diff options
| author | Werner Koch <[email protected]> | 2022-10-31 14:51:21 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-10-31 14:51:21 +0000 |
| commit | 5a2cef801d3506bedd700db1a5d88b7a75c4083b (patch) | |
| tree | 594b305eb753bbcb2bf1e5a6ea7d2cde190ebbd3 | |
| parent | gpg: New option --compatibility-flags (diff) | |
| download | gnupg-5a2cef801d3506bedd700db1a5d88b7a75c4083b.tar.gz gnupg-5a2cef801d3506bedd700db1a5d88b7a75c4083b.zip | |
gpg: Allow only OCB for AEAD encryption.
* g10/gpg.c (opts): New option--force-ocb as alias for force-aead.
Turn --aead-algo and --personal-aead-preferences into dummy options.
(build_list_md_test_algo, build_list_aead_algo_name): Remove.
(my_strusage): Remove output of AEAD algos.
(main): Remove code from the --aead options.
* g10/encrypt.c (encrypt_seskey): Make file local.
(use_aead): Remove requirement for rfc4880bis. Always return
AEAD_ALGO_OCB.
* g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro.
* g10/misc.c (default_aead_algo): Remove.
* g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0.
(select_algo_from_prefs): Remove personal AEAD algo setting.
* g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option
parsing.
* g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs.
--
Due to the meanwhile expired patent on OCB there is no more reason for
using EAX. Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
| -rw-r--r-- | doc/gpg.texi | 35 | ||||
| -rw-r--r-- | g10/encrypt.c | 12 | ||||
| -rw-r--r-- | g10/gpg.c | 68 | ||||
| -rw-r--r-- | g10/keygen.c | 23 | ||||
| -rw-r--r-- | g10/main.h | 5 | ||||
| -rw-r--r-- | g10/misc.c | 11 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 4 |
8 files changed, 20 insertions, 140 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 59d5e578f..c617e1971 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2760,12 +2760,14 @@ is the default. @itemx --no-force-v4-certs These options are obsolete and have no effect since GnuPG 2.1. -@item --force-aead +@item --force-ocb +@itemx --force-aead +@opindex force-ocb @opindex force-aead Force the use of AEAD encryption over MDC encryption. AEAD is a modern and faster way to do authenticated encryption than the old MDC -method. See also options @option{--aead-algo} and -@option{--chunk-size}. +method. @option{--force-aead} is an alias and deprecated. See also +option @option{--chunk-size}. @item --force-mdc @itemx --disable-mdc @@ -2810,16 +2812,6 @@ preferences, as GPG will only select an algorithm that is usable by all recipients. The most highly ranked cipher in this list is also used for the @option{--symmetric} encryption command. -@item --personal-aead-preferences @var{string} -@opindex personal-aead-preferences -Set the list of personal AEAD preferences to @var{string}. Use -@command{@gpgname --version} to get a list of available algorithms, -and use @code{none} to set no preference at all. This allows the user -to safely override the algorithm chosen by the recipient key -preferences, as GPG will only select an algorithm that is usable by -all recipients. The most highly ranked cipher in this list is also -used for the @option{--symmetric} encryption command. - @item --personal-digest-preferences @var{string} @opindex personal-digest-preferences Set the list of personal digest preferences to @var{string}. Use @@ -3233,16 +3225,6 @@ it allows you to violate the OpenPGP standard. The option @option{--personal-cipher-preferences} is the safe way to accomplish the same thing. -@item --aead-algo @var{name} -@opindex aead-algo -Specify that the AEAD algorithm @var{name} is to be used. This is -useful for symmetric encryption where no key preference are available -to select the AEAD algorithm. Running @command{@gpgname} with option -@option{--version} shows the available AEAD algorithms. In general, -you do not want to use this option as it allows you to violate the -OpenPGP standard. The option @option{--personal-aead-preferences} is -the safe way to accomplish the same thing. - @item --digest-algo @var{name} @opindex digest-algo Use @var{name} as the message digest algorithm. Running the program @@ -3786,6 +3768,13 @@ it. These options are deprecated. Use @option{--list-options [no-]show-policy-url} and/or @option{--verify-options [no-]show-policy-url} instead. +@item --personal-aead-preferences @var{string} +@opindex personal-aead-preferences +This option is deprecated and has no more effect since version 2.3.9. + +@item --aead-algo @var{name} +This option is deprecated and has no more effect since version 2.3.9. + @end table diff --git a/g10/encrypt.c b/g10/encrypt.c index 019bf0be4..33a5126d0 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -219,7 +219,7 @@ check_encryption_compliance (DEK *dek, pk_list_t pk_list) * stored at R_SESKEY. If AEAD_ALGO is not 0 the given AEAD algorithm * is used for encryption. */ -gpg_error_t +static gpg_error_t encrypt_seskey (DEK *dek, aead_algo_t aead_algo, DEK **r_seskey, void **r_enckey, size_t *r_enckeylen) { @@ -344,14 +344,6 @@ use_aead (pk_list_t pk_list, int algo) { int can_use; - if (!opt.flags.rfc4880bis) - { - if (opt.force_aead) - log_info ("Warning: Option %s currently requires option '%s'\n", - "--force-aead", "--rfc4880bis"); - return 0; - } - can_use = openpgp_cipher_get_algo_blklen (algo) == 16; /* With --force-aead we want AEAD. */ @@ -363,7 +355,7 @@ use_aead (pk_list_t pk_list, int algo) openpgp_cipher_algo_name (algo)); return 0; } - return default_aead_algo (); + return AEAD_ALGO_OCB; } /* AEAD does only work with 128 bit cipher blocklength. */ @@ -254,7 +254,6 @@ enum cmd_and_opt_values oRFC2440Text, oNoRFC2440Text, oCipherAlgo, - oAEADAlgo, oDigestAlgo, oCertDigestAlgo, oCompressAlgo, @@ -383,7 +382,6 @@ enum cmd_and_opt_values oDefaultPreferenceList, oDefaultKeyserverURL, oPersonalCipherPreferences, - oPersonalAEADPreferences, oPersonalDigestPreferences, oPersonalCompressPreferences, oAgentProgram, @@ -675,7 +673,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"), ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"), ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"), - ARGPARSE_s_s (oPersonalAEADPreferences, "personal-aead-preferences","@"), ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), @@ -855,7 +852,8 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"), ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"), ARGPARSE_s_i (oS2KCount, "s2k-count", "@"), - ARGPARSE_s_n (oForceAEAD, "force-aead", "@"), + ARGPARSE_s_n (oForceAEAD, "force-ocb", "@"), + ARGPARSE_s_n (oForceAEAD, "force-aead", "@"), /*(old name)*/ ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"), ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"), ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"), @@ -876,7 +874,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), - ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), @@ -928,8 +925,6 @@ static gpgrt_opt_t opts[] = { /* Aliases. I constantly mistype these, and assume other people do as well. */ ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"), - ARGPARSE_s_s (oPersonalAEADPreferences, "personal-aead-prefs", "@"), - ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"), ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"), /* These two are aliases to help users of the PGP command line @@ -972,6 +967,8 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oNoop, "allow-multisig-verification", "@"), ARGPARSE_s_n (oNoop, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), + ARGPARSE_s_s (oNoop, "aead-algo", "@"), + ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), ARGPARSE_group (302, N_( @@ -1113,18 +1110,6 @@ build_list_cipher_algo_name (int algo) } static int -build_list_aead_test_algo (int algo) -{ - return openpgp_aead_test_algo (algo); -} - -static const char * -build_list_aead_algo_name (int algo) -{ - return openpgp_aead_algo_name (algo); -} - -static int build_list_md_test_algo (int algo) { /* By default we do not accept MD5 based signatures. To avoid @@ -1145,7 +1130,7 @@ build_list_md_algo_name (int algo) static const char * my_strusage( int level ) { - static char *digests, *pubkeys, *ciphers, *zips, *aeads, *ver_gcry; + static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry; const char *p; switch( level ) { @@ -1207,13 +1192,6 @@ my_strusage( int level ) build_list_cipher_test_algo ); p = ciphers; break; - case 36: - if (!aeads) - aeads = build_list ("AEAD: ", 'A', - build_list_aead_algo_name, - build_list_aead_test_algo); - p = aeads; - break; case 37: if( !digests ) digests = build_list(_("Hash: "), 'H', @@ -2251,7 +2229,6 @@ set_compliance_option (enum cmd_and_opt_values option) opt.escape_from = 1; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; - opt.def_aead_algo = 0; opt.def_digest_algo = 0; opt.cert_digest_algo = 0; opt.compress_algo = -1; @@ -2273,7 +2250,6 @@ set_compliance_option (enum cmd_and_opt_values option) opt.escape_from = 1; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; - opt.def_aead_algo = 0; opt.def_digest_algo = 0; opt.cert_digest_algo = 0; opt.compress_algo = -1; @@ -2291,7 +2267,6 @@ set_compliance_option (enum cmd_and_opt_values option) opt.escape_from = 0; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; - opt.def_aead_algo = 0; opt.def_digest_algo = 0; opt.cert_digest_algo = 0; opt.compress_algo = -1; @@ -2310,7 +2285,6 @@ set_compliance_option (enum cmd_and_opt_values option) case oDE_VS: set_compliance_option (oOpenPGP); opt.compliance = CO_DE_VS; - opt.def_aead_algo = 0; /* We divert here from the backward compatible rfc4880 algos. */ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; opt.s2k_cipher_algo = CIPHER_ALGO_AES256; @@ -2391,14 +2365,12 @@ main (int argc, char **argv) const char *trustdb_name = NULL; #endif /*!NO_TRUST_MODELS*/ char *def_cipher_string = NULL; - char *def_aead_string = NULL; char *def_digest_string = NULL; char *compress_algo_string = NULL; char *cert_digest_string = NULL; char *s2k_cipher_string = NULL; char *s2k_digest_string = NULL; char *pers_cipher_list = NULL; - char *pers_aead_list = NULL; char *pers_digest_list = NULL; char *pers_compress_list = NULL; int eyes_only=0; @@ -2464,7 +2436,6 @@ main (int argc, char **argv) opt.bz2_compress_level = -1; /* defaults to standard compress level */ /* note: if you change these lines, look at oOpenPGP */ opt.def_cipher_algo = 0; - opt.def_aead_algo = 0; opt.def_digest_algo = 0; opt.cert_digest_algo = 0; opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ @@ -3287,9 +3258,6 @@ main (int argc, char **argv) case oCipherAlgo: def_cipher_string = xstrdup(pargs.r.ret_str); break; - case oAEADAlgo: - def_aead_string = xstrdup (pargs.r.ret_str); - break; case oDigestAlgo: def_digest_string = xstrdup(pargs.r.ret_str); break; @@ -3571,9 +3539,6 @@ main (int argc, char **argv) case oPersonalCipherPreferences: pers_cipher_list=pargs.r.ret_str; break; - case oPersonalAEADPreferences: - pers_aead_list = pargs.r.ret_str; - break; case oPersonalDigestPreferences: pers_digest_list=pargs.r.ret_str; break; @@ -3964,13 +3929,6 @@ main (int argc, char **argv) if ( openpgp_cipher_test_algo (opt.def_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); } - if (def_aead_string) - { - opt.def_aead_algo = string_to_aead_algo (def_aead_string); - xfree (def_aead_string); def_aead_string = NULL; - if (openpgp_aead_test_algo (opt.def_aead_algo)) - log_error(_("selected AEAD algorithm is invalid\n")); - } if( def_digest_string ) { opt.def_digest_algo = string_to_digest_algo (def_digest_string); xfree(def_digest_string); def_digest_string = NULL; @@ -4031,9 +3989,6 @@ main (int argc, char **argv) keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM)) log_error(_("invalid personal cipher preferences\n")); - if (pers_aead_list && keygen_set_std_prefs (pers_aead_list, PREFTYPE_AEAD)) - log_error(_("invalid personal AEAD preferences\n")); - if(pers_digest_list && keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH)) log_error(_("invalid personal digest preferences\n")); @@ -4118,12 +4073,6 @@ main (int argc, char **argv) badalg = openpgp_cipher_algo_name (opt.def_cipher_algo); badtype = PREFTYPE_SYM; } - else if(opt.def_aead_algo - && !algo_available(PREFTYPE_AEAD, opt.def_aead_algo, NULL)) - { - badalg = openpgp_aead_algo_name (opt.def_aead_algo); - badtype = PREFTYPE_AEAD; - } else if(opt.def_digest_algo && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL)) { @@ -4153,12 +4102,6 @@ main (int argc, char **argv) badalg, gnupg_compliance_option_string (opt.compliance)); break; - case