aboutsummaryrefslogtreecommitdiffstats
path: root/common/compliance.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* w32: Introduce Registry key GNUPG_ASSUME_COMPLIANCE.Werner Koch2024-12-041-0/+12
| | | | | | | | * common/compliance.c (get_assumed_de_vs_compliance): Also consider a registry entry. -- On Windows it is easier to set the registry key than to use an envvar.
* gpg: Consider Kyber to be de-vs compliant.Werner Koch2024-11-141-13/+61
| | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant) <CO_DE_VS>: Consider Brainpool Kyber variants compliant. (gnupg_pk_is_allowed): Ditto. (assumed_de_vs_compliance): Remove variable. (get_assumed_de_vs_compliance): New. (get_compliance_cache): Use new accessor. (gnupg_status_compliance_flag): Ditto. -- Use GNUPG_ASSUME_COMPLIANCE=de-vs gpg --compliance=de-vs .... for testing. This returns 2023 instead of 23 to indicate the non-approval state. GnuPG-bug-id: 6638
* common: Fix test for the assumed compliance.Werner Koch2024-10-211-1/+1
| | | | | | | | | | * common/compliance.c (gnupg_status_compliance_flag): Fix test. -- In general the cache is used to query this flag but in this function it is used directly and we need to adjust the test. Thanks to Ingo for reporting this.
* Implement GNUPG_ASSUME_COMPLIANCE envvar for testingWerner Koch2024-10-071-1/+19
| | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (assumed_de_vs_compliance): New. (get_compliance_cache): Check envvar and fake compliance. (gnupg_status_compliance_flag): Return 2023 for de-vs if in faked mode. * g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023. -- The user visible changes are that GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \ | awk -F: '$1=="compliance_de_vs" {print $8}' returns 2023 if "compliance de-vs" is found in gpg.conf. If eventually the software is arpproved the returned value will be 23 and not 1 as it was before. Consumers should check whether they see value of true (Kleopatra does this right now) and also check whether the value is > 2000 and in this case print a beta/non-approved warning. The envvar is currently used to assume that the underlying libgcrypt is compliant and approved. This is not yet the case but eventually libgcrypt will announce this itself and from then on the envvar is not anymore required for testing.
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-1/+1
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* gpg: Fix minor Kyber display things.Werner Koch2024-04-151-1/+9
| | | | | * common/compliance.c (gnupg_pk_is_compliant): Make Kyber known. * g10/misc.c (openpgp_pk_algo_name): Add "Kyber".
* doc: Fix spelling errors found by lintian.Werner Koch2024-01-291-1/+1
| | | | | | -- Reported-by: Andreas Metzler <[email protected]>
* gpgsm: Support ECDSA in de-vs mode.Werner Koch2023-11-081-2/+11
| | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_ECC18): New. * common/compliance.c (gnupg_pk_is_allowed): Implement. * sm/decrypt.c (gpgsm_decrypt): Pass new flag. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6802
* gpg: Replace --override-compliance-check by a real fix.Werner Koch2023-01-201-0/+4
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436 GnuPG-bug-id: 5655
* sm: Fix compliance checking for ECC signature verification.Werner Koch2023-01-121-2/+14
| | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Also consider the gcrypt vids for ECDSA et al. (gnupg_pk_is_allowed): Ditto. * sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance notice for a non-compliant key. * sm/certchain.c (gpgsm_validate_chain): Silence the "switching to chain model".
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-181-8/+25
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* common: Allow for GCM decryption in de-vs mode.Werner Koch2021-06-021-1/+2
| | | | | | | | | | | * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in decrypt mode. * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag -- We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen.
