1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00

gpg,common: Move the compliance framework.

* common/Makefile.am (common_sources): Add new files.
* common/compliance.c: New file.  Move 'gnupg_pk_is_compliant' here,
and tweak it to not rely on types private to gpg.
* common/compliance.h: New file.  Move the compliance enum here.
* g10/keylist.c (print_compliance_flags): Adapt callsite.
* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
* g10/misc.c (gnupg_pk_is_compliant): Remove function.
* g10/options.h (opt): Use the new compliance enum.
* sm/keylist.c (print_compliance_flags): Use the common functions.

Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2017-05-31 14:33:45 +02:00
parent 02af509dfc
commit 8a012280e0
No known key found for this signature in database
GPG key ID: DD1A52F9DA8C9020
8 changed files with 207 additions and 102 deletions

View file

@ -44,6 +44,7 @@
#include "../common/mbox-util.h"
#include "../common/zb32.h"
#include "tofu.h"
#include "../common/compliance.h"
static void list_all (ctrl_t, int, int);
@ -1180,14 +1181,19 @@ print_compliance_flags (PKT_public_key *pk,
{
int any = 0;
if (!keylength)
keylength = nbits_from_pk (pk);
if (pk->version == 5)
{
es_fputs ("8", es_stdout);
es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout);
any++;
}
if (gnupg_pk_is_compliant (CO_DE_VS, pk, keylength, curvename))
if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
keylength, curvename))
{
es_fputs (any? " 23":"23", es_stdout);
es_fprintf (es_stdout, any ? " %s" : "%s",
gnupg_status_compliance_flag (CO_DE_VS));
any++;
}
}

View file

@ -126,9 +126,6 @@ int openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use);
int openpgp_pk_algo_usage ( int algo );
const char *openpgp_pk_algo_name (pubkey_algo_t algo);
int gnupg_pk_is_compliant (int compliance, PKT_public_key *pk,
unsigned int keylength, const char *curvename);
enum gcry_md_algos map_md_openpgp_to_gcry (digest_algo_t algo);
int openpgp_md_test_algo (digest_algo_t algo);
const char *openpgp_md_algo_name (int algo);

View file

@ -707,94 +707,6 @@ openpgp_pk_algo_name (pubkey_algo_t algo)
}
/* Return true if PK is compliant to the give COMPLIANCE mode. If
* KEYLENGTH and CURVENAME are not 0/NULL the are assumed to be the
* already computed values from PK. */
int
gnupg_pk_is_compliant (int compliance, PKT_public_key *pk,
unsigned int keylength, const char *curvename)
{
enum { is_rsa, is_pgp5, is_elg_sign, is_ecc } algotype;
int result;
switch (pk->pubkey_algo)
{
case PUBKEY_ALGO_RSA:
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S:
algotype = is_rsa;
break;
case PUBKEY_ALGO_ELGAMAL_E:
case PUBKEY_ALGO_DSA:
algotype = is_pgp5;
break;
case PUBKEY_ALGO_ECDH:
case PUBKEY_ALGO_ECDSA:
case PUBKEY_ALGO_EDDSA:
algotype = is_ecc;
break;
case PUBKEY_ALGO_ELGAMAL:
algotype = is_elg_sign;
break;
default: /* Unknown. */
return 0;
}
if (compliance == CO_DE_VS)
{
char *curve = NULL;
switch (algotype)
{
case is_pgp5:
result = 0;
break;
case is_rsa:
if (!keylength)
keylength = nbits_from_pk (pk);
result = (keylength >= 2048);
break;
case is_ecc:
if (!curvename)
{
curve = openpgp_oid_to_str (pk->pkey[0]);
curvename = openpgp_oid_to_curve (curve, 0);
if (!curvename)
curvename = curve;
}
result = (curvename
&& pk->pubkey_algo != PUBKEY_ALGO_EDDSA
&& (!strcmp (curvename, "brainpoolP256r1")
|| !strcmp (curvename, "brainpoolP384r1")
|| !strcmp (curvename, "brainpoolP512r1")));
break;
default:
result = 0;
}
xfree (curve);
}
else if (algotype == is_elg_sign)
{
/* An Elgamal signing key is only RFC-2440 compliant. */
result = (compliance == CO_RFC2440);
}
else
{
result = 1; /* Assume compliance. */
}
return result;
}
/* Explicit mapping of OpenPGP digest algos to Libgcrypt. */
/* FIXME: We do not yes use it everywhere. */
enum gcry_md_algos

View file

@ -28,6 +28,7 @@
#include "packet.h"
#include "tofu.h"
#include "../common/session-env.h"
#include "../common/compliance.h"
#ifndef EXTERN_UNLESS_MAIN_MODULE
/* Norcraft can't cope with common symbols */
@ -139,11 +140,7 @@ struct
} trust_model;
enum tofu_policy tofu_default_policy;
int force_ownertrust;
enum
{
CO_GNUPG, CO_RFC4880, CO_RFC2440,
CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
} compliance;
enum gnupg_compliance_mode compliance;
enum
{
KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG