[Pkg-gnupg-commit] [gnupg2] 43/185: common, gpg, sm: Restrict the use of algorithms according to CO_DE_VS.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:18 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit a64a55e10420cf11e00062b590dffe5d0c3e8192
Author: Justus Winter <justus at g10code.com>
Date: Tue Jun 6 16:01:40 2017 +0200
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--
With this change, policies can effectively restrict what algorithms
are used for different purposes. The algorithm policy for CO_DE_VS is
implemented.
GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus at g10code.com>
---
common/compliance.c | 188 ++++++++++++++++++++++++++++++++++++++++++++++++++++
common/compliance.h | 14 ++++
g10/decrypt-data.c | 12 ++++
g10/encrypt.c | 30 +++++++++
g10/gpg.c | 38 +++++++++++
g10/pubkey-enc.c | 26 +++++++-
g10/sig-check.c | 19 ++++++
g10/sign.c | 23 +++++++
sm/decrypt.c | 41 +++++++++---
sm/encrypt.c | 28 ++++++++
sm/gpgsm.c | 37 +++++++++++
sm/sign.c | 27 ++++++++
sm/verify.c | 42 +++++++++---
13 files changed, 504 insertions(+), 21 deletions(-)
diff --git a/common/compliance.c b/common/compliance.c
index bcf621a..4078004 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -193,6 +193,105 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
}
+/* Return true if ALGO with the given KEYLENGTH is allowed in the
+ * given COMPLIANCE mode. USE specifies for which use case the
+ * predicate is evaluated. This way policies can be strict in what
+ * they produce, and liberal in what they accept. */
+int
+gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
+ enum pk_use_case use, int algo, gcry_mpi_t key[],
+ unsigned int keylength, const char *curvename)
+{
+ switch (compliance)
+ {
+ case CO_DE_VS:
+ switch (algo)
+ {
+ case PUBKEY_ALGO_RSA:
+ case PUBKEY_ALGO_RSA_E:
+ case PUBKEY_ALGO_RSA_S:
+ switch (use)
+ {
+ case PK_USE_ENCRYPTION:
+ return 1;
+ case PK_USE_DECRYPTION:
+ case PK_USE_SIGNING:
+ return (keylength == 2048
+ || keylength == 3072
+ || keylength == 4096);
+ case PK_USE_VERIFICATION:
+ return (keylength == 2048
+ || keylength == 3072
+ || keylength == 4096
+ || keylength < 2048);
+ default:
+ log_assert (!"reached");
+ }
+ log_assert (!"reached");
+
+ case PUBKEY_ALGO_DSA:
+ if (key)
+ {
+ size_t L = gcry_mpi_get_nbits (key[0] /* p */);
+ size_t N = gcry_mpi_get_nbits (key[1] /* q */);
+ return ((use == PK_USE_SIGNING
+ && L == 256
+ && (N == 2048 || N == 3072))
+ || (use == PK_USE_VERIFICATION
+ && N < 2048));
+ }
+ else
+ return 0;
+ log_assert (!"reached");
+
+ case PUBKEY_ALGO_ELGAMAL:
+ case PUBKEY_ALGO_ELGAMAL_E:
+ return use == PK_USE_ENCRYPTION;
+
+ case PUBKEY_ALGO_ECDH:
+ return use == PK_USE_ENCRYPTION;
+
+ case PUBKEY_ALGO_ECDSA:
+ {
+ int result = 0;
+ char *curve = NULL;
+
+ if (! curvename && key)
+ {
+ curve = openpgp_oid_to_str (key[0]);
+ curvename = openpgp_oid_to_curve (curve, 0);
+ if (!curvename)
+ curvename = curve;
+ }
+
+ result = ((use == PK_USE_SIGNING
+ && curvename
+ && (!strcmp (curvename, "brainpoolP256r1")
+ || !strcmp (curvename, "brainpoolP384r1")
+ || !strcmp (curvename, "brainpoolP512r1")))
+ || use == PK_USE_VERIFICATION);
+
+ xfree (curve);
+ return result;
+ }
+
+ case PUBKEY_ALGO_EDDSA:
+ return 0;
+
+ default:
+ return 0;
+ }
+ log_assert (!"reached");
+
+ default:
+ /* The default policy is to allow all algorithms. */
+ return 1;
+ }
+
+ log_assert (!"reached");
+}
+
+
/* Return true if (CIPHER, MODE) is compliant to the given COMPLIANCE mode. */
int
gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
@@ -232,6 +331,57 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
}
+/* Return true if CIPHER is allowed in the given COMPLIANCE mode. If
+ * PRODUCER is true, the predicate is evaluated for the producer, if
