fix: Address rebase on version 2 issues

Author: lubux

openpgp/forwarding.go

@@ -6,6 +6,7 @@ package openpgp
 
 import (
 	goerrors "errors"
+
 	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
@@ -51,7 +52,7 @@ func (e *Entity) NewForwardingEntity(
 		Subkeys:    []Subkey{},
 	}
 
-	err = forwardeeKey.addUserId(name, comment, email, config, now, keyLifetimeSecs)
+	err = forwardeeKey.addUserId(name, comment, email, config, now, keyLifetimeSecs, true)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -91,15 +92,15 @@ func (e *Entity) NewForwardingEntity(
 			return nil, nil, err
 		}
 
-		forwardeeSubKey := forwardeeKey.Subkeys[len(forwardeeKey.Subkeys) - 1]
+		forwardeeSubKey := forwardeeKey.Subkeys[len(forwardeeKey.Subkeys)-1]
 
 		forwardeeEcdhKey, ok := forwardeeSubKey.PrivateKey.PrivateKey.(*ecdh.PrivateKey)
 		if !ok {
 			return nil, nil, goerrors.New("wrong forwarding sub key generation")
 		}
 
 		instance := packet.ForwardingInstance{
-			KeyVersion: 4,
+			KeyVersion:           4,
 			ForwarderFingerprint: forwarderSubKey.PublicKey.Fingerprint,
 		}
 
@@ -109,9 +110,9 @@ func (e *Entity) NewForwardingEntity(
 		}
 
 		kdf := ecdh.KDF{
-			Version:                ecdh.KDFVersionForwarding,
-			Hash:                   forwarderEcdhKey.KDF.Hash,
-			Cipher:                 forwarderEcdhKey.KDF.Cipher,
+			Version: ecdh.KDFVersionForwarding,
+			Hash:    forwarderEcdhKey.KDF.Hash,
+			Cipher:  forwarderEcdhKey.KDF.Cipher,
 		}
 
 		// If deriving a forwarding key from a forwarding key

openpgp/packet/encrypted_key.go

@@ -410,7 +410,7 @@ func SerializeEncryptedKeyAEADwithHiddenOption(w io.Writer, pub *PublicKey, ciph
 
 	var keyBlock []byte
 	switch pub.PubKeyAlgo {
-	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH:
+	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH, ExperimentalPubKeyAlgoAEAD:
 		lenKeyBlock := len(key) + 2
 		if version < 6 {
 			lenKeyBlock += 1 // cipher type included
@@ -439,7 +439,7 @@ func SerializeEncryptedKeyAEADwithHiddenOption(w io.Writer, pub *PublicKey, ciph
 	case PubKeyAlgoX448:
 		return serializeEncryptedKeyX448(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*x448.PublicKey), keyBlock, byte(cipherFunc), version)
 	case ExperimentalPubKeyAlgoAEAD:
-		return serializeEncryptedKeyAEAD(w, config.Random(), buf, pub.PublicKey.(*symmetric.AEADPublicKey), keyBlock, config.AEAD())
+		return serializeEncryptedKeyAEAD(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*symmetric.AEADPublicKey), keyBlock, config.AEAD())
 	case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly, ExperimentalPubKeyAlgoHMAC:
 		return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
 	}
@@ -483,8 +483,9 @@ func (e *EncryptedKey) ProxyTransform(instance ForwardingInstance) (transformed
 	copy(copiedWrappedKey, wrappedKey)
 
 	transformed = &EncryptedKey{
-		KeyId: instance.getForwardeeKeyIdOrZero(e.KeyId),
-		Algo: e.Algo,
+		Version:       e.Version,
+		KeyId:         instance.getForwardeeKeyIdOrZero(e.KeyId),
+		Algo:          e.Algo,
 		encryptedMPI1: encoding.NewMPI(transformedEphemeral),
 		encryptedMPI2: encoding.NewOID(copiedWrappedKey),
 	}
@@ -608,7 +609,7 @@ func serializeEncryptedKeyX448(w io.Writer, rand io.Reader, header []byte, pub *
 	return x448.EncodeFields(w, ephemeralPublicX448, ciphertext, cipherFunc, version == 6)
 }
 
-func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header [10]byte, pub *symmetric.AEADPublicKey, keyBlock []byte, config *AEADConfig) error {
+func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header []byte, pub *symmetric.AEADPublicKey, keyBlock []byte, config *AEADConfig) error {
 	mode := algorithm.AEADMode(config.Mode())
 	iv, ciphertextRaw, err := pub.Encrypt(rand, keyBlock, mode)
 	if err != nil {
@@ -620,7 +621,7 @@ func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header [10]byte, pub
 	buffer := append([]byte{byte(mode)}, iv...)
 	buffer = append(buffer, ciphertextShortByteString.EncodedBytes()...)
 
