1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10522 Commits

Author SHA1 Message Date
Werner Koch
b36e557c5b
gpg: Terminate key listing on output write error.
* g10/keylist.c (list_all): Handle error from list_keyblock.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock): Detect write error, print, and return it.
(list_keyblock_direct): Return error from list_keyblock.
* g10/import.c (import_one_real): Break on listing error.
--

Test by using
  gpg -k >/dev/full

GnuPG-bug-id: 6185
2024-05-15 09:56:40 +02:00
NIIBE Yutaka
e0543f97be
tpm2d: Use BYTE type to acces TPM2B object.
* tpm2d/tpm2.c (tpm2_SensitiveToDuplicate): Don't use the cast
of (TPM2B *).

--

While it works (since the actual access is done by the macros),
compiler may complain the alignment property of type BYTE * and TPM2B
object is different.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-15 15:27:20 +09:00
NIIBE Yutaka
0cb7f6fbb7
common: Remove unused function.
* common/exechelp-posix.c (my_error): Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-15 11:57:49 +09:00
NIIBE Yutaka
14534e72e1
dirmngr: Fix a call of calloc.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Fix arguments.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-14 15:48:45 +09:00
Werner Koch
351fc6e6fa
gpg: Algo "kyber" is now a shortcut for ky768_bp256.
* g10/keygen.c (parse_key_parameter_part): Change Kyber defaults.
--

Also kyber1024 is now a shortcut for ky1024_bp384.  This change is to
align it with the original wussler draft.
2024-05-06 10:47:01 +02:00
Werner Koch
473f37a53e
scd:piv: Support listing of retired keys with KEYINFO.
* scd/app-piv.c (data_objects): Mark returned key as having a keypair.
(do_with_keygrip): Check against encrusage and not used one tag.

* tools/gpg-card.c (piv_keyref_is_retired): New.
(list_all_kinfo): Pretty print retired keys.
--

This allows to list all existing retired keys without using separate
readkey commands.
2024-05-06 09:48:20 +02:00
Werner Koch
467239dccb
speedo: Update the instructions to use the gnupg26 tag.
--
2024-05-02 21:13:32 +02:00
Werner Koch
f415d96fac
gpg: Add a notation to Kyber encryption subkeys
* g10/keygen.c (struct opaque_data_usage_and_pk): New.
(do_add_notation): New.
(keygen_add_key_flags_from_oduap): New.
(write_keybinding): Prepare for de-vs cplimance notation.  Add a
notation to Kyber subkeys.
--

This code is based on the 2.2
commit b284412786d71c1cf382e1dff3a36ec6cce11556
However the de-vs notation is currently ineffective as long as
Libgcrypt won't claim compliance.

The new notation fips203.ipd.2023-08-24 has been added to allow
detection of subkeys which have been crated with a pre-final FIPS203
spec for Kyber.
2024-05-02 21:11:55 +02:00
Werner Koch
516b530126
speedo: Change install directory for Windows
--

Given that we will build only 64 bit versions, we need to switch where
stuff is installed on Windows.
2024-04-26 15:17:49 +02:00
Werner Koch
c8a3b711f0
speedo: Do not use the gpg-error-config in the build system
--

With that installed we don't get proper suport for SYSROOT.
2024-04-26 15:17:49 +02:00
Werner Koch
c1d62418d5
speedo: Prepare for building 64 bit Windows versions.
--
2024-04-26 15:17:48 +02:00
Werner Koch
351f5e814b
speedo: Set gnupg_ver macro to gnupg26_ver.
--

Also fixed a syntax erro rin AUTHENTICODE_sign
2024-04-26 15:17:48 +02:00
NIIBE Yutaka
9128d81bb7
agent:kem:ecc: Support a key on smartcard.
* agent/agent.h (agent_card_ecc_kem): New.
* agent/divert-scd.c (agent_card_ecc_kem): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key): New.
(ecc_extract_sk_from_key): New.
(ecc_raw_kem, get_cardkey, ecc_get_curve): New.
(ecc_pgp_kem_decrypt): Support a key on smartcard for ECC.
(composite_pgp_kem_decrypt): Handle a case of a key on smartcard.
* common/sexputil.c (get_ecc_curve_from_key): New.
* common/util.h (get_ecc_curve_from_key): New.

