fix some stuff after rebase

Author: TJ-91

src/lib/crypto/hash_common.cpp

@@ -38,6 +38,7 @@
 #include "hash_crc24.hpp"
 #endif
 #include <set>
+#include <iterator>
 
 static const struct hash_alg_map_t {
     pgp_hash_alg_t type;

src/lib/generate-key.cpp

@@ -178,6 +178,8 @@ adjust_hash_alg(rnp_keygen_crypto_params_t &crypto)
         case PGP_PKA_SPHINCSPLUS_SHAKE_128s:
             crypto.hash_alg = PGP_HASH_SHA3_256;
             break;
+        case PGP_PKA_DILITHIUM5_ED448:
+            FALLTHROUGH_STATEMENT;
         case PGP_PKA_DILITHIUM5_BP384:
             FALLTHROUGH_STATEMENT;
         case PGP_PKA_DILITHIUM5_P384:
@@ -461,9 +463,11 @@ keygen_primary_merge_defaults(rnp_keygen_primary_desc_t &desc)
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM3_P256:
         FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM3_BP256:
+        FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM5_P384:
         FALLTHROUGH_STATEMENT;
-    case PGP_PKA_DILITHIUM3_BP256:
+    case PGP_PKA_DILITHIUM5_Ed448:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM5_BP384:
         FALLTHROUGH_STATEMENT;

src/lib/key_material.cpp

@@ -152,6 +152,10 @@ KeyParams::create(pgp_pubkey_alg_t alg)
         return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_ED25519));
     case PGP_PKA_X25519:
         return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_25519));
+    case PGP_PKA_ED448:
+        return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_ED448));
+    case PGP_PKA_X448:
+        return std::unique_ptr<KeyParams>(new ECCKeyParams(PGP_CURVE_448));
 #endif
     case PGP_PKA_DSA:
         return std::unique_ptr<KeyParams>(new DSAKeyParams());
@@ -161,7 +165,8 @@ KeyParams::create(pgp_pubkey_alg_t alg)
 #if defined(ENABLE_PQC)
     case PGP_PKA_KYBER768_X25519:
         FALLTHROUGH_STATEMENT;
-    // TODO add case PGP_PKA_KYBER1024_X448: FALLTHROUGH_STATEMENT;
+    case PGP_PKA_KYBER1024_X448:
+        FALLTHROUGH_STATEMENT;
     case PGP_PKA_KYBER768_P256:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_KYBER1024_P384:
@@ -172,7 +177,8 @@ KeyParams::create(pgp_pubkey_alg_t alg)
         return std::unique_ptr<KeyParams>(new MlkemEcdhKeyParams(alg));
     case PGP_PKA_DILITHIUM3_ED25519:
         FALLTHROUGH_STATEMENT;
-    // TODO: add case PGP_PKA_DILITHIUM5_ED448: FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM5_ED448:
+        FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM3_P256:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM5_P384:
@@ -409,6 +415,10 @@ KeyMaterial::create(pgp_pubkey_alg_t alg)
         return std::unique_ptr<KeyMaterial>(new Ed25519KeyMaterial());
     case PGP_PKA_X25519:
         return std::unique_ptr<KeyMaterial>(new X25519KeyMaterial());
+    case PGP_PKA_ED448:
+        return std::unique_ptr<KeyMaterial>(new Ed448KeyMaterial());
+    case PGP_PKA_X448:
+        return std::unique_ptr<KeyMaterial>(new X448KeyMaterial());
 #endif
     case PGP_PKA_SM2:
         return std::unique_ptr<KeyMaterial>(new SM2KeyMaterial());
@@ -2239,7 +2249,6 @@ SlhdsaKeyMaterial::write_secret(pgp_packet_body_t &pkt) const
 bool
 SlhdsaKeyMaterial::generate(rnp::SecurityContext &ctx, const KeyParams &params)
 {
-    auto &slhdsa = dynamic_cast<const SlhdsaKeyParams &>(params);
     if (pgp_sphincsplus_generate(&ctx.rng, &key_, alg_)) {
         RNP_LOG("failed to generate SLH-DSA key for PK alg %d", alg_);
         return false;

src/lib/key_material.hpp

@@ -550,7 +550,7 @@ class Ed448KeyMaterial : public KeyMaterial {
     bool         parse_secret(pgp_packet_body_t &pkt) noexcept override;
     void         write(pgp_packet_body_t &pkt) const override;
     void         write_secret(pgp_packet_body_t &pkt) const override;
-   bool         generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
+    bool         generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
     rnp_result_t verify(const rnp::SecurityContext &       ctx,
                         const pgp_signature_material_t &   sig,
                         const rnp::secure_vector<uint8_t> &hash) const override;

