security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Code Activity
62384ba556
gnupg/agent/pkdecrypt.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

824 lines
22 KiB
C
Raw Normal View History

Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
/* pkdecrypt.c - public key decryption (well, actually using a secret key)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
*/
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <sys/stat.h>
#include "agent.h"
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
#include "../common/openpgpdefs.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
Require Libgcrypt 1.11.0 * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0 * agent/pkdecrypt.c (struct ecc_params): Move constants to the top. -- It does not make anymore sense to allow building with older Libgcrypt versions. After all PQ key support is a major feature and for this we need Libgcrypt.
2024-04-23 11:09:40 +02:00
/* Table with parameters for KEM decryption. Use get_ecc_parms to
* find an entry. */
struct ecc_params
{
const char *curve; /* Canonical name of the curve. */
size_t pubkey_len; /* Pubkey in the SEXP representation. */
size_t scalar_len;
size_t point_len;
size_t shared_len;
int hash_algo;
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
int kem_algo;
Require Libgcrypt 1.11.0 * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0 * agent/pkdecrypt.c (struct ecc_params): Move constants to the top. -- It does not make anymore sense to allow building with older Libgcrypt versions. After all PQ key support is a major feature and for this we need Libgcrypt.
2024-04-23 11:09:40 +02:00
int scalar_reverse;
};
static const struct ecc_params ecc_table[] =
{
{
"Curve25519",
33, 32, 32, 32,
GCRY_MD_SHA3_256, GCRY_KEM_RAW_X25519,
1
},
{
"X448",
56, 56, 56, 64,
GCRY_MD_SHA3_512, GCRY_KEM_RAW_X448,
0
},
{
"brainpoolP256r1",
65, 32, 65, 32,
GCRY_MD_SHA3_256, GCRY_KEM_RAW_BP256,
0
},
{
"brainpoolP384r1",
97, 48, 97, 64,
GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP384,
0
},
gpg: Support Kyber with Brainpool512r1. * common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512. * agent/pkdecrypt.c (ecc_table): Support bp512 * g10/pkglue.c (do_encrypt_kem): Ditto. * tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384, and bp512. * tests/openpgp/privkeys: Add corresponding private keys. * tests/openpgp/samplemsgs: Add sample messages for those keys. -- GnuPG-bug-id: 6815
2024-04-23 17:40:27 +02:00
{
"brainpoolP512r1",
129, 64, 129, 64,
GCRY_MD_SHA3_512, GCRY_KEM_RAW_BP512,
0
},
Require Libgcrypt 1.11.0 * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0 * agent/pkdecrypt.c (struct ecc_params): Move constants to the top. -- It does not make anymore sense to allow building with older Libgcrypt versions. After all PQ key support is a major feature and for this we need Libgcrypt.
2024-04-23 11:09:40 +02:00
{ NULL, 0, 0, 0, 0, 0, 0, 0 }
};
/* Maximum buffer sizes required for ECC KEM. Keep this aligned to
* the ecc_table above. */
#define ECC_SCALAR_LEN_MAX 64
#define ECC_POINT_LEN_MAX (1+2*64)
#define ECC_HASH_LEN_MAX 64
/* Return the ECC parameters for CURVE. CURVE is expected to be the
* canonical name. */
static const struct ecc_params *
get_ecc_params (const char *curve)
{
int i;
for (i = 0; ecc_table[i].curve; i++)
if (!strcmp (ecc_table[i].curve, curve))
return &ecc_table[i];
return NULL;
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
/* DECRYPT the stuff in ciphertext which is expected to be a S-Exp.
Try to get the key from CTRL and write the decoded stuff back to
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
OUTFP. The padding information is stored at R_PADDING with -1
for not known. */
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
gpg_error_t
The big Assuan error code removal.
2006-09-06 18:35:52 +02:00
agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
* command.c (cmd_setkeydesc): New. (register_commands): Add command SETKEYDESC. (cmd_pksign, cmd_pkdecrypt): Use the key description. (reset_notify): Reset the description. * findkey.c (unprotect): Add arg DESC_TEXT. (agent_key_from_file): Ditto. * pksign.c (agent_pksign): Ditto. * pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an unsigned char*.
