security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity
853f36e596
gnupg/g10/cipher-aead.c

497 lines
13 KiB
C
Raw Normal View History

gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
/* cipher-aead.c - Enciphering filter for AEAD modes
* Copyright (C) 2018 Werner koch
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: GPL-3.0+
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "gpg.h"
#include "../common/status.h"
#include "../common/iobuf.h"
#include "../common/util.h"
#include "filter.h"
#include "packet.h"
#include "options.h"
#include "main.h"
gpg: Support EAX if for latest Libgcrypt. * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New. (write_header): Use it. * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New. (decrypt_data): Use it. * g10/misc.c (openpgp_aead_test_algo): Allow EAX. -- This allows the use of EAX when the latest Libgcrypt master is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:42:29 +01:00
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
/* The size of the buffer we allocate to encrypt the data. This must
* be a multiple of the OCB blocksize (16 byte). */
#define AEAD_ENC_BUFFER_SIZE (64*1024)
/* Wrapper around iobuf_write to make sure that a proper error code is
* always returned. */
static gpg_error_t
my_iobuf_write (iobuf_t a, const void *buffer, size_t buflen)
{
if (iobuf_write (a, buffer, buflen))
{
gpg_error_t err = iobuf_error (a);
if (!err || !gpg_err_code (err)) /* (The latter should never happen) */
err = gpg_error (GPG_ERR_EIO);
return err;
}
return 0;
}
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
/* Set the nonce and the additional data for the current chunk. If
* FINAL is set the final AEAD chunk is processed. This also reset
* the encryption machinery so that the handle can be used for a new
* chunk. */
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
static gpg_error_t
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
set_nonce_and_ad (cipher_filter_context_t *cfx, int final)
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
{
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
gpg_error_t err;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
unsigned char nonce[16];
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
unsigned char ad[21];
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
int i;
switch (cfx->dek->use_aead)
{
case AEAD_ALGO_OCB:
memcpy (nonce, cfx->startiv, 15);
i = 7;
break;
case AEAD_ALGO_EAX:
memcpy (nonce, cfx->startiv, 16);
i = 8;
break;
default:
BUG ();
}
nonce[i++] ^= cfx->chunkindex >> 56;
nonce[i++] ^= cfx->chunkindex >> 48;
nonce[i++] ^= cfx->chunkindex >> 40;
nonce[i++] ^= cfx->chunkindex >> 32;
nonce[i++] ^= cfx->chunkindex >> 24;
nonce[i++] ^= cfx->chunkindex >> 16;
nonce[i++] ^= cfx->chunkindex >> 8;
nonce[i++] ^= cfx->chunkindex;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_CRYPTO)
log_printhex (nonce, 15, "nonce:");
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
err = gcry_cipher_setiv (cfx->cipher_hd, nonce, i);
if (err)
return err;
ad[0] = (0xc0 | PKT_ENCRYPTED_AEAD);
ad[1] = 1;
ad[2] = cfx->dek->algo;
ad[3] = cfx->dek->use_aead;
ad[4] = cfx->chunkbyte;
ad[5] = cfx->chunkindex >> 56;
ad[6] = cfx->chunkindex >> 48;
ad[7] = cfx->chunkindex >> 40;
ad[8] = cfx->chunkindex >> 32;
ad[9] = cfx->chunkindex >> 24;
ad[10]= cfx->chunkindex >> 16;
ad[11]= cfx->chunkindex >> 8;
ad[12]= cfx->chunkindex;
if (final)
{
ad[13] = cfx->total >> 56;
ad[14] = cfx->total >> 48;
ad[15] = cfx->total >> 40;
ad[16] = cfx->total >> 32;
ad[17] = cfx->total >> 24;
ad[18] = cfx->total >> 16;
ad[19] = cfx->total >> 8;
ad[20] = cfx->total;
}
if (DBG_CRYPTO)
log_printhex (ad, final? 21 : 13, "authdata:");
return gcry_cipher_authenticate (cfx->cipher_hd, ad, final? 21 : 13);
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
}
static gpg_error_t
write_header (cipher_filter_context_t *cfx, iobuf_t a)
{
gpg_error_t err;
PACKET pkt;
PKT_encrypted ed;
unsigned int blocksize;
unsigned int startivlen;
enum gcry_cipher_modes ciphermode;
log_assert (cfx->dek->use_aead);
blocksize = openpgp_cipher_get_algo_blklen (cfx->dek->algo);
if (blocksize != 16 )
log_fatal ("unsupported blocksize %u for AEAD\n", blocksize);
gpg: Unify AEAD parameter retrieval. * g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo. * g10/encrypt.c (use_aead): Return the AEAD algo. (encrypt_simple): Adjust for this change. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New. (openpgp_aead_algo_info): New. * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove. (write_header): Use new fucntion. * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove. (decrypt_data): Use new function. Also allow for chunkbytes other than 10. -- Note that other chunk bytes than 10 and in particular 0 (64 byte chunks) have not yet been tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 16:23:02 +01:00
