gpg: Add X448 support.

* common/openpgp-oid.c (oidtable): Add X448. (oid_x448,openpgp_oidbuf_is_x448,openpgp_oid_is_x448): New. * common/util.h (openpgp_oid_is_x448): New. * g10/ecdh.c (gen_k): Add handling of opaque MPI and support endianness. (pk_ecdh_generate_ephemeral_key): X448 requires opaque MPI. * g10/keygen.c (gen_ecc): Add support for X448. (ask_algo, parse_key_parameter_part): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-03 22:56:33 +02:00 · 2020-06-09 14:56:50 +09:00 · 2020-06-09 14:56:50 +09:00 · e9760eb9e7
commit e9760eb9e7
parent f5bc945554
4 changed files with 70 additions and 2 deletions
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@ -48,6 +48,7 @@ static struct {

  { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "cv25519", PUBKEY_ALGO_ECDH },
  { "Ed25519",    "1.3.6.1.4.1.11591.15.1", 255, "ed25519", PUBKEY_ALGO_EDDSA },
+  { "X448",       "1.3.101.111",            448, "x448",    PUBKEY_ALGO_ECDH },

  { "NIST P-256",      "1.2.840.10045.3.1.7",    256, "nistp256" },
  { "NIST P-384",      "1.3.132.0.34",           384, "nistp384" },
@ -71,6 +72,9 @@ static const char oid_ed25519[] =
 static const char oid_cv25519[] =
  { 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01 };

+/* The OID for X448 in OpenPGP format.  */
+static const char oid_x448[] = { 0x03, 0x2b, 0x65, 0x6f };
+
 /* A table to store keyalgo strings like "rsa2048 or "ed25519" so that
 * we do not need to allocate them.  This is currently a simple array
 * but may eventually be changed to a fast data structure.  Noet that
@ -334,6 +338,15 @@ openpgp_oidbuf_is_cv25519 (const void *buf, size_t len)
 }


+/* Return true if (BUF,LEN) represents the OID for X448.  */
+static int
+openpgp_oidbuf_is_x448 (const void *buf, size_t len)
+{
+  return (buf && len == DIM (oid_x448)
+          && !memcmp (buf, oid_x448, DIM (oid_x448)));
+}
+
+
 /* Return true if the MPI A represents the OID for Curve25519.  */
 int
 openpgp_oid_is_cv25519 (gcry_mpi_t a)
@ -349,6 +362,21 @@ openpgp_oid_is_cv25519 (gcry_mpi_t a)
 }


+/* Return true if the MPI A represents the OID for X448.  */
+int
+openpgp_oid_is_x448 (gcry_mpi_t a)
+{
+  const unsigned char *buf;
+  unsigned int nbits;
+
+  if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+    return 0;
+
+  buf = gcry_mpi_get_opaque (a, &nbits);
+  return openpgp_oidbuf_is_x448 (buf, (nbits+7)/8);
+}
+
+
 /* Map the Libgcrypt ECC curve NAME to an OID.  If R_NBITS is not NULL
   store the bit size of the curve there.  Returns NULL for unknown
   curve names.  If R_ALGO is not NULL and a specific ECC algorithm is