Skip to content

Commit

Permalink
feat(v2): Adapt aead preferences on key generation
Browse files Browse the repository at this point in the history
  • Loading branch information
lubux committed Nov 12, 2024
1 parent d7733dc commit 2cdebd7
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 11 deletions.
24 changes: 14 additions & 10 deletions openpgp/key_generation.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,13 +91,15 @@ func (t *Entity) AddUserId(name, comment, email string, config *packet.Config) e
}

func writeKeyProperties(selfSignature *packet.Signature, creationTime time.Time, keyLifetimeSecs uint32, config *packet.Config) error {
advertiseAead := config.AEAD() != nil || config.V6()

selfSignature.CreationTime = creationTime
selfSignature.KeyLifetimeSecs = &keyLifetimeSecs
selfSignature.FlagsValid = true
selfSignature.FlagSign = true
selfSignature.FlagCertify = true
selfSignature.SEIPDv1 = true // true by default, see 5.8 vs. 5.14
selfSignature.SEIPDv2 = config.AEAD() != nil
selfSignature.SEIPDv2 = advertiseAead

// Set the PreferredHash for the SelfSignature from the packet.Config.
// If it is not the must-implement algorithm from rfc4880bis, append that.
Expand Down Expand Up @@ -126,16 +128,18 @@ func writeKeyProperties(selfSignature *packet.Signature, creationTime time.Time,
selfSignature.PreferredCompression = append(selfSignature.PreferredCompression, uint8(config.Compression()))
}

// And for DefaultMode.
modes := []uint8{uint8(config.AEAD().Mode())}
if config.AEAD().Mode() != packet.AEADModeOCB {
modes = append(modes, uint8(packet.AEADModeOCB))
}
if advertiseAead {
// And for DefaultMode.
modes := []uint8{uint8(config.AEAD().Mode())}
if config.AEAD().Mode() != packet.AEADModeOCB {
modes = append(modes, uint8(packet.AEADModeOCB))
}

// For preferred (AES256, GCM), we'll generate (AES256, GCM), (AES256, OCB), (AES128, GCM), (AES128, OCB)
for _, cipher := range selfSignature.PreferredSymmetric {
for _, mode := range modes {
selfSignature.PreferredCipherSuites = append(selfSignature.PreferredCipherSuites, [2]uint8{cipher, mode})
// For preferred (AES256, GCM), we'll generate (AES256, GCM), (AES256, OCB), (AES128, GCM), (AES128, OCB)
for _, cipher := range selfSignature.PreferredSymmetric {
for _, mode := range modes {
selfSignature.PreferredCipherSuites = append(selfSignature.PreferredCipherSuites, [2]uint8{cipher, mode})
}
}
}
return nil
Expand Down
2 changes: 1 addition & 1 deletion openpgp/v2/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ func (e *Entity) PrimaryIdentity(date time.Time, config *packet.Config) (*packet
var primaryIdentityCandidatesSelfSigs []*packet.Signature
for _, identity := range e.Identities {
selfSig, err := identity.Verify(date, config) // identity must be valid at date
if err == nil { // verification is successful
if err == nil { // verification is successful
primaryIdentityCandidates = append(primaryIdentityCandidates, identity)
primaryIdentityCandidatesSelfSigs = append(primaryIdentityCandidatesSelfSigs, selfSig)
}
Expand Down

0 comments on commit 2cdebd7

Please sign in to comment.