From bb6b38c24010258c7cb2da840d0a088fe43393b3 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 22 Nov 2024 16:46:15 +0100
Subject: [PATCH] gpg: Fix comparing ed448 vs ed25519 with
 --assert-pubkey-algo.

* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--

GnuPG-bug-id: 6425
---
 g10/keyid.c   | 21 ++++++++++++++++++++-
 g10/t-keyid.c |  5 +++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/g10/keyid.c b/g10/keyid.c
index fa1434c56..bdbe90b21 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -79,7 +79,7 @@ pubkey_letter( int algo )
    "ed25519"     - EdDSA using the curve Ed25519.
    "cv25519"     - ECDH using the curve X25519.
    "ky768_cv448  - Kyber-768 with X448 as second algo.
-   "ky1025_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo.
+   "ky1024_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo.
    "E_1.2.3.4"   - ECC using the unsupported curve with OID "1.2.3.4".
    "unknown_N"   - Unknown OpenPGP algorithm N.
    "E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID.
@@ -219,6 +219,23 @@ parse_one_algo_string (const char *str, size_t *pfxlen, unsigned int *number,
   return result;
 }
 
+
+/* Return an extra algo strength offset to handle peculiarities like
+ * ed448 > ed25519.  */
+static size_t
+extra_algo_strength_offset (const char *string)
+{
+  if (!string || !*string)
+    return 0;
+  if (!ascii_strcasecmp (string, "ed448"))
+    return 50000; /* (ed)50448 is larger (ed)25519.  */
+  if (!ascii_strcasecmp (string, "cv448"))
+    return 50000; /* (cv)50448 is larger (cv)25519.  */
+  return 0;
+}
+
+
+
 /* Helper for compare_pubkey_string.  If BPARSED is set to 0 on
  * return, an error in ASTR or BSTR was found and further checks are
  * not possible.  */
@@ -235,9 +252,11 @@ compare_pubkey_string_part (const char *astr, const char *bstr_arg,
   astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition);
   if (!astr)
     return 0;  /* Invalid algorithm name.  */
+  anumber += extra_algo_strength_offset (astr);
   bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition);
   if (!bstr)
     return 0;  /* Invalid algorithm name.  */
+  bnumber += extra_algo_strength_offset (bstr);
   *bparsed = blen + (bstr - bstr_arg);
   if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen))
     return 0;  /* false.  */
diff --git a/g10/t-keyid.c b/g10/t-keyid.c
index d42399027..b1ae9f691 100644
--- a/g10/t-keyid.c
+++ b/g10/t-keyid.c
@@ -60,6 +60,11 @@ test_compare_pubkey_string (void)
     { "brainpoolP384r1", ">brainpoolp384r1" , 0 },
     { "brainpoolP384r1", ">=brainpoolp384r1", 1 },
     { "brainpoolP384r1", ">=brainpoolp384"  , 1 },
+    { "ed25519", ">ed448", 0 },
+    { "cv25519", ">cv448", 0 },
+    { "ed448", ">ed25519", 1 },
+    { "ed448", ">=ed25519", 1 },
+    { "cv448", ">cv25519", 1 },
     { "",  "", 0}
   };
   int idx;