[TESTING] Curve25519 encryption support (update)
NIIBE Yutaka
gniibe at fsij.org
Wed Jul 8 02:42:30 CEST 2015
Hello,
Here is a patch I am testing for Curve25519 encryption support (which
requires libgcrypt change for Curve25519, and Gnuk master branch).
I tested:
(1) key generation
(2) encryption
(3) decryption
(4) keytocard
(5) asking decryption on card
There are things we need to decide: OID, algo ID, and format.
Currently, I use:
OID: 1.3.6.1.4.1.3029.1.5.1
algo ID: ECC = 18 (not 22 nor 23)
Public key OpenPGP format: prefix 0x40 and native little endian
Libgcrypt SEXP format: Use (flags eddsa) to specify DJB format/processing
(flags comp) for prefix 0x40
It works for me, but the code is not mature enough.
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 562179b..34c942b 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -83,14 +83,29 @@ get_keygrip (int pubkey_algo, const char *curve, gcry_mpi_t *pkey,
case GCRY_PK_ECC:
if (!curve)
err = gpg_error (GPG_ERR_BAD_SECKEY);
- else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
- err = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(ecc(curve %s)(flags eddsa)(q%m)))",
- "Ed25519", pkey[0]);
else
- err = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(ecc(curve %s)(q%m)))",
- curve, pkey[0]);
+ {
+ int with_eddsa_flag = 0;
+ const char *curve_name;
+
+ curve_name = "Ed25519";
+ if (!strcmp (curve, openpgp_curve_to_oid (curve_name, NULL)))
+ with_eddsa_flag = 1;
+ else
+ {
+ curve_name = "Curve25519";
+ if (!strcmp (curve, openpgp_curve_to_oid (curve_name, NULL)))
+ with_eddsa_flag = 1;
+ }
+ if (with_eddsa_flag)
+ err = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(ecc(curve %s)(flags eddsa)(q%m)))",
+ curve_name, pkey[0]);
+ else
+ err = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(ecc(curve %s)(q%m)))",
+ curve, pkey[0]);
+ }
break;
default:
@@ -146,19 +161,32 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
case GCRY_PK_ECC:
if (!curve)
err = gpg_error (GPG_ERR_BAD_SECKEY);
- else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
+ else
{
- /* Do not store the OID as name but the real name and the
- EdDSA flag. */
- err = gcry_sexp_build (&s_skey, NULL,
- "(private-key(ecc(curve%s)(flags eddsa)"
- "(q%m)(d%m)))",
- "Ed25519", skey[0], skey[1]);
+ int with_eddsa_flag = 0;
+ const char *curve_name;
+
+ curve_name = "Ed25519";
+ if (!strcmp (curve, openpgp_curve_to_oid (curve_name, NULL)))
+ with_eddsa_flag = 1;
+ else
+ {
+ curve_name = "Curve25519";
+ if (!strcmp (curve, openpgp_curve_to_oid (curve_name, NULL)))
+ with_eddsa_flag = 1;
+ }
+ if (with_eddsa_flag)
+ /* Do not store the OID as name but the real name and the
+ EdDSA flag. */
+ err = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(ecc(curve%s)(flags eddsa)"
+ "(q%m)(d%m)))",
+ "Ed25519", skey[0], skey[1]);
+ else
+ err = gcry_sexp_build (&s_skey, NULL,
+ "(private-key(ecc(curve%s)(q%m)(d%m)))",
+ curve, skey[0], skey[1]);
}
- else
- err = gcry_sexp_build (&s_skey, NULL,
- "(private-key(ecc(curve%s)(q%m)(d%m)))",
- curve, skey[0], skey[1]);
break;
default:
@@ -216,22 +244,35 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
case GCRY_PK_ECC:
if (!curve)
err = gpg_error (GPG_ERR_BAD_SECKEY);
- else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
+ else
{
- /* Do not store the OID as name but the real name and the
- EdDSA flag. */
- err = gcry_sexp_build
- (&s_skey, NULL,
- "(protected-private-key(ecc(curve%s)(flags eddsa)(q%m)"
- "(protected openpgp-native%S)))",
- "Ed25519", skey[0], transfer_key);
+ int with_eddsa_flag = 0;
+ const char *curve_name;
+
+ curve_name = "Ed25519";
+ if (!strcmp (curve, openpgp_curve_to_oid (curve_name, NULL)))
