diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2019-08-20 14:12:44 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2019-08-20 14:18:06 +0200 |
| commit | c59bb02c794294e62da3259561e439ab78e04560 (patch) | |
| tree | edb06817e9bdea49456c1aeaf7edef1a7cf0e546 | |
| parent | f39af0ed274f85fab408000d68a9395f40b392c2 (diff) | |
openpgp: Make choice of AEAD algorithm explicit.
- Automatically using AEAD if all recipients claim support is a
policy decision, which we'd rather avoid in the openpgp crate.
- Fixes #293.
| -rw-r--r-- | guide/src/chapter_02.md | 8 | ||||
| -rw-r--r-- | ipc/tests/gpg-agent.rs | 2 | ||||
| -rw-r--r-- | openpgp-ffi/examples/encrypt-for.c | 3 | ||||
| -rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 3 | ||||
| -rw-r--r-- | openpgp-ffi/src/serialize.rs | 12 | ||||
| -rw-r--r-- | openpgp/examples/encrypt-for.rs | 2 | ||||
| -rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/autocrypt.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 29 | ||||
| -rw-r--r-- | tool/src/commands/mod.rs | 2 |
10 files changed, 37 insertions, 28 deletions
diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index 06d38342..7794436e 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -57,7 +57,7 @@ fn main() { # &[], // No symmetric encryption. # &[recipient], # EncryptionMode::ForTransport, -# None)?; +# None, None)?; # # // Emit a literal data packet. # let mut literal_writer = LiteralWriter::new( @@ -191,7 +191,7 @@ fn generate() -> openpgp::Result<openpgp::TPK> { # &[], // No symmetric encryption. # &[recipient], # EncryptionMode::ForTransport, -# None)?; +# None, None)?; # # // Emit a literal data packet. # let mut literal_writer = LiteralWriter::new( @@ -325,7 +325,7 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) &[], // No symmetric encryption. &[recipient], EncryptionMode::ForTransport, - None)?; + None, None)?; // Emit a literal data packet. let mut literal_writer = LiteralWriter::new( @@ -473,7 +473,7 @@ Decrypted data can be read from this using [`io::Read`]. # &[], // No symmetric encryption. # &[recipient], # EncryptionMode::ForTransport, -# None)?; +# None, None)?; # # // Emit a literal data packet. # let mut literal_writer = LiteralWriter::new( diff --git a/ipc/tests/gpg-agent.rs b/ipc/tests/gpg-agent.rs index 91439a67..ea07a4e1 100644 --- a/ipc/tests/gpg-agent.rs +++ b/ipc/tests/gpg-agent.rs @@ -208,7 +208,7 @@ fn decrypt() { &[], // No symmetric encryption. &[&tpk], EncryptionMode::ForTransport, - None).unwrap(); + None, None).unwrap(); // Emit a literal data packet. let mut literal_writer = LiteralWriter::new( diff --git a/openpgp-ffi/examples/encrypt-for.c b/openpgp-ffi/examples/encrypt-for.c index e3125dc3..31b643e3 100644 --- a/openpgp-ffi/examples/encrypt-for.c +++ b/openpgp-ffi/examples/encrypt-for.c @@ -48,7 +48,8 @@ main (int argc, char **argv) NULL, 0, /* no passwords */ &tpk, 1, PGP_ENCRYPTION_MODE_FOR_TRANSPORT, - 9 /* AES256 */); + 9 /* AES256 */, + 0 /* No AEAD */); if (writer == NULL) error (1, 0, "pgp_encryptor_new: %s", pgp_error_to_string (err)); diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 34611acb..1a7dc98d 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -1599,7 +1599,8 @@ pgp_writer_stack_t pgp_encryptor_new (pgp_error_t *errp, pgp_tpk_t *recipients, size_t recipients_len, pgp_encryption_mode_t mode, - uint8_t cipher_algo); + uint8_t cipher_algo, + uint8_t aead_algo); /*/ /// Frees this object. diff --git a/openpgp-ffi/src/serialize.rs b/openpgp-ffi/src/serialize.rs index 7c463fc4..1f0a7639 100644 --- a/openpgp-ffi/src/serialize.rs +++ b/openpgp-ffi/src/serialize.rs @@ -17,6 +17,7 @@ use self::openpgp::{ crypto::Password, }; use self::openpgp::constants::{ + AEADAlgorithm, DataFormat, HashAlgorithm, SymmetricAlgorithm, @@ -240,7 +241,8 @@ pub extern "C" fn pgp_encryptor_new passwords: Option<&*const c_char>, passwords_len: size_t, recipients: Option<&*const TPK>, recipients_len: size_t, encryption_mode: u8, - cipher_algo: u8) + cipher_algo: u8, + aead_algo: u8) -> *mut writer::Stack<'static, Cookie> { ffi_make_fry_from_errp!(errp); @@ -276,9 +278,15 @@ pub extern "C" fn pgp_encryptor_new } else { Some(cipher_algo.into()) }; + let aead_algo : Option<AEADAlgorithm> = if aead_algo == 0 { + None + } else { + Some(aead_algo.into()) + }; ffi_try_box!(Encryptor::new(*inner, &passwords_.iter().collect::<Vec<&Password>>(), &recipients[..], encryption_mode, - cipher_algo)) + cipher_algo, + aead_algo)) } diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs index 9b35623b..d416c321 100644 --- a/openpgp/examples/encrypt-for.rs +++ b/openpgp/examples/encrypt-for.rs @@ -50,7 +50,7 @@ fn main() { &[], // No symmetric encryption. &recipients, mode, - None) + None, None) .expect("Failed to create encryptor"); let mut literal_writer = LiteralWriter::new(encryptor, DataFormat::Binary, None, None) diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 50159825..b48c3d29 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -48,7 +48,7 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::TPK) &[], // No symmetric encryption. &[recipient], EncryptionMode::ForTransport, - None)?; + None, None)?; // Emit a literal data packet. let mut literal_writer = LiteralWriter::new( diff --git a/openpgp/src/autocrypt.rs b/openpgp/src/autocrypt.rs index 4f3d0ebb..86c1ccfc 100644 --- a/openpgp/src/autocrypt.rs +++ b/openpgp/src/autocrypt.rs @@ -471,7 +471,7 @@ impl AutocryptSetupMessage { &[ self.passcode.as_ref().unwrap() ], &[], EncryptionMode::ForTransport, - None)?; + None, None)?; let mut w = LiteralWriter::new(w, DataFormat::Binary, /* filename*/ None, /* date */ None)?; diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 7ce3ac81..f73c8f8c 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -903,7 +903,8 @@ impl<'a> Encryptor<'a> { /// let message = Message::new(&mut o); /// let encryptor = Encryptor::new(message, /// &[&"совершенно секретно".into()], - /// &[&tpk], EncryptionMode::AtRest, None) + /// &[&tpk], EncryptionMode::AtRest, None, + /// None) /// .expect("Failed to create encryptor"); /// let mut w = LiteralWriter::new(encryptor, DataFormat::Text, None, None)?; /// w.write_all(b"Hello world.")?; @@ -911,12 +912,14 @@ impl<'a> Encryptor<'a> { /// # Ok(()) /// # } /// ``` - pub fn new<C>(mut inner: writer::Stack<'a, Cookie>, - passwords: &[&Password], tpks: &[&TPK], - encryption_mode: EncryptionMode, - cipher_algo: C) - -> Result<writer::Stack<'a, Cookie>> - where C: Into<Option<SymmetricAlgorithm>> + pub fn new<C, A>(mut inner: writer::Stack<'a, Cookie>, + passwords: &[&Password], tpks: &[&TPK], + encryption_mode: EncryptionMode, + cipher_algo: C, + aead_algo: A) + -> Result<writer::Stack<'a, Cookie>> + where C: Into<Option<SymmetricAlgorithm>>, + A: Into<Option<AEADAlgorithm>> { if tpks.len() + passwords.len() == 0 { return Err(Error::InvalidArgument( @@ -929,15 +932,11 @@ impl<'a> Encryptor<'a> { nonce: Box<[u8]>, } - // Use AEAD if there are TPKs and all of them support AEAD. - let aead = if tpks.len() > 0 && tpks.iter().all(|t| { - t.primary_key_signature().map(|s| s.features().supports_aead()) - .unwrap_or(false) - }) { - let mut nonce = vec![0; AEADAlgorithm::EAX.iv_size()?]; + let aead = if let Some(algo) = aead_algo.into() { + let mut nonce = vec![0; algo.iv_size()?]; crypto::random(&mut nonce); Some(AEADParameters { - algo: AEADAlgorithm::EAX, // Must implement EAX. + algo: algo, chunk_size: 4096, // A page, 3 per mille overhead. nonce: nonce.into_boxed_slice(), }) @@ -1404,7 +1403,7 @@ mod test { let m = Message::new(&mut o); let encryptor = Encryptor::new( m, &passwords.iter().collect::<Vec<&Password>>(), - &[], EncryptionMode::ForTransport, None) + &[], EncryptionMode::ForTransport, None, None) .unwrap(); let mut literal = LiteralWriter::new(encryptor, DataFormat::Binary, None, None) diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 30a833a1..114a57e3 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -108,7 +108,7 @@ pub fn encrypt(store: &mut store::Store, &passwords_, &recipients, EncryptionMode::AtRest, - None) + None, None) .context("Failed to create encryptor")?; // Optionally sign message. |