diff options
| author | NIIBE Yutaka <[email protected]> | 2020-06-24 01:05:03 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2020-06-24 01:05:03 +0000 |
| commit | a763bb2580b0d586a80b8ccd3654f41e49604f4f (patch) | |
| tree | 1e32c6510eb9a990bdea02d8b660077858c81fb3 /g10/sign.c | |
| parent | ecc: Use "cv448" to specify key using X448. (diff) | |
| download | gnupg-a763bb2580b0d586a80b8ccd3654f41e49604f4f.tar.gz gnupg-a763bb2580b0d586a80b8ccd3654f41e49604f4f.zip | |
gpg,agent: Support Ed448 signing.
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
Diffstat (limited to 'g10/sign.c')
| -rw-r--r-- | g10/sign.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/g10/sign.c b/g10/sign.c index 8f72d8102..d6c938acc 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -630,7 +630,7 @@ match_dsa_hash (unsigned int qbytes) usable for the pubkey algorithm. If --personal-digest-prefs isn't set, then take the OpenPGP default (i.e. SHA-1). - Note that Ed25519+EdDSA takes an input of arbitrary length and thus + Note that EdDSA takes an input of arbitrary length and thus we don't enforce any particular algorithm like we do for standard ECDSA. However, we use SHA256 as the default algorithm. @@ -649,13 +649,15 @@ hash_for (PKT_public_key *pk) { return recipient_digest_algo; } - else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA - && openpgp_oid_is_ed25519 (pk->pkey[0])) + else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA) { if (opt.personal_digest_prefs) return opt.personal_digest_prefs[0].value; else - return DIGEST_ALGO_SHA256; + if (gcry_mpi_get_nbits (pk->pkey[1]) > 256) + return DIGEST_ALGO_SHA512; + else + return DIGEST_ALGO_SHA256; } else if (pk->pubkey_algo == PUBKEY_ALGO_DSA || pk->pubkey_algo == PUBKEY_ALGO_ECDSA) @@ -1742,14 +1744,15 @@ make_keysig_packet (ctrl_t ctrl, digest_algo = opt.cert_digest_algo; else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA) /* Meet DSA requirements. */ digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8); - else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA /* Meet ECDSA requirements. */ - || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA) + else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA) /* Meet ECDSA requirements. */ + digest_algo = match_dsa_hash + (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8); + else if (pksk->pubkey_algo == PUBKEY_ALGO_EDDSA) { - if (openpgp_oid_is_ed25519 (pksk->pkey[0])) - digest_algo = DIGEST_ALGO_SHA256; + if (gcry_mpi_get_nbits (pksk->pkey[1]) > 256) + digest_algo = DIGEST_ALGO_SHA512; else - digest_algo = match_dsa_hash - (ecdsa_qbits_from_Q (gcry_mpi_get_nbits (pksk->pkey[1]))/8); + digest_algo = DIGEST_ALGO_SHA256; } else /* Use the default. */ digest_algo = DEFAULT_DIGEST_ALGO; |