* common: Make the compliance check more robust.Werner Koch2021-04-011-16/+58
| | | | | | | | | | | | | * common/compliance.c (get_compliance_cache): New. (gnupg_rng_is_compliant): Use per mode cache. (gnupg_gcrypt_is_compliant): Ditto. -- This addresses the problem tha the check might be called with different compliance values and thus it should return the corresponding cached result. Signed-off-by: Werner Koch <[email protected]>
* Include the library version in the compliance checks.Werner Koch2021-01-281-15/+63
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_gcrypt_is_compliant): New. (gnupg_rng_is_compliant): Also check library version. * g10/mainproc.c (proc_encrypted): Use new function. (check_sig_and_print): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/verify.c (gpgsm_verify): Ditto -- This will eventually allow us to declare Libgcrypt 1.9 to be de-vs compliant. GnuPG can use this information then for its own checks. As of now GnuPG tests the version of the used library but that is a bit cumbersome to maintain. Signed-off-by: Werner Koch <[email protected]>
* Require Libgcrypt 1.9Werner Koch2021-01-191-4/+0
| | | | | | | | | | | * configure.ac: Require at least Libgcrypt 1.9.0. Remove all GCRYPT_VERSION_NUMBER dependent code. -- Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in RFC4880bis. Signed-off-by: Werner Koch <[email protected]>
* w32: Silence warning due to recent change of split_fields.Werner Koch2020-10-021-1/+1
| | | | | | * common/compliance.c (gnupg_rng_is_compliant): Make fields const. Signed-off-by: Werner Koch <[email protected]>
* gpgsm: Make rsaPSS a compliant scheme in de-vs mode.Werner Koch2020-07-141-8/+4
| | | | | | | -- GnuPG-bug-id: 4538 Signed-off-by: Werner Koch <[email protected]>
* sm: Exclude rsaPSS from de-vs compliance mode.Werner Koch2020-07-031-1/+11
| | | | | | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove PGP6 compliance mode.Werner Koch2018-05-291-2/+0
| | | | | | | | * g10/gpg.c: Make --pgp6 an alias for --pgp7. * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6. * g10/options.h (PGP6): Remove. Adjust all users. Signed-off-by: Werner Koch <[email protected]>
* gpg: Tweak compliance checking for verificationWerner Koch2017-07-271-44/+39
| | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Rework to always allow verification. * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning. * g10/sig-check.c (check_signature2): Use log_error instead of log_info. -- We should be able to verify all signatures. So we only print a warning. That is the same beheavour as for untrusted keys etc. GnuPG-bug-id: 3311 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Fix compliance checking for decryption.Werner Koch2017-07-271-14/+32
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal signing check. We don't support Elgamal signing at all. (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA. Check the curvenames for ECDH. * g10/pubkey-enc.c (get_session_key): Print only a warning if the key is not compliant. * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg so that we have only one translation. -- We always allow decryption and print only a note if the key was not complaint at the encryption site. GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Check compliance of the RNG.Werner Koch2017-07-171-0/+40
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_rng_is_compliant): New. * g10/call-agent.c (start_agent) [W32]: Check rng compliance. * sm/call-agent.c (start_agent) [W32]: Ditto. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * g10/sign.c (do_sign): Ditto. * sm/sign.c (gpgsm_sign): Ditto. -- Under Windows we need to check that the Jitter RNG is active in de-vs mode. Under Linux this is not necessary because /dev/random can be scrutinized and is believed to provide enough entropy. Signed-off-by: Werner Koch <[email protected]>
* gpg,gpgsm: Fix compliance check for DSA and avoid an assert.Werner Koch2017-06-191-10/+11
| | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA check. Explicitly check for allowed ECC algos. (gnupg_pk_is_allowed): Swap P and Q for DSA check. * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace assert by debug message. -- Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0 condition is surprising because it leads to the assumption SYMKEYS could be negative. Better use a boolean test. The assert could have lead to a regression for no good reason. Not being compliant is better than breaking existing users. Signed-off-by: Werner Koch <[email protected]>
* indent: Always use "_(" and not "_ (" to mark translatable strings.Werner Koch2017-06-191-4/+5
| | | | | | | | -- This makes greping much easier and we have done that since ever. Signed-off-by: Werner Koch <[email protected]>
