[git] GnuPG - branch, ECC-INTEGRATION-2-1, updated. gnupg-2.1.0beta1-35-g5761a9b
by Andrey Jivsov
cvs at cvs.gnupg.org
Tue Jan 11 05:43:51 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, ECC-INTEGRATION-2-1 has been updated
via 5761a9ba74e41f52660e20a1de700fe784c97832 (commit)
via b0c55d08a8c835fd58d3c0d1f9f412b74c1b5678 (commit)
from ded546b4b5cc2caafa654d94ac8f69a23960427e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5761a9ba74e41f52660e20a1de700fe784c97832
Author: Andrey Jivsov <openpgp at brainhub.org>
Date: Mon Jan 10 20:24:14 2011 -0800
'g10/gpg2 --encrypt --debug 15 -r ecdsa -a -o _e.asc _' and 'g10/gpg2 --debug 15 _e.asc', as well as decoding of an old message posted on https://sites.google.com/site/brainhub/pgpecckeys work.
This is the milestone 2 that brings in ECDH support from http://code.google.com/p/gnupg-ecc/source/detail?r=15 .
This corresponds to the commit 899386826c85f1e757e75bcc5d5b2159d05676a0 in libgcrypt
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 25f9a53..dc2ace0 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1744,7 +1744,6 @@ inq_ciphertext_cb (void *opaque, const char *line)
gpg_error_t
agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
gcry_sexp_t s_ciphertext,
- const byte sk_fp[MAX_FINGERPRINT_LEN],
unsigned char **r_buf, size_t *r_buflen)
{
gpg_error_t err;
@@ -1753,8 +1752,6 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
size_t n, len;
char *p, *buf, *endp;
- /*TODO: use sk_fp */
-
if (!keygrip || strlen(keygrip) != 40 || !s_ciphertext || !r_buf || !r_buflen)
return gpg_error (GPG_ERR_INV_VALUE);
*r_buf = NULL;
diff --git a/g10/call-agent.h b/g10/call-agent.h
index 45e593b..e09c309 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -168,7 +168,6 @@ gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
/* Decrypt a ciphertext. */
gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
gcry_sexp_t s_ciphertext,
- const byte sk_fp[MAX_FINGERPRINT_LEN],
unsigned char **r_buf, size_t *r_buflen);
/* Retrieve a key encryption key. */
diff --git a/g10/ecdh.c b/g10/ecdh.c
index 6615b75..091a28c 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -76,8 +76,6 @@ pk_ecdh_default_params_to_mpi( int qbits ) {
*/
byte *
pk_ecdh_default_params( int qbits, size_t *sizeout ) {
- gpg_error_t err;
- gcry_mpi_t result;
/* Defaults are the strongest possible choices. Performance is not an issue here, only interoperability. */
byte kek_params[4] = {
3 /*size of following field*/,
@@ -370,6 +368,29 @@ pk_ecdh_encrypt_with_shared_point ( int is_encrypt, gcry_mpi_t shared_mpi,
return rc;
}
+
+static gcry_mpi_t
+gen_k (unsigned nbits)
+{
+ gcry_mpi_t k;
+
+ k = gcry_mpi_snew (nbits);
+ if (DBG_CIPHER)
+ log_debug ("choosing a random k of %u bits\n", nbits);
+
+ gcry_mpi_randomize (k, nbits-1, GCRY_STRONG_RANDOM);
+
+ if( DBG_CIPHER ) {
+ unsigned char *buffer;
+ if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, k))
+ BUG ();
+ log_debug("ephemeral scalar MPI #0: %s\n", buffer);
+ gcry_free( buffer );
+ }
+
+ return k;
+}
+
/* Perform ECDH encryption, which involves ECDH key generation.
