gpg: Add option --assert-pubkey_algo.

* g10/keyid.c (parse_one_algo_string): New.
(compare_pubkey_string_part): New.
(compare_pubkey_string): New.
* g10/verify.c (check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo.
* g10/options.h (opt): Add field assert_pubkey_algos.
* g10/gpg.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Reorder RC modifications.  Check assert_pubkey_algo_false.
* common/status.h (ASSERT_PUBKEY_ALGOS): new.
* common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if
this macro is set.

* g10/gpgv.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Check assert_pubkey_algo_false.

* g10/t-keyid.c: New.
* g10/Makefile.am: Add t-keyid.
* g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and
remove from other tests.
(check_assert_signer_list): Ditto.
(check_assert_pubkey_algo): Ditto.
--

GnuPG-bug-id: 6946

1 files changed, 129 insertions, 0 deletions

diff --git a/g10/t-keyid.c b/g10/t-keyid.c
new file mode 100644
index 000000000..d42399027
--- /dev/null
+++ b/g10/t-keyid.c
@@ -0,0 +1,129 @@
+/* t-keyid.c - Tests for keyid.c.
+ * Copyright (C) 2024 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#define LEAN_T_SUPPORT 1
+
+#define PGM "t-keyid"
+
+#include "gpg.h"
+#include "keydb.h"
+#include "../common/t-support.h"
+
+
+
+static int verbose;
+
+
+static void
+test_compare_pubkey_string (void)
+{
+  static struct { const char *astr; const char *bstr; int expected; } t[] =
+  {
+    { "rsa2048"  , "rsa2048"             ,  1 },
+    { "rsa2048"  , ">=rsa2048"           ,  1 },
+    { "rsa2048"  , ">rsa2048"            ,  0 },
+    { "ed25519"  , ">rsa1024"            ,  0 },
+    { "ed25519"  , "ed25519"             ,  1 },
+    { "ed25519"  , ",,,=ed25519"         ,  1 },
+    { "nistp384" , ">nistp256"           ,  1 },
+    { "nistp521" , ">=rsa3072, >nistp384",  1 },
+    { " nistp521" , ">=rsa3072, >nistp384   ",  1 },
+    { "  nistp521  " , "  >=rsa3072, >nistp384   ",  1 },
+    { "  =nistp521  " , "  >=rsa3072, >nistp384,,",  1 },
+    { "nistp384" , ">nistp384"           ,  0 },
+    { "nistp384" , ">=nistp384"          ,  1 },
+    { "brainpoolP384" , ">=brainpoolp256", 1 },
+    { "brainpoolP384" , ">brainpoolp384" , 0 },
+    { "brainpoolP384" , ">=brainpoolp384", 1 },
+    { "brainpoolP256r1", ">brainpoolp256r1", 0 },
+    { "brainpoolP384r1", ">brainpoolp384r1" , 0 },
+    { "brainpoolP384r1", ">=brainpoolp384r1", 1 },
+    { "brainpoolP384r1", ">=brainpoolp384"  , 1 },
+    { "",  "", 0}
+  };
+  int idx;
+  int result;
+
+  for (idx=0; idx < DIM(t); idx++)
+    {
+      result = compare_pubkey_string (t[idx].astr, t[idx].bstr);
+      if (result != t[idx].expected)
+        {
+          fail (idx);
+          if (verbose)
+            log_debug ("\"%s\", \"%s\" want %d got %d\n",
+                       t[idx].astr, t[idx].bstr, t[idx].expected, result);
+        }
+    }
+
+}
+
+
+int
+main (int argc, char **argv)
+{
+  int last_argc = -1;
+
+  no_exit_on_fail = 1;
+
+  if (argc)
+    { argc--; argv++; }
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          fputs ("usage: " PGM " [FILE]\n"
+                 "Options:\n"
+                 "  --verbose         Print timings etc.\n"
+                 "  --debug           Flyswatter\n"
+                 , stdout);
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--debug"))
+        {
+          verbose += 2;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        {
+          fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
+          exit (1);
+        }
+    }
+
+  test_compare_pubkey_string ();
+
+  return !!errcount;
+}