+ with_eddsa_flag = 1;
+ else
+ {
+ curve_name = "Curve25519";
+ if (!strcmp (curve, openpgp_curve_to_oid (curve_name, NULL)))
+ with_eddsa_flag = 1;
+ }
+ if (with_eddsa_flag)
+ /* Do not store the OID as name but the real name and the
+ EdDSA flag. */
+ err = gcry_sexp_build
+ (&s_skey, NULL,
+ "(protected-private-key(ecc(curve%s)(flags eddsa)(q%m)"
+ "(protected openpgp-native%S)))",
+ curve_name, skey[0], transfer_key);
+ else
+ err = gcry_sexp_build
+ (&s_skey, NULL,
+ "(protected-private-key(ecc(curve%s)(q%m)"
+ "(protected openpgp-native%S)))",
+ curve, skey[0], transfer_key);
}
- else
- err = gcry_sexp_build
- (&s_skey, NULL,
- "(protected-private-key(ecc(curve%s)(q%m)"
- "(protected openpgp-native%S)))",
- curve, skey[0], transfer_key);
break;
default:
diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
index 7a75801..92622ce 100644
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@@ -45,6 +45,7 @@ static struct {
const char *alias; /* NULL or alternative name of the curve. */
} oidtable[] = {
+ { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "curve25519" },
{ "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519" },
{ "NIST P-256", "1.2.840.10045.3.1.7", 256, "nistp256" },
@@ -65,6 +66,10 @@ static struct {
static const char oid_ed25519[] =
{ 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01 };
+/* The OID for Curve25519 in OpenPGP format. */
+static const char oid_curve25519[] =
+ { 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01 };
+
/* Helper for openpgp_oid_from_str. */
static size_t
@@ -291,6 +296,22 @@ openpgp_oid_is_ed25519 (gcry_mpi_t a)
}
+int
+openpgp_oid_is_curve25519 (gcry_mpi_t a)
+{
+ const unsigned char *buf;
+ unsigned int nbits;
+ size_t n;
+
+ if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+ return 0;
+
+ buf = gcry_mpi_get_opaque (a, &nbits);
+ n = (nbits+7)/8;
+ return (n == DIM (oid_curve25519)
+ && !memcmp (buf, oid_curve25519, DIM (oid_curve25519)));
+}
+
/* Map the Libgcrypt ECC curve NAME to an OID. If R_NBITS is not NULL
store the bit size of the curve there. Returns NULL for unknown
diff --git a/common/util.h b/common/util.h
index b92d78c..2851cfd 100644
--- a/common/util.h
+++ b/common/util.h
@@ -318,6 +318,7 @@ size_t percent_unescape_inplace (char *string, int nulrepl);
gpg_error_t openpgp_oid_from_str (const char *string, gcry_mpi_t *r_mpi);
char *openpgp_oid_to_str (gcry_mpi_t a);
int openpgp_oid_is_ed25519 (gcry_mpi_t a);
+int openpgp_oid_is_curve25519 (gcry_mpi_t a);
const char *openpgp_curve_to_oid (const char *name, unsigned int *r_nbits);
const char *openpgp_oid_to_curve (const char *oid);
const char *openpgp_enum_curves (int *idxp);
diff --git a/g10/ecdh.c b/g10/ecdh.c
index 9576a1c..a1b7ecf 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -134,9 +134,12 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
}
secret_x_size = (nbits+7)/8;
- assert (nbytes > secret_x_size);
- memmove (secret_x, secret_x+1, secret_x_size);
- memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
+ assert (nbytes >= secret_x_size);
+ if ((nbytes & 1))
+ /* Remove the "04" prefix of non-compressed format. */
+ memmove (secret_x, secret_x+1, secret_x_size);
+ if (nbytes - secret_x_size)
+ memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
if (DBG_CRYPTO)
log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size );
diff --git a/g10/keygen.c b/g10/keygen.c
index 796d18f..3eb8e73 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1520,6 +1520,13 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
(((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
&& (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
" transient-key" : ""));
+ else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519"))
+ keyparms = xtryasprintf
+ ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))",
+ strlen (curve), curve,
+ (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+ && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+ " transient-key" : ""));
else
keyparms = xtryasprintf
("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))",
@@ -2125,7 +2132,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
function may adjust. Returns a malloced string with the name of
the curve. BOTH tells that gpg creates a primary and subkey. */
static char *
-ask_curve (int *algo, int both)
+ask_curve (int *algo, int *subkey_algo)
{
struct {
const char *name;
@@ -2176,7 +2183,7 @@ ask_curve (int *algo, int both)
continue;
if (!gcry_pk_get_curve (keyparms, 0, NULL))
continue;
- if (both && curves[idx].fix_curve)
+ if (subkey_algo && curves[idx].fix_curve)
{
/* Both Curve 25519 keys are to be created. Check that
Libgcrypt also supports the real Curve25519. */
@@ -2241,6 +2248,11 @@ ask_curve (int *algo, int both)
if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA)
&& curves[idx].fix_curve)
{
+ if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA)
+ {
+ *subkey_algo = PUBKEY_ALGO_EDDSA;
+ result = xstrdup ("Ed25519");
+ }
*algo = PUBKEY_ALGO_EDDSA;
result = xstrdup ("Ed25519");
}
@@ -3672,7 +3684,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
{
- curve = ask_curve (&algo, both);
+ curve = ask_curve (&algo, &subkey_algo);
r = xmalloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE;
sprintf( r->u.value, "%d", algo);
@@ -3743,7 +3755,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
{
- curve = ask_curve (&algo, 0);
+ curve = ask_curve (&algo, NULL);
nbits = 0;
r = xmalloc_clear (sizeof *r + strlen (curve));
r->key = pKEYCURVE;
@@ -4292,7 +4304,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock)
else if (algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
- curve = ask_curve (&algo, 0);
+ curve = ask_curve (&algo, NULL);
else
nbits = ask_keysize (algo, 0);
diff --git a/g10/keyid.c b/g10/keyid.c
index 90d982e..cfdf29d 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -761,12 +761,20 @@ keygrip_from_pk (PKT_public_key *pk, unsigned char *array)
case PUBKEY_ALGO_ECDH:
{
char *curve = openpgp_oid_to_str (pk->pkey[0]);
+
if (!curve)
err = gpg_error_from_syserror ();
else
{
+ int with_eddsa_flag = 0;
+
+ if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+ || (pk->pubkey_algo == PUBKEY_ALGO_ECDH
+ && openpgp_oid_is_curve25519 (pk->pkey[0])))
+ with_eddsa_flag = 1;
+
err = gcry_sexp_build (&s_pkey, NULL,
- pk->pubkey_algo == PUBKEY_ALGO_EDDSA ?
+ with_eddsa_flag ?
"(public-key(ecc(curve%s)(flags eddsa)(q%m)))"
: "(public-key(ecc(curve%s)(q%m)))",
curve, pk->pkey[1]);
diff --git a/g10/misc.c b/g10/misc.c
index 9134b28..8f2d379 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -612,11 +612,11 @@ openpgp_pk_algo_usage ( int algo )
use = PUBKEY_USAGE_ENC;
break;
case PUBKEY_ALGO_DSA:
+ case PUBKEY_ALGO_ECDSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
- case PUBKEY_ALGO_ECDSA:
case PUBKEY_ALGO_EDDSA:
- use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
default:
break;
}
diff --git a/g10/pkglue.c b/g10/pkglue.c
index d72275b..7d78322 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -228,9 +228,13 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
rc = gpg_error_from_syserror ();
else
{
+ int with_eddsa_flag = openpgp_oid_is_curve25519 (pkey[0]);
+
/* Now use the ephemeral secret to compute the shared point. */
rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(ecdh(curve%s)(q%m)))",
+ with_eddsa_flag ?
