agent: PKDECRYPT KEM-mode can be used by CMS too.

Signed-off-by: NIIBE Yutaka <[email protected]>

3 files changed, 25 insertions, 12 deletions

diff --git a/agent/agent.h b/agent/agent.h
index 1e3bf82b6..f2e1921d3 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -541,7 +541,7 @@ gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
 gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
                              const unsigned char *ciphertext, size_t ciphertextlen,
                              membuf_t *outbuf, int *r_padding);
-gpg_error_t agent_kem_decap (ctrl_t ctrl, const char *desc_text,
+gpg_error_t agent_kem_decap (ctrl_t ctrl, const char *desc_text, int kemid,
                              const unsigned char *ciphertext, size_t ciphertextlen,
                              membuf_t *outbuf,
                              const unsigned char *option, size_t optionlen);
diff --git a/agent/command.c b/agent/command.c
index e2037dead..49779d71a 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1017,12 +1017,13 @@ cmd_pksign (assuan_context_t ctx, char *line)
 
 
 static const char hlp_pkdecrypt[] =
-  "PKDECRYPT [--kem]\n"
+  "PKDECRYPT [--kem[=<kemid>]\n"
   "\n"
   "Perform the actual decrypt operation.  Input is not\n"
   "sensitive to eavesdropping.\n"
   "If the --kem option is used, decryption is done with the KEM,\n"
-  "inquiring upper-layer option, when needed.";
+  "inquiring upper-layer option, when needed.  KEMID can be\n"
+  "specified with --kem option; valid value is: PGP, or CMS.";
 static gpg_error_t
 cmd_pkdecrypt (assuan_context_t ctx, char *line)
 {
@@ -1032,18 +1033,28 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
   size_t valuelen;
   membuf_t outbuf;
   int padding = -1;
-  int is_kem;
   unsigned char *option = NULL;
   size_t optionlen = 0;
+  const char *p;
+  int kemid = -1;
 
-  is_kem = has_option (line, "--kem");
+  p = has_option_name (line, "--kem");
+  if (p)
+    {
+      kemid = 0;
+      if (*p++ == '=')
+        {
+          if (strcmp (p, "PGP"))
+            kemid = 1;
+        }
+    }
 
   /* First inquire the data to decrypt */
   rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_CIPHERTEXT);
   if (!rc)
     rc = assuan_inquire (ctx, "CIPHERTEXT",
                          &value, &valuelen, MAXLEN_CIPHERTEXT);
-  if (!rc && is_kem)
+  if (!rc && kemid >= 0)
     rc = assuan_inquire (ctx, "OPTION",
                          &option, &optionlen, MAXLEN_CIPHERTEXT); /* FIXME for maxlen? */
   if (rc)
@@ -1051,15 +1062,15 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
 
   init_membuf (&outbuf, 512);
 
-  if (is_kem)
+  if (kemid < 0)
+    rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
+                          value, valuelen, &outbuf, &padding);
+  else
     {
-      rc = agent_kem_decap (ctrl, ctrl->server_local->keydesc,
+      rc = agent_kem_decap (ctrl, ctrl->server_local->keydesc, kemid,
                             value, valuelen, &outbuf, option, optionlen);
       xfree (option);
     }
-  else
-    rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
-                          value, valuelen, &outbuf, &padding);
   xfree (value);
   if (rc)
     clear_outbuf (&outbuf);
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
index a66dd20f7..414d66f07 100644
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@@ -172,7 +172,7 @@ reverse_buffer (unsigned char *buffer, unsigned int length)
 }
 
 gpg_error_t
-agent_kem_decap (ctrl_t ctrl, const char *desc_text,
+agent_kem_decap (ctrl_t ctrl, const char *desc_text, int kemid,
                  const unsigned char *ciphertext, size_t ciphertextlen,
                  membuf_t *outbuf,
                  const unsigned char *option, size_t optionlen)
@@ -182,6 +182,8 @@ agent_kem_decap (ctrl_t ctrl, const char *desc_text,
   gpg_error_t err = 0;
   int no_shadow_info = 0;
 
+  /* IMPLEMENT: check ctrl->have_keygrip1, kem_decap, and call key combiner */
+
   if (!ctrl->have_keygrip)
     {
       log_error ("speculative decryption not yet supported\n");