" sigval....: ", stdout);
+ print_sexp (sexp);
+ ksba_free (sexp);
+ putchar ('\n');
+ }
+
list_extensions (cert);
-#if 0
- sexp = ksba_cert_get_sig_val (cert);
- fputs (" sigval....: ", stdout);
- print_sexp (sexp);
- ksba_free (sexp);
- putchar ('\n');
-#endif
-
ksba_cert_release (cert);
err = ksba_cert_new (&cert);
if (err)
@@ -669,9 +678,21 @@
if (!srcdir)
srcdir = ".";
- if (argc > 1)
+ if (argc)
{
- for (argc--, argv++; argc; argc--, argv++)
+ argc--; argv++;
+ }
+
+ if (argc && !strcmp (*argv, "--verbose"))
+ {
+ verbose = 1;
+ argc--; argv++;
+ }
+
+
+ if (argc)
+ {
+ for (; argc; argc--, argv++)
one_file (*argv);
}
else
More information about the Gnupg-commits
mailing list