*/
int
@@ -377,25 +398,17 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
{
gcry_sexp_t s_ciph, s_data, s_pkey;
- PKT_public_key *pk_eph;
int nbits;
int rc;
+ gcry_mpi_t k;
nbits = pubkey_nbits( PUBKEY_ALGO_ECDH, pkey );
-
- /*** Generate an ephemeral key ***/
- rc = pk_ecc_keypair_gen( &pk_eph, PUBKEY_ALGO_ECDH, KEYGEN_FLAG_TRANSIENT_KEY | KEYGEN_FLAG_NO_PROTECTION /*this is ephemeral*/, "", nbits );
- if( rc )
- return rc;
- if( DBG_CIPHER ) {
- unsigned char *buffer;
- if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, pk_eph->pkey[1]))
- BUG ();
- log_debug("ephemeral key MPI #0: %s\n", buffer);
- gcry_free( buffer );
- }
- free_public_key (pk_eph);
+ /*** Generate an ephemeral key, actually, a scalar ***/
+
+ k = gen_k (nbits);
+ if( k == NULL )
+ BUG ();
/*** Done with ephemeral key generation.
* Now use ephemeral secret to get the shared secret. ***/
@@ -406,7 +419,7 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
BUG ();
/* put the data into a simple list */
- if (gcry_sexp_build (&s_data, NULL, "%m", pk_eph->pkey[3])) /* ephemeral scalar goes as data */
+ if (gcry_sexp_build (&s_data, NULL, "%m", k)) /* ephemeral scalar goes as data */
BUG ();
/* pass it to libgcrypt */
@@ -421,7 +434,7 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
{
gcry_mpi_t shared = mpi_from_sexp (s_ciph, "a"); /* ... and get the shared point */
gcry_sexp_release (s_ciph);
- resarr[0] = pk_eph->pkey[1]; /* ephemeral public key */
+ resarr[0] = mpi_from_sexp (s_ciph, "b"); /* ephemeral public key */
if( DBG_CIPHER ) {
unsigned char *buffer;
@@ -441,37 +454,10 @@ pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcr
/* Perform ECDH decryption.
*/
int
-pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t *data, gcry_mpi_t * skey) {
- gcry_sexp_t s_skey, s_data, s_ciph;
- int rc;
-
- if (!data[0] || !data[1])
+pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t shared, gcry_mpi_t * skey) {
+ if (!data)
return gpg_error (GPG_ERR_BAD_MPI);
-
- rc = gcry_sexp_build (&s_skey, NULL,
- "(public-key(ecdh(c%m)(q%m)(p%m)))",
- skey[0]/*curve*/, data[0]/*ephemeral key*/, skey[2]/*KDF params*/);
- if (rc)
- BUG ();
-
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_data, NULL, "%m", skey[3])) /* static private key (scalar) goes as data */
- BUG ();
-
- rc = gcry_pk_encrypt (&s_ciph, s_data, s_skey); /* encrypting ephemeral key with our private scalar yields the shared point */
- gcry_sexp_release (s_skey);
- gcry_sexp_release (s_data);
- if (rc)
- return rc;
-
- {
- gcry_mpi_t shared = mpi_from_sexp (s_ciph, "a"); /* get the shared point */
- gcry_sexp_release (s_ciph);
- rc = pk_ecdh_encrypt_with_shared_point ( 0 /*=decryption*/, shared, sk_fp, data[1]/*encr data as an MPI*/, skey, result );
- mpi_release( shared );
- }
-
- return rc;
+ return pk_ecdh_encrypt_with_shared_point ( 0 /*=decryption*/, shared, sk_fp, data/*encr data as an MPI*/, skey, result );
}
diff --git a/g10/pkglue.c b/g10/pkglue.c
index f785919..9050cc2 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -257,80 +257,6 @@ pk_encrypt (int algo, gcry_mpi_t * resarr, gcry_mpi_t data, const byte pk_fp[MAX
return rc;
}
-
-
-/****************
- * Emulate our old PK interface here - sometime in the future we might
- * change the internal design to directly fit to libgcrypt.
