diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2022-12-19 14:37:17 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2022-12-19 15:35:19 +0100 |
commit | 0d50bd8ee5380dd8db1d04569d2b97c15292cd78 (patch) | |
tree | 8ed0fb7fba332d71b39b23221a5930b28386899d | |
parent | 819f5cd82c5aca0179f3f120f4ebfd60ef912809 (diff) |
drop the chunk size parameter from SEIPv2.justus/openpgp-next-drop-the-chunk-size
-rw-r--r-- | openpgp/src/crypto/aead.rs | 9 | ||||
-rw-r--r-- | openpgp/src/packet/seip/v2.rs | 48 | ||||
-rw-r--r-- | openpgp/src/parse.rs | 26 | ||||
-rw-r--r-- | openpgp/src/serialize.rs | 3 | ||||
-rw-r--r-- | openpgp/src/serialize/stream.rs | 5 | ||||
-rw-r--r-- | sq/src/commands/dump.rs | 1 |
6 files changed, 13 insertions, 79 deletions
diff --git a/openpgp/src/crypto/aead.rs b/openpgp/src/crypto/aead.rs index b82c86df..ee73bcfc 100644 --- a/openpgp/src/crypto/aead.rs +++ b/openpgp/src/crypto/aead.rs @@ -235,7 +235,7 @@ impl Schedule for AEDv1Schedule { } } -const SEIP2AD_PREFIX_LEN: usize = 5; +const SEIP2AD_PREFIX_LEN: usize = 4; pub(crate) struct SEIPv2Schedule { iv: Box<[u8]>, ad: [u8; SEIP2AD_PREFIX_LEN], @@ -246,14 +246,8 @@ impl SEIPv2Schedule { pub(crate) fn new(session_key: &SessionKey, sym_algo: SymmetricAlgorithm, aead: AEADAlgorithm, - chunk_size: usize, salt: &[u8]) -> Result<(SessionKey, Self)> { - if !(MIN_CHUNK_SIZE..=MAX_CHUNK_SIZE).contains(&chunk_size) { - return Err(Error::InvalidArgument( - format!("Invalid AEAD chunk size: {}", chunk_size)).into()); - } - eprintln!("### Decryption of data Starting AEAD-{:?} decryption of data, using the session key.\n", aead); @@ -269,7 +263,6 @@ Starting AEAD-{:?} decryption of data, using the session key.\n", aead); 2, // Version. sym_algo.into(), aead.into(), - chunk_size.trailing_zeros() as u8 - 6, ]; dump_rfc("HKDF info", &ad); hkdf_sha256(session_key, Some(salt), &ad, &mut key_iv); diff --git a/openpgp/src/packet/seip/v2.rs b/openpgp/src/packet/seip/v2.rs index 85d02289..1ba6771d 100644 --- a/openpgp/src/packet/seip/v2.rs +++ b/openpgp/src/packet/seip/v2.rs @@ -3,7 +3,6 @@ //! An encrypted data packet is a container. See [XXX] for details. use crate::{ - Error, packet::{ self, Packet, @@ -36,8 +35,6 @@ pub struct SEIP2 { sym_algo: SymmetricAlgorithm, /// AEAD algorithm. aead: AEADAlgorithm, - /// Chunk size. - chunk_size: u64, /// Salt. salt: [u8; 32], @@ -61,28 +58,17 @@ impl std::ops::DerefMut for SEIP2 { } impl SEIP2 { + /// The size of chunks that are encrypted and integrity protected. + pub const CHUNK_SIZE: usize = 16384; + /// Creates a new SEIP2 packet. pub fn new(sym_algo: SymmetricAlgorithm, aead: AEADAlgorithm, - chunk_size: u64, salt: [u8; 32]) -> Result<Self> { - if chunk_size.count_ones() != 1 { - return Err(Error::InvalidArgument( - format!("chunk size is not a power of two: {}", chunk_size)) - .into()); - } - - if chunk_size < 64 { - return Err(Error::InvalidArgument( - format!("chunk size is too small: {}", chunk_size)) - .into()); - } - Ok(SEIP2 { common: Default::default(), sym_algo, aead, - chunk_size, salt, container: Default::default(), }) @@ -109,34 +95,6 @@ impl SEIP2 { std::mem::replace(&mut self.aead, aead) } - /// Gets the chunk size. - pub fn chunk_size(&self) -> u64 { - self.chunk_size - } - - /// Sets the chunk size. - pub fn set_chunk_size(&mut self, chunk_size: u64) -> Result<()> { - if chunk_size.count_ones() != 1 { - return Err(Error::InvalidArgument( - format!("chunk size is not a power of two: {}", chunk_size)) - .into()); - } - - if chunk_size < 64 { - return Err(Error::InvalidArgument( - format!("chunk size is too small: {}", chunk_size)) - .into()); - } - - self.chunk_size = chunk_size; - Ok(()) - } - - /// Gets the size of a chunk with a digest. - pub fn chunk_digest_size(&self) -> Result<u64> { - Ok(self.chunk_size + self.aead.digest_size()? as u64) - } - /// Gets the salt. pub fn salt(&self) -> &[u8; 32] { &self.salt diff --git a/openpgp/src/parse.rs b/openpgp/src/parse.rs index 3b3ee199..361fe85e 100644 --- a/openpgp/src/parse.rs +++ b/openpgp/src/parse.rs @@ -2848,21 +2848,12 @@ impl SEIP2 { php_try!(php.parse_u8("sym_algo")).into(); let aead: AEADAlgorithm = php_try!(php.parse_u8("aead_algo")).into(); - let chunk_size = php_try!(php.parse_u8("chunk_size")); - // DRAFT 4880bis-08, section 5.16: "An implementation MUST - // support chunk size octets with values from 0 to 56. Chunk - // size octets with other values are reserved for future - // extensions." - if chunk_size > 56 { - return php.fail("unsupported chunk size"); - } - let chunk_size: u64 = 1 << (chunk_size + 6); let salt_v = php_try!(php.parse_bytes("salt", 32)); let mut salt = [0u8; 32]; salt.copy_from_slice(&salt_v); - let seip2 = php_try!(Self::new(cipher, aead, chunk_size, salt)); + let seip2 = php_try!(Self::new(cipher, aead, salt)); php.ok(seip2.into()).map(|pp| pp.set_encrypted(true)) } } @@ -5394,9 +5385,6 @@ impl<'a> PacketParser<'a> { }, Packet::SEIP(SEIP::V2(seip)) => { - let chunk_size = - aead::chunk_size_usize(seip.chunk_size())?; - // Read the first chunk and check whether we can // decrypt it using the provided key. Don't actually // consume them in case we can't. @@ -5406,23 +5394,22 @@ impl<'a> PacketParser<'a> { // it has a partial block and it needs to verify // the final chunk. let amount = aead::chunk_size_usize( - seip.chunk_digest_size()? - + seip.aead().digest_size()? as u64)?; + 4096 + + 2 * seip.aead().digest_size()? as u64)?; let data = self.data(amount)?; let (message_key, schedule) = aead::SEIPv2Schedule::new( &key, seip.symmetric_algo(), seip.aead(), - chunk_size, seip.salt())?; let dec = aead::Decryptor::new( - seip.symmetric_algo(), seip.aead(), chunk_size, + seip.symmetric_algo(), seip.aead(), SEIP2::CHUNK_SIZE, schedule, message_key, &data[..cmp::min(data.len(), amount)])?; let mut chunk = Vec::new(); - dec.take(seip.chunk_size() as u64).read_to_end(&mut chunk)?; + dec.take(SEIP2::CHUNK_SIZE as u64).read_to_end(&mut chunk)?; } // Ok, we can decrypt the data. Push a Decryptor and @@ -5434,12 +5421,11 @@ impl<'a> PacketParser<'a> { &key, seip.symmetric_algo(), seip.aead(), - chunk_size, seip.salt())?; let reader = self.take_reader(); let mut reader = aead::BufferedReaderDecryptor::with_cookie( - seip.symmetric_algo(), seip.aead(), chunk_size, + seip.symmetric_algo(), seip.aead(), SEIP2::CHUNK_SIZE, schedule, message_key, reader, Cookie::default()).unwrap(); reader.cookie_mut().level = Some(self.recursion_depth()); diff --git a/openpgp/src/serialize.rs b/openpgp/src/serialize.rs index 4cb84d3b..bf245151 100644 --- a/openpgp/src/serialize.rs +++ b/openpgp/src/serialize.rs @@ -2487,8 +2487,7 @@ impl SEIP2 { fn serialize_headers(&self, o: &mut dyn std::io::Write) -> Result<()> { o.write_all(&[2, // Version. self.symmetric_algo().into(), - self.aead().into(), - self.chunk_size().trailing_zeros() as u8 - 6])?; + self.aead().into()])?; o.write_all(self.salt())?; Ok(()) } diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 2be56f23..b2ea94d6 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -2935,14 +2935,13 @@ impl<'a> Encryptor<'a> { CTB::new(Tag::SEIP).serialize(&mut inner)?; let mut inner = PartialBodyFilter::new(Message::from(inner), Cookie::new(level)); - let seip = SEIP2::new(self.sym_algo, aead.algo, - aead.chunk_size as u64, aead.salt)?; + let seip = SEIP2::new(self.sym_algo, aead.algo, aead.salt)?; seip.serialize_headers(&mut inner)?; use crate::crypto::aead::SEIPv2Schedule; let (message_key, schedule) = SEIPv2Schedule::new( &sk, - seip.symmetric_algo(), seip.aead(), aead.chunk_size, + seip.symmetric_algo(), seip.aead(), seip.salt())?; writer::AEADEncryptor::new( diff --git a/sq/src/commands/dump.rs b/sq/src/commands/dump.rs index 10d4c11e..43395a34 100644 --- a/sq/src/commands/dump.rs +++ b/sq/src/commands/dump.rs @@ -694,7 +694,6 @@ impl PacketDumper { openpgp::packet::SEIP::V2(s) => { writeln!(output, "{} Symmetric algo: {}", i, s.symmetric_algo())?; writeln!(output, "{} AEAD mode: {}", i, s.aead())?; - writeln!(output, "{} Chunk size: {}", i, s.chunk_size())?; writeln!(output, "{} Salt: {}", i, hex::encode(s.salt()))?; }, _ => (), // V1 has no fields, others we don't know. |