summaryrefslogtreecommitdiffstats
path: root/g10/pkglue.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2011-02-02 17:40:32 +0100
committerWerner Koch <wk@gnupg.org>2011-02-02 17:40:32 +0100
commit20f429f735d6e965e0660484f8286fe24fb6162b (patch)
tree8908aa1b86c2be5a83ca4e1883da86234b931a3b /g10/pkglue.c
parentSample ECC keys and message do now work. (diff)
downloadgnupg2-20f429f735d6e965e0660484f8286fe24fb6162b.tar.xz
gnupg2-20f429f735d6e965e0660484f8286fe24fb6162b.zip
Compute the fingerprint for ECDH only on demand.
This also fixes a failed assertion when using a v3 key where the fingerprint size is not 20.
Diffstat (limited to 'g10/pkglue.c')
-rw-r--r--g10/pkglue.c27
1 files changed, 18 insertions, 9 deletions
diff --git a/g10/pkglue.c b/g10/pkglue.c
index 66ba48b60..836c2c3e2 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -37,7 +37,7 @@ mpi_from_sexp (gcry_sexp_t sexp, const char * item)
{
gcry_sexp_t list;
gcry_mpi_t data;
-
+
list = gcry_sexp_find_token (sexp, item, 0);
assert (list);
data = gcry_sexp_nth_mpi (list, 1, 0);
@@ -151,10 +151,11 @@ pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey)
/****************
* Emulate our old PK interface here - sometime in the future we might
* change the internal design to directly fit to libgcrypt.
+ * PK is only required to compute the fingerprint for ECDH.
*/
int
pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
- const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t *pkey)
+ PKT_public_key *pk, gcry_mpi_t *pkey)
{
gcry_sexp_t s_ciph, s_data, s_pkey;
int rc;
@@ -179,15 +180,17 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
if (rc || gcry_sexp_build (&s_data, NULL, "%m", data))
BUG ();
}
- else if (algo == PUBKEY_ALGO_ECDH)
+ else if (algo == PUBKEY_ALGO_ECDH)
{
gcry_mpi_t k;
char *curve;
+ byte fp[MAX_FINGERPRINT_LEN];
+ size_t fpn;
rc = pk_ecdh_generate_ephemeral_key (pkey, &k);
if (rc)
return rc;
-
+
curve = openpgp_oid_to_str (pkey[0]);
if (!curve)
rc = gpg_error_from_syserror ();
@@ -215,12 +218,14 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
if (rc)
;
- else if (algo == PUBKEY_ALGO_ECDH)
+ else if (algo == PUBKEY_ALGO_ECDH)
{
gcry_mpi_t shared, public, result;
+ byte fp[MAX_FINGERPRINT_LEN];
+ size_t fpn;
/* Get the shared point and the ephemeral public key. */
- shared = mpi_from_sexp (s_ciph, "s");
+ shared = mpi_from_sexp (s_ciph, "s");
public = mpi_from_sexp (s_ciph, "e");
gcry_sexp_release (s_ciph);
s_ciph = NULL;
@@ -230,10 +235,14 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
gcry_mpi_dump (public);
log_printf ("\n");
}
-
+
result = NULL;
- rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
- pk_fp, data, pkey, &result);
+ fingerprint_from_pk (pk, fp, &fpn);
+ if (fpn != 20)
+ rc = gpg_error (GPG_ERR_INV_LENGTH);
+ else
+ rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared,
+ fp, data, pkey, &result);
gcry_mpi_release (shared);
if (!rc)
{