From 32ec480024b306508f77b1ebc720e2587df7b6c3 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 23 Apr 2024 16:25:05 +0200
Subject: [PATCH] gpg: Support encryption with kyber_bp256 and kyber_bp384

* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384.
* g10/pkglue.c (do_encrypt_kem): Ditto.
--

GnuPG-bug-id: 6815

Note, this needs the very latest Libgcrypt to work properly
---
 common/openpgp-oid.c |  6 ++++--
 g10/pkglue.c         | 32 ++++++++++++++++++++++++++++++++
 g10/pubkey-enc.c     |  3 +++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
index d54aff3a9..a374904cf 100644
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@@ -65,8 +65,10 @@ static struct {
   { "NIST P-384",      "1.3.132.0.34",           384, "nistp384" },
   { "NIST P-521",      "1.3.132.0.35",           521, "nistp521" },
 
-  { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7",   256, NULL, "bp256" },
-  { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11",  384, NULL, "bp384" },
+  { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7",   256, NULL, "bp256",
+    0, GCRY_KEM_RAW_BP256 },
+  { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11",  384, NULL, "bp384",
+    0, GCRY_KEM_RAW_BP384 },
   { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13",  512, NULL, "bp512" },
 
   { "secp256k1",       "1.3.132.0.10",           256 },
diff --git a/g10/pkglue.c b/g10/pkglue.c
index fb39d5ba8..170a1c54b 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -522,6 +522,38 @@ do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo,
       ecc_ss_len = 64;
       ecc_hash_algo = GCRY_MD_SHA3_512;
     }
+  else if (ecc_algo == GCRY_KEM_RAW_BP256)
+    {
+      ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
+      ecc_pubkey_len = (nbits+7)/8;
+      if (ecc_pubkey_len != 65)
+        {
+          if (opt.verbose)
+            log_info ("%s: ECC public key length invalid (%zu)\n",
+                      __func__, ecc_pubkey_len);
+          err = gpg_error (GPG_ERR_INV_DATA);
+          goto leave;
+        }
+      ecc_ct_len = ecc_ecdh_len = 65;
+      ecc_ss_len = 32;
+      ecc_hash_algo = GCRY_MD_SHA3_256;
+    }
+  else if (ecc_algo == GCRY_KEM_RAW_BP384)
+    {
+      ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
+      ecc_pubkey_len = (nbits+7)/8;
+      if (ecc_pubkey_len != 97)
+        {
+          if (opt.verbose)
+            log_info ("%s: ECC public key length invalid (%zu)\n",
+                      __func__, ecc_pubkey_len);
+          err = gpg_error (GPG_ERR_INV_DATA);
+          goto leave;
+        }
+      ecc_ct_len = ecc_ecdh_len = 97;
+      ecc_ss_len = 64;
+      ecc_hash_algo = GCRY_MD_SHA3_512;
+    }
   else
     {
       if (opt.verbose)
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 470525a95..563077803 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -457,6 +457,9 @@ get_it (ctrl_t ctrl,
       log_info (_("WARNING: cipher algorithm %s not found in recipient"
                   " preferences\n"), openpgp_cipher_algo_name (dek->algo));
 
+    /* if (!err && 25519 && openpgp_oidbuf_is_ed25519 (curve, len)) */
+    /*   log_info ("Note: legacy OID was used for cv25519\n"); */
+
     if (!err)
       {
         kbnode_t k;