common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>

g10/decrypt-data.c

@@ -29,6 +29,7 @@
 #include "options.h"
 #include "../common/i18n.h"
 #include "../common/status.h"
+#include "../common/compliance.h"
 
 
 static int mdc_decode_filter ( void *opaque, int control, IOBUF a,
@@ -97,6 +98,17 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
       dek->algo_info_printed = 1;
     }
 
+  /* Check compliance.  */
+  if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, GCRY_CIPHER_MODE_CFB))
+    {
+      log_error (_ ("you may not use cipher algorithm '%s'"
+		    " while in %s mode\n"),
+		 openpgp_cipher_algo_name (dek->algo),
+		 gnupg_compliance_option_string (opt.compliance));
+      rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+      goto leave;
+    }
+
   {
     char buf[20];
 

g10/encrypt.c

@@ -38,6 +38,7 @@
 #include "../common/i18n.h"
 #include "../common/status.h"
 #include "pkglue.h"
+#include "../common/compliance.h"
 
 
 static int encrypt_simple( const char *filename, int mode, int use_seskey );
@@ -612,6 +613,35 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
       cfx.dek->algo = opt.def_cipher_algo;
     }
 
+  /* Check compliance.  */
+  if (! gnupg_cipher_is_allowed (opt.compliance, 1, cfx.dek->algo,
+                                 GCRY_CIPHER_MODE_CFB))
+    {
+      log_error (_ ("you may not use cipher algorithm '%s'"
+		    " while in %s mode\n"),
+		 openpgp_cipher_algo_name (cfx.dek->algo),
+		 gnupg_compliance_option_string (opt.compliance));
+      rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+      goto leave;
+    }
+
+  {
+    pk_list_t pkr;
+    for (pkr = pk_list; pkr; pkr = pkr->next)
+      {
+        PKT_public_key *pk = pkr->pk;
+        if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk->pubkey_algo,
+                                   pk->pkey, nbits_from_pk (pk), NULL))
+          {
+            log_error ("key %s not suitable for encryption while in %s mode\n",
+                       keystr_from_pk (pk),
+                       gnupg_compliance_option_string (opt.compliance));
+            rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+            goto leave;
+          }
+      }
+  }
+
   cfx.dek->use_mdc = use_mdc (pk_list,cfx.dek->algo);
 
   /* Only do the is-file-already-compressed check if we are using a

g10/gpg.c

@@ -62,6 +62,7 @@
 #include "../common/init.h"
 #include "../common/mbox-util.h"
 #include "../common/shareddefs.h"
+#include "../common/compliance.h"
 
 #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
 #define MY_O_BINARY  O_BINARY
@@ -3866,6 +3867,43 @@ main (int argc, char **argv)
 	  }
       }
 
+    /* Check our chosen algorithms against the list of allowed
+     * algorithms in the current compliance mode, and fail hard if it
+     * is not.  This is us being nice to the user informing her early
+     * that the chosen algorithms are not available.  We also check
+     * and enforce this right before the actual operation.  */
+    if (opt.def_cipher_algo
+	&& ! gnupg_cipher_is_allowed (opt.compliance,
+				      cmd == aEncr
+				      || cmd == aSignEncr
+				      || cmd == aEncrSym
+				      || cmd == aSym
+				      || cmd == aSignSym
+				      || cmd == aSignEncrSym,
+				      opt.def_cipher_algo,
+				      GCRY_CIPHER_MODE_NONE))
+      log_error (_ ("you may not use cipher algorithm '%s'"
+		    " while in %s mode\n"),
+		 openpgp_cipher_algo_name (opt.def_cipher_algo),
+		 gnupg_compliance_option_string (opt.compliance));
+
+    if (opt.def_digest_algo
+	&& ! gnupg_digest_is_allowed (opt.compliance,
+				      cmd == aSign
+				      || cmd == aSignEncr
+				      || cmd == aSignEncrSym
+				      || cmd == aSignSym
+				      || cmd == aClearsign,
+				      opt.def_digest_algo))
+      log_error (_ ("you may not use digest algorithm '%s'"
+		    " while in %s mode\n"),
+		 gcry_md_algo_name (opt.def_digest_algo),
+		 gnupg_compliance_option_string (opt.compliance));
+
+    /* Fail hard.  */
+    if (log_get_errorcount (0))
+	g10_exit (2);
+
     /* Set the random seed file. */
     if( use_random_seed ) {
       char *p = make_filename (gnupg_homedir (), "random_seed", NULL );

