From a64a55e10420cf11e00062b590dffe5d0c3e8192 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Tue, 6 Jun 2017 16:01:40 +0200 Subject: common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS. * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter --- sm/decrypt.c | 41 ++++++++++++++++++++++++++++++++--------- sm/encrypt.c | 28 ++++++++++++++++++++++++++++ sm/gpgsm.c | 37 +++++++++++++++++++++++++++++++++++++ sm/sign.c | 27 +++++++++++++++++++++++++++ sm/verify.c | 42 +++++++++++++++++++++++++++++++----------- 5 files changed, 155 insertions(+), 20 deletions(-) (limited to 'sm') diff --git a/sm/decrypt.c b/sm/decrypt.c index a36f69027..6909b157f 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -358,6 +358,17 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) goto leave; } + /* Check compliance. */ + if (! gnupg_cipher_is_allowed (opt.compliance, 0, algo, mode)) + { + log_error (_ ("you may not use cipher algorithm '%s'" + " while in %s mode\n"), + gcry_cipher_algo_name (algo), + gnupg_compliance_option_string (opt.compliance)); + rc = gpg_error (GPG_ERR_CIPHER_ALGO); + goto leave; + } + /* For CMS, CO_DE_VS demands CBC mode. */ is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode); @@ -465,15 +476,27 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) hexkeygrip = gpgsm_get_keygrip_hexstring (cert); desc = gpgsm_format_keydesc (cert); - /* Check that all certs are compliant with CO_DE_VS. */ - if (is_de_vs) - { - unsigned int nbits; - int pk_algo = gpgsm_get_key_algo_info (cert, &nbits); - - is_de_vs = gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, - nbits, NULL); - } + { + unsigned int nbits; + int pk_algo = gpgsm_get_key_algo_info (cert, &nbits); + + /* Check compliance. */ + if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION, + pk_algo, NULL, nbits, NULL)) + { + log_error ("certificate ID 0x%08lX not suitable for " + "decryption while in %s mode\n", + gpgsm_get_short_fingerprint (cert, NULL), + gnupg_compliance_option_string (opt.compliance)); + rc = gpg_error (GPG_ERR_PUBKEY_ALGO); + goto oops; + } + + /* Check that all certs are compliant with CO_DE_VS. */ + is_de_vs = (is_de_vs + && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, + nbits, NULL)); + } oops: if (rc) diff --git a/sm/encrypt.c b/sm/encrypt.c index c43a9e6a4..45860a89f 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -33,6 +33,7 @@ #include "keydb.h" #include "../common/i18n.h" +#include "../common/compliance.h" struct dek_s { @@ -405,6 +406,19 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) goto leave; } + /* Check compliance. */ + if (! gnupg_cipher_is_allowed (opt.compliance, 1, + gcry_cipher_map_name (opt.def_cipher_algoid), + gcry_cipher_mode_from_oid (opt.def_cipher_algoid))) + { + log_error (_ ("you may not use cipher algorithm '%s'" + " while in %s mode\n"), + opt.def_cipher_algoid, + gnupg_compliance_option_string (opt.compliance)); + rc = gpg_error (GPG_ERR_CIPHER_ALGO); + goto leave; + } + /* Create a session key */ dek = xtrycalloc_secure (1, sizeof *dek); if (!dek) @@ -448,6 +462,20 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) { unsigned char *encval; + /* Check compliance. */ + unsigned int nbits; + int pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); + if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo, + NULL, nbits, NULL)) + { + log_error ("certificate ID 0x%08lX not suitable for " + "encryption while in %s mode\n", + gpgsm_get_short_fingerprint (cl->cert, NULL), + gnupg_compliance_option_string (opt.compliance)); + rc = gpg_error (GPG_ERR_PUBKEY_ALGO); + goto leave; + } + rc = encrypt_dek (dek, cl->cert, &encval); if (rc) { diff --git a/sm/gpgsm.c b/sm/gpgsm.c index f749cfd28..c462544e2 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1614,6 +1614,43 @@ main ( int argc, char **argv) } } + /* Check our chosen algorithms against the list of allowed + * algorithms in the current compliance mode, and fail hard if it is + * not. This is us being nice to the user informing her early that + * the