Invalid keys when switching smartcard from ed25519 to other curves

Trevor Bentley trevor at yubico.com
Mon Mar 25 15:19:47 CET 2019


Just want to follow up on this again and see if anybody has any 
opinions.  I have included a small patch to fix it:


-- >8 --
Subject: [PATCH] gpg: Don't use EdDSA algo ID for ECDSA curves.

* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.
---

Fixes a bug that causes a slot to get stuck reporting itself as EdDSA
when the curve has changed to ECDSA.  If a smartcard did not override
the algo that gpg sent it, gpg would get confused about an ECDSA curve
with an EdDSA algo ID, and would generate invalid public keys.
---
  g10/keygen.c | 25 ++++++++++++++++++-------
  1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/g10/keygen.c b/g10/keygen.c
index 64fefd231..943b40110 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2507,14 +2507,25 @@ ask_curve (int *algo, int *subkey_algo, const 
char *current)
        else
          {
            /* If the user selected a signing algorithm and Curve25519
-             we need to set the algo to EdDSA and update the curve name. */
-          if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA)
-              && curves[idx].eddsa_curve)
+             we need to set the algo to EdDSA and update the curve name.
+             If switching away from EdDSA, we need to set the algo back
+             to ECDSA. */
+          if (*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA)
              {
-              if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA)
-                *subkey_algo = PUBKEY_ALGO_EDDSA;
-              *algo = PUBKEY_ALGO_EDDSA;
-              result = curves[idx].eddsa_curve;
+              if (curves[idx].eddsa_curve)
+                {
+                  if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA)
+                    *subkey_algo = PUBKEY_ALGO_EDDSA;
+                  *algo = PUBKEY_ALGO_EDDSA;
+                  result = curves[idx].eddsa_curve;
+                }
+              else
+                {
+                  if (subkey_algo && *subkey_algo == PUBKEY_ALGO_EDDSA)
+                    *subkey_algo = PUBKEY_ALGO_ECDSA;
+                  *algo = PUBKEY_ALGO_ECDSA;
+                  result = curves[idx].name;
+                }
              }
            else
              result = curves[idx].name;
--
2.20.1



More information about the Gnupg-devel mailing list