From a64a55e10420cf11e00062b590dffe5d0c3e8192 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@g10code.com>
Date: Tue, 6 Jun 2017 16:01:40 +0200
Subject: common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
---
 g10/pubkey-enc.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'g10/pubkey-enc.c')

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index d0eaab775..9a7c0911a 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -35,6 +35,7 @@
 #include "pkglue.h"
 #include "call-agent.h"
 #include "../common/host2net.h"
+#include "../common/compliance.h"
 
 
 static gpg_error_t get_it (ctrl_t ctrl, PKT_pubkey_enc *k,
@@ -88,7 +89,20 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
       sk = xmalloc_clear (sizeof *sk);
       sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo.  */
       if (!(rc = get_seckey (ctrl, sk, k->keyid)))
-        rc = get_it (ctrl, k, dek, sk, k->keyid);
+        {
+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info ("key %s not suitable for decryption while in %s mode\n",
+                        keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+              free_public_key (sk);
+              return gpg_error (GPG_ERR_PUBKEY_ALGO);
+            }
+
+          rc = get_it (ctrl, k, dek, sk, k->keyid);
+        }
     }
   else if (opt.skip_hidden_recipients)
     rc = gpg_error (GPG_ERR_NO_SECKEY);
@@ -116,6 +130,16 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
             log_info (_("anonymous recipient; trying secret key %s ...\n"),
                       keystr (keyid));
 
+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info ("key %s not suitable for decryption while in %s mode\n",
+                        keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance));
+              continue;
+            }
+
           rc = get_it (ctrl, k, dek, sk, keyid);
           if (!rc)
             {
-- 
cgit v1.2.3