1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

10482 Commits

Author SHA1 Message Date
Werner Koch
2e4b1f7850
tpm: Do not use fprintf for logging.
* tpm2d/intel-tss.h (TSS_Create): Replace fprintf logging by
log_error.
2024-05-28 11:52:04 +02:00
Werner Koch
610a452bb5
scd:openpgp: Add new vendor.
--
2024-05-22 10:47:45 +02:00
Werner Koch
cdc798db5c
tools: Fix help output for gpg-authcode-sign.sh
--
2024-05-22 10:45:49 +02:00
Werner Koch
287e717b55
Merge branch 'STABLE-BRANCH-2-4' into master
--
Fixed conflicts in:
	NEWS
	g10/call-agent.c
	g10/options.h
	kbx/kbxutil.c
	tools/gpgconf.c
2024-05-16 09:46:36 +02:00
Werner Koch
5355d08855
card: Fix compiler warning.
* tools/gpg-card.h (opt): Make gpg_program, gpgsm_program, and
agent_program const.
2024-05-16 09:34:52 +02:00
Werner Koch
7f661aa129
kbx: Use standard function to setup gcrypt logging in kbxutil.
* kbx/kbxutil.c (main): Use setup_libgcrypt_logging.
(my_gcry_logger): Remove.
2024-05-16 09:34:46 +02:00
Werner Koch
758cd4ccfc
po: Enable Dutch translation
--

Although it is largely outdated, it does not harm too much.
GnuPG-bug-id: 7120
2024-05-16 09:24:14 +02:00
NIIBE Yutaka
6b2ebc36a9
scd:openpgp: Robust Data Object handling for constructed case.
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.

--

Cherry-pick master commit of:
	35ef87d8d9

GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:47 +09:00
NIIBE Yutaka
0eefa08295
gpg: Allow no CRC24 checksum in armor.
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.

--

Cherry-pick master commit of:
	3a344d6236

GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:39 +09:00
Werner Koch
3bbfcab606
Update NEWS
--
2024-05-15 12:31:33 +02:00
Werner Koch
b36e557c5b
gpg: Terminate key listing on output write error.
* g10/keylist.c (list_all): Handle error from list_keyblock.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock): Detect write error, print, and return it.
(list_keyblock_direct): Return error from list_keyblock.
* g10/import.c (import_one_real): Break on listing error.
--

Test by using
  gpg -k >/dev/full

GnuPG-bug-id: 6185
2024-05-15 09:56:40 +02:00
NIIBE Yutaka
e0543f97be
tpm2d: Use BYTE type to acces TPM2B object.
* tpm2d/tpm2.c (tpm2_SensitiveToDuplicate): Don't use the cast
of (TPM2B *).

--

While it works (since the actual access is done by the macros),
compiler may complain the alignment property of type BYTE * and TPM2B
object is different.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-15 15:27:20 +09:00
NIIBE Yutaka
0cb7f6fbb7
common: Remove unused function.
* common/exechelp-posix.c (my_error): Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-15 11:57:49 +09:00
NIIBE Yutaka
14534e72e1
dirmngr: Fix a call of calloc.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Fix arguments.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-14 15:48:45 +09:00
Werner Koch
351fc6e6fa
gpg: Algo "kyber" is now a shortcut for ky768_bp256.
* g10/keygen.c (parse_key_parameter_part): Change Kyber defaults.
--

Also kyber1024 is now a shortcut for ky1024_bp384.  This change is to
align it with the original wussler draft.
2024-05-06 10:47:01 +02:00
Werner Koch
473f37a53e
scd:piv: Support listing of retired keys with KEYINFO.
* scd/app-piv.c (data_objects): Mark returned key as having a keypair.
(do_with_keygrip): Check against encrusage and not used one tag.

* tools/gpg-card.c (piv_keyref_is_retired): New.
(list_all_kinfo): Pretty print retired keys.
--

This allows to list all existing retired keys without using separate
readkey commands.
2024-05-06 09:48:20 +02:00
Werner Koch
467239dccb
speedo: Update the instructions to use the gnupg26 tag.
--
2024-05-02 21:13:32 +02:00
Werner Koch
f415d96fac
gpg: Add a notation to Kyber encryption subkeys
* g10/keygen.c (struct opaque_data_usage_and_pk): New.
(do_add_notation): New.
(keygen_add_key_flags_from_oduap): New.
(write_keybinding): Prepare for de-vs cplimance notation.  Add a
notation to Kyber subkeys.
--

This code is based on the 2.2
commit b284412786
However the de-vs notation is currently ineffective as long as
Libgcrypt won't claim compliance.

