scd: Fix for NIST P-256

NIIBE Yutaka gniibe at fsij.org
Fri Dec 5 06:06:57 CET 2014


Hello,

Scdaemon in 2.1.x has some bugs.  I'm fixinig one by one.  Here is the
one for ECC with NIST P-256 curve.

Curren experimental branch of Gnuk (rsa_4096_support at git.gniibe.org)
has support of RSA-4096 and ECC (NIST P-256, SEC P256K1, and EdDSA)
along with RSA-2048.

For RSA-4096, it takes more than 8.7 second.  For NIST P-256, it's
0.28 second (real time measured on host PC by 'time gpg --clearsign...').


The fixes are simple error handlings and reflect private key format
change of curve name.  Once, we used curve OID, but it's name now.

OK to commit?


* g10/card-util.c (card_store_subkey): Error check.

* scd/app-openpgp.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.

diff --git a/g10/card-util.c b/g10/card-util.c
index 3d5c43c..4f1c9d8 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1619,7 +1619,7 @@ card_store_subkey (KBNODE node, int use)
     goto leave;

   epoch2isotime (timebuf, (time_t)pk->timestamp);
-  agent_keytocard (hexgrip, keyno, rc, info.serialno, timebuf);
+  rc = agent_keytocard (hexgrip, keyno, rc, info.serialno, timebuf);

   if (rc)
     log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 9b4ab22..e27a2cb 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -3258,8 +3258,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
   u32 created_at = 0;
   int curve = CURVE_UNKNOWN;

-  /* (private-key(ecdsa(curve%s)(q%m)(d%m))(created-at%d)):
-     curve = "1.2.840.10045.3.1.7" */
+  /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)):
+     curve = "NIST P-256" */
   /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)):
      curve = "secp256k1" */
   /* (private-key(ecc(curve%s)(flags eddsa)(q%m)(d%m))(created-at%d)):
@@ -3281,12 +3281,18 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
           if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
             goto leave;

-          if (tok && toklen == 19 && !memcmp (tok, "1.2.840.10045.3.1.7", 19))
+          if (tok && toklen == 10 && !memcmp (tok, "NIST P-256", 10))
             curve = CURVE_NIST_P256;
           else if (tok && toklen == 9 && !memcmp (tok, "secp256k1", 9))
             curve = CURVE_SEC_P256K1;
           else if (tok && toklen == 7 && !memcmp (tok, "Ed25519", 7))
             curve = CURVE_ED25519;
+          else
+            {
+              log_error (_("unsupported curve\n"));
+              err = gpg_error (GPG_ERR_INV_VALUE);
+              goto leave;
+            }
         }
       else if (tok && toklen == 1)
         {
@@ -3491,15 +3497,15 @@ do_writekey (app_t app, ctrl_t ctrl,
   if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
     goto leave;
   if (tok && toklen == 3 && memcmp ("rsa", tok, toklen) == 0)
-    rsa_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
+    err = rsa_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
   else if ((tok && toklen == 3 && memcmp ("ecc", tok, toklen) == 0
             && (keyno == 0 || keyno == 2))
            || (tok && toklen == 5 && memcmp ("ecdsa", tok, toklen) == 0))
-    ecc_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
+    err = ecc_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
   else if ((tok && toklen == 3 && memcmp ("ecc", tok, toklen) == 0
             && keyno == 1)
            || (tok && toklen == 4 && memcmp ("ecdh", tok, toklen) == 0))
-    ecdh_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
+    err = ecdh_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth);
   else
     {
       err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
-- 



More information about the Gnupg-devel mailing list