2004-02-13 18:06:34 +01:00
const unsigned char *ciphertext, size_t ciphertextlen,
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
membuf_t *outbuf, int *r_padding)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
{
gcry_sexp_t s_skey = NULL, s_cipher = NULL, s_plain = NULL;
unsigned char *shadow_info = NULL;
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
gpg_error_t err = 0;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
char *buf = NULL;
size_t len;
gpg: Make decryption with the OpenPGP card work. * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. * scd/app-openpgp.c (do_decipher): Add arg R_INFO. * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. * scd/app.c (app_decipher): Add arg R_INFO. * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". * agent/call-scd.c (padding_info_cb): New. (agent_card_pkdecrypt): Add arg R_PADDING. * agent/divert-scd.c (divert_pkdecrypt): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". * g10/call-agent.c (padding_info_cb): New. (agent_pkdecrypt): Add arg R_PADDING. * g10/pubkey-enc.c (get_it): Use padding info. -- Decryption using a card never worked in gpg 2.1 because the information whether the pkcs#1 padding needs to be removed was not available. Gpg < 2.1 too this info from the secret sub key but that has gone in 2.1. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-26 17:29:54 +02:00
*r_padding = -1;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
if (!ctrl->have_keygrip)
{
log_error ("speculative decryption not yet supported\n");
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
err = gpg_error (GPG_ERR_NO_SECKEY);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
goto leave;
}
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
err = gcry_sexp_sscan (&s_cipher, NULL, (char*)ciphertext, ciphertextlen);
if (err)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
{
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
log_error ("failed to convert ciphertext: %s\n", gpg_strerror (err));
err = gpg_error (GPG_ERR_INV_DATA);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
goto leave;
}
if (DBG_CRYPTO)
{
Use the gpgrt log functions if possible. * common/logging.c: Do not build any code if we can use the gpgrt_log functions. (log_logv_with_prefix): Rename to log_logv_prefix and change order of args so that this function matches its printf like counterpart gpgrt_logv_prefix. Change all callers. (log_debug_with_string): Rename to log_debug_string. Change all callers. (log_printhex): Move first arg to end so that this function matches its printf like counterpart gpgrt_log_printhex. Change all callers. * common/logging.h: Divert to gpgrt/libgpg-error if we can use the gpgrt_log functions. (bug_at): Add inline versions if we can use the gpgrt_log functions. * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM. (mycflags): Add -Wno-format-zero-length. -- This patch enables the use of the log function from libgpgrt (aka libgpg-error). Instead of checking a version number, we enable them depending on macros set by recent gpg-error versions. Eventually the whole divert stuff can be removed. The -Wno-format-zero-length is required because log_printhex can be called with an empty format string. Note that this is fully specified standard C behaviour. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
log_printhex (ctrl->keygrip, 20, "keygrip:");
log_printhex (ciphertext, ciphertextlen, "cipher: ");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
}
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
err = agent_key_from_file (ctrl, NULL, desc_text,
agent: Supply GRIP=NULL for agent_key_from_file, for real use. * agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-19 07:04:33 +02:00
NULL, &shadow_info,
agent: Use "Created:" field for creation time. * agent/agent.h (agent_key_from_file): Change the declaration. * agent/findkey.c (agent_key_from_file): Return timestamp. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change. * agent/pksign.c (agent_pkdecrypt): Likewise. * agent/command.c (cmd_passwd, cmd_export_key): Likewise. (cmd_keytocard): Use timestamp in private key file in "Created:". -- GnuPG-bug-id: 5538 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-25 06:10:46 +01:00
CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL);
agent: Simplify diverting operation to the smartcard. * agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 07:01:41 +02:00
if (err && gpg_err_code (err) != GPG_ERR_NO_SECKEY)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
{
agent: Show "no secret key" instead of "card removed". * agent/findkey.c (agent_key_from_file): Check the error of read_key_file again. * agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was found. Also remove useless condition. -- The first patch fixes a likely merge error. The second is about the actual return code: If we have no smardcard but simply try to decrypt with the current smartcard we should return the originla error code. GnuPG-bug-id: 5170 Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
2023-03-01 16:49:40 +01:00
log_error ("failed to read the secret key\n");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
}
agent: Simplify diverting operation to the smartcard. * agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 07:01:41 +02:00
else if (shadow_info
|| err /* gpg_err_code (err) == GPG_ERR_NO_SECKEY */)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
{ /* divert operation to the smartcard */
if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL))
{
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
err = gpg_error (GPG_ERR_INV_SEXP);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
goto leave;
}
agent: Show "no secret key" instead of "card removed". * agent/findkey.c (agent_key_from_file): Check the error of read_key_file again. * agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was found. Also remove useless condition. -- The first patch fixes a likely merge error. The second is about the actual return code: If we have no smardcard but simply try to decrypt with the current smartcard we should return the originla error code. GnuPG-bug-id: 5170 Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
