diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2023-02-16 16:13:04 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2024-08-12 12:46:37 +0200 |
| commit | 30f7ea903ddc7752b9ac16335d89d2334ca46ff2 (patch) | |
| tree | 954d0d71ee4973482444e8350f90c2c4c9a84e37 /openpgp/src/serialize | |
| parent | fc2f93bb433b1df6aa1f94db6e20974faa348238 (diff) | |
openpgp: Implement v2 SEIPD.crypto-refresh
Diffstat (limited to 'openpgp/src/serialize')
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 48 |
1 files changed, 30 insertions, 18 deletions
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index a83b303c..4437d673 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -2900,10 +2900,6 @@ impl<'a, 'b> Encryptor2<'a, 'b> { /// message.finalize()?; /// # Ok(()) } /// ``` - // Function hidden from the public API due to - // https://gitlab.com/sequoia-pgp/sequoia/-/issues/550 - // It is used only for tests so that it does not bit-rot. - #[cfg(test)] pub fn aead_algo(mut self, algo: AEADAlgorithm) -> Self { self.aead_algo = Some(algo); self @@ -2957,19 +2953,26 @@ impl<'a, 'b> Encryptor2<'a, 'b> { ).into()); } + // XXX autodetect v6 + if ! self.recipients.is_empty() + && self.recipients.iter().all(|r| r.key.version() == 6) + { + self.aead_algo = Some(AEADAlgorithm::const_default()); + } + struct AEADParameters { algo: AEADAlgorithm, chunk_size: usize, - nonce: Box<[u8]>, + salt: [u8; 32], } let aead = if let Some(algo) = self.aead_algo { - let mut nonce = vec![0; algo.nonce_size()?]; - crypto::random(&mut nonce); + let mut salt = [0u8; 32]; + crypto::random(&mut salt); Some(AEADParameters { algo, chunk_size: Self::AEAD_CHUNK_SIZE, - nonce: nonce.into_boxed_slice(), + salt, }) } else { None @@ -3023,25 +3026,27 @@ impl<'a, 'b> Encryptor2<'a, 'b> { if let Some(aead) = aead { // Write the AED packet. - CTB::new(Tag::AED).serialize(&mut inner)?; + CTB::new(Tag::SEIP).serialize(&mut inner)?; let mut inner = PartialBodyFilter::new(Message::from(inner), Cookie::new(level)); - let aed = AED1::new(self.sym_algo, aead.algo, - aead.chunk_size as u64, aead.nonce)?; - aed.serialize_headers(&mut inner)?; + let seip = SEIP2::new(self.sym_algo, aead.algo, + aead.chunk_size as u64, aead.salt)?; + seip.serialize_headers(&mut inner)?; - use crate::crypto::aead::AEDv1Schedule; - let schedule = AEDv1Schedule::new( - aed.symmetric_algo(), aed.aead(), aead.chunk_size, aed.iv())?; + use crate::crypto::aead::SEIPv2Schedule; + let (message_key, schedule) = SEIPv2Schedule::new( + &sk, + seip.symmetric_algo(), seip.aead(), aead.chunk_size, + seip.salt())?; writer::AEADEncryptor::new( inner, Cookie::new(level), - aed.symmetric_algo(), - aed.aead(), + seip.symmetric_algo(), + seip.aead(), aead.chunk_size, schedule, - sk, + message_key, ) } else { // Write the SEIP packet. @@ -3669,6 +3674,12 @@ mod test { } fn test_aead_messages(algo: AEADAlgorithm) -> Result<()> { + test_aead_messages_v(algo, 4)?; + test_aead_messages_v(algo, 6)?; + Ok(()) + } + + fn test_aead_messages_v(algo: AEADAlgorithm, cert_version: u8) -> Result<()> { if ! algo.is_supported() { eprintln!("Skipping because {} is not supported.", algo); return Ok(()); @@ -3707,6 +3718,7 @@ mod test { let (tsk, _) = CertBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) + .set_version(cert_version)? .add_transport_encryption_subkey() .generate().unwrap(); |