diff options
Diffstat (limited to 'openpgp/src/serialize/stream.rs')
-rw-r--r-- | openpgp/src/serialize/stream.rs | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index af6e88bb..ae2e1a46 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -2582,7 +2582,8 @@ impl<'a, 'b> Encryptor2<'a, 'b> { /// for p in pkesks { // Emit the stashed PKESK packets. /// Packet::from(p).serialize(&mut message)?; /// } - /// let message = Encryptor2::with_session_key(message, algo, sk)?.build()?; + /// let message = Encryptor2::with_session_key( + /// message, algo.unwrap_or_default(), sk)?.build()?; /// let mut w = LiteralWriter::new(message).build()?; /// w.write_all(b"Encrypted reply")?; /// w.finalize()?; @@ -2595,7 +2596,7 @@ impl<'a, 'b> Encryptor2<'a, 'b> { /// /// Decrypts the message preserving algo, session key, and PKESKs. /// struct Helper { /// key: Cert, - /// recycling_bin: Option<(SymmetricAlgorithm, SessionKey, Vec<PKESK>)>, + /// recycling_bin: Option<(Option<SymmetricAlgorithm>, SessionKey, Vec<PKESK>)>, /// } /// /// # impl Helper { @@ -2608,7 +2609,7 @@ impl<'a, 'b> Encryptor2<'a, 'b> { /// fn decrypt<D>(&mut self, pkesks: &[PKESK], _skesks: &[SKESK], /// sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) /// -> Result<Option<Fingerprint>> - /// where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool + /// where D: FnMut(Option<SymmetricAlgorithm>, &SessionKey) -> bool /// { /// let p = &StandardPolicy::new(); /// let mut encryption_context = None; @@ -2616,7 +2617,7 @@ impl<'a, 'b> Encryptor2<'a, 'b> { /// for pkesk in pkesks { // Try each PKESK until we succeed. /// for ka in self.key.keys().with_policy(p, None) /// .supported().unencrypted_secret() - /// .key_handle(pkesk.recipient()) + /// .key_handles2(pkesk.recipient()) /// .for_storage_encryption().for_transport_encryption() /// { /// let mut pair = ka.key().clone().into_keypair().unwrap(); @@ -2956,6 +2957,13 @@ impl<'a, 'b> Encryptor2<'a, 'b> { ).into()); } + // XXX autodetect v6 + if ! self.recipients.is_empty() + && self.recipients.iter().all(|r| r.key.version() == 6) + { + self.aead_algo = Some(AEADAlgorithm::const_default()); + } + struct AEADParameters { algo: AEADAlgorithm, chunk_size: usize, @@ -2989,10 +2997,17 @@ impl<'a, 'b> Encryptor2<'a, 'b> { // Write the PKESK packet(s). for recipient in self.recipients.iter() { - let mut pkesk = - PKESK3::for_recipient(self.sym_algo, &sk, recipient.key)?; - pkesk.set_recipient(recipient.keyid.clone()); - Packet::PKESK(pkesk.into()).serialize(&mut inner)?; + if aead.is_some() { + let pkesk = + PKESK6::for_recipient(&sk, recipient.key)?; + // XXX: handle anonymous recipient/ different recipient fps + Packet::PKESK(pkesk.into()).serialize(&mut inner)?; + } else { + let mut pkesk = + PKESK3::for_recipient(self.sym_algo, &sk, recipient.key)?; + pkesk.set_recipient(recipient.keyid.clone()); + Packet::PKESK(pkesk.into()).serialize(&mut inner)?; + } } // Write the SKESK packet(s). @@ -3562,7 +3577,7 @@ mod test { #[derive(Debug, PartialEq)] enum State { Start, - Decrypted(Vec<(SymmetricAlgorithm, SessionKey)>), + Decrypted(Vec<(Option<SymmetricAlgorithm>, SessionKey)>), Deciphered, MDC, Done, @@ -3726,7 +3741,7 @@ mod test { fn decrypt<D>(&mut self, pkesks: &[PKESK], _skesks: &[SKESK], sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> Result<Option<crate::Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool + where D: FnMut(Option<SymmetricAlgorithm>, &SessionKey) -> bool { let mut keypair = self.tsk.keys().with_policy(self.policy, None) .for_transport_encryption() @@ -4157,7 +4172,7 @@ mod test { fn decrypt<D>(&mut self, _: &[PKESK], skesks: &[SKESK], _sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> Result<Option<crate::Fingerprint>> - where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool + where D: FnMut(Option<SymmetricAlgorithm>, &SessionKey) -> bool { skesks[0].decrypt(&"совершенно секретно".into()) .map(|(algo, session_key)| decrypt(algo, &session_key))?; @@ -4255,6 +4270,9 @@ mod test { "brainpoolP256r1", "brainpoolP384r1", "brainpoolP512r1", "secp256k1", ].iter().map(|alg| format!("messages/encrypted/{}.sec.pgp", alg)) + .chain(vec![ + "crypto-refresh/v6-minimal-secret.key".into(), + ].into_iter()) { eprintln!("Test vector {:?}...", path); let key = Cert::from_bytes(crate::tests::file(&path))?; |