Skip to content

Commit

Permalink
adjust find_suitable_key() to prefer PQC subkeys
Browse files Browse the repository at this point in the history
  • Loading branch information
@TJ-91
TJ-91 committed Apr 24, 2024
1 parent 81dc47c commit 1273f51
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 0 deletions.
48 changes: 48 additions & 0 deletions src/lib/pgp-key.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -471,6 +471,19 @@ find_suitable_key(pgp_op_t op, pgp_key_t *key, rnp::KeyProvider *key_provider, b
if (!cur || !cur->usable_for(op)) {
continue;
}
#if defined(ENABLE_PQC)
/* prefer PQC over non-PQC. Assume non-PQC key is only there for backwards
* compatibility. */
if (subkey && subkey->is_pqc_alg() && !cur->is_pqc_alg()) {
/* do not override already found PQC key with non-PQC key */
continue;
}
if (subkey && cur->is_pqc_alg() && !subkey->is_pqc_alg()) {
/* override non-PQC key with PQC key */
subkey = cur;
continue;
}
#endif
if (!subkey || (cur->creation() > subkey->creation())) {
subkey = cur;
}
Expand Down Expand Up @@ -1330,6 +1343,41 @@ pgp_key_t::has_secret() const
}
}

#if defined(ENABLE_PQC)
bool
pgp_key_t::is_pqc_alg() const
{
switch (alg()) {
case PGP_PKA_KYBER768_X25519:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER768_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER768_BP256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_KYBER1024_BP384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_ED25519:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_P256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_P384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM3_BP256:
FALLTHROUGH_STATEMENT;
case PGP_PKA_DILITHIUM5_BP384:
FALLTHROUGH_STATEMENT;
case PGP_PKA_SPHINCSPLUS_SHA2:
FALLTHROUGH_STATEMENT;
case PGP_PKA_SPHINCSPLUS_SHAKE:
return true;
default:
return false;
}
}
#endif

bool
pgp_key_t::usable_for(pgp_op_t op, bool if_secret) const
{
Expand Down
3 changes: 3 additions & 0 deletions src/lib/pgp-key.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,9 @@ struct pgp_key_t {
bool can_certify() const;
bool can_encrypt() const;
bool has_secret() const;
#if defined(ENABLE_PQC)
bool is_pqc_alg() const;
#endif
/**
* @brief Check whether key is usable for the specified operation.
*
Expand Down

0 comments on commit 1273f51

Please sign in to comment.