common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2025-07-02 22:46:30 +02:00 · 2017-06-06 16:01:40 +02:00 · 2017-06-06 16:01:40 +02:00 · a64a55e104
commit a64a55e104
parent b03fab09e1
13 changed files with 503 additions and 20 deletions
--- a/g10/sign.c
+++ b/g10/sign.c
@ -41,6 +41,7 @@
 #include "../common/sysutils.h"
 #include "call-agent.h"
 #include "../common/mbox-util.h"
+#include "../common/compliance.h"

 #ifdef HAVE_DOSISH_SYSTEM
 #define LF "\r\n"
@ -277,6 +278,27 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
  if (!mdalgo)
    mdalgo = gcry_md_get_algo (md);

+  /* Check compliance.  */
+  if (! gnupg_digest_is_allowed (opt.compliance, 1, mdalgo))
+    {
+      log_error (_ ("you may not use digest algorithm '%s'"
+		    " while in %s mode\n"),
+		 gcry_md_algo_name (mdalgo),
+		 gnupg_compliance_option_string (opt.compliance));
+      err = gpg_error (GPG_ERR_DIGEST_ALGO);
+      goto leave;
+    }
+
+  if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pksk->pubkey_algo,
+                             pksk->pkey, nbits_from_pk (pksk), NULL))
+    {
+      log_error ("key %s not suitable for signing while in %s mode\n",
+                 keystr_from_pk (pksk),
+                 gnupg_compliance_option_string (opt.compliance));
+      err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+      goto leave;
+    }
+
  print_digest_algo_note (mdalgo);
  dp = gcry_md_read  (md, mdalgo);
  sig->digest_algo = mdalgo;
@ -321,6 +343,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
    }
  xfree (hexgrip);

+ leave:
  if (err)
    log_error (_("signing failed: %s\n"), gpg_strerror (err));
  else