gpg,common: Move the compliance framework.

* common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <justus@g10code.com>
2025-07-03 22:56:33 +02:00 · 2017-05-31 14:33:45 +02:00 · 2017-05-31 14:33:45 +02:00 · 8a012280e0
commit 8a012280e0
parent 02af509dfc
8 changed files with 207 additions and 102 deletions
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -44,6 +44,7 @@
 #include "../common/mbox-util.h"
 #include "../common/zb32.h"
 #include "tofu.h"
+#include "../common/compliance.h"


 static void list_all (ctrl_t, int, int);
@ -1180,14 +1181,19 @@ print_compliance_flags (PKT_public_key *pk,
 {
  int any = 0;

+  if (!keylength)
+    keylength = nbits_from_pk (pk);
+
  if (pk->version == 5)
    {
-      es_fputs ("8", es_stdout);
+      es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout);
      any++;
    }
-  if (gnupg_pk_is_compliant (CO_DE_VS, pk, keylength, curvename))
+  if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
+			     keylength, curvename))
    {
-      es_fputs (any? " 23":"23", es_stdout);
+      es_fprintf (es_stdout, any ? " %s" : "%s",
+		  gnupg_status_compliance_flag (CO_DE_VS));
      any++;
    }
 }
--- a/g10/main.h
+++ b/g10/main.h
@ -126,9 +126,6 @@ int openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use);
 int openpgp_pk_algo_usage ( int algo );
 const char *openpgp_pk_algo_name (pubkey_algo_t algo);

-int gnupg_pk_is_compliant (int compliance, PKT_public_key *pk,
-                           unsigned int keylength, const char *curvename);
-
 enum gcry_md_algos map_md_openpgp_to_gcry (digest_algo_t algo);
 int openpgp_md_test_algo (digest_algo_t algo);
 const char *openpgp_md_algo_name (int algo);
--- a/g10/misc.c
+++ b/g10/misc.c
@ -707,94 +707,6 @@ openpgp_pk_algo_name (pubkey_algo_t algo)
 }


-/* Return true if PK is compliant to the give COMPLIANCE mode.  If
- * KEYLENGTH and CURVENAME are not 0/NULL the are assumed to be the
- * already computed values from PK.  */
-int
-gnupg_pk_is_compliant (int compliance, PKT_public_key *pk,
-                       unsigned int keylength, const char *curvename)
-{
-  enum { is_rsa, is_pgp5, is_elg_sign, is_ecc } algotype;
-  int result;
-
-  switch (pk->pubkey_algo)
-    {
-    case PUBKEY_ALGO_RSA:
-    case PUBKEY_ALGO_RSA_E:
-    case PUBKEY_ALGO_RSA_S:
-      algotype = is_rsa;
-      break;
-
-    case PUBKEY_ALGO_ELGAMAL_E:
-    case PUBKEY_ALGO_DSA:
-      algotype = is_pgp5;
-      break;
-
-    case PUBKEY_ALGO_ECDH:
-    case PUBKEY_ALGO_ECDSA:
-    case PUBKEY_ALGO_EDDSA:
-      algotype = is_ecc;
-      break;
-
-    case PUBKEY_ALGO_ELGAMAL:
-      algotype = is_elg_sign;
-      break;
-
-    default: /* Unknown.  */
-      return 0;
-    }
-
-  if (compliance == CO_DE_VS)
-    {
-      char *curve = NULL;
-
-      switch (algotype)
-        {
-        case is_pgp5:
-          result = 0;
-          break;
-
-        case is_rsa:
-          if (!keylength)
-            keylength = nbits_from_pk (pk);
-          result = (keylength >= 2048);
-          break;
-
-        case is_ecc:
-          if (!curvename)
-            {
-              curve = openpgp_oid_to_str (pk->pkey[0]);
-              curvename = openpgp_oid_to_curve (curve, 0);
-              if (!curvename)
-                curvename = curve;
-            }
-
-          result = (curvename
-                    && pk->pubkey_algo != PUBKEY_ALGO_EDDSA
-                    && (!strcmp (curvename, "brainpoolP256r1")
-                        || !strcmp (curvename, "brainpoolP384r1")
-                        || !strcmp (curvename, "brainpoolP512r1")));
-          break;
-
-        default:
-          result = 0;
-        }
-      xfree (curve);
-    }
-  else if (algotype == is_elg_sign)
-    {
-      /* An Elgamal signing key is only RFC-2440 compliant.  */
-      result = (compliance == CO_RFC2440);
-    }
-  else
-    {
-      result = 1; /* Assume compliance.  */
-    }
-
-  return result;
-}
-
-
 /* Explicit mapping of OpenPGP digest algos to Libgcrypt.  */
 /* FIXME: We do not yes use it everywhere.  */
 enum gcry_md_algos
--- a/g10/options.h
+++ b/g10/options.h
@ -28,6 +28,7 @@
 #include "packet.h"
 #include "tofu.h"
 #include "../common/session-env.h"
+#include "../common/compliance.h"

 #ifndef EXTERN_UNLESS_MAIN_MODULE
 /* Norcraft can't cope with common symbols */
@ -139,11 +140,7 @@ struct
    } trust_model;
  enum tofu_policy tofu_default_policy;
  int force_ownertrust;
-  enum
-    {
-      CO_GNUPG, CO_RFC4880, CO_RFC2440,
-      CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
-    } compliance;
+  enum gnupg_compliance_mode compliance;
  enum
    {
      KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG