add check for PKESK v3 and XX25519 for AES; align pgp_key_t::curve() …

…and pgp_key_material_t::curve()
pqc-thunderbird · Jun 13, 2023 · 30b4688 · 30b4688
1 parent 94b468f
commit 30b4688
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 3 deletions.
diff --git a/src/lib/pgp-key.cpp b/src/lib/pgp-key.cpp
@@ -1184,6 +1184,12 @@ pgp_key_t::curve() const
     case PGP_PKA_EDDSA:
     case PGP_PKA_SM2:
         return pkt_.material.ec.curve;
+#if defined(ENABLE_CRYPTO_REFRESH)
+    case PGP_PKA_ED25519:
+        return PGP_CURVE_ED25519;
+    case PGP_PKA_X25519:
+        return PGP_CURVE_25519;
+#endif
     default:
         return PGP_CURVE_UNKNOWN;
     }
@@ -2779,7 +2785,7 @@ pgp_key_t::subkey_pkt_hash() const
 #endif
 
 pgp_curve_t
-pgp_key_material_t::get_curve() const
+pgp_key_material_t::curve() const
 {
     switch (alg) {
     case PGP_PKA_ECDH: [[fallthrough]];
@@ -2820,7 +2826,7 @@ pgp_key_material_t::bits() const
 #endif
     case PGP_PKA_SM2: {
     /* handle ecc cases */
-    const ec_curve_desc_t *curve_desc = get_curve_desc(get_curve());
+    const ec_curve_desc_t *curve_desc = get_curve_desc(curve());
     return curve_desc ? curve_desc->bitlen : 0;
     }
 #if defined(ENABLE_PQC)

diff --git a/src/lib/types.h b/src/lib/types.h
@@ -197,7 +197,7 @@ typedef struct pgp_key_material_t {
     pgp_dilithium_exdsa_key_t dilithium_exdsa; /* non-trivial type, cannot be in a union */
 #endif
 
-    pgp_curve_t get_curve() const; /* return curve for EC algorithms, PGP_CURVE_UNKNOWN otherwise */
+    pgp_curve_t curve() const; /* return curve for EC algorithms, PGP_CURVE_UNKNOWN otherwise */
     size_t bits() const;
     size_t qbits() const;
     void   validate(rnp::SecurityContext &ctx, bool reset = true);

diff --git a/src/librepgp/stream-parse.cpp b/src/librepgp/stream-parse.cpp
@@ -1507,6 +1507,18 @@ encrypted_try_key(pgp_source_encrypted_param_t *param,
         return false;
     }
 
+    /* Crypto Refresh: For X25519/X448 PKESKv3, AES is mandated */
+    if(sesskey->alg == PGP_PKA_X25519 && sesskey->version == PGP_PKSK_V3) {
+        switch(sesskey->salg) {
+            case PGP_SA_AES_128:
+            case PGP_SA_AES_192:
+            case PGP_SA_AES_256:
+                break;
+            default:
+                RNP_LOG("attempting to use X25519 and v3 PKESK in combination with a symmetric algorithm that is not AES.");
+                return false;
+        }
+    }
 #endif
 
     rnp::secure_array<uint8_t, PGP_MPINT_SIZE> decbuf;