agent: Add initial support for hybrid ECC+PQC decryption with KEM.

* agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-07-03 22:56:33 +02:00 · 2024-04-05 14:17:25 +09:00 · 2024-04-05 14:17:25 +09:00 · 131dd2a351
commit 131dd2a351
parent 97f5159495
3 changed files with 362 additions and 7 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -560,6 +560,18 @@ gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
                             const unsigned char *ciphertext, size_t ciphertextlen,
                             membuf_t *outbuf, int *r_padding);

+enum kemid
+  {
+    KEM_PQC_PGP,
+    KEM_PGP,
+    KEM_CMS,
+  };
+
+gpg_error_t agent_kem_decrypt (ctrl_t ctrl, const char *desc_text, int kemid,
+                               const unsigned char *ct, size_t ctlen,
+                               const unsigned char *option, size_t optionlen,
+                               membuf_t *outbuf);
+
 /*-- genkey.c --*/
 #define CHECK_CONSTRAINTS_NOT_EMPTY  1
 #define CHECK_CONSTRAINTS_NEW_SYMKEY 2