+ * false for the consumer. This way policies can be strict in what
+ * they produce, and liberal in what they accept. */
+int
+gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
+ cipher_algo_t cipher,
+ enum gcry_cipher_modes mode)
+{
+ switch (compliance)
+ {
+ case CO_DE_VS:
+ switch (cipher)
+ {
+ case CIPHER_ALGO_AES:
+ case CIPHER_ALGO_AES192:
+ case CIPHER_ALGO_AES256:
+ case CIPHER_ALGO_3DES:
+ switch (module)
+ {
+ case GNUPG_MODULE_NAME_GPG:
+ return mode == GCRY_CIPHER_MODE_NONE || mode == GCRY_CIPHER_MODE_CFB;
+ case GNUPG_MODULE_NAME_GPGSM:
+ return mode == GCRY_CIPHER_MODE_NONE || mode == GCRY_CIPHER_MODE_CBC;
+ }
+ log_assert (!"reached");
+
+ case CIPHER_ALGO_BLOWFISH:
+ case CIPHER_ALGO_CAMELLIA128:
+ case CIPHER_ALGO_CAMELLIA192:
+ case CIPHER_ALGO_CAMELLIA256:
+ case CIPHER_ALGO_CAST5:
+ case CIPHER_ALGO_IDEA:
+ case CIPHER_ALGO_TWOFISH:
+ return (module == GNUPG_MODULE_NAME_GPG
+ && (mode == GCRY_CIPHER_MODE_NONE || mode == GCRY_CIPHER_MODE_CFB)
+ && ! producer);
+ default:
+ return 0;
+ }
+ log_assert (!"reached");
+
+ default:
+ /* The default policy is to allow all algorithms. */
+ return 1;
+ }
+
+ log_assert (!"reached");
+}
+
+
/* Return true if DIGEST is compliant to the given COMPLIANCE mode. */
int
gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance, digest_algo_t digest)
@@ -260,6 +410,44 @@ gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance, digest_algo_t
}
+/* Return true if DIGEST is allowed in the given COMPLIANCE mode. If
+ * PRODUCER is true, the predicate is evaluated for the producer, if
+ * false for the consumer. This way policies can be strict in what
+ * they produce, and liberal in what they accept. */
+int
+gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer,
+ digest_algo_t digest)
+{
+ switch (compliance)
+ {
+ case CO_DE_VS:
+ switch (digest)
+ {
+ case DIGEST_ALGO_SHA256:
+ case DIGEST_ALGO_SHA384:
+ case DIGEST_ALGO_SHA512:
+ return 1;
+ case DIGEST_ALGO_SHA1:
+ case DIGEST_ALGO_SHA224:
+ case DIGEST_ALGO_RMD160:
+ return ! producer;
+ case DIGEST_ALGO_MD5:
+ case GCRY_MD_WHIRLPOOL:
+ return ! producer && module == GNUPG_MODULE_NAME_GPGSM;
+ default:
+ return 0;
+ }
+ log_assert (!"reached");
+
+ default:
+ /* The default policy is to allow all algorithms. */
+ return 1;
+ }
+
+ log_assert (!"reached");
+}
+
+
const char *
gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance)
{
diff --git a/common/compliance.h b/common/compliance.h
index e57495d..b2c9695 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -41,14 +41,28 @@ enum gnupg_compliance_mode
CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
};
+enum pk_use_case
+ {
+ PK_USE_ENCRYPTION, PK_USE_DECRYPTION,
+ PK_USE_SIGNING, PK_USE_VERIFICATION,
+ };
+
int gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
gcry_mpi_t key[], unsigned int keylength,
const char *curvename);
+int gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
+ enum pk_use_case use, int algo, gcry_mpi_t key[],
+ unsigned int keylength, const char *curvename);
int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
cipher_algo_t cipher,
enum gcry_cipher_modes mode);
+int gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
+ cipher_algo_t cipher,
+ enum gcry_cipher_modes mode);
int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
digest_algo_t digest);
+int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer,
+ digest_algo_t digest);
const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);
struct gnupg_compliance_option
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c
index 96e2487..7023301 100644
--- a/g10/decrypt-data.c
+++ b/g10/decrypt-data.c
@@ -29,6 +29,7 @@
#include "options.h"
#include "../common/i18n.h"
#include "../common/status.h"
+#include "../common/compliance.h"
static int mdc_decode_filter ( void *opaque, int control, IOBUF a,
@@ -97,6 +98,17 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
dek->algo_info_printed = 1;
}
+ /* Check compliance. */
+ if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, GCRY_CIPHER_MODE_CFB))
+ {
+ log_error (_ ("you may not use cipher algorithm '%s'"
+ " while in %s mode\n"),
+ openpgp_cipher_algo_name (dek->algo),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+ goto leave;
+ }
+
{
char buf[20];
diff --git a/g10/encrypt.c b/g10/encrypt.c
index 66f49f4..ee2f078 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -38,6 +38,7 @@
#include "../common/i18n.h"
#include "../common/status.h"
#include "pkglue.h"
+#include "../common/compliance.h"
static int encrypt_simple( const char *filename, int mode, int use_seskey );
@@ -612,6 +613,35 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
cfx.dek->algo = opt.def_cipher_algo;
}
+ /* Check compliance. */
+ if (! gnupg_cipher_is_allowed (opt.compliance, 1, cfx.dek->algo,
+ GCRY_CIPHER_MODE_CFB))
+ {
+ log_error (_ ("you may not use cipher algorithm '%s'"
+ " while in %s mode\n"),
+ openpgp_cipher_algo_name (cfx.dek->algo),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+ goto leave;
+ }
+
+ {
+ pk_list_t pkr;
+ for (pkr = pk_list; pkr; pkr = pkr->next)
+ {
+ PKT_public_key *pk = pkr->pk;
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk->pubkey_algo,
+ pk->pkey, nbits_from_pk (pk), NULL))
+ {
+ log_error ("key %s not suitable for encryption while in %s mode\n",
+ keystr_from_pk (pk),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto leave;
+ }
+ }
+ }
+
cfx.dek->use_mdc = use_mdc (pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a
diff --git a/g10/gpg.c b/g10/gpg.c
index f01c82d..d777d13 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -62,6 +62,7 @@
#include "../common/init.h"
#include "../common/mbox-util.h"
#include "../common/shareddefs.h"
+#include "../common/compliance.h"
#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
#define MY_O_BINARY O_BINARY
@@ -3866,6 +3867,43 @@ main (int argc, char **argv)
}
}
+ /* Check our chosen algorithms against the list of allowed
+ * algorithms in the current compliance mode, and fail hard if it
+ * is not. This is us being nice to the user informing her early
+ * that the chosen algorithms are not available. We also check
+ * and enforce this right before the actual operation. */
+ if (opt.def_cipher_algo
+ && ! gnupg_cipher_is_allowed (opt.compliance,
+ cmd == aEncr
+ || cmd == aSignEncr
+ || cmd == aEncrSym
+ || cmd == aSym
+ || cmd == aSignSym
+ || cmd == aSignEncrSym,
+ opt.def_cipher_algo,
+ GCRY_CIPHER_MODE_NONE))
+ log_error (_ ("you may not use cipher algorithm '%s'"
+ " while in %s mode\n"),
+ openpgp_cipher_algo_name (opt.def_cipher_algo),
+ gnupg_compliance_option_string (opt.compliance));
+
+ if (opt.def_digest_algo
+ && ! gnupg_digest_is_allowed (opt.compliance,
+ cmd == aSign
+ || cmd == aSignEncr
+ || cmd == aSignEncrSym
+ || cmd == aSignSym
+ || cmd == aClearsign,
+ opt.def_digest_algo))
+ log_error (_ ("you may not use digest algorithm '%s'"
+ " while in %s mode\n"),
+ gcry_md_algo_name (opt.def_digest_algo),
+ gnupg_compliance_option_string (opt.compliance));
+
+ /* Fail hard. */
+ if (log_get_errorcount (0))
+ g10_exit (2);
+
/* Set the random seed file. */
if( use_random_seed ) {
char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index d0eaab7..9a7c091 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -35,6 +35,7 @@
#include "pkglue.h"
#include "call-agent.h"
#include "../common/host2net.h"
+#include "../common/compliance.h"
static gpg_error_t get_it (ctrl_t ctrl, PKT_pubkey_enc *k,
