1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00

gpg: Implement AEAD for SKESK packets.

* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD.  Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.

* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--

For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-01-23 12:07:25 +01:00
parent da3015e3c0
commit 9aab9167bc
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
11 changed files with 300 additions and 104 deletions

View file

@ -617,11 +617,8 @@ do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
IOBUF a = iobuf_temp();
log_assert (ctb_pkttype (ctb) == PKT_SYMKEY_ENC);
log_assert (enc->version == 4 || enc->version == 5);
/* The only acceptable version. */
log_assert( enc->version == 4 );
/* RFC 4880, Section 3.7. */
switch (enc->s2k.mode)
{
case 0: /* Simple S2K. */
@ -632,23 +629,26 @@ do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
default:
log_bug ("do_symkey_enc: s2k=%d\n", enc->s2k.mode);
}
iobuf_put( a, enc->version );
iobuf_put( a, enc->cipher_algo );
iobuf_put( a, enc->s2k.mode );
iobuf_put( a, enc->s2k.hash_algo );
if( enc->s2k.mode == 1 || enc->s2k.mode == 3 ) {
iobuf_write(a, enc->s2k.salt, 8 );
if( enc->s2k.mode == 3 )
iobuf_put(a, enc->s2k.count);
iobuf_put (a, enc->version);
iobuf_put (a, enc->cipher_algo);
if (enc->version == 5)
iobuf_put (a, enc->aead_algo);
iobuf_put (a, enc->s2k.mode);
iobuf_put (a, enc->s2k.hash_algo);
if (enc->s2k.mode == 1 || enc->s2k.mode == 3)
{
iobuf_write (a, enc->s2k.salt, 8);
if (enc->s2k.mode == 3)
iobuf_put (a, enc->s2k.count);
}
if( enc->seskeylen )
iobuf_write(a, enc->seskey, enc->seskeylen );
if (enc->seskeylen)
iobuf_write (a, enc->seskey, enc->seskeylen);
write_header(out, ctb, iobuf_get_temp_length(a) );
rc = iobuf_write_temp( out, a );
write_header (out, ctb, iobuf_get_temp_length(a));
rc = iobuf_write_temp (out, a);
iobuf_close(a);
return rc;
iobuf_close (a);
return rc;
}