diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2024-04-05 07:17:25 +0200 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2024-04-05 07:17:25 +0200 |
| commit | 131dd2a35145a1db1a45ab76764f32cbbca3fd43 (patch) | |
| tree | 7ef3fa4053fe64cc1e8eb265839c9c1a92343b81 /agent/command.c | |
| parent | gpg: Initial support for generating Kyber subkeys. (diff) | |
| download | gnupg2-131dd2a35145a1db1a45ab76764f32cbbca3fd43.tar.xz gnupg2-131dd2a35145a1db1a45ab76764f32cbbca3fd43.zip | |
agent: Add initial support for hybrid ECC+PQC decryption with KEM.
* agent/agent.h (enum kemid): New.
(agent_kem_decrypt): New.
* agent/command.c (cmd_pkdecrypt): Support --kem option to call
agent_kem_decrypt.
* agent/pkdecrypt.c (reverse_buffer): New.
(agent_hybrid_pgp_kem_decrypt): New.
(agent_kem_decrypt): New.
--
Now, it only supports X25519 + ML-KEM.
GnuPG-bug-id: 7014
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'agent/command.c')
| -rw-r--r-- | agent/command.c | 45 |
1 files changed, 39 insertions, 6 deletions
diff --git a/agent/command.c b/agent/command.c index 5e74381ed..fd050ee6b 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1049,10 +1049,14 @@ cmd_pksign (assuan_context_t ctx, char *line) static const char hlp_pkdecrypt[] = - "PKDECRYPT [<options>]\n" + "PKDECRYPT [--kem[=<kemid>] [<options>]\n" "\n" "Perform the actual decrypt operation. Input is not\n" - "sensitive to eavesdropping."; + "sensitive to eavesdropping.\n" + "If the --kem option is used, decryption is done with the KEM,\n" + "inquiring upper-layer option, when needed. KEMID can be\n" + "specified with --kem option; Valid value is: PQC-PGP, PGP, or CMS.\n" + "Default is PQC-PGP."; static gpg_error_t cmd_pkdecrypt (assuan_context_t ctx, char *line) { @@ -1061,22 +1065,51 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) unsigned char *value; size_t valuelen; membuf_t outbuf; - int padding; + int padding = -1; + unsigned char *option = NULL; + size_t optionlen = 0; + const char *p; + int kemid = -1; - (void)line; + p = has_option_name (line, "--kem"); + if (p) + { + kemid = KEM_PQC_PGP; + if (*p++ == '=') + { + if (strcmp (p, "PQC-PGP")) + kemid = KEM_PQC_PGP; + else if (strcmp (p, "PGP")) + kemid = KEM_PGP; + else if (strcmp (p, "CMS")) + kemid = KEM_CMS; + else + return set_error (GPG_ERR_ASS_PARAMETER, "invalid KEM algorithm"); + } + } /* First inquire the data to decrypt */ rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_CIPHERTEXT); if (!rc) rc = assuan_inquire (ctx, "CIPHERTEXT", &value, &valuelen, MAXLEN_CIPHERTEXT); + if (!rc && kemid > KEM_PQC_PGP) + rc = assuan_inquire (ctx, "OPTION", + &option, &optionlen, MAXLEN_CIPHERTEXT); if (rc) return rc; init_membuf (&outbuf, 512); - rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc, - value, valuelen, &outbuf, &padding); + if (kemid < 0) + rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc, + value, valuelen, &outbuf, &padding); + else + { + rc = agent_kem_decrypt (ctrl, ctrl->server_local->keydesc, kemid, + value, valuelen, option, optionlen, &outbuf); + xfree (option); + } xfree (value); if (rc) clear_outbuf (&outbuf); |