From d22e2cff659209acb7e15f5fdf0c1bab5394d624 Mon Sep 17 00:00:00 2001 From: Johannes Roth Date: Tue, 12 Nov 2024 09:45:13 +0100 Subject: [PATCH] fix some stuff after rebase --- src/lib/generate-key.cpp | 6 ++- src/lib/key_material.cpp | 15 ++++-- src/lib/key_material.hpp | 2 +- src/lib/keygen.cpp | 93 ++++++++++++++++++++++++----------- src/lib/pgp-key.cpp | 12 +++-- src/librepgp/stream-dump.cpp | 5 ++ src/librepgp/stream-parse.cpp | 2 + src/tests/ffi-enc.cpp | 3 +- 8 files changed, 99 insertions(+), 39 deletions(-) diff --git a/src/lib/generate-key.cpp b/src/lib/generate-key.cpp index 4ea88cef3..e4c0f9dce 100644 --- a/src/lib/generate-key.cpp +++ b/src/lib/generate-key.cpp @@ -178,6 +178,8 @@ adjust_hash_alg(rnp_keygen_crypto_params_t &crypto) case PGP_PKA_SPHINCSPLUS_SHAKE_128s: crypto.hash_alg = PGP_HASH_SHA3_256; break; + case PGP_PKA_DILITHIUM5_ED448: + FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_BP384: FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_P384: @@ -461,9 +463,11 @@ keygen_primary_merge_defaults(rnp_keygen_primary_desc_t &desc) FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM3_P256: FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM3_BP256: + FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_P384: FALLTHROUGH_STATEMENT; - case PGP_PKA_DILITHIUM3_BP256: + case PGP_PKA_DILITHIUM5_Ed448: FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_BP384: FALLTHROUGH_STATEMENT; diff --git a/src/lib/key_material.cpp b/src/lib/key_material.cpp index d8957a290..81ab1b9fc 100644 --- a/src/lib/key_material.cpp +++ b/src/lib/key_material.cpp @@ -152,6 +152,10 @@ KeyParams::create(pgp_pubkey_alg_t alg) return std::unique_ptr(new ECCKeyParams(PGP_CURVE_ED25519)); case PGP_PKA_X25519: return std::unique_ptr(new ECCKeyParams(PGP_CURVE_25519)); + case PGP_PKA_ED448: + return std::unique_ptr(new ECCKeyParams(PGP_CURVE_ED448)); + case PGP_PKA_X448: + return std::unique_ptr(new ECCKeyParams(PGP_CURVE_448)); #endif case PGP_PKA_DSA: return std::unique_ptr(new DSAKeyParams()); @@ -161,7 +165,8 @@ KeyParams::create(pgp_pubkey_alg_t alg) #if defined(ENABLE_PQC) case PGP_PKA_KYBER768_X25519: FALLTHROUGH_STATEMENT; - // TODO add case PGP_PKA_KYBER1024_X448: FALLTHROUGH_STATEMENT; + case PGP_PKA_KYBER1024_X448: + FALLTHROUGH_STATEMENT; case PGP_PKA_KYBER768_P256: FALLTHROUGH_STATEMENT; case PGP_PKA_KYBER1024_P384: @@ -172,7 +177,8 @@ KeyParams::create(pgp_pubkey_alg_t alg) return std::unique_ptr(new MlkemEcdhKeyParams(alg)); case PGP_PKA_DILITHIUM3_ED25519: FALLTHROUGH_STATEMENT; - // TODO: add case PGP_PKA_DILITHIUM5_ED448: FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM5_ED448: + FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM3_P256: FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_P384: @@ -409,6 +415,10 @@ KeyMaterial::create(pgp_pubkey_alg_t alg) return std::unique_ptr(new Ed25519KeyMaterial()); case PGP_PKA_X25519: return