2023-03-01 16:49:40 +01:00
if (s_skey && agent_is_tpm2_key (s_skey))
agent: Move confirmation handling into findkey.c. * agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API. (divert_pksign, divert_pkdecrypt): Likewise. * agent/divert-scd.c (ask_for_card): Remove. (divert_pksign, divert_pkdecrypt): Don't call ask_for_card. * agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Remove DESC_TEXT argument. * agent/findkey.c (prompt_for_card): New (was: ask_for_card). (agent_key_from_file): Call prompt_for_card when it's a key on card. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API. * agent/pksign.c (agent_pksign_do): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 06:43:08 +02:00
err = divert_tpm2_pkdecrypt (ctrl, ciphertext, shadow_info,
agent: Add new shadow key type and functions to call tpm2daemon * agent/call-tpm2d.c: New. * divert-tpm2.c: New. * agent/Makefile.am: Add new files. * agent/agent.h (DAEMON_TPM2D): New. Add stub fucntions. * agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New. * agent/command.c (do_one_keyinfo): Handle tpmv2. * agent/gpg-agent.c (oTpm2daemonProgram): New. (opts): New option --tpm2daemon-program. (parse_rereadable_options): Handle option. * agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d. (agent_pksign_do): Ditto. --- A new shadow key type: "tpm2-v1" is introduced signalling that the shadowed key is handled by the tpm2daemon. A function to identify this type is introduced and diversions to the tpm2daemon functions are conditioned on this function for pkign and pkdecrypt where the same diversions to scd are currently done. The (info) field of the shadowed key stores the actual TPM key. The TPM key is encrypted so only the physical TPM it was created on can read it (so no special protection is required for the info filed), but if the (info) field becomes corrupt or damaged, the key will be lost (unlike the token case, where the key is actually moved inside the token). Note, this commit adds handling for existing TPM format shadow keys, but there is still no way to create them. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Additional changes: * Add ChangeLog entries. * Some minor indentation fixes. * agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck work. * agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an gpg_error_t. Mark args as unused. * agent/protect.c (agent_is_tpm2_key): Free BUF. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-09 22:50:29 +01:00
&buf, &len, r_padding);
else
agent: Move confirmation handling into findkey.c. * agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API. (divert_pksign, divert_pkdecrypt): Likewise. * agent/divert-scd.c (ask_for_card): Remove. (divert_pksign, divert_pkdecrypt): Don't call ask_for_card. * agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Remove DESC_TEXT argument. * agent/findkey.c (prompt_for_card): New (was: ask_for_card). (agent_key_from_file): Call prompt_for_card when it's a key on card. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API. * agent/pksign.c (agent_pksign_do): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 06:43:08 +02:00
err = divert_pkdecrypt (ctrl, ctrl->keygrip, ciphertext,
&buf, &len, r_padding);
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
if (err)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
{
agent: Simplify diverting operation to the smartcard. * agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 07:01:41 +02:00
/* We restore the original error (ie. no seckey) as no card
agent: Show "no secret key" instead of "card removed". * agent/findkey.c (agent_key_from_file): Check the error of read_key_file again. * agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was found. Also remove useless condition. -- The first patch fixes a likely merge error. The second is about the actual return code: If we have no smardcard but simply try to decrypt with the current smartcard we should return the originla error code. GnuPG-bug-id: 5170 Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
2023-03-01 16:49:40 +01:00
* has been found and we have no shadow key. This avoids a
* surprising "card removed" error code. */
if ((gpg_err_code (err) == GPG_ERR_CARD_REMOVED
|| gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
agent: Simplify diverting operation to the smartcard. * agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 07:01:41 +02:00
&& !shadow_info)
agent: Show "no secret key" instead of "card removed". * agent/findkey.c (agent_key_from_file): Check the error of read_key_file again. * agent/pkdecrypt.c (agent_pkdecrypt): Restore error if no card was found. Also remove useless condition. -- The first patch fixes a likely merge error. The second is about the actual return code: If we have no smardcard but simply try to decrypt with the current smartcard we should return the originla error code. GnuPG-bug-id: 5170 Fixes-commit: eda3c688fc2e85c7cd63029cb9caf06552d203b4
2023-03-01 16:49:40 +01:00
err = gpg_error (GPG_ERR_NO_SECKEY);
else
log_error ("smartcard decryption failed: %s\n", gpg_strerror (err));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
goto leave;
}
See ChangeLogs
2006-08-29 18:18:30 +02:00
agent: Replace some sprintf. * agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex. * agent/command-ssh.c (ssh_identity_register): Ditto. * agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by put_membuf_printf. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-02 14:13:53 +01:00
put_membuf_printf (outbuf, "(5:value%u:", (unsigned int)len);
put_membuf (outbuf, buf, len);
put_membuf (outbuf, ")", 2);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
}
else
* findkey.c (agent_key_from_file): Extra paranoid wipe. * protect.c (agent_unprotect): Ditto. (merge_lists): Ditto. Add arg RESULTLEN. * pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in debug mode. * protect.c: Add DSA and Elgamal description.
2004-02-03 17:24:37 +01:00
{ /* No smartcard, but a private key */
/* if (DBG_CRYPTO ) */
/* { */
/* log_debug ("skey: "); */
/* gcry_sexp_dump (s_skey); */
/* } */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
err = gcry_pk_decrypt (&s_plain, s_cipher, s_skey);
if (err)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
{
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
log_error ("decryption failed: %s\n", gpg_strerror (err));
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
goto leave;
}
if (DBG_CRYPTO)
{
log_debug ("plain: ");
gcry_sexp_dump (s_plain);
}
len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, NULL, 0);
agent: Replace most assert by log_assert. --
2019-05-14 10:31:46 +02:00
log_assert (len);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
buf = xmalloc (len);
len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len);
agent: Replace most assert by log_assert. --
2019-05-14 10:31:46 +02:00
log_assert (len);
See ChangeLogs
2006-08-29 18:18:30 +02:00
if (*buf == '(')
put_membuf (outbuf, buf, len);
else
{
/* Old style libgcrypt: This is only an S-expression
part. Turn it into a complete S-expression. */
put_membuf (outbuf, "(5:value", 8);
put_membuf (outbuf, buf, len);
put_membuf (outbuf, ")", 2);
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
leave:
gcry_sexp_release (s_skey);
gcry_sexp_release (s_plain);
gcry_sexp_release (s_cipher);
xfree (buf);
xfree (shadow_info);
agent: Clean up the API of agent_pkdecrypt. * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type. * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-08 07:06:33 +01:00
return err;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-08-05 19:11:04 +02:00
}
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
/* Reverse BUFFER to change the endianness. */
static void
reverse_buffer (unsigned char *buffer, unsigned int length)
{
unsigned int tmp, i;
for (i=0; i < length/2; i++)
{
tmp = buffer[i];
buffer[i] = buffer[length-1-i];
buffer[length-1-i] = tmp;
}
}
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
static gpg_error_t
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
ecc_extract_pk_from_key (const struct ecc_params *ecc, gcry_sexp_t s_skey,
unsigned char *ecc_pk)
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
{
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
gpg_error_t err;
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
unsigned int nbits;
const unsigned char *p;
size_t len;
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
gcry_mpi_t ecc_pk_mpi = NULL;
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
err = gcry_sexp_extract_param (s_skey, NULL, "/q", &ecc_pk_mpi, NULL);
agent:kem: Externalize FIXED_INFO. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 05:52:13 +02:00
if (err)
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
{
if (opt.verbose)
log_info ("%s: extracting q and d from ECC key failed\n", __func__);
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
return err;
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
}
agent:kem: Externalize FIXED_INFO. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 05:52:13 +02:00
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
p = gcry_mpi_get_opaque (ecc_pk_mpi, &nbits);
len = (nbits+7)/8;
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
if (len != ecc->pubkey_len)
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
{
if (opt.verbose)
log_info ("%s: ECC public key length invalid (%zu)\n", __func__, len);
err = gpg_error (GPG_ERR_INV_DATA);
goto leave;
}
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
else if (len == ecc->point_len)
memcpy (ecc_pk, p, ecc->point_len);
else if (len == ecc->point_len + 1 && p[0] == 0x40)
/* Remove the 0x40 prefix (for Curve25519) */
memcpy (ecc_pk, p+1, ecc->point_len);
else
{
err = gpg_error (GPG_ERR_BAD_SECKEY);
goto leave;
}
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
if (DBG_CRYPTO)
log_printhex (ecc_pk, ecc->pubkey_len, "ECC pubkey:");
leave:
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
mpi_release (ecc_pk_mpi);
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
return err;
}
static gpg_error_t
ecc_extract_sk_from_key (const struct ecc_params *ecc, gcry_sexp_t s_skey,
unsigned char *ecc_sk)
{
gpg_error_t err;
unsigned int nbits;
const unsigned char *p;
size_t len;
gcry_mpi_t ecc_sk_mpi = NULL;
err = gcry_sexp_extract_param (s_skey, NULL, "/d", &ecc_sk_mpi, NULL);
if (err)
{
if (opt.verbose)
log_info ("%s: extracting d from ECC key failed\n", __func__);
return err;
}
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
p = gcry_mpi_get_opaque (ecc_sk_mpi, &nbits);
len = (nbits+7)/8;
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
if (len > ecc->scalar_len)
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
{
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