err = openpgp_aead_algo_info (cfx->dek->use_aead, &ciphermode, &startivlen);
if (err)
goto leave;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
log_assert (opt.chunk_size >= 6 && opt.chunk_size <= 62);
cfx->chunkbyte = opt.chunk_size - 6;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
cfx->chunksize = (uint64_t)1 << (cfx->chunkbyte + 6);
cfx->chunklen = 0;
cfx->bufsize = AEAD_ENC_BUFFER_SIZE;
cfx->buflen = 0;
cfx->buffer = xtrymalloc (cfx->bufsize);
if (!cfx->buffer)
return gpg_error_from_syserror ();
memset (&ed, 0, sizeof ed);
ed.new_ctb = 1; /* (Is anyway required for the packet type). */
ed.len = 0; /* fixme: cfx->datalen */
ed.extralen = startivlen + 16; /* (16 is the taglen) */
ed.cipher_algo = cfx->dek->algo;
ed.aead_algo = cfx->dek->use_aead;
ed.chunkbyte = cfx->chunkbyte;
init_packet (&pkt);
pkt.pkttype = PKT_ENCRYPTED_AEAD;
pkt.pkt.encrypted = &ed;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_FILTER)
log_debug ("aead packet: len=%lu extralen=%d\n",
(unsigned long)ed.len, ed.extralen);
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
print_cipher_algo_note (cfx->dek->algo);
if (build_packet( a, &pkt))
log_bug ("build_packet(ENCRYPTED_AEAD) failed\n");
log_assert (sizeof cfx->startiv >= startivlen);
gcry_randomize (cfx->startiv, startivlen, GCRY_STRONG_RANDOM);
err = my_iobuf_write (a, cfx->startiv, startivlen);
if (err)
goto leave;
err = openpgp_cipher_open (&cfx->cipher_hd,
cfx->dek->algo,
ciphermode,
GCRY_CIPHER_SECURE);
if (err)
goto leave;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_CRYPTO)
log_printhex (cfx->dek->key, cfx->dek->keylen, "thekey:");
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
err = gcry_cipher_setkey (cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen);
if (err)
return err;
cfx->wrote_header = 1;
leave:
return err;
}
/* Get and write the auth tag to stream A. */
static gpg_error_t
write_auth_tag (cipher_filter_context_t *cfx, iobuf_t a)
{
gpg_error_t err;
char tag[16];
err = gcry_cipher_gettag (cfx->cipher_hd, tag, 16);
if (err)
goto leave;
err = my_iobuf_write (a, tag, 16);
if (err)
goto leave;
leave:
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
if (err)
log_error ("write_auth_tag failed: %s\n", gpg_strerror (err));
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
return err;
}
/* Write the final chunk to stream A. */
static gpg_error_t
write_final_chunk (cipher_filter_context_t *cfx, iobuf_t a)
{
gpg_error_t err;
char dummy[1];
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
err = set_nonce_and_ad (cfx, 1);
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
if (err)
goto leave;
gcry_cipher_final (cfx->cipher_hd);
/* Encrypt an empty string. */
err = gcry_cipher_encrypt (cfx->cipher_hd, dummy, 0, NULL, 0);
if (err)
goto leave;
err = write_auth_tag (cfx, a);
leave:
return err;
}
/* The core of the flush sub-function of cipher_filter_aead. */
static gpg_error_t
do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size)
{
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB. * g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen computation. (do_free): Add dummy encryption. Close the cipher handle. * g10/decrypt-data.c (aead_underflow): Rewrite. -- Until we have integrated test into the test suite extensive tests can also be done with a script like this: --8<---------------cut here---------------start------------->8--- #!/bin/sh set -e GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback" GPG="$GPG --passphrase abc --batch" MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata" for chunksize in 6 7 12 13 14 30; do for count in $(seq 1 200) $(seq 8100 8200) \ $(seq 16350 16400) $(seq 20000 20100); do if [ ! -f "testfile-$count" ]; then $MKTDATA $count >"testfile-$count" fi echo "testing chunk size 2^$chunksize with $count bytes" $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \ -c --chunk-size $chunksize \ <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null if ! cmp "testfile-$count" "testfile-$count.out"; then echo "FAILED comparing count $count" >&2 exit 1 fi done done echo All good --8<---------------cut here---------------end--------------->8--- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 13:45:05 +01:00
gpg_error_t err = 0;
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
int finalize = 0;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
size_t n;
/* Put the data into a buffer, flush and encrypt as needed. */
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_FILTER)
log_debug ("flushing %zu bytes (cur buflen=%zu)\n", size, cfx->buflen);
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
do
{