@@ -88,7 +89,20 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
sk = xmalloc_clear (sizeof *sk);
sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */
if (!(rc = get_seckey (ctrl, sk, k->keyid)))
- rc = get_it (ctrl, k, dek, sk, k->keyid);
+ {
+ /* Check compliance. */
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+ sk->pubkey_algo,
+ sk->pkey, nbits_from_pk (sk), NULL))
+ {
+ log_info ("key %s not suitable for decryption while in %s mode\n",
+ keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+ free_public_key (sk);
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+ }
+
+ rc = get_it (ctrl, k, dek, sk, k->keyid);
+ }
}
else if (opt.skip_hidden_recipients)
rc = gpg_error (GPG_ERR_NO_SECKEY);
@@ -116,6 +130,16 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
log_info (_("anonymous recipient; trying secret key %s ...\n"),
keystr (keyid));
+ /* Check compliance. */
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+ sk->pubkey_algo,
+ sk->pkey, nbits_from_pk (sk), NULL))
+ {
+ log_info ("key %s not suitable for decryption while in %s mode\n",
+ keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+ continue;
+ }
+
rc = get_it (ctrl, k, dek, sk, keyid);
if (!rc)
{
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 19906e2..ef97e17 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -33,6 +33,7 @@
#include "../common/i18n.h"
#include "options.h"
#include "pkglue.h"
+#include "../common/compliance.h"
static int check_signature_end (PKT_public_key *pk, PKT_signature *sig,
gcry_md_hd_t digest,
@@ -132,6 +133,15 @@ check_signature2 (ctrl_t ctrl,
if ( (rc=openpgp_md_test_algo(sig->digest_algo)) )
; /* We don't have this digest. */
+ else if (! gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo))
+ {
+ /* Compliance failure. */
+ log_info (_ ("you may not use digest algorithm '%s'"
+ " while in %s mode\n"),
+ gcry_md_algo_name (sig->digest_algo),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_DIGEST_ALGO);
+ }
else if ((rc=openpgp_pk_test_algo(sig->pubkey_algo)))
; /* We don't have this pubkey algo. */
else if (!gcry_md_is_enabled (digest,sig->digest_algo))
@@ -146,6 +156,15 @@ check_signature2 (ctrl_t ctrl,
}
else if( get_pubkey (ctrl, pk, sig->keyid ) )
rc = gpg_error (GPG_ERR_NO_PUBKEY);
+ else if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
+ pk->pubkey_algo, pk->pkey, nbits_from_pk (pk),
+ NULL))
+ {
+ /* Compliance failure. */
+ log_info ("key %s not suitable for signature verification while in %s mode\n",
+ keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ }
else if(!pk->flags.valid)
{
/* You cannot have a good sig from an invalid key. */
diff --git a/g10/sign.c b/g10/sign.c
index 6b55fff..024dd06 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -41,6 +41,7 @@
#include "../common/sysutils.h"
#include "call-agent.h"
#include "../common/mbox-util.h"
+#include "../common/compliance.h"
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
@@ -277,6 +278,27 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
if (!mdalgo)
mdalgo = gcry_md_get_algo (md);
+ /* Check compliance. */
+ if (! gnupg_digest_is_allowed (opt.compliance, 1, mdalgo))
+ {
+ log_error (_ ("you may not use digest algorithm '%s'"
+ " while in %s mode\n"),
+ gcry_md_algo_name (mdalgo),
+ gnupg_compliance_option_string (opt.compliance));
+ err = gpg_error (GPG_ERR_DIGEST_ALGO);
+ goto leave;
+ }
+
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pksk->pubkey_algo,
+ pksk->pkey, nbits_from_pk (pksk), NULL))
+ {
+ log_error ("key %s not suitable for signing while in %s mode\n",
+ keystr_from_pk (pksk),
+ gnupg_compliance_option_string (opt.compliance));
+ err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto leave;
+ }
+
print_digest_algo_note (mdalgo);