std::unique_ptr(new X25519KeyMaterial()); + case PGP_PKA_ED448: + return std::unique_ptr(new Ed448KeyMaterial()); + case PGP_PKA_X448: + return std::unique_ptr(new X448KeyMaterial()); #endif case PGP_PKA_SM2: return std::unique_ptr(new SM2KeyMaterial()); @@ -2239,7 +2249,6 @@ SlhdsaKeyMaterial::write_secret(pgp_packet_body_t &pkt) const bool SlhdsaKeyMaterial::generate(rnp::SecurityContext &ctx, const KeyParams ¶ms) { - auto &slhdsa = dynamic_cast(params); if (pgp_sphincsplus_generate(&ctx.rng, &key_, alg_)) { RNP_LOG("failed to generate SLH-DSA key for PK alg %d", alg_); return false; diff --git a/src/lib/key_material.hpp b/src/lib/key_material.hpp index 39356a43a..0d1438fc2 100644 --- a/src/lib/key_material.hpp +++ b/src/lib/key_material.hpp @@ -550,7 +550,7 @@ class Ed448KeyMaterial : public KeyMaterial { bool parse_secret(pgp_packet_body_t &pkt) noexcept override; void write(pgp_packet_body_t &pkt) const override; void write_secret(pgp_packet_body_t &pkt) const override; - bool generate(rnp::SecurityContext &ctx, const KeyParams ¶ms) override; + bool generate(rnp::SecurityContext &ctx, const KeyParams ¶ms) override; rnp_result_t verify(const rnp::SecurityContext & ctx, const pgp_signature_material_t & sig, const rnp::secure_vector &hash) const override; diff --git a/src/lib/keygen.cpp b/src/lib/keygen.cpp index 3e132560b..298ab0bf8 100644 --- a/src/lib/keygen.cpp +++ b/src/lib/keygen.cpp @@ -42,6 +42,39 @@ KeygenParams::check_defaults() noexcept if (hash_ == PGP_HASH_UNKNOWN) { hash_ = alg_ == PGP_PKA_SM2 ? PGP_HASH_SM3 : DEFAULT_PGP_HASH_ALG; } +#if defined(ENABLE_PQC) + // ensure PQC key hash binding + switch (alg_) { + case PGP_PKA_DILITHIUM3_ED25519: + FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM5_ED448: + FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM3_P256: + FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM5_P384: + FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM3_BP256: + FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM5_BP384: + if (!dilithium_hash_allowed(alg_, hash_)) { + hash_ = dilithium_default_hash_alg(alg_); + } + break; + + case PGP_PKA_SPHINCSPLUS_SHAKE_128f: + FALLTHROUGH_STATEMENT; + case PGP_PKA_SPHINCSPLUS_SHAKE_128s: + FALLTHROUGH_STATEMENT; + case PGP_PKA_SPHINCSPLUS_SHAKE_256s: + if (!sphincsplus_hash_allowed(alg_, hash_)) { + hash_ = sphincsplus_default_hash_alg(alg_); + } + break; + default: + break; + } +#endif + pgp_hash_alg_t min_hash = key_params_->min_hash(); if (Hash::size(hash_) < Hash::size(min_hash)) { hash_ = min_hash; @@ -66,7 +99,8 @@ KeygenParams::validate() const noexcept break; case PGP_PKA_DILITHIUM3_ED25519: FALLTHROUGH_STATEMENT; - // TODO: add case PGP_PKA_DILITHIUM5_ED448: FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM5_ED448: + FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM3_P256: FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_P384: @@ -74,7 +108,7 @@ KeygenParams::validate() const noexcept case PGP_PKA_DILITHIUM3_BP256: FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_BP384: - if (!dilithium_hash_allowed(hash())) { + if (!dilithium_hash_allowed(alg(), hash())) { RNP_LOG("invalid hash algorithm for the dilithium key"); return false; } @@ -132,37 +166,38 @@ KeygenParams::validate(const BindingParams &binding) const noexcept return validate(); } -static const id_str_pair pubkey_alg_map[] = {{PGP_PKA_RSA, "RSA (Encrypt or Sign)"}, - {PGP_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"}, - {PGP_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"}, - {PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"}, - {PGP_PKA_DSA, "DSA"}, - {PGP_PKA_ECDH, "ECDH"}, - {PGP_PKA_ECDSA, "ECDSA"}, - {PGP_PKA_EDDSA, "EdDSA"}, - {PGP_PKA_SM2, "SM2"}, +static const id_str_pair pubkey_alg_map[] = { + {PGP_PKA_RSA, "RSA (Encrypt or Sign)"}, + {PGP_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"}, + {PGP_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"}, + {PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"}, + {PGP_PKA_DSA, "DSA"}, + {PGP_PKA_ECDH, "ECDH"}, + {PGP_PKA_ECDSA, "ECDSA"}, + {PGP_PKA_EDDSA, "EdDSA"}, + {PGP_PKA_SM2, "SM2"}, #if defined(ENABLE_CRYPTO_REFRESH) - {PGP_PKA_ED25519, "ED25519"}, - {PGP_PKA_X25519, "X25519"}, + {PGP_PKA_ED25519, "ED25519"}, + {PGP_PKA_X25519, "X25519"}, #endif #if defined(ENABLE_PQC) - {PGP_PKA_KYBER768_X25519, "ML-KEM-768_X25519"}, - //{PGP_PKA_KYBER1024_X448, "Kyber-X448"}, - {PGP_PKA_KYBER768_P256, "ML-KEM-768_P256"}, - {PGP_PKA_KYBER1024_P384, "ML-KEM-1024_P384"}, - {PGP_PKA_KYBER768_BP256, "ML-KEM-768_BP256"}, - {PGP_PKA_KYBER1024_BP384, "ML-KEM-1024_BP384"}, - {PGP_PKA_DILITHIUM3_ED25519, "ML-DSA-65_ED25519"}, - //{PGP_PKA_DILITHIUM5_ED448, "Dilithium-ED448"}, - {PGP_PKA_DILITHIUM3_P256, "ML-DSA-65_P256"}, - {PGP_PKA_DILITHIUM5_P384, "ML-DSA-87_P384"}, - {PGP_PKA_DILITHIUM3_BP256, "ML-DSA-65_BP256"}, - {PGP_PKA_DILITHIUM5_BP384, "ML-DSA-87_BP384"}, - {PGP_PKA_SPHINCSPLUS_SHAKE_128f, "SLH-DSA-SHAKE-128f"}, - {PGP_PKA_SPHINCSPLUS_SHAKE_128s, "SLH-DSA-SHAKE-128s"}, - {PGP_PKA_SPHINCSPLUS_SHAKE_256s, "SLH-DSA-SHAKE-256s"}, + {PGP_PKA_KYBER768_X25519, "ML-KEM-768_X25519"}, + //{PGP_PKA_KYBER1024_X448, "Kyber-X448"}, + {PGP_PKA_KYBER768_P256, "ML-KEM-768_P256"}, + {PGP_PKA_KYBER1024_P384, "ML-KEM-1024_P384"}, + {PGP_PKA_KYBER768_BP256, "ML-KEM-768_BP256"}, + {PGP_PKA_KYBER1024_BP384, "ML-KEM-1024_BP384"}, + {PGP_PKA_DILITHIUM3_ED25519, "ML-DSA-65_ED25519"}, + //{PGP_PKA_DILITHIUM5_ED448, "Dilithium-ED448"}, + {PGP_PKA_DILITHIUM3_P256, "ML-DSA-65_P256"}, + {PGP_PKA_DILITHIUM5_P384, "ML-DSA-87_P384"}, + {PGP_PKA_DILITHIUM3_BP256, "ML-DSA-65_BP256"}, + {PGP_PKA_DILITHIUM5_BP384, "ML-DSA-87_BP384"}, + {PGP_PKA_SPHINCSPLUS_SHAKE_128f, "SLH-DSA-SHAKE-128f"}, + {PGP_PKA_SPHINCSPLUS_SHAKE_128s, "SLH-DSA-SHAKE-128s"}, + {PGP_PKA_SPHINCSPLUS_SHAKE_256s, "SLH-DSA-SHAKE-256s"}, #endif - {0, NULL}}; + {0, NULL}}; bool KeygenParams::generate(pgp_key_pkt_t &seckey, bool primary) diff --git a/src/lib/pgp-key.cpp b/src/lib/pgp-key.cpp index 51e2b0da0..3326165e8 100644 --- a/src/lib/pgp-key.cpp +++ b/src/lib/pgp-key.cpp @@ -1242,20 +1242,24 @@ pgp_key_t::is_pqc_alg() const FALLTHROUGH_STATEMENT; case PGP_PKA_KYBER768_P256: FALLTHROUGH_STATEMENT; - case PGP_PKA_KYBER1024_P384: - FALLTHROUGH_STATEMENT; case PGP_PKA_KYBER768_BP256: FALLTHROUGH_STATEMENT; + case PGP_PKA_KYBER1024_X448: + FALLTHROUGH_STATEMENT; + case PGP_PKA_KYBER1024_P384: + FALLTHROUGH_STATEMENT; case PGP_PKA_KYBER1024_BP384: FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM3_ED25519: FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM3_P256: FALLTHROUGH_STATEMENT; - case PGP_PKA_DILITHIUM5_P384: - FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM3_BP256: FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM5_ED448: + FALLTHROUGH_STATEMENT; + case PGP_PKA_DILITHIUM5_P384: + FALLTHROUGH_STATEMENT; case PGP_PKA_DILITHIUM5_BP384: FALLTHROUGH_STATEMENT; case PGP_PKA_SPHINCSPLUS_SHAKE_128f: diff --git a/src/librepgp/stream-dump.cpp b/src/librepgp/stream-dump.cpp index b2b35d95a..5b1e2bedf 100644 --- a/src/librepgp/stream-dump.cpp +++ b/src/librepgp/stream-dump.cpp @@ -1246,6 +1246,11 @@ stream_dump_pk_session_key(rnp_dump_ctx_t *ctx, pgp_source_t *src, pgp_dest_t *d dst_print_vec( dst, "x25519 encrypted session key", material.x25519.enc_sess_key, ctx->dump_mpi); break; + case PGP_PKA_X448: + dst_print_vec(dst, "x448 ephemeral public key", material.x448.eph_key, ctx->dump_mpi); + dst_print_vec( + dst, "x448 encrypted session key", material.x448.enc_sess_key, ctx->dump_mpi); + break; #endif #if defined(ENABLE_PQC) case PGP_PKA_KYBER768_X25519: diff --git a/src/librepgp/stream-parse.cpp b/src/librepgp/stream-parse.cpp index bd40c17a6..b0665042b 100644 --- a/src/librepgp/stream-parse.cpp +++ b/src/librepgp/stream-parse.cpp @@ -1589,6 +1589,8 @@ do_enforce_aes_v3pkesk(pgp_pubkey_alg_t alg) #endif case PGP_PKA_X25519: return true; + case PGP_PKA_X448: + return true; default: return false; } diff --git a/src/tests/ffi-enc.cpp b/src/tests/ffi-enc.cpp index 1afaeef77..135cfd356 100644 --- a/src/tests/ffi-enc.cpp +++ b/src/tests/ffi-enc.cpp @@ -836,12 +836,13 @@ TEST_F(rnp_tests, test_ffi_pqc_gen_enc_sign) std::vector> primary_sub = { {"ML-DSA-65+ED25519", "ML-KEM-768+X25519"}, {"ML-DSA-65+ECDSA-P256", "ML-KEM-768+ECDH-P256"}, + {"ML-DSA-87+ED448", "ML-KEM-1024+X448"}, {"ML-DSA-87+ECDSA-P384", "ML-KEM-1024+ECDH-P384"}, {"ML-DSA-65+ECDSA-BP256", "ML-KEM-768+ECDH-BP256"}, {"ML-DSA-87+ECDSA-BP384", "ML-KEM-1024+ECDH-BP384"}, {"SLH-DSA-SHAKE-128f", "ML-KEM-768+X25519"}, {"SLH-DSA-SHAKE-128s", "ML-KEM-768+X25519"}, - {"SLH-DSA-SHAKE-256s", "ML-KEM-768+X25519"}}; + {"SLH-DSA-SHAKE-256s", "ML-KEM-1024+X448"}}; for (auto pk_algs : primary_sub) { rnp_ffi_t ffi = NULL; rnp_key_handle_t key = NULL;