common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
author: Justus Winter <justus@g10code.com> 2017-06-06 16:01:40 +0200
committer: Justus Winter <justus@g10code.com> 2017-06-08 14:22:54 +0200
commit: a64a55e10420cf11e00062b590dffe5d0c3e8192 (patch)
tree: 28b9c216316dd1a1aa48b397f68f475023dfea03 /g10/sig-check.c
parent: gpg: Fix computation of compliance with CO_DE_VS. (diff)
download: gnupg2-a64a55e10420cf11e00062b590dffe5d0c3e8192.tar.xz
gnupg2-a64a55e10420cf11e00062b590dffe5d0c3e8192.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 19906e29d..ef97e17d4 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -33,6 +33,7 @@
 #include "../common/i18n.h"
 #include "options.h"
 #include "pkglue.h"
+#include "../common/compliance.h"
 
 static int check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 				gcry_md_hd_t digest,
@@ -132,6 +133,15 @@ check_signature2 (ctrl_t ctrl,
 
     if ( (rc=openpgp_md_test_algo(sig->digest_algo)) )
       ; /* We don't have this digest. */
+    else if (! gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo))
+      {
+	/* Compliance failure.  */
+	log_info (_ ("you may not use digest algorithm '%s'"
+		     " while in %s mode\n"),
+		  gcry_md_algo_name (sig->digest_algo),
+		  gnupg_compliance_option_string (opt.compliance));
+	rc = gpg_error (GPG_ERR_DIGEST_ALGO);
+      }
     else if ((rc=openpgp_pk_test_algo(sig->pubkey_algo)))
       ; /* We don't have this pubkey algo. */
     else if (!gcry_md_is_enabled (digest,sig->digest_algo))
@@ -146,6 +156,15 @@ check_signature2 (ctrl_t ctrl,
       }
     else if( get_pubkey (ctrl, pk, sig->keyid ) )
       rc = gpg_error (GPG_ERR_NO_PUBKEY);
+    else if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
+				    pk->pubkey_algo, pk->pkey, nbits_from_pk (pk),
+				    NULL))
+      {
+	/* Compliance failure.  */
+	log_info ("key %s not suitable for signature verification while in %s mode\n",
+		  keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance));
+	rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+      }
     else if(!pk->flags.valid)
       {
         /* You cannot have a good sig from an invalid key.  */
author	Justus Winter <justus@g10code.com>	2017-06-06 16:01:40 +0200
committer	Justus Winter <justus@g10code.com>	2017-06-08 14:22:54 +0200
commit	a64a55e10420cf11e00062b590dffe5d0c3e8192 (patch)
tree	28b9c216316dd1a1aa48b397f68f475023dfea03 /g10/sig-check.c
parent	gpg: Fix computation of compliance with CO_DE_VS. (diff)
download	gnupg2-a64a55e10420cf11e00062b590dffe5d0c3e8192.tar.xz gnupg2-a64a55e10420cf11e00062b590dffe5d0c3e8192.zip