summaryrefslogtreecommitdiffstats
path: root/common/compliance.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* doc: Fix spelling errors found by lintian.Werner Koch2024-01-291-1/+1
| | | | | | -- Reported-by: Andreas Metzler <ametzler@debian.org>
* gpgsm: Support ECDSA in de-vs mode.Werner Koch2023-11-081-2/+11
| | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_ECC18): New. * common/compliance.c (gnupg_pk_is_allowed): Implement. * sm/decrypt.c (gpgsm_decrypt): Pass new flag. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6802
* gpg: Replace --override-compliance-check by a real fix.Werner Koch2023-01-201-0/+4
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436 GnuPG-bug-id: 5655
* sm: Fix compliance checking for ECC signature verification.Werner Koch2023-01-121-2/+14
| | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Also consider the gcrypt vids for ECDSA et al. (gnupg_pk_is_allowed): Ditto. * sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance notice for a non-compliant key. * sm/certchain.c (gpgsm_validate_chain): Silence the "switching to chain model".
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-181-8/+25
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* common: Allow for GCM decryption in de-vs mode.Werner Koch2021-06-021-1/+2
| | | | | | | | | | | * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in decrypt mode. * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag -- We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen.
* common: Make the compliance check more robust.Werner Koch2021-04-011-16/+58
| | | | | | | | | | | | | * common/compliance.c (get_compliance_cache): New. (gnupg_rng_is_compliant): Use per mode cache. (gnupg_gcrypt_is_compliant): Ditto. -- This addresses the problem tha the check might be called with different compliance values and thus it should return the corresponding cached result. Signed-off-by: Werner Koch <wk@gnupg.org>
* Include the library version in the compliance checks.Werner Koch2021-01-281-15/+63
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_gcrypt_is_compliant): New. (gnupg_rng_is_compliant): Also check library version. * g10/mainproc.c (proc_encrypted): Use new function. (check_sig_and_print): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/verify.c (gpgsm_verify): Ditto -- This will eventually allow us to declare Libgcrypt 1.9 to be de-vs compliant. GnuPG can use this information then for its own checks. As of now GnuPG tests the version of the used library but that is a bit cumbersome to maintain. Signed-off-by: Werner Koch <wk@gnupg.org>
* Require Libgcrypt 1.9Werner Koch2021-01-191-4/+0
| | | | | | | | | | | * configure.ac: Require at least Libgcrypt 1.9.0. Remove all GCRYPT_VERSION_NUMBER dependent code. -- Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in RFC4880bis. Signed-off-by: Werner Koch <wk@gnupg.org>
* w32: Silence warning due to recent change of split_fields.Werner Koch2020-10-021-1/+1
| | | | | | * common/compliance.c (gnupg_rng_is_compliant): Make fields const. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgsm: Make rsaPSS a compliant scheme in de-vs mode.Werner Koch2020-07-141-8/+4
| | | | | | | -- GnuPG-bug-id: 4538 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Exclude rsaPSS from de-vs compliance mode.Werner Koch2020-07-031-1/+11
| | | | | | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Remove PGP6 compliance mode.Werner Koch2018-05-291-2/+0
| | | | | | | | * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Tweak compliance checking for verificationWerner Koch2017-07-271-44/+39
| | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Rework to always allow verification. * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning. * g10/sig-check.c (check_signature2): Use log_error instead of log_info. -- We should be able to verify all signatures. So we only print a warning. That is the same beheavour as for untrusted keys etc. GnuPG-bug-id: 3311 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,sm: Fix compliance checking for decryption.Werner Koch2017-07-271-14/+32
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal signing check. We don't support Elgamal signing at all. (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA. Check the curvenames for ECDH. * g10/pubkey-enc.c (get_session_key): Print only a warning if the key is not compliant. * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg so that we have only one translation. -- We always allow decryption and print only a note if the key was not complaint at the encryption site. GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,sm: Check compliance of the RNG.Werner Koch2017-07-171-0/+40
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_rng_is_compliant): New. * g10/call-agent.c (start_agent) [W32]: Check rng compliance. * sm/call-agent.c (start_agent) [W32]: Ditto. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * g10/sign.c (do_sign): Ditto. * sm/sign.c (gpgsm_sign): Ditto. -- Under Windows we need to check that the Jitter RNG is active in de-vs mode. Under Linux this is not necessary because /dev/random can be scrutinized and is believed to provide enough entropy. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,gpgsm: Fix compliance check for DSA and avoid an assert.Werner Koch2017-06-191-10/+11
| | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA check. Explicitly check for allowed ECC algos. (gnupg_pk_is_allowed): Swap P and Q for DSA check. * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace assert by debug message. -- Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0 condition is surprising because it leads to the assumption SYMKEYS could be negative. Better use a boolean test. The assert could have lead to a regression for no good reason. Not being compliant is better than breaking existing users. Signed-off-by: Werner Koch <wk@gnupg.org>