dp = gcry_md_read (md, mdalgo);
sig->digest_algo = mdalgo;
@@ -321,6 +343,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
}
xfree (hexgrip);
+ leave:
if (err)
log_error (_("signing failed: %s\n"), gpg_strerror (err));
else
diff --git a/sm/decrypt.c b/sm/decrypt.c
index a36f690..6909b15 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -358,6 +358,17 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
goto leave;
}
+ /* Check compliance. */
+ if (! gnupg_cipher_is_allowed (opt.compliance, 0, algo, mode))
+ {
+ log_error (_ ("you may not use cipher algorithm '%s'"
+ " while in %s mode\n"),
+ gcry_cipher_algo_name (algo),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+ goto leave;
+ }
+
/* For CMS, CO_DE_VS demands CBC mode. */
is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);
@@ -465,15 +476,27 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
desc = gpgsm_format_keydesc (cert);
- /* Check that all certs are compliant with CO_DE_VS. */
- if (is_de_vs)
- {
- unsigned int nbits;
- int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
-
- is_de_vs = gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
- nbits, NULL);
- }
+ {
+ unsigned int nbits;
+ int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
+
+ /* Check compliance. */
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+ pk_algo, NULL, nbits, NULL))
+ {
+ log_error ("certificate ID 0x%08lX not suitable for "
+ "decryption while in %s mode\n",
+ gpgsm_get_short_fingerprint (cert, NULL),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto oops;
+ }
+
+ /* Check that all certs are compliant with CO_DE_VS. */
+ is_de_vs = (is_de_vs
+ && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
+ nbits, NULL));
+ }
oops:
if (rc)
diff --git a/sm/encrypt.c b/sm/encrypt.c
index c43a9e6..45860a8 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -33,6 +33,7 @@
#include "keydb.h"
#include "../common/i18n.h"
+#include "../common/compliance.h"
struct dek_s {
@@ -405,6 +406,19 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
goto leave;
}
+ /* Check compliance. */
+ if (! gnupg_cipher_is_allowed (opt.compliance, 1,
+ gcry_cipher_map_name (opt.def_cipher_algoid),
+ gcry_cipher_mode_from_oid (opt.def_cipher_algoid)))
+ {
+ log_error (_ ("you may not use cipher algorithm '%s'"
+ " while in %s mode\n"),
+ opt.def_cipher_algoid,
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+ goto leave;
+ }
+
/* Create a session key */
dek = xtrycalloc_secure (1, sizeof *dek);
if (!dek)
@@ -448,6 +462,20 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
{
unsigned char *encval;
+ /* Check compliance. */
+ unsigned int nbits;
+ int pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo,
+ NULL, nbits, NULL))
+ {
+ log_error ("certificate ID 0x%08lX not suitable for "
+ "encryption while in %s mode\n",
+ gpgsm_get_short_fingerprint (cl->cert, NULL),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto leave;
+ }
+
rc = encrypt_dek (dek, cl->cert, &encval);
if (rc)
{
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index f749cfd..c462544 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1614,6 +1614,43 @@ main ( int argc, char **argv)
}
}
+ /* Check our chosen algorithms against the list of allowed
+ * algorithms in the current compliance mode, and fail hard if it is
+ * not. This is us being nice to the user informing her early that
+ * the chosen algorithms are not available. We also check and
+ * enforce this right before the actual operation. */
+ if (! gnupg_cipher_is_allowed (opt.compliance,
+ cmd == aEncr || cmd == aSignEncr,
+ gcry_cipher_map_name (opt.def_cipher_algoid),
+ GCRY_CIPHER_MODE_NONE)
+ && ! gnupg_cipher_is_allowed (opt.compliance,
+ cmd == aEncr || cmd == aSignEncr,
