From 74a79bed4ba68f43cd02fcf6e0fca5cb5a98b645 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 4 Jun 2020 18:50:37 +0900
Subject: [PATCH] ecc-sos,gpg: More fixes for SOS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/parse-packet.c |  3 ++-
 g10/pkglue.c       | 37 ++++++++++++++++++++++++++++++++++++-
 g10/pkglue.h       |  2 ++
 g10/sign.c         |  7 ++++---
 4 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 14116f062..e2a300d2c 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2352,7 +2352,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       for (i = 0; i < ndata; i++)
 	{
 	  n = pktlen;
-          if (sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
+          if (sig->pubkey_algo == PUBKEY_ALGO_ECDSA
+              || sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
             sig->data[i] = sos_read (inp, &n, 0);
           else
             sig->data[i] = mpi_read (inp, &n, 0);
diff --git a/g10/pkglue.c b/g10/pkglue.c
index 747159759..e89f3647e 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -47,6 +47,41 @@ get_mpi_from_sexp (gcry_sexp_t sexp, const char *item, int mpifmt)
 }
 
 
+gcry_mpi_t
+get_sos_from_sexp (gcry_sexp_t sexp, const char *item)
+{
+  gcry_sexp_t list;
+  size_t buflen;
+  void *p0;
+  gcry_mpi_t sos;
+  unsigned int nbits;
+  unsigned char *p;
+
+  list = gcry_sexp_find_token (sexp, item, 0);
+  log_assert (list);
+  p0 = gcry_sexp_nth_buffer (list, 1, &buflen);
+  log_assert (p0);
+  nbits = buflen*8;
+  p = p0;
+
+  if (nbits >= 8 && !(*p & 0x80))
+    if (--nbits >= 7 && !(*p & 0x40))
+      if (--nbits >= 6 && !(*p & 0x20))
+        if (--nbits >= 5 && !(*p & 0x10))
+          if (--nbits >= 4 && !(*p & 0x08))
+            if (--nbits >= 3 && !(*p & 0x04))
+              if (--nbits >= 2 && !(*p & 0x02))
+                if (--nbits >= 1 && !(*p & 0x01))
+                  --nbits;
+
+  sos = gcry_mpi_set_opaque (NULL, p0, nbits);
+  log_assert (sos);
+  gcry_sexp_release (list);
+  gcry_mpi_set_flag (sos, GCRYMPI_FLAG_USER2);
+  return sos;
+}
+
+
 static byte *
 get_data_from_sexp (gcry_sexp_t sexp, const char *item, size_t *r_size)
 {
@@ -360,7 +395,7 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
 
       /* Get the shared point and the ephemeral public key.  */
       shared = get_data_from_sexp (s_ciph, "s", &nshared);
-      public = get_mpi_from_sexp (s_ciph, "e", GCRYMPI_FMT_OPAQUE);
+      public = get_sos_from_sexp (s_ciph, "e");
       if (DBG_CRYPTO)
         {
           log_debug ("ECDH ephemeral key:");
diff --git a/g10/pkglue.h b/g10/pkglue.h
index 93f998937..76af55695 100644
--- a/g10/pkglue.h
+++ b/g10/pkglue.h
@@ -24,6 +24,8 @@
 
 /*-- pkglue.c --*/
 gcry_mpi_t get_mpi_from_sexp (gcry_sexp_t sexp, const char *item, int mpifmt);
+gcry_mpi_t get_sos_from_sexp (gcry_sexp_t sexp, const char *item);
+
 
 int pk_verify (pubkey_algo_t algo, gcry_mpi_t hash, gcry_mpi_t *data,
                gcry_mpi_t *pkey);
diff --git a/g10/sign.c b/g10/sign.c
index 90466e9bc..6b69851f7 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -505,10 +505,11 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
       else if (pksk->pubkey_algo == GCRY_PK_RSA
                || pksk->pubkey_algo == GCRY_PK_RSA_S)
         sig->data[0] = get_mpi_from_sexp (s_sigval, "s", GCRYMPI_FMT_USG);
-      else if (openpgp_oid_is_ed25519 (pksk->pkey[0]))
+      else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
+               || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA)
         {
-          sig->data[0] = get_mpi_from_sexp (s_sigval, "r", GCRYMPI_FMT_OPAQUE);
-          sig->data[1] = get_mpi_from_sexp (s_sigval, "s", GCRYMPI_FMT_OPAQUE);
+          sig->data[0] = get_sos_from_sexp (s_sigval, "r");
+          sig->data[1] = get_sos_from_sexp (s_sigval, "s");
         }
       else
         {