From ca7e16e8aad5c77445905c088cedf41c881552a8 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Mon, 15 Aug 2022 12:20:28 +0200 Subject: openpgp: Avoid hardcoding EAX for memory encryption. - Previously, we used EAX for memory encryption because it was supported by all cryptographic backends. However, this is problematic for OpenSSL, which doesn't support EAX. - Instead, have the backends provide a default algorithm to use that they support. --- openpgp/src/crypto/backend/cng.rs | 9 +++++++++ openpgp/src/crypto/backend/nettle.rs | 9 +++++++++ openpgp/src/crypto/backend/rust.rs | 9 +++++++++ openpgp/src/crypto/mem.rs | 2 +- 4 files changed, 28 insertions(+), 1 deletion(-) (limited to 'openpgp/src') diff --git a/openpgp/src/crypto/backend/cng.rs b/openpgp/src/crypto/backend/cng.rs index 89f56e31..b2a47e74 100644 --- a/openpgp/src/crypto/backend/cng.rs +++ b/openpgp/src/crypto/backend/cng.rs @@ -49,6 +49,15 @@ impl Curve { } impl AEADAlgorithm { + /// Returns the best AEAD mode supported by the backend. + /// + /// This SHOULD return OCB, which is the mandatory-to-implement + /// algorithm and the most performing one, but fall back to any + /// supported algorithm. + pub(crate) const fn const_default() -> AEADAlgorithm { + AEADAlgorithm::EAX + } + pub(crate) fn is_supported_by_backend(&self) -> bool { use self::AEADAlgorithm::*; match &self { diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs index 3de8a6a9..716ec5e1 100644 --- a/openpgp/src/crypto/backend/nettle.rs +++ b/openpgp/src/crypto/backend/nettle.rs @@ -48,6 +48,15 @@ impl Curve { } impl AEADAlgorithm { + /// Returns the best AEAD mode supported by the backend. + /// + /// This SHOULD return OCB, which is the mandatory-to-implement + /// algorithm and the most performing one, but fall back to any + /// supported algorithm. + pub(crate) const fn const_default() -> AEADAlgorithm { + AEADAlgorithm::EAX + } + pub(crate) fn is_supported_by_backend(&self) -> bool { use self::AEADAlgorithm::*; match &self { diff --git a/openpgp/src/crypto/backend/rust.rs b/openpgp/src/crypto/backend/rust.rs index dc4773ed..61784b2c 100644 --- a/openpgp/src/crypto/backend/rust.rs +++ b/openpgp/src/crypto/backend/rust.rs @@ -55,6 +55,15 @@ impl Curve { } impl AEADAlgorithm { + /// Returns the best AEAD mode supported by the backend. + /// + /// This SHOULD return OCB, which is the mandatory-to-implement + /// algorithm and the most performing one, but fall back to any + /// supported algorithm. + pub(crate) const fn const_default() -> AEADAlgorithm { + AEADAlgorithm::EAX + } + pub(crate) fn is_supported_by_backend(&self) -> bool { use self::AEADAlgorithm::*; match &self { diff --git a/openpgp/src/crypto/mem.rs b/openpgp/src/crypto/mem.rs index af7c5cfa..9af1936c 100644 --- a/openpgp/src/crypto/mem.rs +++ b/openpgp/src/crypto/mem.rs @@ -269,7 +269,7 @@ mod has_access_to_prekey { // algorithms MUST be supported by the cryptographic library. const HASH_ALGO: HashAlgorithm = HashAlgorithm::SHA256; const SYMMETRIC_ALGO: SymmetricAlgorithm = SymmetricAlgorithm::AES256; - const AEAD_ALGO: AEADAlgorithm = AEADAlgorithm::EAX; + const AEAD_ALGO: AEADAlgorithm = AEADAlgorithm::const_default(); impl Encrypted { /// Computes the sealing key used to encrypt the memory. -- cgit v1.2.3