OpenPGP card and 4096 bit keys

Hi,

i have a openpgp card that supports 4096 keys (even the one from
kernelconcepts seems to support them). But the usage with gpg is
restricted to 3072 bit due to limits from the communication protocol
between gpg, gpg-agent and scdaemon.

As far as i've looked into the code the only two commands that cause a
problem are:
- genkey: Public Key is returned via status lines
- decrypt: encrypted message is passed as an extra command

In my opinion there are two possible ways to fix this limitation:
1. Increase the assuan line length limit (>1037 instead of 1000 bytes)
2. Change the protocol used for genkey and decrypt
   - genkey would then return the publich key like readkey as s-expression
   - decrypt would inquire the encrypted message instead of a setdata
     before the call of decrypt

Has any of these two options a chance to be included in gnupg?

Regards
Klaus Flittner

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@...
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

On Mon, 19 Oct 2009 19:55, klaus@... said:

> i have a openpgp card that supports 4096 keys (even the one from
> kernelconcepts seems to support them). But the usage with gpg is

Note that cards up to a s/n of 0x15a (346) from Zeitcontrol ahve a bug
in that decryption does not work with keys larger than  2048 bit.

> As far as i've looked into the code the only two commands that cause a
> problem are:
> - genkey: Public Key is returned via status lines
> - decrypt: encrypted message is passed as an extra command

Right.

> In my opinion there are two possible ways to fix this limitation:
> 1. Increase the assuan line length limit (>1037 instead of 1000 bytes)

No.

> 2. Change the protocol used for genkey and decrypt
>    - genkey would then return the publich key like readkey as s-expression
>    - decrypt would inquire the encrypted message instead of a setdata
>      before the call of decrypt

Right.  However, the change will be easier:  We send the key using
several status lines.

This will go into GnuPG 2.1 as time permits.


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@...
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

Werner Koch <wk@...> said:
Attached you find a patch which addresses the decrypt issue.
It changes the setdata command of scdaemon to support chaining.
The first part of the data is transfered like before. If there is more
data it can be concatenated to the first using
SETDATA --more [data]

The two callers of PKDECRYPT (in g10/call-agent.c and agent/call-scd.c)
are changed to use this chaining mechanism.

Regards
 Klaus Flittner

---

diff --git a/agent/call-scd.c b/agent/call-scd.c
index 83b9933..11f3c2e 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -877,17 +877,26 @@ agent_card_pkdecrypt (ctrl_t ctrl,
     return rc;
 
   /* FIXME: use secure memory where appropriate */
-  if (indatalen*2 + 50 > DIM(line))
+/*  if (indatalen*2 + 50 > DIM(line))
     return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL));
+*/
 
   sprintf (line, "SETDATA ");
   p = line + strlen (line);
-  for (i=0; i < indatalen ; i++, p += 2 )
-    sprintf (p, "%02X", indata[i]);
-  rc = assuan_transact (ctrl->scd_local->ctx, line,
-                        NULL, NULL, NULL, NULL, NULL, NULL);
-  if (rc)
-    return unlock_scd (ctrl, rc);
+  while (i < indatalen)
+    {
+      sprintf (p, "%02X", indata[i++]);
+      p += 2;
+      if ((i == indatalen) || ((i % ((DIM(line)-50)/2)) == 0))
+        {
+          rc = assuan_transact (ctrl->scd_local->ctx, line,
+                                NULL, NULL, NULL, NULL, NULL, NULL);
+          if (rc)
+            return unlock_scd (ctrl, rc);
+          sprintf (line, "SETDATA --more ");
+          p = line + strlen (line);
+        }
+    }
 
   init_membuf (&data, 1024);
   inqparm.ctx = ctrl->scd_local->ctx;
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 5ee7f8e..9707777 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -980,21 +980,29 @@ agent_scd_pkdecrypt (const char *serialno,
     return rc;
 
   /* FIXME: use secure memory where appropriate */
-  if (indatalen*2 + 50 > DIM(line))
+/*  if (indatalen*2 + 50 > DIM(line))
     return gpg_error (GPG_ERR_GENERAL);
+*/
 
   rc = select_openpgp (serialno);
   if (rc)
     return rc;
-  
+
   sprintf (line, "SCD SETDATA ");
   p = line + strlen (line);
-  for (i=0; i < indatalen ; i++, p += 2 )
-    sprintf (p, "%02X", indata[i]);
-  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
-  if (rc)
-    return rc;
-
+  while (i < indatalen)
+    {
+      sprintf (p, "%02X", indata[i++]);
+      p += 2;
+      if ((i == indatalen) || ((i % ((DIM(line)-50)/2)) == 0))
+        {
+          rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+          if (rc)
+            return rc;
+          sprintf (line, "SCD SETDATA --more ");
+          p = line + strlen (line);
+        }
+    }
   init_membuf (&data, 1024);
   snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno);
   line[DIM(line)-1] = 0;
diff --git a/scd/command.c b/scd/command.c
index 110ec72..e9a99be 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -783,13 +783,16 @@ static gpg_error_t
 cmd_setdata (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
-  int n;
+  int n, offset;
+  int more_data = has_option (line, "--more");
   char *p;
   unsigned char *buf;
 
   if (locked_session && locked_session != ctrl->server_local)
     return gpg_error (GPG_ERR_LOCKED);
 
+  line = skip_options (line);
+
   /* Parse the hexstring. */
   for (p=line,n=0; hexdigitp (p); p++, n++)
     ;
@@ -800,14 +803,21 @@ cmd_setdata (assuan_context_t ctx, char *line)
   if ((n&1))
     return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits");
   n /= 2;
-  buf = xtrymalloc (n);
+  if (more_data)
+    buf = xtryrealloc (ctrl->in_data.value, ctrl->in_data.valuelen + n);
+  else
+    {
+      xfree (ctrl->in_data.value);
+      ctrl->in_data.valuelen = 0;
+      buf = xtrymalloc (n);
+    }
   if (!buf)
     return out_of_core ();
 
-  xfree (ctrl->in_data.value);
+  offset = ctrl->in_data.valuelen;
   ctrl->in_data.value = buf;
-  ctrl->in_data.valuelen = n;
-  for (p=line, n=0; n < ctrl->in_data.valuelen; p += 2, n++)
+  ctrl->in_data.valuelen += n;
+  for (p=line, n=offset; n < ctrl->in_data.valuelen; p += 2, n++)
     buf[n] = xtoi_2 (p);
   return 0;
 }

---

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@...
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

On Sun,  8 Nov 2009 15:46, klaus@... said:

> Attached you find a patch which addresses the decrypt issue.
> It changes the setdata command of scdaemon to support chaining.

Sorry, I can't apply such a patch without having a copyright assigment
to the FSF.  It is not an urgent feature, though.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@...
http://lists.gnupg.org/mailman/listinfo/gnupg-devel