gpgsm: Support key generation with ECC.

* sm/certreqgen.c (pKEYCURVE): New. (read_parameters): Add pKEYCURVE handling. (proc_parameters): Support ECC key generation. GnuPG-bug-id: 4888 Signed-off-by: NIIBE Yutaka <[email protected]>
author: NIIBE Yutaka <[email protected]> 2020-03-26 06:54:14 +0000
committer: NIIBE Yutaka <[email protected]> 2020-03-26 06:54:14 +0000
commit: 49ea53b755f0fef468055a1493e790735908f865 (patch)
tree: 15e0c926d333066e02ee11f81962f539edc909e8 /sm/certreqgen.c
parent: gpgsm: Remove restriction of key generation (only RSA). (diff)
download: gnupg-49ea53b755f0fef468055a1493e790735908f865.tar.gz
gnupg-49ea53b755f0fef468055a1493e790735908f865.zip
1 files changed, 37 insertions, 5 deletions
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 364afbef2..1ca5d6f2f 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -74,6 +74,7 @@ enum para_name
     pKEYTYPE,
     pKEYLENGTH,
     pKEYGRIP,
+    pKEYCURVE,
     pKEYUSAGE,
     pNAMEDN,
     pNAMEEMAIL,
@@ -236,6 +237,7 @@ read_parameters (ctrl_t ctrl, estream_t fp, estream_t out_fp)
     { "Key-Type",       pKEYTYPE},
     { "Key-Length",     pKEYLENGTH },
     { "Key-Grip",       pKEYGRIP },
+    { "Key-Curve",      pKEYCURVE },
     { "Key-Usage",      pKEYUSAGE },
     { "Name-DN",        pNAMEDN },
     { "Name-Email",     pNAMEEMAIL, 1 },
@@ -462,7 +464,10 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
   if (algo < 1 && !cardkeyid)
     {
       r = get_parameter (para, pKEYTYPE, 0);
-      log_error (_("line %d: invalid algorithm\n"), r ? r->lnr: -1);
+      if (r)
+        log_error (_("line %d: invalid algorithm\n"), r->lnr);
+      else
+        log_error ("No Key-Type specified\n");
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
 
@@ -719,10 +724,37 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
     }
   else if (!outctrl->dryrun) /* Generate new key.  */
     {
-      sprintf (numbuf, "%u", nbits);
-      snprintf ((char*)keyparms, DIM (keyparms),
-                "(6:genkey(3:rsa(5:nbits%d:%s)))",
-                (int)strlen (numbuf), numbuf);
+      if (algo == GCRY_PK_RSA)
+        {
+          sprintf (numbuf, "%u", nbits);
+          snprintf ((char*)keyparms, DIM (keyparms),
+                    "(6:genkey(3:rsa(5:nbits%d:%s)))",
+                    (int)strlen (numbuf), numbuf);
+        }
+      else if (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA)
+        {
+          const char *curve = get_parameter_value (para, pKEYCURVE, 0);
+          const char *flags;
+
+          if (algo == GCRY_PK_EDDSA)
+            flags = "(flags eddsa)";
+          else if (!strcmp (curve, "Curve25519"))
+            flags = "(flags djb-tweak)";
+          else
+            flags = "";
+
+          snprintf ((char*)keyparms, DIM (keyparms),
+                    "(genkey(ecc(curve %zu:%s)%s))",
+                    strlen (curve), curve, flags);
+        }
+      else
+        {
+          r = get_parameter (para, pKEYTYPE, 0);
+          log_error (_("line %d: invalid algorithm\n"), r->lnr);
+          xfree (sigkey);
+          xfree (cardkeyid);
+          return gpg_error (GPG_ERR_INV_PARAMETER);
+        }
       rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
       if (rc)
         {
author	NIIBE Yutaka <[email protected]>	2020-03-26 06:54:14 +0000
committer	NIIBE Yutaka <[email protected]>	2020-03-26 06:54:14 +0000
commit	49ea53b755f0fef468055a1493e790735908f865 (patch)
tree	15e0c926d333066e02ee11f81962f539edc909e8 /sm/certreqgen.c
parent	gpgsm: Remove restriction of key generation (only RSA). (diff)
download	gnupg-49ea53b755f0fef468055a1493e790735908f865.tar.gz gnupg-49ea53b755f0fef468055a1493e790735908f865.zip