[git] GnuPG - branch, master, updated. gnupg-2.1.8-40-g1542dc6
by NIIBE Yutaka
cvs at cvs.gnupg.org
Mon Sep 21 07:58:30 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 1542dc604b9c3e6a6a99750c48f7800e72584a89 (commit)
via 708b7eccdef8d274bd5578b9a5fd908e9685c795 (commit)
from 8499c4f84a664bedbdf5a5689cb02420909f1968 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1542dc604b9c3e6a6a99750c48f7800e72584a89
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Sat Sep 19 17:45:17 2015 +0900
agent: Fix importing ECC key.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 6d22210..fb5a473 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -838,15 +838,13 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp,
value = gcry_sexp_nth_data (list, ++idx, &valuelen);
if (!value || !valuelen)
goto bad_seckey;
- if (is_enc || curve)
+ if (is_enc)
{
- /* Encrypted parameters and ECC parameters need or can be
- stored as opaque. */
+ /* Encrypted parameters need to be stored as opaque. */
skey[skeyidx] = gcry_mpi_set_opaque_copy (NULL, value, valuelen*8);
if (!skey[skeyidx])
goto outofmem;
- if (is_enc)
- gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1);
+ gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1);
}
else
{
@@ -1114,55 +1112,14 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
ndata = 20; /* Space for the SHA-1 checksum. */
for (i = npkey, j = 0; i < nskey; i++, j++ )
{
- if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE))
- {
- const unsigned char *s;
- unsigned int n;
-
- s = gcry_mpi_get_opaque (array[i], &n);
- if (!s)
- {
- s = "";
- n = 0;
- }
- /* Strip leading zero bits. */
- for (; n >= 8 && !*s; s++, n -= 8)
- ;
- if (n >= 8 && !(*s & 0x80))
- if (--n >= 7 && !(*s & 0x40))
- if (--n >= 6 && !(*s & 0x20))
- if (--n >= 5 && !(*s & 0x10))
- if (--n >= 4 && !(*s & 0x08))
- if (--n >= 3 && !(*s & 0x04))
- if (--n >= 2 && !(*s & 0x02))
- if (--n >= 1 && !(*s & 0x01))
- --n;
-
- nbits[j] = n;
- n = (n+7)/8;
- narr[j] = n;
- bufarr[j] = (gcry_is_secure (s)? xtrymalloc_secure (n?n:1)
- /* */ : xtrymalloc (n?n:1));
- if (!bufarr[j])
- {
- err = gpg_error_from_syserror ();
- for (i = 0; i < j; i++)
- xfree (bufarr[i]);
- return err;
- }
- memcpy (bufarr[j], s, n);
- }
- else
+ err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
+ if (err)
{
- err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]);
- if (err)
- {
- for (i = 0; i < j; i++)
- xfree (bufarr[i]);
- return err;
- }
- nbits[j] = gcry_mpi_get_nbits (array[i]);
+ for (i = 0; i < j; i++)
+ xfree (bufarr[i]);
+ return err;
}
+ nbits[j] = gcry_mpi_get_nbits (array[i]);
ndata += 2 + narr[j];
}
@@ -1317,53 +1274,13 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
else if (!strcmp (name, "ecc"))
{
algoname = "ecc";
- format = "/qd?";
+ format = "qd?";
npkey = 1;
nskey = 2;
curve = gcry_sexp_find_token (list, "curve", 0);
flags = gcry_sexp_find_token (list, "flags", 0);
err = gcry_sexp_extract_param (list, NULL, format,
array+0, array+1, NULL);
- if (flags)
- {
- gcry_sexp_t param = gcry_sexp_find_token (flags, "param", 0);
- if (param)
- {
- gcry_sexp_release (param);
- array[6] = array[0];
- array[7] = array[1];
- err = gcry_sexp_extract_param (list, NULL, "pabgnh?",
- array+0, array+1, array+2, array+3,
- array+4, array+5, NULL);
- if (array[5] == NULL)
- {
- array[5] = GCRYMPI_CONST_ONE;
- npkey += 6;
- nskey += 6;
- }
- format = "pabgnhqd?";
- }
- }
- }
- else if (!strcmp (name, "ecdsa"))
- {
- algoname = "ecdsa";
- format = "pabgnqd?";
- npkey = 6;
- nskey = 7;
- err = gcry_sexp_extract_param (list, NULL, format,
- array+0, array+1, array+2, array+3,
- array+4, array+5, array+6, NULL);
- }
- else if (!strcmp (name, "ecdh"))
- {
- algoname = "ecdh";
- format = "pabgnqd?";
- npkey = 6;
- nskey= 7;
- err = gcry_sexp_extract_param (list, NULL, format,
- array+0, array+1, array+2, array+3,
- array+4, array+5, array+6, NULL);
}
else
{
@@ -1381,12 +1298,7 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
{
*r_algoname = algoname;
if (r_elems)
- {
- if (format[0] == '/') /* It is opaque data qualifier, skip it. */
- *r_elems = format+1;
- else
- *r_elems = format;
- }
+ *r_elems = format;
*r_npkey = npkey;
if (r_nskey)
*r_nskey = nskey;
commit 708b7eccdef8d274bd5578b9a5fd908e9685c795
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Sat Sep 19 16:27:36 2015 +0900
scd: Fix KEYTOCARD handling for ECC key.
* scd/app-openpgp.c (ecc_writekey): Only public key can be native
format.
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 8f7c8b0..d43db5b 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -3243,11 +3243,12 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
{
const unsigned char **buf2;
size_t *buf2len;
+ int native = flag_djb_tweak;
switch (*tok)
{
case 'q': buf2 = &ecc_q; buf2len = &ecc_q_len; break;
- case 'd': buf2 = &ecc_d; buf2len = &ecc_d_len; break;
+ case 'd': buf2 = &ecc_d; buf2len = &ecc_d_len; native = 0; break;
default: buf2 = NULL; buf2len = NULL; break;
}
if (buf2 && *buf2)
@@ -3257,13 +3258,16 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
}
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
goto leave;
- if (tok && buf2 && !flag_djb_tweak)
- /* It's MPI. Strip off leading zero bytes and save. */
- for (;toklen && !*tok; toklen--, tok++)
- ;
+ if (tok && buf2)
+ {
+ if (!native)
+ /* Strip off leading zero bytes and save. */
+ for (;toklen && !*tok; toklen--, tok++)
+ ;
- *buf2 = tok;
- *buf2len = toklen;
+ *buf2 = tok;
+ *buf2len = toklen;
+ }
}
/* Skip until end of list. */
last_depth2 = depth;
-----------------------------------------------------------------------
Summary of changes:
agent/cvt-openpgp.c | 110 ++++++----------------------------------------------
scd/app-openpgp.c | 18 +++++----
2 files changed, 22 insertions(+), 106 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list