[PATCH] agent: EdDSA support for SSH

NIIBE Yutaka gniibe at fsij.org
Fri Apr 4 10:00:03 CEST 2014


Thank you for your review.

The patch was applied, committed, and pushed.

On 2014-04-04 at 08:08 +0200, Werner Koch wrote:
> I should have used opaque MPI (binary buffer stored in an MPI
> object) here.  The EdDSA code in Libgcrypt allows for that.

I learned the code in Libgcrypt, a bit.  IIUC, we can handle opaque
binary data by MPI with GCRYMPI_FLAG_OPAQUE.  Here, I think that we
need to use GCRYMPI_FMT_USG format for gcry_mpi_print, and we need to
use "%M" expression for gcry_sexp_build.

For the latter, I think that following patch should be applied.

I put conditionally adding "(flags eddsa)" for keygrip_from_pk in
g10/keyid.c, too.


diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 364a8cc..4407382 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1721,7 +1721,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
       else if (secret)
         err = gcry_sexp_build (&sexp_new, NULL,
                                "(private-key(ecc(curve %s)"
-                               "(flags eddsa)(q %m)(d %m))"
+                               "(flags eddsa)(q %M)(d %M))"
                                "(comment%s))",
                                curve_name,
                                mpis[0], mpis[1],
@@ -1729,7 +1729,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
       else
         err = gcry_sexp_build (&sexp_new, NULL,
                                "(public-key(ecc(curve %s)"
-                               "(flags eddsa)(q %m))"
+                               "(flags eddsa)(q %M))"
                                "(comment%s))",
                                curve_name,
                                mpis[0],
@@ -2257,7 +2257,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
         {
           err = gcry_sexp_build (&key, NULL,
                                  "(private-key(ecc(curve \"Ed25519\")"
-                                 "(flags eddsa)(q %m)(d %m))"
+                                 "(flags eddsa)(q %M)(d %M))"
                                  "(comment%s))",
                                  mpi_list[0], mpi_list[1],
                                  comment? comment:"");
@@ -2266,7 +2266,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
         {
           err = gcry_sexp_build (&key, NULL,
                                  "(public-key(ecc(curve \"Ed25519\")"
-                                 "(flags eddsa)(q %m))"
+                                 "(flags eddsa)(q %M))"
                                  "(comment%s))",
                                  mpi_list[0],
                                  comment? comment:"");
diff --git a/g10/keyid.c b/g10/keyid.c
index 9ed64a4..a63ee97 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -813,7 +813,9 @@ keygrip_from_pk (PKT_public_key *pk, unsigned char *array)
         else
           {
             err = gcry_sexp_build (&s_pkey, NULL,
-                                   "(public-key(ecc(curve%s)(q%m)))",
+                                   pk->pubkey_algo == PUBKEY_ALGO_EDDSA ?
+                                   "(public-key(ecc(curve%s)(flags eddsa)(q%M)))"
+                                   : "(public-key(ecc(curve%s)(q%m)))", 
                                    curve, pk->pkey[1]);
             xfree (curve);
           }
diff --git a/g10/pkglue.c b/g10/pkglue.c
index 67d2efd..3dcb8c5 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -100,7 +100,7 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
         {
           rc = gcry_sexp_build (&s_pkey, NULL,
                                 "(public-key(ecc(curve %s)"
-                                "(flags eddsa)(q%m)))",
+                                "(flags eddsa)(q%M)))",
                                 curve, pkey[1]);
           xfree (curve);
         }
@@ -115,7 +115,7 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
   if (pkalgo == PUBKEY_ALGO_EDDSA)
     {
       if (gcry_sexp_build (&s_hash, NULL,
-                           "(data(flags eddsa)(hash-algo sha512)(value %m))",
+                           "(data(flags eddsa)(hash-algo sha512)(value %M))",
                            hash))
         BUG (); /* gcry_sexp_build should never fail.  */
     }
@@ -347,7 +347,7 @@ pk_check_secret_key (pubkey_algo_t pkalgo, gcry_mpi_t *skey)
         {
           rc = gcry_sexp_build (&s_skey, NULL,
                                 "(private-key(ecc(curve %s)"
-                                "(flags eddsa)(q%m)(d%m)))",
+                                "(flags eddsa)(q%M)(d%M)))",
                                 curve, skey[1], skey[2]);
           xfree (curve);
         }
-- 





More information about the Gnupg-devel mailing list