security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

agent: PKDECRYPT KEM-mode can be used by CMS too.

Browse Source 
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2024-03-04 15:55:04 +09:00
parent 97f2ee8a4f
commit 068bb5b6f9
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
3 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/agent.h
View File

@ -541,7 +541,7 @@ gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
const unsigned char *ciphertext, size_t ciphertextlen,
membuf_t *outbuf, int *r_padding);
gpg_error_t agent_kem_decap (ctrl_t ctrl, const char *desc_text,
gpg_error_t agent_kem_decap (ctrl_t ctrl, const char *desc_text, int kemid,
const unsigned char *ciphertext, size_t ciphertextlen,
membuf_t *outbuf,
const unsigned char *option, size_t optionlen);

31
agent/command.c
View File

@ -1017,12 +1017,13 @@ cmd_pksign (assuan_context_t ctx, char *line)
static const char hlp_pkdecrypt[] =
"PKDECRYPT [--kem]\n"
"PKDECRYPT [--kem[=<kemid>]\n"
"\n"
"Perform the actual decrypt operation. Input is not\n"
"sensitive to eavesdropping.\n"
"If the --kem option is used, decryption is done with the KEM,\n"
"inquiring upper-layer option, when needed.";
"inquiring upper-layer option, when needed. KEMID can be\n"
"specified with --kem option; valid value is: PGP, or CMS.";
static gpg_error_t
cmd_pkdecrypt (assuan_context_t ctx, char *line)
{
@ -1032,18 +1033,28 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
size_t valuelen;
membuf_t outbuf;
int padding = -1;
int is_kem;
unsigned char *option = NULL;
size_t optionlen = 0;
const char *p;
int kemid = -1;
is_kem = has_option (line, "--kem");
p = has_option_name (line, "--kem");
if (p)
{
kemid = 0;
if (*p++ == '=')
{
if (strcmp (p, "PGP"))
kemid = 1;
}
}
/* First inquire the data to decrypt */
rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_CIPHERTEXT);
if (!rc)
rc = assuan_inquire (ctx, "CIPHERTEXT",
&value, &valuelen, MAXLEN_CIPHERTEXT);
if (!rc && is_kem)
if (!rc && kemid >= 0)
rc = assuan_inquire (ctx, "OPTION",
&option, &optionlen, MAXLEN_CIPHERTEXT); /* FIXME for maxlen? */
if (rc)
@ -1051,15 +1062,15 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
init_membuf (&outbuf, 512);
if (is_kem)
if (kemid < 0)
rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
value, valuelen, &outbuf, &padding);
else
{
rc = agent_kem_decap (ctrl, ctrl->server_local->keydesc,
rc = agent_kem_decap (ctrl, ctrl->server_local->keydesc, kemid,
value, valuelen, &outbuf, option, optionlen);
xfree (option);
}
else
rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc,
value, valuelen, &outbuf, &padding);
xfree (value);
if (rc)
clear_outbuf (&outbuf);

4
agent/pkdecrypt.c
View File

@ -172,7 +172,7 @@ reverse_buffer (unsigned char *buffer, unsigned int length)
}
gpg_error_t
agent_kem_decap (ctrl_t ctrl, const char *desc_text,
agent_kem_decap (ctrl_t ctrl, const char *desc_text, int kemid,
const unsigned char *ciphertext, size_t ciphertextlen,
membuf_t *outbuf,
const unsigned char *option, size_t optionlen)
@ -182,6 +182,8 @@ agent_kem_decap (ctrl_t ctrl, const char *desc_text,
gpg_error_t err = 0;
int no_shadow_info = 0;
/* IMPLEMENT: check ctrl->have_keygrip1, kem_decap, and call key combiner */
if (!ctrl->have_keygrip)
{
log_error ("speculative decryption not yet supported\n");