openpgp: Use only Derive mechanism for curve25519 keys
This commit is contained in:
parent
5d5c391793
commit
a965829f52
|
@ -819,9 +819,11 @@ pgp_get_card_features(sc_card_t *card)
|
||||||
/* The montgomery curve (curve25519) needs to go through
|
/* The montgomery curve (curve25519) needs to go through
|
||||||
* different paths, otherwise we handle it as a normal EC key */
|
* different paths, otherwise we handle it as a normal EC key */
|
||||||
if (sc_compare_oid(&key_info.u.ec.oid, &curve25519_oid)) {
|
if (sc_compare_oid(&key_info.u.ec.oid, &curve25519_oid)) {
|
||||||
|
/* CKM_XEDDSA supports both Sign and Derive, but
|
||||||
|
* OpenPGP card supports only derivation using these
|
||||||
|
* keys as far as I know */
|
||||||
_sc_card_add_xeddsa_alg(card, key_info.u.ec.key_length,
|
_sc_card_add_xeddsa_alg(card, key_info.u.ec.key_length,
|
||||||
(SC_ALGORITHM_XEDDSA_RAW | SC_ALGORITHM_ECDH_CDH_RAW),
|
SC_ALGORITHM_ECDH_CDH_RAW, 0, &key_info.u.ec.oid);
|
||||||
0, &key_info.u.ec.oid);
|
|
||||||
|
|
||||||
sc_log(card->ctx, "DO %zX: Added XEDDSA algorithm (%d), mod_len = %d" ,
|
sc_log(card->ctx, "DO %zX: Added XEDDSA algorithm (%d), mod_len = %d" ,
|
||||||
i, key_info.algorithm, key_info.u.ec.key_length);
|
i, key_info.algorithm, key_info.u.ec.key_length);
|
||||||
|
@ -2188,6 +2190,9 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
|
||||||
break;
|
break;
|
||||||
case 0x01:
|
case 0x01:
|
||||||
default:
|
default:
|
||||||
|
/* From PKCS #11 point of view, we should be able to use
|
||||||
|
* curve25519 to do digital signature, but it is not how it
|
||||||
|
* is used in OpenGPG so we will not allow it here */
|
||||||
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS,
|
||||||
"invalid key reference");
|
"invalid key reference");
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue