[Pkg-gnupg-commit] [gnupg2] 30/49: gpg: Introduce magic value 25519 to switch a card to ECC.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 8 19:30:54 UTC 2017 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit acb300543422c660c87ac2f0211a42f792a65cc4
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Nov 2 17:11:03 2017 +0100

    gpg: Introduce magic value 25519 to switch a card to ECC.
    
    * g10/card-util.c (ask_card_keyattr): Handle special value 25519.
    (do_change_keyattr): Allow changing to cv25519/ed25519.
    (generate_card_keys): Ditto.
    (card_generate_subkey): Ditto.
    --
    
    This is kludge to make it easier for gnuk to be switched into ECC
    mode.  This is basically the same change as
    commit ea09b6cded9d31a8ebd91878553c3eaa2b76e817
    but without the string change in show_keysize_warning.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/card-util.c | 75 +++++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 21 deletions(-)

diff --git a/g10/card-util.c b/g10/card-util.c
index 022e9a6..ef67610 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1350,40 +1350,61 @@ ask_card_keyattr (int keyno, unsigned int nbits)
       xfree (prompt);
       xfree (answer);
 
-      if (req_nbits != nbits && (req_nbits % 32) )
+      if (req_nbits == 25519)
         {
-          req_nbits = ((req_nbits + 31) / 32) * 32;
-          tty_printf (_("rounded up to %u bits\n"), req_nbits);
-        }
-
-      if (req_nbits == nbits)
-        return 0;  /* Use default.  */
+          if (req_nbits == nbits)
+            return 0;  /* Use default.  */
 
-      if (req_nbits < min_nbits || req_nbits > max_nbits)
-        {
-          tty_printf (_("%s keysizes must be in the range %u-%u\n"),
-                      "RSA", min_nbits, max_nbits);
+          tty_printf (_("The card will now be re-configured"
+                        " to generate a key of type: %s\n"),
+                      keyno==1? "cv25519":"ed25519");
+          show_keysize_warning ();
+          return req_nbits;
         }
       else
         {
-          tty_printf (_("The card will now be re-configured "
-                        "to generate a key of %u bits\n"), req_nbits);
-          show_keysize_warning ();
-          return req_nbits;
+          if (req_nbits != nbits && (req_nbits % 32) )
+            {
+              req_nbits = ((req_nbits + 31) / 32) * 32;
+              tty_printf (_("rounded up to %u bits\n"), req_nbits);
+            }
+
+          if (req_nbits == nbits)
+            return 0;  /* Use default.  */
+
+          if (req_nbits < min_nbits || req_nbits > max_nbits)
+            {
+              tty_printf (_("%s keysizes must be in the range %u-%u\n"),
+                      "RSA", min_nbits, max_nbits);
+            }
+          else
+            {
+              tty_printf (_("The card will now be re-configured"
+                            " to generate a key of %u bits\n"), req_nbits);
+              show_keysize_warning ();
+              return req_nbits;
+            }
         }
     }
 }
 
 
 /* Change the size of key KEYNO (0..2) to NBITS and show an error
-   message if that fails.  */
+ * message if that fails.  Using the magic value 25519 for NBITS
+ * switches to ed25519 or cv25519 depending on the KEYNO.  */
 static gpg_error_t
 do_change_keyattr (int keyno, unsigned int nbits)
 {
   gpg_error_t err;
   char args[100];
 
-  snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits);
+  if (nbits == 25519)
+    snprintf (args, sizeof args, "--force %d %d %s",
+              keyno+1,
+              keyno == 1? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_EDDSA,
+              keyno == 1? "cv25519" : "ed25519");
+  else
+    snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits);
   err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
   if (err)
     log_error (_("error changing size of key %d to %u bits: %s\n"),
@@ -1457,9 +1478,15 @@ generate_card_keys (ctrl_t ctrl)
 
       for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
         {
-          if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
+          if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA
+              || info.key_attr[keyno].algo == PUBKEY_ALGO_ECDH
+              || info.key_attr[keyno].algo == PUBKEY_ALGO_EDDSA)
             {
-              nbits = ask_card_keyattr (keyno, info.key_attr[keyno].nbits);
+              if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
+                nbits = ask_card_keyattr (keyno, info.key_attr[keyno].nbits);
+              else
+                nbits = ask_card_keyattr (keyno, 25519 /* magic */);
+
               if (nbits && do_change_keyattr (keyno, nbits))
                 {
                   /* Error: Better read the default key size again.  */
@@ -1537,12 +1564,18 @@ card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
      key size.  */
   if (info.is_v2 && info.extcap.aac)
     {
-      if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA)
+      if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA
+          || info.key_attr[keyno].algo == PUBKEY_ALGO_ECDH
+          || info.key_attr[keyno].algo == PUBKEY_ALGO_EDDSA)
         {
           unsigned int nbits;
 
         ask_again:
-          nbits = ask_card_keyattr (keyno-1, info.key_attr[keyno-1].nbits);
+          if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
+            nbits = ask_card_keyattr (keyno-1, info.key_attr[keyno-1].nbits);
+          else
+            nbits = ask_card_keyattr (keyno-1, 25519);
+
           if (nbits && do_change_keyattr (keyno-1, nbits))
             {
               /* Error: Better read the default key size again.  */

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list