diff options
| author | Werner Koch <[email protected]> | 2024-04-11 13:56:21 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-04-11 13:56:21 +0000 |
| commit | 813f8d1b8e4b6c4365f0bd2a5305bdbe1e049d05 (patch) | |
| tree | e8c88bf44d695c7d1e3d8186e52324f9b12c9aaf /g10/seskey.c | |
| parent | agent: Add more diagnostics to PQC decryption. (diff) | |
| download | gnupg-813f8d1b8e4b6c4365f0bd2a5305bdbe1e049d05.tar.gz gnupg-813f8d1b8e4b6c4365f0bd2a5305bdbe1e049d05.zip | |
gpg: Changed internal data format for Kyber.
* g10/packet.h (PKT_pubkey_enc): Add field seskey_algo.
(struct pubkey_enc_list): Ditto.
* g10/misc.c (pubkey_get_nenc): Change value for Kyber from 4 to 3.
* g10/parse-packet.c (parse_pubkeyenc): Store the Kyber algo in the
new field and adjust data. Do not store the length byte in data[2].
* g10/build-packet.c (do_pubkey_enc): Take the session algo for Kyber
from the new field.
* g10/encrypt.c (write_pubkey_enc): Ses the seskey_algo.
* g10/mainproc.c (proc_pubkey_enc): Copy it.
* g10/pubkey-enc.c (get_it): Support Kyber decryption.
* g10/seskey.c (encode_session_key): Handle Kyber different from ECDH.
--
Having always the single byte in the packet data than to store and
retrieve it from an MPI is much easier. Thus this patch changes the
original internal format. With this chnages decryption of the slighly
modified test data works now. See the bug tracker for test data.
GnuPG-bug-id: 6815
Diffstat (limited to 'g10/seskey.c')
| -rw-r--r-- | g10/seskey.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/g10/seskey.c b/g10/seskey.c index e5397080d..2fe8e9de7 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -86,15 +86,29 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits) if (DBG_CRYPTO) log_debug ("encode_session_key: encoding %d byte DEK", dek->keylen); + if (openpgp_pk_algo == PUBKEY_ALGO_KYBER) + { + /* Straightforward encoding w/o extra checksum as used by ECDH. */ + nframe = dek->keylen; + log_assert (nframe > 4); /*(for the log_debug)*/ + frame = xmalloc_secure (nframe); + memcpy (frame, dek->key, nframe); + if (DBG_CRYPTO) + log_debug ("encode_session_key: " + "[%d] %02x %02x %02x ... %02x %02x %02x\n", + (int) dek->keylen, frame[0], frame[1], frame[2], + frame[nframe-3], frame[nframe-2], frame[nframe-1]); + + return gcry_mpi_set_opaque (NULL, frame, 8*nframe); + } + csum = 0; for (p = dek->key, i=0; i < dek->keylen; i++) csum += *p++; /* Shortcut for ECDH. It's padding is minimal to simply make the output be a multiple of 8 bytes. */ - /* FIXME: We use the ECDH also for Kyber for now. */ - if (openpgp_pk_algo == PUBKEY_ALGO_ECDH - || openpgp_pk_algo == PUBKEY_ALGO_KYBER) + if (openpgp_pk_algo == PUBKEY_ALGO_ECDH) { /* Pad to 8 byte granularity; the padding byte is the number of * padded bytes. |