authentication with ecdsa p256r1

2014-02-20 10:58:51 +09:00
parent a32f577dfa
commit 01806c2e5e
3 changed files with 9 additions and 6 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 2014-02-20  Niibe Yutaka  <gniibe@fsij.org>

+	* src/openpgp-do.c (gpg_do_write_prvkey): Use _p256r1.
+	* src/openpgp.c (cmd_internal_authenticate): Likewise.
+
 	* src/call-ec_p256k1.c: New.  Use call-ec.c.
 	* src/call-ec_p256r1.c: Use call-ec.c.
 	* src/call-ec.c: New.
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -142,7 +142,7 @@ static const uint8_t algorithm_attr_rsa[] __attribute__ ((aligned (1))) = {
  0x00		      /* 0: p&q , 3: CRT with N (not yet supported) */
 };

-static const uint8_t algorithm_attr_ecdsa[] __attribute__ ((aligned (1))) = {
+static const uint8_t algorithm_attr_p256r1[] __attribute__ ((aligned (1))) = {
  9,
  0x13, /* ECDSA */
  0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 /* OID of NIST curve P-256 */
@@ -829,7 +829,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
      pubkey_allocated_here = modulus_calc (key_data, key_len);
 #else /* ECDSA for authentication */
      if (kk == GPG_KEY_FOR_AUTHENTICATION)
-	pubkey_allocated_here = ecdsa_compute_public (key_data);
+	pubkey_allocated_here = ecdsa_compute_public_p256r1 (key_data);
      else
 	pubkey_allocated_here = modulus_calc (key_data, key_len);
 #endif
@@ -1166,7 +1166,7 @@ gpg_do_table[] = {
 #ifdef RSA_AUTH
  { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_rsa },
 #else
-  { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_ecdsa },
+  { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr_p256r1 },
 #endif
  /* Compound data: Read access only */
  { GPG_DO_CH_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_ch_data },
@@ -1618,7 +1618,7 @@ gpg_do_public_key (uint8_t kk_byte)
      {
 	/*TAG*/          /* LEN = 8 */
 	*res_p++ = 0x06; *res_p++ = 0x08;
-	memcpy (res_p, algorithm_attr_ecdsa+2, 8);
+	memcpy (res_p, algorithm_attr_p256r1+2, 8);
 	res_p += 8;

 	/*TAG*/          /* LEN = 1+64 */
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -965,7 +965,7 @@ cmd_internal_authenticate (void)
 	}

      res_APDU_size = ECDSA_SIGNATURE_LENGTH;
-      r = ecdsa_sign (apdu.cmd_apdu_data, res_APDU,
+      r = ecdsa_sign_p256r1 (apdu.cmd_apdu_data, res_APDU,
 			     kd[GPG_KEY_FOR_AUTHENTICATION]->data);
      if (r < 0)
 	GPG_ERROR ();