coelner/gnuk
1
0
Fork 0
mirror of https://salsa.debian.org/gnuk-team/gnuk/gnuk.git synced 2024-09-20 10:50:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

conditionalize RSA/ECDSA

Browse Source
This commit is contained in:
NIIBE Yutaka 2013-06-18 12:17:55 +09:00
parent 188f77b5fd
commit 7c01cae4a5
3 changed files with 51 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,5 +1,9 @@
2013-06-18 Niibe Yutaka <gniibe@fsij.org> 2013-06-18 Niibe Yutaka <gniibe@fsij.org>
* src/openpgp-do.c (gpg_do_write_prvkey, proc_key_import, gpg_do_table)
(gpg_do_public_key) [RSA_AUTH]: Conditional compilation for RSA/ECDSA.
* src/openpgp.c (cmd_internal_authenticate) [RSA_AUTH]: Likewise.
* src/modp256.c (p256): Add const qualifier. * src/modp256.c (p256): Add const qualifier.
2013-03-19 Niibe Yutaka <gniibe@fsij.org> 2013-03-19 Niibe Yutaka <gniibe@fsij.org>

65
src/openpgp-do.c
View File

@ -752,6 +752,10 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
/* No replace support, you need to remove it first. */ /* No replace support, you need to remove it first. */
return -1; return -1;
#ifdef RSA_AUTH
if (key_len != KEY_CONTENT_LEN)
return -1;
#else /* ECDSA for authentication */
if (kk != GPG_KEY_FOR_AUTHENTICATION && key_len != KEY_CONTENT_LEN) if (kk != GPG_KEY_FOR_AUTHENTICATION && key_len != KEY_CONTENT_LEN)
return -1; return -1;
if (kk == GPG_KEY_FOR_AUTHENTICATION) if (kk == GPG_KEY_FOR_AUTHENTICATION)
@ -760,6 +764,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
if (key_len != 32) if (key_len != 32)
return -1; return -1;
} }
#endif
pd = (struct prvkey_data *)malloc (sizeof (struct prvkey_data)); pd = (struct prvkey_data *)malloc (sizeof (struct prvkey_data));
if (pd == NULL) if (pd == NULL)
@ -767,10 +772,14 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
if (pubkey == NULL) if (pubkey == NULL)
{ {
#ifdef RSA_AUTH
pubkey = modulus_calc (key_data, key_len);
#else /* ECDSA for authentication */
if (kk == GPG_KEY_FOR_AUTHENTICATION) if (kk == GPG_KEY_FOR_AUTHENTICATION)
pubkey = ecdsa_compute_public (key_data); pubkey = ecdsa_compute_public (key_data);
else else
pubkey = modulus_calc (key_data, key_len); pubkey = modulus_calc (key_data, key_len);
#endif
if (pubkey == NULL) if (pubkey == NULL)
{ {
free (pd); free (pd);
@ -793,6 +802,9 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
DEBUG_INFO ("key_addr: "); DEBUG_INFO ("key_addr: ");
DEBUG_WORD ((uint32_t)key_addr); DEBUG_WORD ((uint32_t)key_addr);
#ifdef RSA_AUTH
memcpy (kdi.data, key_data, KEY_CONTENT_LEN);
#else /* ECDSA for authentication */
if (kk == GPG_KEY_FOR_AUTHENTICATION) if (kk == GPG_KEY_FOR_AUTHENTICATION)
{ {
memcpy (kdi.data, key_data, key_len); memcpy (kdi.data, key_data, key_len);
@ -800,6 +812,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
} }
else else
memcpy (kdi.data, key_data, KEY_CONTENT_LEN); memcpy (kdi.data, key_data, KEY_CONTENT_LEN);
#endif
compute_key_data_checksum (&kdi, 0); compute_key_data_checksum (&kdi, 0);
dek = random_bytes_get (); /* 32-byte random bytes */ dek = random_bytes_get (); /* 32-byte random bytes */
@ -976,8 +989,12 @@ proc_key_import (const uint8_t *data, int len)
ac_reset_other (); ac_reset_other ();
} }
#ifdef RSA_AUTH
if (len <= 22)
#else /* ECDSA for authentication */
if ((kk != GPG_KEY_FOR_AUTHENTICATION && len <= 22) if ((kk != GPG_KEY_FOR_AUTHENTICATION && len <= 22)
|| (kk == GPG_KEY_FOR_AUTHENTICATION && len <= 12)) || (kk == GPG_KEY_FOR_AUTHENTICATION && len <= 12))
#endif
{ /* Deletion of the key */ { /* Deletion of the key */
uint8_t nr = get_do_ptr_nr_for_kk (kk); uint8_t nr = get_do_ptr_nr_for_kk (kk);
