mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.
* g10/keyid.c (extra_algo_strength_offset): New. (compare_pubkey_string_part): Use the mapping. -- GnuPG-bug-id: 6425
This commit is contained in:
parent
f0bca16ad3
commit
bb6b38c240
21
g10/keyid.c
21
g10/keyid.c
@ -79,7 +79,7 @@ pubkey_letter( int algo )
|
|||||||
"ed25519" - EdDSA using the curve Ed25519.
|
"ed25519" - EdDSA using the curve Ed25519.
|
||||||
"cv25519" - ECDH using the curve X25519.
|
"cv25519" - ECDH using the curve X25519.
|
||||||
"ky768_cv448 - Kyber-768 with X448 as second algo.
|
"ky768_cv448 - Kyber-768 with X448 as second algo.
|
||||||
"ky1025_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo.
|
"ky1024_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo.
|
||||||
"E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
|
"E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
|
||||||
"unknown_N" - Unknown OpenPGP algorithm N.
|
"unknown_N" - Unknown OpenPGP algorithm N.
|
||||||
"E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID.
|
"E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID.
|
||||||
@ -219,6 +219,23 @@ parse_one_algo_string (const char *str, size_t *pfxlen, unsigned int *number,
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return an extra algo strength offset to handle peculiarities like
|
||||||
|
* ed448 > ed25519. */
|
||||||
|
static size_t
|
||||||
|
extra_algo_strength_offset (const char *string)
|
||||||
|
{
|
||||||
|
if (!string || !*string)
|
||||||
|
return 0;
|
||||||
|
if (!ascii_strcasecmp (string, "ed448"))
|
||||||
|
return 50000; /* (ed)50448 is larger (ed)25519. */
|
||||||
|
if (!ascii_strcasecmp (string, "cv448"))
|
||||||
|
return 50000; /* (cv)50448 is larger (cv)25519. */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Helper for compare_pubkey_string. If BPARSED is set to 0 on
|
/* Helper for compare_pubkey_string. If BPARSED is set to 0 on
|
||||||
* return, an error in ASTR or BSTR was found and further checks are
|
* return, an error in ASTR or BSTR was found and further checks are
|
||||||
* not possible. */
|
* not possible. */
|
||||||
@ -235,9 +252,11 @@ compare_pubkey_string_part (const char *astr, const char *bstr_arg,
|
|||||||
astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition);
|
astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition);
|
||||||
if (!astr)
|
if (!astr)
|
||||||
return 0; /* Invalid algorithm name. */
|
return 0; /* Invalid algorithm name. */
|
||||||
|
anumber += extra_algo_strength_offset (astr);
|
||||||
bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition);
|
bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition);
|
||||||
if (!bstr)
|
if (!bstr)
|
||||||
return 0; /* Invalid algorithm name. */
|
return 0; /* Invalid algorithm name. */
|
||||||
|
bnumber += extra_algo_strength_offset (bstr);
|
||||||
*bparsed = blen + (bstr - bstr_arg);
|
*bparsed = blen + (bstr - bstr_arg);
|
||||||
if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen))
|
if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen))
|
||||||
return 0; /* false. */
|
return 0; /* false. */
|
||||||
|
@ -60,6 +60,11 @@ test_compare_pubkey_string (void)
|
|||||||
{ "brainpoolP384r1", ">brainpoolp384r1" , 0 },
|
{ "brainpoolP384r1", ">brainpoolp384r1" , 0 },
|
||||||
{ "brainpoolP384r1", ">=brainpoolp384r1", 1 },
|
{ "brainpoolP384r1", ">=brainpoolp384r1", 1 },
|
||||||
{ "brainpoolP384r1", ">=brainpoolp384" , 1 },
|
{ "brainpoolP384r1", ">=brainpoolp384" , 1 },
|
||||||
|
{ "ed25519", ">ed448", 0 },
|
||||||
|
{ "cv25519", ">cv448", 0 },
|
||||||
|
{ "ed448", ">ed25519", 1 },
|
||||||
|
{ "ed448", ">=ed25519", 1 },
|
||||||
|
{ "cv448", ">cv25519", 1 },
|
||||||
{ "", "", 0}
|
{ "", "", 0}
|
||||||
};
|
};
|
||||||
int idx;
|
int idx;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user