diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2023-12-04 13:44:32 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2023-12-05 15:47:10 +0100 |
| commit | 319b2ba1e87fbd498254cb70bd83cfe2e9b2ebe5 (patch) | |
| tree | 329d7b913e0781add79736a2c186196d077b7ffe | |
| parent | a80ceabd970f51096d7dff4ef9aed15302687758 (diff) | |
openpgp: Reject "v5" AEAD Encrypted Data Packets.
- The proposal that once thought would end up as the next revision
of OpenPGP does not have the backing of the IETF OpenPGP working
group. We should not support it for the following reasons:
- Accepting it risks proliferation of a proprietary format.
- It is less scrutinized, and interactions with other versions
or features of the OpenPGP standard is not well understood.
Notably, as the "v5" AEAD encrypted data packet doesn't use key
space separation, it cannot protect against cross-algorithm
attacks, so now the question of which algorithms are safe to use
depends on which packet they are used with.
- Rejecting "v5" AEAD Encrypted Data Packets addresses these risks.
| -rw-r--r-- | openpgp/src/policy.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index a75cb4f1..80b93870 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -771,7 +771,7 @@ a_versioned_cutoff_list!(PacketTagCutoffList, Tag, 21, ACCEPT, // 17. UserAttribute. ACCEPT, // 18. SEIP. ACCEPT, // 19. MDC. - ACCEPT, // 20. AED. + REJECT, // 20. "v5" AED. ], // The versioned list overrides the unversioned list. So we only // need to tweak the above. diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index c0b64f0a..a11ac3ed 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -3687,7 +3687,7 @@ mod test { } } - let p = &P::new(); + let p = &crate::policy::NullPolicy::new(); for chunks in 0..3 { for msg_len in @@ -4070,7 +4070,7 @@ mod test { fn experimental_aead_encryptor() -> Result<()> { use std::io::Write; use crate::types::AEADAlgorithm; - use crate::policy::StandardPolicy; + use crate::policy::NullPolicy; use crate::serialize::stream::{ Message, Encryptor2, LiteralWriter, }; @@ -4113,7 +4113,7 @@ mod test { } } - let p = &StandardPolicy::new(); + let p = &NullPolicy::new(); let mut v = DecryptorBuilder::from_bytes(&sink)?.with_policy(p, None, Helper)?; let mut content = vec![]; v.read_to_end(&mut content)?; |