[Pkg-gnupg-commit] [gnupg2] 169/185: gpg: Tweak compliance checking for verification
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:33 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 6502bb0d2af5784918ebb74242fff6f0a72844bf
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jul 27 16:22:36 2017 +0200
gpg: Tweak compliance checking for verification
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--
We should be able to verify all signatures. So we only print a
warning. That is the same beheavour as for untrusted keys etc.
GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk at gnupg.org>
---
common/compliance.c | 83 +++++++++++++++++++++++++----------------------------
g10/mainproc.c | 10 +++++++
g10/sig-check.c | 9 +++---
3 files changed, 54 insertions(+), 48 deletions(-)
diff --git a/common/compliance.c b/common/compliance.c
index 9511724..49aada1 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -200,6 +200,8 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
enum pk_use_case use, int algo, gcry_mpi_t key[],
unsigned int keylength, const char *curvename)
{
+ int result = 0;
+
if (! initialized)
return 1;
@@ -214,47 +216,41 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
switch (use)
{
case PK_USE_DECRYPTION:
- return 1;
+ case PK_USE_VERIFICATION:
+ result = 1;
+ break;
case PK_USE_ENCRYPTION:
case PK_USE_SIGNING:
- return (keylength == 2048
- || keylength == 3072
- || keylength == 4096);
- case PK_USE_VERIFICATION:
- return (keylength == 2048
- || keylength == 3072
- || keylength == 4096
- || keylength < 2048);
+ result = (keylength == 2048
+ || keylength == 3072
+ || keylength == 4096);
+ break;
default:
log_assert (!"reached");
}
- log_assert (!"reached");
+ break;
case PUBKEY_ALGO_DSA:
- if (key)
+ if (use == PK_USE_VERIFICATION)
+ result = 1;
+ else if (use == PK_USE_SIGNING && key)
{
size_t P = gcry_mpi_get_nbits (key[0]);
size_t Q = gcry_mpi_get_nbits (key[1]);
- return ((use == PK_USE_SIGNING
- && Q == 256
- && (P == 2048 || P == 3072))
- || (use == PK_USE_VERIFICATION
- && P < 2048));
- }
- else
- return 0;
- log_assert (!"reached");
+ result = (Q == 256 && (P == 2048 || P == 3072));
+ }
+ break;
case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_ELGAMAL_E:
- return use == PK_USE_DECRYPTION;
+ result = (use == PK_USE_DECRYPTION);
+ break;
case PUBKEY_ALGO_ECDH:
if (use == PK_USE_DECRYPTION)
- return 1;
+ result = 1;
else if (use == PK_USE_ENCRYPTION)
{
- int result = 0;
char *curve = NULL;
if (!curvename && key)
@@ -271,17 +267,17 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
|| !strcmp (curvename, "brainpoolP512r1")));
xfree (curve);
- return result;
}
- else
- return 0;
+ break;
case PUBKEY_ALGO_ECDSA:
- {
- int result = 0;
- char *curve = NULL;
+ if (use == PK_USE_VERIFICATION)
+ result = 1;
+ else
+ {
+ char *curve = NULL;
- if (! curvename && key)
+ if (! curvename && key)
{
curve = openpgp_oid_to_str (key[0]);
curvename = openpgp_oid_to_curve (curve, 0);
@@ -289,31 +285,30 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
curvename = curve;
}
- result = ((use == PK_USE_SIGNING
- && curvename
- && (!strcmp (curvename, "brainpoolP256r1")
- || !strcmp (curvename, "brainpoolP384r1")
- || !strcmp (curvename, "brainpoolP512r1")))
- || use == PK_USE_VERIFICATION);
+ result = (use == PK_USE_SIGNING
+ && curvename
+ && (!strcmp (curvename, "brainpoolP256r1")
+ || !strcmp (curvename, "brainpoolP384r1")
+ || !strcmp (curvename, "brainpoolP512r1")));
+ xfree (curve);
+ }
+ break;
- xfree (curve);
- return result;
- }
case PUBKEY_ALGO_EDDSA:
- return 0;
+ break;
default:
- return 0;
+ break;
}
- log_assert (!"reached");
+ break;
default:
/* The default policy is to allow all algorithms. */
- return 1;
+ result = 1;
}
- log_assert (!"reached");
+ return result;
}
diff --git a/g10/mainproc.c b/g10/mainproc.c
index d0584d3..b712e60 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -2168,6 +2168,16 @@ check_sig_and_print (CTX c, kbnode_t node)
mainpkhex);
}
+ /* Print compliance warning for Good signatures. */
+ if (!rc && pk && !opt.quiet
+ && !gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo,
+ pk->pkey, nbits_from_pk (pk), NULL))
+ {
+ log_info (_("WARNING: This key is not suitable for signing"
+ " in %s mode\n"),
+ gnupg_compliance_option_string (opt.compliance));
+ }
+
/* For good signatures compute and print the trust information.
Note that in the Tofu trust model this may ask the user on
how to resolve a conflict. */
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 9123179..2a3acc4 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -162,10 +162,10 @@ check_signature2 (ctrl_t ctrl,
NULL))
{
/* Compliance failure. */
- log_info (_("key %s not suitable for signature verification"
- " while in %s mode\n"),
- keystr_from_pk (pk),
- gnupg_compliance_option_string (opt.compliance));
+ log_error (_("key %s is not suitable for signature verification"
+ " in %s mode\n"),
+ keystr_from_pk (pk),
+ gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
}
else if(!pk->flags.valid)
@@ -207,6 +207,7 @@ check_signature2 (ctrl_t ctrl,
rc = gpg_error (GPG_ERR_GENERAL);
}
}
+
}
if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list