summaryrefslogtreecommitdiffstats
path: root/openpgp/src
diff options
context:
space:
mode:
Diffstat (limited to 'openpgp/src')
-rw-r--r--openpgp/src/crypto/aead.rs2
-rw-r--r--openpgp/src/crypto/backend/botan.rs2
-rw-r--r--openpgp/src/crypto/backend/botan/aead.rs1
-rw-r--r--openpgp/src/crypto/backend/cng.rs7
-rw-r--r--openpgp/src/crypto/backend/cng/aead.rs109
-rw-r--r--openpgp/src/crypto/backend/nettle.rs13
-rw-r--r--openpgp/src/crypto/backend/nettle/aead.rs46
-rw-r--r--openpgp/src/crypto/backend/openssl.rs21
-rw-r--r--openpgp/src/crypto/backend/openssl/aead.rs34
-rw-r--r--openpgp/src/crypto/backend/rust.rs15
-rw-r--r--openpgp/src/crypto/backend/rust/aead.rs98
-rw-r--r--openpgp/src/policy.rs3
-rw-r--r--openpgp/src/serialize/stream.rs5
-rw-r--r--openpgp/src/types/mod.rs11
14 files changed, 344 insertions, 23 deletions
diff --git a/openpgp/src/crypto/aead.rs b/openpgp/src/crypto/aead.rs
index 686cd18d..b6fcc578 100644
--- a/openpgp/src/crypto/aead.rs
+++ b/openpgp/src/crypto/aead.rs
@@ -81,6 +81,7 @@ impl AEADAlgorithm {
EAX => Ok(16),
// According to RFC4880bis, Section 5.16.2.
OCB => Ok(16),
+ GCM => Ok(16),
_ => Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
@@ -95,6 +96,7 @@ impl AEADAlgorithm {
// least 15 octets long". GnuPG hardcodes 15 in
// openpgp_aead_algo_info.
OCB => Ok(15),
+ GCM => Ok(12),
_ => Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
diff --git a/openpgp/src/crypto/backend/botan.rs b/openpgp/src/crypto/backend/botan.rs
index 02ec4268..975d6196 100644
--- a/openpgp/src/crypto/backend/botan.rs
+++ b/openpgp/src/crypto/backend/botan.rs
@@ -61,7 +61,7 @@ impl AEADAlgorithm {
pub(crate) fn is_supported_by_backend(&self) -> bool {
use self::AEADAlgorithm::*;
match &self {
- EAX | OCB
+ EAX | OCB | GCM
=> true,
Private(_) | Unknown(_)
=> false,
diff --git a/openpgp/src/crypto/backend/botan/aead.rs b/openpgp/src/crypto/backend/botan/aead.rs
index c7f4bbf2..90db20d6 100644
--- a/openpgp/src/crypto/backend/botan/aead.rs
+++ b/openpgp/src/crypto/backend/botan/aead.rs
@@ -33,6 +33,7 @@ impl AEADAlgorithm {
match self {
AEADAlgorithm::EAX => Ok("EAX"),
AEADAlgorithm::OCB => Ok("OCB"),
+ AEADAlgorithm::GCM => Ok("GCM"),
_ => Err(Error::UnsupportedAEADAlgorithm(self).into()),
}
}
diff --git a/openpgp/src/crypto/backend/cng.rs b/openpgp/src/crypto/backend/cng.rs
index 607b0414..3ded3f5b 100644
--- a/openpgp/src/crypto/backend/cng.rs
+++ b/openpgp/src/crypto/backend/cng.rs
@@ -61,9 +61,10 @@ impl AEADAlgorithm {
pub(crate) fn is_supported_by_backend(&self) -> bool {
use self::AEADAlgorithm::*;
match &self {
- EAX
- => true,
- OCB | Private(_) | Unknown(_)
+ EAX => true,
+ OCB => false,
+ GCM => true,
+ Private(_) | Unknown(_)
=> false,
}
}
diff --git a/openpgp/src/crypto/backend/cng/aead.rs b/openpgp/src/crypto/backend/cng/aead.rs
index 9659812f..6ca59472 100644
--- a/openpgp/src/crypto/backend/cng/aead.rs
+++ b/openpgp/src/crypto/backend/cng/aead.rs
@@ -1,5 +1,5 @@
//! Implementation of AEAD using Windows CNG API.
