agent: Fix ECC key on smartcard for composite KEM with PQC.

* agent/divert-scd.c (agent_card_ecc_kem): Convert binary keygrip to HEXto call agent_card_pkdecrypt. Handle the case with prefix. -- GnuPG-bug-id: 7648 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2025-05-14 08:13:25 +02:00 · 2025-05-13 15:44:05 +09:00 · 2025-05-13 15:44:05 +09:00 · 309cfb3a4c
commit 309cfb3a4c
parent 5fb338168e
2 changed files with 9 additions and 5 deletions
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@ -507,21 +507,25 @@ agent_card_ecc_kem (ctrl_t ctrl, const unsigned char *ecc_ct,
  char *ecdh = NULL;
  size_t len;
  int rc;
  char hexgrip[41];
-  rc = agent_card_pkdecrypt (ctrl, ctrl->keygrip, getpin_cb, ctrl, NULL,
+  bin2hex (ctrl->keygrip, 20, hexgrip);
  rc = agent_card_pkdecrypt (ctrl, hexgrip, getpin_cb, ctrl, NULL,
                             ecc_ct, ecc_point_len, &ecdh, &len, NULL);
  if (rc)
    return rc;
-  if (len != ecc_point_len)
+  if (len == ecc_point_len)
    memcpy (ecc_ecdh, ecdh, len);
  else if (len == ecc_point_len + 1 && ecdh[0] == 0x40) /* The prefix */
    memcpy (ecc_ecdh, ecdh + 1, len - 1);
  else
    {
      if (opt.verbose)
        log_info ("%s: ECC result length invalid (%zu != %zu)\n",
                  __func__, len, ecc_point_len);
      return gpg_error (GPG_ERR_INV_DATA);
    }
  else
    memcpy (ecc_ecdh, ecdh, len);
  xfree (ecdh);
  return err;
--- a/agent/pkdecrypt.c
+++ b/agent/pkdecrypt.c
@ -538,7 +538,7 @@ ecc_pgp_kem_decrypt (ctrl_t ctrl, gcry_sexp_t s_skey0,
        s: encrypted session key
        fixed-info: A buffer with the fixed info.
-   FIXME: For now, possible keys on smartcard are not supported.
+   FIXME: For now, possible PQC key on smartcard is not yet supported.
  */
 static gpg_error_t
 composite_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text,