diff options
| author | Werner Koch <wk@gnupg.org> | 2024-11-22 16:46:15 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2024-11-22 16:46:15 +0100 |
| commit | bb6b38c24010258c7cb2da840d0a088fe43393b3 (patch) | |
| tree | cc9efb89b1098c8daeb0990a8087c3b27290be15 | |
| parent | doc: Explain that qualified.txt is a legacy method. (diff) | |
| download | gnupg2-bb6b38c24010258c7cb2da840d0a088fe43393b3.tar.xz gnupg2-bb6b38c24010258c7cb2da840d0a088fe43393b3.zip | |
gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.
* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--
GnuPG-bug-id: 6425
| -rw-r--r-- | g10/keyid.c | 21 | ||||
| -rw-r--r-- | g10/t-keyid.c | 5 |
2 files changed, 25 insertions, 1 deletions
diff --git a/g10/keyid.c b/g10/keyid.c index fa1434c56..bdbe90b21 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -79,7 +79,7 @@ pubkey_letter( int algo ) "ed25519" - EdDSA using the curve Ed25519. "cv25519" - ECDH using the curve X25519. "ky768_cv448 - Kyber-768 with X448 as second algo. - "ky1025_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo. + "ky1024_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". "unknown_N" - Unknown OpenPGP algorithm N. "E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID. @@ -219,6 +219,23 @@ parse_one_algo_string (const char *str, size_t *pfxlen, unsigned int *number, return result; } + +/* Return an extra algo strength offset to handle peculiarities like + * ed448 > ed25519. */ +static size_t +extra_algo_strength_offset (const char *string) +{ + if (!string || !*string) + return 0; + if (!ascii_strcasecmp (string, "ed448")) + return 50000; /* (ed)50448 is larger (ed)25519. */ + if (!ascii_strcasecmp (string, "cv448")) + return 50000; /* (cv)50448 is larger (cv)25519. */ + return 0; +} + + + /* Helper for compare_pubkey_string. If BPARSED is set to 0 on * return, an error in ASTR or BSTR was found and further checks are * not possible. */ @@ -235,9 +252,11 @@ compare_pubkey_string_part (const char *astr, const char *bstr_arg, astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition); if (!astr) return 0; /* Invalid algorithm name. */ + anumber += extra_algo_strength_offset (astr); bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition); if (!bstr) return 0; /* Invalid algorithm name. */ + bnumber += extra_algo_strength_offset (bstr); *bparsed = blen + (bstr - bstr_arg); if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen)) return 0; /* false. */ diff --git a/g10/t-keyid.c b/g10/t-keyid.c index d42399027..b1ae9f691 100644 --- a/g10/t-keyid.c +++ b/g10/t-keyid.c @@ -60,6 +60,11 @@ test_compare_pubkey_string (void) { "brainpoolP384r1", ">brainpoolp384r1" , 0 }, { "brainpoolP384r1", ">=brainpoolp384r1", 1 }, { "brainpoolP384r1", ">=brainpoolp384" , 1 }, + { "ed25519", ">ed448", 0 }, + { "cv25519", ">cv448", 0 }, + { "ed448", ">ed25519", 1 }, + { "ed448", ">=ed25519", 1 }, + { "cv448", ">cv25519", 1 }, { "", "", 0} }; int idx; |