if (opt.verbose)
log_info ("%s: ECC secret key too long (%zu)\n", __func__, len);
agent:kem: Externalize FIXED_INFO. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 05:52:13 +02:00
err = gpg_error (GPG_ERR_INV_DATA);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
goto leave;
}
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
memset (ecc_sk, 0, ecc->scalar_len - len);
memcpy (ecc_sk + ecc->scalar_len - len, p, len);
if (ecc->scalar_reverse)
reverse_buffer (ecc_sk, ecc->scalar_len);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
mpi_release (ecc_sk_mpi);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
ecc_sk_mpi = NULL;
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
if (DBG_CRYPTO)
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
log_printhex (ecc_sk, ecc->scalar_len, "ECC seckey:");
leave:
mpi_release (ecc_sk_mpi);
return err;
}
static gpg_error_t
ecc_raw_kem (const struct ecc_params *ecc, gcry_sexp_t s_skey,
const unsigned char *ecc_ct, unsigned char *ecc_ecdh)
{
gpg_error_t err = 0;
unsigned char ecc_sk[ECC_SCALAR_LEN_MAX];
if (ecc->scalar_len > ECC_SCALAR_LEN_MAX)
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
{
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
if (opt.verbose)
log_info ("%s: ECC scalar length invalid (%zu)\n",
__func__, ecc->scalar_len);
err = gpg_error (GPG_ERR_INV_DATA);
goto leave;
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
}
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
err = ecc_extract_sk_from_key (ecc, s_skey, ecc_sk);
if (err)
goto leave;
err = gcry_kem_decap (ecc->kem_algo, ecc_sk, ecc->scalar_len,
ecc_ct, ecc->point_len, ecc_ecdh, ecc->point_len,
NULL, 0);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
if (err)
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
{
if (opt.verbose)
log_info ("%s: gcry_kem_decap for ECC failed\n", __func__);
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
}
leave:
wipememory (ecc_sk, sizeof ecc_sk);
return err;
}
static gpg_error_t
get_cardkey (ctrl_t ctrl, const char *keygrip, gcry_sexp_t *r_s_pk)
{
gpg_error_t err;
unsigned char *pkbuf;
size_t pkbuflen;
err = agent_card_readkey (ctrl, keygrip, &pkbuf, NULL);
if (err)
return err;
pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
err = gcry_sexp_sscan (r_s_pk, NULL, (char*)pkbuf, pkbuflen);
if (err)
log_error ("failed to build S-Exp from received card key: %s\n",
gpg_strerror (err));
xfree (pkbuf);
return err;
}
static gpg_error_t
ecc_get_curve (ctrl_t ctrl, gcry_sexp_t s_skey, const char **r_curve)
{
gpg_error_t err = 0;
gcry_sexp_t s_skey_card = NULL;
const char *curve = NULL;
gcry_sexp_t key;
*r_curve = NULL;
if (!s_skey)
{
err = get_cardkey (ctrl, ctrl->keygrip, &s_skey_card);
if (err)
goto leave;
key = s_skey_card;
}
else
key = s_skey;
curve = get_ecc_curve_from_key (key);
if (!curve)
{
err = gpg_error (GPG_ERR_BAD_SECKEY);
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
goto leave;
}
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
*r_curve = curve;
leave:
gcry_sexp_release (s_skey_card);
return err;
}
/* Given a private key in SEXP by S_SKEY0 and a cipher text by ECC_CT
* with length ECC_POINT_LEN, do ECC-KEM operation. Result is
* returned in the memory referred by ECC_SS. Shared secret length is
* returned in the memory referred by R_SHARED_LEN. CTRL is used to
* access smartcard, internally. */
static gpg_error_t
ecc_pgp_kem_decrypt (ctrl_t ctrl, gcry_sexp_t s_skey0,
unsigned char *shadow_info0,
const unsigned char *ecc_ct, size_t ecc_point_len,
unsigned char *ecc_ss, size_t *r_shared_len)
{
gpg_error_t err;
unsigned char ecc_ecdh[ECC_POINT_LEN_MAX];
unsigned char ecc_pk[ECC_POINT_LEN_MAX];
const char *curve;
const struct ecc_params *ecc = NULL;
if (ecc_point_len > ECC_POINT_LEN_MAX)
return gpg_error (GPG_ERR_INV_DATA);
err = ecc_get_curve (ctrl, s_skey0, &curve);
if (err)
{
if ((gpg_err_code (err) == GPG_ERR_CARD_REMOVED
|| gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
&& !s_skey0)
err = gpg_error (GPG_ERR_NO_SECKEY);
return err;
}
ecc = get_ecc_params (curve);
if (!ecc)
{
if (opt.verbose)
log_info ("%s: curve '%s' not supported\n", __func__, curve);
return gpg_error (GPG_ERR_BAD_SECKEY);
}
*r_shared_len = ecc->shared_len;
if (DBG_CRYPTO)
log_debug ("ECC curve: %s\n", curve);
if (ecc->point_len != ecc_point_len)
{
if (opt.verbose)
log_info ("%s: ECC cipher text length invalid (%zu != %zu)\n",
__func__, ecc->point_len, ecc_point_len);
return gpg_error (GPG_ERR_INV_DATA);
}
err = ecc_extract_pk_from_key (ecc, s_skey0, ecc_pk);
if (err)
return err;
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
if (DBG_CRYPTO)
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
log_printhex (ecc_ct, ecc->point_len, "ECC ephem:");
if (shadow_info0 || !s_skey0)
{
if (s_skey0 && agent_is_tpm2_key (s_skey0))
{