-use std::cmp::Ordering;
+use std::cmp::{self, Ordering};
use crate::{Error, Result};
use crate::crypto::aead::{Aead, CipherOp};
@@ -8,8 +8,8 @@ use crate::seal;
use crate::types::{AEADAlgorithm, SymmetricAlgorithm};
use cipher::generic_array::{GenericArray, ArrayLength};
-use cipher::generic_array::typenum::{U16, U128, U192, U256};
-use cipher::Unsigned;
+use cipher::generic_array::typenum::{U12, U16, U128, U192, U256};
+use cipher::{BlockCipher, BlockEncrypt, BlockSizeUser, KeyInit, Unsigned};
use eax::online::{Eax, Encrypt, Decrypt};
use win_crypto_ng::symmetric::{BlockCipherKey, Aes};
@@ -106,19 +106,60 @@ impl AEADAlgorithm {
},
_ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
},
- _ => Err(Error::UnsupportedAEADAlgorithm(self.clone()).into()),
+
+ AEADAlgorithm::OCB =>
+ Err(Error::UnsupportedAEADAlgorithm(*self).into()),
+
+ AEADAlgorithm::GCM => {
+ use aes_gcm::{AesGcm, Nonce};
+ match sym_algo {
+ SymmetricAlgorithm::AES128 => {
+ let nonce = Nonce::try_from_slice(nonce)?;
+ let cipher =
+ AesGcm::<BlockCipherKey<Aes, U128>, U12>::new_from_slice(key)?;
+ Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() }))
+ },
+ SymmetricAlgorithm::AES192 => {
+ let nonce = Nonce::try_from_slice(nonce)?;
+ let cipher =
+ AesGcm::<BlockCipherKey<Aes, U192>, U12>::new_from_slice(key)?;
+ Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() }))
+ },
+ SymmetricAlgorithm::AES256 => {
+ let nonce = Nonce::try_from_slice(nonce)?;
+ let cipher =
+ AesGcm::<BlockCipherKey<Aes, U256>, U12>::new_from_slice(key)?;
+ Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() }))
+ },
+ | SymmetricAlgorithm::IDEA
+ | SymmetricAlgorithm::TripleDES
+ | SymmetricAlgorithm::CAST5
+ | SymmetricAlgorithm::Blowfish
+ | SymmetricAlgorithm::Twofish
+ | SymmetricAlgorithm::Camellia128
+ | SymmetricAlgorithm::Camellia192
+ | SymmetricAlgorithm::Camellia256
+ | SymmetricAlgorithm::Private(_)
+ | SymmetricAlgorithm::Unknown(_)
+ | SymmetricAlgorithm::Unencrypted =>
+ Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
+ }
+ },
+
+ AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) =>
+ Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
}
-type EaxTagLen = U16;
+type TagLen = U16;
macro_rules! impl_aead {
($($type: ty),*) => {
$(
- impl Aead for Eax<$type, Encrypt, EaxTagLen> {
+ impl Aead for Eax<$type, Encrypt, TagLen> {
fn digest_size(&self) -> usize {
- EaxTagLen::USIZE
+ TagLen::USIZE
}
fn encrypt_seal(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
debug_assert_eq!(dst.len(), src.len() + self.digest_size());
@@ -139,7 +180,7 @@ macro_rules! impl_aead {
$(
impl Aead for Eax<$type, Decrypt> {
fn digest_size(&self) -> usize {
- EaxTagLen::USIZE
+ TagLen::USIZE
}
fn encrypt_seal(&mut self, _dst: &mut [u8], _src: &[u8]) -> Result<()> {
panic!("AEAD encryption called in the decryption context")
@@ -171,3 +212,55 @@ macro_rules! impl_aead {
}
impl_aead!(BlockCipherKey<Aes, U128>, BlockCipherKey<Aes, U192>, BlockCipherKey<Aes, U256>);
+
+struct Gcm<Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt> {
+ cipher: aes_gcm::AesGcm<Cipher, U12>,
+ nonce: GenericArray<u8, U12>,
+ aad: Vec<u8>,
+}
+
+impl<Cipher> Aead for Gcm<Cipher>
+where
+ Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt,
+{
+ fn digest_size(&self) -> usize {
+ TagLen::USIZE
+ }
+
+ fn encrypt_seal(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
+ debug_assert_eq!(dst.len(), src.len() + self.digest_size());
+ use aes_gcm::AeadInPlace;
+
+ let len = cmp::min(dst.len(), src.len());
+ dst[..len].copy_from_slice(&src[..len]);
+ let tag =
+ self.cipher.encrypt_in_place_detached(&self.nonce, &self.aad,
+ &mut dst[..len])?;
+ debug_assert_eq!(dst[len..].len(), tag.len());
+ let tag_len = cmp::min(dst[len..].len(), tag.len());
+ dst[len..len + tag_len].copy_from_slice(&tag[..tag_len]);
+ Ok(())
+ }
+
+ fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
+ debug_assert_eq!(dst.len() + self.digest_size(), src.len());
+ use aes_gcm::AeadInPlace;
+
+ // Split src into ciphertext and digest.
+ let len = src.len().saturating_sub(self.digest_size());
+ let digest = &src[len..];
+ let src = &src[..len];
+
+ debug_assert_eq!(dst.len(), src.len());
+ let len = core::cmp::min(dst.len(), src.len());
+ dst[..len].copy_from_slice(&src[..len]);
+ self.cipher.decrypt_in_place_detached(&self.nonce, &self.aad, dst,
+ digest.try_into()?)?;
+ Ok(())
+ }
+}
+
+impl<'a, Cipher> seal::Sealed for Gcm<Cipher>
+where
+ Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt,
+{}
diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs
index 62c62f4b..7109fa3a 100644
--- a/openpgp/src/crypto/backend/nettle.rs
+++ b/openpgp/src/crypto/backend/nettle.rs
@@ -68,6 +68,8 @@ impl AEADAlgorithm {
=> true,
OCB
=> nettle::aead::OCB_IS_SUPPORTED,
+ GCM
+ => true,
Private(_) | Unknown(_)
=> false,
}
@@ -98,6 +100,17 @@ impl AEADAlgorithm {
SymmetricAlgorithm::Camellia256 => true,
_ => false,
},
+ AEADAlgorithm::GCM =>
+ match algo {
+ SymmetricAlgorithm::AES128 |
+ SymmetricAlgorithm::AES192 |
+ SymmetricAlgorithm::AES256 |
+ SymmetricAlgorithm::Twofish |
+ SymmetricAlgorithm::Camellia128 |
+ SymmetricAlgorithm::Camellia192 |
+ SymmetricAlgorithm::Camellia256 => true,
+ _ => false,
+ },
_ => false
}
}
diff --git a/openpgp/src/crypto/backend/nettle/aead.rs b/openpgp/src/crypto/backend/nettle/aead.rs
index 76303715..c44defb3 100644
--- a/openpgp/src/crypto/backend/nettle/aead.rs
+++ b/openpgp/src/crypto/backend/nettle/aead.rs
@@ -164,6 +164,52 @@ impl AEADAlgorithm {
_ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
},
+ AEADAlgorithm::GCM => match sym_algo {
+ SymmetricAlgorithm::AES128 => {
+ let mut ctx =
+ aead::Gcm::<cipher::Aes128>::with_key_and_nonce(key, nonce)?;
+ ctx.update(aad);
+ Ok(Box::new(ctx))
+ },
+ SymmetricAlgorithm::AES192 => {
+ let mut ctx =
+ aead::Gcm::<cipher::Aes192>::with_key_and_nonce(key, nonce)?;
+ ctx.update(aad);
+ Ok(Box::new(ctx))
+ },
+ SymmetricAlgorithm::AES256 => {
+ let mut ctx =
+ aead::Gcm::<cipher::Aes256>::with_key_and_nonce(key, nonce)?;
+ ctx.update(aad);
+ Ok(Box::new(ctx))
+ },
+ SymmetricAlgorithm::Twofish => {
+ let mut ctx =
+ aead::Gcm::<cipher::Twofish>::with_key_and_nonce(key, nonce)?;
+ ctx.update(aad);
+ Ok(Box::new(ctx))
+ },
+ SymmetricAlgorithm::Camellia128 => {
+ let mut ctx =
+ aead::Gcm::<cipher::Camellia128>::with_key_and_nonce(key, nonce)?;
+ ctx.update(aad);
+ Ok(Box::new(ctx))
+ },
+ SymmetricAlgorithm::Camellia192 => {
+ let mut ctx =
