[git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-242-gcc67918

Thu Aug 29 18:23:29 CEST 2013

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  cc67918c088e90c1d9a507af5f6288e8faa93d87 (commit)
       via  3adfaa9beee4502479b5673c7dfd386680a920c5 (commit)
      from  fdbf76eee6a4e81b040d423926b71af7b491fb4a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cc67918c088e90c1d9a507af5f6288e8faa93d87
Author: Jonas Borgström <jonas at borgstrom.se>
Date:   Wed Aug 28 11:21:10 2013 +0200

    scd: add support for RSA_CRT and RSA_CRT_N key import.
    
    * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.
    
    --
    
    Updates of original patch by wk:
    
      -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
      +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;
    
    and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
    day.

diff --git a/AUTHORS b/AUTHORS
index a915919..f237d53 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -137,6 +137,9 @@ Authors with a DCO
 Christian Aistleitner <christian at quelltextlich.at>
 2013-05-26:20130626112332.GA2228 at quelltextlich.at:
 
+Jonas Borgström <jonas at borgstrom.se>
+2013-08-29:521F1E7A.5080602 at borgstrom.se:
+
 Hans of Guardian <hans at guardianproject.info>
 2013-06-26:D84473D7-F3F7-43D5-A9CE-16580B88D574 at guardianproject.info:
 
@@ -144,6 +147,7 @@ Werner Koch <wk at gnupg.org>
 2013-03-29:87620ahchj.fsf at vigenere.g10code.de:
 
 
+
 Other authors
 =============
 
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index dd4a2d9..3d7136f 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -2508,10 +2508,13 @@ build_privkey_template (app_t app, int keyno,
                         const unsigned char *rsa_e, size_t rsa_e_len,
                         const unsigned char *rsa_p, size_t rsa_p_len,
                         const unsigned char *rsa_q, size_t rsa_q_len,
+                        const unsigned char *rsa_u, size_t rsa_u_len,
+                        const unsigned char *rsa_dp, size_t rsa_dp_len,
+                        const unsigned char *rsa_dq, size_t rsa_dq_len,
                         unsigned char **result, size_t *resultlen)
 {
   size_t rsa_e_reqlen;
-  unsigned char privkey[7*(1+3)];
+  unsigned char privkey[7*(1+3+3)];
   size_t privkey_len;
   unsigned char exthdr[2+2+3];
   size_t exthdr_len;
@@ -2529,17 +2532,16 @@ build_privkey_template (app_t app, int keyno,
     {
     case RSA_STD:
     case RSA_STD_N:
-      break;
     case RSA_CRT:
     case RSA_CRT_N:
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
+      break;
 
     default:
       return gpg_error (GPG_ERR_INV_VALUE);
     }
 
-  /* Get the required length for E.  */
-  rsa_e_reqlen = app->app_local->keyattr[keyno].rsa.e_bits/8;
+  /* Get the required length for E. Rounded up to the nearest byte  */
+  rsa_e_reqlen = (app->app_local->keyattr[keyno].rsa.e_bits + 7) / 8;
   assert (rsa_e_len <= rsa_e_reqlen);
 
   /* Build the 7f48 cardholder private key template.  */
@@ -2555,6 +2557,17 @@ build_privkey_template (app_t app, int keyno,
   tp += add_tlv (tp, 0x93, rsa_q_len);
   datalen += rsa_q_len;
 
+  if (app->app_local->keyattr[keyno].rsa.format == RSA_CRT
+      || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N)
+    {
+      tp += add_tlv (tp, 0x94, rsa_u_len);
+      datalen += rsa_u_len;
+      tp += add_tlv (tp, 0x95, rsa_dp_len);
+      datalen += rsa_dp_len;
+      tp += add_tlv (tp, 0x96, rsa_dq_len);
+      datalen += rsa_dq_len;
+    }
+
   if (app->app_local->keyattr[keyno].rsa.format == RSA_STD_N
       || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N)
     {
@@ -2608,6 +2621,17 @@ build_privkey_template (app_t app, int keyno,
   memcpy (tp, rsa_q, rsa_q_len);
   tp += rsa_q_len;
 
+  if (app->app_local->keyattr[keyno].rsa.format == RSA_CRT
+      || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N)
+    {
+      memcpy (tp, rsa_u, rsa_u_len);
+      tp += rsa_u_len;
+      memcpy (tp, rsa_dp, rsa_dp_len);
+      tp += rsa_dp_len;
+      memcpy (tp, rsa_dq, rsa_dq_len);
+      tp += rsa_dq_len;
+    }
+
   if (app->app_local->keyattr[keyno].rsa.format == RSA_STD_N
       || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N)
     {
@@ -2954,16 +2978,53 @@ do_writekey (app_t app, ctrl_t ctrl,
 
   if (app->app_local->extcap.is_v2)
     {
-      /* Build the private key template as described in section 4.3.3.7 of
-         the OpenPGP card specs version 2.0.  */
+      unsigned char *rsa_u, *rsa_dp, *rsa_dq;
+      size_t rsa_u_len, rsa_dp_len, rsa_dq_len;
+      gcry_mpi_t mpi_e, mpi_p, mpi_q;
+      gcry_mpi_t mpi_u = gcry_mpi_snew (0);
+      gcry_mpi_t mpi_dp = gcry_mpi_snew (0);
+      gcry_mpi_t mpi_dq = gcry_mpi_snew (0);
+      gcry_mpi_t mpi_tmp = gcry_mpi_snew (0);
       int exmode;
 
