Support point compression in Libgcrypt
Open, NormalPublic

Description

Given that the patents on point compression expired a few years ago, Libgcrypt should support standard point compression. In particular gcry_mpi_ec_get_mpi should support it, so that we can put a compressed point into the subjectKeyIdentifier as generated by gpgsm.

werner created this task.May 19 2020, 2:25 PM

We will need this for 1.9

gniibe added a subscriber: gniibe.EditedFri, Jul 10, 3:40 AM

What kind of API should we offer?
(1) offering something like q@comp name for gcry_mpi_ec_get_mpi
But...
If the intended use case will be in create_request function in gpg/sm/certreqgen.c, the 'q' is already generated in the form of SEXP.
It is up to an application (gpgsm), to convert non-compressed point representation to compressed point representation, here.

(2) keygen supporting (flag comp) for classic curves to ask compressed point representation for q, and support of compressed point representation for other places.

Perhaps, (2)?

I'm afraid this will introduce requirement of libgcrypt 1.9 for gpg.

gniibe claimed this task.Fri, Jul 10, 3:40 AM
gniibe added a comment.EditedFri, Jul 10, 8:19 AM

Besides,

(3) _gcry_ecc_os2ec in libgcrypt/cipher/ecc-misc.c should be modified to support parsing compressed representation.

I think that retrieving a parameter in compressed format is all what we need as per API.

Creating is not that useful - we prefer modern curves anyway.