+ aead::Gcm::<cipher::Camellia192>::with_key_and_nonce(key, nonce)?;
+ ctx.update(aad);
+ Ok(Box::new(ctx))
+ },
+ SymmetricAlgorithm::Camellia256 => {
+ let mut ctx =
+ aead::Gcm::<cipher::Camellia256>::with_key_and_nonce(key, nonce)?;
+ ctx.update(aad);
+ Ok(Box::new(ctx))
+ },
+ _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
+ },
+
_ => Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
diff --git a/openpgp/src/crypto/backend/openssl.rs b/openpgp/src/crypto/backend/openssl.rs
index 4923fc79..1c077cf2 100644
--- a/openpgp/src/crypto/backend/openssl.rs
+++ b/openpgp/src/crypto/backend/openssl.rs
@@ -65,12 +65,19 @@ impl AEADAlgorithm {
}
pub(crate) fn is_supported_by_backend(&self) -> bool {
- *self == AEADAlgorithm::OCB
+ match self {
+ AEADAlgorithm::EAX => false,
+ AEADAlgorithm::OCB => true,
+ AEADAlgorithm::GCM => true,
+ AEADAlgorithm::Private(_) |
+ AEADAlgorithm::Unknown(_) => false,
+ }
}
#[cfg(test)]
pub(crate) fn supports_symmetric_algo(&self, algo: &SymmetricAlgorithm) -> bool {
match &self {
+ AEADAlgorithm::EAX => false,
AEADAlgorithm::OCB =>
match algo {
// OpenSSL supports OCB only with AES
@@ -80,7 +87,17 @@ impl AEADAlgorithm {
SymmetricAlgorithm::AES256 => true,
_ => false,
},
- _ => false
+ AEADAlgorithm::GCM =>
+ match algo {
+ // OpenSSL supports GCM only with AES
+ // see: https://wiki.openssl.org/index.php/GCM
+ SymmetricAlgorithm::AES128 |
+ SymmetricAlgorithm::AES192 |
+ SymmetricAlgorithm::AES256 => true,
+ _ => false,
+ },
+ AEADAlgorithm::Private(_) |
+ AEADAlgorithm::Unknown(_) => false,
}
}
}
diff --git a/openpgp/src/crypto/backend/openssl/aead.rs b/openpgp/src/crypto/backend/openssl/aead.rs
index cf68fa66..84ce3c7e 100644
--- a/openpgp/src/crypto/backend/openssl/aead.rs
+++ b/openpgp/src/crypto/backend/openssl/aead.rs
@@ -94,7 +94,39 @@ impl AEADAlgorithm {
ctx,
digest_size: self.digest_size()?,
}))
- }
+ },
+ AEADAlgorithm::GCM => {
+ let cipher = match sym_algo {
+ SymmetricAlgorithm::AES128 => Cipher::aes_128_gcm(),
+ SymmetricAlgorithm::AES192 => Cipher::aes_192_gcm(),
+ SymmetricAlgorithm::AES256 => Cipher::aes_256_gcm(),
+ _ => return Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
+ };
+ let mut ctx = CipherCtx::new()?;
+ match op {
+ CipherOp::Encrypt =>
+ ctx.encrypt_init(Some(cipher), Some(key), None)?,
+
+ CipherOp::Decrypt =>
+ ctx.decrypt_init(Some(cipher), Some(key), None)?,
+ }
+ // We have to set the IV length before supplying the
+ // IV. Otherwise, it will be silently truncated.