--

GnuPG-bug-id: 7097
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 14:18:03 +09:00
Werner Koch
83e2dede0a
speedo: Use gpg-authcode-sign.sh and change archive label to v2.5.
--
2024-04-25 11:37:53 +02:00
Werner Koch
d3b41e7611
Install the new gpg-authcode-sign.sh script.
* tools/gpg-authcode-sign.sh: New.
* tools/Makefile.am (bin_SCRIPTS): Add that tool.
--

This script makes use of gpg anyway and thus it is best to have it
also installed with the gpg version used to cross-build our software.
The script was orginally developed for gpg4win.
2024-04-25 11:00:18 +02:00
NIIBE Yutaka
02b056ef77
agent:kem: Fix memory leaks.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info
memory.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:51:47 +09:00
NIIBE Yutaka
2593dcbceb
agent: Allow NULL for R_PADDING, when calling scd and tpm2d.
* agent/call-scd.c (padding_info_cb): Allow NULL.
(agent_card_pkdecrypt): Likewise.
* agent/divert-scd.c (divert_pkdecrypt): Likewise.
* agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Likewise.

--

It's for RSA PKCD#1 encoding if the decrypt operation removes padding
or not.  When caller knows it's not RSA, this information is no use
and it is better to allow NULL with the variable R_PADDING.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:13:04 +09:00
Werner Koch
2958e5e4cf
gpg: New option --require-pqc-encryption
* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--

GnuPG-bug-id: 6815
2024-04-24 09:57:07 +02:00
NIIBE Yutaka
a45243548e
agent:kem: Factor out ECC KEM operation from composite KEM.
* agent/pkdecrypt.c (ecc_pgp_kem_decrypt): New.
(composite_pgp_kem_decrypt): Use ecc_pgp_kem_decrypt.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 15:08:41 +09:00
NIIBE Yutaka
d1f8caafb4
agent: Simplify diverting operation to the smartcard.
* agent/pkdecrypt.c (agent_pkdecrypt): Remove no_shadow_info variable.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-24 14:01:41 +09:00
Werner Koch
ab703eacf7
gpg: Split keygrip in a standard key listing.
* g10/keylist.c (print_keygrip): New.
(list_keyblock_print): Use new function to print the keygrip.
2024-04-23 20:12:57 +02:00
Werner Koch
dd650b2c7b
gpg: Support Kyber with Brainpool512r1.
* common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512.
* agent/pkdecrypt.c (ecc_table): Support bp512
* g10/pkglue.c (do_encrypt_kem): Ditto.

* tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384,
and bp512.
* tests/openpgp/privkeys: Add corresponding private keys.
* tests/openpgp/samplemsgs:  Add sample messages for those keys.
--

GnuPG-bug-id: 6815
2024-04-23 17:41:28 +02:00
Werner Koch
32ec480024
gpg: Support encryption with kyber_bp256 and kyber_bp384
* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384.
* g10/pkglue.c (do_encrypt_kem): Ditto.
--

GnuPG-bug-id: 6815

Note, this needs the very latest Libgcrypt to work properly
2024-04-23 16:25:05 +02:00
Werner Koch
54741685ce
Remove the deprecated gcry_set_log_handler.
* common/miscellaneous.c (my_gcry_logger): Remove.
(setup_libgcrypt_logging): Do not call the deprecated
gcry_set_log_handler.
* kbx/kbxutil.c (my_gcry_logger): Remove.
* tools/no-libgcrypt.c (gcry_set_log_handler): Remove stub.
2024-04-23 16:21:49 +02:00
Werner Koch
f325d3277e
tests: Add two Kyber sample keys and messages.
--

GnuPG-bug-id: 6815
2024-04-23 14:04:41 +02:00
Werner Koch
e591fd25ad
gpg: Support encryption with kyber_cv448.
* g10/pkglue.c (do_encrypt_kem): Support cv25519 w/o 0x40
prefix. Support X448.
(ECC_POINT_LEN_MAX): New.
(ECC_HASH_LEN_MAX): New.
* common/openpgp-oid.c (oidtable): Support X448 KEM.
--

This needs more work.  For example we should use a parameter table
like what we do in agent/pkdecrypt.c.

