From 31564c1c6e5b5ff4ff3596bb755ba2f7395f83df Mon Sep 17 00:00:00 2001 From: Wiktor Kwapisiewicz Date: Fri, 28 Oct 2022 12:25:07 +0200 Subject: openpgp: Check for supported AEAD ciphersuite in tests. - Previously the AEAD roundtrip test checked supported symmetric ciphers and AEAD algorithms separately but only certain combinations of them are valid in some libraries. - See: https://openpgp-wg.gitlab.io/rfc4880bis/#name-preferred-aead-ciphersuites --- openpgp/src/crypto/aead.rs | 9 +-------- openpgp/src/crypto/backend/cng.rs | 18 ++++++++++++++++++ openpgp/src/crypto/backend/nettle.rs | 18 ++++++++++++++++++ openpgp/src/crypto/backend/rust.rs | 19 +++++++++++++++++++ 4 files changed, 56 insertions(+), 8 deletions(-) (limited to 'openpgp/src/crypto') diff --git a/openpgp/src/crypto/aead.rs b/openpgp/src/crypto/aead.rs index 6b35fec1..43a1aaad 100644 --- a/openpgp/src/crypto/aead.rs +++ b/openpgp/src/crypto/aead.rs @@ -832,17 +832,10 @@ mod tests { .iter() .filter(|algo| algo.is_supported()) { - if cfg!(feature = "crypto-rust") - && sym_algo == &SymmetricAlgorithm::Twofish { - eprintln!("XXX: Skipping Twofish until Twofish \ - implements Clone"); - continue; - } - for aead in [ AEADAlgorithm::EAX, AEADAlgorithm::OCB, - ].iter().filter(|algo| algo.is_supported()) { + ].iter().filter(|algo| algo.is_supported() && algo.supports_symmetric_algo(sym_algo)) { let chunk_size = 64; let mut key = vec![0; sym_algo.key_size().unwrap()]; crate::crypto::random(&mut key); diff --git a/openpgp/src/crypto/backend/cng.rs b/openpgp/src/crypto/backend/cng.rs index b2a47e74..607b0414 100644 --- a/openpgp/src/crypto/backend/cng.rs +++ b/openpgp/src/crypto/backend/cng.rs @@ -67,4 +67,22 @@ impl AEADAlgorithm { => false, } } + + #[cfg(test)] + pub(crate) fn supports_symmetric_algo(&self, algo: &SymmetricAlgorithm) -> bool { + match &self { + AEADAlgorithm::EAX => + match algo { + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 | + SymmetricAlgorithm::Twofish | + SymmetricAlgorithm::Camellia128 | + SymmetricAlgorithm::Camellia192 | + SymmetricAlgorithm::Camellia256 => true, + _ => false, + }, + _ => false + } + } } diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs index 716ec5e1..d2197493 100644 --- a/openpgp/src/crypto/backend/nettle.rs +++ b/openpgp/src/crypto/backend/nettle.rs @@ -66,4 +66,22 @@ impl AEADAlgorithm { => false, } } + + #[cfg(test)] + pub(crate) fn supports_symmetric_algo(&self, algo: &SymmetricAlgorithm) -> bool { + match &self { + AEADAlgorithm::EAX => + match algo { + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 | + SymmetricAlgorithm::Twofish | + SymmetricAlgorithm::Camellia128 | + SymmetricAlgorithm::Camellia192 | + SymmetricAlgorithm::Camellia256 => true, + _ => false, + }, + _ => false + } + } } diff --git a/openpgp/src/crypto/backend/rust.rs b/openpgp/src/crypto/backend/rust.rs index 61784b2c..7fe567ef 100644 --- a/openpgp/src/crypto/backend/rust.rs +++ b/openpgp/src/crypto/backend/rust.rs @@ -73,4 +73,23 @@ impl AEADAlgorithm { => false, } } + + #[cfg(test)] + pub(crate) fn supports_symmetric_algo(&self, algo: &SymmetricAlgorithm) -> bool { + match &self { + AEADAlgorithm::EAX => + match algo { + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 | + // XXX: Skipping Twofish until Twofish implements Clone + // SymmetricAlgorithm::Twofish | + SymmetricAlgorithm::Camellia128 | + SymmetricAlgorithm::Camellia192 | + SymmetricAlgorithm::Camellia256 => true, + _ => false, + }, + _ => false + } + } } -- cgit v1.2.3