gpg: Some support to allow Kyber decryption.

* g10/call-agent.c (agent_pkdecrypt): Support dual keygrips and switch
to KEM mode.
* g10/ecdh.c (pk_ecdh_decrypt): Add an extra length check.
* g10/keyid.c (do_hash_public_key): Fix Kyber fingerprint computation.

* g10/mainproc.c (release_list): Free all 4 data elements.
(proc_pubkey_enc): Copy all 4 data elements.
* g10/misc.c (openpgp_pk_test_algo2): Map Kyber to KEM.

* g10/parse-packet.c (parse_pubkeyenc): Fix Kyber parser.
* g10/pubkey-enc.c (get_session_key): Allow Kyber.
(get_it): Support Kyber.
--

GnuPG-bug-id: 6815

1 files changed, 9 insertions, 3 deletions

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 2163787cb..c55bb1b71 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1444,6 +1444,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
 }
 
 
+/* Parse a public key encrypted packet (Tag 1).  */
 static int
 parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
 		 PACKET * packet)
@@ -1514,9 +1515,14 @@ parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     {
       log_assert (ndata == 4);
       /* Get the ephemeral public key.  */
-      rc = read_octet_string (inp, &pktlen, 4, 0, 0, k->data + 0);
-      if (rc)
-        goto leave;
+      n = pktlen;
+      k->data[0] = sos_read (inp, &n, 0);
+      pktlen -= n;
+      if (!k->data[0])
+        {
+          rc = gpg_error (GPG_ERR_INV_PACKET);
+          goto leave;
+        }
       /* Get the Kyber ciphertext.  */
       rc = read_octet_string (inp, &pktlen, 4, 0, 0, k->data + 1);
       if (rc)