sm: Fix compliance checking for ECC signature verification.

* common/compliance.c (gnupg_pk_is_compliant): Also consider the gcrypt vids for ECDSA et al. (gnupg_pk_is_allowed): Ditto. * sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance notice for a non-compliant key. * sm/certchain.c (gpgsm_validate_chain): Silence the "switching to chain model". -- Backported-from-master: 338a5ecaa1
2025-07-03 22:56:33 +02:00 · 2023-01-12 20:52:27 +01:00 · 2023-01-12 20:52:27 +01:00 · f2d25b04d7
commit f2d25b04d7
parent 818051432c
4 changed files with 34 additions and 7 deletions
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -2149,7 +2149,11 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
      && !(flags & VALIDATE_FLAG_CHAIN_MODEL)
      && (rootca_flags.valid && rootca_flags.chain_model))
    {
-      do_list (0, listmode, listfp, _("switching to chain model"));
+      /* The root CA indicated that the chain model is to be used but
+       * we have not yet used it.  Thus do the validation again using
+       * the chain model.  */
+      if (opt.verbose)
+        do_list (0, listmode, listfp, _("switching to chain model"));
      rc = do_validate_chain (ctrl, cert, checktime,
                              r_exptime, listmode, listfp,
                              (flags |= VALIDATE_FLAG_CHAIN_MODEL),
--- a/sm/verify.c
+++ b/sm/verify.c
@ -300,6 +300,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
      unsigned int nbits;
      int pkalgo;
      char *pkalgostr = NULL;
+      char *pkcurve = NULL;
      char *pkfpr = NULL;
      unsigned int pkalgoflags, verifyflags;

@ -458,7 +459,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)

      pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
      pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
-      pkalgo = gpgsm_get_key_algo_info (cert, &nbits);
+      pkalgo = gpgsm_get_key_algo_info2 (cert, &nbits, &pkcurve);
      /* Remap the ECC algo to the algo we use.  Note that EdDSA has
       * already been mapped.  */
      if (pkalgo == GCRY_PK_ECC)
@ -513,9 +514,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
          goto next_signer;
        }

+      /* Print compliance warning for the key.  */
+      if (!opt.quiet
+          && !gnupg_pk_is_compliant (opt.compliance, pkalgo, pkalgoflags,
+                                     NULL, nbits, pkcurve))
+          {
+            log_info (_("WARNING: This key is not suitable for signing"
+                        " in %s mode\n"),
+                      gnupg_compliance_option_string (opt.compliance));
+          }
+
      /* Check compliance with CO_DE_VS.  */
      if (gnupg_pk_is_compliant (CO_DE_VS, pkalgo, pkalgoflags,
-                                 NULL, nbits, NULL)
+                                 NULL, nbits, pkcurve)
          && gnupg_gcrypt_is_compliant (CO_DE_VS)
          && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo))
        gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE,
@ -528,7 +539,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
          gpgsm_errors_seen = 1;
        }

-
      /* Now we can check the signature.  */
      if (msgdigest)
        { /* Signed attributes are available. */
@ -709,6 +719,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
      gcry_sexp_release (sigval);
      xfree (msgdigest);
      xfree (pkalgostr);
+      xfree (pkcurve);
      xfree (pkfpr);
      ksba_cert_release (cert);
      cert = NULL;