File g10-allow-ECC-added-keys-for-authentication-and-sign.patch of Package gpg2
From c0a7a33ab3206f16fd6b3a4db3d81adaec2bc583 Mon Sep 17 00:00:00 2001
From: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: Sun, 16 Jul 2023 08:33:26 -0400
Subject: [PATCH] g10: allow ECC added keys for authentication and signing
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
common/sexputil.c | 18 ++++++++++++++++--
g10/keygen.c | 9 ++++++++-
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/common/sexputil.c b/common/sexputil.c
index c7471be85..ecee217db 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -1048,12 +1048,26 @@ int
get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen)
{
gcry_sexp_t sexp;
- int algo;
+ enum gcry_pk_algos algo;
+ char *algostr;
if (gcry_sexp_sscan (&sexp, NULL, keydata, keydatalen))
return 0;
- algo = get_pk_algo_from_key (sexp);
+ algostr = pubkey_algo_string (sexp, &algo);
+ if (algo == GCRY_PK_ECC)
+ {
+ if (!strcmp (algostr, "ed25519"))
+ algo = PUBKEY_ALGO_EDDSA;
+ else if (!strcmp (algostr, "ed448"))
+ algo = PUBKEY_ALGO_EDDSA;
+ else if (!strcmp (algostr, "cv25519"))
+ algo = PUBKEY_ALGO_ECDH;
+ else if (!strcmp (algostr, "cv448"))
+ algo = PUBKEY_ALGO_ECDH;
+ /* cannot determine other ECC keys without knowing usage */
+ }
+ xfree (algostr);
gcry_sexp_release (sexp);
return algo;
}
diff --git a/g10/keygen.c b/g10/keygen.c
index 1605bff89..145218b62 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2257,7 +2257,14 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
xfree (keygrip);
keygrip = answer;
answer = NULL;
- *r_usage = ask_key_flags (algo, addmode, 0);
+ if (algo == GCRY_PK_ECC)
+ {
+ *r_usage = ask_key_flags (algo, addmode, ~0);
+ if (*r_usage & (PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH))
+ algo = PUBKEY_ALGO_ECDSA;
+ }
+ else
+ *r_usage = ask_key_flags (algo, addmode, 0);
break;
}
else if ((algo == 14 || !strcmp (answer, "cardkey")) && r_keygrip)
--
2.35.3
