deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

proc_key_import supports key algo attrs

Browse Source
This commit is contained in:
NIIBE Yutaka
2014-12-12 13:57:00 +09:00
parent 9cba1e2a8e
commit fd8543f092
3 changed files with 41 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@@ -1,3 +1,11 @@
2014-12-01 Niibe Yutaka <gniibe@fsij.org>
* src/Makefile.in (DEFS): Don't define compile time preference of
key algo attributes.
* src/openpgp-do.c (proc_key_import): Support modifiable key algo
attributes.
2014-11-21 Niibe Yutaka <gniibe@fsij.org> 2014-11-21 Niibe Yutaka <gniibe@fsij.org>
* src/gnuk.h (ALGO_RSA4K, ALGO_NISTP256R1, ALGO_SECP256K1) * src/gnuk.h (ALGO_RSA4K, ALGO_NISTP256R1, ALGO_SECP256K1)

2
src/Makefile.in
View File

@@ -55,7 +55,7 @@ OBJCOPY = $(CROSS)objcopy
MCU = cortex-m3 MCU = cortex-m3
CWARN = -Wall -Wextra -Wstrict-prototypes CWARN = -Wall -Wextra -Wstrict-prototypes
# DEFS: Add # DEFS: Add
DEFS = -DCHX_PRIO_MAIN=5 -DRSA_AUTH -DRSA_SIG @KEYGEN_SUPPORT@ @HAVE_SYS_H@ DEFS = -DCHX_PRIO_MAIN=5 @KEYGEN_SUPPORT@ @HAVE_SYS_H@
OPT = -O3 -Os -g OPT = -O3 -Os -g
LIBS = LIBS =

84
src/openpgp-do.c
View File

@@ -1244,22 +1244,32 @@ kkb_to_kk (uint8_t kk_byte)
} }
/* /*
* RSA: * RSA-2048:
* 4d, xx, xx, xx: Extended Header List * 4d, xx, xx, xx: Extended Header List
* b6 00 (SIG) / b8 00 (DEC) / a4 00 (AUT) * b6 00 (SIG) / b8 00 (DEC) / a4 00 (AUT)
* 7f48, xx: cardholder private key template * 7f48, xx: cardholder private key template
* 91 L<E>: L<E>: 91=tag of E, L<E>: length of E * 91 L<E>: 91=tag of E, L<E>: length of E
* 92 Lh<P> Ll<P>: 92=tag of P, L<P>: length of P * 92 Lh<P> Ll<P>: 92=tag of P, L<P>: length of P
* 93 Lh<Q> Ll<Q>: 93=tag of Q, L<Q>: length of Q * 93 Lh<Q> Ll<Q>: 93=tag of Q, L<Q>: length of Q
* 5f48, xx xx xx: cardholder private key * 5f48, xx xx xx: cardholder private key
* <E: 4-byte>, <P: 128-byte>, <Q: 128-byte> * <E: 4-byte>, <P: 128-byte>, <Q: 128-byte>
* *
* ECDSA / EdDSA: * RSA-4096:
* 4d, xx: Extended Header List * 4d, 82, 02, 18: Extended Header List
* a4 00 (AUT) * b6 00 (SIG) / b8 00 (DEC) / a4 00 (AUT)
* 7f48, xx: cardholder private key template * 7f48, 0a: cardholder private key template
* 91 L<E>: 91=tag of E, L<E>: length of E
* 92 82 Lh<P> Ll<P>: 92=tag of P, L<P>: length of P
* 93 82 Lh<Q> Ll<Q>: 93=tag of Q, L<Q>: length of Q
* 5f48, 82 02 04: cardholder private key
* <E: 4-byte>, <P: 256-byte>, <Q: 256-byte>
*
* ECDSA / ECDH / EdDSA:
* 4d, 2a: Extended Header List
* b6 00 (SIG) / b8 00 (DEC) / a4 00 (AUT)
* 7f48, 02: cardholder private key template
* 9x LEN: 9x=tag of private key d, LEN=length of d * 9x LEN: 9x=tag of private key d, LEN=length of d
* 5f48, xx : cardholder private key * 5f48, 20: cardholder private key
* <d: 32-byte> * <d: 32-byte>
*/ */
static int static int
@@ -1268,6 +1278,7 @@ proc_key_import (const uint8_t *data, int len)
int r; int r;
enum kind_of_key kk; enum kind_of_key kk;
const uint8_t *keystring_admin; const uint8_t *keystring_admin;
int attr;
const uint8_t *p = data; const uint8_t *p = data;
if (admin_authorized == BY_ADMIN) if (admin_authorized == BY_ADMIN)
@@ -1297,56 +1308,25 @@ proc_key_import (const uint8_t *data, int len)
else else
ac_reset_other (); ac_reset_other ();
#if defined(RSA_AUTH) && defined(RSA_SIG) attr = gpg_get_algo_attr (kk);
if (len <= 22)
#elif defined(RSA_AUTH) && !defined(RSA_SIG) if ((len <= 12 && (attr == ALGO_NISTP256R1 || attr == ALGO_SECP256K1
/* ECDSA with p256k1 for signature */ || attr == ALGO_ED25519))
if ((kk != GPG_KEY_FOR_SIGNING && len <= 22) || (len <= 22 && attr == ALGO_RSA2K) || (len <= 24 && attr == ALGO_RSA4K))
|| (kk == GPG_KEY_FOR_SIGNING && len <= 12))
#elif !defined(RSA_AUTH) && defined(RSA_SIG)
/* ECDSA with p256r1 for authentication */
if ((kk != GPG_KEY_FOR_AUTHENTICATION && len <= 22)
|| (kk == GPG_KEY_FOR_AUTHENTICATION && len <= 12))
#else
#error "not supported."
#endif
{ /* Deletion of the key */ { /* Deletion of the key */
gpg_do_delete_prvkey (kk); gpg_do_delete_prvkey (kk);
return 1; return 1;
} }
#if defined(RSA_AUTH) && defined(RSA_SIG) if (attr == ALGO_RSA2K)
/* It should starts with 00 01 00 01 (E), skiping E (4-byte) */
r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL); r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
#elif defined(RSA_AUTH) && !defined(RSA_SIG) else if (attr == ALGO_RSA4K)
/* ECDSA with p256k1 for signature */ /* It should starts with 00 01 00 01 (E), skiping E (4-byte) */
if (kk != GPG_KEY_FOR_SIGNING) r = gpg_do_write_prvkey (kk, &data[28], len - 28, keystring_admin, NULL);
{ /* RSA */ else if (attr == ALGO_NISTP256R1 || attr == ALGO_SECP256K1)
/* It should starts with 00 01 00 01 (E) */
/* Skip E, 4-byte */
r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
}
else
r = gpg_do_write_prvkey (kk, &data[12], len - 12, keystring_admin, NULL); r = gpg_do_write_prvkey (kk, &data[12], len - 12, keystring_admin, NULL);
#elif !defined(RSA_AUTH) && defined(RSA_SIG) else /* if (attr == ALGO_ED25519) */
#if defined(ECDSA_AUTH)
/* ECDSA with p256r1 for authentication */
if (kk != GPG_KEY_FOR_AUTHENTICATION)
{ /* RSA */
/* It should starts with 00 01 00 01 (E) */
/* Skip E, 4-byte */
r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
}
else
r = gpg_do_write_prvkey (kk, &data[12], len - 12, keystring_admin, NULL);
#else /* EdDSA */
/* EdDSA with Ed25519 for authentication */
if (kk != GPG_KEY_FOR_AUTHENTICATION)
{ /* RSA */
/* It should starts with 00 01 00 01 (E) */
/* Skip E, 4-byte */
r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
}
else
{ {
uint8_t hash[64]; uint8_t hash[64];
@@ -1359,10 +1339,6 @@ proc_key_import (const uint8_t *data, int len)
hash[31] |= 64; hash[31] |= 64;
r = gpg_do_write_prvkey (kk, hash, 64, keystring_admin, NULL); r = gpg_do_write_prvkey (kk, hash, 64, keystring_admin, NULL);
} }
#endif
#else
#error "not supported."
#endif
if (r < 0) if (r < 0)
return 0; return 0;