[git] GnuPG - branch, master, updated. gnupg-2.2.7-374-g3cbdf89

by Damien Goutte-Gattat via Gnupg-devel cvs at cvs.gnupg.org
Mon Feb 18 03:34:23 CET 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  3cbdf896e6919333b5423001ab58c01a04363386 (commit)
      from  74e9b579ca273fc07be090bb5fb7800a97b1b452 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3cbdf896e6919333b5423001ab58c01a04363386
Author: Damien Goutte-Gattat via Gnupg-devel <gnupg-devel at gnupg.org>
Date:   Sun Feb 17 17:40:51 2019 +0000

    sm: Support generation of card-based ed25519 CSR.
    
    * sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper
    S-expression for EdDSA signature.
    * sm/certreqgen.c (create_request): Force use of SHA512 when
    using a ed25519 key.
    * sm/misc.c (transform_sigval): Insert OID for ed25519.
    
    --
    
    GnuPG-bug-id: 4013
    Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>

diff --git a/sm/call-agent.c b/sm/call-agent.c
index 6ac715f..4f2b83f 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -354,6 +354,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
     case GCRY_MD_RMD160:hashopt = "--hash=rmd160"; break;
     case GCRY_MD_MD5:   hashopt = "--hash=md5"; break;
     case GCRY_MD_SHA256:hashopt = "--hash=sha256"; break;
+    case GCRY_MD_SHA512:hashopt = "--hash=sha512"; break;
     default:
       return gpg_error (GPG_ERR_DIGEST_ALGO);
     }
@@ -417,6 +418,12 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
                             sigbuflen/2, sigbuf + sigbuflen/2);
       break;
 
+    case GCRY_PK_EDDSA:
+      rc = gcry_sexp_build (&sig, NULL, "(sig-val(eddsa(r%b)(s%b)))",
+                            sigbuflen/2, sigbuf,
+                            sigbuflen/2, sigbuf + sigbuflen/2);
+      break;
+
     default:
       rc = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
       break;
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 1d610c1..01fba30 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -807,8 +807,10 @@ create_request (ctrl_t ctrl,
   if (err)
     return err;
 
-  string = get_parameter_value (para, pHASHALGO, 0);
-  if (string)
+  len = gcry_sexp_canon_len (public, 0, NULL, NULL);
+  if (get_pk_algo_from_canon_sexp (public, len) == GCRY_PK_EDDSA)
+    mdalgo = GCRY_MD_SHA512;
+  else if ((string = get_parameter_value (para, pHASHALGO, 0)))
     mdalgo = gcry_md_map_name (string);
   else
     mdalgo = GCRY_MD_SHA256;
diff --git a/sm/misc.c b/sm/misc.c
index 9bf5285..4672f26 100644
--- a/sm/misc.c
+++ b/sm/misc.c
@@ -146,6 +146,8 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
     pkalgo = GCRY_PK_RSA;
   else if (toklen == 5 && !memcmp ("ecdsa", tok, 5))
     pkalgo = GCRY_PK_ECC;
+  else if (toklen == 5 && !memcmp ("eddsa", tok, 5))
+    pkalgo = GCRY_PK_EDDSA;
   else
     return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
 
@@ -170,7 +172,7 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
                   mpi = &rsa_s;
                   mpi_len = &rsa_s_len;
                 }
-              else if (pkalgo == GCRY_PK_ECC)
+              else if (pkalgo == GCRY_PK_ECC || pkalgo == GCRY_PK_EDDSA)
                 {
                   mpi = &ecc_s;
                   mpi_len = &ecc_s_len;
@@ -236,6 +238,10 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
       oid = "1.2.840.10045.4.3.4"; /* ecdsa-with-sha512 */
       break;
 
+    case GCRY_MD_SHA512 | (GCRY_PK_EDDSA << 8):
+      oid = "1.3.101.112"; /* ed25519 */
+      break;
+
     default:
       return gpg_error (GPG_ERR_DIGEST_ALGO);
     }
@@ -245,7 +251,7 @@ transform_sigval (const unsigned char *sigval, size_t sigvallen, int mdalgo,
   else if (pkalgo == GCRY_PK_RSA)
     err = gcry_sexp_build (&sexp, NULL, "(sig-val(%s(s%b)))", oid,
                            (int)rsa_s_len, rsa_s);
-  else if (pkalgo == GCRY_PK_ECC)
+  else if (pkalgo == GCRY_PK_ECC || pkalgo == GCRY_PK_EDDSA)
     err = gcry_sexp_build (&sexp, NULL, "(sig-val(%s(r%b)(s%b)))", oid,
                            (int)ecc_r_len, ecc_r, (int)ecc_s_len, ecc_s);
   if (err)

-----------------------------------------------------------------------

Summary of changes:
 sm/call-agent.c |  7 +++++++
 sm/certreqgen.c |  6 ++++--
 sm/misc.c       | 10 ++++++++--
 3 files changed, 19 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list