diff options
| author | NIIBE Yutaka <[email protected]> | 2025-05-13 06:44:05 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2025-05-13 06:44:05 +0000 |
| commit | 309cfb3a4c91421a8f5d2a164b051b2a43055588 (patch) | |
| tree | 0df8b8b659c0a6ee98c93727cf521c22c27b703b | |
| parent | agent: Recover the old behavior with max-cache-ttl=0. (diff) | |
| download | gnupg-309cfb3a4c91421a8f5d2a164b051b2a43055588.tar.gz gnupg-309cfb3a4c91421a8f5d2a164b051b2a43055588.zip | |
agent: Fix ECC key on smartcard for composite KEM with PQC.
* agent/divert-scd.c (agent_card_ecc_kem): Convert binary keygrip to
HEXto call agent_card_pkdecrypt. Handle the case with prefix.
--
GnuPG-bug-id: 7648
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | agent/divert-scd.c | 12 | ||||
| -rw-r--r-- | agent/pkdecrypt.c | 2 |
2 files changed, 9 insertions, 5 deletions
diff --git a/agent/divert-scd.c b/agent/divert-scd.c index 74b2c652b..0172aac04 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -507,21 +507,25 @@ agent_card_ecc_kem (ctrl_t ctrl, const unsigned char *ecc_ct, char *ecdh = NULL; size_t len; int rc; + char hexgrip[41]; - rc = agent_card_pkdecrypt (ctrl, ctrl->keygrip, getpin_cb, ctrl, NULL, + bin2hex (ctrl->keygrip, 20, hexgrip); + rc = agent_card_pkdecrypt (ctrl, hexgrip, getpin_cb, ctrl, NULL, ecc_ct, ecc_point_len, &ecdh, &len, NULL); if (rc) return rc; - if (len != ecc_point_len) + if (len == ecc_point_len) + memcpy (ecc_ecdh, ecdh, len); + else if (len == ecc_point_len + 1 && ecdh[0] == 0x40) /* The prefix */ + memcpy (ecc_ecdh, ecdh + 1, len - 1); + else { if (opt.verbose) log_info ("%s: ECC result length invalid (%zu != %zu)\n", __func__, len, ecc_point_len); return gpg_error (GPG_ERR_INV_DATA); } - else - memcpy (ecc_ecdh, ecdh, len); xfree (ecdh); return err; diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index efaf53098..ad3ac568f 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -538,7 +538,7 @@ ecc_pgp_kem_decrypt (ctrl_t ctrl, gcry_sexp_t s_skey0, s: encrypted session key fixed-info: A buffer with the fixed info. - FIXME: For now, possible keys on smartcard are not supported. + FIXME: For now, possible PQC key on smartcard is not yet supported. */ static gpg_error_t composite_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text, |