+ gcry_cipher_mode_from_oid (opt.def_cipher_algoid),
+ GCRY_CIPHER_MODE_NONE))
+ log_error (_ ("you may not use cipher algorithm '%s'"
+ " while in %s mode\n"),
+ opt.def_cipher_algoid, gnupg_compliance_option_string (opt.compliance));
+
+ if (forced_digest_algo
+ && ! gnupg_digest_is_allowed (opt.compliance,
+ cmd == aSign
+ || cmd == aSignEncr
+ || cmd == aClearsign,
+ opt.forced_digest_algo))
+ log_error (_ ("you may not use digest algorithm '%s'"
+ " while in %s mode\n"),
+ forced_digest_algo, gnupg_compliance_option_string (opt.compliance));
+
+ if (extra_digest_algo
+ && ! gnupg_digest_is_allowed (opt.compliance,
+ cmd == aSign
+ || cmd == aSignEncr
+ || cmd == aClearsign,
+ opt.extra_digest_algo))
+ log_error (_ ("you may not use digest algorithm '%s'"
+ " while in %s mode\n"),
+ forced_digest_algo, gnupg_compliance_option_string (opt.compliance));
+
if (log_get_errorcount(0))
gpgsm_exit(2);
diff --git a/sm/sign.c b/sm/sign.c
index e65562d..2fbee75 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -460,6 +460,33 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
break;
}
cl->hash_algo_oid = oid;
+
+ /* Check compliance. */
+ if (! gnupg_digest_is_allowed (opt.compliance, 1, cl->hash_algo))
+ {
+ log_error (_ ("you may not use digest algorithm '%s'"
+ " while in %s mode\n"),
+ gcry_md_algo_name (cl->hash_algo),
+ gnupg_compliance_option_string (opt.compliance));
+ err = gpg_error (GPG_ERR_DIGEST_ALGO);
+ goto leave;
+ }
+
+ {
+ unsigned int nbits;
+ int pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
+
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo,
+ NULL, nbits, NULL))
+ {
+ log_error ("certificate ID 0x%08lX not suitable for "
+ "signing while in %s mode\n",
+ gpgsm_get_short_fingerprint (cl->cert, NULL),
+ gnupg_compliance_option_string (opt.compliance));
+ err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto leave;
+ }
+ }
}
if (opt.verbose)
diff --git a/sm/verify.c b/sm/verify.c
index e19c04e..89f06ef 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -450,6 +450,37 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
goto next_signer;
}
+ /* Check compliance. */
+ {
+ unsigned int nbits;
+ int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
+
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
+ pk_algo, NULL, nbits, NULL))
+ {
+ log_error ("certificate ID 0x%08lX not suitable for "
+ "verification while in %s mode\n",
+ gpgsm_get_short_fingerprint (cert, NULL),
+ gnupg_compliance_option_string (opt.compliance));
+ goto next_signer;
+ }
+
+ if (! gnupg_digest_is_allowed (opt.compliance, 0, sigval_hash_algo))
+ {
+ log_error (_ ("you may not use digest algorithm '%s'"
+ " while in %s mode\n"),
+ gcry_md_algo_name (sigval_hash_algo),
+ gnupg_compliance_option_string (opt.compliance));
+ goto next_signer;
+ }
+
+ /* Check compliance with CO_DE_VS. */
+ if (gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, nbits, NULL)
+ && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo))
+ gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE,
+ gnupg_status_compliance_flag (CO_DE_VS));
+ }
+
log_info (_("Signature made "));
if (*sigtime)
dump_isotime (sigtime);
@@ -632,17 +663,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
(verifyflags & VALIDATE_FLAG_CHAIN_MODEL)?
"0 chain": "0 shell");
- /* Check compliance with CO_DE_VS. */
- {
- unsigned int nbits;
- int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
-
- if (gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, nbits, NULL)
- && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo))
- gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE,
- gnupg_status_compliance_flag (CO_DE_VS));
- }
-
next_signer:
rc = 0;
xfree (issuer);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list