From da3015e3c05030fe709c8f922486e73d06d1d16a Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 22 Jan 2018 16:23:02 +0100 Subject: gpg: Unify AEAD parameter retrieval. * g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo. * g10/encrypt.c (use_aead): Return the AEAD algo. (encrypt_simple): Adjust for this change. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New. (openpgp_aead_algo_info): New. * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove. (write_header): Use new fucntion. * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove. (decrypt_data): Use new function. Also allow for chunkbytes other than 10. -- Note that other chunk bytes than 10 and in particular 0 (64 byte chunks) have not yet been tested. Signed-off-by: Werner Koch --- g10/decrypt-data.c | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) (limited to 'g10/decrypt-data.c') diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 79e255480..7ed0bf006 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -31,10 +31,6 @@ #include "../common/status.h" #include "../common/compliance.h" -/* FIXME: Libgcrypt 1.9 will support EAX. Until we kame this a - * requirement we hardwire the enum used for EAX. */ -#define MY_GCRY_CIPHER_MODE_EAX 14 - static int aead_decode_filter (void *opaque, int control, iobuf_t a, byte *buf, size_t *ret_len); @@ -274,28 +270,15 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) goto leave; } - switch (ed->aead_algo) - { - case AEAD_ALGO_OCB: - startivlen = 15; - ciphermode = GCRY_CIPHER_MODE_OCB; - break; - case AEAD_ALGO_EAX: - startivlen = 16; - ciphermode = MY_GCRY_CIPHER_MODE_EAX; - break; - default: - log_error ("unknown AEAD algo %d\n", ed->aead_algo); - rc = gpg_error (GPG_ERR_INV_CIPHER_MODE); - goto leave; - } + rc = openpgp_aead_algo_info (ed->aead_algo, &ciphermode, &startivlen); + if (rc) + goto leave; log_assert (startivlen <= sizeof dfx->startiv); - if (ed->chunkbyte != 10) + if (ed->chunkbyte > 56) { - /* FIXME */ - log_error ("unsupported chunkbyte %u\n", ed->chunkbyte); - rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + log_error ("invalid AEAD chunkbyte %u\n", ed->chunkbyte); + rc = gpg_error (GPG_ERR_INV_PACKET); goto leave; } -- cgit v1.2.3