g10/pubkey-enc.c

@@ -35,6 +35,7 @@
 #include "pkglue.h"
 #include "call-agent.h"
 #include "../common/host2net.h"
+#include "../common/compliance.h"
 
 
 static gpg_error_t get_it (ctrl_t ctrl, PKT_pubkey_enc *k,
@@ -88,7 +89,20 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
       sk = xmalloc_clear (sizeof *sk);
       sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo.  */
       if (!(rc = get_seckey (ctrl, sk, k->keyid)))
-        rc = get_it (ctrl, k, dek, sk, k->keyid);
+        {
+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info ("key %s not suitable for decryption while in %s mode\n",
+                        keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+              free_public_key (sk);
+              return gpg_error (GPG_ERR_PUBKEY_ALGO);
+            }
+
+          rc = get_it (ctrl, k, dek, sk, k->keyid);
+        }
     }
   else if (opt.skip_hidden_recipients)
     rc = gpg_error (GPG_ERR_NO_SECKEY);
@@ -116,6 +130,16 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
             log_info (_("anonymous recipient; trying secret key %s ...\n"),
                       keystr (keyid));
 
+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info ("key %s not suitable for decryption while in %s mode\n",
+                        keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+              continue;
+            }
+
           rc = get_it (ctrl, k, dek, sk, keyid);
           if (!rc)
             {

g10/sig-check.c

@@ -33,6 +33,7 @@
 #include "../common/i18n.h"
 #include "options.h"
 #include "pkglue.h"
+#include "../common/compliance.h"
 
 static int check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 				gcry_md_hd_t digest,
@@ -132,6 +133,15 @@ check_signature2 (ctrl_t ctrl,
 
     if ( (rc=openpgp_md_test_algo(sig->digest_algo)) )
       ; /* We don't have this digest. */
+    else if (! gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo))
+      {
+	/* Compliance failure.  */
+	log_info (_ ("you may not use digest algorithm '%s'"
+		     " while in %s mode\n"),
+		  gcry_md_algo_name (sig->digest_algo),
+		  gnupg_compliance_option_string (opt.compliance));
+	rc = gpg_error (GPG_ERR_DIGEST_ALGO);
+      }
     else if ((rc=openpgp_pk_test_algo(sig->pubkey_algo)))
       ; /* We don't have this pubkey algo. */
     else if (!gcry_md_is_enabled (digest,sig->digest_algo))
@@ -146,6 +156,15 @@ check_signature2 (ctrl_t ctrl,
       }
     else if( get_pubkey (ctrl, pk, sig->keyid ) )
       rc = gpg_error (GPG_ERR_NO_PUBKEY);
+    else if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
+				    pk->pubkey_algo, pk->pkey, nbits_from_pk (pk),
+				    NULL))
+      {
+	/* Compliance failure.  */
+	log_info ("key %s not suitable for signature verification while in %s mode\n",
+		  keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance));
+	rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+      }
     else if(!pk->flags.valid)
       {
         /* You cannot have a good sig from an invalid key.  */

g10/sign.c

@@ -41,6 +41,7 @@
 #include "../common/sysutils.h"
 #include "call-agent.h"
 #include "../common/mbox-util.h"
+#include "../common/compliance.h"
 
 #ifdef HAVE_DOSISH_SYSTEM
 #define LF "\r\n"
@@ -277,6 +278,27 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
   if (!mdalgo)
     mdalgo = gcry_md_get_algo (md);
 
+  /* Check compliance.  */
+  if (! gnupg_digest_is_allowed (opt.compliance, 1, mdalgo))
+    {
+      log_error (_ ("you may not use digest algorithm '%s'"
+		    " while in %s mode\n"),
+		 gcry_md_algo_name (mdalgo),
+		 gnupg_compliance_option_string (opt.compliance));
+      err = gpg_error (GPG_ERR_DIGEST_ALGO);
+      goto leave;
+    }
+
+  if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pksk->pubkey_algo,
+                             pksk->pkey, nbits_from_pk (pksk), NULL))
+    {
+      log_error ("key %s not suitable for signing while in %s mode\n",
+                 keystr_from_pk (pksk),
+                 gnupg_compliance_option_string (opt.compliance));
+      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+      goto leave;
+    }
+
   print_digest_algo_note (mdalgo);
   dp = gcry_md_read  (md, mdalgo);
   sig->digest_algo = mdalgo;
@@ -321,6 +343,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
     }
   xfree (hexgrip);
 
+ leave:
   if (err)
     log_error (_("signing failed: %s\n"), gpg_strerror (err));
   else