diff options
| author | Werner Koch <wk@gnupg.org> | 2018-01-10 11:42:38 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2018-01-10 11:51:03 +0100 |
| commit | 8217cd49364b9f81b390f7ca6a608dd946f93efc (patch) | |
| tree | cd6d10a7d9d9db4af692c9d67ec359cabff5a6b9 /g10/keygen.c | |
| parent | doc: Include NEWS from 2.2.4 (diff) | |
| download | gnupg2-8217cd49364b9f81b390f7ca6a608dd946f93efc.tar.xz gnupg2-8217cd49364b9f81b390f7ca6a608dd946f93efc.zip | |
gpg: Add option and preference framework for AEAD.
* common/openpgpdefs.h (aead_algo_t): New.
(SIGSUBPKT_PREF_AEAD): New.
* g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
(opts): New options --aead-algo and --personal-aead-preferences.
(set_compliance_option): Clar aead algo.
(main): Parse and check the new options
* g10/options.h (struct opt): Add fields def_aead_algo and
personal_aead_prefs.
* g10/packet.h (PREFTYPE_AEAD): New enum value.
(PKT_user_id): Add field flags.aead.
(PKT_public_key): Add field flags.aead.
* g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
* g10/getkey.c (fixup_uidnode): Set AEAD flag.
(merge_selfsigs): Ditto.
* g10/kbnode.c (dump_kbnode): Show aead flag.
* g10/keyedit.c (show_prefs): Ditto.
(show_key_with_all_names_colon): Ditto.
* g10/keygen.c (aead_presf, n_aead_prefs): New vars.
(set_one_pref): Suppport PREFTYPE_AEAD.
(keygen_set_std_prefs): Parse AEAD preferences.
(keygen_get_std_prefs): Ditto.
(add_feature_aead): New.
(keygen_upd_std_prefs): Call that and build AEAD pref packet.
* g10/main.h (DEFAULT_AEAD_ALGO): New const.
* g10/misc.c (openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(string_to_aead_algo): New.
(default_aead_algo): New.
--
This is only used in --rfc4880bis mode and not really tested.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/keygen.c')
| -rw-r--r-- | g10/keygen.c | 120 |
1 files changed, 112 insertions, 8 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 912fa390c..d5f778262 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -127,6 +127,9 @@ struct opaque_data_usage_and_pk { }; +/* FIXME: These globals vars are ugly. And using MAX_PREFS even for + * aeads is useless, given that we don't expects more than a very few + * algorithms. */ static int prefs_initialized = 0; static byte sym_prefs[MAX_PREFS]; static int nsym_prefs; @@ -134,7 +137,11 @@ static byte hash_prefs[MAX_PREFS]; static int nhash_prefs; static byte zip_prefs[MAX_PREFS]; static int nzip_prefs; -static int mdc_available,ks_modify; +static byte aead_prefs[MAX_PREFS]; +static int naead_prefs; +static int mdc_available; +static int ks_modify; +static int aead_available; static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, const char *algostr, const char *usagestr, @@ -326,6 +333,8 @@ set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf) log_info(_("too many digest preferences\n")); else if(type==3) log_info(_("too many compression preferences\n")); + else if(type==4) + log_info(_("too many AEAD preferences\n")); else BUG(); @@ -346,10 +355,10 @@ set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf) int keygen_set_std_prefs (const char *string,int personal) { - byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS]; - int nsym=0, nhash=0, nzip=0, val, rc=0; + byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS], aead[MAX_PREFS]; + int nsym=0, nhash=0, nzip=0, naead=0, val, rc=0; int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */ - char dummy_string[20*4+1]; /* Enough for 20 items. */ + char dummy_string[25*4+1]; /* Enough for 25 items. */ if (!string || !ascii_strcasecmp (string, "default")) { @@ -383,6 +392,11 @@ keygen_set_std_prefs (const char *string,int personal) strcat(dummy_string,"S7 "); strcat(dummy_string,"S2 "); /* 3DES */ + if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) + strcat(dummy_string,"A2 "); + if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_EAX)) + strcat(dummy_string,"A1 "); + if (personal) { /* The default internal hash algo order is: @@ -475,6 +489,11 @@ keygen_set_std_prefs (const char *string,int personal) if(set_one_pref(val,3,tok,zip,&nzip)) rc=-1; } + else if ((val=string_to_aead_algo (tok))) + { + if (set_one_pref (val, 4, tok, aead, &naead)) + rc = -1; + } else if (ascii_strcasecmp(tok,"mdc")==0) mdc=1; else if (ascii_strcasecmp(tok,"no-mdc")==0) @@ -520,6 +539,29 @@ keygen_set_std_prefs (const char *string,int personal) opt.personal_cipher_prefs[i].value = 0; } } + else if (personal == PREFTYPE_AEAD) + { + xfree(opt.personal_aead_prefs); + + if (!naead) + opt.personal_aead_prefs = NULL; + else + { + int i; + + opt.personal_aead_prefs= + xmalloc(sizeof(prefitem_t *)*(naead+1)); + + for (i=0; i<naead; i++) + { + opt.personal_aead_prefs[i].type = PREFTYPE_AEAD; + opt.personal_aead_prefs[i].value = sym[i]; + } + + opt.personal_aead_prefs[i].type = PREFTYPE_NONE; + opt.personal_aead_prefs[i].value = 0; + } + } else if(personal==PREFTYPE_HASH) { xfree(opt.personal_digest_prefs); @@ -572,7 +614,9 @@ keygen_set_std_prefs (const char *string,int personal) memcpy (sym_prefs, sym, (nsym_prefs=nsym)); memcpy (hash_prefs, hash, (nhash_prefs=nhash)); memcpy (zip_prefs, zip, (nzip_prefs=nzip)); + memcpy (aead_prefs, aead, (naead_prefs=naead)); mdc_available = mdc; + aead_available = !!naead; ks_modify = modify; prefs_initialized = 1; } @@ -581,6 +625,7 @@ keygen_set_std_prefs (const char *string,int personal) return rc; } + /* Return a fake user ID containing the preferences. Caller must free. */ PKT_user_id * @@ -594,8 +639,8 @@ keygen_get_std_prefs(void) uid->ref=1; - uid->prefs=xmalloc((sizeof(prefitem_t *)* - (nsym_prefs+nhash_prefs+nzip_prefs+1))); + uid->prefs = xmalloc ((sizeof(prefitem_t *)* + (nsym_prefs+naead_prefs+nhash_prefs+nzip_prefs+1))); for(i=0;i<nsym_prefs;i++,j++) { @@ -603,6 +648,12 @@ keygen_get_std_prefs(void) uid->prefs[j].value=sym_prefs[i]; } + for (i=0; i < naead_prefs; i++, j++) + { + uid->prefs[j].type = PREFTYPE_AEAD; + uid->prefs[j].value = aead_prefs[i]; + } + for(i=0;i<nhash_prefs;i++,j++) { uid->prefs[j].type=PREFTYPE_HASH; @@ -618,8 +669,9 @@ keygen_get_std_prefs(void) uid->prefs[j].type=PREFTYPE_NONE; uid->prefs[j].value=0; - uid->flags.mdc=mdc_available; - uid->flags.ks_modify=ks_modify; + uid->flags.mdc = mdc_available; + uid->flags.aead = aead_available; + uid->flags.ks_modify = ks_modify; return uid; } @@ -665,6 +717,49 @@ add_feature_mdc (PKT_signature *sig,int enabled) xfree (buf); } + +static void +add_feature_aead (PKT_signature *sig, int enabled) +{ + const byte *s; + size_t n; + int i; + char *buf; + + s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); + if (s && n && ((enabled && (s[0] & 0x02)) || (!enabled && !(s[0] & 0x02)))) + return; /* Already set or cleared */ + + if (!s || !n) + { /* Create a new one */ + n = 1; + buf = xmalloc_clear (n); + } + else + { + buf = xmalloc (n); + memcpy (buf, s, n); + } + + if (enabled) + buf[0] |= 0x02; /* AEAD supported */ + else + buf[0] &= ~0x02; + + /* Are there any bits set? */ + for (i=0; i < n; i++) + if (buf[i]) + break; + + if (i == n) + delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES); + else + build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n); + + xfree (buf); +} + + static void add_keyserver_modify (PKT_signature *sig,int enabled) { @@ -726,6 +821,14 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque) delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM); } + if (naead_prefs) + build_sig_subpkt (sig, SIGSUBPKT_PREF_AEAD, aead_prefs, naead_prefs); + else + { + delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_AEAD); + delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_AEAD); + } + if (nhash_prefs) build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs); else @@ -744,6 +847,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque) /* Make sure that the MDC feature flag is set if needed. */ add_feature_mdc (sig,mdc_available); + add_feature_aead (sig, aead_available); add_keyserver_modify (sig,ks_modify); keygen_add_keyserver_url(sig,NULL); |