[PATCH setup 4/4] Teach --pubkey option to handle RSA keys
Jon Turney
jon.turney@dronecode.org.uk
Mon Feb 24 22:03:00 GMT 2020
---
crypto.cc | 106 +++++++++++++++++++++++++++++++++---------------------
1 file changed, 65 insertions(+), 41 deletions(-)
diff --git a/crypto.cc b/crypto.cc
index 118d4d7..9a84376 100644
--- a/crypto.cc
+++ b/crypto.cc
@@ -42,10 +42,10 @@
/* Command-line options for specifying and controlling extra keys. */
static StringArrayOption ExtraKeyOption ('K', "pubkey",
- "URL of extra public key file (gpg format)");
+ "URL or absolute path of extra public key file (RFC4880 format)");
static StringArrayOption SexprExtraKeyOption ('S', "sexpr-pubkey",
- "Extra public key in s-expr format");
+ "Extra DSA public key in s-expr format");
static BoolOption UntrustedKeysOption (false, 'u', "untrusted-keys",
"Use untrusted saved extra keys");
@@ -60,6 +60,9 @@ static const char *cygwin_pubkey_sexpr =
/* S-expr template for DSA pubkey. */
static const char *dsa_pubkey_templ = "(public-key (dsa (p %m) (q %m) (g %m) (y %m)))";
+/* S-expr template for RSA pubkey. */
+static const char *rsa_pubkey_templ = "(public-key (rsa (n %m) (e %m)))";
+
/* S-expr template for DSA signature. */
static const char *dsa_sig_templ = "(sig-val (dsa (r %m) (s %m)))";
@@ -104,17 +107,17 @@ struct key_data
};
/* Callback hook for walking packets in gpg key file. Extracts
- the DSA coefficients from any public key packets encountered and
+ the key coefficients from any public key packets encountered and
converts them into s-expr pubkey format, returning the public
keys thus found to the caller in a vector in the userdata context. */
static enum
pkt_cb_resp key_file_walker (struct packet_walker *wlk, unsigned char tag,
- size_t packetsize, size_t hdrpos)
+ size_t packetsize, size_t hdrpos)
{
struct key_data *kdat = (struct key_data *)(wlk->userdata);
MESSAGE ("key packet %d size %d at offs $%04x kdat $%08x\n", tag,
- packetsize, hdrpos, kdat);
+ packetsize, hdrpos, kdat);
if (tag != RFC4880_PT_PUBLIC_KEY)
return pktCONTINUE;
@@ -136,54 +139,75 @@ pkt_cb_resp key_file_walker (struct packet_walker *wlk, unsigned char tag,
}
char pkalg = pkt_getch (wlk->pfile);
- if (pkalg != RFC4880_PK_DSA)
+ if ((pkalg != RFC4880_PK_DSA) && (pkalg != RFC4880_PK_RSA))
{
ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, pkalg, "unsupported key alg.");
return pktCONTINUE;
}
- // Next, the four MPIs should be present. Read them out,
- // convert to an s-expr and add that to the list.
- gcry_mpi_t p, q, g, y;
- p = q = g = y = 0;
+ // Next, the key coefficient MPIs should be present. Read them out, convert
+ // to an s-expr and add that to the list of keys.
+ size_t n;
+ gcry_sexp_t new_key;
- if ((pkt_get_mpi (&p, wlk->pfile) >= 0)
- && (pkt_get_mpi (&q, wlk->pfile) >= 0)
- && (pkt_get_mpi (&g, wlk->pfile) >= 0)
- && (pkt_get_mpi (&y, wlk->pfile) >= 0))
+ if (pkalg == RFC4880_PK_DSA)
{
- // Convert to s-expr.
- gcry_sexp_t new_key;
- size_t n;
+ gcry_mpi_t p, q, g, y;
+ p = q = g = y = 0;
- gcry_error_t rv = gcry_sexp_build (&new_key, &n, dsa_pubkey_templ, p, q, g, y);
- if (rv != GPG_ERR_NO_ERROR)
- {
- ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, rv, "while creating sig s-expr.");
- return pktCONTINUE;
- }
+ if ((pkt_get_mpi (&p, wlk->pfile) >= 0)
+ && (pkt_get_mpi (&q, wlk->pfile) >= 0)
+ && (pkt_get_mpi (&g, wlk->pfile) >= 0)
+ && (pkt_get_mpi (&y, wlk->pfile) >= 0))
+ {
+ gcry_error_t rv = gcry_sexp_build (&new_key, &n, dsa_pubkey_templ, p, q, g, y);
+ if (rv != GPG_ERR_NO_ERROR)
+ {
+ ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, rv, "while creating sig s-expr.");
+ return pktCONTINUE;
+ }
+ }
-#if CRYPTODEBUGGING
- // Debugging
- char sexprbuf[GPG_KEY_SEXPR_BUF_SIZE];
- n = gcry_sexp_sprint (new_key, GCRYSEXP_FMT_ADVANCED, sexprbuf,
- GPG_KEY_SEXPR_BUF_SIZE);
- LogBabblePrintf ("key:%d\n'%s'", n, sexprbuf);
-#endif /* CRYPTODEBUGGING */
+ // Release temps and continue.
+ if (p)
+ gcry_mpi_release (p);
+ if (q)
+ gcry_mpi_release (q);
+ if (g)
+ gcry_mpi_release (g);
+ if (y)
+ gcry_mpi_release (y);
+ }
+ else if (pkalg == RFC4880_PK_RSA)
+ {
+ gcry_mpi_t n, e;
+ n = e = 0;
+
+ if ((pkt_get_mpi (&n, wlk->pfile) >= 0)
+ && (pkt_get_mpi (&e, wlk->pfile) >= 0))
+ {
+ gcry_sexp_t new_key;
+ size_t n;
- // Return it to caller in the vector.
- kdat->keys.push_back (new_key);
+ gcry_error_t rv = gcry_sexp_build (&new_key, &n, rsa_pubkey_templ, n, e);
+ if (rv != GPG_ERR_NO_ERROR)
+ {
+ ERRKIND (wlk->owner, IDS_CRYPTO_ERROR, rv, "while creating sig s-expr.");
+ return pktCONTINUE;
+ }
+ }
}
- // Release temps and continue.
- if (p)
- gcry_mpi_release (p);
- if (q)
- gcry_mpi_release (q);
- if (g)
- gcry_mpi_release (g);
- if (y)
- gcry_mpi_release (y);
+#if CRYPTODEBUGGING
+ // Debugging
+ char sexprbuf[GPG_KEY_SEXPR_BUF_SIZE];
+ n = gcry_sexp_sprint (new_key, GCRYSEXP_FMT_ADVANCED, sexprbuf,
+ GPG_KEY_SEXPR_BUF_SIZE);
+ LogBabblePrintf ("key:%d\n'%s'", n, sexprbuf);
+#endif /* CRYPTODEBUGGING */
+
+ // Return it to caller in the vector.
+ kdat->keys.push_back (new_key);
return pktCONTINUE;
}
--
2.21.0
More information about the Cygwin-apps
mailing list