From bc9681e7b0a054246715e23352bf1d4f02244d8f Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Mon, 12 May 2025 16:06:37 +0200
Subject: [PATCH] Add support for EdDSA with Ed448 curve.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/openpgp/do.c      | 28 ++++++++++++++--------------
 src/openpgp/do.h      |  3 +++
 src/openpgp/openpgp.c |  9 ++++++---
 3 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/src/openpgp/do.c b/src/openpgp/do.c
index 0f76bc0..470d952 100644
--- a/src/openpgp/do.c
+++ b/src/openpgp/do.c
@@ -174,20 +174,6 @@ int parse_pw_status(const file_t *f, int mode) {
     return res_APDU_size - init_len;
 }
 
-#define ALGO_RSA_1K     0
-#define ALGO_RSA_2k     1
-#define ALGO_RSA_3K     2
-#define ALGO_RSA_4K     3
-#define ALGO_X448       4
-#define ALGO_P256K1     5
-#define ALGO_P256R1     6
-#define ALGO_P384R1     7
-#define ALGO_P521R1     8
-#define ALGO_BP256R1    9
-#define ALGO_BP384R1    10
-#define ALGO_BP512R1    11
-#define ALGO_CV22519    12
-
 const uint8_t algorithm_attr_x448[] = {
     4,
     ALGO_ECDH,
@@ -275,12 +261,20 @@ const uint8_t algorithm_attr_cv25519[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01
 };
 
+#ifdef MBEDTLS_EDDSA_C
 const uint8_t algorithm_attr_ed25519[] = {
     10,
     ALGO_EDDSA,
     0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01
 };
 
+const uint8_t algorithm_attr_ed448[] = {
+    4,
+    ALGO_EDDSA,
+    0x2b, 0x65, 0x71
+};
+#endif
+
 int parse_algo(const uint8_t *algo, uint16_t tag) {
     res_APDU[res_APDU_size++] = tag & 0xff;
     memcpy(res_APDU + res_APDU_size, algo, algo[0] + 1);
@@ -306,7 +300,10 @@ int parse_algoinfo(const file_t *f, int mode) {
         datalen += parse_algo(algorithm_attr_bp256r1, EF_ALGO_SIG);
         datalen += parse_algo(algorithm_attr_bp384r1, EF_ALGO_SIG);
         datalen += parse_algo(algorithm_attr_bp512r1, EF_ALGO_SIG);
+#ifdef MBEDTLS_EDDSA_C
         datalen += parse_algo(algorithm_attr_ed25519, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_ed448, EF_ALGO_SIG);
+#endif
 
         datalen += parse_algo(algorithm_attr_rsa1k, EF_ALGO_DEC);
         datalen += parse_algo(algorithm_attr_rsa2k, EF_ALGO_DEC);
@@ -333,7 +330,10 @@ int parse_algoinfo(const file_t *f, int mode) {
         datalen += parse_algo(algorithm_attr_bp256r1, EF_ALGO_AUT);
         datalen += parse_algo(algorithm_attr_bp384r1, EF_ALGO_AUT);
         datalen += parse_algo(algorithm_attr_bp512r1, EF_ALGO_AUT);
+#ifdef MBEDTLS_EDDSA_C
         datalen += parse_algo(algorithm_attr_ed25519, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_ed448, EF_ALGO_AUT);
+#endif
         uint16_t lpdif = res_APDU + res_APDU_size - lp - 2;
         *lp++ = lpdif >> 8;
         *lp++ = lpdif & 0xff;
diff --git a/src/openpgp/do.h b/src/openpgp/do.h
index d340fdb..3e2a494 100644
--- a/src/openpgp/do.h
+++ b/src/openpgp/do.h
@@ -26,4 +26,7 @@ extern const uint8_t algorithm_attr_cv25519[];
 extern const uint8_t algorithm_attr_x448[];
 extern const uint8_t algorithm_attr_rsa2k[];
 extern const uint8_t algorithm_attr_rsa4096[];
+#ifdef MBEDTLS_EDDSA_C
 extern const uint8_t algorithm_attr_ed25519[];
+extern const uint8_t algorithm_attr_ed448[];
+#endif
diff --git a/src/openpgp/openpgp.c b/src/openpgp/openpgp.c
index adfc157..3bc50ba 100644
--- a/src/openpgp/openpgp.c
+++ b/src/openpgp/openpgp.c
@@ -574,7 +574,7 @@ int load_private_key_ecdsa(mbedtls_ecp_keypair *ctx, file_t *fkey, bool use_dek)
     }
     mbedtls_platform_zeroize(kdata, sizeof(kdata));
 #ifdef MBEDTLS_EDDSA_C
-    if (ctx->grp.id == MBEDTLS_ECP_DP_ED25519) {
+    if (ctx->grp.id == MBEDTLS_ECP_DP_ED25519 || ctx->grp.id == MBEDTLS_ECP_DP_ED448) {
         r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL);
     }
     else
@@ -630,6 +630,9 @@ mbedtls_ecp_group_id get_ec_group_id_from_attr(const uint8_t *algo, size_t algo_
     else if (memcmp(algorithm_attr_ed25519 + 2, algo, algo_len) == 0) {
         return MBEDTLS_ECP_DP_ED25519;
     }
+    else if (memcmp(algorithm_attr_ed448 + 2, algo, algo_len) == 0) {
+        return MBEDTLS_ECP_DP_ED448;
+    }
 #endif
     return MBEDTLS_ECP_DP_NONE;
 }
@@ -750,8 +753,8 @@ int ecdsa_sign(mbedtls_ecp_keypair *ctx,
 
     int r = 0;
 #ifdef MBEDTLS_EDDSA_C
-    if (ctx->grp.id == MBEDTLS_ECP_DP_ED25519) {
-        r = mbedtls_eddsa_write_signature(ctx, data, data_len, out, 64, out_len, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
+    if (ctx->grp.id == MBEDTLS_ECP_DP_ED25519 || ctx->grp.id == MBEDTLS_ECP_DP_ED448) {
+           r = mbedtls_eddsa_write_signature(ctx, data, data_len, out, 114, out_len, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
     }
     else
 #endif