* Change license of some files to LGPLv2.1.Werner Koch2017-06-191-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * COPYING.LIB: Rename to COPYING.LGPL3. * COPYING.LGPL21: New. * COPYING.GPL2: New. * Makefile.am: Distribute them. * AUTHORS: Update license pointers. Add BSI as copyright holder. * common/compliance.c, common/compliance.h: Add BSI copyright notice. Break overlong lines. * dirmngr/loadswdb.c: Add BSI copyright notices. * dirmngr/server.c: Ditto. * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI copyright notice. * tools/call-dirmngr.h: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpg-wks.h: Ditto. * tools/mime-maker.c: Ditto. * tools/mime-maker.h: Ditto. * tools/mime-parser.c: Ditto. * tools/mime-parser.h: Ditto. * tools/send-mail.c: Ditto. * tools/send-mail.h: Ditto. * tools/wks-receive.c: Ditto. * tools/wks-util.c: Ditto. * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1. -- For better deployment it seems to be better to make the Web Key Directory code more easily available. Some code was been developed under contract of the BSI. Signed-off-by: Werner Koch <[email protected]>
* gpg: Disable compliance module for other GnuPG components.Justus Winter2017-06-191-9/+15
| | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return false if the module is not initialized. (gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is not initialized. (gnupg_status_compliance_flag): Do not assert that the module is initialized. (gnupg_parse_compliance_option): Likewise. (gnupg_compliance_option_string): Likewise. -- This implements a default policy for modules not explicitly using the compliance module. The default policy is to allow all algorithms, but mark none of them as compliant. Fixes gpgv. GnuPG-bug-id: 3210 Signed-off-by: Justus Winter <[email protected]>
* common: Fix -Wswitch warning.Werner Koch2017-06-131-1/+0
| | | | | | | | | | * common/compliance.c (gnupg_digest_is_allowed): Don't include GCRY_MD_WHIRLPOOL because it is not a digest_algo_t. -- Note that Whirlpool is not used anywhere in gpg or gpgsm. Signed-off-by: Werner Koch <[email protected]>
* common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.Justus Winter2017-06-081-0/+188
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common: Add cipher mode to compliance predicate.Justus Winter2017-06-071-3/+13
| | | | | | | | | | * common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter. * common/compliance.h (gnupg_cipher_is_compliant): Likewise. * g10/mainproc.c (proc_encrypted): Adapt callsite. * sm/decrypt.c (gpgsm_decrypt): Likewise. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* common,gpg,sm: Initialize compliance module.Justus Winter2017-06-071-0/+63
| | | | | | | | | | * common/compliance.c (gnupg_initialize_compliance): New function. * common/compliance.h (gnupg_initialize_compliance): New prototype. * g10/gpg.c (main): Use the new function. * sm/gpgsm.c (main): Likewise. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common,gpg: Move the compliance option printer.Justus Winter2017-06-071-0/+19
| | | | | | | | | | | | | | * common/compliance.c (gnupg_compliance_option_string): New function. * common/compliance.h (gnupg_compliance_option_string): New prototype. * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite. * g10/gpg.c (main): Likewise. * g10/keyedit.c (keyedit_menu): Likewise. * g10/pkclist.c (build_pk_list): Likewise. * g10/main.h (compliance_option_string): Remove prototype. * g10/misc.c (compliance_option_string): Remove function. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common,gpg,sm: Move the compliance option parser.Justus Winter2017-06-071-0/+33
| | | | | | | | | | | | | | * common/compliance.c (gnupg_parse_compliance_option): New function. * common/compliance.h (struct gnupg_compliance_option): New type. (gnupg_parse_compliance_option): New prototype. * g10/gpg.c (parse_compliance_option): Remove function. (compliance_options): New variable. (main): Adapt callsite. * sm/gpgsm.c (main): Use the new common function. * sm/gpgsm.h (opt): New field 'compliance'. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common,g10: Fix typos.Justus Winter2017-06-061-3/+3
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* gpg: Report compliance with CO_DE_VS.Justus Winter2017-06-011-3/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain parameters. (gnupg_cipher_is_compliant): New function. (gnupg_digest_is_compliant): Likewise. * common/compliance.h (gnupg_cipher_is_compliant): New prototype. (gnupg_digest_is_compliant): Likewise. * common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status. (STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise. * doc/DETAILS: Document the new status lines. * g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS and report that using the new status line. (check_sig_and_print): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- When decrypting data and verifying signatures, report whether the operations are in compliance with the criteria for data classified as VS-NfD. This information will be picked up by the frontend and presented to the user. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* common: Improve checking for compliance with CO_DE_VS.Justus Winter2017-06-011-1/+3
| | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key sizes are compliant. Signed-off-by: Justus Winter <[email protected]>
* gpg,common: Move the compliance framework.Justus Winter2017-06-011-0/+144
* common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:28:08 +0000