gpg,agent: Support Ed448 signing.

* agent/pksign.c (do_encode_eddsa): First argument is NBITs, so that it can support Ed448, as well as Ed25519. (agent_pksign_do): Follow the change. * agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed for Ed448, it's only for classic curves. * common/openpgp-oid.c (oidtable): Add Ed448. * common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA. * g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA. * g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448". (ask_algo, parse_key_parameter_part): Handle "ed448". * g10/pkglue.c (pk_verify): Support Ed448. (pk_check_secret_key): Support Ed448. * g10/sign.c (hash_for): Defaults to SHA512 for Ed448. (make_keysig_packet): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-02 22:46:30 +02:00 · 2020-06-24 10:05:03 +09:00 · 2020-06-24 10:05:03 +09:00 · a763bb2580
commit a763bb2580
parent c94eea15d6
8 changed files with 147 additions and 98 deletions
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1750,16 +1750,25 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
    curve = "Ed25519";
  else if (!ascii_strcasecmp (curve, "cv448"))
    curve = "X448";
+  else if (!ascii_strcasecmp (curve, "ed448"))
+    curve = "Ed448";

  /* Note that we use the "comp" flag with EdDSA to request the use of
     a 0x40 compression prefix octet.  */
-  if (algo == PUBKEY_ALGO_EDDSA)
+  if (algo == PUBKEY_ALGO_EDDSA && !strcmp (curve, "Ed25519"))
    keyparms = xtryasprintf
      ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))",
       strlen (curve), curve,
       (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
         && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
        " transient-key" : ""));
+  else if (algo == PUBKEY_ALGO_EDDSA && !strcmp (curve, "Ed448"))
+    keyparms = xtryasprintf
+      ("(genkey(ecc(curve %zu:%s)(flags comp%s)))",
+       strlen (curve), curve,
+       (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+         && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+        " transient-key" : ""));
  else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519"))
    keyparms = xtryasprintf
      ("(genkey(ecc(curve %zu:%s)(flags djb-tweak comp%s)))",
@ -2326,6 +2335,8 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
                    {
                      if (!strcmp (algostr, "ed25519"))
                        kpi->algo = PUBKEY_ALGO_EDDSA;
+                      else if (!strcmp (algostr, "ed448"))
+                        kpi->algo = PUBKEY_ALGO_EDDSA;
                      else if (!strcmp (algostr, "cv25519"))
                        kpi->algo = PUBKEY_ALGO_ECDH;
                      else if (!strcmp (algostr, "cv448"))
@ -3481,6 +3492,8 @@ parse_key_parameter_part (ctrl_t ctrl,
            {
              if (!strcmp (algostr, "ed25519"))
                algo = PUBKEY_ALGO_EDDSA;
+              else if (!strcmp (algostr, "ed448"))
+                kpi->algo = PUBKEY_ALGO_EDDSA;
              else if (!strcmp (algostr, "cv25519"))
                algo = PUBKEY_ALGO_ECDH;
              else if (!strcmp (algostr, "cv448"))
@ -3611,6 +3624,7 @@ parse_key_parameter_part (ctrl_t ctrl,
 *   dsa2048 := DSA with 2048 bit.
 *   elg2048 := Elgamal with 2048 bit.
 *   ed25519 := EDDSA using curve Ed25519.
+ *   ed448   := EDDSA using curve Ed448.
 *   cv25519 := ECDH using curve Curve25519.
 *   cv448   := ECDH using curve X448.
 *   nistp256:= ECDSA or ECDH using curve NIST P-256