Skip to content

Commit

Permalink
fix some stuff after rebase
Browse files Browse the repository at this point in the history
  • Loading branch information
@TJ-91
TJ-91 committed Nov 12, 2024
1 parent a584014 commit 9b25a0c
Show file tree
Hide file tree
Showing 9 changed files with 100 additions and 39 deletions.
1 change: 1 addition & 0 deletions src/lib/crypto/hash_common.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
#include "hash_crc24.hpp"
#endif
#include <set>
#include <iterator>

static const struct hash_alg_map_t {
pgp_hash_alg_t type;
Expand Down
6 changes: 5 additions & 1 deletion src/lib/generate-key.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,8 @@ adjust_hash_alg(rnp_keygen_crypto_params_t &crypto)
case PGP_PKA_SPHINCSPLUS_SHAKE_128s:
crypto.hash_alg = PGP_HASH_SHA3_256;
break;
case PGP_PKA_DILITHIUM5_ED448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_BP384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
Expand Down Expand Up @@ -461,9 +463,11 @@ keygen_primary_merge_defaults(rnp_keygen_primary_desc_t &desc)
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_BP256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_BP256:
case PGP_PKA_DILITHIUM5_Ed448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_BP384:
FALLTHROUGH_STATEMENT;
Expand Down
15 changes: 12 additions & 3 deletions src/lib/key_material.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,10 @@ KeyParams::create(pgp_pubkey_alg_t alg)
return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_ED25519));
case PGP_PKA_X25519:
return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_25519));
case PGP_PKA_ED448:
return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_ED448));
case PGP_PKA_X448:
return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_448));
#endif
case PGP_PKA_DSA:
return std::unique_ptr<KeyParams>(new DSAKeyParams());
Expand All @@ -161,7 +165,8 @@ KeyParams::create(pgp_pubkey_alg_t alg)
#if defined(ENABLE_PQC)
case PGP_PKA_KYBER768_X25519:
FALLTHROUGH_STATEMENT;
// TODO add case PGP_PKA_KYBER1024_X448: FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_X448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER768_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_P384:
Expand All @@ -172,7 +177,8 @@ KeyParams::create(pgp_pubkey_alg_t alg)
return std::unique_ptr<KeyParams>(new MlkemEcdhKeyParams(alg));
case PGP_PKA_DILITHIUM3_ED25519:
FALLTHROUGH_STATEMENT;
// TODO: add case PGP_PKA_DILITHIUM5_ED448: FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_ED448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
Expand Down Expand Up @@ -409,6 +415,10 @@ KeyMaterial::create(pgp_pubkey_alg_t alg)
return std::unique_ptr<KeyMaterial>(new Ed25519KeyMaterial());
case PGP_PKA_X25519:
return std::unique_ptr<KeyMaterial>(new X25519KeyMaterial());
case PGP_PKA_ED448:
return std::unique_ptr<KeyMaterial>(new Ed448KeyMaterial());
case PGP_PKA_X448:
return std::unique_ptr<KeyMaterial>(new X448KeyMaterial());
#endif
case PGP_PKA_SM2:
return std::unique_ptr<KeyMaterial>(new SM2KeyMaterial());
Expand Down Expand Up @@ -2239,7 +2249,6 @@ SlhdsaKeyMaterial::write_secret(pgp_packet_body_t &pkt) const
bool
SlhdsaKeyMaterial::generate(rnp::SecurityContext &ctx, const KeyParams &params)
{
auto &slhdsa = dynamic_cast<const SlhdsaKeyParams &>(params);
if (pgp_sphincsplus_generate(&ctx.rng, &key_, alg_)) {
RNP_LOG("failed to generate SLH-DSA key for PK alg %d", alg_);
return false;
Expand Down
2 changes: 1 addition & 1 deletion src/lib/key_material.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -550,7 +550,7 @@ class Ed448KeyMaterial : public KeyMaterial {
bool parse_secret(pgp_packet_body_t &pkt) noexcept override;
void write(pgp_packet_body_t &pkt) const override;
void write_secret(pgp_packet_body_t &pkt) const override;
bool generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
bool generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
rnp_result_t verify(const rnp::SecurityContext & ctx,
const pgp_signature_material_t & sig,
const rnp::secure_vector<uint8_t> &hash) const override;
Expand Down
93 changes: 64 additions & 29 deletions src/lib/keygen.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,39 @@ KeygenParams::check_defaults() noexcept
if (hash_ == PGP_HASH_UNKNOWN) {
hash_ = alg_ == PGP_PKA_SM2 ? PGP_HASH_SM3 : DEFAULT_PGP_HASH_ALG;
}
#if defined(ENABLE_PQC)
// ensure PQC key hash binding
switch (alg_) {
case PGP_PKA_DILITHIUM3_ED25519:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_ED448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_BP256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_BP384:
if (!dilithium_hash_allowed(alg_, hash_)) {
hash_ = dilithium_default_hash_alg(alg_);
}
break;

