gpg: Some support to allow Kyber decryption.

* g10/call-agent.c (agent_pkdecrypt): Support dual keygrips and switch to KEM mode. * g10/ecdh.c (pk_ecdh_decrypt): Add an extra length check. * g10/keyid.c (do_hash_public_key): Fix Kyber fingerprint computation. * g10/mainproc.c (release_list): Free all 4 data elements. (proc_pubkey_enc): Copy all 4 data elements. * g10/misc.c (openpgp_pk_test_algo2): Map Kyber to KEM. * g10/parse-packet.c (parse_pubkeyenc): Fix Kyber parser. * g10/pubkey-enc.c (get_session_key): Allow Kyber. (get_it): Support Kyber. -- GnuPG-bug-id: 6815
author: Werner Koch <[email protected]> 2024-04-09 09:00:35 +0000
committer: Werner Koch <[email protected]> 2024-04-09 09:01:56 +0000
commit: 52c4b0908043993e266b7d0e3fbf567076f8262d (patch)
tree: 0f1a1a8e423b55234884f878d04f86ce2208be0c /g10/pubkey-enc.c
parent: kbx: Support kyber in the blob parser. (diff)
download: gnupg-52c4b0908043993e266b7d0e3fbf567076f8262d.tar.gz
gnupg-52c4b0908043993e266b7d0e3fbf567076f8262d.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 3e9daa963..873b864b5 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -117,6 +117,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
         {
           if (!(k->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
                 || k->pubkey_algo == PUBKEY_ALGO_ECDH
+                || k->pubkey_algo == PUBKEY_ALGO_KYBER
                 || k->pubkey_algo == PUBKEY_ALGO_RSA
                 || k->pubkey_algo == PUBKEY_ALGO_RSA_E
                 || k->pubkey_algo == PUBKEY_ALGO_ELGAMAL))
@@ -237,6 +238,16 @@ get_it (ctrl_t ctrl,
         err = gcry_sexp_build (&s_data, NULL, "(enc-val(ecdh(s%m)(e%m)))",
                                enc->data[1], enc->data[0]);
     }
+  else if (sk->pubkey_algo == PUBKEY_ALGO_KYBER)
+    {
+      if (!enc->data[0] || !enc->data[1] || !enc->data[2] || !enc->data[3])
+        err = gpg_error (GPG_ERR_BAD_MPI);
+      else
+        err = gcry_sexp_build (&s_data, NULL,
+                               "(enc-val(pqc(e%m)(k%m)(s%m)(fixed-info%s)))",
+                               enc->data[0], enc->data[1], enc->data[3],
+                               "\x1d" /*PUBKEY_ALGO_KYBER*/);
+    }
   else
     err = gpg_error (GPG_ERR_BUG);
 
@@ -249,7 +260,6 @@ get_it (ctrl_t ctrl,
   /* Decrypt. */
   desc = gpg_format_keydesc (ctrl, sk, FORMAT_KEYDESC_NORMAL, 1);
 
-  /*FIXME: Support dual keys.  */
   err = agent_pkdecrypt (NULL, keygrip,
                          desc, sk->keyid, sk->main_keyid, sk->pubkey_algo,
                          s_data, &frame, &nframe, &padding);
author	Werner Koch <[email protected]>	2024-04-09 09:00:35 +0000
committer	Werner Koch <[email protected]>	2024-04-09 09:01:56 +0000
commit	52c4b0908043993e266b7d0e3fbf567076f8262d (patch)
tree	0f1a1a8e423b55234884f878d04f86ce2208be0c /g10/pubkey-enc.c
parent	kbx: Support kyber in the blob parser. (diff)
download	gnupg-52c4b0908043993e266b7d0e3fbf567076f8262d.tar.gz gnupg-52c4b0908043993e266b7d0e3fbf567076f8262d.zip