common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2025-07-02 22:46:30 +02:00 · 2017-06-06 16:01:40 +02:00 · 2017-06-06 16:01:40 +02:00 · a64a55e104
commit a64a55e104
parent b03fab09e1
13 changed files with 503 additions and 20 deletions
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -35,6 +35,7 @@
 #include "pkglue.h"
 #include "call-agent.h"
 #include "../common/host2net.h"
+#include "../common/compliance.h"


 static gpg_error_t get_it (ctrl_t ctrl, PKT_pubkey_enc *k,
@ -88,7 +89,20 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
      sk = xmalloc_clear (sizeof *sk);
      sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo.  */
      if (!(rc = get_seckey (ctrl, sk, k->keyid)))
-        rc = get_it (ctrl, k, dek, sk, k->keyid);
+        {
+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info ("key %s not suitable for decryption while in %s mode\n",
+                        keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+              free_public_key (sk);
+              return gpg_error (GPG_ERR_PUBKEY_ALGO);
+            }
+
+          rc = get_it (ctrl, k, dek, sk, k->keyid);
+        }
    }
  else if (opt.skip_hidden_recipients)
    rc = gpg_error (GPG_ERR_NO_SECKEY);
@ -116,6 +130,16 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
            log_info (_("anonymous recipient; trying secret key %s ...\n"),
                      keystr (keyid));

+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info ("key %s not suitable for decryption while in %s mode\n",
+                        keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+              continue;
+            }
+
          rc = get_it (ctrl, k, dek, sk, keyid);
          if (!rc)
            {