gpg,agent: Support Ed448 signing.

* agent/pksign.c (do_encode_eddsa): First argument is NBITs, so that it can support Ed448, as well as Ed25519. (agent_pksign_do): Follow the change. * agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed for Ed448, it's only for classic curves. * common/openpgp-oid.c (oidtable): Add Ed448. * common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA. * g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA. * g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448". (ask_algo, parse_key_parameter_part): Handle "ed448". * g10/pkglue.c (pk_verify): Support Ed448. (pk_check_secret_key): Support Ed448. * g10/sign.c (hash_for): Defaults to SHA512 for Ed448. (make_keysig_packet): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-02 22:46:30 +02:00 · 2020-06-24 10:05:03 +09:00 · 2020-06-24 10:05:03 +09:00 · a763bb2580
commit a763bb2580
parent c94eea15d6
8 changed files with 147 additions and 98 deletions
--- a/agent/pksign.c
+++ b/agent/pksign.c
@ -129,15 +129,20 @@ rfc6979_hash_algo_string (size_t mdlen)
 /* Encode a message digest for use with the EdDSA algorithm
   (i.e. curve Ed25519). */
 static gpg_error_t
-do_encode_eddsa (const byte *md, size_t mdlen, gcry_sexp_t *r_hash)
+do_encode_eddsa (size_t nbits, const byte *md, size_t mdlen,
+                 gcry_sexp_t *r_hash)
 {
  gpg_error_t err;
  gcry_sexp_t hash;
+  const char *fmt;
+
+  if (nbits == 448)
+    fmt = "(data(value %b))";
+  else
+    fmt = "(data(flags eddsa)(hash-algo sha512)(value %b))";

  *r_hash = NULL;
-  err = gcry_sexp_build (&hash, NULL,
-                         "(data(flags eddsa)(hash-algo sha512)(value %b))",
-                         (int)mdlen, md);
+  err = gcry_sexp_build (&hash, NULL, fmt, (int)mdlen, md);
  if (!err)
    *r_hash = hash;
  return err;
@ -482,7 +487,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,

      /* Put the hash into a sexp */
      if (algo == GCRY_PK_EDDSA)
-        err = do_encode_eddsa (data, datalen,
+        err = do_encode_eddsa (gcry_pk_get_nbits (s_skey), data, datalen,
                               &s_hash);
      else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
        err = do_encode_raw_pkcs1 (data, datalen,
--- a/agent/sexp-secret.c
+++ b/agent/sexp-secret.c
@ -83,6 +83,7 @@ fixup_when_ecc_private_key (unsigned char *buf, size_t *buflen_p)
            return gpg_error (GPG_ERR_INV_SEXP);
          else if (!*s /* Leading 0x00 added at the front for classic curve */
                   && strcmp (curve_name, "Ed25519")
+                   && strcmp (curve_name, "Ed448")
                   && strcmp (curve_name, "X448"))
            {
              size_t numsize;