From 433b55d0579ce40a9a5c95d8016e0757b34f7eeb Mon Sep 17 00:00:00 2001 From: Aron Wussler Date: Tue, 21 Mar 2023 15:23:04 +0100 Subject: [PATCH] Create a copy of the encrypted key when forwarding --- openpgp/forwarding_test.go | 4 ++-- openpgp/packet/encrypted_key.go | 28 +++++++++++++++++++--------- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/openpgp/forwarding_test.go b/openpgp/forwarding_test.go index 2267c4ca..3241a794 100644 --- a/openpgp/forwarding_test.go +++ b/openpgp/forwarding_test.go @@ -183,7 +183,7 @@ Loop: } switch p := p.(type) { case *packet.EncryptedKey: - err = p.ProxyTransform( + tp, err := p.ProxyTransform( instance.ProxyParameter, instance.ForwarderKeyId, instance.ForwardeeKeyId, @@ -194,7 +194,7 @@ Loop: splitPoint = bytesReader.Size() - int64(bytesReader.Len()) - err = p.Serialize(transformedEncryptedKey) + err = tp.Serialize(transformedEncryptedKey) if err != nil { t.Fatalf("error serializing transformed PKESK: %s", err) } diff --git a/openpgp/packet/encrypted_key.go b/openpgp/packet/encrypted_key.go index ad2cd748..e6553a39 100644 --- a/openpgp/packet/encrypted_key.go +++ b/openpgp/packet/encrypted_key.go @@ -338,25 +338,35 @@ func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header [10]byte, pub return err } -func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) error { +func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) (transformed *EncryptedKey, err error) { if e.Algo != PubKeyAlgoECDH { - return errors.InvalidArgumentError("invalid PKESK") + return nil, errors.InvalidArgumentError("invalid PKESK") } if e.KeyId != 0 && e.KeyId != forwarderKeyId { - return errors.InvalidArgumentError("invalid key id in PKESK") + return nil, errors.InvalidArgumentError("invalid key id in PKESK") } ephemeral := e.encryptedMPI1.Bytes() - transformed, err := ecdh.ProxyTransform(ephemeral, proxyParam) + transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, proxyParam) if err != nil { - return err + return nil, err } - e.encryptedMPI1 = encoding.NewMPI(transformed) - if e.KeyId != 0 { - e.KeyId = forwardeeKeyId + wrappedKey := e.encryptedMPI2.Bytes() + copiedWrappedKey := make([]byte, len(wrappedKey)) + copy(copiedWrappedKey, wrappedKey) + + transformed = &EncryptedKey{ + KeyId: forwardeeKeyId, + Algo: e.Algo, + encryptedMPI1: encoding.NewMPI(transformedEphemeral), + encryptedMPI2: encoding.NewOID(copiedWrappedKey), } - return nil + if e.KeyId == 0 { + e.KeyId = 0 + } + + return transformed, nil } \ No newline at end of file