From 1524a942b645d9facbedd9ed4a472e343838b6a1 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Mon, 22 Mar 2021 16:57:18 +0900 Subject: [PATCH] gpg: Support exporting Ed448 SSH key. * common/openpgp-oid.c (oid_ed448, openpgp_oidbuf_is_ed448): New. (openpgp_oid_is_ed448): New. * common/util.h (openpgp_oid_is_ed448): New. * g10/export.c (export_one_ssh_key): Support Ed448 key. Signed-off-by: NIIBE Yutaka --- common/openpgp-oid.c | 28 ++++++++++++++++++++++++++++ common/util.h | 1 + g10/export.c | 12 ++++++++---- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index ded7b0f7a..0189407f8 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -83,6 +83,10 @@ static const char oid_cv25519[] = */ static const char oid_cv448[] = { 0x03, 0x2b, 0x65, 0x6f }; +/* The OID for Ed448 in OpenPGP format. */ +static const char oid_ed448[] = { 0x03, 0x2b, 0x65, 0x71 }; + + /* A table to store keyalgo strings like "rsa2048 or "ed25519" so that * we do not need to allocate them. This is currently a simple array * but may eventually be changed to a fast data structure. Noet that @@ -346,6 +350,15 @@ openpgp_oidbuf_is_cv25519 (const void *buf, size_t len) } +/* Return true if (BUF,LEN) represents the OID for Ed448. */ +static int +openpgp_oidbuf_is_ed448 (const void *buf, size_t len) +{ + return (buf && len == DIM (oid_ed448) + && !memcmp (buf, oid_ed448, DIM (oid_ed448))); +} + + /* Return true if (BUF,LEN) represents the OID for X448. */ static int openpgp_oidbuf_is_cv448 (const void *buf, size_t len) @@ -370,6 +383,21 @@ openpgp_oid_is_cv25519 (gcry_mpi_t a) } +/* Return true if the MPI A represents the OID for Ed448. */ +int +openpgp_oid_is_ed448 (gcry_mpi_t a) +{ + const unsigned char *buf; + unsigned int nbits; + + if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)) + return 0; + + buf = gcry_mpi_get_opaque (a, &nbits); + return openpgp_oidbuf_is_ed448 (buf, (nbits+7)/8); +} + + /* Return true if the MPI A represents the OID for X448. */ int openpgp_oid_is_cv448 (gcry_mpi_t a) diff --git a/common/util.h b/common/util.h index 56187f1e0..89cde696e 100644 --- a/common/util.h +++ b/common/util.h @@ -245,6 +245,7 @@ int openpgp_oid_is_ed25519 (gcry_mpi_t a); int openpgp_oidbuf_is_cv25519 (const void *buf, size_t len); int openpgp_oid_is_cv25519 (gcry_mpi_t a); int openpgp_oid_is_cv448 (gcry_mpi_t a); +int openpgp_oid_is_ed448 (gcry_mpi_t a); const char *openpgp_curve_to_oid (const char *name, unsigned int *r_nbits, int *r_algo); const char *openpgp_oid_to_curve (const char *oid, int canon); diff --git a/g10/export.c b/g10/export.c index ac12ccddb..98c4623cf 100644 --- a/g10/export.c +++ b/g10/export.c @@ -2195,7 +2195,6 @@ export_one_ssh_key (estream_t fp, PKT_public_key *pk) gpg_error_t err; const char *identifier = NULL; membuf_t mb; - struct b64state b64_state; void *blob; size_t bloblen; @@ -2245,13 +2244,18 @@ export_one_ssh_key (estream_t fp, PKT_public_key *pk) break; case PUBKEY_ALGO_EDDSA: - if (!openpgp_oid_is_ed25519 (pk->pkey[0])) - err = gpg_error (GPG_ERR_UNKNOWN_CURVE); - else + if (openpgp_oid_is_ed25519 (pk->pkey[0])) { identifier = "ssh-ed25519"; err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); } + else if (openpgp_oid_is_ed448 (pk->pkey[0])) + { + identifier = "ssh-ed448"; + err = key_to_sshblob (&mb, identifier, pk->pkey[1], NULL); + } + else + err = gpg_error (GPG_ERR_UNKNOWN_CURVE); break; case PUBKEY_ALGO_ELGAMAL_E: