1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Make AEAD modes subject to compliance checks.

* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
--

Note that the AEAD modes are not yet approved for --compliance=de-vs

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-04-16 08:52:29 +02:00
parent 5c47e7825b
commit cec397e002
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -220,6 +220,8 @@ int
decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
{
decode_filter_ctx_t dfx;
enum gcry_cipher_modes ciphermode;
unsigned int startivlen;
byte *p;
int rc=0, c, i;
byte temp[32];
@ -243,9 +245,18 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
dek->algo_info_printed = 1;
}
if (ed->aead_algo)
{
rc = openpgp_aead_algo_info (ed->aead_algo, &ciphermode, &startivlen);
if (rc)
goto leave;
log_assert (startivlen <= sizeof dfx->startiv);
}
else
ciphermode = GCRY_CIPHER_MODE_CFB;
/* Check compliance. */
if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo,
GCRY_CIPHER_MODE_CFB))
if (!gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, ciphermode))
{
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
openpgp_cipher_algo_name (dek->algo),
@ -286,20 +297,12 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
if (ed->aead_algo)
{
enum gcry_cipher_modes ciphermode;
unsigned int startivlen;
if (blocksize != 16)
{
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
goto leave;
}
rc = openpgp_aead_algo_info (ed->aead_algo, &ciphermode, &startivlen);
if (rc)
goto leave;
log_assert (startivlen <= sizeof dfx->startiv);
if (ed->chunkbyte > 56)
{
log_error ("invalid AEAD chunkbyte %u\n", ed->chunkbyte);