From a64a55e10420cf11e00062b590dffe5d0c3e8192 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@g10code.com>
Date: Tue, 6 Jun 2017 16:01:40 +0200
Subject: common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
---
 g10/gpg.c | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'g10/gpg.c')

diff --git a/g10/gpg.c b/g10/gpg.c
index f01c82d00..d777d1332 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -62,6 +62,7 @@
 #include "../common/init.h"
 #include "../common/mbox-util.h"
 #include "../common/shareddefs.h"
+#include "../common/compliance.h"
 
 #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
 #define MY_O_BINARY  O_BINARY
@@ -3866,6 +3867,43 @@ main (int argc, char **argv)
 	  }
       }
 
+    /* Check our chosen algorithms against the list of allowed
+     * algorithms in the current compliance mode, and fail hard if it
+     * is not.  This is us being nice to the user informing her early
+     * that the chosen algorithms are not available.  We also check
+     * and enforce this right before the actual operation.  */
+    if (opt.def_cipher_algo
+	&& ! gnupg_cipher_is_allowed (opt.compliance,
+				      cmd == aEncr
+				      || cmd == aSignEncr
+				      || cmd == aEncrSym
+				      || cmd == aSym
+				      || cmd == aSignSym
+				      || cmd == aSignEncrSym,
+				      opt.def_cipher_algo,
+				      GCRY_CIPHER_MODE_NONE))
+      log_error (_ ("you may not use cipher algorithm '%s'"
+		    " while in %s mode\n"),
+		 openpgp_cipher_algo_name (opt.def_cipher_algo),
+		 gnupg_compliance_option_string (opt.compliance));
+
+    if (opt.def_digest_algo
+	&& ! gnupg_digest_is_allowed (opt.compliance,
+				      cmd == aSign
+				      || cmd == aSignEncr
+				      || cmd == aSignEncrSym
+				      || cmd == aSignSym
+				      || cmd == aClearsign,
+				      opt.def_digest_algo))
+      log_error (_ ("you may not use digest algorithm '%s'"
+		    " while in %s mode\n"),
+		 gcry_md_algo_name (opt.def_digest_algo),
+		 gnupg_compliance_option_string (opt.compliance));
+
+    /* Fail hard.  */
+    if (log_get_errorcount (0))
+	g10_exit (2);
+
     /* Set the random seed file. */
     if( use_random_seed ) {
       char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
-- 
cgit v1.2.3