diff options
| author | Werner Koch <[email protected]> | 2022-03-18 12:50:18 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-03-18 12:50:18 +0000 |
| commit | 15eda7ce783a81d2f5911028a4c8c3ce5649edca (patch) | |
| tree | c7e7bcbfe21b179d2d26cf48a15be69d4d07ee0e | |
| parent | common: New function map_static_strings (diff) | |
| download | gnupg-15eda7ce783a81d2f5911028a4c8c3ce5649edca.tar.gz gnupg-15eda7ce783a81d2f5911028a4c8c3ce5649edca.zip | |
gpg: Print info about the used AEAD algorithm.
* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
--
With out this change we would see
gpg: cipher algorithm 'AES256' may not be used in
--compliance=de-vs mode
This is confusing because AES256 is compliant. Now we see
gpg: cipher algorithm 'AES256.OCB' may not be used in
--compliance=de-vs mode
which gives a hint on the problem.
| -rw-r--r-- | g10/decrypt-data.c | 4 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/misc.c | 18 |
3 files changed, 22 insertions, 2 deletions
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 89d7c9a70..f9fc1d2c7 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -244,7 +244,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek, { if (!openpgp_cipher_test_algo (dek->algo)) log_info (_("%s encrypted data\n"), - openpgp_cipher_algo_name (dek->algo)); + openpgp_cipher_algo_mode_name (dek->algo, ed->aead_algo)); else log_info (_("encrypted with unknown algorithm %d\n"), dek->algo ); dek->algo_info_printed = 1; @@ -264,7 +264,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek, if (!gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, ciphermode)) { log_error (_("cipher algorithm '%s' may not be used in %s mode\n"), - openpgp_cipher_algo_name (dek->algo), + openpgp_cipher_algo_mode_name (dek->algo,ed->aead_algo), gnupg_compliance_option_string (opt.compliance)); *compliance_error = 1; if (opt.flags.require_compliance) diff --git a/g10/main.h b/g10/main.h index 68360e218..273ddaaaf 100644 --- a/g10/main.h +++ b/g10/main.h @@ -122,6 +122,8 @@ enum gcry_cipher_algos map_cipher_openpgp_to_gcry (cipher_algo_t algo); int openpgp_cipher_blocklen (cipher_algo_t algo); int openpgp_cipher_test_algo(cipher_algo_t algo); const char *openpgp_cipher_algo_name (cipher_algo_t algo); +const char *openpgp_cipher_algo_mode_name (cipher_algo_t algo, + aead_algo_t aead); gpg_error_t openpgp_aead_test_algo (aead_algo_t algo); const char *openpgp_aead_algo_name (aead_algo_t algo); diff --git a/g10/misc.c b/g10/misc.c index 634d30387..1d30bbc6d 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -608,6 +608,24 @@ openpgp_cipher_algo_name (cipher_algo_t algo) } +/* Same as openpgp_cipher_algo_name but returns a string in the form + * "ALGO.MODE" if AEAD is not 0. Note that in this version we do not + * print "ALGO.CFB" as we do in 2.3 to avoid confusing users. */ +const char * +openpgp_cipher_algo_mode_name (cipher_algo_t algo, aead_algo_t aead) +{ + + if (aead == AEAD_ALGO_NONE) + return openpgp_cipher_algo_name (algo); + + return map_static_strings ("openpgp_cipher_algo_mode_name", algo, aead, + openpgp_cipher_algo_name (algo), + ".", + openpgp_aead_algo_name (aead), + NULL); +} + + /* Return 0 if ALGO is supported. Return an error if not. */ gpg_error_t openpgp_aead_test_algo (aead_algo_t algo) |