Browse Source

add config_cipher_suite()

ENGINE-641
Volker Birk 3 years ago
parent
commit
a6f04af40f
9 changed files with 98 additions and 3 deletions
  1. +1
    -0
      src/cryptotech.c
  2. +5
    -0
      src/cryptotech.h
  3. +11
    -0
      src/pEpEngine.c
  4. +30
    -0
      src/pEpEngine.h
  5. +2
    -0
      src/pEp_internal.h
  6. +14
    -0
      src/pgp_gpg.c
  7. +6
    -3
      src/pgp_gpg.h
  8. +26
    -0
      src/pgp_sequoia.c
  9. +3
    -0
      src/pgp_sequoia.h

+ 1
- 0
src/cryptotech.c View File

@ -58,6 +58,7 @@ PEP_STATUS init_cryptotech(PEP_SESSION session, bool in_first)
cryptotech[PEP_crypt_OpenPGP].key_created = pgp_key_created;
cryptotech[PEP_crypt_OpenPGP].contains_priv_key = pgp_contains_priv_key;
cryptotech[PEP_crypt_OpenPGP].find_private_keys = pgp_find_private_keys;
cryptotech[PEP_crypt_OpenPGP].config_cipher_suite = pgp_config_cipher_suite;
#ifdef PGP_BINARY_PATH
cryptotech[PEP_crypt_OpenPGP].binary_path = PGP_BINARY_PATH;
#endif


+ 5
- 0
src/cryptotech.h View File

@ -95,6 +95,9 @@ typedef PEP_STATUS (*find_private_keys_t)(
PEP_SESSION session, const char *pattern, stringlist_t **keylist
);
typedef PEP_STATUS (*config_cipher_suite_t)(PEP_SESSION session,
PEP_CYPHER_SUITE suite);
typedef struct _PEP_cryptotech_t {
uint8_t id;
// the following are default values; comm_type may vary with key length or b0rken crypto
@ -121,6 +124,7 @@ typedef struct _PEP_cryptotech_t {
binary_path_t binary_path;
contains_priv_key_t contains_priv_key;
find_private_keys_t find_private_keys;
config_cipher_suite_t config_cipher_suite;
} PEP_cryptotech_t;
extern PEP_cryptotech_t cryptotech[PEP_crypt__count];
@ -129,3 +133,4 @@ typedef uint64_t cryptotech_mask;
PEP_STATUS init_cryptotech(PEP_SESSION session, bool in_first);
void release_cryptotech(PEP_SESSION session, bool out_last);

+ 11
- 0
src/pEpEngine.c View File

@ -4399,6 +4399,17 @@ DYNAMIC_API PEP_STATUS key_revoked(
revoked);
}
DYNAMIC_API PEP_STATUS config_cipher_suite(PEP_SESSION session,
PEP_CYPHER_SUITE suite)
{
assert(session);
if (!session)
return PEP_ILLEGAL_VALUE;
return session->cryptotech[PEP_crypt_OpenPGP].config_cipher_suite(session,
suite);
}
static void _clean_log_value(char *text)
{
if (text) {


+ 30
- 0
src/pEpEngine.h View File

@ -118,6 +118,7 @@ typedef enum {
PEP_COMMIT_FAILED = 0xff01,
PEP_MESSAGE_CONSUME = 0xff02,
PEP_MESSAGE_IGNORE = 0xff03,
PEP_CANNOT_CONFIG = 0xff04,
PEP_RECORD_NOT_FOUND = -6,
PEP_CANNOT_CREATE_TEMP_FILE = -5,
@ -278,6 +279,35 @@ DYNAMIC_API void config_use_only_own_private_keys(PEP_SESSION session, bool enab
DYNAMIC_API void config_service_log(PEP_SESSION session, bool enable);
typedef enum {
PEP_CIPHER_SUITE_DEFAULT = 0,
PEP_CIPHER_SUITE_CV25519,
PEP_CIPHER_SUITE_RSA3K,
PEP_CIPHER_SUITE_P256,
PEP_CIPHER_SUITE_P384,
PEP_CIPHER_SUITE_P521,
PEP_CIPHER_SUITE_RSA2K,
PEP_CIPHER_SUITE_RSA4K,
PEP_CIPHER_SUITE_RSA8K
} PEP_CYPHER_SUITE;
// config_cipher_suite() - cipher suite being used when encrypting
//
// parameters:
// session (in) session handle
// cipher_suite (in) cipher suite to use
//
// return value:
// PEP_STATUS_OK cipher suite configured
// PEP_CANNOT_CONFIG configuration failed; falling back to default
//
// caveat: the default ciphersuite for a crypt tech implementation is
// implementation defined
DYNAMIC_API PEP_STATUS config_cipher_suite(PEP_SESSION session,
PEP_CYPHER_SUITE suite);
// decrypt_and_verify() - decrypt and/or verify a message
//
// parameters:


+ 2
- 0
src/pEp_internal.h View File

@ -148,6 +148,8 @@ struct _pEpSession {
#endif
PEP_cryptotech_t *cryptotech;
PEP_CYPHER_SUITE cipher_suite;
PEP_transport_t *transports;
sqlite3 *db;


+ 14
- 0
src/pgp_gpg.c View File

@ -3116,3 +3116,17 @@ PEP_STATUS pgp_contains_priv_key(PEP_SESSION session, const char *fpr,
}
return status;
}
PEP_STATUS pgp_config_cipher_suite(PEP_SESSION session,
PEP_CYPHER_SUITE suite)
{
// functionaliy unsupported; use gpg.conf
switch (suite) {
case PEP_CIPHER_SUITE_DEFAULT:
return PEP_STATUS_OK;
default:
return PEP_CANNOT_CONFIG;
}
}

+ 6
- 3
src/pgp_gpg.h View File

@ -28,7 +28,7 @@ PEP_STATUS pgp_init(PEP_SESSION session, bool in_first);
void pgp_release(PEP_SESSION session, bool out_last);
// pgp_decrypt_and_verify() - decrypt and verify cyphertext
// pgp_decrypt_and_verify() - decrypt and verify ciphertext
//
// parameters:
// session (in) session handle
@ -37,8 +37,8 @@ void pgp_release(PEP_SESSION session, bool out_last);
// dsigtext (in) pointer to bytes with detached signature
// or NULL if no detached signature
// dsigsize (in) size of detached signature in bytes
// ptext (out) bytes with cyphertext
// psize (out) size of cyphertext in bytes
// ptext (out) bytes with ciphertext
// psize (out) size of ciphertext in bytes
// keylist (out) list of keys being used; first is the key being
// used for signing
// filename (out) PGP filename, when rendered (Optional, only necessary for some PGP implementations (e.g. Symantec),
@ -299,4 +299,7 @@ PEP_STATUS pgp_replace_only_uid(
const char* email
);
PEP_STATUS pgp_config_cipher_suite(PEP_SESSION session,
PEP_CYPHER_SUITE suite);
#define PGP_BINARY_PATH pgp_binary

+ 26
- 0
src/pgp_sequoia.c View File

@ -2574,3 +2574,29 @@ PEP_STATUS pgp_contains_priv_key(PEP_SESSION session, const char *fpr,
fpr, *has_private ? "priv" : "pub", pEp_status_to_string(status));
return status;
}
DYNAMIC_API PEP_STATUS pgp_config_cipher_suite(PEP_SESSION session,
PEP_CYPHER_SUITE suite)
{
switch (suite) {
// supported cipher suits
case PEP_CIPHER_SUITE_RSA3K:
case PEP_CIPHER_SUITE_CV25519:
case PEP_CIPHER_SUITE_P256:
case PEP_CIPHER_SUITE_P384:
case PEP_CIPHER_SUITE_P521:
case PEP_CIPHER_SUITE_RSA2K:
session->cipher_suite = suite;
return PEP_STATUS_OK;
case PEP_CIPHER_SUITE_DEFAULT:
session->cipher_suite = PEP_CIPHER_SUITE_RSA3K;
return PEP_STATUS_OK;
// unsupported cipher suits
default:
session->cipher_suite = PEP_CIPHER_SUITE_RSA3K;
return PEP_CANNOT_CONFIG;
}
}

+ 3
- 0
src/pgp_sequoia.h View File

@ -112,4 +112,7 @@ PEP_STATUS pgp_find_private_keys(
PEP_STATUS pgp_binary(const char **path);
PEP_STATUS pgp_config_cipher_suite(PEP_SESSION session,
PEP_CYPHER_SUITE suite);
#define PGP_BINARY_PATH pgp_binary

Loading…
Cancel
Save