log_error ("TPM decryption failed: %s\n", gpg_strerror (err));
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
else
{
err = agent_card_ecc_kem (ctrl, ecc_ct, ecc->point_len, ecc_ecdh);
if (err)
{
log_error ("smartcard decryption failed: %s\n",
gpg_strerror (err));
return err;
}
}
}
else
err = ecc_raw_kem (ecc, s_skey0, ecc_ct, ecc_ecdh);
if (err)
return err;
if (DBG_CRYPTO)
log_printhex (ecc_ecdh, ecc_point_len, "ECC ecdh:");
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
err = gnupg_ecc_kem_kdf (ecc_ss, ecc->shared_len, ecc->hash_algo,
agent:kem: More fix for PQC KEM with X448. * agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field. (ecc_table): Update. (get_ecc_params): Use strcmp. (composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 09:09:02 +02:00
ecc_ecdh, ecc->point_len, ecc_ct, ecc->point_len,
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
ecc_pk, ecc->point_len);
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
wipememory (ecc_ecdh, sizeof ecc_ecdh);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
if (err)
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
{
if (opt.verbose)
log_info ("%s: kdf for ECC failed\n", __func__);
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
return err;
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
}
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
agent:kem: Support other ECC curves. * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:23:27 +02:00
if (DBG_CRYPTO)
log_printhex (ecc_ss, ecc->shared_len, "ECC shared:");
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
return 0;
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
}
/* For composite PGP KEM (ECC+ML-KEM), decrypt CIPHERTEXT using KEM API.
First keygrip is for ECC, second keygrip is for PQC. CIPHERTEXT
should follow the format of:
(enc-val(pqc(c%d)(e%m)(k%m)(s%m)(fixed-info&)))
c: cipher identifier (symmetric)
e: ECDH ciphertext
k: ML-KEM ciphertext
s: encrypted session key
fixed-info: A buffer with the fixed info.
FIXME: For now, possible keys on smartcard are not supported.
*/
static gpg_error_t
composite_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text,
gcry_sexp_t s_cipher, membuf_t *outbuf)
{
gcry_sexp_t s_skey0 = NULL;
gcry_sexp_t s_skey1 = NULL;
agent:kem: Fix memory leaks. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info memory. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 06:51:47 +02:00
unsigned char *shadow_info0 = NULL;
unsigned char *shadow_info1 = NULL;
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
gpg_error_t err = 0;
unsigned int nbits;
size_t len;
int algo;
gcry_mpi_t encrypted_sessionkey_mpi = NULL;
const unsigned char *encrypted_sessionkey;
size_t encrypted_sessionkey_len;
gcry_mpi_t ecc_ct_mpi = NULL;
const unsigned char *ecc_ct;
size_t ecc_ct_len;
unsigned char ecc_ss[ECC_HASH_LEN_MAX];
size_t ecc_shared_len, ecc_point_len;
enum gcry_kem_algos mlkem_kem_algo;
gcry_mpi_t mlkem_sk_mpi = NULL;
gcry_mpi_t mlkem_ct_mpi = NULL;
const unsigned char *mlkem_sk;
size_t mlkem_sk_len;
const unsigned char *mlkem_ct;
size_t mlkem_ct_len;
unsigned char mlkem_ss[GCRY_KEM_MLKEM1024_SHARED_LEN];
size_t mlkem_ss_len;
unsigned char kek[32];
size_t kek_len = 32; /* AES-256 is mandatory */
gcry_cipher_hd_t hd;
unsigned char sessionkey[256];
size_t sessionkey_len;
gcry_buffer_t fixed_info = { 0, 0, 0, NULL };
err = agent_key_from_file (ctrl, NULL, desc_text,
agent:kem: Fix memory leaks. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info memory. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 06:51:47 +02:00
ctrl->keygrip, &shadow_info0,
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
CACHE_MODE_NORMAL, NULL, &s_skey0, NULL, NULL);
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
if (err && gpg_err_code (err) != GPG_ERR_NO_SECKEY)
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
{
log_error ("failed to read the secret key\n");
goto leave;
}
err = agent_key_from_file (ctrl, NULL, desc_text,
agent:kem: Fix memory leaks. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info memory. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 06:51:47 +02:00
ctrl->keygrip1, &shadow_info1,
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
CACHE_MODE_NORMAL, NULL, &s_skey1, NULL, NULL);
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
/* Here assumes no smartcard for ML-KEM, but private key in a file. */
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
if (err)
{
log_error ("failed to read the another secret key\n");
goto leave;
}
err = gcry_sexp_extract_param (s_cipher, NULL, "%dc/eks&'fixed-info'",
&algo, &ecc_ct_mpi, &mlkem_ct_mpi,
&encrypted_sessionkey_mpi, &fixed_info, NULL);
if (err)
{
if (opt.verbose)
log_info ("%s: extracting parameters failed\n", __func__);
goto leave;
}
ecc_ct = gcry_mpi_get_opaque (ecc_ct_mpi, &nbits);
ecc_ct_len = (nbits+7)/8;
len = gcry_cipher_get_algo_keylen (algo);
encrypted_sessionkey = gcry_mpi_get_opaque (encrypted_sessionkey_mpi, &nbits);
encrypted_sessionkey_len = (nbits+7)/8;
if (len == 0 || encrypted_sessionkey_len != len + 8)
{
if (opt.verbose)
log_info ("%s: encrypted session key length %zu"
" does not match the length for algo %d\n",
__func__, encrypted_sessionkey_len, algo);
err = gpg_error (GPG_ERR_INV_DATA);
goto leave;
}
/* Firstly, ECC part. */
agent:kem:ecc: Support a key on smartcard. * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 07:18:03 +02:00
ecc_point_len = ecc_ct_len;
err = ecc_pgp_kem_decrypt (ctrl, s_skey0, shadow_info0, ecc_ct, ecc_point_len,
ecc_ss, &ecc_shared_len);
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
if (err)
goto leave;
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
/* Secondly, PQC part. For now, we assume ML-KEM. */
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
err = gcry_sexp_extract_param (s_skey1, NULL, "/s", &mlkem_sk_mpi, NULL);
if (err)
{
if (opt.verbose)
log_info ("%s: extracting s from PQ key failed\n", __func__);
goto leave;
}
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
mlkem_sk = gcry_mpi_get_opaque (mlkem_sk_mpi, &nbits);
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
mlkem_sk_len = (nbits+7)/8;
if (mlkem_sk_len == GCRY_KEM_MLKEM512_SECKEY_LEN)
{
mlkem_kem_algo = GCRY_KEM_MLKEM512;
mlkem_ss_len = GCRY_KEM_MLKEM512_SHARED_LEN;
mlkem_ct_len = GCRY_KEM_MLKEM512_CIPHER_LEN;
}
else if (mlkem_sk_len == GCRY_KEM_MLKEM768_SECKEY_LEN)
{
mlkem_kem_algo = GCRY_KEM_MLKEM768;
mlkem_ss_len = GCRY_KEM_MLKEM768_SHARED_LEN;
mlkem_ct_len = GCRY_KEM_MLKEM768_CIPHER_LEN;
}
else if (mlkem_sk_len == GCRY_KEM_MLKEM1024_SECKEY_LEN)
{
mlkem_kem_algo = GCRY_KEM_MLKEM1024;
mlkem_ss_len = GCRY_KEM_MLKEM1024_SHARED_LEN;
mlkem_ct_len = GCRY_KEM_MLKEM1024_CIPHER_LEN;
}
else
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
{
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
if (opt.verbose)
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
log_info ("%s: PQ key length invalid (%zu)\n", __func__, mlkem_sk_len);
agent:kem: Externalize FIXED_INFO. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 05:52:13 +02:00
err = gpg_error (GPG_ERR_INV_DATA);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
goto leave;
}
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
mlkem_ct = gcry_mpi_get_opaque (mlkem_ct_mpi, &nbits);
len = (nbits+7)/8;
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
if (len != mlkem_ct_len)
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
{
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
if (opt.verbose)
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
log_info ("%s: PQ cipher text length invalid (%zu)\n",
__func__, mlkem_ct_len);
agent:kem: Externalize FIXED_INFO. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 05:52:13 +02:00
err = gpg_error (GPG_ERR_INV_DATA);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
goto leave;
}
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
err = gcry_kem_decap (mlkem_kem_algo, mlkem_sk, mlkem_sk_len,
mlkem_ct, mlkem_ct_len, mlkem_ss, mlkem_ss_len,
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
NULL, 0);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
if (err)
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
{
if (opt.verbose)
log_info ("%s: gcry_kem_decap for PQ failed\n", __func__);
goto leave;
}
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
mpi_release (mlkem_sk_mpi);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
mlkem_sk_mpi = NULL;
/* Then, combine two shared secrets and ciphertexts into one KEK */
err = gnupg_kem_combiner (kek, kek_len,
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
ecc_ss, ecc_shared_len, ecc_ct, ecc_point_len,
agent:kem: More fix for PQC KEM with X448. * agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field. (ecc_table): Update. (get_ecc_params): Use strcmp. (composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 09:09:02 +02:00
mlkem_ss, mlkem_ss_len, mlkem_ct, mlkem_ct_len,
agent:kem: Externalize FIXED_INFO. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 05:52:13 +02:00
fixed_info.data, fixed_info.size);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
if (err)
{
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
if (opt.verbose)
log_info ("%s: KEM combiner failed\n", __func__);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
goto leave;
}
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
mpi_release (ecc_ct_mpi);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
ecc_ct_mpi = NULL;
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
mpi_release (mlkem_ct_mpi);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
mlkem_ct_mpi = NULL;
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
