gpg: New option --require-compliance.

* g10/options.h (opt): Add field flags.require_compliance. * g10/gpg.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant. (check_sig_and_print): Ditto. * g10/encrypt.c (encrypt_crypt): Ditto. -- Note that in the --encrypt and --verify cased other checks may kick in earlier than this new --require-compliance controlled one.
2025-07-02 22:46:30 +02:00 · 2022-03-08 10:13:44 +01:00 · 2022-03-08 10:13:44 +01:00 · ee013c5350
commit ee013c5350
parent 49c6e58394
5 changed files with 66 additions and 6 deletions
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -546,6 +546,7 @@ proc_encrypted (CTX c, PACKET *pkt)
 {
  int result = 0;
  int early_plaintext = literals_seen;
+  unsigned int compliance_de_vs = 0;

  if (pkt->pkttype == PKT_ENCRYPTED_AEAD)
    c->seen_pkt_encrypted_aead = 1;
@ -721,10 +722,12 @@ proc_encrypted (CTX c, PACKET *pkt)
      xfree (pk);

      if (compliant)
-        write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
-                              gnupg_status_compliance_flag (CO_DE_VS),
-                              NULL);
-
+        {
+          write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE,
+                                gnupg_status_compliance_flag (CO_DE_VS),
+                                NULL);
+          compliance_de_vs |= 1;
+        }
    }

  if (!result)
@ -779,9 +782,15 @@ proc_encrypted (CTX c, PACKET *pkt)
        log_info(_("decryption okay\n"));

      if (pkt->pkt.encrypted->aead_algo)
-        write_status (STATUS_GOODMDC);
+        {
+          write_status (STATUS_GOODMDC);
+          compliance_de_vs |= 2;
+        }
      else if (pkt->pkt.encrypted->mdc_method && !result)
-        write_status (STATUS_GOODMDC);
+        {
+          write_status (STATUS_GOODMDC);
+          compliance_de_vs |= 2;
+        }
      else
        log_info (_("WARNING: message was not integrity protected\n"));
    }
@ -823,6 +832,17 @@ proc_encrypted (CTX c, PACKET *pkt)
   * a misplace extra literal data packets follows after this
   * encrypted packet.  */
  literals_seen++;
+
+  /* The --require-compliance option allows to simplify decryption in
+   * de-vs compliance mode by just looking at the exit status.  */
+  if (opt.flags.require_compliance
+      && opt.compliance == CO_DE_VS
+      && compliance_de_vs != (2|1))
+    {
+      log_error (_("operation forced to fail due to"
+                   " unfulfilled compliance rules\n"));
+      g10_errors_seen = 1;
+    }
 }


@ -2439,6 +2459,15 @@ check_sig_and_print (CTX c, kbnode_t node)
        write_status_strings (STATUS_VERIFICATION_COMPLIANCE_MODE,
                              gnupg_status_compliance_flag (CO_DE_VS),
                              NULL);
+      else if (opt.flags.require_compliance
+               && opt.compliance == CO_DE_VS)
+        {
+          log_error (_("operation forced to fail due to"
+                       " unfulfilled compliance rules\n"));
+          if (!rc)
+            rc = gpg_error (GPG_ERR_FORBIDDEN);
+        }
+

      free_public_key (pk);
      pk = NULL;