const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__]; const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
@ -1005,6 +1022,9 @@ proc_key_import (const uint8_t *data, int len)
return 1; return 1;
} }
#ifdef RSA_AUTH
r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
#else /* ECDSA for authentication */
if (kk != GPG_KEY_FOR_AUTHENTICATION) if (kk != GPG_KEY_FOR_AUTHENTICATION)
{ /* RSA */ { /* RSA */
/* It should starts with 00 01 00 01 (E) */ /* It should starts with 00 01 00 01 (E) */
@ -1013,6 +1033,7 @@ proc_key_import (const uint8_t *data, int len)
} }
else else
r = gpg_do_write_prvkey (kk, &data[12], len - 12, keystring_admin, NULL); r = gpg_do_write_prvkey (kk, &data[12], len - 12, keystring_admin, NULL);
#endif
if (r < 0) if (r < 0)
return 0; return 0;
@ -1077,7 +1098,11 @@ gpg_do_table[] = {
{ GPG_DO_EXTCAP, DO_FIXED, AC_ALWAYS, AC_NEVER, extended_capabilities }, { GPG_DO_EXTCAP, DO_FIXED, AC_ALWAYS, AC_NEVER, extended_capabilities },
{ GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa }, { GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
{ GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa }, { GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
#ifdef RSA_AUTH
{ GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
#else
{ GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_ecdsa }, { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_ecdsa },
#endif
/* Compound data: Read access only */ /* Compound data: Read access only */
{ GPG_DO_CH_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_ch_data }, { GPG_DO_CH_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_ch_data },
{ GPG_DO_APP_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_app_data }, { GPG_DO_APP_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_app_data },
@ -1520,7 +1545,27 @@ gpg_do_public_key (uint8_t kk_byte)
/* TAG */ /* TAG */
*res_p++ = 0x7f; *res_p++ = 0x49; *res_p++ = 0x7f; *res_p++ = 0x49;
if (kk_byte != 0xa4) #ifndef RSA_AUTH /* ECDSA for authentication */
if (kk_byte == 0xa4)
{ /* ECDSA */
/* LEN */
*res_p++ = 2 + 8 + 2 + 1 + 64;
{
/*TAG*/ /* LEN = 8 */
*res_p++ = 0x06; *res_p++ = 0x08;
memcpy (res_p, algorithm_attr_ecdsa+2, 8);
res_p += 8;
/*TAG*/ /* LEN = 1+64 */
*res_p++ = 0x86; *res_p++ = 0x41;
*res_p++ = 0x04; /* No compression of EC point. */
/* 64-byte binary (big endian) */
memcpy (res_p, key_addr + KEY_CONTENT_LEN, 64);
res_p += 64;
}
}
else
#endif
{ /* RSA */ { /* RSA */
/* LEN = 9+256 */ /* LEN = 9+256 */
*res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x09; *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x09;
@ -1539,24 +1584,6 @@ gpg_do_public_key (uint8_t kk_byte)
*res_p++ = 0x01; *res_p++ = 0x00; *res_p++ = 0x01; *res_p++ = 0x01; *res_p++ = 0x00; *res_p++ = 0x01;
} }
} }
else
{ /* ECDSA */
/* LEN */
*res_p++ = 2 + 8 + 2 + 1 + 64;
{
/*TAG*/ /* LEN = 8 */
*res_p++ = 0x06; *res_p++ = 0x08;
memcpy (res_p, algorithm_attr_ecdsa+2, 8);
res_p += 8;
/*TAG*/ /* LEN = 1+64 */
*res_p++ = 0x86; *res_p++ = 0x41;
*res_p++ = 0x04; /* No compression of EC point. */
/* 64-byte binary (big endian) */
memcpy (res_p, key_addr + KEY_CONTENT_LEN, 64);
res_p += 64;
}
}
/* Success */ /* Success */
res_APDU_size = res_p - res_APDU; res_APDU_size = res_p - res_APDU;

2
src/openpgp.c
View File

@ -833,7 +833,7 @@ cmd_pso (void)
} }
#if RSA_AUTH #ifdef RSA_AUTH
#define MAX_DIGEST_INFO_LEN 102 /* 40% */ #define MAX_DIGEST_INFO_LEN 102 /* 40% */
static void static void
cmd_internal_authenticate (void) cmd_internal_authenticate (void)