diff --git a/include/repgp/repgp_def.h b/include/repgp/repgp_def.h index 025d078256..10024a05df 100644 --- a/include/repgp/repgp_def.h +++ b/include/repgp/repgp_def.h @@ -231,7 +231,7 @@ typedef enum : uint8_t { PGP_PKA_ED25519 = 27, /* v6 / Crypto Refresh */ #endif -PGP_PKA_SM2 = 99, /* SM2 encryption/signature schemes */ + PGP_PKA_SM2 = 99, /* SM2 encryption/signature schemes */ #if defined(ENABLE_PQC) /* PQC-ECC composite */ diff --git a/include/rnp/rnp.h b/include/rnp/rnp.h index 851f7ab273..048beb142e 100644 --- a/include/rnp/rnp.h +++ b/include/rnp/rnp.h @@ -1959,7 +1959,6 @@ RNP_API rnp_result_t rnp_key_get_alg(rnp_key_handle_t key, char **alg); */ RNP_API rnp_result_t rnp_key_sphincsplus_get_param(rnp_key_handle_t handle, char **param); - /** Get number of bits in the key. For EC-based keys it will return size of the curve. * * @param key key handle diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index fb2157c3f5..72a9be884b 100755 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -184,7 +184,7 @@ if(CRYPTO_BACKEND_BOTAN) resolve_feature_state(ENABLE_TWOFISH "TWOFISH") resolve_feature_state(ENABLE_IDEA "IDEA") resolve_feature_state(ENABLE_CRYPTO_REFRESH "HKDF") - resolve_feature_state(ENABLE_PQC "KMAC;DILITHIUM;KYBER;ML_KEM_INITIAL_PUBLIC_DRAFT;SPHINCS_PLUS_WITH_SHA2;SPHINCS_PLUS_WITH_SHAKE") + resolve_feature_state(ENABLE_PQC "KMAC;DILITHIUM;KYBER;SPHINCS_PLUS_WITH_SHA2;SPHINCS_PLUS_WITH_SHAKE") resolve_feature_state(ENABLE_BLOWFISH "BLOWFISH") resolve_feature_state(ENABLE_CAST5 "CAST_128") resolve_feature_state(ENABLE_RIPEMD160 "RIPEMD_160") diff --git a/src/lib/generate-key.cpp b/src/lib/generate-key.cpp index 4984462e04..8a8dd18ca8 100644 --- a/src/lib/generate-key.cpp +++ b/src/lib/generate-key.cpp @@ -341,10 +341,10 @@ set_default_user_prefs(pgp_user_prefs_t &prefs) DEFAULT_COMPRESS_ALGS, DEFAULT_COMPRESS_ALGS + ARRAY_SIZE(DEFAULT_COMPRESS_ALGS))); } #if defined(ENABLE_CRYPTO_REFRESH) - if(prefs.aead_prefs.empty()) { + if (prefs.aead_prefs.empty()) { std::vector algs; - for(auto aead_alg : DEFAULT_AEAD_ALGS) { - for(auto sym_alg : prefs.symm_algs) { + for (auto aead_alg : DEFAULT_AEAD_ALGS) { + for (auto sym_alg : prefs.symm_algs) { algs.push_back(sym_alg); algs.push_back(aead_alg); } diff --git a/src/lib/pgp-key.cpp b/src/lib/pgp-key.cpp index bbf56f76d8..a9bd3d1288 100644 --- a/src/lib/pgp-key.cpp +++ b/src/lib/pgp-key.cpp @@ -586,9 +586,8 @@ pgp_user_prefs_t::set_aead_prefs(const std::vector &algs) void pgp_user_prefs_t::add_aead_prefs(pgp_symm_alg_t sym_alg, pgp_aead_alg_t aead_alg) { - for(size_t i = 0; i < aead_prefs.size(); i+=2) - { - if(aead_prefs[i] == sym_alg && aead_prefs[i+1] == aead_alg) { + for (size_t i = 0; i < aead_prefs.size(); i += 2) { + if (aead_prefs[i] == sym_alg && aead_prefs[i + 1] == aead_alg) { return; } } diff --git a/src/lib/rnp.cpp b/src/lib/rnp.cpp index 60f5021aae..c01f2c8f4c 100644 --- a/src/lib/rnp.cpp +++ b/src/lib/rnp.cpp @@ -221,14 +221,13 @@ static const id_str_pair hash_alg_map[] = {{PGP_HASH_MD5, RNP_ALGNAME_MD5}, {0, NULL}}; #if defined(ENABLE_PQC) -static const id_str_pair sphincsplus_params_map[] = { - {sphincsplus_simple_128s, "128s"}, - {sphincsplus_simple_128f, "128f"}, - {sphincsplus_simple_192s, "192s"}, - {sphincsplus_simple_192f, "192f"}, - {sphincsplus_simple_256s, "256s"}, - {sphincsplus_simple_256f, "256f"}, - {0, NULL}}; +static const id_str_pair sphincsplus_params_map[] = {{sphincsplus_simple_128s, "128s"}, + {sphincsplus_simple_128f, "128f"}, + {sphincsplus_simple_192s, "192s"}, + {sphincsplus_simple_192f, "192f"}, + {sphincsplus_simple_256s, "256s"}, + {sphincsplus_simple_256f, "256f"}, + {0, NULL}}; #endif static const id_str_pair s2k_type_map[] = { @@ -6802,11 +6801,12 @@ try { return RNP_ERROR_NULL_POINTER; } pgp_key_t *key = get_key_prefer_public(handle); - if(key->alg() != PGP_PKA_SPHINCSPLUS_SHA2 && key->alg() != PGP_PKA_SPHINCSPLUS_SHAKE) { + if (key->alg() != PGP_PKA_SPHINCSPLUS_SHA2 && key->alg() != PGP_PKA_SPHINCSPLUS_SHAKE) { return RNP_ERROR_BAD_PARAMETERS; } - return get_map_value(sphincsplus_params_map, key->material().sphincsplus.pub.param(), param); + return get_map_value( + sphincsplus_params_map, key->material().sphincsplus.pub.param(), param); #else return RNP_ERROR_NOT_IMPLEMENTED; #endif diff --git a/src/librepgp/stream-parse.cpp b/src/librepgp/stream-parse.cpp index 3a24168c0c..a3e4adca8a 100644 --- a/src/librepgp/stream-parse.cpp +++ b/src/librepgp/stream-parse.cpp @@ -1728,7 +1728,8 @@ encrypted_try_key(pgp_source_encrypted_param_t *param, #endif #if defined(ENABLE_PQC_DBG_LOG) - RNP_LOG_U8VEC("Session Key: %s", std::vector(decbuf_sesskey, decbuf_sesskey + keylen)); + RNP_LOG_U8VEC("Session Key: %s", + std::vector(decbuf_sesskey, decbuf_sesskey + keylen)); #endif #if defined(ENABLE_CRYPTO_REFRESH) || defined(ENABLE_PQC) diff --git a/src/librepgp/stream-sig.cpp b/src/librepgp/stream-sig.cpp index 3eb3393d8b..8833b7b4b7 100644 --- a/src/librepgp/stream-sig.cpp +++ b/src/librepgp/stream-sig.cpp @@ -404,7 +404,7 @@ pgp_sig_subpkt_t::parse() break; #if defined(ENABLE_CRYPTO_REFRESH) case PGP_SIG_SUBPKT_PREFERRED_AEAD_CIPHERSUITES: - if(len % 2 != 0) { + if (len % 2 != 0) { RNP_LOG("AEAD Ciphersuite Preferences must contain an even number of bytes"); return false; } @@ -1864,11 +1864,10 @@ rnp_selfsig_cert_info_t::populate(pgp_signature_t &sig) sig.set_key_flags(key_flags); } return; - } - else if ((sig.version == PGP_V6) && (sig.type() == PGP_SIG_DIRECT)) { + } else if ((sig.version == PGP_V6) && (sig.type() == PGP_SIG_DIRECT)) { /* set some additional packets for v6 direct-key self signatures */ sig.set_key_features(PGP_KEY_FEATURE_MDC | PGP_KEY_FEATURE_SEIPDV2); - if(!prefs.aead_prefs.empty()) { + if (!prefs.aead_prefs.empty()) { sig.set_preferred_aead_algs(prefs.aead_prefs); } } diff --git a/src/librepgp/stream-write.cpp b/src/librepgp/stream-write.cpp index 10a66076c0..7525e083d2 100644 --- a/src/librepgp/stream-write.cpp +++ b/src/librepgp/stream-write.cpp @@ -651,7 +651,8 @@ encrypted_add_recipient(pgp_write_handler_t *handler, } #if defined(ENABLE_PQC_DBG_LOG) - RNP_LOG_U8VEC("Session Key: %s", std::vector(enckey.data(), enckey.data() + keylen)); + RNP_LOG_U8VEC("Session Key: %s", + std::vector(enckey.data(), enckey.data() + keylen)); #endif pgp_encrypted_material_t material; diff --git a/src/rnp/fficli.cpp b/src/rnp/fficli.cpp index 5367961c4c..2b452c5f56 100644 --- a/src/rnp/fficli.cpp +++ b/src/rnp/fficli.cpp @@ -420,7 +420,7 @@ ffi_pass_callback_stdin(rnp_ffi_t ffi, } rnp->reuse_password_for_subkey--; - if(rnp->reuse_password_for_subkey == 0) { + if (rnp->reuse_password_for_subkey == 0) { rnp_buffer_clear(rnp->reused_password, strnlen(rnp->reused_password, buf_len)); free(rnp->reused_password); rnp->reused_password = NULL; @@ -1376,10 +1376,9 @@ cli_rnp_print_key_info(FILE *fp, rnp_ffi_t ffi, rnp_key_handle_t key, bool psecr fprintf(fp, "%s", cli_rnp_normalize_key_alg(alg)); #if defined(ENABLE_PQC) // in case of a SPHINCS+ key, also print the parameter