From d185519693055b1f836f2412f6751b731a598336 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Mon, 24 Oct 2022 09:43:01 +0200
Subject: [PATCH 1/3] Fix curve25519 endianness

GPG doesn't exactly implement X25519, because it stores ECC scalars in
Big-Endian format when the standardised X25519 operates with little endian scalars
Therfore we need to reverse the endianness of the private key on key import.

This also highlight that the gpg-import test for X25519 was incorrect because
the key import failed silently
---
 src/command/private_key_template.rs | 20 +++++++++++++++++++-
 tests/crypto-gpg-import.rs          | 29 ++++++++++++++++++-----------
 2 files changed, 37 insertions(+), 12 deletions(-)

diff --git a/src/command/private_key_template.rs b/src/command/private_key_template.rs
index 8f13b8c..6622fbf 100644
--- a/src/command/private_key_template.rs
+++ b/src/command/private_key_template.rs
@@ -128,9 +128,27 @@ fn put_ec<const R: usize, T: trussed::Client>(
         Status::IncorrectDataParameter
     })?;
 
+    // GPG stores scalars as big endian when X25519 specifies them to be little endian
+    // See https://lists.gnupg.org/pipermail/gnupg-devel/2018-February/033437.html
+    let mut data: [u8; 32];
+    let message;
+    if matches!(curve, CurveAlgo::X255) {
+        data = private_key_data.try_into().map_err(|_| {
+            warn!(
+                "Bad private key length for x25519: {}",
+                private_key_data.len()
+            );
+            Status::IncorrectDataParameter
+        })?;
+        data.reverse();
+        message = data.as_slice();
+    } else {
+        message = private_key_data;
+    }
+
     let key = try_syscall!(ctx.backend.client_mut().unsafe_inject_key(
         curve.mechanism(),
-        private_key_data,
+        message,
         Location::Internal,
         KeySerialization::Raw
     ))
diff --git a/tests/crypto-gpg-import.rs b/tests/crypto-gpg-import.rs
index 0f66415..601f160 100644
--- a/tests/crypto-gpg-import.rs
+++ b/tests/crypto-gpg-import.rs
@@ -187,17 +187,24 @@ fn gpg_255() {
         let custom2 = format!(r"{temp_name} \(no comment\) <{temp_email}>");
         gnupg_test(
             &[DEFAULT_PW1],
-            &[vec![
-                r"\[GNUPG:\] ENC_TO [a-fA-F0-9]{16} \d* \d*",
-                r"\[GNUPG:\] DECRYPTION_KEY [a-fA-F0-9]{40} [a-fA-F0-9]{40} u",
-                r"\[GNUPG:\] BEGIN_DECRYPTION",
-                r"\[GNUPG:\] DECRYPTION_INFO \d \d \d",
-                r"\[GNUPG:\] PLAINTEXT \d* \d* Cargo.toml",
-                r"\[GNUPG:\] PLAINTEXT_LENGTH \d*",
-                r"\[GNUPG:\] DECRYPTION_OKAY",
-                r"\[GNUPG:\] GOODMDC",
-                r"\[GNUPG:\] END_DECRYPTION",
-            ]]
+            &[
+                vec![
+                    r"\[GNUPG:\] ENC_TO [a-fA-F0-9]{16} \d* \d*",
+                    &custom1,
+                    r"\[GNUPG:\] NEED_PASSPHRASE [a-fA-F0-9]{16} [a-fA-F0-9]{16} 18 0",
+                ],
+                virt::gpg_inquire_pin(),
+                vec![
+                    r"\[GNUPG:\] DECRYPTION_KEY [a-fA-F0-9]{40} [a-fA-F0-9]{40} u",
+                    r"\[GNUPG:\] BEGIN_DECRYPTION",
+                    r"\[GNUPG:\] DECRYPTION_INFO \d \d \d",
+                    r"\[GNUPG:\] PLAINTEXT \d* \d* Cargo.toml",
+                    r"\[GNUPG:\] PLAINTEXT_LENGTH \d*",
+                    r"\[GNUPG:\] DECRYPTION_OKAY",
+                    r"\[GNUPG:\] GOODMDC",
+                    r"\[GNUPG:\] END_DECRYPTION",
+                ],
+            ]
             .into_iter()
             .flatten()
             .collect::<Vec<&str>>(),

From b9191a1f47836c3f08c3bb11426b9f5dd05f13f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Mon, 24 Oct 2022 10:01:47 +0200
Subject: [PATCH 2/3] Update changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d70a71..89b96ea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,12 +17,14 @@ SPDX-License-Identifier: CC0-1.0
 
 - Fix the length of the Digital signature counter DO 0x93 ([#76][])
 - PSO:CDS: Increment the signature counter ([#78][])
+- Fix endianness of curve25519 key impor([#89][])
 
 [#64]: https://github.com/Nitrokey/opcard-rs/pull/64
 [#60]: https://github.com/Nitrokey/opcard-rs/pull/60
 [#63]: https://github.com/Nitrokey/opcard-rs/pull/63
 [#76]: https://github.com/Nitrokey/opcard-rs/pull/76
 [#78]: https://github.com/Nitrokey/opcard-rs/pull/78
+[#89]: https://github.com/Nitrokey/opcard-rs/pull/89
 
 ## v0.1.0 (2022-10-12)
 

From d8c32fb13e3c0557fe7c01b62f3548fa882402ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= <sosthene@nitrokey.com>
Date: Wed, 2 Nov 2022 11:48:56 +0100
Subject: [PATCH 3/3] Fix typo

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 89b96ea..efce126 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,7 +17,7 @@ SPDX-License-Identifier: CC0-1.0
 
 - Fix the length of the Digital signature counter DO 0x93 ([#76][])
 - PSO:CDS: Increment the signature counter ([#78][])
-- Fix endianness of curve25519 key impor([#89][])
+- Fix endianness of curve25519 key import([#89][])
 
 [#64]: https://github.com/Nitrokey/opcard-rs/pull/64
 [#60]: https://github.com/Nitrokey/opcard-rs/pull/60