g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting * g10/cipher-aead.c (do_hash): Add faster path for encrypting directly from input buffer instead of memcpying then encrypting inplace. -- When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as taking largest portion of computation time. Patch adds fast path for AEAD encryption which largely eliminates need for memcpying when doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s to 4.2GB/s on said system (1.9x faster). GnuPG-bug-id: T5828 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-11 18:29:33 +01:00
const unsigned fast_threshold = 512;
const byte *src_buf = NULL;
int enc_now = 0;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
if (cfx->buflen + size < cfx->bufsize)
n = size;
else
n = cfx->bufsize - cfx->buflen;
g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting * g10/cipher-aead.c (do_hash): Add faster path for encrypting directly from input buffer instead of memcpying then encrypting inplace. -- When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as taking largest portion of computation time. Patch adds fast path for AEAD encryption which largely eliminates need for memcpying when doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s to 4.2GB/s on said system (1.9x faster). GnuPG-bug-id: T5828 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-11 18:29:33 +01:00
if (cfx->buflen % fast_threshold != 0)
{
/* Attempt to align cfx->buflen to fast threshold size first. */
size_t nalign = fast_threshold - (cfx->buflen % fast_threshold);
if (nalign < n)
{
n = nalign;
}
}
else if (cfx->buflen == 0 && n >= fast_threshold)
{
/* Handle large input buffers as multiple of cipher blocksize. */
n = (n / 16) * 16;
}
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB. * g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen computation. (do_free): Add dummy encryption. Close the cipher handle. * g10/decrypt-data.c (aead_underflow): Rewrite. -- Until we have integrated test into the test suite extensive tests can also be done with a script like this: --8<---------------cut here---------------start------------->8--- #!/bin/sh set -e GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback" GPG="$GPG --passphrase abc --batch" MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata" for chunksize in 6 7 12 13 14 30; do for count in $(seq 1 200) $(seq 8100 8200) \ $(seq 16350 16400) $(seq 20000 20100); do if [ ! -f "testfile-$count" ]; then $MKTDATA $count >"testfile-$count" fi echo "testing chunk size 2^$chunksize with $count bytes" $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \ -c --chunk-size $chunksize \ <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null if ! cmp "testfile-$count" "testfile-$count.out"; then echo "FAILED comparing count $count" >&2 exit 1 fi done done echo All good --8<---------------cut here---------------end--------------->8--- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 13:45:05 +01:00
if (cfx->chunklen + cfx->buflen + n >= cfx->chunksize)
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
{
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB. * g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen computation. (do_free): Add dummy encryption. Close the cipher handle. * g10/decrypt-data.c (aead_underflow): Rewrite. -- Until we have integrated test into the test suite extensive tests can also be done with a script like this: --8<---------------cut here---------------start------------->8--- #!/bin/sh set -e GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback" GPG="$GPG --passphrase abc --batch" MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata" for chunksize in 6 7 12 13 14 30; do for count in $(seq 1 200) $(seq 8100 8200) \ $(seq 16350 16400) $(seq 20000 20100); do if [ ! -f "testfile-$count" ]; then $MKTDATA $count >"testfile-$count" fi echo "testing chunk size 2^$chunksize with $count bytes" $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \ -c --chunk-size $chunksize \ <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null if ! cmp "testfile-$count" "testfile-$count.out"; then echo "FAILED comparing count $count" >&2 exit 1 fi done done echo All good --8<---------------cut here---------------end--------------->8--- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 13:45:05 +01:00
size_t n1 = cfx->chunksize - (cfx->chunklen + cfx->buflen);
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
finalize = 1;
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_FILTER)
gpg: Replace use of PRIu64 in log_debug * g10/cipher-aead.c (do_flush): Use %llu and a cast. * g10/decrypt-data.c (aead_underflow): Ditto. -- Fixes-commit: b2cedc108d5cabb07f496c31c11c9cba6f328f76 We don't use the system's printf but the one implemented by us (gpgrt's estream-printf) thus the PRIu64 may or may not be correct. We can't do much about the -Wformat errors due to our different implementation.
