From 34b628db4618a8712536aea695f934b0286e7b18 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 8 May 2020 14:14:01 +0200
Subject: [PATCH] sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.

* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA.  Use new pubkey
algo name function

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 common/sexputil.c  | 17 +++++++++++++++++
 common/util.h      |  1 +
 sm/certcheck.c     |  8 +++-----
 sm/certreqgen-ui.c |  4 +++-
 sm/gpgsm.c         |  1 +
 sm/verify.c        |  8 ++++++--
 6 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/common/sexputil.c b/common/sexputil.c
index 89e63a765..66cd9f60e 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -642,6 +642,23 @@ pubkey_algo_string (gcry_sexp_t s_pkey, enum gcry_pk_algos *r_algoid)
 }
 
 
+/* Map a pubkey algo id from gcrypt to a string.  This is the same as
+ * gcry_pk_algo_name but makes sure that the ECC algo identifiers are
+ * not all mapped to "ECC".  */
+const char *
+pubkey_algo_to_string (int algo)
+{
+  if (algo == GCRY_PK_ECDSA)
+    return "ECDSA";
+  else if (algo == GCRY_PK_ECDH)
+    return "ECDH";
+  else if (algo == GCRY_PK_EDDSA)
+    return "EdDSA";
+  else
+    return gcry_pk_algo_name (algo);
+}
+
+
 /* Map a hash algo id from gcrypt to a string.  This is the same as
  * gcry_md_algo_name but the returned string is lower case, as
  * expected by libksba and it avoids some overhead.  */
diff --git a/common/util.h b/common/util.h
index d22a1bf60..f2b4306c3 100644
--- a/common/util.h
+++ b/common/util.h
@@ -202,6 +202,7 @@ int get_pk_algo_from_key (gcry_sexp_t key);
 int get_pk_algo_from_canon_sexp (const unsigned char *keydata,
                                  size_t keydatalen);
 char *pubkey_algo_string (gcry_sexp_t s_pkey, enum gcry_pk_algos *r_algoid);
+const char *pubkey_algo_to_string (int algo);
 const char *hash_algo_to_string (int algo);
 
 /*-- convert.c --*/
diff --git a/sm/certcheck.c b/sm/certcheck.c
index 14f78dbe6..ad70f2781 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -74,11 +74,11 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
   size_t nframe;
   unsigned char *frame;
 
-  if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA)
+  if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
     {
       unsigned int qbits;
 
-      if ( pkalgo == GCRY_PK_ECDSA )
+      if ( pkalgo == GCRY_PK_ECC )
         qbits = gcry_pk_get_nbits (pkey);
       else
         qbits = get_dsa_qbits (pkey);
@@ -210,10 +210,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey)
     algo = GCRY_PK_RSA;
   else if (n==3 && !memcmp (name, "dsa", 3))
     algo = GCRY_PK_DSA;
-  /* Because this function is called only for verification we can
-     assume that ECC actually means ECDSA.  */
   else if (n==3 && !memcmp (name, "ecc", 3))
-    algo = GCRY_PK_ECDSA;
+    algo = GCRY_PK_ECC;
   else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
     algo = GCRY_PK_RSA;
   else
diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c
index ae9ec35d0..e508079b4 100644
--- a/sm/certreqgen-ui.c
+++ b/sm/certreqgen-ui.c
@@ -113,7 +113,9 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip)
     case GCRY_PK_RSA:   return "RSA";
     case GCRY_PK_DSA:   return "DSA";
     case GCRY_PK_ELG:   return "ELG";
-    case GCRY_PK_EDDSA: return "ECDSA";
+    case GCRY_PK_ECC:   return "ECC";
+    case GCRY_PK_ECDSA: return "ECDSA";
+    case GCRY_PK_EDDSA: return "EdDSA";
     default: return NULL;
     }
 }
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index ef3fe91b8..057ef50a1 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -510,6 +510,7 @@ our_pk_test_algo (int algo)
     {
     case GCRY_PK_RSA:
     case GCRY_PK_ECDSA:
+    case GCRY_PK_EDDSA:
       return gcry_pk_test_algo (algo);
     default:
       return 1;
diff --git a/sm/verify.c b/sm/verify.c
index ecc3a7c1f..69ba3bd4c 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -457,13 +457,17 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
       pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
       pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
       pkalgo = gpgsm_get_key_algo_info (cert, &nbits);
+      /* Remap the ECC algo to the algo we use.  Note that EdDSA has
+       * already been mapped.  */
+      if (pkalgo == GCRY_PK_ECC)
+        pkalgo = GCRY_PK_ECDSA;
 
       /* Print infos about the signature.  */
       log_info (_("Signature made "));
       if (*sigtime)
         {
           /* We take the freedom as noted in RFC3339 to use a space
-           * instead of the :T" delimiter between date and time..  We
+           * instead of the "T" delimiter between date and time.  We
            * also append a separate UTC instead of a "Z" or "+00:00"
            * suffix because that makes it clear to everyone what kind
            * of time this is.  */
@@ -477,7 +481,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
         {
           log_info (_("algorithm:"));
           log_printf (" %s + %s",
-                      gcry_pk_algo_name (pkalgo),
+                      pubkey_algo_to_string (pkalgo),
                       gcry_md_algo_name (sigval_hash_algo));
           if (algo != sigval_hash_algo)
             log_printf (" (%s)", gcry_md_algo_name (algo));