The new notation fips203.ipd.2023-08-24 has been added to allow
detection of subkeys which have been crated with a pre-final FIPS203
spec for Kyber.
2024-05-02 21:11:55 +02:00
Werner Koch
516b530126
speedo: Change install directory for Windows
--

Given that we will build only 64 bit versions, we need to switch where
stuff is installed on Windows.
2024-04-26 15:17:49 +02:00
Werner Koch
c8a3b711f0
speedo: Do not use the gpg-error-config in the build system
--

With that installed we don't get proper suport for SYSROOT.
2024-04-26 15:17:49 +02:00
Werner Koch
c1d62418d5
speedo: Prepare for building 64 bit Windows versions.
--
2024-04-26 15:17:48 +02:00
Werner Koch
351f5e814b
speedo: Set gnupg_ver macro to gnupg26_ver.
--

Also fixed a syntax erro rin AUTHENTICODE_sign
2024-04-26 15:17:48 +02:00
NIIBE Yutaka
9128d81bb7
agent:kem:ecc: Support a key on smartcard.
* agent/agent.h (agent_card_ecc_kem): New.
* agent/divert-scd.c (agent_card_ecc_kem): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key): New.
(ecc_extract_sk_from_key): New.
(ecc_raw_kem, get_cardkey, ecc_get_curve): New.
(ecc_pgp_kem_decrypt): Support a key on smartcard for ECC.
(composite_pgp_kem_decrypt): Handle a case of a key on smartcard.
* common/sexputil.c (get_ecc_curve_from_key): New.
* common/util.h (get_ecc_curve_from_key): New.

--

GnuPG-bug-id: 7097
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 14:18:03 +09:00
Werner Koch
83e2dede0a
speedo: Use gpg-authcode-sign.sh and change archive label to v2.5.
--
2024-04-25 11:37:53 +02:00
Werner Koch
d3b41e7611
Install the new gpg-authcode-sign.sh script.
* tools/gpg-authcode-sign.sh: New.
* tools/Makefile.am (bin_SCRIPTS): Add that tool.
--

This script makes use of gpg anyway and thus it is best to have it
also installed with the gpg version used to cross-build our software.
The script was orginally developed for gpg4win.
2024-04-25 11:00:18 +02:00
NIIBE Yutaka
02b056ef77
agent:kem: Fix memory leaks.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info
memory.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:51:47 +09:00
NIIBE Yutaka
2593dcbceb
agent: Allow NULL for R_PADDING, when calling scd and tpm2d.
* agent/call-scd.c (padding_info_cb): Allow NULL.
(agent_card_pkdecrypt): Likewise.
* agent/divert-scd.c (divert_pkdecrypt): Likewise.
* agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Likewise.

--

It's for RSA PKCD#1 encoding if the decrypt operation removes padding
or not.  When caller knows it's not RSA, this information is no use
and it is better to allow NULL with the variable R_PADDING.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:13:04 +09:00
Werner Koch
2958e5e4cf
gpg: New option --require-pqc-encryption
* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--

GnuPG-bug-id: 6815
2024-04-24 09:57:07 +02:00
NIIBE Yutaka
a45243548e
agent:kem: Factor out ECC KEM operation from composite KEM.
* agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New.
(composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 15:08:41 +09:00
NIIBE Yutaka
d1f8caafb4
agent: Simplify diverting operation to the smartcard.
* agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 14:01:41 +09:00
Werner Koch
ab703eacf7
gpg: Split keygrip in a standard key listing.
* g10/keylist.c (print_keygrip): New.
(list_keyblock_print): Use new function to print the keygrip.
2024-04-23 20:12:57 +02:00
Werner Koch
dd650b2c7b
gpg: Support Kyber with Brainpool512r1.
* common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512.
* agent/pkdecrypt.c (ecc_table): Support bp512
* g10/pkglue.c (do_encrypt_kem): Ditto.

* tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384,
and bp512.
* tests/openpgp/privkeys: Add corresponding private keys.
* tests/openpgp/samplemsgs:  Add sample messages for those keys.
--

GnuPG-bug-id: 6815
2024-04-23 17:41:28 +02:00
Werner Koch
32ec480024
gpg: Support encryption with kyber_bp256 and kyber_bp384
* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384.
* g10/pkglue.c (do_encrypt_kem): Ditto.
--

GnuPG-bug-id: 6815

Note, this needs the very latest Libgcrypt to work properly
2024-04-23 16:25:05 +02:00
Werner Koch
54741685ce
Remove the deprecated gcry_set_log_handler.
* common/miscellaneous.c (my_gcry_logger): Remove.
(setup_libgcrypt_logging): Do not call the deprecated
gcry_set_log_handler.
* kbx/kbxutil.c (my_gcry_logger): Remove.
* tools/no-libgcrypt.c (gcry_set_log_handler): Remove stub.
2024-04-23 16:21:49 +02:00
Werner Koch
f325d3277e
tests: Add two Kyber sample keys and messages.
--

GnuPG-bug-id: 6815
2024-04-23 14:04:41 +02:00
Werner Koch
e591fd25ad
gpg: Support encryption with kyber_cv448.
* g10/pkglue.c (do_encrypt_kem): Support cv25519 w/o 0x40
prefix. Support X448.
(ECC_POINT_LEN_MAX): New.
(ECC_HASH_LEN_MAX): New.
* common/openpgp-oid.c (oidtable): Support X448 KEM.
--

This needs more work.  For example we should use a parameter table
like what we do in agent/pkdecrypt.c.

GnuPG-bug-id: 6815
2024-04-23 11:31:49 +02:00
Werner Koch
f305e703d5
Require Libgcrypt 1.11.0
* configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0
* agent/pkdecrypt.c (struct ecc_params): Move constants to the top.
--

It does not make anymore sense to allow building with older Libgcrypt
versions.  After all PQ key support is a major feature and for this we
need Libgcrypt.
2024-04-23 11:09:40 +02:00
NIIBE Yutaka
af98a3e5fa
agent:kem: More fix for PQC KEM with X448.
* agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field.
(ecc_table): Update.
(get_ecc_params): Use strcmp.
(composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 16:09:02 +09:00
NIIBE Yutaka
65833eefb2
agent:kem: Support other ML-KEM variants.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about
ML-KEM 512 and 1024.

--

Co-authored-by: Werner Koch <wk@gnupg.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 14:40:27 +09:00
NIIBE Yutaka
d5c6b52e59
agent:kem: Support other ECC curves.
* agent/pkdecrypt.c (ecc_table): New.
(get_ecc_params): New.
(composite_pgp_kem_decrypt): Support other curves.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 14:23:27 +09:00
Daniel Cerqueira
aa15272ba1
po: Update Portuguese Translation.
Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
2024-04-23 09:23:34 +09:00
Werner Koch
7728a179e0
tests: Avoid new C23 keyword true.
* tests/asschk.c (eval_boolean): s/true/tru/
--

GnuPG-bug-is: 7093
2024-04-22 08:05:28 +02:00
Werner Koch
f119444e64
tests: Avoid new C23 keyword true.
* tests/asschk.c (eval_boolean): s/true/tru/
--

GnuPG-bug-is: 7093
2024-04-22 08:04:27 +02:00
Werner Koch
ba3c873934
gpg: Prepare Kyber encryption code for more variants.
* common/openpgp-oid.c (oidtable): Add field kem_algo.
(openpgp_oid_to_kem_algo): New.
* g10/pkglue.c (do_encrypt_kem): Add support for Kyber1024.
--
GnuPG-bug-id: 6815
2024-04-18 14:37:40 +02:00
Werner Koch
2a0a706eb2
gpg: Mark disabled keys and add show-ownertrust list option.
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".

* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--

Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
2024-04-17 12:57:53 +02:00
Werner Koch
967678d972
gpg: New command --quick-set-ownertrust.
* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
2024-04-17 12:56:19 +02:00
Werner Koch
7d6ad28667
gpg: Mark disabled keys and add show-ownertrust list option.
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".

* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--

Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
2024-04-17 12:16:20 +02:00
Werner Koch
21f7ad563d
gpg: New command --quick-set-ownertrust.
* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
2024-04-17 11:42:20 +02:00
Werner Koch
2a71c3cf97
gpg: Make --with-subkey-fingerprint the default.
* g10/gpg.c (oWithoutSubkeyFingerprint): New.
(opts): Add "without-subkey-fingerprint".
(main): Make --with-subkey-fingerprint the default.  Implementation
the without option.
--

Given that the default for the keyid format is none, the subkey
fingerprints are important to do anything with a subkey.  Thus we make
the old option the default and provide a new option to revert it.
2024-04-16 18:31:29 +02:00
Werner Koch
4e32ff209d
gpg: Fix minor Kyber display things.
* common/compliance.c (gnupg_pk_is_compliant): Make Kyber known.
* g10/misc.c (openpgp_pk_algo_name): Add "Kyber".
2024-04-15 13:25:07 +02:00