gpg: Tweak compliance checking for verification

* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow verification. * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning. * g10/sig-check.c (check_signature2): Use log_error instead of log_info. -- We should be able to verify all signatures. So we only print a warning. That is the same beheavour as for untrusted keys etc. GnuPG-bug-id: 3311 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-03 12:11:33 +01:00 · 2017-07-27 16:22:36 +02:00 · 2017-07-27 16:22:36 +02:00 · 6502bb0d2a
commit 6502bb0d2a
parent 1bd22a85b4
3 changed files with 54 additions and 48 deletions
--- a/common/compliance.c
+++ b/common/compliance.c
@ -200,6 +200,8 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 		     enum pk_use_case use, int algo, gcry_mpi_t key[],
 		     unsigned int keylength, const char *curvename)
 {
+  int result = 0;
+
  if (! initialized)
    return 1;

@ -214,47 +216,41 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 	  switch (use)
 	    {
 	    case PK_USE_DECRYPTION:
-	      return 1;
+	    case PK_USE_VERIFICATION:
+	      result = 1;
+              break;
 	    case PK_USE_ENCRYPTION:
 	    case PK_USE_SIGNING:
-	      return (keylength == 2048
-		      || keylength == 3072
-		      || keylength == 4096);
-	    case PK_USE_VERIFICATION:
-	      return (keylength == 2048
-		      || keylength == 3072
-		      || keylength == 4096
-		      || keylength < 2048);
+	      result = (keylength == 2048
+                        || keylength == 3072
+                        || keylength == 4096);
+              break;
 	    default:
 	      log_assert (!"reached");
 	    }
-	  log_assert (!"reached");
+	  break;

 	case PUBKEY_ALGO_DSA:
-	  if (key)
+          if (use == PK_USE_VERIFICATION)
+            result = 1;
+	  else if (use == PK_USE_SIGNING && key)
 	    {
 	      size_t P = gcry_mpi_get_nbits (key[0]);
 	      size_t Q = gcry_mpi_get_nbits (key[1]);
-	      return ((use == PK_USE_SIGNING
-		       && Q == 256
-		       && (P == 2048 || P == 3072))
-		      || (use == PK_USE_VERIFICATION
-			  && P < 2048));
-	    }
-	  else
-	    return 0;
-	  log_assert (!"reached");
+	      result = (Q == 256 && (P == 2048 || P == 3072));
+            }
+          break;

 	case PUBKEY_ALGO_ELGAMAL:
 	case PUBKEY_ALGO_ELGAMAL_E:
-	  return use == PK_USE_DECRYPTION;
+	  result = (use == PK_USE_DECRYPTION);
+          break;

 	case PUBKEY_ALGO_ECDH:
 	  if (use == PK_USE_DECRYPTION)
-            return 1;
+            result = 1;
          else if (use == PK_USE_ENCRYPTION)
            {
-              int result = 0;
              char *curve = NULL;

              if (!curvename && key)
@ -271,17 +267,17 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
                            || !strcmp (curvename, "brainpoolP512r1")));

              xfree (curve);
-              return result;
            }
-          else
-            return 0;
+          break;

 	case PUBKEY_ALGO_ECDSA:
-	  {
-	    int result = 0;
-	    char *curve = NULL;
+          if (use == PK_USE_VERIFICATION)
+            result = 1;
+          else
+            {
+              char *curve = NULL;

-	    if (! curvename && key)
+              if (! curvename && key)
 	      {
 		curve = openpgp_oid_to_str (key[0]);
 		curvename = openpgp_oid_to_curve (curve, 0);
@ -289,31 +285,30 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 		  curvename = curve;
 	      }

-	    result = ((use == PK_USE_SIGNING
-		       && curvename
-		       && (!strcmp (curvename, "brainpoolP256r1")
-			   || !strcmp (curvename, "brainpoolP384r1")
-			   || !strcmp (curvename, "brainpoolP512r1")))
-		      || use == PK_USE_VERIFICATION);
+              result = (use == PK_USE_SIGNING
+                         && curvename
+                         && (!strcmp (curvename, "brainpoolP256r1")
+                             || !strcmp (curvename, "brainpoolP384r1")
+                             || !strcmp (curvename, "brainpoolP512r1")));
+              xfree (curve);
+            }
+          break;

-	    xfree (curve);
-	    return result;
-	  }

 	case PUBKEY_ALGO_EDDSA:
-	  return 0;
+	  break;

 	default:
-	  return 0;
+	  break;
 	}
-      log_assert (!"reached");
+      break;

    default:
      /* The default policy is to allow all algorithms.  */
-      return 1;
+      result = 1;
    }

-  log_assert (!"reached");
+  return result;
 }


--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -2168,6 +2168,16 @@ check_sig_and_print (CTX c, kbnode_t node)
                               mainpkhex);
 	}

+      /* Print compliance warning for Good signatures.  */
+      if (!rc && pk && !opt.quiet
+          && !gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo,
+                                     pk->pkey, nbits_from_pk (pk), NULL))
+        {
+          log_info (_("WARNING: This key is not suitable for signing"
+                      " in %s mode\n"),
+                    gnupg_compliance_option_string (opt.compliance));
+        }
+
      /* For good signatures compute and print the trust information.
         Note that in the Tofu trust model this may ask the user on
         how to resolve a conflict.  */
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -162,10 +162,10 @@ check_signature2 (ctrl_t ctrl,
 				    NULL))
      {
 	/* Compliance failure.  */
-	log_info (_("key %s not suitable for signature verification"
-                    " while in %s mode\n"),
-		  keystr_from_pk (pk),
-                  gnupg_compliance_option_string (opt.compliance));
+	log_error (_("key %s is not suitable for signature verification"
+                     " in %s mode\n"),
+                   keystr_from_pk (pk),
+                   gnupg_compliance_option_string (opt.compliance));
 	rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
      }
    else if(!pk->flags.valid)
@ -207,6 +207,7 @@ check_signature2 (ctrl_t ctrl,
 		rc = gpg_error (GPG_ERR_GENERAL);
 	      }
 	  }
+
      }

    if( !rc && sig->sig_class < 2 && is_status_enabled() ) {