common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <justus@g10code.com>
2025-07-02 22:46:30 +02:00 · 2017-06-06 16:01:40 +02:00 · 2017-06-06 16:01:40 +02:00 · a64a55e104
commit a64a55e104
parent b03fab09e1
13 changed files with 503 additions and 20 deletions
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -358,6 +358,17 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
              goto leave;
            }

+          /* Check compliance.  */
+          if (! gnupg_cipher_is_allowed (opt.compliance, 0, algo, mode))
+            {
+              log_error (_ ("you may not use cipher algorithm '%s'"
+                            " while in %s mode\n"),
+                         gcry_cipher_algo_name (algo),
+                         gnupg_compliance_option_string (opt.compliance));
+              rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+              goto leave;
+            }
+
          /* For CMS, CO_DE_VS demands CBC mode.  */
          is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);

@ -465,15 +476,27 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                  hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
                  desc = gpgsm_format_keydesc (cert);

-                  /* Check that all certs are compliant with CO_DE_VS.  */
-                  if (is_de_vs)
-                    {
-                      unsigned int nbits;
-                      int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
+                  {
+                    unsigned int nbits;
+                    int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);

-                      is_de_vs = gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
-                                                        nbits, NULL);
-                    }
+                    /* Check compliance.  */
+                    if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                               pk_algo, NULL, nbits, NULL))
+                      {
+                        log_error ("certificate ID 0x%08lX not suitable for "
+                                   "decryption while in %s mode\n",
+                                   gpgsm_get_short_fingerprint (cert, NULL),
+                                   gnupg_compliance_option_string (opt.compliance));
+                        rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+                        goto oops;
+                      }
+
+                    /* Check that all certs are compliant with CO_DE_VS.  */
+                    is_de_vs = (is_de_vs
+                                && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
+                                                          nbits, NULL));
+                  }

                oops:
                  if (rc)