Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-11-24 06:25:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Specify hash algorithm to use for PQC signing

Browse Source
This commit is contained in:
Daniel Huigens 2024-11-05 19:48:30 +01:00
parent 151ae75959
commit 9e5779d150
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/crypto/crypto.js
View File

@ -698,5 +698,13 @@ export function getPreferredCurveHashAlgo(algo, oid) {
} }
} }
export function getPQCHashAlgo(algo) {
switch (algo) {
case enums.publicKey.pqc_mldsa_ed25519:
return enums.hash.sha3_256;
default:
throw new Error('Unknown PQC signing algo');
}
}
export { getCipherParams }; export { getCipherParams };

10
src/key/helper.js
View File

@ -115,6 +115,15 @@ export async function createBindingSignature(subkey, primaryKey, options, config
* @async * @async
*/ */
export async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) { export async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date = new Date(), targetUserIDs = [], config) {
const pqcAlgos = new Set([
enums.publicKey.pqc_mldsa_ed25519
]);
if (pqcAlgos.has(signingKeyPacket.algorithm)) {
// For PQC, the returned hash algo MUST be set to the specified algorithm, see
// https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc#section-5.2.1.
return crypto.getPQCHashAlgo(signingKeyPacket.algorithm);
}
/** /**
* If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the * If `preferredSenderAlgo` appears in the prefs of all recipients, we pick it; otherwise, we use the
* strongest supported algo (`defaultAlgo` is always implicitly supported by all keys). * strongest supported algo (`defaultAlgo` is always implicitly supported by all keys).
@ -161,7 +170,6 @@ export async function getPreferredHashAlgo(targetKeys, signingKeyPacket, date =
enums.publicKey.ed25519, enums.publicKey.ed25519,
enums.publicKey.ed448 enums.publicKey.ed448
]); ]);
if (eccAlgos.has(signingKeyPacket.algorithm)) { if (eccAlgos.has(signingKeyPacket.algorithm)) {
// For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see: // For ECC, the returned hash algo MUST be at least as strong as `preferredCurveHashAlgo`, see:
// - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5 // - ECDSA: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.2-5