1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.

* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--

GnuPG-bug-id: 6425
This commit is contained in:
Werner Koch 2024-11-22 16:46:15 +01:00
parent f0bca16ad3
commit bb6b38c240
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 25 additions and 1 deletions

View File

@ -79,7 +79,7 @@ pubkey_letter( int algo )
"ed25519" - EdDSA using the curve Ed25519. "ed25519" - EdDSA using the curve Ed25519.
"cv25519" - ECDH using the curve X25519. "cv25519" - ECDH using the curve X25519.
"ky768_cv448 - Kyber-768 with X448 as second algo. "ky768_cv448 - Kyber-768 with X448 as second algo.
"ky1025_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo. "ky1024_bp512 - Kyber-1024 with BrainpoolP256r1 as second algo.
"E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
"unknown_N" - Unknown OpenPGP algorithm N. "unknown_N" - Unknown OpenPGP algorithm N.
"E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID. "E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID.
@ -219,6 +219,23 @@ parse_one_algo_string (const char *str, size_t *pfxlen, unsigned int *number,
return result; return result;
} }
/* Return an extra algo strength offset to handle peculiarities like
* ed448 > ed25519. */
static size_t
extra_algo_strength_offset (const char *string)
{
if (!string || !*string)
return 0;
if (!ascii_strcasecmp (string, "ed448"))
return 50000; /* (ed)50448 is larger (ed)25519. */
if (!ascii_strcasecmp (string, "cv448"))
return 50000; /* (cv)50448 is larger (cv)25519. */
return 0;
}
/* Helper for compare_pubkey_string. If BPARSED is set to 0 on /* Helper for compare_pubkey_string. If BPARSED is set to 0 on
* return, an error in ASTR or BSTR was found and further checks are * return, an error in ASTR or BSTR was found and further checks are
* not possible. */ * not possible. */
@ -235,9 +252,11 @@ compare_pubkey_string_part (const char *astr, const char *bstr_arg,
astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition); astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition);
if (!astr) if (!astr)
return 0; /* Invalid algorithm name. */ return 0; /* Invalid algorithm name. */
anumber += extra_algo_strength_offset (astr);
bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition); bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition);
if (!bstr) if (!bstr)
return 0; /* Invalid algorithm name. */ return 0; /* Invalid algorithm name. */
bnumber += extra_algo_strength_offset (bstr);
*bparsed = blen + (bstr - bstr_arg); *bparsed = blen + (bstr - bstr_arg);
if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen)) if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen))
return 0; /* false. */ return 0; /* false. */

View File

@ -60,6 +60,11 @@ test_compare_pubkey_string (void)
{ "brainpoolP384r1", ">brainpoolp384r1" , 0 }, { "brainpoolP384r1", ">brainpoolp384r1" , 0 },
{ "brainpoolP384r1", ">=brainpoolp384r1", 1 }, { "brainpoolP384r1", ">=brainpoolp384r1", 1 },
{ "brainpoolP384r1", ">=brainpoolp384" , 1 }, { "brainpoolP384r1", ">=brainpoolp384" , 1 },
{ "ed25519", ">ed448", 0 },
{ "cv25519", ">cv448", 0 },
{ "ed448", ">ed25519", 1 },
{ "ed448", ">=ed25519", 1 },
{ "cv448", ">cv25519", 1 },
{ "", "", 0} { "", "", 0}
}; };
int idx; int idx;