+ "(public-key(ecdh(curve%s)(flags eddsa)(q%m)))"
+ : "(public-key(ecdh(curve%s)(q%m)))",
curve, pkey[1]);
xfree (curve);
/* Put K into a simplified S-expression. */
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index cb834af..fd7f812 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -250,8 +250,8 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
if(err)
goto leave;
- /* Reuse NFRAME, which size is sufficient to include the session key. */
- err = gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &nframe, decoded);
+ xfree (frame);
+ err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, decoded);
mpi_release (decoded);
if (err)
goto leave;
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index f5911f3..81e1590 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -151,6 +151,7 @@ enum
CURVE_NIST_P521,
CURVE_SEC_P256K1,
CURVE_ED25519,
+ CURVE_CURVE25519,
CURVE_UNKNOWN,
};
@@ -242,9 +243,6 @@ struct app_local_s {
struct {
int curve;
} ecc;
- struct {
- int curve;
- } eddsa;
};
} keyattr[3];
};
@@ -950,6 +948,11 @@ get_ecc_key_parameters (int curve, int *r_n_bits, const char **r_curve_oid)
*r_n_bits = 255;
*r_curve_oid = "1.3.6.1.4.1.11591.15.1";
}
+ else if (curve == CURVE_CURVE25519)
+ {
+ *r_n_bits = 255;
+ *r_curve_oid = "1.3.6.1.4.1.3029.1.5.1";
+ }
else
{
*r_n_bits = 0;
@@ -981,13 +984,13 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int number)
}
else if (app->app_local->keyattr[number].key_type == KEY_TYPE_EDDSA)
{
- get_ecc_key_parameters (app->app_local->keyattr[number].eddsa.curve,
+ get_ecc_key_parameters (app->app_local->keyattr[number].ecc.curve,
&n_bits, &curve_oid);
snprintf (buffer, sizeof buffer, "%d 22 %u %s",
number+1, n_bits, curve_oid);
}
else
- snprintf (buffer, sizeof buffer, "0 0 UNKNOWN");
+ snprintf (buffer, sizeof buffer, "%d 0 0 UNKNOWN", number+1);
send_status_direct (ctrl, keyword, buffer);
}
@@ -1304,6 +1307,8 @@ get_curve_name (int curve)
return "secp256k1";
else if (curve == CURVE_ED25519)
return "Ed25519";
+ else if (curve == CURVE_CURVE25519)
+ return "Curve25519";
else
return "unknown";
}
@@ -1477,6 +1482,8 @@ get_public_key (app_t app, int keyno)
}
/* Prepend numbers with a 0 if needed. */
if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_EDDSA
+ && !(app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC
+ && app->app_local->keyattr[keyno].ecc.curve == CURVE_CURVE25519)
&& mlen && (*m & 0x80))
{
*mbuf = 0;
@@ -1506,72 +1513,36 @@ get_public_key (app_t app, int keyno)
{
err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%b)(e%b)))",
(int)mlen, mbuf, (int)elen, ebuf);
- if (err)
- goto leave;
-
- len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
- keybuf = xtrymalloc (len);
- if (!keybuf)
- {
- gcry_sexp_release (s_pkey);
- err = gpg_error_from_syserror ();
- goto leave;
- }
- gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len);
- gcry_sexp_release (s_pkey);
}
- else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC)
+ else
{
+ /* ECDSA, ECDH or EdDSA */
const char *curve_name
= get_curve_name (app->app_local->keyattr[keyno].ecc.curve);
- err = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(ecc(curve%s)(q%b)))",
- curve_name, (int)mlen, mbuf);
- if (err)
- goto leave;
-
- len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-
- keybuf = xtrymalloc (len);
- if (!keybuf)
- {
- gcry_sexp_release (s_pkey);
- err = gpg_error_from_syserror ();
- goto leave;
- }
- gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len);
- gcry_sexp_release (s_pkey);
