summaryrefslogtreecommitdiffstats
path: root/g10/build-packet.c
diff options
context:
space:
mode:
authorNIIBE Yutaka <gniibe@fsij.org>2020-06-09 03:32:47 +0200
committerNIIBE Yutaka <gniibe@fsij.org>2020-06-09 03:32:47 +0200
commitf5bc94555458123f93d8b07816a68fb7485421e1 (patch)
treed2e27f1eb0c027721847acc498affb536981e1e1 /g10/build-packet.c
parentgpg: If possible TRUST values now depend on signer's UID or --sender. (diff)
downloadgnupg2-f5bc94555458123f93d8b07816a68fb7485421e1.tar.xz
gnupg2-f5bc94555458123f93d8b07816a68fb7485421e1.zip
gpg,ecc: Handle external representation as SOS with opaque MPI.
* g10/pkglue.h (sexp_extract_param_sos): New. * g10/build-packet.c (sos_write): New. (do_key, do_pubkey_enc, do_signature): Use sos_write for ECC. * g10/export.c (cleartext_secret_key_to_openpgp): Use sexp_extract_param_sos. (transfer_format_to_openpgp): Use opaque MPI for ECC. * g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos. * g10/keyid.c (hash_public_key): Handle opaque MPI for SOS. * g10/parse-packet.c (sos_read): New. (parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC. * g10/pkglue.c (sexp_extract_param_sos): New. (pk_verify): Handle opaque MPI for SOS. (pk_encrypt): Use sexp_extract_param_sos. * g10/seskey.c (encode_session_key): Use opaque MPI. * g10/sign.c (do_sign): Use sexp_extract_param_sos. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'g10/build-packet.c')
-rw-r--r--g10/build-packet.c107
1 files changed, 100 insertions, 7 deletions
diff --git a/g10/build-packet.c b/g10/build-packet.c
index a1db0251d..268bd71b2 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -364,7 +364,71 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a, unsigned int *r_nwritten)
/*
- * Write an opaque MPI to the output stream without length info.
+ * Write the mpi A to the output stream OUT as "SOS" (Strange Octet
+ * String). If R_NWRITTEN is not NULL the number of bytes written is
+ * stored there. To only get the number of bytes which would be
+ * written, NULL may be passed for OUT.
+ */
+static gpg_error_t
+sos_write (iobuf_t out, gcry_mpi_t a, unsigned int *r_nwritten)
+{
+ gpg_error_t err;
+ unsigned int nwritten = 0;
+
+ if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+ {
+ unsigned int nbits;
+ const unsigned char *p;
+ unsigned char lenhdr[2];
+
+ /* gcry_log_debugmpi ("a", a); */
+ p = gcry_mpi_get_opaque (a, &nbits);
+ /* gcry_log_debug (" [%u bit]\n", nbits); */
+ /* gcry_log_debughex (" ", p, (nbits+7)/8); */
+
+ if (p && *p)
+ {
+ nbits = ((nbits + 7) / 8) * 8;
+
+ if (nbits >= 8 && !(*p & 0x80))
+ if (--nbits >= 7 && !(*p & 0x40))
+ if (--nbits >= 6 && !(*p & 0x20))
+ if (--nbits >= 5 && !(*p & 0x10))
+ if (--nbits >= 4 && !(*p & 0x08))
+ if (--nbits >= 3 && !(*p & 0x04))
+ if (--nbits >= 2 && !(*p & 0x02))
+ if (--nbits >= 1 && !(*p & 0x01))
+ --nbits;
+ }
+
+ lenhdr[0] = nbits >> 8;
+ lenhdr[1] = nbits;
+ err = out? iobuf_write (out, lenhdr, 2) : 0;
+ if (!err)
+ {
+ nwritten += 2;
+ if (p)
+ {
+ err = out? iobuf_write (out, p, (nbits+7)/8) : 0;
+ if (!err)
+ nwritten += (nbits+7)/8;
+ }
+ }
+ }
+ else
+ {
+ log_info ("non-opaque MPI (%u bits) for SOS\n", gcry_mpi_get_nbits (a));
+ err = gpg_error (GPG_ERR_INV_DATA);
+ }
+
+ if (r_nwritten)
+ *r_nwritten = nwritten;
+ return err;
+}
+
+
+/*
+ * Write an opaque string to the output stream without length info.
*/
gpg_error_t
gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a)
@@ -575,6 +639,10 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
|| (pk->pubkey_algo == PUBKEY_ALGO_EDDSA && (i == 0))
|| (pk->pubkey_algo == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
err = gpg_mpi_write_nohdr (a, pk->pkey[i]);
+ else if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
+ || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+ || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+ err = sos_write (a, pk->pkey[i], NULL);
else
err = gpg_mpi_write (a, pk->pkey[i], NULL);
if (err)
@@ -691,8 +759,18 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
for (j=i; j < nskey; j++ )
{
- if ((err = gpg_mpi_write (NULL, pk->pkey[j], &n)))
- goto leave;
+ if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
+ || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+ || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+ {
+ if ((err = sos_write (NULL, pk->pkey[j], &n)))
+ goto leave;
+ }
+ else
+ {
+ if ( (err = gpg_mpi_write (a, pk->pkey[i], NULL)))
+ goto leave;
+ }
skbytes += n;
}
@@ -700,8 +778,16 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
}
for ( ; i < nskey; i++ )
- if ( (err = gpg_mpi_write (a, pk->pkey[i], NULL)))
- goto leave;
+ if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
+ || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+ || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+ {
+ if ((err = sos_write (a, pk->pkey[i], NULL)))
+ goto leave;
+ }
+ else
+ if ((err = gpg_mpi_write (a, pk->pkey[i], NULL)))
+ goto leave;
write_16 (a, ski->csum );
}
@@ -817,6 +903,8 @@ do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
{
if (enc->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
rc = gpg_mpi_write_nohdr (a, enc->data[i]);
+ else if (enc->pubkey_algo == PUBKEY_ALGO_ECDH)
+ rc = sos_write (a, enc->data[i], NULL);
else
rc = gpg_mpi_write (a, enc->data[i], NULL);
}
@@ -1696,8 +1784,13 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
n = pubkey_get_nsig( sig->pubkey_algo );
if ( !n )
write_fake_data( a, sig->data[0] );
- for (i=0; i < n && !rc ; i++ )
- rc = gpg_mpi_write (a, sig->data[i], NULL);
+ if (sig->pubkey_algo == PUBKEY_ALGO_ECDSA
+ || sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
+ for (i=0; i < n && !rc ; i++ )
+ rc = sos_write (a, sig->data[i], NULL);
+ else
+ for (i=0; i < n && !rc ; i++ )
+ rc = gpg_mpi_write (a, sig->data[i], NULL);
if (!rc)
{
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 05:00:09 +0100