1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-29 19:48:43 +01:00
Commit Graph

2831 Commits

Author SHA1 Message Date
Werner Koch
19f2f00bfd
gpg: Exclude expired trusted keys from the key validation process.
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--

This patch makes sure that an expired trusted key is not used for
trust computation.  The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.

GnuPG-bug-id: 7200
2024-09-25 15:21:55 +02:00
Werner Koch
a0aea09264
gpg: Validate the trustdb after the import of a trusted key.
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--

The revalidation mark was only set if the imported key had a new key
signature.  This is in general correct but not if the imported key is
a trusted key.

GnuPG-bug-id: 7200
2024-09-25 15:21:30 +02:00
Werner Koch
c59eeda3c4
gpg: Remove useless variable in validate_keys.
* g10/trustdb.c (store_validation_status): Remove arg  'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--

This has been here since 2003.  The variable was never evaluated -
only stored.

Also added some comments.
2024-09-25 15:21:20 +02:00
Ingo Klöcker
79298e87d8 gpg: Fix --quick-set-expire for V5 subkey fingerprints
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--

The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.

GnuPG-bug-id: 7298
2024-09-24 23:05:13 +02:00
Werner Koch
2770efa75b
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--

This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.

Fixes-commit: 50e81ad38d
GnuPG-bug-id: 7042
2024-09-19 10:06:55 +02:00
Werner Koch
2125f228d3
build: Remove configure option --enable-gpg-is-gpg2
* configure.ac (--enable-gpg-is-gpg2): Remove option.
(USE_GPG2_HACK): Remove var.
* common/homedir.c (gnupg_module_name): Remove code for gpg2
installation option.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (noinst_PROGRAMS): Ditto.
* doc/gpg.texi: Ditto.
* doc/gpgv.texi: Ditto.
--

This option and all its build stuff does not make anymore sense.  gpg1
is way too old for anyone to use on a regualar base along with a
standard gpg.  It is better to rename that single gpg (1.4) binary to
gpg1 and adjust any scripts.
2024-09-11 14:30:40 +02:00
NIIBE Yutaka
7e321c2c2a
gpg: Fix getting key by IPGP.
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.

--

GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-11 13:51:16 +09:00
Werner Koch
d528d0b065
gpg: New commands --add-recipients and --change-recipients.
* g10/gpg.c (aAddRecipients, aChangeRecipients): New consts.
(opts): Add --add-recipients and --change-recipients.
(main): Handle them.
* g10/gpg.h (struct server_control_s): Add fields modify_recipients,
clear_recipients, and last_read_ctb.
* g10/armor.c (was_armored): New.
* g10/decrypt.c (decrypt_message): Add optional arg 'remusr'.  Handle
re-encryption if desired.
* g10/encrypt.c (write_pubkey_enc): Factor info printing out to ...
(show_encrypted_for_user_info): new.
(reencrypt_to_new_recipients): New.
* g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc
and last_ctb.
(init_parse_packet): Clear them.
* g10/parse-packet.c (parse): Store CTB in the context.  Early return
on pubkey_enc and symkey_enc packets if requested.
* g10/mainproc.c (proc_encrypted): Allow for PKT being NULL.  Return
early in modify-recipients mode.
(proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'.
Adjust callers.  Call do_proc_packets in modify-recipients mode
depending on the optional args.
(do_proc_packets): Add arg 'keep_dek_and_list'.  Adjust callers.  Save
the last read CTB in CTRL and return after the last fooenc_enc
packets.
--

This basically works but does not yet handle symmetric encrypted
packets (symkey_enc).

GnuPG-bug-id: 1825
(Yes, this is an at least 9 year old feature request)
2024-09-09 16:47:04 +02:00
Werner Koch
2cc340eca0
gpg: Improve detection of input data read errors.
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--

Fixes-commit: 695cb04af5
GnuPG-bug-id: 6528

The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
2024-09-06 16:09:49 +02:00
Werner Koch
9a741aba3d
gpg: Make --no-literal work again for -c and --store.
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--

Fixes-commit: 756c0bd5d8
GnuPG-bug-id: 5852
2024-09-06 16:09:49 +02:00
Werner Koch
1eaf1e236e
gpg: Simplify the pubkey_enc_list object
* g10/packet.h (struct pubkey_enc_list): Replace most by a
PKT_pubkey_enc member.
* g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ...
(release_pubkey_enc_parts): new.
(copy_pubkey_enc_parts): New.
* g10/mainproc.c (release_list): Adjust for above change.
(proc_pubkey_enc): Ditto.
(print_pkenc_list): Ditto.
(proc_encrypted): Ditto.
2024-09-06 16:09:49 +02:00
Werner Koch
1e25157266
gpg: remove workaround for Libgcrypt < 1.8.6
* g10/free-packet.c (is_mpi_copy_broken): Remove.
2024-09-06 16:09:49 +02:00
Werner Koch
8896bbd0f9
gpg: Switch Kyber to the final algo id and add it to the menu.
* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
* g10/keygen.c (do_generate_keypair): Remove the experimental algo
note ...
(write_keybinding): and the experimental notation data.
(ask_algo): Add a mode 16 for a Kyber subkey.
(generate_subkeypair): Set parameters for mode 16.
--

GnuPG-bug-id: 6815
2024-08-27 10:44:17 +02:00
Werner Koch
1eb382fb1f
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
2024-08-23 11:28:30 +02:00
Werner Koch
3171ca9b94
gpg: Warn if a keyring is specified along with --use-keyboxd.
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
2024-08-23 09:19:55 +02:00
Werner Koch
8bef1e2821
gpg: Minor fix when building with --disable-exec
* g10/photoid.c (show_photo): No return for a void function.
--

GnuPG-bug-id: 7256
2024-08-19 10:31:44 +02:00
Werner Koch
882ab7fef9
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.
2024-08-12 14:50:08 +02:00
Werner Koch
8735b87411
gpg: New debug flag "keydb".
* g10/options.h (DBG_KEYDB_VALUE): New.
* g10/gpg.c (debug_flags): Add it.
* g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB.
* g10/keyring.c: Ditto.
* g10/call-keyboxd.c: Ditto.
--

Using "lookup" also for key search debugging was not a good idea.
This uses a separate flag for the latter.
2024-08-09 09:31:54 +02:00
Werner Koch
7d82fca43d
gpg: Increase compress buffer size.
* g10/compress.c (init_compress): Increase buffersize.
--

This may speed up things a little bit.
2024-08-08 17:31:26 +02:00
Jakub Jelen
f66e9356f8
export_secret_ssh_key: Avoid memory leak.
* g10/export.c (export_secret_ssh_key): Free memory on errrors.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:35:10 +09:00
NIIBE Yutaka
1e6b96577f
gpg: Fix agent_probe_any_secret_key.
* g10/call-agent.c (agent_probe_any_secret_key): No second keygrip
is not an error.

--

GnuPG-bug-id: 7195
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-10 15:13:06 +09:00
NIIBE Yutaka
953dd67368
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.

--

GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:04:16 +09:00
Werner Koch
6a40cfa6c0
gpg: Print a warning if the (draft) Kyber algorithm is used.
* g10/keygen.c (do_generate_keypair): Check for draf Kyber stuff.
2024-07-05 11:12:12 +02:00
Werner Koch
0c34edc443
gpg: Make --with-sig-check with -with --show-key in non-colon mode.
* g10/keylist.c (list_keyblock_direct): Set check_sigs.
2024-07-01 09:21:49 +02:00
Werner Koch
1695cf267e
gpg: New option --show-only-session-key
* g10/options.h (opt): Add show_only_session_key and turn
show_session_key into a bit flag.
* g10/gpg.c (oShowOnlySessionKey): New.
(opts): Add "show-only-session-key".
(main): Set flag.
* g10/mainproc.c (proc_encrypted): Handle the new option.

* g10/decrypt-data.c (decrypt_data): Ditto.  Add compliance error flag
to the DECRYPTION_INFO status line.
--

This new option is somehow related to
GnuPG-bug-id: 1825
2024-06-24 16:31:40 +02:00
Werner Koch
4c65dfeb28
gpg: Rename recently added import option no-seckeys to only-pubkeys.
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--

GnuPG-bug-id: 7146
2024-06-24 11:49:05 +02:00
Werner Koch
8e691efb05
gpg: Add --import-option "no-seckeys".
* g10/import.c (parse_import_options): Add "no-seckeys".
--

GnuPG-bug-id: 7146
2024-06-11 15:52:07 +02:00
Werner Koch
12ac129a70
gpg: Allow shortcut algo string "pqc" for --quick-gen-key.
* g10/keygen.c (PQC_STD_KEY_PARAM): New.
(quickgen_set_para): Always store the provided NBITS.
(parse_key_parameter_string): Detect the special value "pqc".
(quick_generate_keypair): Ditto.
--

With this change we can finally do a

  gpg --quick-gen-key --batch --passphrase='' foo@example.org  pqc

and get a full key.  Currently with a brainpoolp386r1 primary key and
a Kyber768_brainpoolp256 subkey.
2024-06-11 15:39:00 +02:00
Werner Koch
d81bb417c0
gpg: Do not bail out on secret keys with an unknown algo
* g10/getkey.c (lookup): Skip keys with unknown algos.
--

If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out.  Thus decryption of proper
messages was not possible.  This fix skips such secret keys.
2024-06-11 12:43:47 +02:00
Werner Koch
77afc9ee1c
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
2024-06-05 17:04:33 +02:00
Werner Koch
8cbcac89fe
gpg: Do not show RENC if no key capabilities are found for a key.
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
2024-06-05 10:01:44 +02:00
Werner Koch
9d618d1273
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.
2024-06-05 10:01:43 +02:00
Werner Koch
465ea9116d
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
2024-06-05 10:01:36 +02:00
Werner Koch
068ebb6f1e
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.
2024-06-04 18:02:02 +02:00
Werner Koch
04ce6765f4
gpg: Rename functions with an "fprint" part to "fpr"
--

The fprint is too uncommon in our code base and to similar to fprintf.
2024-06-04 15:27:41 +02:00
Werner Koch
ed118e2ed5
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
2024-06-03 18:52:06 +02:00
Daniel Kahn Gillmor
42b0e9558a
indent: Fix spelling
--

These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.

With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.

GnuPG-bug-id: 7116
2024-05-31 12:28:32 +02:00
NIIBE Yutaka
fc3fde1bde
spawn: Remove spawn callback, introduce gnupg_spawn_actions.
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-31 15:36:39 +09:00
Werner Koch
bcc002cd45
gpg: Avoid a double free on error in the key generation.
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 13:46:45 +02:00
Werner Koch
287e717b55
Merge branch 'STABLE-BRANCH-2-4' into master
--
Fixed conflicts in:
	NEWS
	g10/call-agent.c
	g10/options.h
	kbx/kbxutil.c
	tools/gpgconf.c
2024-05-16 09:46:36 +02:00
NIIBE Yutaka
0eefa08295
gpg: Allow no CRC24 checksum in armor.
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.

--

Cherry-pick master commit of:
	3a344d6236

GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:39 +09:00
Werner Koch
b36e557c5b
gpg: Terminate key listing on output write error.
* g10/keylist.c (list_all): Handle error from list_keyblock.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock): Detect write error, print, and return it.
(list_keyblock_direct): Return error from list_keyblock.
* g10/import.c (import_one_real): Break on listing error.
--

Test by using
  gpg -k >/dev/full

GnuPG-bug-id: 6185
2024-05-15 09:56:40 +02:00
Werner Koch
351fc6e6fa
gpg: Algo "kyber" is now a shortcut for ky768_bp256.
* g10/keygen.c (parse_key_parameter_part): Change Kyber defaults.
--

Also kyber1024 is now a shortcut for ky1024_bp384.  This change is to
align it with the original wussler draft.
2024-05-06 10:47:01 +02:00
Werner Koch
f415d96fac
gpg: Add a notation to Kyber encryption subkeys
* g10/keygen.c (struct opaque_data_usage_and_pk): New.
(do_add_notation): New.
(keygen_add_key_flags_from_oduap): New.
(write_keybinding): Prepare for de-vs cplimance notation.  Add a
notation to Kyber subkeys.
--

This code is based on the 2.2
commit b284412786
However the de-vs notation is currently ineffective as long as
Libgcrypt won't claim compliance.

The new notation fips203.ipd.2023-08-24 has been added to allow
detection of subkeys which have been crated with a pre-final FIPS203
spec for Kyber.
2024-05-02 21:11:55 +02:00
Werner Koch
2958e5e4cf
gpg: New option --require-pqc-encryption
* g10/gpg.c (oRequirePQCEncryption): New.
(opts): Add option.
(main): Set option.
* g10/mainproc.c (print_pkenc_list): Print a warning.
* g10/options.h (flags): Add flag require_pqc_encryption.
* g10/getkey.c (finish_lookup): Skip non-pqc keys if the option is
set.
--

GnuPG-bug-id: 6815
2024-04-24 09:57:07 +02:00
Werner Koch
ab703eacf7
gpg: Split keygrip in a standard key listing.
* g10/keylist.c (print_keygrip): New.
(list_keyblock_print): Use new function to print the keygrip.
2024-04-23 20:12:57 +02:00
Werner Koch
dd650b2c7b
gpg: Support Kyber with Brainpool512r1.
* common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512.
* agent/pkdecrypt.c (ecc_table): Support bp512
* g10/pkglue.c (do_encrypt_kem): Ditto.

* tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384,
and bp512.
* tests/openpgp/privkeys: Add corresponding private keys.
* tests/openpgp/samplemsgs:  Add sample messages for those keys.
--

GnuPG-bug-id: 6815
2024-04-23 17:41:28 +02:00
Werner Koch
32ec480024
gpg: Support encryption with kyber_bp256 and kyber_bp384
* common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384.
* g10/pkglue.c (do_encrypt_kem): Ditto.
--

GnuPG-bug-id: 6815

Note, this needs the very latest Libgcrypt to work properly
2024-04-23 16:25:05 +02:00
Werner Koch
e591fd25ad
gpg: Support encryption with kyber_cv448.
* g10/pkglue.c (do_encrypt_kem): Support cv25519 w/o 0x40
prefix. Support X448.
(ECC_POINT_LEN_MAX): New.
(ECC_HASH_LEN_MAX): New.
* common/openpgp-oid.c (oidtable): Support X448 KEM.
--

This needs more work.  For example we should use a parameter table
like what we do in agent/pkdecrypt.c.

GnuPG-bug-id: 6815
2024-04-23 11:31:49 +02:00
Werner Koch
ba3c873934
gpg: Prepare Kyber encryption code for more variants.
* common/openpgp-oid.c (oidtable): Add field kem_algo.
(openpgp_oid_to_kem_algo): New.
* g10/pkglue.c (do_encrypt_kem): Add support for Kyber1024.
--
GnuPG-bug-id: 6815
2024-04-18 14:37:40 +02:00