set - char *param; + char * param; rnp_result_t res = rnp_key_sphincsplus_get_param(key, ¶m); - if(res == RNP_SUCCESS) - { + if (res == RNP_SUCCESS) { fprintf(fp, "-%s", param); rnp_buffer_destroy(param); } @@ -1546,9 +1545,9 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) rnp_key_handle_t primary = NULL; rnp_key_handle_t subkey = NULL; #if defined(ENABLE_PQC) - rnp_key_handle_t subkey2 = NULL; + rnp_key_handle_t subkey2 = NULL; #endif - bool res = false; + bool res = false; if (rnp_op_generate_create(&genkey, rnp->ffi, cfg.get_cstr(CFG_KG_PRIMARY_ALG))) { ERR_MSG("Failed to initialize key generation."); @@ -1644,8 +1643,8 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) #endif #if defined(ENABLE_PQC) if (cfg.has(CFG_KG_SUBKEY_SPHINCSPLUS_PARAM) && - rnp_op_generate_set_sphincsplus_param( - genkey, cfg.get_cstr(CFG_KG_SUBKEY_SPHINCSPLUS_PARAM))) { + rnp_op_generate_set_sphincsplus_param(genkey, + cfg.get_cstr(CFG_KG_SUBKEY_SPHINCSPLUS_PARAM))) { ERR_MSG("Failed to set sphincsplus parameter."); goto done; } @@ -1656,11 +1655,11 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) } #if defined(ENABLE_PQC) - if(cfg.has(CFG_KG_SUBKEY_2_ALG)) { + if (cfg.has(CFG_KG_SUBKEY_2_ALG)) { rnp_op_generate_destroy(genkey); genkey = NULL; if (rnp_op_generate_subkey_create( - &genkey, rnp->ffi, primary, cfg.get_cstr(CFG_KG_SUBKEY_2_ALG))) { + &genkey, rnp->ffi, primary, cfg.get_cstr(CFG_KG_SUBKEY_2_ALG))) { ERR_MSG("Failed to initialize subkey 2 generation."); goto done; } @@ -1687,14 +1686,14 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) ERR_MSG("Failed to set hash algorithm."); goto done; } - #if defined(ENABLE_CRYPTO_REFRESH) +#if defined(ENABLE_CRYPTO_REFRESH) if (cfg.get_bool(CFG_KG_V6_KEY)) { rnp_op_generate_set_v6_key(genkey); } - #endif +#endif if (cfg.has(CFG_KG_SUBKEY_2_SPHINCSPLUS_PARAM) && rnp_op_generate_set_sphincsplus_param( - genkey, cfg.get_cstr(CFG_KG_SUBKEY_2_SPHINCSPLUS_PARAM))) { + genkey, cfg.get_cstr(CFG_KG_SUBKEY_2_SPHINCSPLUS_PARAM))) { ERR_MSG("Failed to set sphincsplus parameter."); goto done; } @@ -1708,7 +1707,7 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) // protect #if defined(ENABLE_PQC) for (auto key : {primary, subkey, subkey2}) { - if(!key) { + if (!key) { continue; } #else @@ -1748,7 +1747,6 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) cli_rnp_print_key_info(stdout, rnp->ffi, subkey2, true, false); } #endif - } rnp_op_generate_destroy(genkey); rnp_key_handle_destroy(primary); diff --git a/src/rnpkeys/tui.cpp b/src/rnpkeys/tui.cpp index ec4b302d77..2b97e6dc66 100644 --- a/src/rnpkeys/tui.cpp +++ b/src/rnpkeys/tui.cpp @@ -154,18 +154,13 @@ ask_curve_name(FILE *input_fp) static std::string ask_sphincsplus_param_name(FILE *input_fp) { - std::vector params = {"128f", - "128s", - "192f", - "192s", - "256f", - "256s"}; + std::vector params = {"128f", "128s", "192f", "192s", "256f", "256s"}; std::vector add_info = {"ML-KEM-768 + X25519", - "ML-KEM-768 + X25519", - "ML-KEM-1024 + ECDH-NIST-P-384", - "ML-KEM-1024 + ECDH-NIST-P-384", - "ML-KEM-1024 + ECDH-NIST-P-384", - "ML-KEM-1024 + ECDH-NIST-P-384"}; + "ML-KEM-768 + X25519", + "ML-KEM-1024 + ECDH-NIST-P-384", + "ML-KEM-1024 + ECDH-NIST-P-384", + "ML-KEM-1024 + ECDH-NIST-P-384", + "ML-KEM-1024 + ECDH-NIST-P-384"}; const size_t pcount = params.size(); if (!pcount) { @@ -178,7 +173,8 @@ ask_sphincsplus_param_name(FILE *input_fp) if (!check_attempts(attempts)) { return NULL; } - printf("Please select which SLH-DSA parameter set