2022-12-16 15:33:46 +01:00
log_debug ("chunksize %llu reached;"
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
" cur buflen=%zu using %zu of %zu\n",
gpg: Replace use of PRIu64 in log_debug * g10/cipher-aead.c (do_flush): Use %llu and a cast. * g10/decrypt-data.c (aead_underflow): Ditto. -- Fixes-commit: b2cedc108d5cabb07f496c31c11c9cba6f328f76 We don't use the system's printf but the one implemented by us (gpgrt's estream-printf) thus the PRIu64 may or may not be correct. We can't do much about the -Wformat errors due to our different implementation.
2022-12-16 15:33:46 +01:00
(unsigned long long)cfx->chunksize, cfx->buflen,
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
n1, n);
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
n = n1;
}
g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting * g10/cipher-aead.c (do_hash): Add faster path for encrypting directly from input buffer instead of memcpying then encrypting inplace. -- When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as taking largest portion of computation time. Patch adds fast path for AEAD encryption which largely eliminates need for memcpying when doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s to 4.2GB/s on said system (1.9x faster). GnuPG-bug-id: T5828 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-11 18:29:33 +01:00
if (!finalize && cfx->buflen % 16 == 0 && cfx->buflen > 0
&& size >= fast_threshold)
{
/* If cfx->buffer is aligned and remaining input buffer length
* is long, encrypt cfx->buffer inplace now to allow fast path
* handling on next loop iteration. */
src_buf = cfx->buffer;
enc_now = 1;
n = 0;
}
else if (cfx->buflen == 0 && n >= fast_threshold)
{
/* Fast path for large input buffer. This avoids memcpy and
* instead encrypts directly from input to cfx->buffer. */
log_assert (n % 16 == 0 || finalize);
src_buf = buf;
cfx->buflen = n;
buf += n;
size -= n;
enc_now = 1;
}
else if (n > 0)
{
memcpy (cfx->buffer + cfx->buflen, buf, n);
src_buf = cfx->buffer;
cfx->buflen += n;
buf += n;
size -= n;
}
if (cfx->buflen == cfx->bufsize || enc_now || finalize)
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
{
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_FILTER)
g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting * g10/cipher-aead.c (do_hash): Add faster path for encrypting directly from input buffer instead of memcpying then encrypting inplace. -- When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as taking largest portion of computation time. Patch adds fast path for AEAD encryption which largely eliminates need for memcpying when doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s to 4.2GB/s on said system (1.9x faster). GnuPG-bug-id: T5828 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-11 18:29:33 +01:00
log_debug ("encrypting: size=%zu buflen=%zu %s%s n=%zu\n",
size, cfx->buflen, finalize?"(finalize)":"",
enc_now?"(now)":"", n);
gpg: Avoid writing a zero length last chunk in AEAD mode. * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad. (write_final_chunk): Do not increase chunkindex. (do_flush): Call set_nonce_and_ad immediately before the first encryption of a chunk. Bump up the chunkindex after writing the tag. (do_free): Do not insert a zero length last chunk. * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug. -- This fixes a bug in writing a zero length last chunk right before the final chunk (which has by design a zero length). We also need to adjust the decryption part because that assumed this zero length last chunk. Note that we use the term "last chunk" for the chunk which directly precedes the "final chunk" which ends the entire encryption. GnuPG-bug-id: 3774 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 09:31:39 +01:00
if (!cfx->chunklen)
{
if (DBG_FILTER)
log_debug ("start encrypting a new chunk\n");
err = set_nonce_and_ad (cfx, 0);
if (err)
goto leave;
}
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
if (finalize)
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
gcry_cipher_final (cfx->cipher_hd);
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
if (DBG_FILTER)
{
if (finalize)
g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting * g10/cipher-aead.c (do_hash): Add faster path for encrypting directly from input buffer instead of memcpying then encrypting inplace. -- When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as taking largest portion of computation time. Patch adds fast path for AEAD encryption which largely eliminates need for memcpying when doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s to 4.2GB/s on said system (1.9x faster). GnuPG-bug-id: T5828 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-11 18:29:33 +01:00
log_printhex (src_buf, cfx->buflen, "plain(1):");
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
else if (cfx->buflen > 32)
