mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Support decryption of the new AEAD packet
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead. Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--
This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis. Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.
The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.
This patch is based on the current master (2.3) code base and includes
a few other patches. In particular
commit 44be675b75
(gpg: More check for symmetric key encryption.)
is included.
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
144b95cc9d
commit
1dfe71c62b
10 changed files with 907 additions and 68 deletions
29
g10/packet.h
29
g10/packet.h
|
|
@ -104,6 +104,8 @@ typedef struct {
|
|||
be different from the algorithm that is used to encrypt the SED
|
||||
packet.) */
|
||||
byte cipher_algo;
|
||||
/* The AEAD algorithm or 0 for CFB encryption. */
|
||||
byte aead_algo;
|
||||
/* The string-to-key specifier. */
|
||||
STRING2KEY s2k;
|
||||
/* The length of SESKEY in bytes or 0 if this packet does not
|
||||
|
|
@ -111,7 +113,8 @@ typedef struct {
|
|||
S2K function on the password is the session key. See RFC 4880,
|
||||
Section 5.3.) */
|
||||
byte seskeylen;
|
||||
/* The session key as encrypted by the S2K specifier. */
|
||||
/* The session key as encrypted by the S2K specifier. For AEAD this
|
||||
* includes the nonce and the authentication tag. */
|
||||
byte seskey[1];
|
||||
} PKT_symkey_enc;
|
||||
|
||||
|
|
@ -297,6 +300,7 @@ typedef struct
|
|||
struct
|
||||
{
|
||||
unsigned int mdc:1;
|
||||
unsigned int aead:1;
|
||||
unsigned int ks_modify:1;
|
||||
unsigned int compacted:1;
|
||||
unsigned int primary:2; /* 2 if set via the primary flag, 1 if calculated */
|
||||
|
|
@ -393,6 +397,7 @@ typedef struct
|
|||
struct
|
||||
{
|
||||
unsigned int mdc:1; /* MDC feature set. */
|
||||
unsigned int aead:1; /* AEAD feature set. */
|
||||
unsigned int disabled_valid:1;/* The next flag is valid. */
|
||||
unsigned int disabled:1; /* The key has been disabled. */
|
||||
unsigned int primary:1; /* This is a primary key. */
|
||||
|
|
@ -463,12 +468,13 @@ typedef struct {
|
|||
typedef struct {
|
||||
/* Remaining length of encrypted data. */
|
||||
u32 len;
|
||||
/* When encrypting, the first block size bytes of data are random
|
||||
data and the following 2 bytes are copies of the last two bytes
|
||||
of the random data (RFC 4880, Section 5.7). This provides a
|
||||
simple check that the key is correct. extralen is the size of
|
||||
this extra data. This is used by build_packet when writing out
|
||||
the packet's header. */
|
||||
/* When encrypting in CFB mode, the first block size bytes of data
|
||||
* are random data and the following 2 bytes are copies of the last
|
||||
* two bytes of the random data (RFC 4880, Section 5.7). This
|
||||
* provides a simple check that the key is correct. EXTRALEN is the
|
||||
* size of this extra data or, in AEAD mode, the length of the
|
||||
* headers and the tags. This is used by build_packet when writing
|
||||
* out the packet's header. */
|
||||
int extralen;
|
||||
/* Whether the serialized version of the packet used / should use
|
||||
the new format. */
|
||||
|
|
@ -480,6 +486,15 @@ typedef struct {
|
|||
/* If 0, MDC is disabled. Otherwise, the MDC method that was used
|
||||
(currently, only DIGEST_ALGO_SHA1 is supported). */
|
||||
byte mdc_method;
|
||||
/* If 0, AEAD is not used. Otherwise, the used AEAD algorithm.
|
||||
* MDC_METHOD (above) shall be zero if AEAD is used. */
|
||||
byte aead_algo;
|
||||
/* The cipher algo for/from the AEAD packet. 0 for other encryption
|
||||
* packets. */
|
||||
byte cipher_algo;
|
||||
/* The chunk byte from the AEAD packet. */
|
||||
byte chunkbyte;
|
||||
|
||||
/* An iobuf holding the data to be decrypted. (This is not used for
|
||||
encryption!) */
|
||||
iobuf_t buf;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue