diff options
| author | Werner Koch <wk@gnupg.org> | 2020-05-08 14:14:01 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2020-05-08 15:10:13 +0200 |
| commit | 34b628db4618a8712536aea695f934b0286e7b18 (patch) | |
| tree | 82106e8c2790717c34b7171ade109f6d0b46ed97 | |
| parent | sm: Improve readability of the data verification output. (diff) | |
| download | gnupg2-34b628db4618a8712536aea695f934b0286e7b18.tar.xz gnupg2-34b628db4618a8712536aea695f934b0286e7b18.zip | |
sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.
* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey
algo name function
Signed-off-by: Werner Koch <wk@gnupg.org>
| -rw-r--r-- | common/sexputil.c | 17 | ||||
| -rw-r--r-- | common/util.h | 1 | ||||
| -rw-r--r-- | sm/certcheck.c | 8 | ||||
| -rw-r--r-- | sm/certreqgen-ui.c | 4 | ||||
| -rw-r--r-- | sm/gpgsm.c | 1 | ||||
| -rw-r--r-- | sm/verify.c | 8 |
6 files changed, 31 insertions, 8 deletions
diff --git a/common/sexputil.c b/common/sexputil.c index 89e63a765..66cd9f60e 100644 --- a/common/sexputil.c +++ b/common/sexputil.c @@ -642,6 +642,23 @@ pubkey_algo_string (gcry_sexp_t s_pkey, enum gcry_pk_algos *r_algoid) } +/* Map a pubkey algo id from gcrypt to a string. This is the same as + * gcry_pk_algo_name but makes sure that the ECC algo identifiers are + * not all mapped to "ECC". */ +const char * +pubkey_algo_to_string (int algo) +{ + if (algo == GCRY_PK_ECDSA) + return "ECDSA"; + else if (algo == GCRY_PK_ECDH) + return "ECDH"; + else if (algo == GCRY_PK_EDDSA) + return "EdDSA"; + else + return gcry_pk_algo_name (algo); +} + + /* Map a hash algo id from gcrypt to a string. This is the same as * gcry_md_algo_name but the returned string is lower case, as * expected by libksba and it avoids some overhead. */ diff --git a/common/util.h b/common/util.h index d22a1bf60..f2b4306c3 100644 --- a/common/util.h +++ b/common/util.h @@ -202,6 +202,7 @@ int get_pk_algo_from_key (gcry_sexp_t key); int get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen); char *pubkey_algo_string (gcry_sexp_t s_pkey, enum gcry_pk_algos *r_algoid); +const char *pubkey_algo_to_string (int algo); const char *hash_algo_to_string (int algo); /*-- convert.c --*/ diff --git a/sm/certcheck.c b/sm/certcheck.c index 14f78dbe6..ad70f2781 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -74,11 +74,11 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, size_t nframe; unsigned char *frame; - if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA) + if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC) { unsigned int qbits; - if ( pkalgo == GCRY_PK_ECDSA ) + if ( pkalgo == GCRY_PK_ECC ) qbits = gcry_pk_get_nbits (pkey); else qbits = get_dsa_qbits (pkey); @@ -210,10 +210,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey) algo = GCRY_PK_RSA; else if (n==3 && !memcmp (name, "dsa", 3)) algo = GCRY_PK_DSA; - /* Because this function is called only for verification we can - assume that ECC actually means ECDSA. */ else if (n==3 && !memcmp (name, "ecc", 3)) - algo = GCRY_PK_ECDSA; + algo = GCRY_PK_ECC; else if (n==13 && !memcmp (name, "ambiguous-rsa", 13)) algo = GCRY_PK_RSA; else diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index ae9ec35d0..e508079b4 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -113,7 +113,9 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip) case GCRY_PK_RSA: return "RSA"; case GCRY_PK_DSA: return "DSA"; case GCRY_PK_ELG: return "ELG"; - case GCRY_PK_EDDSA: return "ECDSA"; + case GCRY_PK_ECC: return "ECC"; + case GCRY_PK_ECDSA: return "ECDSA"; + case GCRY_PK_EDDSA: return "EdDSA"; default: return NULL; } } diff --git a/sm/gpgsm.c b/sm/gpgsm.c index ef3fe91b8..057ef50a1 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -510,6 +510,7 @@ our_pk_test_algo (int algo) { case GCRY_PK_RSA: case GCRY_PK_ECDSA: + case GCRY_PK_EDDSA: return gcry_pk_test_algo (algo); default: return 1; diff --git a/sm/verify.c b/sm/verify.c index ecc3a7c1f..69ba3bd4c 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -457,13 +457,17 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); pkalgostr = gpgsm_pubkey_algo_string (cert, NULL); pkalgo = gpgsm_get_key_algo_info (cert, &nbits); + /* Remap the ECC algo to the algo we use. Note that EdDSA has + * already been mapped. */ + if (pkalgo == GCRY_PK_ECC) + pkalgo = GCRY_PK_ECDSA; /* Print infos about the signature. */ log_info (_("Signature made ")); if (*sigtime) { /* We take the freedom as noted in RFC3339 to use a space - * instead of the :T" delimiter between date and time.. We + * instead of the "T" delimiter between date and time. We * also append a separate UTC instead of a "Z" or "+00:00" * suffix because that makes it clear to everyone what kind * of time this is. */ @@ -477,7 +481,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) { log_info (_("algorithm:")); log_printf (" %s + %s", - gcry_pk_algo_name (pkalgo), + pubkey_algo_to_string (pkalgo), gcry_md_algo_name (sigval_hash_algo)); if (algo != sigval_hash_algo) log_printf (" (%s)", gcry_md_algo_name (algo)); |