- */
-int
-pk_decrypt (int algo, gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t * data,
- gcry_mpi_t * skey)
-{
- gcry_sexp_t s_skey, s_data, s_plain;
- int rc;
-
- *result = NULL;
- /* make a sexp from skey */
- if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
- {
- rc = gcry_sexp_build (&s_skey, NULL,
- "(private-key(elg(p%m)(g%m)(y%m)(x%m)))",
- skey[0], skey[1], skey[2], skey[3]);
- }
- else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_E)
- {
- rc = gcry_sexp_build (&s_skey, NULL,
- "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
- skey[0], skey[1], skey[2], skey[3], skey[4],
- skey[5]);
- }
- else if( algo == PUBKEY_ALGO_ECDH ) {
- return pk_ecdh_decrypt( result, sk_fp, data, skey );
- }
- else
- return GPG_ERR_PUBKEY_ALGO;
-
- if (rc)
- BUG ();
-
- /* put data into a S-Exp s_data */
- if (algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E)
- {
- if (!data[0] || !data[1])
- rc = gpg_error (GPG_ERR_BAD_MPI);
- else
- rc = gcry_sexp_build (&s_data, NULL,
- "(enc-val(elg(a%m)(b%m)))", data[0], data[1]);
- }
- else if (algo == GCRY_PK_RSA || algo == GCRY_PK_RSA_E)
- {
- if (!data[0])
- rc = gpg_error (GPG_ERR_BAD_MPI);
- else
- rc = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data[0]);
- }
- else
- BUG ();
-
- if (rc)
- BUG ();
-
- rc = gcry_pk_decrypt (&s_plain, s_data, s_skey);
- gcry_sexp_release (s_skey);
- gcry_sexp_release (s_data);
- if (rc)
- return rc;
-
- *result = gcry_sexp_nth_mpi (s_plain, 0, 0);
- gcry_sexp_release (s_plain);
- if (!*result)
- return -1; /* oops */
-
- return 0;
-}
-
-
/* Check whether SKEY is a suitable secret key. */
int
pk_check_secret_key (int algo, gcry_mpi_t *skey)
diff --git a/g10/pkglue.h b/g10/pkglue.h
index 0d51948..a1c821d 100644
--- a/g10/pkglue.h
+++ b/g10/pkglue.h
@@ -33,8 +33,8 @@ int pk_decrypt (int algo, gcry_mpi_t *result, const byte fp[MAX_FINGERPRINT_LEN]
gcry_mpi_t *skey);
int pk_check_secret_key (int algo, gcry_mpi_t *skey);
-int pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t * pkey);
-int pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t *data, gcry_mpi_t * skey);
+int pk_ecdh_encrypt (gcry_mpi_t * resarr, const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t * pkey);
+int pk_ecdh_decrypt (gcry_mpi_t * result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t shared, gcry_mpi_t * skey);
gcry_mpi_t pk_ecdh_default_params_to_mpi( int qbits );
byte *pk_ecdh_default_params( int qbits, size_t *sizeout );
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index a5224e2..24411e8 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -147,14 +147,16 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
char *keygrip;
byte fp[MAX_FINGERPRINT_LEN];
size_t fpn;
+ const int gcry_pkalgo = map_pk_openpgp_to_gcry( sk->pubkey_algo );
/* Get the keygrip. */
err = hexkeygrip_from_pk (sk, &keygrip);
if (err)
goto leave;
+
/* Convert the data to an S-expression. */
- if (sk->pubkey_algo == GCRY_PK_ELG || sk->pubkey_algo == GCRY_PK_ELG_E)
+ if (gcry_pkalgo == GCRY_PK_ELG ||gcry_pkalgo == GCRY_PK_ELG_E)
{
if (!enc->data[0] || !enc->data[1])
err = gpg_error (GPG_ERR_BAD_MPI);
@@ -162,7 +164,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
err = gcry_sexp_build (&s_data, NULL, "(enc-val(elg(a%m)(b%m)))",
enc->data[0], enc->data[1]);
}
- else if (sk->pubkey_algo == GCRY_PK_RSA || sk->pubkey_algo == GCRY_PK_RSA_E)
+ else if (gcry_pkalgo == GCRY_PK_RSA || gcry_pkalgo == GCRY_PK_RSA_E)
{
if (!enc->data[0])
err = gpg_error (GPG_ERR_BAD_MPI);
@@ -170,6 +172,14 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
err = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))",
enc->data[0]);
}
+ else if (gcry_pkalgo == GCRY_PK_ECDH )
+ {
+ if (!enc->data[0] || !enc->data[1])
+ err = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ err = gcry_sexp_build (&s_data, NULL, "(enc-val(ecdh(a%m)(b%m)))",
+ enc->data[0], enc->data[1]);
+ }
else
err = gpg_error (GPG_ERR_BUG);
@@ -181,7 +191,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
/* Decrypt. */
desc = gpg_format_keydesc (sk, 0, 1);
- err = agent_pkdecrypt (NULL, keygrip, desc, s_data, fp, &frame, &nframe);
+ err = agent_pkdecrypt (NULL, keygrip, desc, s_data, &frame, &nframe);
xfree (desc);
gcry_sexp_release (s_data);
if (err)
@@ -233,6 +243,30 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
}
}
else {
+ gcry_mpi_t shared_mpi;
+ gcry_mpi_t decoded;
+
+ /* at the beginning the frame is the bytes of shared point MPI */
+
+ err = gcry_mpi_scan (&shared_mpi, GCRYMPI_FMT_USG, frame, nframe, NULL);
+ if (err) {
+ log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ err = pk_ecdh_decrypt (&decoded, fp, enc->data[1]/*encr data as an MPI*/, shared_mpi, sk->pkey);
+ mpi_release( shared_mpi );
+ if( err )
+ goto leave;
+
+ /* reuse nframe, which size is sufficient to include the session key */
+ err = gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &nframe, decoded);
+ mpi_release( decoded );
+ if( err )
+ goto leave;
+
+ /* Now the frame is the bytes decrypted but padded session key */
+
/* Allow double padding for the benefit of DEK size concealment.
* Higher than this is wasteful.
*/
commit b0c55d08a8c835fd58d3c0d1f9f412b74c1b5678
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jan 10 11:37:57 2011 +0100
Fix bug #1311.
diff --git a/NEWS b/NEWS
index 2cdf854..2153733 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,9 @@ Noteworthy changes in version 2.1.0beta2 (unreleased)
* Fixed CRL loading under W32 (bug#1010).
+ * Fixed TTY management for pinentries and session variable update
+ problem.
+
Noteworthy changes in version 2.1.0beta1 (2010-10-26)
-----------------------------------------------------
diff --git a/common/ChangeLog b/common/ChangeLog
index de96b8d..6a6f6e0 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,3 +1,8 @@
+2011-01-10 Werner Koch <wk at g10code.com>
+
+ * session-env.c (update_var): Fix same value detection. Fixes
+ bug#1311.
+
2010-12-17 Werner Koch <wk at g10code.com>
* asshelp.c (lock_spawning): Add arg VERBOSE. Improve timeout
diff --git a/common/session-env.c b/common/session-env.c
index 2dcf425..d719a7b 100644
--- a/common/session-env.c
+++ b/common/session-env.c
@@ -183,10 +183,11 @@ update_var (session_env_t se, const char *string, size_t namelen,
else if (!strncmp (se->array[idx]->name, string, namelen)
&& strlen (se->array[idx]->name) == namelen)
{
- /* Check if the value is the same; no need to update it,
- except for updating the default flag. */
if (strlen (se->array[idx]->value) == valuelen)
{
+ /* The new value has the same length. We can update it
+ in-place. */
+ memcpy (se->array[idx]->value, value, valuelen);
se->array[idx]->is_default = !!set_default;
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 ++
common/ChangeLog | 5 +++
common/session-env.c | 5 ++-
g10/call-agent.c | 3 --
g10/call-agent.h | 1 -
g10/ecdh.c | 82 ++++++++++++++++++++-----------------------------
g10/pkglue.c | 74 ---------------------------------------------
g10/pkglue.h | 4 +-
g10/pubkey-enc.c | 40 ++++++++++++++++++++++--
9 files changed, 84 insertions(+), 133 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list