From 9aab9167bca38323973e853845ca95ae8e9b6871 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 23 Jan 2018 12:07:25 +0100 Subject: gpg: Implement AEAD for SKESK packets. * g10/packet.h (PKT_symkey_enc): Add field aead_algo. * g10/build-packet.c (do_symkey_enc): Support version 5 packets. * g10/parse-packet.c (parse_symkeyenc): Ditto. * g10/encrypt.c (encrypt_symmetric): Force using a random session key in AEAD mode. (encrypt_seskey): Add and support arg aead_algo. (write_symkey_enc): Ditto. (encrypt_simple): Adjust accordingly. (encrypt_filter): Ditto. * g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD support. * g10/mainproc.c (symkey_decrypt_seskey): Support AEAD. Nver call BUG but return an error. (proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way. * g10/import.c (check_prefs): Check AEAD preferences. * g10/keyedit.c (show_prefs): Print AEAD preferences. -- For easier debugging this patch also changes some diagnostics to also print the encryption mode with the cipher algorithm. Signed-off-by: Werner Koch --- g10/gpgcompose.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'g10/gpgcompose.c') diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index f22c7c202..094bc7614 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -2284,7 +2284,7 @@ sk_esk (const char *option, int argc, char *argv[], void *cookie) /* Now encrypt the session key (or rather, the algorithm used to encrypt the SKESK plus the session key) using ENCKEY. */ - err = encrypt_seskey (&s2kdek, &sesdekp, + err = encrypt_seskey (&s2kdek, 0, &sesdekp, (void**)&ske->seskey, (size_t *)&ske->seskeylen); if (err) log_fatal ("encrypt_seskey failed: %s\n", gpg_strerror (err)); -- cgit v1.2.3