diff options
| author | Werner Koch <wk@gnupg.org> | 2018-01-23 12:07:25 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2018-01-23 12:07:57 +0100 |
| commit | 9aab9167bca38323973e853845ca95ae8e9b6871 (patch) | |
| tree | f06594e52ed3722b0cc37979c7d6d3829dcb0d96 /g10/packet.h | |
| parent | gpg: Unify AEAD parameter retrieval. (diff) | |
| download | gnupg2-9aab9167bca38323973e853845ca95ae8e9b6871.tar.xz gnupg2-9aab9167bca38323973e853845ca95ae8e9b6871.zip | |
gpg: Implement AEAD for SKESK packets.
* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD. Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.
* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--
For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/packet.h')
| -rw-r--r-- | g10/packet.h | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/g10/packet.h b/g10/packet.h index 4d155746e..4f4569f66 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -94,12 +94,14 @@ typedef struct /* A symmetric-key encrypted session key packet as defined in RFC 4880, Section 5.3. All fields are serialized. */ typedef struct { - /* RFC 4880: this must be 4. */ + /* We support version 4 (rfc4880) and 5 (rfc4880bis). */ byte version; - /* The cipher algorithm used to encrypt the session key. (This may - be different from the algorithm that is used to encrypt the SED - packet.) */ + /* The cipher algorithm used to encrypt the session key. Note that + * this may be different from the algorithm that is used to encrypt + * bulk data. */ byte cipher_algo; + /* The AEAD algorithm or 0 for CFB encryption. */ + byte aead_algo; /* The string-to-key specifier. */ STRING2KEY s2k; /* The length of SESKEY in bytes or 0 if this packet does not @@ -107,7 +109,8 @@ typedef struct { S2K function on the password is the session key. See RFC 4880, Section 5.3.) */ byte seskeylen; - /* The session key as encrypted by the S2K specifier. */ + /* The session key as encrypted by the S2K specifier. For AEAD this + * includes the nonce and the authentication tag. */ byte seskey[1]; } PKT_symkey_enc; |