diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2022-04-27 14:01:47 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2022-04-27 14:15:22 +0200 |
| commit | 54b82569de73479aad369b4fdd82d7b7be25c988 (patch) | |
| tree | 4d3c001de8f6aad3d9a646e42019e9f3b6db8c97 /openpgp/src/crypto | |
| parent | 4c06bc409a15e6a9c1157ceefbc4dd9ccaa030e9 (diff) | |
openpgp: Consider ECDH KDF and KEK parameters in StandardPolicy.
- Previously, there were two issues:
- There is an implicit policy that constraints the symmetric
algorithm to AES. RFC6637 doesn't forbid other ciphers, so
arguably this should be made explicit and moved to the standard
policy. Only using AES seems to be a sane default choice and will
not impede interoperability in practice (notably, GnuPG constrains
to AES as well).
- We constrain hashes only based on their output length, and are
hence willing to use dubious combinations like (AES128, MD5).
- Constrain the parameters in StandardPolicy::key. Mention this in
the documentation.
- Fixes #839.
Diffstat (limited to 'openpgp/src/crypto')
| -rw-r--r-- | openpgp/src/crypto/ecdh.rs | 14 |
1 files changed, 2 insertions, 12 deletions
diff --git a/openpgp/src/crypto/ecdh.rs b/openpgp/src/crypto/ecdh.rs index 1c3e600b..5c2162e1 100644 --- a/openpgp/src/crypto/ecdh.rs +++ b/openpgp/src/crypto/ecdh.rs @@ -198,8 +198,6 @@ fn pkcs5_unpad(sk: Protected, target_len: usize) -> Result<Protected> { fn aes_key_wrap(algo: SymmetricAlgorithm, key: &Protected, plaintext: &Protected) -> Result<Vec<u8>> { - use crate::SymmetricAlgorithm::*; - if plaintext.len() % 8 != 0 { return Err(Error::InvalidArgument( "Plaintext must be a multiple of 8".into()).into()); @@ -209,10 +207,7 @@ fn aes_key_wrap(algo: SymmetricAlgorithm, key: &Protected, return Err(Error::InvalidArgument("Bad key size".into()).into()); } - let mut cipher = match algo { - AES128 | AES192 | AES256 => algo.make_encrypt_ecb(key)?, - _ => return Err(Error::UnsupportedSymmetricAlgorithm(algo).into()), - }; + let mut cipher = algo.make_encrypt_ecb(key)?; // Inputs: Plaintext, n 64-bit values {P1, P2, ..., Pn}, and // Key, K (the KEK). @@ -273,8 +268,6 @@ fn aes_key_wrap(algo: SymmetricAlgorithm, key: &Protected, fn aes_key_unwrap(algo: SymmetricAlgorithm, key: &Protected, ciphertext: &[u8]) -> Result<Protected> { - use crate::SymmetricAlgorithm::*; - if ciphertext.len() % 8 != 0 { return Err(Error::InvalidArgument( "Ciphertext must be a multiple of 8".into()).into()); @@ -284,10 +277,7 @@ fn aes_key_unwrap(algo: SymmetricAlgorithm, key: &Protected, return Err(Error::InvalidArgument("Bad key size".into()).into()); } - let mut cipher = match algo { - AES128 | AES192 | AES256 => algo.make_decrypt_ecb(key)?, - _ => return Err(Error::UnsupportedSymmetricAlgorithm(algo).into()), - }; + let mut cipher = algo.make_decrypt_ecb(key)?; // Inputs: Ciphertext, (n+1) 64-bit values {C0, C1, ..., Cn}, and // Key, K (the KEK). |