if (DBG_CRYPTO)
{
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
log_printhex (kek, kek_len, "KEK key: ");
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
}
err = gcry_cipher_open (&hd, GCRY_CIPHER_AES256,
GCRY_CIPHER_MODE_AESWRAP, 0);
if (err)
{
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
if (opt.verbose)
log_error ("ecdh failed to initialize AESWRAP: %s\n",
gpg_strerror (err));
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
goto leave;
}
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
err = gcry_cipher_setkey (hd, kek, kek_len);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
sessionkey_len = encrypted_sessionkey_len - 8;
err = gcry_cipher_decrypt (hd, sessionkey, sessionkey_len,
encrypted_sessionkey, encrypted_sessionkey_len);
gcry_cipher_close (hd);
mpi_release (encrypted_sessionkey_mpi);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
encrypted_sessionkey_mpi = NULL;
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
if (err)
{
log_error ("KEM decrypt failed: %s\n", gpg_strerror (err));
goto leave;
}
put_membuf_printf (outbuf,
"(5:value%u:", (unsigned int)sessionkey_len);
put_membuf (outbuf, sessionkey, sessionkey_len);
put_membuf (outbuf, ")", 2);
leave:
agent:kem: Support other ML-KEM variants. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <wk@gnupg.org> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 07:40:27 +02:00
wipememory (ecc_ss, sizeof ecc_ss);
wipememory (mlkem_ss, sizeof mlkem_ss);
wipememory (kek, sizeof kek);
wipememory (sessionkey, sizeof sessionkey);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
mpi_release (ecc_ct_mpi);
agent:kem: Factor out ECC KEM operation from composite KEM. * agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New. (composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 08:08:41 +02:00
mpi_release (mlkem_sk_mpi);
common,agent: Factor out KEM functions into common/kem.c. * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 04:09:29 +02:00
mpi_release (mlkem_ct_mpi);
mpi_release (encrypted_sessionkey_mpi);
agent:kem: Externalize FIXED_INFO. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-10 05:52:13 +02:00
gcry_free (fixed_info.data);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
gcry_sexp_release (s_skey0);
gcry_sexp_release (s_skey1);
agent:kem: Fix memory leaks. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info memory. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 06:51:47 +02:00
xfree (shadow_info0);
xfree (shadow_info1);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
return err;
}
/* DECRYPT the encrypted stuff (like encrypted session key) in
CIPHERTEXT using KEM API, with KEMID. Keys (or a key) are
specified in CTRL. DESC_TEXT is used to retrieve private key.
OPTION can be specified for upper layer option for KEM. Decrypted
stuff (like session key) is written to OUTBUF.
*/
gpg_error_t
agent_kem_decrypt (ctrl_t ctrl, const char *desc_text, int kemid,
const unsigned char *ciphertext, size_t ciphertextlen,
const unsigned char *option, size_t optionlen,
membuf_t *outbuf)
{
gcry_sexp_t s_cipher = NULL;
gpg_error_t err = 0;
/* For now, only PQC-PGP is supported. */
if (kemid != KEM_PQC_PGP)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
(void)optionlen;
if (kemid == KEM_PQC_PGP && option)
{
log_error ("PQC-PGP requires no option\n");
return gpg_error (GPG_ERR_INV_ARG);
}
if (!ctrl->have_keygrip)
{
log_error ("speculative decryption not yet supported\n");
return gpg_error (GPG_ERR_NO_SECKEY);
}
if (!ctrl->have_keygrip1)
{
agent: Rename the function using the word "composite" * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-11 08:26:08 +02:00
log_error ("Composite KEM requires two KEYGRIPs\n");
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
return gpg_error (GPG_ERR_NO_SECKEY);
}
err = gcry_sexp_sscan (&s_cipher, NULL, (char*)ciphertext, ciphertextlen);
if (err)
{
log_error ("failed to convert ciphertext: %s\n", gpg_strerror (err));
return gpg_error (GPG_ERR_INV_DATA);
}
if (DBG_CRYPTO)
{
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
log_printhex (ctrl->keygrip, 20, "keygrip0:");
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
log_printhex (ctrl->keygrip1, 20, "keygrip1:");
agent: Add more diagnostics to PQC decryption. * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
gcry_log_debugsxp ("cipher", s_cipher);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
}
agent: Rename the function using the word "composite" * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-11 08:26:08 +02:00
err = composite_pgp_kem_decrypt (ctrl, desc_text, s_cipher, outbuf);
agent: Add initial support for hybrid ECC+PQC decryption with KEM. * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-05 07:17:25 +02:00
gcry_sexp_release (s_cipher);
return err;
}
Copy Permalink