you want. In parenthesis, the correspondingly chosen encryption subkey is shown:\n"); + printf("Please select which SLH-DSA parameter set you want. In parenthesis, the " + "correspondingly chosen encryption subkey is shown:\n"); for (size_t i = 0; i < pcount; i++) { printf("\t(%zu) %s (%s)\n", i + 1, params[i].c_str(), add_info[i].c_str()); } @@ -411,19 +407,15 @@ rnpkeys_ask_generate_params(rnp_cfg &cfg, FILE *input_fp) cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_BP384); cfg.set_str(CFG_KG_V6_KEY, "true"); break; - case 31: - { + case 31: { std::string param = ask_sphincsplus_param_name(input_fp); if (param == "") { return false; } - if(param == "128f" || param == "128s") - { + if (param == "128f" || param == "128s") { cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER768_X25519); cfg.set_str(CFG_KG_HASH, RNP_ALGNAME_SHA256); - } - else - { + } else { cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_P384); cfg.set_str(CFG_KG_HASH, RNP_ALGNAME_SHA512); } @@ -432,19 +424,15 @@ rnpkeys_ask_generate_params(rnp_cfg &cfg, FILE *input_fp) cfg.set_str(CFG_KG_V6_KEY, "true"); break; } - case 32: - { + case 32: { std::string param = ask_sphincsplus_param_name(input_fp); if (param == "") { return false; } - if(param == "128f" || param == "128s") - { + if (param == "128f" || param == "128s") { cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER768_X25519); cfg.set_str(CFG_KG_HASH, RNP_ALGNAME_SHA3_256); - } - else - { + } else { cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_P384); cfg.set_str(CFG_KG_HASH, RNP_ALGNAME_SHA3_512); } diff --git a/src/tests/ffi-enc.cpp b/src/tests/ffi-enc.cpp index bd93f00ac7..e6411656c2 100644 --- a/src/tests/ffi-enc.cpp +++ b/src/tests/ffi-enc.cpp @@ -776,21 +776,24 @@ TEST_F(rnp_tests, test_ffi_decrypt_pqc_pkesk_test_vector) assert_true(import_all_keys(ffi, "data/draft-ietf-openpgp-pqc/v4-eddsa-mlkem.sec.asc")); assert_rnp_success(rnp_output_to_path(&output, "decrypted")); - assert_rnp_success(rnp_input_from_path(&input, "data/draft-ietf-openpgp-pqc/v6-seipdv2.asc")); + assert_rnp_success( + rnp_input_from_path(&input, "data/draft-ietf-openpgp-pqc/v6-seipdv2.asc")); assert_non_null(input); assert_rnp_success(rnp_decrypt(ffi, input, output)); assert_string_equal(file_to_str("decrypted").c_str(), "Testing\n"); assert_int_equal(unlink("decrypted"), 0); assert_rnp_success(rnp_output_to_path(&output, "decrypted")); - assert_rnp_success(rnp_input_from_path(&input, "data/draft-ietf-openpgp-pqc/v4-seipdv1.asc")); + assert_rnp_success( + rnp_input_from_path(&input, "data/draft-ietf-openpgp-pqc/v4-seipdv1.asc")); assert_non_null(input); assert_rnp_success(rnp_decrypt(ffi, input, output)); assert_string_equal(file_to_str("decrypted").c_str(), "Testing\n"); assert_int_equal(unlink("decrypted"), 0); assert_rnp_success(rnp_output_to_path(&output, "decrypted")); - assert_rnp_success(rnp_input_from_path(&input, "data/draft-ietf-openpgp-pqc/v4-seipdv1.asc")); + assert_rnp_success( + rnp_input_from_path(&input, "data/draft-ietf-openpgp-pqc/v4-seipdv1.asc")); assert_non_null(input); assert_rnp_success(rnp_decrypt(ffi, input, output)); assert_string_equal(file_to_str("decrypted").c_str(), "Testing\n"); diff --git a/src/tests/ffi-key.cpp b/src/tests/ffi-key.cpp index 8bccbf69a9..a8f5798aa8 100644 --- a/src/tests/ffi-key.cpp +++ b/src/tests/ffi-key.cpp @@ -3274,7 +3274,6 @@ TEST_F(rnp_tests, test_ffi_pqc_certs) assert_int_equal(keycount, 2); } - #endif TEST_F(rnp_tests, test_ffi_v6_seckey_import)