diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2024-04-11 08:21:42 +0200 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2024-04-11 08:30:16 +0200 |
| commit | 172d53d63689dee780b03d60f19f53114f6c4283 (patch) | |
| tree | 64b2e73b60182d0793c90af0b22eccb9bedac4d9 /agent | |
| parent | doc: Move keyformat.txt to here. (diff) | |
| download | gnupg2-172d53d63689dee780b03d60f19f53114f6c4283.tar.xz gnupg2-172d53d63689dee780b03d60f19f53114f6c4283.zip | |
agent: Fix PQC decryption.
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Change the format
of SEXP in the protocol for symmetric cipher algorithm identifier.
--
GnuPG-bug-id: 7014
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/pkdecrypt.c | 37 |
1 files changed, 9 insertions, 28 deletions
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index 24ba1fd64..8f1614292 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -177,7 +177,8 @@ reverse_buffer (unsigned char *buffer, unsigned int length) First keygrip is for ECC, second keygrip is for PQC. CIPHERTEXT should follow the format of: - (enc-val(pqc(e%m)(k%m)(s%m)(fixed-info&))) + (enc-val(pqc(c%u)(e%m)(k%m)(s%m)(fixed-info&))) + c: cipher identifier (symmetric) e: ECDH ciphertext k: ML-KEM ciphertext s: encrypted session key @@ -199,6 +200,7 @@ agent_hybrid_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text, const unsigned char *p; size_t len; + int algo; gcry_mpi_t encrypted_sessionkey_mpi = NULL; const unsigned char *encrypted_sessionkey; size_t encrypted_sessionkey_len; @@ -250,42 +252,21 @@ agent_hybrid_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text, /* Here assumes no smartcard, but private keys */ - gcry_sexp_extract_param (s_cipher, NULL, "/eks&'fixed-info'", - &ecc_ct_mpi, - &mlkem_ct_mpi, - &encrypted_sessionkey_mpi, - &fixed_info, NULL); + gcry_sexp_extract_param (s_cipher, NULL, "%uc/eks&'fixed-info'", + &algo, &ecc_ct_mpi, &mlkem_ct_mpi, + &encrypted_sessionkey_mpi, &fixed_info, NULL); if (err) goto leave; + len = gcry_cipher_get_algo_keylen (algo); encrypted_sessionkey = gcry_mpi_get_opaque (encrypted_sessionkey_mpi, &nbits); encrypted_sessionkey_len = (nbits+7)/8; - if (encrypted_sessionkey_len < 1+1+8) + if (len == 0 || encrypted_sessionkey_len != len + 8) { - /* Fixme: This is a basic check but we should better test - * against the expected length and something which - * is required to avoid an underflow. */ err = gpg_error (GPG_ERR_INV_DATA); goto leave; } - encrypted_sessionkey_len--; - if (encrypted_sessionkey[0] != encrypted_sessionkey_len) - { - err = gpg_error (GPG_ERR_INV_DATA); - goto leave; - } - encrypted_sessionkey++; /* Skip the length. */ - - if (encrypted_sessionkey[0] != CIPHER_ALGO_AES256) - { - err = gpg_error (GPG_ERR_INV_DATA); - goto leave; - } - - encrypted_sessionkey_len--; - encrypted_sessionkey++; /* Skip the sym algo */ - /* Fistly, ECC part. FIXME: For now, we assume X25519. */ curve = gcry_sexp_find_token (s_skey0, "curve", 0); if (!curve) @@ -301,7 +282,7 @@ agent_hybrid_pgp_kem_decrypt (ctrl_t ctrl, const char *desc_text, goto leave; } - err = gcry_sexp_extract_param (s_skey0, NULL, "/q/d", + err = gcry_sexp_extract_param (s_skey0, NULL, "/qd", &ecc_pk_mpi, &ecc_sk_mpi, NULL); if (err) goto leave; |