diff options
| author | Werner Koch <[email protected]> | 2017-06-20 07:25:56 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-06-23 10:01:20 +0000 |
| commit | f31dc2540acf7cd7f09fd94658e815822222bfcb (patch) | |
| tree | bf921cdb81341d25575ac6895da19d53038699e2 /sm/encrypt.c | |
| parent | indent,i18n: Make some new strings translatable. Wrap too long lines. (diff) | |
| download | gnupg-f31dc2540acf7cd7f09fd94658e815822222bfcb.tar.gz gnupg-f31dc2540acf7cd7f09fd94658e815822222bfcb.zip | |
gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
This status code allows to report whether an encryption operation was
compliant to de-vs.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'sm/encrypt.c')
| -rw-r--r-- | sm/encrypt.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/sm/encrypt.c b/sm/encrypt.c index 2819a22b5..9e3216a79 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -313,6 +313,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) estream_t data_fp = NULL; certlist_t cl; int count; + int compliant; memset (&encparm, 0, sizeof encparm); @@ -456,15 +457,19 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid); + compliant = gnupg_cipher_is_compliant (CO_DE_VS, dek->algo, + GCRY_CIPHER_MODE_CBC); + /* Gather certificates of recipients, encrypt the session key for each and store them in the CMS object */ for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next) { unsigned char *encval; + unsigned int nbits; + int pk_algo; /* Check compliance. */ - unsigned int nbits; - int pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); + pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo, NULL, nbits, NULL)) { @@ -476,6 +481,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) goto leave; } + /* Fixme: When adding ECC we need to provide the curvename and + * the key to gnupg_pk_is_compliant. */ + if (compliant + && !gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, nbits, NULL)) + compliant = 0; + rc = encrypt_dek (dek, cl->cert, &encval); if (rc) { @@ -508,6 +519,10 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) } } + if (compliant) + gpgsm_status (ctrl, STATUS_ENCRYPTION_COMPLIANCE_MODE, + gnupg_status_compliance_flag (CO_DE_VS)); + /* Main control loop for encryption. */ recpno = 0; do |