+ ctx.set_iv_length(self.nonce_size()?)?;
+ match op {
+ CipherOp::Encrypt =>
+ ctx.encrypt_init(None, None, Some(nonce))?,
+
+ CipherOp::Decrypt =>
+ ctx.decrypt_init(None, None, Some(nonce))?,
+ }
+ ctx.set_padding(false);
+ ctx.cipher_update(aad, None)?;
+ Ok(Box::new(OpenSslContext {
+ ctx,
+ digest_size: self.digest_size()?,
+ }))
+ },
_ => Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
diff --git a/openpgp/src/crypto/backend/rust.rs b/openpgp/src/crypto/backend/rust.rs
index 0be0ea2e..8dd85559 100644
--- a/openpgp/src/crypto/backend/rust.rs
+++ b/openpgp/src/crypto/backend/rust.rs
@@ -102,9 +102,10 @@ impl AEADAlgorithm {
pub(crate) fn is_supported_by_backend(&self) -> bool {
use self::AEADAlgorithm::*;
match &self {
- EAX
- => true,
- OCB | Private(_) | Unknown(_)
+ EAX => true,
+ OCB => false,
+ GCM => true,
+ Private(_) | Unknown(_)
=> false,
}
}
@@ -124,6 +125,14 @@ impl AEADAlgorithm {
SymmetricAlgorithm::Camellia256 => true,
_ => false,
},
+
+ AEADAlgorithm::GCM =>
+ match algo {
+ SymmetricAlgorithm::AES128 |
+ SymmetricAlgorithm::AES192 |
+ SymmetricAlgorithm::AES256 => true,
+ _ => false,
+ },
_ => false
}
}
diff --git a/openpgp/src/crypto/backend/rust/aead.rs b/openpgp/src/crypto/backend/rust/aead.rs
index e306c8a1..248b5cb7 100644
--- a/openpgp/src/crypto/backend/rust/aead.rs
+++ b/openpgp/src/crypto/backend/rust/aead.rs
@@ -3,8 +3,8 @@
use std::cmp;
use std::cmp::Ordering;
-use cipher::{BlockCipher, BlockEncrypt, KeyInit, Unsigned};
-use cipher::consts::U16;
+use cipher::{BlockCipher, BlockEncrypt, BlockSizeUser, KeyInit, Unsigned};
+use cipher::consts::{U12, U16};
use eax::online::{Eax, Encrypt, Decrypt};
use generic_array::GenericArray;
@@ -87,6 +87,58 @@ where
Op: eax::online::CipherOp,
{}
+struct Gcm<Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt> {
+ cipher: aes_gcm::AesGcm<Cipher, U12>,
+ nonce: GenericArray<u8, U12>,
+ aad: Vec<u8>,
+}
+
+impl<Cipher> Aead for Gcm<Cipher>
+where
+ Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt,
+{
+ fn digest_size(&self) -> usize {
+ TagLen::USIZE
+ }
+
+ fn encrypt_seal(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
+ debug_assert_eq!(dst.len(), src.len() + self.digest_size());
+ use aes_gcm::AeadInPlace;
+
+ let len = cmp::min(dst.len(), src.len());
+ dst[..len].copy_from_slice(&src[..len]);
+ let tag =
+ self.cipher.encrypt_in_place_detached(&self.nonce, &self.aad,
+ &mut dst[..len])?;
+ debug_assert_eq!(dst[len..].len(), tag.len());
+ let tag_len = cmp::min(dst[len..].len(), tag.len());
+ dst[len..len + tag_len].copy_from_slice(&tag[..tag_len]);
+ Ok(())
+ }
+
+ fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
+ debug_assert_eq!(dst.len() + self.digest_size(), src.len());
+ use aes_gcm::AeadInPlace;
+
+ // Split src into ciphertext and digest.