src/lib/keygen.cpp

@@ -42,6 +42,39 @@ KeygenParams::check_defaults() noexcept
     if (hash_ == PGP_HASH_UNKNOWN) {
         hash_ = alg_ == PGP_PKA_SM2 ? PGP_HASH_SM3 : DEFAULT_PGP_HASH_ALG;
     }
+#if defined(ENABLE_PQC)
+    // ensure PQC key hash binding
+    switch (alg_) {
+    case PGP_PKA_DILITHIUM3_ED25519:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM5_ED448:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM3_P256:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM5_P384:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM3_BP256:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM5_BP384:
+        if (!dilithium_hash_allowed(alg_, hash_)) {
+            hash_ = dilithium_default_hash_alg(alg_);
+        }
+        break;
+
+    case PGP_PKA_SPHINCSPLUS_SHAKE_128f:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_SPHINCSPLUS_SHAKE_128s:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_SPHINCSPLUS_SHAKE_256s:
+        if (!sphincsplus_hash_allowed(alg_, hash_)) {
+            hash_ = sphincsplus_default_hash_alg(alg_);
+        }
+        break;
+    default:
+        break;
+    }
+#endif
+
     pgp_hash_alg_t min_hash = key_params_->min_hash();
     if (Hash::size(hash_) < Hash::size(min_hash)) {
         hash_ = min_hash;
@@ -66,15 +99,16 @@ KeygenParams::validate() const noexcept
         break;
     case PGP_PKA_DILITHIUM3_ED25519:
         FALLTHROUGH_STATEMENT;
-    // TODO: add case PGP_PKA_DILITHIUM5_ED448: FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM5_ED448:
+        FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM3_P256:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM5_P384:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM3_BP256:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM5_BP384:
-        if (!dilithium_hash_allowed(hash())) {
+        if (!dilithium_hash_allowed(alg(), hash())) {
             RNP_LOG("invalid hash algorithm for the dilithium key");
             return false;
         }
@@ -132,37 +166,38 @@ KeygenParams::validate(const BindingParams &binding) const noexcept
     return validate();
 }
 
-static const id_str_pair pubkey_alg_map[] = {{PGP_PKA_RSA, "RSA (Encrypt or Sign)"},
-                                             {PGP_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"},
-                                             {PGP_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"},
-                                             {PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"},
-                                             {PGP_PKA_DSA, "DSA"},
-                                             {PGP_PKA_ECDH, "ECDH"},
-                                             {PGP_PKA_ECDSA, "ECDSA"},
-                                             {PGP_PKA_EDDSA, "EdDSA"},
-                                             {PGP_PKA_SM2, "SM2"},
+static const id_str_pair pubkey_alg_map[] = {
+  {PGP_PKA_RSA, "RSA (Encrypt or Sign)"},
+  {PGP_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"},
+  {PGP_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"},
+  {PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"},
+  {PGP_PKA_DSA, "DSA"},
+  {PGP_PKA_ECDH, "ECDH"},
+  {PGP_PKA_ECDSA, "ECDSA"},
+  {PGP_PKA_EDDSA, "EdDSA"},
+  {PGP_PKA_SM2, "SM2"},
 #if defined(ENABLE_CRYPTO_REFRESH)
-                                             {PGP_PKA_ED25519, "ED25519"},
-                                             {PGP_PKA_X25519, "X25519"},
+  {PGP_PKA_ED25519, "ED25519"},
+  {PGP_PKA_X25519, "X25519"},
 #endif
 #if defined(ENABLE_PQC)
-                                             {PGP_PKA_KYBER768_X25519, "ML-KEM-768_X25519"},
-                                             //{PGP_PKA_KYBER1024_X448, "Kyber-X448"},
-                                             {PGP_PKA_KYBER768_P256, "ML-KEM-768_P256"},
-                                             {PGP_PKA_KYBER1024_P384, "ML-KEM-1024_P384"},
-                                             {PGP_PKA_KYBER768_BP256, "ML-KEM-768_BP256"},
-                                             {PGP_PKA_KYBER1024_BP384, "ML-KEM-1024_BP384"},
-                                             {PGP_PKA_DILITHIUM3_ED25519, "ML-DSA-65_ED25519"},
-                                             //{PGP_PKA_DILITHIUM5_ED448, "Dilithium-ED448"},
-                                             {PGP_PKA_DILITHIUM3_P256, "ML-DSA-65_P256"},
-                                             {PGP_PKA_DILITHIUM5_P384, "ML-DSA-87_P384"},
-                                             {PGP_PKA_DILITHIUM3_BP256, "ML-DSA-65_BP256"},
-                                             {PGP_PKA_DILITHIUM5_BP384, "ML-DSA-87_BP384"},
-                                             {PGP_PKA_SPHINCSPLUS_SHAKE_128f, "SLH-DSA-SHAKE-128f"},
-                                             {PGP_PKA_SPHINCSPLUS_SHAKE_128s, "SLH-DSA-SHAKE-128s"},
-                                             {PGP_PKA_SPHINCSPLUS_SHAKE_256s, "SLH-DSA-SHAKE-256s"},
+  {PGP_PKA_KYBER768_X25519, "ML-KEM-768_X25519"},
+  //{PGP_PKA_KYBER1024_X448, "Kyber-X448"},
+  {PGP_PKA_KYBER768_P256, "ML-KEM-768_P256"},
+  {PGP_PKA_KYBER1024_P384, "ML-KEM-1024_P384"},
+  {PGP_PKA_KYBER768_BP256, "ML-KEM-768_BP256"},
+  {PGP_PKA_KYBER1024_BP384, "ML-KEM-1024_BP384"},
+  {PGP_PKA_DILITHIUM3_ED25519, "ML-DSA-65_ED25519"},
+  //{PGP_PKA_DILITHIUM5_ED448, "Dilithium-ED448"},
+  {PGP_PKA_DILITHIUM3_P256, "ML-DSA-65_P256"},
+  {PGP_PKA_DILITHIUM5_P384, "ML-DSA-87_P384"},
+  {PGP_PKA_DILITHIUM3_BP256, "ML-DSA-65_BP256"},
+  {PGP_PKA_DILITHIUM5_BP384, "ML-DSA-87_BP384"},
+  {PGP_PKA_SPHINCSPLUS_SHAKE_128f, "SLH-DSA-SHAKE-128f"},
+  {PGP_PKA_SPHINCSPLUS_SHAKE_128s, "SLH-DSA-SHAKE-128s"},
+  {PGP_PKA_SPHINCSPLUS_SHAKE_256s, "SLH-DSA-SHAKE-256s"},
 #endif
-                                             {0, NULL}};
+  {0, NULL}};
 
 bool
 KeygenParams::generate(pgp_key_pkt_t &seckey, bool primary)

src/lib/pgp-key.cpp

@@ -1242,20 +1242,24 @@ pgp_key_t::is_pqc_alg() const
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_KYBER768_P256:
         FALLTHROUGH_STATEMENT;
-    case PGP_PKA_KYBER1024_P384:
-        FALLTHROUGH_STATEMENT;
     case PGP_PKA_KYBER768_BP256:
         FALLTHROUGH_STATEMENT;
+    case PGP_PKA_KYBER1024_X448:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_KYBER1024_P384:
+        FALLTHROUGH_STATEMENT;
     case PGP_PKA_KYBER1024_BP384:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM3_ED25519:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM3_P256:
         FALLTHROUGH_STATEMENT;
-    case PGP_PKA_DILITHIUM5_P384:
-        FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM3_BP256:
         FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM5_ED448:
+        FALLTHROUGH_STATEMENT;
+    case PGP_PKA_DILITHIUM5_P384:
+        FALLTHROUGH_STATEMENT;
     case PGP_PKA_DILITHIUM5_BP384:
         FALLTHROUGH_STATEMENT;
     case PGP_PKA_SPHINCSPLUS_SHAKE_128f:

src/librepgp/stream-dump.cpp

@@ -1246,6 +1246,11 @@ stream_dump_pk_session_key(rnp_dump_ctx_t *ctx, pgp_source_t *src, pgp_dest_t *d
         dst_print_vec(
           dst, "x25519 encrypted session key", material.x25519.enc_sess_key, ctx->dump_mpi);
         break;
+    case PGP_PKA_X448:
+        dst_print_vec(dst, "x448 ephemeral public key", material.x448.eph_key, ctx->dump_mpi);
+        dst_print_vec(
+          dst, "x448 encrypted session key", material.x448.enc_sess_key, ctx->dump_mpi);
+        break;
 #endif
 #if defined(ENABLE_PQC)
     case PGP_PKA_KYBER768_X25519:

src/librepgp/stream-parse.cpp

@@ -1589,6 +1589,8 @@ do_enforce_aes_v3pkesk(pgp_pubkey_alg_t alg)
 #endif
     case PGP_PKA_X25519:
         return true;
+    case PGP_PKA_X448:
+        return true;
     default:
         return false;
     }

src/tests/ffi-enc.cpp

@@ -836,12 +836,13 @@ TEST_F(rnp_tests, test_ffi_pqc_gen_enc_sign)
     std::vector<std::pair<std::string, std::string>> primary_sub = {
       {"ML-DSA-65+ED25519", "ML-KEM-768+X25519"},
       {"ML-DSA-65+ECDSA-P256", "ML-KEM-768+ECDH-P256"},
+      {"ML-DSA-87+ED448", "ML-KEM-1024+X448"},
       {"ML-DSA-87+ECDSA-P384", "ML-KEM-1024+ECDH-P384"},
       {"ML-DSA-65+ECDSA-BP256", "ML-KEM-768+ECDH-BP256"},
       {"ML-DSA-87+ECDSA-BP384", "ML-KEM-1024+ECDH-BP384"},
       {"SLH-DSA-SHAKE-128f", "ML-KEM-768+X25519"},
       {"SLH-DSA-SHAKE-128s", "ML-KEM-768+X25519"},
-      {"SLH-DSA-SHAKE-256s", "ML-KEM-768+X25519"}};
+      {"SLH-DSA-SHAKE-256s", "ML-KEM-1024+X448"}};
     for (auto pk_algs : primary_sub) {
         rnp_ffi_t        ffi = NULL;
         rnp_key_handle_t key = NULL;