g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting * g10/cipher-aead.c (do_hash): Add faster path for encrypting directly from input buffer instead of memcpying then encrypting inplace. -- When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as taking largest portion of computation time. Patch adds fast path for AEAD encryption which largely eliminates need for memcpying when doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s to 4.2GB/s on said system (1.9x faster). GnuPG-bug-id: T5828 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-11 18:29:33 +01:00
log_printhex (src_buf + cfx->buflen - 32, 32,
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
"plain(last32):");
}
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
/* Take care: even with a buflen of zero an encrypt needs to
* be called after gcry_cipher_final and before
* gcry_cipher_gettag - at least with libgcrypt 1.8 and OCB
* mode. */
g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting * g10/cipher-aead.c (do_hash): Add faster path for encrypting directly from input buffer instead of memcpying then encrypting inplace. -- When encrypting with AES256.OCB on AMD Ryzen 5800X, memcpy shows as taking largest portion of computation time. Patch adds fast path for AEAD encryption which largely eliminates need for memcpying when doing AEAD encryption. AES256.OCB throughput increases from 2.2GB/s to 4.2GB/s on said system (1.9x faster). GnuPG-bug-id: T5828 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2022-02-11 18:29:33 +01:00
err = gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer,
cfx->buflen, src_buf, cfx->buflen);
gpg: Avoid writing a zero length last chunk in AEAD mode. * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad. (write_final_chunk): Do not increase chunkindex. (do_flush): Call set_nonce_and_ad immediately before the first encryption of a chunk. Bump up the chunkindex after writing the tag. (do_free): Do not insert a zero length last chunk. * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug. -- This fixes a bug in writing a zero length last chunk right before the final chunk (which has by design a zero length). We also need to adjust the decryption part because that assumed this zero length last chunk. Note that we use the term "last chunk" for the chunk which directly precedes the "final chunk" which ends the entire encryption. GnuPG-bug-id: 3774 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 09:31:39 +01:00
if (err)
goto leave;
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
if (finalize && DBG_FILTER)
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
log_printhex (cfx->buffer, cfx->buflen, "ciphr(1):");
err = my_iobuf_write (a, cfx->buffer, cfx->buflen);
if (err)
goto leave;
cfx->chunklen += cfx->buflen;
cfx->total += cfx->buflen;
cfx->buflen = 0;
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
if (finalize)
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
{
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_FILTER)
gpg: Avoid writing a zero length last chunk in AEAD mode. * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad. (write_final_chunk): Do not increase chunkindex. (do_flush): Call set_nonce_and_ad immediately before the first encryption of a chunk. Bump up the chunkindex after writing the tag. (do_free): Do not insert a zero length last chunk. * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug. -- This fixes a bug in writing a zero length last chunk right before the final chunk (which has by design a zero length). We also need to adjust the decryption part because that assumed this zero length last chunk. Note that we use the term "last chunk" for the chunk which directly precedes the "final chunk" which ends the entire encryption. GnuPG-bug-id: 3774 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 09:31:39 +01:00
log_debug ("writing tag: chunklen=%ju total=%ju\n",
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
(uintmax_t)cfx->chunklen, (uintmax_t)cfx->total);
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
err = write_auth_tag (cfx, a);
if (err)
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
goto leave;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
cfx->chunkindex++;
cfx->chunklen = 0;
gpg: Merge two functions in cipher-aead.c * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ... (set_nonce_and_ad): new function. (write_auth_tag): Print error message here. (do_flush): Rename var newchunk to finalize. -- There is no need to have separate functions here. We should also print a error message for writing the final tag. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:36:46 +01:00
finalize = 0;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
}
}
}
while (size);
leave:
return err;
}
/* The core of the free sub-function of cipher_filter_aead. */
static gpg_error_t
do_free (cipher_filter_context_t *cfx, iobuf_t a)
{
gpg_error_t err = 0;
