diff options
| author | Justus Winter <[email protected]> | 2017-05-30 12:30:24 +0000 |
|---|---|---|
| committer | Justus Winter <[email protected]> | 2017-06-01 11:16:18 +0000 |
| commit | be8ca8852629786266db4d3d69b2c2fb03bd6365 (patch) | |
| tree | 7f0b3de344c5ff6265c480b74b016d2799540605 /sm/verify.c | |
| parent | common: Improve checking for compliance with CO_DE_VS. (diff) | |
| download | gnupg-be8ca8852629786266db4d3d69b2c2fb03bd6365.tar.gz gnupg-be8ca8852629786266db4d3d69b2c2fb03bd6365.zip | |
gpg: Report compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information will be picked up by the frontend and
presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <[email protected]>
Diffstat (limited to 'sm/verify.c')
| -rw-r--r-- | sm/verify.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sm/verify.c b/sm/verify.c index 7bdc68b80..e19c04e38 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -33,6 +33,7 @@ #include "keydb.h" #include "../common/i18n.h" +#include "../common/compliance.h" static char * strtimestamp_r (ksba_isotime_t atime) @@ -631,6 +632,16 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)? "0 chain": "0 shell"); + /* Check compliance with CO_DE_VS. */ + { + unsigned int nbits; + int pk_algo = gpgsm_get_key_algo_info (cert, &nbits); + + if (gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, nbits, NULL) + && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo)) + gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE, + gnupg_status_compliance_flag (CO_DE_VS)); + } next_signer: rc = 0; |