[PATCH] Curve25519 for ECDH

NIIBE Yutaka gniibe at fsij.org
Wed Apr 23 12:45:26 CEST 2014 

Hello,

Here is a patch to support Curve25519 for ECDH.

It requires changes of libgcrypt which will be soon posted to
gcrypt-devel.

This is not mature and it will be revised soon.

The change g10/ecdh.c is just for Curve25519.  I think that we should
change the code to call key the generation routine in libgcrypt.

Curve25519 has cofactor 8, and in its design, private key should be
multiple of 8.  We could consider ECDH with cofactor where we multiply
cofactor, but this private key handling (of multiple of cofactor)
looks better for me.


diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
index 94a2296..73407cd 100644
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@@ -280,6 +280,11 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits)
       oidstr = "1.3.6.1.4.1.11591.15.1";
       nbits = 255;
     }
+  else if (!strcmp (name, "Curve25519") || !strcmp (name, "curve25519"))
+    {
+      oidstr = "1.3.6.1.4.1.3029.1.5.1";
+      nbits = 255;
+    }
   else if (!strcmp (name, "nistp256"))
     {
       oidstr = "1.2.840.10045.3.1.7";
@@ -335,6 +340,8 @@ openpgp_oid_to_curve (const char *oid)
     name = "";
   else if (!strcmp (oid, "1.3.6.1.4.1.11591.15.1"))
     name = "ed25519";
+  else if (!strcmp (oid, "1.3.6.1.4.1.3029.1.5.1"))
+    name = "curve25519";
   else if (!strcmp (oid, "1.2.840.10045.3.1.7"))
     name = "nistp256";
   else if (!strcmp (oid, "1.3.132.0.10"))
diff --git a/g10/ecdh.c b/g10/ecdh.c
index 0b06239..cd18e55 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -434,6 +434,11 @@ gen_k (unsigned nbits)
       gcry_free (buffer);
     }
 
+  gcry_mpi_clear_bit (k, 255);
+  gcry_mpi_set_bit (k, 254);
+  gcry_mpi_clear_bit (k, 2);
+  gcry_mpi_clear_bit (k, 1);
+  gcry_mpi_clear_bit (k, 0);
   return k;
 }
 
diff --git a/g10/keygen.c b/g10/keygen.c
index f3052e4..942078a 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2099,7 +2099,10 @@ ask_curve (void)
     const char *pretty_name;
   } curves[] = {
 #if GPG_USE_EDDSA
-    { "Ed25519",         0, 0, "Curve 25519" },
+    { "Ed25519",         0, 0, "Curve 25519 in Edwards form (for signature)" },
+#endif
+#if GPG_USE_ECDH
+    { "Curve25519",      0, 0, "Curve 25519 for Encryption" },
 #endif
 #if GPG_USE_ECDSA || GPG_USE_ECDH
     { "NIST P-256",      0, 1, },
--

More information about the Gnupg-devel mailing list