case PGP_PKA_SPHINCSPLUS_SHAKE_128f:
FALLTHROUGH_STATEMENT;
case PGP_PKA_SPHINCSPLUS_SHAKE_128s:
FALLTHROUGH_STATEMENT;
case PGP_PKA_SPHINCSPLUS_SHAKE_256s:
if (!sphincsplus_hash_allowed(alg_, hash_)) {
hash_ = sphincsplus_default_hash_alg(alg_);
}
break;
default:
break;
}
#endif

pgp_hash_alg_t min_hash = key_params_->min_hash();
if (Hash::size(hash_) < Hash::size(min_hash)) {
hash_ = min_hash;
Expand All @@ -66,15 +99,16 @@ KeygenParams::validate() const noexcept
break;
case PGP_PKA_DILITHIUM3_ED25519:
FALLTHROUGH_STATEMENT;
// TODO: add case PGP_PKA_DILITHIUM5_ED448: FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_ED448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_BP256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_BP384:
if (!dilithium_hash_allowed(hash())) {
if (!dilithium_hash_allowed(alg(), hash())) {
RNP_LOG("invalid hash algorithm for the dilithium key");
return false;
}
Expand Down Expand Up @@ -132,37 +166,38 @@ KeygenParams::validate(const BindingParams &binding) const noexcept
return validate();
}

static const id_str_pair pubkey_alg_map[] = {{PGP_PKA_RSA, "RSA (Encrypt or Sign)"},
{PGP_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"},
{PGP_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"},
{PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"},
{PGP_PKA_DSA, "DSA"},
{PGP_PKA_ECDH, "ECDH"},
{PGP_PKA_ECDSA, "ECDSA"},
{PGP_PKA_EDDSA, "EdDSA"},
{PGP_PKA_SM2, "SM2"},
static const id_str_pair pubkey_alg_map[] = {
{PGP_PKA_RSA, "RSA (Encrypt or Sign)"},
{PGP_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"},
{PGP_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"},
{PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"},
{PGP_PKA_DSA, "DSA"},
{PGP_PKA_ECDH, "ECDH"},
{PGP_PKA_ECDSA, "ECDSA"},
{PGP_PKA_EDDSA, "EdDSA"},
{PGP_PKA_SM2, "SM2"},
#if defined(ENABLE_CRYPTO_REFRESH)
{PGP_PKA_ED25519, "ED25519"},
{PGP_PKA_X25519, "X25519"},
{PGP_PKA_ED25519, "ED25519"},
{PGP_PKA_X25519, "X25519"},
#endif
#if defined(ENABLE_PQC)
{PGP_PKA_KYBER768_X25519, "ML-KEM-768_X25519"},
//{PGP_PKA_KYBER1024_X448, "Kyber-X448"},
{PGP_PKA_KYBER768_P256, "ML-KEM-768_P256"},
{PGP_PKA_KYBER1024_P384, "ML-KEM-1024_P384"},
{PGP_PKA_KYBER768_BP256, "ML-KEM-768_BP256"},
{PGP_PKA_KYBER1024_BP384, "ML-KEM-1024_BP384"},
{PGP_PKA_DILITHIUM3_ED25519, "ML-DSA-65_ED25519"},
//{PGP_PKA_DILITHIUM5_ED448, "Dilithium-ED448"},
{PGP_PKA_DILITHIUM3_P256, "ML-DSA-65_P256"},
{PGP_PKA_DILITHIUM5_P384, "ML-DSA-87_P384"},
{PGP_PKA_DILITHIUM3_BP256, "ML-DSA-65_BP256"},
{PGP_PKA_DILITHIUM5_BP384, "ML-DSA-87_BP384"},
{PGP_PKA_SPHINCSPLUS_SHAKE_128f, "SLH-DSA-SHAKE-128f"},
{PGP_PKA_SPHINCSPLUS_SHAKE_128s, "SLH-DSA-SHAKE-128s"},
{PGP_PKA_SPHINCSPLUS_SHAKE_256s, "SLH-DSA-SHAKE-256s"},
{PGP_PKA_KYBER768_X25519, "ML-KEM-768_X25519"},
//{PGP_PKA_KYBER1024_X448, "Kyber-X448"},
{PGP_PKA_KYBER768_P256, "ML-KEM-768_P256"},
{PGP_PKA_KYBER1024_P384, "ML-KEM-1024_P384"},
{PGP_PKA_KYBER768_BP256, "ML-KEM-768_BP256"},
{PGP_PKA_KYBER1024_BP384, "ML-KEM-1024_BP384"},
{PGP_PKA_DILITHIUM3_ED25519, "ML-DSA-65_ED25519"},
//{PGP_PKA_DILITHIUM5_ED448, "Dilithium-ED448"},
{PGP_PKA_DILITHIUM3_P256, "ML-DSA-65_P256"},
{PGP_PKA_DILITHIUM5_P384, "ML-DSA-87_P384"},
{PGP_PKA_DILITHIUM3_BP256, "ML-DSA-65_BP256"},
{PGP_PKA_DILITHIUM5_BP384, "ML-DSA-87_BP384"},
{PGP_PKA_SPHINCSPLUS_SHAKE_128f, "SLH-DSA-SHAKE-128f"},
{PGP_PKA_SPHINCSPLUS_SHAKE_128s, "SLH-DSA-SHAKE-128s"},
{PGP_PKA_SPHINCSPLUS_SHAKE_256s, "SLH-DSA-SHAKE-256s"},
#endif
{0, NULL}};
{0, NULL}};

