openpgp: Correctly handle curve25519 keys
This commit is contained in:
parent
64b61a7556
commit
73e283b4b1
|
@ -1155,8 +1155,10 @@ sc_algorithm_info_t * sc_card_find_alg(sc_card_t *card,
|
||||||
if (info->algorithm != algorithm)
|
if (info->algorithm != algorithm)
|
||||||
continue;
|
continue;
|
||||||
if (param) {
|
if (param) {
|
||||||
if (info->algorithm == SC_ALGORITHM_EC || info->algorithm == SC_ALGORITHM_EDDSA)
|
if (info->algorithm == SC_ALGORITHM_EC ||
|
||||||
if(sc_compare_oid((struct sc_object_id *)param, &info->u._ec.params.id))
|
info->algorithm == SC_ALGORITHM_EDDSA ||
|
||||||
|
info->algorithm == SC_ALGORITHM_XEDDSA)
|
||||||
|
if (sc_compare_oid((struct sc_object_id *)param, &info->u._ec.params.id))
|
||||||
return info;
|
return info;
|
||||||
}
|
}
|
||||||
if (info->key_length != key_length)
|
if (info->key_length != key_length)
|
||||||
|
|
|
@ -316,8 +316,18 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (cxdata[0]) {
|
switch (cxdata[0]) {
|
||||||
case SC_OPENPGP_KEYALGO_ECDSA:
|
|
||||||
case SC_OPENPGP_KEYALGO_ECDH:
|
case SC_OPENPGP_KEYALGO_ECDH:
|
||||||
|
if (sc_compare_oid(&oid, &curve25519_oid)) {
|
||||||
|
if ((algorithm_info = sc_card_find_xeddsa_alg(card, 0, &oid)))
|
||||||
|
prkey_info.field_length = algorithm_info->key_length;
|
||||||
|
else {
|
||||||
|
sc_log(ctx, "algorithm not found");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
/* Fall through */
|
||||||
|
case SC_OPENPGP_KEYALGO_ECDSA:
|
||||||
if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid)))
|
if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid)))
|
||||||
prkey_info.field_length = algorithm_info->key_length;
|
prkey_info.field_length = algorithm_info->key_length;
|
||||||
else {
|
else {
|
||||||
|
@ -337,11 +347,11 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
||||||
|
|
||||||
switch (cxdata[0]) {
|
switch (cxdata[0]) {
|
||||||
case SC_OPENPGP_KEYALGO_EDDSA:
|
case SC_OPENPGP_KEYALGO_EDDSA:
|
||||||
/* assuming Ed25519 as it is the only supported now */
|
/* Filter out invalid usage: EdDSA does not support anything but sign */
|
||||||
/* Filter out invalid usage: ED does not support anything but sign */
|
|
||||||
prkey_info.usage &= PGP_SIG_PRKEY_USAGE;
|
prkey_info.usage &= PGP_SIG_PRKEY_USAGE;
|
||||||
r = sc_pkcs15emu_add_eddsa_prkey(p15card, &prkey_obj, &prkey_info);
|
r = sc_pkcs15emu_add_eddsa_prkey(p15card, &prkey_obj, &prkey_info);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SC_OPENPGP_KEYALGO_ECDH:
|
case SC_OPENPGP_KEYALGO_ECDH:
|
||||||
/* This can result in either ECDSA key or EC_MONTGOMERY
|
/* This can result in either ECDSA key or EC_MONTGOMERY
|
||||||
* so we need to check OID */
|
* so we need to check OID */
|
||||||
|
@ -355,10 +365,12 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
||||||
prkey_info.usage &= ~PGP_ENC_PRKEY_USAGE;
|
prkey_info.usage &= ~PGP_ENC_PRKEY_USAGE;
|
||||||
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
|
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SC_OPENPGP_KEYALGO_ECDSA:
|
case SC_OPENPGP_KEYALGO_ECDSA:
|
||||||
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN;
|
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN;
|
||||||
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
|
r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SC_OPENPGP_KEYALGO_RSA:
|
case SC_OPENPGP_KEYALGO_RSA:
|
||||||
if (cxdata_len >= 3) {
|
if (cxdata_len >= 3) {
|
||||||
prkey_info.modulus_length = bebytes2ushort(cxdata + 1);
|
prkey_info.modulus_length = bebytes2ushort(cxdata + 1);
|
||||||
|
@ -381,7 +393,7 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
||||||
for (i = 0; i < 3; i++) {
|
for (i = 0; i < 3; i++) {
|
||||||
sc_pkcs15_pubkey_info_t pubkey_info;
|
sc_pkcs15_pubkey_info_t pubkey_info;
|
||||||
sc_pkcs15_object_t pubkey_obj;
|
sc_pkcs15_object_t pubkey_obj;
|
||||||
u8 cxdata[10];
|
u8 cxdata[12];
|
||||||
int cxdata_len = sizeof(cxdata);
|
int cxdata_len = sizeof(cxdata);
|
||||||
char path_template[] = "006E:0073:00Cx";
|
char path_template[] = "006E:0073:00Cx";
|
||||||
int j;
|
int j;
|
||||||
|
@ -424,8 +436,18 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (cxdata[0]) {
|
switch (cxdata[0]) {
|
||||||
case SC_OPENPGP_KEYALGO_ECDSA:
|
|
||||||
case SC_OPENPGP_KEYALGO_ECDH:
|
case SC_OPENPGP_KEYALGO_ECDH:
|
||||||
|
if (sc_compare_oid(&oid, &curve25519_oid)) {
|
||||||
|
if ((algorithm_info = sc_card_find_xeddsa_alg(card, 0, &oid)))
|
||||||
|
pubkey_info.field_length = algorithm_info->key_length;
|
||||||
|
else {
|
||||||
|
sc_log(ctx, "algorithm not found");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
/* Fall through */
|
||||||
|
case SC_OPENPGP_KEYALGO_ECDSA:
|
||||||
if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid)))
|
if((algorithm_info = sc_card_find_ec_alg(card, 0, &oid)))
|
||||||
pubkey_info.field_length = algorithm_info->key_length;
|
pubkey_info.field_length = algorithm_info->key_length;
|
||||||
else {
|
else {
|
||||||
|
@ -467,9 +489,12 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
||||||
r = sc_pkcs15emu_add_ec_pubkey(p15card, &pubkey_obj, &pubkey_info);
|
r = sc_pkcs15emu_add_ec_pubkey(p15card, &pubkey_obj, &pubkey_info);
|
||||||
break;
|
break;
|
||||||
case SC_OPENPGP_KEYALGO_RSA:
|
case SC_OPENPGP_KEYALGO_RSA:
|
||||||
pubkey_info.modulus_length = bebytes2ushort(cxdata + 1);
|
if (cxdata_len >= 3) {
|
||||||
r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info);
|
pubkey_info.modulus_length = bebytes2ushort(cxdata + 1);
|
||||||
break;
|
r = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
/* Fall through */
|
||||||
default:
|
default:
|
||||||
sc_log(ctx, "Invalid algorithm identifier %x (length = %d)",
|
sc_log(ctx, "Invalid algorithm identifier %x (length = %d)",
|
||||||
cxdata[0], r);
|
cxdata[0], r);
|
||||||
|
|
Loading…
Reference in New Issue