Curve25519 support.

* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519. (convert_secret_key, convert_transfer_key): Ditto. * common/openpgp-oid.c (oidtable): Add Curve25519. (oid_crv25519, openpgp_oid_is_crv25519): New. * common/util.h (openpgp_oid_is_crv25519): New. * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case with Montgomery curve which uses x-only coordinate. * g10/keygen.c (gen_ecc): Handle Curve25519. (ask_curve): Change the API and second arg is to return subkey algo. (generate_keypair, generate_subkeypair): Follow chage of ask_curve. * g10/keyid.c (keygrip_from_pk): Handle Curve25519. * g10/pkglue.c (pk_encrypt): Handle Curve25519. * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve. * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New. (send_key_attr): Work with general ECC, Ed25519, and Curve25519. (get_public_key): Likewise. (ecc_writekey): Handle flag_djb_tweak. -- When libgcrypt has Curve25519, GnuPG now supports Curve25519.
2025-07-02 22:46:30 +02:00 · 2015-08-06 17:00:41 +09:00 · 2015-08-06 17:00:41 +09:00 · e5891a82c3
commit e5891a82c3
parent a6e4053089
9 changed files with 181 additions and 105 deletions
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@ -83,14 +83,25 @@ get_keygrip (int pubkey_algo, const char *curve, gcry_mpi_t *pkey,
    case GCRY_PK_ECC:
      if (!curve)
        err = gpg_error (GPG_ERR_BAD_SECKEY);
-      else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
-        err = gcry_sexp_build (&s_pkey, NULL,
-                               "(public-key(ecc(curve %s)(flags eddsa)(q%m)))",
-                               "Ed25519", pkey[0]);
      else
-        err = gcry_sexp_build (&s_pkey, NULL,
-                               "(public-key(ecc(curve %s)(q%m)))",
-                               curve, pkey[0]);
+        {
+          const char *format;
+
+          if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
+            {
+              format = "(public-key(ecc(curve %s)(flags eddsa)(q%m)))";
+              curve = "Ed25519";
+            }
+          else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL)))
+            {
+              format = "(public-key(ecc(curve %s)(flags djb-tweak)(q%m)))";
+              curve = "Curve25519";
+            }
+          else
+            format = "(public-key(ecc(curve %s)(q%m)))";
+
+          err = gcry_sexp_build (&s_pkey, NULL, format, curve, pkey[0]);
+        }
      break;

    default:
@ -146,19 +157,27 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
    case GCRY_PK_ECC:
      if (!curve)
        err = gpg_error (GPG_ERR_BAD_SECKEY);
-      else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
-        {
-          /* Do not store the OID as name but the real name and the
-             EdDSA flag.  */
-          err = gcry_sexp_build (&s_skey, NULL,
-                                 "(private-key(ecc(curve%s)(flags eddsa)"
-                                 "(q%m)(d%m)))",
-                                 "Ed25519", skey[0], skey[1]);
-        }
      else
-        err = gcry_sexp_build (&s_skey, NULL,
-                               "(private-key(ecc(curve%s)(q%m)(d%m)))",
-                               curve, skey[0], skey[1]);
+        {
+          const char *format;
+
+          if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
+            {
+              /* Do not store the OID as name but the real name and the
+                 EdDSA flag.  */
+              format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))";
+              curve = "Ed25519";
+            }
+          else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL)))
+            {
+              format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))";
+              curve = "Curve25519";
+            }
+          else
+            format = "(private-key(ecc(curve %s)(q%m)(d%m)))";
+
+          err = gcry_sexp_build (&s_skey, NULL, format, curve, skey[0], skey[1]);
+        }
      break;

    default:
@ -216,22 +235,30 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
    case GCRY_PK_ECC:
      if (!curve)
        err = gpg_error (GPG_ERR_BAD_SECKEY);
-      else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
-        {
-          /* Do not store the OID as name but the real name and the
-             EdDSA flag.  */
-          err = gcry_sexp_build
-            (&s_skey, NULL,
-             "(protected-private-key(ecc(curve%s)(flags eddsa)(q%m)"
-             "(protected openpgp-native%S)))",
-             "Ed25519", skey[0], transfer_key);
-        }
      else
-        err = gcry_sexp_build
-          (&s_skey, NULL,
-           "(protected-private-key(ecc(curve%s)(q%m)"
-           "(protected openpgp-native%S)))",
-           curve, skey[0], transfer_key);
+        {
+          const char *format;
+
+          if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL)))
+            {
+              /* Do not store the OID as name but the real name and the
+                 EdDSA flag.  */
+              format = "(protected-private-key(ecc(curve %s)(flags eddsa)(q%m)"
+                "(protected openpgp-native%S)))";
+              curve = "Ed25519";
+            }
+          else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL)))
+            {
+              format = "(protected-private-key(ecc(curve %s)(flags djb-tweak)(q%m)"
+                "(protected openpgp-native%S)))";
+              curve = "Curve25519";
+            }
+          else
+              format = "(protected-private-key(ecc(curve %s)(q%m)"
+                "(protected openpgp-native%S)))";
+
+          err = gcry_sexp_build (&s_skey, NULL, format, curve, skey[0], transfer_key);
+        }
      break;

    default: