aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | gpg: Support Kyber with Brainpool512r1.Werner Koch2024-04-2320-4/+750
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512. * agent/pkdecrypt.c (ecc_table): Support bp512 * g10/pkglue.c (do_encrypt_kem): Ditto. * tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384, and bp512. * tests/openpgp/privkeys: Add corresponding private keys. * tests/openpgp/samplemsgs: Add sample messages for those keys. -- GnuPG-bug-id: 6815
* | gpg: Support encryption with kyber_bp256 and kyber_bp384Werner Koch2024-04-233-2/+39
| | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384. * g10/pkglue.c (do_encrypt_kem): Ditto. -- GnuPG-bug-id: 6815 Note, this needs the very latest Libgcrypt to work properly
* | Remove the deprecated gcry_set_log_handler.Werner Koch2024-04-233-55/+0
| | | | | | | | | | | | | | | | * common/miscellaneous.c (my_gcry_logger): Remove. (setup_libgcrypt_logging): Do not call the deprecated gcry_set_log_handler. * kbx/kbxutil.c (my_gcry_logger): Remove. * tools/no-libgcrypt.c (gcry_set_log_handler): Remove stub.
* | tests: Add two Kyber sample keys and messages.Werner Koch2024-04-2312-4/+562
| | | | | | | | | | | | -- GnuPG-bug-id: 6815
* | gpg: Support encryption with kyber_cv448.Werner Koch2024-04-232-14/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/pkglue.c (do_encrypt_kem): Support cv25519 w/o 0x40 prefix. Support X448. (ECC_POINT_LEN_MAX): New. (ECC_HASH_LEN_MAX): New. * common/openpgp-oid.c (oidtable): Support X448 KEM. -- This needs more work. For example we should use a parameter table like what we do in agent/pkdecrypt.c. GnuPG-bug-id: 6815
* | Require Libgcrypt 1.11.0Werner Koch2024-04-233-65/+71
| | | | | | | | | | | | | | | | | | | | * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0 * agent/pkdecrypt.c (struct ecc_params): Move constants to the top. -- It does not make anymore sense to allow building with older Libgcrypt versions. After all PQ key support is a major feature and for this we need Libgcrypt.
* | agent:kem: More fix for PQC KEM with X448.NIIBE Yutaka2024-04-231-17/+16
| | | | | | | | | | | | | | | | | | | | | | * agent/pkdecrypt.c (struct ecc_params): Remove NAME_LEN field. (ecc_table): Update. (get_ecc_params): Use strcmp. (composite_pgp_kem_decrypt): Fix the call of gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent:kem: Support other ML-KEM variants.NIIBE Yutaka2024-04-231-11/+40
| | | | | | | | | | | | | | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Care about ML-KEM 512 and 1024. -- Co-authored-by: Werner Koch <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent:kem: Support other ECC curves.NIIBE Yutaka2024-04-231-21/+105
| | | | | | | | | | | | | | | | | | | | * agent/pkdecrypt.c (ecc_table): New. (get_ecc_params): New. (composite_pgp_kem_decrypt): Support other curves. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | po: Update Portuguese Translation.Daniel Cerqueira2024-04-231-38/+9
| | | | | | | | Signed-off-by: Daniel Cerqueira <[email protected]>
* | tests: Avoid new C23 keyword true.Werner Koch2024-04-221-4/+4
| | | | | | | | | | | | | | * tests/asschk.c (eval_boolean): s/true/tru/ -- GnuPG-bug-is: 7093
* | gpg: Prepare Kyber encryption code for more variants.Werner Koch2024-04-183-24/+93
| | | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add field kem_algo. (openpgp_oid_to_kem_algo): New. * g10/pkglue.c (do_encrypt_kem): Add support for Kyber1024. -- GnuPG-bug-id: 6815
* | gpg: Mark disabled keys and add show-ownertrust list option.Werner Koch2024-04-176-10/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (LIST_SHOW_OWNERTRUST): New. * g10/keylist.c (print_key_line): Show wonertrust and always show whether a key is disabled. * g10/gpg.c (parse_list_options): Add "show-ownertrust". * g10/gpgv.c (get_ownertrust_string): Add stub. * g10/test-stubs.c (get_ownertrust_string): Add stub. -- Note that in a --with-colons listing the ownertrust has always been emitted and the disabled state is marked in that listing with a special 'D' usage.
* | gpg: New command --quick-set-ownertrust.Werner Koch2024-04-174-2/+105
| | | | | | | | | | | | | | * g10/gpg.c (aQuickSetOwnertrust): New. (opts): Add new command. (main): Implement it. * g10/keyedit.c (keyedit_quick_set_ownertrust): New.
* | gpg: Make --with-subkey-fingerprint the default.Werner Koch2024-04-162-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oWithoutSubkeyFingerprint): New. (opts): Add "without-subkey-fingerprint". (main): Make --with-subkey-fingerprint the default. Implementation the without option. -- Given that the default for the keyid format is none, the subkey fingerprints are important to do anything with a subkey. Thus we make the old option the default and provide a new option to revert it.
* | gpg: Fix minor Kyber display things.Werner Koch2024-04-152-1/+10
| | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Make Kyber known. * g10/misc.c (openpgp_pk_algo_name): Add "Kyber".
* | gpg: Implement Kyber encryption.Werner Koch2024-04-152-4/+214
| | | | | | | | | | | | | | | | | | | | * g10/build-packet.c (do_pubkey_enc): Support Kyber. * g10/pkglue.c (do_encrypt_kem): Implement. -- Note that the code does only work for ky768_cv25519 for now. GnuPG-bug-id: 6815
* | gpg: Add arg session_algo to pk_decrypt.Werner Koch2024-04-154-126/+180
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/kem.c: Move constants to the top. Add some documentation. * g10/pkglue.c (pk_encrypt): Add arguments session_key and factor code out to ... (do_encrypt_rsa_elg): here, (do_encrypt_ecdh): and here, (do_encrypt_kem): and here. * g10/encrypt.c (write_pubkey_enc): Call with session key algorithm. -- This makes it easier to review the code.
* | scd:openpgp: Robust Data Object handling for constructed case.NIIBE Yutaka2024-04-151-0/+50
| | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): When it comes with its tag and length for the constructed Data Object, remove them. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
* | gpg: Prepare to use the fingerprint as fixed-info for Kyber.Werner Koch2024-04-123-8/+22
| | | | | | | | | | | | | | | | | | | | * g10/pubkey-enc.c (get_it): Use algo and fingerprint for the fixed-info. Keep a testing mode. * g10/options.h (COMPAT_T7014_OLD): New. * g10/gpg.c (compatibility_flags): Add "t71014-old" flag. -- GnuPG-bug-id: 6815
* | gpg: Simplify the pk_encrypt function interface.Werner Koch2024-04-123-33/+37
| | | | | | | | | | | | | | | | | | | | | | * g10/pkglue.c (pk_encrypt): Remove superfluous arguments and reanem variable rc to err. * g10/encrypt.c (write_pubkey_enc): Adjust for this change. -- We used to pass PK as well as information which could be taken directly from PK. Using ERR instead of RC is just for more uniform naming of variables.
* | gpg: Changed internal data format for Kyber.Werner Koch2024-04-118-41/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/packet.h (PKT_pubkey_enc): Add field seskey_algo. (struct pubkey_enc_list): Ditto. * g10/misc.c (pubkey_get_nenc): Change value for Kyber from 4 to 3. * g10/parse-packet.c (parse_pubkeyenc): Store the Kyber algo in the new field and adjust data. Do not store the length byte in data[2]. * g10/build-packet.c (do_pubkey_enc): Take the session algo for Kyber from the new field. * g10/encrypt.c (write_pubkey_enc): Ses the seskey_algo. * g10/mainproc.c (proc_pubkey_enc): Copy it. * g10/pubkey-enc.c (get_it): Support Kyber decryption. * g10/seskey.c (encode_session_key): Handle Kyber different from ECDH. -- Having always the single byte in the packet data than to store and retrieve it from an MPI is much easier. Thus this patch changes the original internal format. With this chnages decryption of the slighly modified test data works now. See the bug tracker for test data. GnuPG-bug-id: 6815
* | agent: Add more diagnostics to PQC decryption.Werner Koch2024-04-112-16/+71
| | | | | | | | | | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use %d for correctness. Add error diagnostics and one extra check. -- GnuPG-bug-id: 7014
* | indent: Re-indent a functionWerner Koch2024-04-111-166/+165
| | | | | | | | --
* | agent: Rename the function using the word "composite"NIIBE Yutaka2024-04-111-5/+5
| | | | | | | | | | | | | | | | * agent/pkdecrypt.c (composite_pgp_kem_decrypt): Rename. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | agent: Fix PQC decryption.NIIBE Yutaka2024-04-111-28/+9
| | | | | | | | | | | | | | | | | | | | * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Change the format of SEXP in the protocol for symmetric cipher algorithm identifier. -- GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <[email protected]>
* | doc: Move keyformat.txt to here.Werner Koch2024-04-112-1/+1
| | | | | | | | --
* | doc: Fix a few typos in agent/keyformat.txtTodd Zullinger via Gnupg-devel2024-04-111-6/+6
| | | | | | | | | | | | -- Signed-off-by: Todd Zullinger <[email protected]>
* | gpg: Make Kyber creation more flexible.Werner Koch2024-04-105-11/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (openpgp_is_curve_supported): Allow the abbreviated curve name. * g10/pkglue.c (pk_encrypt): Add debug output. * g10/seskey.c (encode_session_key): Handle Kyber session key like ECDH. This is just a stub. * g10/keygen.c (ecckey_from_sexp): Use the modern OID for cv25519. (parse_key_parameter_part): Allow more Kyber variants. -- Test by creating an ed25519 key and using gpg --quick-add-key --batch --passphrase "" <fingerprint> <algo> to create several subkeys. Tested with ALGOs: kyber768 kyber1024 ky768_cv25519 ky768_bp256 kyber768_nistp256 ky1024_cv448 All curves capable of encryption should work. GnuPG-bug-id: 6815
* | agent:kem: Externalize FIXED_INFO.NIIBE Yutaka2024-04-101-18/+51
| | | | | | | | | | | | | | | | | | * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Don't hard code the value of FIXED_INFO. Get it from frontend. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | common: Rename to kem.c from kmac.c.NIIBE Yutaka2024-04-102-1/+1
