gpg: Some support to allow Kyber decryption.

* g10/call-agent.c (agent_pkdecrypt): Support dual keygrips and switch to KEM mode. * g10/ecdh.c (pk_ecdh_decrypt): Add an extra length check. * g10/keyid.c (do_hash_public_key): Fix Kyber fingerprint computation. * g10/mainproc.c (release_list): Free all 4 data elements. (proc_pubkey_enc): Copy all 4 data elements. * g10/misc.c (openpgp_pk_test_algo2): Map Kyber to KEM. * g10/parse-packet.c (parse_pubkeyenc): Fix Kyber parser. * g10/pubkey-enc.c (get_session_key): Allow Kyber. (get_it): Support Kyber. -- GnuPG-bug-id: 6815
2025-07-03 22:56:33 +02:00 · 2024-04-09 11:00:35 +02:00 · 2024-04-09 11:00:35 +02:00 · 52c4b09080
commit 52c4b09080
parent 1a37f0080b
7 changed files with 67 additions and 15 deletions
--- a/g10/keyid.c
+++ b/g10/keyid.c
@ -336,17 +336,24 @@ do_hash_public_key (gcry_md_hd_t md, PKT_public_key *pk, int use_v5)
            {
              /* Ugly: We need to re-construct the wire format of the
               * key parameter.  It would be easier to use a second
-               * second index for pp and nn which could bump
-               * independet of i.  */
+               * index for pp and nn which we could bump independet of
+               * i.  */
              const char *p;

              p = gcry_mpi_get_opaque (pk->pkey[i], &nbits);
-              pp[i] = xmalloc ((nbits+7)/8 + 1);
+              nn[i] = (nbits+7)/8;
+              pp[i] = xmalloc (4 + nn[i] + 1);
              if (p)
-                memcpy (pp[i], p, (nbits+7)/8);
+                {
+                  pp[i][0] = nn[i] >> 24;
+                  pp[i][1] = nn[i] >> 16;
+                  pp[i][2] = nn[i] >> 8;
+                  pp[i][3] = nn[i];
+                  memcpy (pp[i] + 4 , p, nn[i]);
+                  nn[i] += 4;
+                }
              else
                pp[i] = NULL;
-              nn[i] = (nbits+7)/8;
              n += nn[i];
            }
          else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))