PREFTYPE_AEAD: - log_info (_("AEAD algorithm '%s'" - " may not be used in %s mode\n"), - badalg, - gnupg_compliance_option_string (opt.compliance)); - break; case PREFTYPE_HASH: log_info (_("digest algorithm '%s'" " may not be used in %s mode\n"), @@ -4184,7 +4127,6 @@ main (int argc, char **argv) * is not. This is us being nice to the user informing her early * that the chosen algorithms are not available. We also check * and enforce this right before the actual operation. */ - /* FIXME: We also need to check the AEAD algo. */ if (opt.def_cipher_algo && ! gnupg_cipher_is_allowed (opt.compliance, cmd == aEncr diff --git a/g10/keygen.c b/g10/keygen.c index 7a79b378f..484352583 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -564,29 +564,6 @@ keygen_set_std_prefs (const char *string,int personal) opt.personal_cipher_prefs[i].value = 0; } } - else if (personal == PREFTYPE_AEAD) - { - xfree(opt.personal_aead_prefs); - - if (!naead) - opt.personal_aead_prefs = NULL; - else - { - int i; - - opt.personal_aead_prefs= - xmalloc(sizeof(prefitem_t *)*(naead+1)); - - for (i=0; i<naead; i++) - { - opt.personal_aead_prefs[i].type = PREFTYPE_AEAD; - opt.personal_aead_prefs[i].value = aead[i]; - } - - opt.personal_aead_prefs[i].type = PREFTYPE_NONE; - opt.personal_aead_prefs[i].value = 0; - } - } else if(personal==PREFTYPE_HASH) { xfree(opt.personal_digest_prefs); diff --git a/g10/main.h b/g10/main.h index 74c29cc92..408b029cb 100644 --- a/g10/main.h +++ b/g10/main.h @@ -41,8 +41,6 @@ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES #endif -#define DEFAULT_AEAD_ALGO AEAD_ALGO_OCB - #define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 #ifdef HAVE_ZIP @@ -169,7 +167,6 @@ const char *compress_algo_to_string(int algo); int string_to_compress_algo(const char *string); int check_compress_algo(int algo); int default_cipher_algo(void); -aead_algo_t default_aead_algo(void); int default_compress_algo(void); void compliance_failure(void); @@ -240,8 +237,6 @@ void display_online_help( const char *keyword ); /*-- encode.c --*/ gpg_error_t setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek); -gpg_error_t encrypt_seskey (DEK *dek, aead_algo_t aead_algo, DEK **r_seskey, - void **r_enckey, size_t *r_enckeylen); aead_algo_t use_aead (pk_list_t pk_list, int algo); int use_mdc (pk_list_t pk_list,int algo); int encrypt_symmetric (const char *filename ); diff --git a/g10/misc.c b/g10/misc.c index 581601209..dcf001877 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1387,17 +1387,6 @@ default_cipher_algo(void) } -aead_algo_t -default_aead_algo(void) -{ - if(opt.def_aead_algo) - return opt.def_aead_algo; - else if(opt.personal_aead_prefs) - return opt.personal_aead_prefs[0].value; - else - return DEFAULT_AEAD_ALGO; -} - /* There is no default_digest_algo function, but see sign.c:hash_for() */ diff --git a/g10/options.h b/g10/options.h index 0cd2d52e7..02582ae50 100644 --- a/g10/options.h +++ b/g10/options.h @@ -92,7 +92,6 @@ struct int no_armor; int list_packets; /* Option --list-packets active. */ int def_cipher_algo; - int def_aead_algo; int force_mdc; int disable_mdc; int force_aead; @@ -180,7 +179,6 @@ struct const char *def_preference_list; const char *def_keyserver_url; prefitem_t *personal_cipher_prefs; - prefitem_t *personal_aead_prefs; prefitem_t *personal_digest_prefs; prefitem_t *personal_compress_prefs; struct weakhash *weak_digests; diff --git a/g10/pkclist.c b/g10/pkclist.c index 9b08cc4d1..459e7595a 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1603,8 +1603,6 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, prefs=NULL; if(preftype==PREFTYPE_SYM && opt.personal_cipher_prefs) prefs=opt.personal_cipher_prefs; - else if(preftype==PREFTYPE_AEAD && opt.personal_aead_prefs) - prefs=opt.personal_aead_prefs; else if(preftype==PREFTYPE_HASH && opt.personal_digest_prefs) prefs=opt.personal_digest_prefs; else if(preftype==PREFTYPE_ZIP && opt.personal_compress_prefs) @@ -1720,7 +1718,7 @@ select_aead_from_pklist (PK_LIST pk_list) return 0; /* At least one recipient does not support it. */ } - return default_aead_algo (); /* Yes, AEAD can be used. */ + return AEAD_ALGO_OCB; /* Yes, AEAD can be used. */ } |