chosen algorithms are not available. We also check and + * enforce this right before the actual operation. */ + if (! gnupg_cipher_is_allowed (opt.compliance, + cmd == aEncr || cmd == aSignEncr, + gcry_cipher_map_name (opt.def_cipher_algoid), + GCRY_CIPHER_MODE_NONE) + && ! gnupg_cipher_is_allowed (opt.compliance, + cmd == aEncr || cmd == aSignEncr, + gcry_cipher_mode_from_oid (opt.def_cipher_algoid), + GCRY_CIPHER_MODE_NONE)) + log_error (_ ("you may not use cipher algorithm '%s'" + " while in %s mode\n"), + opt.def_cipher_algoid, gnupg_compliance_option_string (opt.compliance)); + + if (forced_digest_algo + && ! gnupg_digest_is_allowed (opt.compliance, + cmd == aSign + || cmd == aSignEncr + || cmd == aClearsign, + opt.forced_digest_algo)) + log_error (_ ("you may not use digest algorithm '%s'" + " while in %s mode\n"), + forced_digest_algo, gnupg_compliance_option_string (opt.compliance)); + + if (extra_digest_algo + && ! gnupg_digest_is_allowed (opt.compliance, + cmd == aSign + || cmd == aSignEncr + || cmd == aClearsign, + opt.extra_digest_algo)) + log_error (_ ("you may not use digest algorithm '%s'" + " while in %s mode\n"), + forced_digest_algo, gnupg_compliance_option_string (opt.compliance)); + if (log_get_errorcount(0)) gpgsm_exit(2); diff --git a/sm/sign.c b/sm/sign.c index e65562d54..2fbee7516 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -460,6 +460,33 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, break; } cl->hash_algo_oid = oid; + + /* Check compliance. */ + if (! gnupg_digest_is_allowed (opt.compliance, 1, cl->hash_algo)) + { + log_error (_ ("you may not use digest algorithm '%s'" + " while in %s mode\n"), + gcry_md_algo_name (cl->hash_algo), + gnupg_compliance_option_string (opt.compliance)); + err = gpg_error (GPG_ERR_DIGEST_ALGO); + goto leave; + } + + { + unsigned int nbits; + int pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); + + if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo, + NULL, nbits, NULL)) + { + log_error ("certificate ID 0x%08lX not suitable for " + "signing while in %s mode\n", + gpgsm_get_short_fingerprint (cl->cert, NULL), + gnupg_compliance_option_string (opt.compliance)); + err = gpg_error (GPG_ERR_PUBKEY_ALGO); + goto leave; + } + } } if (opt.verbose) diff --git a/sm/verify.c b/sm/verify.c index e19c04e38..89f06efee 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -450,6 +450,37 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) goto next_signer; } + /* Check compliance. */ + { + unsigned int nbits; + int pk_algo = gpgsm_get_key_algo_info (cert, &nbits); + + if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION, + pk_algo, NULL, nbits, NULL)) + { + log_error ("certificate ID 0x%08lX not suitable for " + "verification while in %s mode\n", + gpgsm_get_short_fingerprint (cert, NULL), + gnupg_compliance_option_string (opt.compliance)); + goto next_signer; + } + + if (! gnupg_digest_is_allowed (opt.compliance, 0, sigval_hash_algo)) + { + log_error (_ ("you may not use digest algorithm '%s'" + " while in %s mode\n"), + gcry_md_algo_name (sigval_hash_algo), + gnupg_compliance_option_string (opt.compliance)); + goto next_signer; + } + + /* Check compliance with CO_DE_VS. */ + if (gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, nbits, NULL) + && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo)) + gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE, + gnupg_status_compliance_flag (CO_DE_VS)); + } + log_info (_("Signature made ")); if (*sigtime) dump_isotime (sigtime); @@ -632,17 +663,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)? "0 chain": "0 shell"); - /* Check compliance with CO_DE_VS. */ - { - unsigned int nbits; - int pk_algo = gpgsm_get_key_algo_info (cert, &nbits); - - if (gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, nbits, NULL) - && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo)) - gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE, - gnupg_status_compliance_flag (CO_DE_VS)); - } - next_signer: rc = 0; xfree (issuer); -- cgit v1.2.3