| | | | | | | | | | | | | | | | | | * common/Makefile.am (common_sources): Fix to kem.c. * common/kem.c: Rename. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | common,agent: Factor out KEM functions into common/kem.c.NIIBE Yutaka2024-04-103-60/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | gpg: Some support to allow Kyber decryption.Werner Koch2024-04-097-15/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_pkdecrypt): Support dual keygrips and switch to KEM mode. * g10/ecdh.c (pk_ecdh_decrypt): Add an extra length check. * g10/keyid.c (do_hash_public_key): Fix Kyber fingerprint computation. * g10/mainproc.c (release_list): Free all 4 data elements. (proc_pubkey_enc): Copy all 4 data elements. * g10/misc.c (openpgp_pk_test_algo2): Map Kyber to KEM. * g10/parse-packet.c (parse_pubkeyenc): Fix Kyber parser. * g10/pubkey-enc.c (get_session_key): Allow Kyber. (get_it): Support Kyber. -- GnuPG-bug-id: 6815
* | kbx: Support kyber in the blob parser.Werner Koch2024-04-092-4/+44
| | | | | | | | | | | | | | | | * kbx/keybox-openpgp.c (keygrip_from_keyparm): Support Kyber. (parse_key): Ditto. -- GnuPG-bug-id: 6815
* | gpg: Allow no CRC24 checksum in armor.NIIBE Yutaka2024-04-091-2/+2
| | | | | | | | | | | | | | | | | | | | * g10/armor.c (radix64_read): Detect the end of armor when there is no CRC24 checksum. -- GnuPG-bug-id: 7071 Signed-off-by: NIIBE Yutaka <[email protected]>
* | kbx: Fix keyid search for mixed v4/v5 case.Werner Koch2024-04-081-28/+25
| | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-search.c (blob_cmp_fpr_part): Reworked. (has_short_kid, has_long_kid): Simplify. -- The old code was too complicated and did not cope correctly a blob having a mix of v5 and v4 keys. Fixes-commit: 01329da8a778d3b0d121c83bfb61d99a39cccac4 GnuPG-bug-id: 5888
* | gpg: Do not allow to accidently set the RENC usage.Werner Koch2024-04-051-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (print_key_flags): Print "RENC" if set. (ask_key_flags_with_mask): Remove RENC from the possible set of usages. Add a direct way to set it iff the key is encryption capable. -- This could be done by using "set your own capabilities" for an RSA key. In fact it was always set in this case. GnuPG-bug-id: 7072
* | gpg: Allow to create a Kyber key from keygrips.Werner Koch2024-04-056-13/+97
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms. * common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber. * common/sexputil.c (get_pk_algo_from_key): Increase buffer for use with "kyber1024". * g10/call-agent.c (agent_get_keyinfo): Fix warning. * g10/keygen.c (do_create_from_keygrip): Support Kyber. (ask_algo): Ditto. -- To test create a standard key and the use --edit-key and "addkey" with selection 13 and use the comma delimited keygrips. GnuPG-bug-id: 7014
* | agent: Fix error handling of READKEY.Werner Koch2024-04-051-1/+3
| | | | | | | | | | | | | | * agent/command.c (cmd_readkey): Jump to leave on reading error. -- Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
* | gpg: Support dual keygrips.Werner Koch2024-04-0510-45/+180
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keyid.c (keygrip_from_pk): Add arg get_second to support dual algos. Implement for Kyber. (hexkeygrip_from_pk): Extend for dual algos. * g10/call-agent.c (agent_keytotpm): Bail out for dual algos. (agent_keytocard): Ditto. (agent_probe_secret_key): Handle dual algos. (agent_probe_any_secret_key): Ditto. (agent_get_keyinfo): Allow for dual algos but take only the first key. * g10/export.c (do_export_one_keyblock): Bail out for dual algos. -- This also adds some fixmes which we eventually need to address. GnuPG-bug-id: 6815
* | agent: Make "PKDECRYPT --kem" with optional value work.Werner Koch2024-04-053-6/+11
| | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_pkdecrypt): Fix comparison. * agent/agent.h (enum kemids): Rename type and strip trailing comma. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Allow building with Libgcrypt < 1.11 -- Eventually we should change the libgcrypt requirement in configure.
* | agent: Add initial support for hybrid ECC+PQC decryption with KEM.NIIBE Yutaka2024-04-053-7/+362
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (enum kemid): New. (agent_kem_decrypt): New. * agent/command.c (cmd_pkdecrypt): Support --kem option to call agent_kem_decrypt. * agent/pkdecrypt.c (reverse_buffer): New. (agent_hybrid_pgp_kem_decrypt): New. (agent_kem_decrypt): New. -- Now, it only supports X25519 + ML-KEM. GnuPG-bug-id: 7014 Signed-off-by: NIIBE Yutaka <[email protected]>
* | gpg: Initial support for generating Kyber subkeys.Werner Koch2024-04-039-110/+461
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (PUBKEY_ALGO_KY768_25519): Remove. (PUBKEY_ALGO_KY1024_448): Remove. (PUBKEY_ALGO_KYBER): New. Use them everywhere instead of the removed. * g10/build-packet.c (gpg_mpi_write_nohdr): Rename to (gpg_mpi_write_opaque_nohdr): this. Change callers. (gpg_mpi_write_opaque_32): New. (do_key): Support Kyber keys using the revised format. * g10/gpg.h (MAX_EXTERN_KEYPARM_BITS): New. * g10/parse-packet.c (read_octet_string): Add arg nbytes so support reading with a length prefix. Adjust callers. (parse_key): Parse Kyber public keys. * g10/misc.c (pubkey_get_npkey): Support Kyber. (pubkey_get_nskey): Ditto. * g10/keyid.c (pubkey_string): Support dual algorithms. (do_hash_public_key): Support Kyber. (nbits_from_pk): Ditto. (keygrip_from_pk): Return the Kyber part for the ECC+Kyber dual algo. * g10/keygen.c (struct common_gen_cb_parm_s): Add genkey_result2. Note that this callback is not yet used. (ecckey_from_sexp): Add optional arg sexp2 and use it for Kyber. Change callers. (ecckey_from_sexp): Do not leak LIST in case of an error. (common_gen): Add arg keyparms2, change callers, and support Kyber. (gen_kyber): New. (get_keysize_range): Support Kyber. (fixup_keysize): Simplify and support Kyber. (do_create): Handle Kyber. (parse_key_parameter_part): Remove algo strings "ky768" and "ky1024" and add a generic "kyber" with default parameters. -- This uses a revised format which is more aligned with the usual OpenPGP structure. A lot of things are still missing. For example support for handling two keygrips and checking both of them in a -K listing. There is also only ky768_bp384 as fixed algorithm for now. No passphrase for the Kyber part of the dual algorithm is on purpose. A test was done using gpg --quick-gen-key pqc1 nistp256 and then running gpg -v --quick-add-key <fingerprint> kyber which creates a v5 subkey on a v4 primary key. A second test using gpg --quick-gen-key pqc2 Ed448 followed by a --quick-add-key created a v5 key with a v5 subkey. GnuPG-bug-id: 6815
* | common: Extend openpgp_oid_to_curve to return an abbreviated name.Werner Koch2024-04-032-14/+39
| | | | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add column "abbr" and set them for Brainpool. (openpgp_oid_to_curve): Rename arg "canon" to "mode" and implement mode 2. -- For dual algorithms (PQC) we need shorter versions of brainpool to avoid names which otherwise might be capped when printed.
* | tests: Add a sample PDF with a signatureWerner Koch2024-04-031-0/+0
| | | | | | | | --
* | common: Allow building with libgcrypt 1.10 for now.Werner Koch2024-04-031-0/+4
| | | | | | | | | | | | | | | | | | * common/kmac.c (compute_kmac256): Return an error for older gcrypt versions. -- Except for the new KEM module there is no hard requirement for libgcrypt 1.11 *yet*.
* | agent: Add --another option for hybrid crypto.NIIBE Yutaka2024-04-012-6/+15
| | | | | | | | | | | | | | | | | | | | * agent/agent.h (struct server_control_s): Add have_keygrip1. * agent/command.c (reset_notify): Clear have_keygrip1 field. (cmd_havekey): Add --another option handling. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | common: Add KMAC.NIIBE Yutaka2024-03-293-2/+140
| | | | | | | | | | | | | | | | | | | | * common/Makefile.am (common_sources): Add kmac.c. * common/kmac.c: New. * common/util.h (compute_kmac256): New. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | gpgsm: Allow to add extensions at the --gen-key prompt.Werner Koch2024-03-272-0/+10
| | | | | | | | | | | | | | | | | | | | * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Add a prompt for extensions. -- An example for an extension would be extKeyUsage for authentication: 2.5.29.37 n 301406082B0601050507030206082B06010505070301
* | scd:openpgp: Fix data_objects specification for F9 and FA.NIIBE Yutaka2024-03-271-2/+2
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (data_objects): These are constructed objects. -- GnuPG-bug-id: 7058 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 10:18:52 +0000