Curve25519 support.

* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.

1 files changed, 6 insertions, 3 deletions

diff --git a/g10/ecdh.c b/g10/ecdh.c
index 9576a1c1a..a1b7ecfdc 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -134,9 +134,12 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
       }
 
     secret_x_size = (nbits+7)/8;
-    assert (nbytes > secret_x_size);
-    memmove (secret_x, secret_x+1, secret_x_size);
-    memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
+    assert (nbytes >= secret_x_size);
+    if ((nbytes & 1))
+      /* Remove the "04" prefix of non-compressed format.  */
+      memmove (secret_x, secret_x+1, secret_x_size);
+    if (nbytes - secret_x_size)
+      memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
 
     if (DBG_CRYPTO)
       log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size );