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB. * g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen computation. (do_free): Add dummy encryption. Close the cipher handle. * g10/decrypt-data.c (aead_underflow): Rewrite. -- Until we have integrated test into the test suite extensive tests can also be done with a script like this: --8<---------------cut here---------------start------------->8--- #!/bin/sh set -e GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback" GPG="$GPG --passphrase abc --batch" MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata" for chunksize in 6 7 12 13 14 30; do for count in $(seq 1 200) $(seq 8100 8200) \ $(seq 16350 16400) $(seq 20000 20100); do if [ ! -f "testfile-$count" ]; then $MKTDATA $count >"testfile-$count" fi echo "testing chunk size 2^$chunksize with $count bytes" $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \ -c --chunk-size $chunksize \ <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null if ! cmp "testfile-$count" "testfile-$count.out"; then echo "FAILED comparing count $count" >&2 exit 1 fi done done echo All good --8<---------------cut here---------------end--------------->8--- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 13:45:05 +01:00
if (DBG_FILTER)
log_debug ("do_free: buflen=%zu\n", cfx->buflen);
Fix the previous commit. -- Fixes-commit: 903c5fe369bc4948718a7d2a0e19b1acdb2406c4 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-23 01:12:07 +01:00
if (cfx->chunklen || cfx->buflen)
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
{
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_FILTER)
gpg: Avoid writing a zero length last chunk in AEAD mode. * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad. (write_final_chunk): Do not increase chunkindex. (do_flush): Call set_nonce_and_ad immediately before the first encryption of a chunk. Bump up the chunkindex after writing the tag. (do_free): Do not insert a zero length last chunk. * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug. -- This fixes a bug in writing a zero length last chunk right before the final chunk (which has by design a zero length). We also need to adjust the decryption part because that assumed this zero length last chunk. Note that we use the term "last chunk" for the chunk which directly precedes the "final chunk" which ends the entire encryption. GnuPG-bug-id: 3774 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 09:31:39 +01:00
log_debug ("encrypting last %zu bytes of the last chunk\n",cfx->buflen);
if (!cfx->chunklen)
{
if (DBG_FILTER)
log_debug ("start encrypting a new chunk\n");
err = set_nonce_and_ad (cfx, 0);
if (err)
goto leave;
}
gcry_cipher_final (cfx->cipher_hd);
err = gcry_cipher_encrypt (cfx->cipher_hd, cfx->buffer, cfx->buflen,
NULL, 0);
if (err)
goto leave;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
err = my_iobuf_write (a, cfx->buffer, cfx->buflen);
if (err)
goto leave;
/* log_printhex (cfx->buffer, cfx->buflen, "wrote:"); */
cfx->chunklen += cfx->buflen;
cfx->total += cfx->buflen;
gpg: Avoid writing a zero length last chunk in AEAD mode. * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad. (write_final_chunk): Do not increase chunkindex. (do_flush): Call set_nonce_and_ad immediately before the first encryption of a chunk. Bump up the chunkindex after writing the tag. (do_free): Do not insert a zero length last chunk. * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug. -- This fixes a bug in writing a zero length last chunk right before the final chunk (which has by design a zero length). We also need to adjust the decryption part because that assumed this zero length last chunk. Note that we use the term "last chunk" for the chunk which directly precedes the "final chunk" which ends the entire encryption. GnuPG-bug-id: 3774 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 09:31:39 +01:00
/* Get and write the authentication tag. */
if (DBG_FILTER)
log_debug ("writing tag: chunklen=%ju total=%ju\n",
(uintmax_t)cfx->chunklen, (uintmax_t)cfx->total);
err = write_auth_tag (cfx, a);
if (err)
goto leave;
cfx->chunkindex++;
cfx->chunklen = 0;
}
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
/* Write the final chunk. */
gpg: New option --chunk-size. * g10/gpg.c (opts): New option --chunk-size. (oChunkSize): New const. (build_list_aead_test_algo, build_list_aead_algo_name): New. (my_strusage): List AEAD algos. (main): Implement --chunk-size.. * g10/options.h (struct opt): Add field 'chunk_size'. (DBG_IPC): Remove duplicated macro. * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version. * g10/misc.c (openpgp_aead_test_algo): Ditto. * g10/cipher-aead.c: Silence if not in debug mode. * g10/decrypt-data.c: Ditto. -- And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
if (DBG_FILTER)
log_debug ("creating final chunk\n");
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
err = write_final_chunk (cfx, a);
leave:
xfree (cfx->buffer);
cfx->buffer = NULL;