+ let len = src.len().saturating_sub(self.digest_size());
+ let digest = &src[len..];
+ let src = &src[..len];
+
+ debug_assert_eq!(dst.len(), src.len());
+ let len = core::cmp::min(dst.len(), src.len());
+ dst[..len].copy_from_slice(&src[..len]);
+ self.cipher.decrypt_in_place_detached(&self.nonce, &self.aad, dst,
+ digest.try_into()?)?;
+ Ok(())
+ }
+}
+
+impl<'a, Cipher> seal::Sealed for Gcm<Cipher>
+where
+ Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt,
+{}
+
impl AEADAlgorithm {
pub(crate) fn context(
&self,
@@ -165,7 +217,47 @@ impl AEADAlgorithm {
| SymmetricAlgorithm::Unencrypted =>
Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
},
- AEADAlgorithm::OCB | AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) =>
+
+ AEADAlgorithm::OCB =>
+ Err(Error::UnsupportedAEADAlgorithm(*self).into()),
+
+ AEADAlgorithm::GCM => {
+ use aes_gcm::{AesGcm, Nonce};
+ match sym_algo {
+ SymmetricAlgorithm::AES128 => {
+ let nonce = Nonce::try_from_slice(nonce)?;
+ let cipher =
+ AesGcm::<aes::Aes128, U12>::new_from_slice(key)?;
+ Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() }))
+ },
+ SymmetricAlgorithm::AES192 => {
+ let nonce = Nonce::try_from_slice(nonce)?;
+ let cipher =
+ AesGcm::<aes::Aes192, U12>::new_from_slice(key)?;
+ Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() }))
+ },
+ SymmetricAlgorithm::AES256 => {
+ let nonce = Nonce::try_from_slice(nonce)?;
+ let cipher =
+ AesGcm::<aes::Aes256, U12>::new_from_slice(key)?;
+ Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() }))
+ },
+ | SymmetricAlgorithm::IDEA
+ | SymmetricAlgorithm::TripleDES
+ | SymmetricAlgorithm::CAST5
+ | SymmetricAlgorithm::Blowfish
+ | SymmetricAlgorithm::Twofish
+ | SymmetricAlgorithm::Camellia128
+ | SymmetricAlgorithm::Camellia192
+ | SymmetricAlgorithm::Camellia256
+ | SymmetricAlgorithm::Private(_)
+ | SymmetricAlgorithm::Unknown(_)
+ | SymmetricAlgorithm::Unencrypted =>
+ Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
+ }
+ },
+
+ AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) =>
Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs
index e91a6c0e..a75cb4f1 100644
--- a/openpgp/src/policy.rs
+++ b/openpgp/src/policy.rs
@@ -741,11 +741,12 @@ a_cutoff_list!(SymmetricAlgorithmCutoffList, SymmetricAlgorithm, 14,
ACCEPT, // 13. Camellia256.
]);
-a_cutoff_list!(AEADAlgorithmCutoffList, AEADAlgorithm, 3,
+a_cutoff_list!(AEADAlgorithmCutoffList, AEADAlgorithm, 4,
[
REJECT, // 0. Reserved.
ACCEPT, // 1. EAX.
ACCEPT, // 2. OCB.
+ ACCEPT, // 3. GCM.
]);
a_versioned_cutoff_list!(PacketTagCutoffList, Tag, 21,
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs
index a8d139e1..961b7a42 100644
--- a/openpgp/src/serialize/stream.rs
+++ b/openpgp/src/serialize/stream.rs
@@ -3412,6 +3412,11 @@ mod test {
test_aead_messages(AEADAlgorithm::OCB)
}
+ #[test]
+ fn aead_gcm() -> Result<()> {
+ test_aead_messages(AEADAlgorithm::GCM)
+ }
+
fn test_aead_messages(algo: AEADAlgorithm) -> Result<()> {
if ! algo.is_supported() {
eprintln!("Skipping because {} is not supported.", algo);
diff --git a/openpgp/src/types/mod.rs b/openpgp/src/types/mod.rs
index 76c0494b..64fd174e 100644
--- a/openpgp/src/types/mod.rs
+++ b/openpgp/src/types/mod.rs
@@ -965,6 +965,8 @@ pub enum AEADAlgorithm {
EAX,
/// OCB mode.
OCB,
+ /// Galois/Counter mode.
+ GCM,
/// Private algorithm identifier.
Private(u8),
/// Unknown algorithm identifier.
@@ -972,9 +974,10 @@ pub enum AEADAlgorithm {
}
assert_send_and_sync!(AEADAlgorithm);
-const AEAD_ALGORITHM_VARIANTS: [AEADAlgorithm; 2] = [
+const AEAD_ALGORITHM_VARIANTS: [AEADAlgorithm; 3] = [
AEADAlgorithm::EAX,
AEADAlgorithm::OCB,
+ AEADAlgorithm::GCM,
];
impl AEADAlgorithm {
@@ -1007,6 +1010,7 @@ impl From<u8> for AEADAlgorithm {
match u {
1 => AEA