bool
KeygenParams::generate(pgp_key_pkt_t &seckey, bool primary)
Expand Down
12 changes: 8 additions & 4 deletions src/lib/pgp-key.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1242,20 +1242,24 @@ pgp_key_t::is_pqc_alg() const
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER768_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER768_BP256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_X448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_BP384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_ED25519:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_BP256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_ED448:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_BP384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_SPHINCSPLUS_SHAKE_128f:
Expand Down
5 changes: 5 additions & 0 deletions src/librepgp/stream-dump.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1246,6 +1246,11 @@ stream_dump_pk_session_key(rnp_dump_ctx_t *ctx, pgp_source_t *src, pgp_dest_t *d
dst_print_vec(
dst, "x25519 encrypted session key", material.x25519.enc_sess_key, ctx->dump_mpi);
break;
case PGP_PKA_X448:
dst_print_vec(dst, "x448 ephemeral public key", material.x448.eph_key, ctx->dump_mpi);
dst_print_vec(
dst, "x448 encrypted session key", material.x448.enc_sess_key, ctx->dump_mpi);
break;
#endif
#if defined(ENABLE_PQC)
case PGP_PKA_KYBER768_X25519:
Expand Down
2 changes: 2 additions & 0 deletions src/librepgp/stream-parse.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1589,6 +1589,8 @@ do_enforce_aes_v3pkesk(pgp_pubkey_alg_t alg)
#endif
case PGP_PKA_X25519:
return true;
case PGP_PKA_X448:
return true;
default:
return false;
}
Expand Down
3 changes: 2 additions & 1 deletion src/tests/ffi-enc.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -836,12 +836,13 @@ TEST_F(rnp_tests, test_ffi_pqc_gen_enc_sign)
std::vector<std::pair<std::string, std::string>> primary_sub = {
{"ML-DSA-65+ED25519", "ML-KEM-768+X25519"},
{"ML-DSA-65+ECDSA-P256", "ML-KEM-768+ECDH-P256"},
{"ML-DSA-87+ED448", "ML-KEM-1024+X448"},
{"ML-DSA-87+ECDSA-P384", "ML-KEM-1024+ECDH-P384"},
{"ML-DSA-65+ECDSA-BP256", "ML-KEM-768+ECDH-BP256"},
{"ML-DSA-87+ECDSA-BP384", "ML-KEM-1024+ECDH-BP384"},
{"SLH-DSA-SHAKE-128f", "ML-KEM-768+X25519"},
{"SLH-DSA-SHAKE-128s", "ML-KEM-768+X25519"},
{"SLH-DSA-SHAKE-256s", "ML-KEM-768+X25519"}};
{"SLH-DSA-SHAKE-256s", "ML-KEM-1024+X448"}};
for (auto pk_algs : primary_sub) {
rnp_ffi_t ffi = NULL;
rnp_key_handle_t key = NULL;
Expand Down

0 comments on commit 9b25a0c

Please sign in to comment.