-	packetLen := 10 /* header length */
+	packetLen := len(header) /* header length */
 	packetLen += int(len(buffer))
 
 	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
@@ -637,60 +638,27 @@ func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header [10]byte, pub
 	return err
 }
 
-<<<<<<< HEAD
 func checksumKeyMaterial(key []byte) uint16 {
 	var checksum uint16
 	for _, v := range key {
 		checksum += uint16(v)
-=======
-func (e *EncryptedKey) ProxyTransform(instance ForwardingInstance) (transformed *EncryptedKey, err error) {
-	if e.Algo != PubKeyAlgoECDH {
-		return nil, errors.InvalidArgumentError("invalid PKESK")
->>>>>>> edf1961 (Use fingerprints instead of KeyIDs)
 	}
 	return checksum
 }
 
-<<<<<<< HEAD
 func decodeChecksumKey(msg []byte) (key []byte, err error) {
 	key = msg[:len(msg)-2]
 	expectedChecksum := uint16(msg[len(msg)-2])<<8 | uint16(msg[len(msg)-1])
 	checksum := checksumKeyMaterial(key)
 	if checksum != expectedChecksum {
 		err = errors.StructuralError("session key checksum is incorrect")
-=======
-	if e.KeyId != 0 && e.KeyId != instance.GetForwarderKeyId() {
-		return nil, errors.InvalidArgumentError("invalid key id in PKESK")
->>>>>>> edf1961 (Use fingerprints instead of KeyIDs)
 	}
 	return
 }
 
-<<<<<<< HEAD
 func encodeChecksumKey(buffer []byte, key []byte) {
 	copy(buffer, key)
 	checksum := checksumKeyMaterial(key)
 	buffer[len(key)] = byte(checksum >> 8)
 	buffer[len(key)+1] = byte(checksum)
 }
-=======
-	ephemeral := e.encryptedMPI1.Bytes()
-	transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, instance.ProxyParameter)
-	if err != nil {
-		return nil, err
-	}
-
-	wrappedKey := e.encryptedMPI2.Bytes()
-	copiedWrappedKey := make([]byte, len(wrappedKey))
-	copy(copiedWrappedKey, wrappedKey)
-
-	transformed = &EncryptedKey{
-		KeyId: instance.getForwardeeKeyIdOrZero(e.KeyId),
-		Algo: e.Algo,
-		encryptedMPI1: encoding.NewMPI(transformedEphemeral),
-		encryptedMPI2: encoding.NewOID(copiedWrappedKey),
-	}
-
-	return transformed, nil
-}
->>>>>>> edf1961 (Use fingerprints instead of KeyIDs)

openpgp/packet/private_key.go

@@ -28,10 +28,10 @@ import (
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
 	"github.com/ProtonMail/go-crypto/openpgp/s2k"
+	"github.com/ProtonMail/go-crypto/openpgp/symmetric"
 	"github.com/ProtonMail/go-crypto/openpgp/x25519"
 	"github.com/ProtonMail/go-crypto/openpgp/x448"
 	"golang.org/x/crypto/hkdf"
-	"github.com/ProtonMail/go-crypto/openpgp/symmetric"
 )
 
 // PrivateKey represents a possibly encrypted private key. See RFC 4880,
@@ -186,15 +186,12 @@ func NewDecrypterPrivateKey(creationTime time.Time, decrypter interface{}) *Priv
 		pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey)
 	case *ecdh.PrivateKey:
 		pk.PublicKey = *NewECDHPublicKey(creationTime, &priv.PublicKey)
-<<<<<<< HEAD
 	case *x25519.PrivateKey:
 		pk.PublicKey = *NewX25519PublicKey(creationTime, &priv.PublicKey)
 	case *x448.PrivateKey:
 		pk.PublicKey = *NewX448PublicKey(creationTime, &priv.PublicKey)
-=======
 	case *symmetric.AEADPrivateKey:
 		pk.PublicKey = *NewAEADPublicKey(creationTime, &priv.PublicKey)
->>>>>>> 3731c9c (openpgp: Add support for symmetric subkeys (#74))
 	default:
 		panic("openpgp: unknown decrypter type in NewDecrypterPrivateKey")
 	}