+ if (app->app_local->keyattr[keyno].ecc.curve == CURVE_ED25519
+ || app->app_local->keyattr[keyno].ecc.curve == CURVE_CURVE25519)
+ err = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(ecc(curve%s)(flags eddsa)(q%b)))",
+ curve_name, (int)mlen, mbuf);
+ else
+ err = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(ecc(curve%s)(q%b)))",
+ curve_name, (int)mlen, mbuf);
}
- else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_EDDSA)
- {
- const char *curve_name
- = get_curve_name (app->app_local->keyattr[keyno].eddsa.curve);
- err = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(ecc(curve%s)(flags eddsa)(q%b)))",
- curve_name, (int)mlen, mbuf);
- if (err)
- goto leave;
-
- len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-
- keybuf = xtrymalloc (len);
- if (!keybuf)
- {
- gcry_sexp_release (s_pkey);
- err = gpg_error_from_syserror ();
- goto leave;
- }
- gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len);
- gcry_sexp_release (s_pkey);
- }
- else
+ if (err)
+ goto leave;
+ len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
+ keybuf = xtrymalloc (len);
+ if (!keybuf)
{
- err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ gcry_sexp_release (s_pkey);
+ err = gpg_error_from_syserror ();
goto leave;
}
-
+ gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len);
+ gcry_sexp_release (s_pkey);
app->app_local->pk[keyno].key = (unsigned char*)keybuf;
app->app_local->pk[keyno].keylen = len - 1; /* Decrement for trailing '\0' */
@@ -3264,6 +3235,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
curve = CURVE_SEC_P256K1;
else if (tok && toklen == 7 && !memcmp (tok, "Ed25519", 7))
curve = CURVE_ED25519;
+ else if (tok && toklen == 10 && !memcmp (tok, "Curve25519", 10))
+ curve = CURVE_CURVE25519;
else
{
log_error (_("unsupported curve\n"));
@@ -3289,7 +3262,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
}
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
goto leave;
- if (tok && buf2 && curve != CURVE_ED25519)
+ if (tok && buf2
+ && curve != CURVE_ED25519 && curve != CURVE_CURVE25519)
/* It's MPI. Strip off leading zero bytes and save. */
for (;toklen && !*tok; toklen--, tok++)
;
@@ -3396,10 +3370,13 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
curve == CURVE_ED25519 ? KEY_TYPE_EDDSA : KEY_TYPE_ECC,
curve == CURVE_ED25519 ?
"\x09\x2b\x06\x01\x04\x01\xda\x47\x0f\x01"
+ : curve == CURVE_CURVE25519 ?
+ "\x0a\x2b\x06\x01\x04\x01\x97\x55\x01\x05\x01"
: curve == CURVE_NIST_P256 ?
"\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"
: "\x05\x2b\x81\x04\x00\x0a",
(size_t)(curve == CURVE_ED25519 ? 10
+ : curve == CURVE_CURVE25519 ? 11
: curve == CURVE_NIST_P256? 9 : 6),
ecc_q, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
if (err)
@@ -4396,6 +4373,8 @@ parse_ecc_curve (const unsigned char *buffer, size_t buflen)
curve = CURVE_SEC_P256K1;
else if (buflen == 9)
curve = CURVE_ED25519;
+ else if (buflen == 10)
+ curve = CURVE_CURVE25519;
else
curve = CURVE_UNKNOWN;
@@ -4470,12 +4449,12 @@ parse_algorithm_attribute (app_t app, int keyno)
else if (*buffer == 22) /* EdDSA */
{
app->app_local->keyattr[keyno].key_type = KEY_TYPE_EDDSA;
- app->app_local->keyattr[keyno].eddsa.curve
+ app->app_local->keyattr[keyno].ecc.curve
= parse_ecc_curve (buffer + 1, buflen - 1);
if (opt.verbose)
log_printf
("EdDSA, curve=%s\n",
- get_curve_name (app->app_local->keyattr[keyno].eddsa.curve));
+ get_curve_name (app->app_local->keyattr[keyno].ecc.curve));
}
else if (opt.verbose)
log_printhex ("", buffer, buflen);
--
More information about the Gnupg-devel
mailing list