From e5f450f3bb83f80c37cbc6cc9bbe19cbd3359eba Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 14 Nov 2024 15:15:11 +0100 Subject: [PATCH] gpg: Consider Kyber to be de-vs compliant. * common/compliance.c (gnupg_pk_is_compliant) : Consider Brainpool Kyber variants compliant. (gnupg_pk_is_allowed): Ditto. (assumed_de_vs_compliance): Remove variable. (get_assumed_de_vs_compliance): New. (get_compliance_cache): Use new accessor. (gnupg_status_compliance_flag): Ditto. -- Use GNUPG_ASSUME_COMPLIANCE=de-vs gpg --compliance=de-vs .... for testing. This returns 2023 instead of 23 to indicate the non-approval state. GnuPG-bug-id: 6638 --- common/compliance.c | 74 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 61 insertions(+), 13 deletions(-) diff --git a/common/compliance.c b/common/compliance.c index 997cc37cc..f37f5a013 100644 --- a/common/compliance.c +++ b/common/compliance.c @@ -41,15 +41,31 @@ static int initialized; static int module; -/* The next variable and the code in get_compliance_cache should be - * removed after the software suite has been approved. */ -static int assumed_de_vs_compliance = -1; - /* This value is used by DSA and RSA checks in addition to the hard * coded length checks. It allows one to increase the required key length * using a config file. */ static unsigned int min_compliant_rsa_length; + +/* Kludge to allow testing of the compliance options while not yet + * approved. */ +static int +get_assumed_de_vs_compliance (void) +{ +#if 0 /* Set to 1 if the software suite has been approved. */ + return 0; +#else + static int value = -1; + + if (value == -1) + { + const char *s = getenv ("GNUPG_ASSUME_COMPLIANCE"); + value = (s && !strcmp (s, "de-vs")); + } + return value > 0; +#endif +} + /* Return the address of a compliance cache variable for COMPLIANCE. * If no such variable exists NULL is returned. FOR_RNG returns the * cache variable for the RNG compliance check. */ @@ -75,15 +91,9 @@ get_compliance_cache (enum gnupg_compliance_mode compliance, int for_rng) case CO_DE_VS: ptr = for_rng? &r_de_vs : &s_de_vs ; break; } - /* Remove this code after approval. */ if (ptr && compliance == CO_DE_VS) { - if (assumed_de_vs_compliance == -1) - { - const char *s = getenv ("GNUPG_ASSUME_COMPLIANCE"); - assumed_de_vs_compliance = (s && !strcmp (s, "de-vs")); - } - if (assumed_de_vs_compliance) + if (get_assumed_de_vs_compliance ()) *ptr = 1; } @@ -250,7 +260,20 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo, break; case is_kem: - result = 0; + if (!curvename && key) + { + curve = openpgp_oid_to_str (key[0]); + curvename = openpgp_oid_to_curve (curve, 0); + if (!curvename) + curvename = curve; + } + + result = (curvename + && (keylength == 768 || keylength == 1024) + && (algo == PUBKEY_ALGO_KYBER) + && (!strcmp (curvename, "brainpoolP256r1") + || !strcmp (curvename, "brainpoolP384r1") + || !strcmp (curvename, "brainpoolP512r1"))); break; default: @@ -391,6 +414,31 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, result = 0; break; + case PUBKEY_ALGO_KYBER: + if (use == PK_USE_DECRYPTION) + result = 1; + else if (use == PK_USE_ENCRYPTION) + { + char *curve = NULL; + + if (!curvename && key) + { + curve = openpgp_oid_to_str (key[0]); + curvename = openpgp_oid_to_curve (curve, 0); + if (!curvename) + curvename = curve; + } + + result = (curvename + && (keylength == 768 || keylength == 1024) + && (!strcmp (curvename, "brainpoolP256r1") + || !strcmp (curvename, "brainpoolP384r1") + || !strcmp (curvename, "brainpoolP512r1"))); + + xfree (curve); + } + break; + default: break; } @@ -685,7 +733,7 @@ gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance) case CO_PGP8: log_assert (!"no status code assigned for this compliance mode"); case CO_DE_VS: - return assumed_de_vs_compliance > 0 ? "2023" : "23"; + return get_assumed_de_vs_compliance ()? "2023" : "23"; } log_assert (!"invalid compliance mode"); }