+      /* Calculate the u, dp and dq components needed by RSA_CRT cards */
+      gcry_mpi_scan (&mpi_e, GCRYMPI_FMT_USG, rsa_e, rsa_e_len, NULL);
+      gcry_mpi_scan (&mpi_p, GCRYMPI_FMT_USG, rsa_p, rsa_p_len, NULL);
+      gcry_mpi_scan (&mpi_q, GCRYMPI_FMT_USG, rsa_q, rsa_q_len, NULL);
+
+      gcry_mpi_invm (mpi_u, mpi_q, mpi_p);
+      gcry_mpi_sub_ui (mpi_tmp, mpi_p, 1);
+      gcry_mpi_invm (mpi_dp, mpi_e, mpi_tmp);
+      gcry_mpi_sub_ui (mpi_tmp, mpi_q, 1);
+      gcry_mpi_invm (mpi_dq, mpi_e, mpi_tmp);
+
+      gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_u, &rsa_u_len, mpi_u);
+      gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_dp, &rsa_dp_len, mpi_dp);
+      gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_dq, &rsa_dq_len, mpi_dq);
+
+      gcry_mpi_release (mpi_e);
+      gcry_mpi_release (mpi_p);
+      gcry_mpi_release (mpi_q);
+      gcry_mpi_release (mpi_u);
+      gcry_mpi_release (mpi_dp);
+      gcry_mpi_release (mpi_dq);
+      gcry_mpi_release (mpi_tmp);
+
+      /* Build the private key template as described in section 4.3.3.7 of
+         the OpenPGP card specs version 2.0.  */
       err = build_privkey_template (app, keyno,
                                     rsa_n, rsa_n_len,
                                     rsa_e, rsa_e_len,
                                     rsa_p, rsa_p_len,
                                     rsa_q, rsa_q_len,
+                                    rsa_u, rsa_u_len,
+                                    rsa_dp, rsa_dp_len,
+                                    rsa_dq, rsa_dq_len,
                                     &template, &template_len);
+      xfree(rsa_u);
+      xfree(rsa_dp);
+      xfree(rsa_dq);
+
       if (err)
         goto leave;
 

commit 3adfaa9beee4502479b5673c7dfd386680a920c5
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 29 17:39:35 2013 +0200

    kbx: Add a few macros for easier readability.
    
    * kbx/keybox-update.c (FILECOPY_INSERT)
    (FILECOPY_DELETE, FILECOPY_UPDATE): New macros.  Replace numbers by
    them.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index 6428bb2..1fdf435 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -31,6 +31,10 @@
 
 #define EXTSEP_S "."
 
+#define FILECOPY_INSERT 1
+#define FILECOPY_DELETE 2
+#define FILECOPY_UPDATE 3
+
 
 #if !defined(HAVE_FSEEKO) && !defined(fseeko)
 
@@ -208,9 +212,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 
 
 /* Perform insert/delete/update operation.
-    mode 1 = insert
- 	 2 = delete
- 	 3 = update
+   MODE is one of FILECOPY_INSERT, FILECOPY_DELETE, FILECOPY_UPDATE.
 */
 static int
 blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
@@ -229,7 +231,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
     return gpg_error_from_syserror ();
 
   fp = fopen (fname, "rb");
-  if (mode == 1 && !fp && errno == ENOENT)
+  if (mode == FILECOPY_INSERT && !fp && errno == ENOENT)
     {
       /* Insert mode but file does not exist:
          Create a new keybox file. */
@@ -271,7 +273,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
     }
 
   /* prepare for insert */
-  if (mode == 1)
+  if (mode == FILECOPY_INSERT)
     {
       /* Copy everything to the new file. */
       while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
@@ -290,7 +292,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
     }
 
   /* Prepare for delete or update. */
-  if ( mode == 2 || mode == 3 )
+  if ( mode == FILECOPY_DELETE || mode == FILECOPY_UPDATE )
     {
       off_t current = 0;
 
@@ -324,7 +326,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
     }
 
   /* Do an insert or update. */
-  if ( mode == 1 || mode == 3 )
+  if ( mode == FILECOPY_INSERT || mode == FILECOPY_UPDATE )
     {
       rc = _keybox_write_blob (blob, newfp);
       if (rc)
@@ -332,7 +334,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
     }
 
   /* Copy the rest of the packet for an delete or update. */
-  if (mode == 2 || mode == 3)
+  if (mode == FILECOPY_DELETE || mode == FILECOPY_UPDATE)
     {
       while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
         {
@@ -407,7 +409,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen,
   _keybox_destroy_openpgp_info (&info);
   if (!err)
     {
-      err = blob_filecopy (1, fname, blob, hd->secret, 0);
+      err = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0);
       _keybox_release_blob (blob);
       /*    if (!rc && !hd->secret && kb_offtbl) */
       /*      { */
@@ -456,7 +458,7 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
   rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral);
   if (!rc)
     {
-      rc = blob_filecopy (1, fname, blob, hd->secret, 0);
+      rc = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0);
       _keybox_release_blob (blob);
       /*    if (!rc && !hd->secret && kb_offtbl) */
       /*      { */

-----------------------------------------------------------------------

Summary of changes:
 AUTHORS             |    4 +++
 kbx/keybox-update.c |   22 ++++++++-------
 scd/app-openpgp.c   |   75 ++++++++++++++++++++++++++++++++++++++++++++++-----
 3 files changed, 84 insertions(+), 17 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org


