Page Menu
Home
GnuPG
Search
Configure Global Search
Log In
Files
F34134283
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Size
5 KB
Subscribers
None
View Options
diff --git a/src/utils/compliance.cpp b/src/utils/compliance.cpp
index 7e09d0d2..7e5d9a11 100644
--- a/src/utils/compliance.cpp
+++ b/src/utils/compliance.cpp
@@ -1,85 +1,99 @@
/* -*- mode: c++; c-basic-offset:4 -*-
utils/compliance.cpp
This file is part of libkleopatra
SPDX-FileCopyrightText: 2022 g10 Code GmbH
SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config-libkleo.h>
#include "compliance.h"
#include "cryptoconfig.h"
#include "gnupg.h"
+#include "stringutils.h"
#include "systeminfo.h"
#include <libkleo/keyfiltermanager.h>
#include <KColorScheme>
#include <KLocalizedString>
#include <QPushButton>
bool Kleo::DeVSCompliance::isActive()
{
return getCryptoConfigStringValue("gpg", "compliance") == QLatin1String{"de-vs"};
}
bool Kleo::DeVSCompliance::isCompliant()
{
if (!isActive()) {
return false;
}
// The pseudo option compliance_de_vs was fully added in 2.2.34;
// For versions between 2.2.28 and 2.2.33 there was a broken config
// value with a wrong type. So for them we add an extra check. This
// can be removed in future versions because for GnuPG we could assume
// non-compliance for older versions as versions of Kleopatra for
// which this matters are bundled with new enough versions of GnuPG anyway.
if (engineIsVersion(2, 2, 28) && !engineIsVersion(2, 2, 34)) {
return true;
}
return getCryptoConfigIntValue("gpg", "compliance_de_vs", 0) != 0;
}
+bool Kleo::DeVSCompliance::algorithmIsCompliant(std::string_view algo)
+{
+ using namespace std::literals;
+
+ if (!isActive()) {
+ return true;
+ }
+ if (Kleo::startsWith(algo, "rsa"sv)) {
+ return algo == "rsa3072"sv || algo == "rsa4096"sv;
+ }
+ return !algo.empty();
+}
+
void Kleo::DeVSCompliance::decorate(QPushButton *button)
{
decorate(button, isCompliant());
}
void Kleo::DeVSCompliance::decorate(QPushButton *button, bool compliant)
{
if (!button) {
return;
}
if (compliant) {
button->setIcon(QIcon::fromTheme(QStringLiteral("security-high")));
if (!SystemInfo::isHighContrastModeActive()) {
const auto bgColor = KColorScheme(QPalette::Active, KColorScheme::View).background(KColorScheme::PositiveBackground).color().name();
button->setStyleSheet(QStringLiteral("QPushButton { background-color: %1; };").arg(bgColor));
}
} else {
button->setIcon(QIcon::fromTheme(QStringLiteral("security-medium")));
if (!SystemInfo::isHighContrastModeActive()) {
const auto bgColor = KColorScheme(QPalette::Active, KColorScheme::View).background(KColorScheme::NegativeBackground).color().name();
button->setStyleSheet(QStringLiteral("QPushButton { background-color: %1; };").arg(bgColor));
}
}
}
QString Kleo::DeVSCompliance::name()
{
return name(isCompliant());
}
QString Kleo::DeVSCompliance::name(bool compliant)
{
const auto filterId = compliant ? QStringLiteral("de-vs-filter") : QStringLiteral("not-de-vs-filter");
if (auto filter = KeyFilterManager::instance()->keyFilterByID(filterId)) {
return filter->name();
}
return compliant ? i18n("VS-NfD compliant") : i18n("Not VS-NfD compliant");
}
diff --git a/src/utils/compliance.h b/src/utils/compliance.h
index 8fd55b4f..c07653de 100644
--- a/src/utils/compliance.h
+++ b/src/utils/compliance.h
@@ -1,68 +1,76 @@
/* -*- mode: c++; c-basic-offset:4 -*-
utils/compliance.h
This file is part of libkleopatra
SPDX-FileCopyrightText: 2022 g10 Code GmbH
SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
SPDX-License-Identifier: GPL-2.0-or-later
*/
#pragma once
#include "kleo_export.h"
+#include <string_view>
+
class QPushButton;
class QString;
namespace Kleo::DeVSCompliance
{
/**
* Returns true, if compliance mode "de-vs" is configured for GnuPG.
* Note: It does not check whether the used GnuPG is actually compliant.
*/
KLEO_EXPORT bool isActive();
/**
* Returns true, if compliance mode "de-vs" is configured for GnuPG and if
* GnuPG passes a basic compliance check, i.e. at least libgcrypt and the used
* RNG are compliant.
*/
KLEO_EXPORT bool isCompliant();
+/**
+ * Returns true, if the given algorithm is compliant with compliance mode
+ * "de-vs". Always returns true, if compliance mode "de-vs" is not active.
+ */
+KLEO_EXPORT bool algorithmIsCompliant(std::string_view algo);
+
/**
* \overload
*
* Sets the appropriate icon and, unless high-contrast mode is active, the
* appropriate background color of \p button depending on the state of
* compliance.
*/
KLEO_EXPORT void decorate(QPushButton *button);
/**
* Sets the appropriate icon and, unless high-contrast mode is active, the
* appropriate background color of \p button depending on the value of
* \p compliant.
*/
KLEO_EXPORT void decorate(QPushButton *button, bool compliant);
/**
* \overload
*
* Returns a localized name for the compliance or non-compliance depending on
* the state of compliance.
*/
KLEO_EXPORT QString name();
/**
* Returns a localized name for the compliance or non-compliance depending on
* the value of \p compliant.
*
* \note The localized name is taken from the de-vs-filter filter resp. the
* not-de-vs-filter. This allows the customization of the name for different
* users because VS-NfD compliance is called differently in different
* environments, e.g. NATO RESTRICTED or EU RESTRICTED.
*/
KLEO_EXPORT QString name(bool compliant);
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Dec 8, 6:57 AM (5 h, 1 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
e5/36/1950a0b4e1326acc40ec4007f4b0
Attached To
rLIBKLEO Libkleo
Event Timeline
Log In to Comment