1 files changed, 79 insertions, 33 deletions

diff --git a/sm/import.c b/sm/import.c
index 8a75a2b..ab8d883 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -192,7 +192,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
   */
   rc = gpgsm_basic_cert_check (ctrl, cert);
   if (!rc && ctrl->with_validation)
-    rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
+    rc = gpgsm_validate_chain (ctrl, cert,
+                               GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL);
   if (!rc || (!ctrl->with_validation
               && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
                   || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
@@ -551,7 +552,7 @@ gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
           int fd = of (*files);
           rc = import_one (ctrl, &stats, fd);
           close (fd);
-          if (rc == -1)
+          if (rc == -1/*legacy*/ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
             rc = 0;
         }
     }
@@ -717,6 +718,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
   gcry_sexp_t s_key = NULL;
   unsigned char grip[20];
   int bad_pass = 0;
+  char *curve = NULL;
   int i;
   struct store_cert_parm_s store_cert_parm;
 
@@ -778,8 +780,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
 
   kparms = p12_parse (p12buffer + p12bufoff, p12buflen - p12bufoff,
                       passphrase, store_cert_cb, &store_cert_parm,
-                      &bad_pass, NULL);
-
+                      &bad_pass, &curve);
   xfree (passphrase);
   passphrase = NULL;
 
@@ -790,35 +791,79 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
       goto leave;
     }
 
-/*    print_mpi ("   n", kparms[0]); */
-/*    print_mpi ("   e", kparms[1]); */
-/*    print_mpi ("   d", kparms[2]); */
-/*    print_mpi ("   p", kparms[3]); */
-/*    print_mpi ("   q", kparms[4]); */
-/*    print_mpi ("dmp1", kparms[5]); */
-/*    print_mpi ("dmq1", kparms[6]); */
-/*    print_mpi ("   u", kparms[7]); */
-
-  sk.n = kparms[0];
-  sk.e = kparms[1];
-  sk.d = kparms[2];
-  sk.q = kparms[3];
-  sk.p = kparms[4];
-  sk.u = kparms[7];
-  err = rsa_key_check (&sk);
-  if (err)
-    goto leave;
-/*    print_mpi ("   n", sk.n); */
-/*    print_mpi ("   e", sk.e); */
-/*    print_mpi ("   d", sk.d); */
-/*    print_mpi ("   p", sk.p); */
-/*    print_mpi ("   q", sk.q); */
-/*    print_mpi ("   u", sk.u); */
-
-  /* Create an S-expression from the parameters. */
-  err = gcry_sexp_build (&s_key, NULL,
-                         "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
-                         sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
+  if (curve)
+    {
+      gcry_ctx_t ecctx = NULL;
+
+      /* log_debug ("curve: %s\n", curve); */
+      /* gcry_log_debugmpi ("MPI[0]", kparms[0]); */
+
+      /* We need to get the public key.  */
+      err = gcry_mpi_ec_new (&ecctx, NULL, curve);
+      if (err)
+        {
+          log_error ("error creating context for curve '%s': %s\n",
+                     curve, gpg_strerror (err));
+          goto leave;
+        }
+      err = gcry_mpi_ec_set_mpi ("d", kparms[0], ecctx);
+      if (err)
+        {
+          log_error ("error setting 'd' into context of curve '%s': %s\n",
+                     curve, gpg_strerror (err));
+          gcry_ctx_release (ecctx);
+          goto leave;
+        }
+
+      kparms[1] = gcry_mpi_ec_get_mpi ("q", ecctx, 1);
+      if (!kparms[1])
+        {
+          log_error ("error computing 'q' from 'd' for curve '%s'\n", curve);
+          gcry_ctx_release (ecctx);
+          goto leave;
+        }
+
+      gcry_ctx_release (ecctx);
+
+      err = gcry_sexp_build (&s_key, NULL,
+                             "(private-key(ecc(curve %s)(q%m)(d%m)))",
+                             curve, kparms[1], kparms[0], NULL);
+    }
+  else /* RSA */
+    {
+      /*    print_mpi ("   n", kparms[0]); */
+      /*    print_mpi ("   e", kparms[1]); */
+      /*    print_mpi ("   d", kparms[2]); */
+      /*    print_mpi ("   p", kparms[3]); */
+      /*    print_mpi ("   q", kparms[4]); */
+      /*    print_mpi ("dmp1", kparms[5]); */
+      /*    print_mpi ("dmq1", kparms[6]); */
+      /*    print_mpi ("   u", kparms[7]); */
+
+      sk.n = kparms[0];
+      sk.e = kparms[1];
+      sk.d = kparms[2];
+      sk.q = kparms[3];
+      sk.p = kparms[4];
+      sk.u = kparms[7];
+      err = rsa_key_check (&sk);
+      if (err)
+        goto leave;
+      /*    print_mpi ("   n", sk.n); */
+      /*    print_mpi ("   e", sk.e); */
+      /*    print_mpi ("   d", sk.d); */
+      /*    print_mpi ("   p", sk.p); */
+      /*    print_mpi ("   q", sk.q); */
+      /*    print_mpi ("   u", sk.u); */
+
+      /* Create an S-expression from the parameters. */
+      err = gcry_sexp_build (&s_key, NULL,
+                             "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+                             sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
+    }
+
+  /* The next is very ugly - we really should not rely on our
+   * knowledge of p12_parse internals.  */
   for (i=0; i < 8; i++)
     gcry_mpi_release (kparms[i]);
   gcry_free (kparms);
@@ -925,6 +970,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats)
   xfree (kek);
   xfree (get_membuf (&p12mbuf, NULL));
   xfree (p12buffer);
+  xfree (curve);
 
   if (bad_pass)
     {