1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Support encryption with kyber_bp256 and kyber_bp384

* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384.
* g10/pkglue.c (do_encrypt_kem): Ditto.
--

GnuPG-bug-id: 6815

Note, this needs the very latest Libgcrypt to work properly
This commit is contained in:
Werner Koch 2024-04-23 16:25:05 +02:00
parent 54741685ce
commit 32ec480024
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 39 additions and 2 deletions

View File

@ -65,8 +65,10 @@ static struct {
{ "NIST P-384", "1.3.132.0.34", 384, "nistp384" },
{ "NIST P-521", "1.3.132.0.35", 521, "nistp521" },
{ "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 256, NULL, "bp256" },
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 384, NULL, "bp384" },
{ "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 256, NULL, "bp256",
0, GCRY_KEM_RAW_BP256 },
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 384, NULL, "bp384",
0, GCRY_KEM_RAW_BP384 },
{ "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 512, NULL, "bp512" },
{ "secp256k1", "1.3.132.0.10", 256 },

View File

@ -522,6 +522,38 @@ do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo,
ecc_ss_len = 64;
ecc_hash_algo = GCRY_MD_SHA3_512;
}
else if (ecc_algo == GCRY_KEM_RAW_BP256)
{
ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
ecc_pubkey_len = (nbits+7)/8;
if (ecc_pubkey_len != 65)
{
if (opt.verbose)
log_info ("%s: ECC public key length invalid (%zu)\n",
__func__, ecc_pubkey_len);
err = gpg_error (GPG_ERR_INV_DATA);
goto leave;
}
ecc_ct_len = ecc_ecdh_len = 65;
ecc_ss_len = 32;
ecc_hash_algo = GCRY_MD_SHA3_256;
}
else if (ecc_algo == GCRY_KEM_RAW_BP384)
{
ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
ecc_pubkey_len = (nbits+7)/8;
if (ecc_pubkey_len != 97)
{
if (opt.verbose)
log_info ("%s: ECC public key length invalid (%zu)\n",
__func__, ecc_pubkey_len);
err = gpg_error (GPG_ERR_INV_DATA);
goto leave;
}
ecc_ct_len = ecc_ecdh_len = 97;
ecc_ss_len = 64;
ecc_hash_algo = GCRY_MD_SHA3_512;
}
else
{
if (opt.verbose)

View File

@ -457,6 +457,9 @@ get_it (ctrl_t ctrl,
log_info (_("WARNING: cipher algorithm %s not found in recipient"
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
/* if (!err && 25519 && openpgp_oidbuf_is_ed25519 (curve, len)) */
/* log_info ("Note: legacy OID was used for cv25519\n"); */
if (!err)
{
kbnode_t k;