security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Support OCB encryption.

Browse source 
* g10/build-packet.c (do_encrypted_aead): New.
(do_symkey_enc): Handle version 5.
(build_packet): Support the ENCRYPTED_AEAD packet.
* g10/cipher.c (MIN_PARTIAL_SIZE): Remove unused macro.
(AEAD_ENC_BUFFER_SIZE): New macro.
(my_iobuf_write): New.
(write_header): Rename to write_cfb_header.  Adjust caller.
(set_ocb_nonce_and_ad): New.
(write_ocb_header): New.
(write_ocb_auth_tag): New.
(write_ocb_final_chunk): New.
(do_ocb_flush): New.
(do_ocb_free): New.
(cipher_filter_ocb): New.
* g10/filter.h (cipher_filter_context_t): Add fields for AEAD.
* g10/encrypt.c (encrypt_symmetric): For the use of a session key in
OCB mode.
(encrypt_seskey): Revamp to support OCB.
(use_aead): New.
(encrypt_simple): Support OCB.
(write_symkey_enc): Ditto.
(encrypt_crypt): Ditto.
(encrypt_filter): Handle OCB.
* g10/options.h (opt): Add field force_ocb.
* g10/gpg.c (oForceOCB): New.
(opts): New option "--force-ocb".
(main): Set force_ocb option.
* g10/gpgcompose.c (encrypt_seskey): New.
* g10/keygen.c (aead_available): New global var.
(keygen_set_std_prefs): Set AEAD feature by default in GNUPG mode. Add
parings of aead feature flag.
(keygen_get_std_prefs): Set aead flag.
(add_feature_aead): New.
(keygen_upd_std_prefs): Set OCB as preference if AEAD is enabled.
* g10/pkclist.c (select_aead_from_pklist): New.
(warn_missing_aead_from_pklist): New.
(select_mdc_from_pklist): Remove this unused function.
--

This extends the long available OCB and EAX decryption feature.  Due
to the meanwhile expired patent on OCB there is no more reason for
using EAX.  Thus we forcefully use OCB if the AEAD feature flag is set
on a key.

In GNUPG mode new keys are now created with the AEAD feature flag set.
Option --rfc4880 is one way to disable this.

GnuPG-bug-id: 6263
This commit is contained in:
Werner Koch 2022-10-31 14:33:10 +01:00
parent aa397fdcdb
commit a545e14e8a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
15 changed files with 942 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

41
g10/pkclist.c
View file

@ -1648,36 +1648,37 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
return result;
}
/*
* Select the MDC flag from the pk_list. We can only use MDC if all
* recipients support this feature.
*/
int
select_mdc_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
if ( !pk_list )
/* Select the AEAD flag from the pk_list. We can only use AEAD if all
* recipients support this feature. Returns the AEAD to be used or 0
* if AEAD shall not be used. */
aead_algo_t
select_aead_from_pklist (PK_LIST pk_list)
{
pk_list_t pkr;
int aead;
if (!pk_list)
return 0;
for (pkr = pk_list; pkr; pkr = pkr->next)
{
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
aead = pkr->pk->user_id->flags.aead;
else
mdc = pkr->pk->flags.mdc;
if (!mdc)
aead = pkr->pk->flags.aead;
if (!aead)
return 0; /* At least one recipient does not support it. */
}
return 1; /* Can be used. */
return AEAD_ALGO_OCB; /* Yes, AEAD can be used. */
}
/* Print a warning for all keys in PK_LIST missing the MDC feature. */
/* Print a warning for all keys in PK_LIST missing the AEAD feature
* flag or AEAD algorithms. */
void
warn_missing_mdc_from_pklist (PK_LIST pk_list)
warn_missing_aead_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
@ -1686,12 +1687,12 @@ warn_missing_mdc_from_pklist (PK_LIST pk_list)
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
mdc = pkr->pk->user_id->flags.aead;
else
mdc = pkr->pk->flags.mdc;
mdc = pkr->pk->flags.aead;
if (!mdc)
log_info (_("Note: key %s has no %s feature\n"),
keystr_from_pk (pkr->pk), "MDC");
keystr_from_pk (pkr->pk), "AEAD");
}
}