gpg: Support encryption with kyber_bp256 and kyber_bp384

* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384. * g10/pkglue.c (do_encrypt_kem): Ditto. -- GnuPG-bug-id: 6815 Note, this needs the very latest Libgcrypt to work properly
2024-12-22 10:19:57 +01:00 · 2024-04-23 16:25:05 +02:00 · 2024-04-23 16:25:05 +02:00 · 32ec480024
commit 32ec480024
parent 54741685ce
3 changed files with 39 additions and 2 deletions
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@ -65,8 +65,10 @@ static struct {
  { "NIST P-384",      "1.3.132.0.34",           384, "nistp384" },
  { "NIST P-521",      "1.3.132.0.35",           521, "nistp521" },

-  { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7",   256, NULL, "bp256" },
-  { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11",  384, NULL, "bp384" },
+  { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7",   256, NULL, "bp256",
+    0, GCRY_KEM_RAW_BP256 },
+  { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11",  384, NULL, "bp384",
+    0, GCRY_KEM_RAW_BP384 },
  { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13",  512, NULL, "bp512" },

  { "secp256k1",       "1.3.132.0.10",           256 },
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@ -522,6 +522,38 @@ do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo,
      ecc_ss_len = 64;
      ecc_hash_algo = GCRY_MD_SHA3_512;
    }
+  else if (ecc_algo == GCRY_KEM_RAW_BP256)
+    {
+      ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
+      ecc_pubkey_len = (nbits+7)/8;
+      if (ecc_pubkey_len != 65)
+        {
+          if (opt.verbose)
+            log_info ("%s: ECC public key length invalid (%zu)\n",
+                      __func__, ecc_pubkey_len);
+          err = gpg_error (GPG_ERR_INV_DATA);
+          goto leave;
+        }
+      ecc_ct_len = ecc_ecdh_len = 65;
+      ecc_ss_len = 32;
+      ecc_hash_algo = GCRY_MD_SHA3_256;
+    }
+  else if (ecc_algo == GCRY_KEM_RAW_BP384)
+    {
+      ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
+      ecc_pubkey_len = (nbits+7)/8;
+      if (ecc_pubkey_len != 97)
+        {
+          if (opt.verbose)
+            log_info ("%s: ECC public key length invalid (%zu)\n",
+                      __func__, ecc_pubkey_len);
+          err = gpg_error (GPG_ERR_INV_DATA);
+          goto leave;
+        }
+      ecc_ct_len = ecc_ecdh_len = 97;
+      ecc_ss_len = 64;
+      ecc_hash_algo = GCRY_MD_SHA3_512;
+    }
  else
    {
      if (opt.verbose)
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -457,6 +457,9 @@ get_it (ctrl_t ctrl,
      log_info (_("WARNING: cipher algorithm %s not found in recipient"
                  " preferences\n"), openpgp_cipher_algo_name (dek->algo));

+    /* if (!err && 25519 && openpgp_oidbuf_is_ed25519 (curve, len)) */
+    /*   log_info ("Note: legacy OID was used for cv25519\n"); */
+
    if (!err)
      {
        kbnode_t k;