GnuPG-bug-id: 6815
2024-04-23 11:31:49 +02:00
Werner Koch
f305e703d5
Require Libgcrypt 1.11.0
* configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0
* agent/pkdecrypt.c (struct ecc_params): Move constants to the top.
--

It does not make anymore sense to allow building with older Libgcrypt
versions.  After all PQ key support is a major feature and for this we
need Libgcrypt.
2024-04-23 11:09:40 +02:00
NIIBE Yutaka
af98a3e5fa
agent:kem: More fix for PQC KEM with X448.
* agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field.
(ecc_table): Update.
(get_ecc_params): Use strcmp.
(composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 16:09:02 +09:00
NIIBE Yutaka
65833eefb2
agent:kem: Support other ML-KEM variants.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about
ML-KEM 512 and 1024.

--

Co-authored-by: Werner Koch <wk@gnupg.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 14:40:27 +09:00
NIIBE Yutaka
d5c6b52e59
agent:kem: Support other ECC curves.
* agent/pkdecrypt.c (ecc_table): New.
(get_ecc_params): New.
(composite_pgp_kem_decrypt): Support other curves.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-23 14:23:27 +09:00
Daniel Cerqueira
aa15272ba1
po: Update Portuguese Translation.
Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
2024-04-23 09:23:34 +09:00
Werner Koch
7728a179e0
tests: Avoid new C23 keyword true.
* tests/asschk.c (eval_boolean): s/true/tru/
--

GnuPG-bug-is: 7093
2024-04-22 08:05:28 +02:00
Werner Koch
f119444e64
tests: Avoid new C23 keyword true.
* tests/asschk.c (eval_boolean): s/true/tru/
--

GnuPG-bug-is: 7093
2024-04-22 08:04:27 +02:00
Werner Koch
ba3c873934
gpg: Prepare Kyber encryption code for more variants.
* common/openpgp-oid.c (oidtable): Add field kem_algo.
(openpgp_oid_to_kem_algo): New.
* g10/pkglue.c (do_encrypt_kem): Add support for Kyber1024.
--
GnuPG-bug-id: 6815
2024-04-18 14:37:40 +02:00
Werner Koch
2a0a706eb2
gpg: Mark disabled keys and add show-ownertrust list option.
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".

* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--

Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
2024-04-17 12:57:53 +02:00
Werner Koch
967678d972
gpg: New command --quick-set-ownertrust.
* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
2024-04-17 12:56:19 +02:00
Werner Koch
7d6ad28667
gpg: Mark disabled keys and add show-ownertrust list option.
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".

* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--

Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
2024-04-17 12:16:20 +02:00
Werner Koch
21f7ad563d
gpg: New command --quick-set-ownertrust.
* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
2024-04-17 11:42:20 +02:00
Werner Koch
2a71c3cf97
gpg: Make --with-subkey-fingerprint the default.
* g10/gpg.c (oWithoutSubkeyFingerprint): New.
(opts): Add "without-subkey-fingerprint".
(main): Make --with-subkey-fingerprint the default.  Implementation
the without option.
--

Given that the default for the keyid format is none, the subkey
fingerprints are important to do anything with a subkey.  Thus we make
the old option the default and provide a new option to revert it.
2024-04-16 18:31:29 +02:00
Werner Koch
4e32ff209d
gpg: Fix minor Kyber display things.
* common/compliance.c (gnupg_pk_is_compliant): Make Kyber known.
* g10/misc.c (openpgp_pk_algo_name): Add "Kyber".
2024-04-15 13:25:07 +02:00
Werner Koch
c736052e9c
gpg: Implement Kyber encryption.
* g10/build-packet.c (do_pubkey_enc): Support Kyber.
* g10/pkglue.c (do_encrypt_kem): Implement.
--

Note that the code does only work for ky768_cv25519 for now.

GnuPG-bug-id: 6815
2024-04-15 12:18:09 +02:00
Werner Koch
4c20d2d273
gpg: Add arg session_algo to pk_decrypt.
* common/kem.c: Move constants to the top.  Add some documentation.
* g10/pkglue.c (pk_encrypt): Add arguments session_key and factor code
out to ...
(do_encrypt_rsa_elg): here,
(do_encrypt_ecdh): and here,
(do_encrypt_kem): and here.
* g10/encrypt.c (write_pubkey_enc): Call with session key algorithm.
--

This makes it easier to review the code.
2024-04-15 09:23:54 +02:00
NIIBE Yutaka
35ef87d8d9
scd:openpgp: Robust Data Object handling for constructed case.
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.

--

GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-15 10:23:25 +09:00
Werner Koch
b48476bbef
gpg: Prepare to use the fingerprint as fixed-info for Kyber.
* g10/pubkey-enc.c (get_it): Use algo and fingerprint for the
fixed-info.  Keep a testing mode.
* g10/options.h (COMPAT_T7014_OLD): New.
* g10/gpg.c (compatibility_flags): Add "t71014-old" flag.
--

GnuPG-bug-id: 6815
2024-04-12 11:33:07 +02:00
Werner Koch
6f94fe01a9
gpg: Simplify the pk_encrypt function interface.
* g10/pkglue.c (pk_encrypt): Remove superfluous arguments and reanem
variable rc to err.
* g10/encrypt.c (write_pubkey_enc): Adjust for this change.
--

We used to pass PK as well as information which could be taken
directly from PK.  Using ERR instead of RC is just for more uniform
naming of variables.
2024-04-12 10:43:12 +02:00
Werner Koch
813f8d1b8e
gpg: Changed internal data format for Kyber.
* g10/packet.h (PKT_pubkey_enc): Add field seskey_algo.
(struct pubkey_enc_list): Ditto.
* g10/misc.c (pubkey_get_nenc): Change value for Kyber from 4 to 3.
* g10/parse-packet.c (parse_pubkeyenc): Store the Kyber algo in the
new field and adjust data.  Do not store the length byte in data[2].
* g10/build-packet.c (do_pubkey_enc): Take the session algo for Kyber
from the new field.
* g10/encrypt.c (write_pubkey_enc): Ses the seskey_algo.
* g10/mainproc.c (proc_pubkey_enc): Copy it.
* g10/pubkey-enc.c (get_it): Support Kyber decryption.

* g10/seskey.c (encode_session_key): Handle Kyber different from ECDH.
--

Having always the single byte in the packet data than to store and
retrieve it from an MPI is much easier.  Thus this patch changes the
original internal format.  With this chnages decryption of the slighly
modified test data works now. See the bug tracker for test data.

GnuPG-bug-id: 6815
2024-04-11 15:56:21 +02:00
Werner Koch
61717fb0a7
agent: Add more diagnostics to PQC decryption.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for
correctness.  Add error diagnostics and one extra check.
--

GnuPG-bug-id: 7014
2024-04-11 15:48:16 +02:00
Werner Koch
869d1df270
indent: Re-indent a function
--
2024-04-11 11:33:37 +02:00
NIIBE Yutaka
f2fd4f1a9e
agent: Rename the function using the word "composite"
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-11 15:30:27 +09:00
NIIBE Yutaka
172d53d636
agent: Fix PQC decryption.
* agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Change the format
of SEXP in the protocol for symmetric cipher algorithm identifier.

--

GnuPG-bug-id: 7014
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-11 15:30:16 +09:00