diff options
| author | Werner Koch <[email protected]> | 2024-04-23 14:25:05 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-04-23 14:25:05 +0000 |
| commit | 32ec480024b306508f77b1ebc720e2587df7b6c3 (patch) | |
| tree | 6422685e59a03228837918c1218075a0e8811a91 | |
| parent | Remove the deprecated gcry_set_log_handler. (diff) | |
| download | gnupg-32ec480024b306508f77b1ebc720e2587df7b6c3.tar.gz gnupg-32ec480024b306508f77b1ebc720e2587df7b6c3.zip | |
gpg: Support encryption with kyber_bp256 and kyber_bp384
* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384.
* g10/pkglue.c (do_encrypt_kem): Ditto.
--
GnuPG-bug-id: 6815
Note, this needs the very latest Libgcrypt to work properly
| -rw-r--r-- | common/openpgp-oid.c | 6 | ||||
| -rw-r--r-- | g10/pkglue.c | 32 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 3 |
3 files changed, 39 insertions, 2 deletions
diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index d54aff3a9..a374904cf 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -65,8 +65,10 @@ static struct { { "NIST P-384", "1.3.132.0.34", 384, "nistp384" }, { "NIST P-521", "1.3.132.0.35", 521, "nistp521" }, - { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 256, NULL, "bp256" }, - { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 384, NULL, "bp384" }, + { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 256, NULL, "bp256", + 0, GCRY_KEM_RAW_BP256 }, + { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 384, NULL, "bp384", + 0, GCRY_KEM_RAW_BP384 }, { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 512, NULL, "bp512" }, { "secp256k1", "1.3.132.0.10", 256 }, diff --git a/g10/pkglue.c b/g10/pkglue.c index fb39d5ba8..170a1c54b 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -522,6 +522,38 @@ do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo, ecc_ss_len = 64; ecc_hash_algo = GCRY_MD_SHA3_512; } + else if (ecc_algo == GCRY_KEM_RAW_BP256) + { + ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits); + ecc_pubkey_len = (nbits+7)/8; + if (ecc_pubkey_len != 65) + { + if (opt.verbose) + log_info ("%s: ECC public key length invalid (%zu)\n", + __func__, ecc_pubkey_len); + err = gpg_error (GPG_ERR_INV_DATA); + goto leave; + } + ecc_ct_len = ecc_ecdh_len = 65; + ecc_ss_len = 32; + ecc_hash_algo = GCRY_MD_SHA3_256; + } + else if (ecc_algo == GCRY_KEM_RAW_BP384) + { + ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits); + ecc_pubkey_len = (nbits+7)/8; + if (ecc_pubkey_len != 97) + { + if (opt.verbose) + log_info ("%s: ECC public key length invalid (%zu)\n", + __func__, ecc_pubkey_len); + err = gpg_error (GPG_ERR_INV_DATA); + goto leave; + } + ecc_ct_len = ecc_ecdh_len = 97; + ecc_ss_len = 64; + ecc_hash_algo = GCRY_MD_SHA3_512; + } else { if (opt.verbose) diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 470525a95..563077803 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -457,6 +457,9 @@ get_it (ctrl_t ctrl, log_info (_("WARNING: cipher algorithm %s not found in recipient" " preferences\n"), openpgp_cipher_algo_name (dek->algo)); + /* if (!err && 25519 && openpgp_oidbuf_is_ed25519 (curve, len)) */ + /* log_info ("Note: legacy OID was used for cv25519\n"); */ + if (!err) { kbnode_t k; |