* indent: Always use "_(" and not "_ (" to mark translatable strings.Werner Koch2017-06-191-4/+5
| | | | | | | | -- This makes greping much easier and we have done that since ever. Signed-off-by: Werner Koch <wk@gnupg.org>
* Change license of some files to LGPLv2.1.Werner Koch2017-06-191-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * COPYING.LIB: Rename to COPYING.LGPL3. * COPYING.LGPL21: New. * COPYING.GPL2: New. * Makefile.am: Distribute them. * AUTHORS: Update license pointers. Add BSI as copyright holder. * common/compliance.c, common/compliance.h: Add BSI copyright notice. Break overlong lines. * dirmngr/loadswdb.c: Add BSI copyright notices. * dirmngr/server.c: Ditto. * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI copyright notice. * tools/call-dirmngr.h: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpg-wks.h: Ditto. * tools/mime-maker.c: Ditto. * tools/mime-maker.h: Ditto. * tools/mime-parser.c: Ditto. * tools/mime-parser.h: Ditto. * tools/send-mail.c: Ditto. * tools/send-mail.h: Ditto. * tools/wks-receive.c: Ditto. * tools/wks-util.c: Ditto. * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. -- For better deployment it seems to be better to make the Web Key Directory code more easily available. Some code was been developed under contract of the BSI. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Disable compliance module for other GnuPG components.Justus Winter2017-06-191-9/+15
| | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return false if the module is not initialized. (gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is not initialized. (gnupg_status_compliance_flag): Do not assert that the module is initialized. (gnupg_parse_compliance_option): Likewise. (gnupg_compliance_option_string): Likewise. -- This implements a default policy for modules not explicitly using the compliance module. The default policy is to allow all algorithms, but mark none of them as compliant. Fixes gpgv. GnuPG-bug-id: 3210 Signed-off-by: Justus Winter <justus@g10code.com>
* common: Fix -Wswitch warning.Werner Koch2017-06-131-1/+0
| | | | | | | | | | * common/compliance.c (gnupg_digest_is_allowed): Don't include GCRY_MD_WHIRLPOOL because it is not a digest_algo_t. -- Note that Whirlpool is not used anywhere in gpg or gpgsm. Signed-off-by: Werner Koch <wk@gnupg.org>
* common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.Justus Winter2017-06-081-0/+188
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
* common: Add cipher mode to compliance predicate.Justus Winter2017-06-071-3/+13
| | | | | | | | | | * common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter. * common/compliance.h (gnupg_cipher_is_compliant): Likewise. * g10/mainproc.c (proc_encrypted): Adapt callsite. * sm/decrypt.c (gpgsm_decrypt): Likewise. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <justus@g10code.com>
* common,gpg,sm: Initialize compliance module.Justus Winter2017-06-071-0/+63
| | | | | | | | | | * common/compliance.c (gnupg_initialize_compliance): New function. * common/compliance.h (gnupg_initialize_compliance): New prototype. * g10/gpg.c (main): Use the new function. * sm/gpgsm.c (main): Likewise. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
* common,gpg: Move the compliance option printer.Justus Winter2017-06-071-0/+19
| | | | | | | | | | | | | | * common/compliance.c (gnupg_compliance_option_string): New function. * common/compliance.h (gnupg_compliance_option_string): New prototype. * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite. * g10/gpg.c (main): Likewise. * g10/keyedit.c (keyedit_menu): Likewise. * g10/pkclist.c (build_pk_list): Likewise. * g10/main.h (compliance_option_string): Remove prototype. * g10/misc.c (compliance_option_string): Remove function. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
* common,gpg,sm: Move the compliance option parser.Justus Winter2017-06-071-0/+33
| | | | | | | | | | | | | | * common/compliance.c (gnupg_parse_compliance_option): New function. * common/compliance.h (struct gnupg_compliance_option): New type. (gnupg_parse_compliance_option): New prototype. * g10/gpg.c (parse_compliance_option): Remove function. (compliance_options): New variable. (main): Adapt callsite. * sm/gpgsm.c (main): Use the new common function. * sm/gpgsm.h (opt): New field 'compliance'. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
* common,g10: Fix typos.Justus Winter2017-06-061-3/+3
| | | | | -- Signed-off-by: Justus Winter <justus@g10code.com>
* gpg: Report compliance with CO_DE_VS.Justus Winter2017-06-011-3/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain parameters. (gnupg_cipher_is_compliant): New function. (gnupg_digest_is_compliant): Likewise. * common/compliance.h (gnupg_cipher_is_compliant): New prototype. (gnupg_digest_is_compliant): Likewise. * common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status. (STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise. * doc/DETAILS: Document the new status lines. * g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS and report that using the new status line. (check_sig_and_print): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- When decrypting data and verifying signatures, report whether the operations are in compliance with the criteria for data classified as VS-NfD. This information will be picked up by the frontend and presented to the user. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <justus@g10code.com>
* common: Improve checking for compliance with CO_DE_VS.Justus Winter2017-06-011-1/+3
| | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key sizes are compliant. Signed-off-by: Justus Winter <justus@g10code.com>
* gpg,common: Move the compliance framework.Justus Winter2017-06-011-0/+144
* common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <justus@g10code.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 01:26:29 +0100