Page MenuHome GnuPG
Create Task
Maniphest T3191

Make sure only listed algorithms are used with --compliance=de-vs
Closed, ResolvedPublic
Actions

Description

The specification disallows the use of algorithms that are not explicitly listed in that document.

Details

Due Date
Jun 14 2017, 12:00 AM

Revisions and Commits

rG GnuPG
rGa64a55e10420 common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
rG21fc2508c979 common,gpg,sm: Initialize compliance module.
rGf440cf73eab0 common,gpg: Move the compliance option printer.
rG842d233d4084 common,gpg,sm: Move the compliance option parser.
rG027ce4ba37be gpg: Improve compliance with CO_DE_VS.

Related Objects
Search...

Event Timeline

justus created this task.Jun 1 2017, 3:04 PM
justus added a comment.Jun 1 2017, 4:25 PM

I found a bug in ST-Gpg4VSNfD-v0.6.pdf, page 21 incorrectly refers to RFC6337 instead of RFC6637.

justus added a comment.Jun 1 2017, 4:50 PM

FWIW, I think that document describes some nonsensical policies, but I will implement it to the letter for now, it is easy to change later on.

For example, for the verification of signatures it allows the use of RSA with key sizes { 2048, 3072, 4096, every x | x < 2048 }. But a key size of 4064 (which is allowed by OpenPGP and GnuPG) is forbidden. Not just "not VS-NfD conform", but forbidden.

justus added a comment.Jun 7 2017, 4:31 PM

4.2.2 lists session keys for ciphers that are not allowed.

justus added a commit: rG027ce4ba37be: gpg: Improve compliance with CO_DE_VS..Jun 7 2017, 4:55 PM
justus added a commit: rG842d233d4084: common,gpg,sm: Move the compliance option parser..
justus added a commit: rGf440cf73eab0: common,gpg: Move the compliance option printer..
justus added a commit: rG21fc2508c979: common,gpg,sm: Initialize compliance module..
justus added a comment.Jun 8 2017, 1:32 PM

4.4.1 does not allow the use of AES-128 CFB as a cipher to encrypt the body of messages, but 4.4.2 even lists AES-128 CFB as conforming to VS-NfD. Furthermore, 4.1.1 allows,the use of AES-128 CFB as a cipher to encrypt the body of messages. I'm going to assume that this is a bug in the specification and also allow it for symmetric encryption.

The document does not specify whether it is okay to mix symmetric and public key encryption. I'm going to implement an XOR for compliance.

justus added a commit: rGa64a55e10420: common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS..Jun 8 2017, 2:23 PM
justus closed this task as Resolved.Jun 8 2017, 2:24 PM

Implemented. The policy should be easy to adjust later on.

werner added a subscriber: werner.Jun 8 2017, 2:38 PM

Regarding CFB: This needs to be decided by the evaluators. They know about the CFB problematic in their own documents. Thanks for pointing out discrepancies in the specs. I'll open a new task for it.

werner created subtask T3200: Fix sym cipher discrepancies in gpg4vsnfd evaluation documents..Jun 8 2017, 2:40 PM
werner closed subtask T3200: Fix sym cipher discrepancies in gpg4vsnfd evaluation documents. as Resolved.Aug 3 2017, 7:50 PM