common,gpg,scd,sm: Fix for Curve25519 OID supporting new and old.

* common/util.h (openpgp_curve_to_oid): Add new argument to select OID by OpenPGP version. * common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning selected OID for Curve25519. * common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change, selecting by the version. * g10/export.c (match_curve_skey_pk): Likewise. (transfer_format_to_openpgp): Likewise. * g10/gpg.c (list_config): Likewise, print new OID. * g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version. * sm/encrypt.c (ecdh_encrypt): Likewise, don't care. * sm/minip12.c (build_ecc_key_sequence): Likewise, new OID. * scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't care. (ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise, old OID. -- GnuPG-bug-id: 7316 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-02 22:46:30 +02:00 · 2024-10-08 15:25:41 +09:00 · 2024-10-08 15:25:41 +09:00 · 57dce1ee62
commit 57dce1ee62
parent f5703994d4
9 changed files with 28 additions and 19 deletions
--- a/common/openpgp-fpr.c
+++ b/common/openpgp-fpr.c
@ -231,7 +231,8 @@ compute_openpgp_fpr_ecc (int keyversion, unsigned long timestamp,
  unsigned char nbits_q[2];
  unsigned int n;

-  curveoidstr = openpgp_curve_to_oid (curvename, &curvebits, &pgpalgo);
+  curveoidstr = openpgp_curve_to_oid (curvename, &curvebits, &pgpalgo,
+                                      (keyversion > 4));
  err = openpgp_oid_from_str (curveoidstr, &curveoid);
  if (err)
    goto leave;
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@ -443,9 +443,11 @@ openpgp_oid_is_cv448 (gcry_mpi_t a)
   curve names.  If R_ALGO is not NULL and a specific ECC algorithm is
   required for this curve its OpenPGP algorithm number is stored
   there; otherwise 0 is stored which indicates that ECDSA or ECDH can
-   be used. */
+   be used.  SELECTOR specifies which OID should be returned: -1 for
+   don't care, 0 for old OID, 1 for new OID.  */
 const char *
-openpgp_curve_to_oid (const char *name, unsigned int *r_nbits, int *r_algo)
+openpgp_curve_to_oid (const char *name, unsigned int *r_nbits, int *r_algo,
+                      int selector)
 {
  int i;
  unsigned int nbits = 0;
@ -479,6 +481,14 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits, int *r_algo)
        }
    }

+  /* Special handling for Curve25519, where we have two valid OIDs.  */
+  if (algo && i == 0)
+    {
+      /* Select new OID, if wanted.  */
+      if (selector > 0)
+        oidstr = oidtable[2].oidstr;
+    }
+
  if (r_nbits)
    *r_nbits = nbits;
  if (r_algo)
--- a/common/util.h
+++ b/common/util.h
@ -230,7 +230,8 @@ int openpgp_oid_is_cv448 (gcry_mpi_t a);
 int openpgp_oid_is_ed448 (gcry_mpi_t a);
 enum gcry_kem_algos openpgp_oid_to_kem_algo (const char *oidname);
 const char *openpgp_curve_to_oid (const char *name,
-                                  unsigned int *r_nbits, int *r_algo);
+                                  unsigned int *r_nbits, int *r_algo,
+                                  int selector);
 const char *openpgp_oid_to_curve (const char *oid, int mode);
 const char *openpgp_oid_or_name_to_curve (const char *oidname, int canon);
 const char *openpgp_enum_curves (int *idxp);