summaryrefslogtreecommitdiffstats
path: root/common/compliance.h
blob: b89cd48b038ca57f5c199c48dca52aaeab177668 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/* compliance.h - Definitions for compliance modi
 * Copyright (C) 2017 g10 Code GmbH
 * Copyright (C) 2017 Bundesamt für Sicherheit in der Informationstechnik
 *
 * This file is part of GnuPG.
 *
 * This file is free software; you can redistribute it and/or modify
 * it under the terms of either
 *
 *   - the GNU Lesser General Public License as published by the Free
 *     Software Foundation; either version 3 of the License, or (at
 *     your option) any later version.
 *
 * or
 *
 *   - the GNU General Public License as published by the Free
 *     Software Foundation; either version 2 of the License, or (at
 *     your option) any later version.
 *
 * or both in parallel, as here.
 *
 * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
 */

#ifndef GNUPG_COMMON_COMPLIANCE_H
#define GNUPG_COMMON_COMPLIANCE_H

#include <gcrypt.h>
#include "openpgpdefs.h"

void gnupg_initialize_compliance (int gnupg_module_name);


enum gnupg_compliance_mode
  {
    CO_GNUPG, CO_RFC4880, CO_RFC2440,
    CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
  };


enum pk_use_case
  {
    PK_USE_ENCRYPTION, PK_USE_DECRYPTION,
    PK_USE_SIGNING, PK_USE_VERIFICATION
  };

/* Flags to distinguish public key algorithm variants.  */
#define PK_ALGO_FLAG_RSAPSS 1    /* Use rsaPSS padding. */
#define PK_ALGO_FLAG_ECC18  256  /* GCRY_PK_ECC is used in a generic way.  */


int gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
                           unsigned int algo_flags,
                           gcry_mpi_t key[], unsigned int keylength,
                           const char *curvename);
int gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
                         enum pk_use_case use, int algo,
                         unsigned int algo_flags, gcry_mpi_t key[],
                         unsigned int keylength, const char *curvename);
int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
                               cipher_algo_t cipher,
                               enum gcry_cipher_modes mode);
int gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance,
                             int producer,
                             cipher_algo_t cipher,
                             enum gcry_cipher_modes mode);
int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
                               digest_algo_t digest);
int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance,
                             int producer,
                             digest_algo_t digest);
int gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance);
int gnupg_gcrypt_is_compliant (enum gnupg_compliance_mode compliance);

const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode
                                          compliance);

struct gnupg_compliance_option
{
  const char *keyword;
  int value;
};

int gnupg_parse_compliance_option (const char *string,
                                   struct gnupg_compliance_option options[],
                                   size_t length,
                                   int quiet);
const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
                                            compliance);

enum gnupg_co_extra_infos
  {
   CO_EXTRA_INFO_MIN_RSA,
   CO_EXTRA_INFO_VSD_ALLOW_OCB
  };

void gnupg_set_compliance_extra_info (enum gnupg_co_extra_infos what,
                                      unsigned int value);


#endif /*GNUPG_COMMON_COMPLIANCE_H*/