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB. * g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen computation. (do_free): Add dummy encryption. Close the cipher handle. * g10/decrypt-data.c (aead_underflow): Rewrite. -- Until we have integrated test into the test suite extensive tests can also be done with a script like this: --8<---------------cut here---------------start------------->8--- #!/bin/sh set -e GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback" GPG="$GPG --passphrase abc --batch" MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata" for chunksize in 6 7 12 13 14 30; do for count in $(seq 1 200) $(seq 8100 8200) \ $(seq 16350 16400) $(seq 20000 20100); do if [ ! -f "testfile-$count" ]; then $MKTDATA $count >"testfile-$count" fi echo "testing chunk size 2^$chunksize with $count bytes" $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \ -c --chunk-size $chunksize \ <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null if ! cmp "testfile-$count" "testfile-$count.out"; then echo "FAILED comparing count $count" >&2 exit 1 fi done done echo All good --8<---------------cut here---------------end--------------->8--- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 13:45:05 +01:00
gcry_cipher_close (cfx->cipher_hd);
cfx->cipher_hd = NULL;
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
return err;
}
gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
/*
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
* This filter is used to encrypt data with an AEAD algorithm
gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
*/
int
cipher_filter_aead (void *opaque, int control,
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
iobuf_t a, byte *buf, size_t *ret_len)
gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
{
cipher_filter_context_t *cfx = opaque;
size_t size = *ret_len;
int rc = 0;
if (control == IOBUFCTRL_UNDERFLOW) /* decrypt */
{
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
rc = -1; /* not used */
gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
}
else if (control == IOBUFCTRL_FLUSH) /* encrypt */
{
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
if (!cfx->wrote_header && (rc=write_header (cfx, a)))
;
else
rc = do_flush (cfx, a, buf, size);
gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
}
else if (control == IOBUFCTRL_FREE)
{
gpg: First take on PKT_ENCRYPTED_AEAD. * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const. * g10/dek.h (DEK): Increase size of use_aead to 4 bits. * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD. * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and chunkbyte. * g10/build-packet.c (do_encrypted_aead): New. (build_packet): Call it. * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD. (parse_one_sig_subpkt, can_handle_critical): Ditto. (parse_encrypted): Clear new PKT_ENCRYPTED fields. (parse_encrypted_aead): New. (parse): Call it. * g10/gpg.c (main): Take care of --rfc4880bis option when checking compliance. * g10/cipher-aead.c: Replace the stub by real code. * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with AEAD. (aead_set_nonce): New. (aead_set_ad): New. (decrypt_data): Support AEAD. (aead_underflow): New. (aead_decode_filter): New. * g10/encrypt.c (use_aead): Make that new fucntion work. (encrypt_simple): Use default_aead_algo() instead of EAX. * g10/mainproc.c (proc_encrypted): Support AEAD. (do_proc_packets): Support PKT_ENCRYPTED_AEAD. -- This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:24:43 +01:00
rc = do_free (cfx, a);
gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
}
else if (control == IOBUFCTRL_DESC)
{
mem2str (buf, "cipher_filter_aead", *ret_len);
}
gpg: Report BEGIN_* status before examining the input. * common/miscellaneous.c (is_openpgp_compressed_packet) (is_file_compressed): Moved to ... * common/iobuf.c: ... in this file. (is_file_compressed): Change the argument to INP, the iobuf. * common/util.h (is_file_compressed): Remove. * common/iobuf.h (is_file_compressed): Add. * g10/cipher-aead.c (write_header): Don't call write_status_printf here. (cipher_filter_aead): Call write_status_printf when called with IOBUFCTRL_INIT. * g10/cipher-cfb.c (write_header): Don't call write_status_printf here. (cipher_filter_cfb): Call write_status_printf when called with IOBUFCTRL_INIT. * g10/encrypt.c (encrypt_simple): Use new is_file_compressed function, after call of iobuf_push_filter. (encrypt_crypt): Likewise. * g10/sign.c (sign_file): Likewise. -- GnuPG-bug-id: 6481 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-24 03:36:04 +02:00
else if (control == IOBUFCTRL_INIT)
{
write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
cfx->dek->algo, cfx->dek->use_aead);
}
gpg: Add stub function for encrypting AEAD. * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb. * g10/cipher-aead.c: New. Right now only with a stub function. * g10/Makefile.am (gpg_sources): Add file. * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or cipher_filter_aead. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
return rc;
}
Copy Permalink