Skip to content

openpgp: PrivateKey.SerializeEncrypted: make use of Config variable #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mrabe89 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

openpgp: PrivateKey.SerializeEncrypted: make use of Config variable #8

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 21 additions & 8 deletions openpgp/packet/private_key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,13 +243,27 @@ encryption | Iterated and salted string-to-key(s2k 3):
*/

func (pk *PrivateKey) SerializeEncrypted(w io.Writer, config *Config) (err error) {
cipher := CipherAES128 // TODO: don't hardcode, get from Config?
cipher := CipherAES128
hash := crypto.SHA256
password := config.SerializePrivatePassword
count := s2k.S2KCountMax

if config != nil && config.DefaultCipher != 0 {
cipher = config.DefaultCipher
}

if config != nil && config.DefaultHash != 0 {
hash = config.DefaultHash
}

if password == "" {
return errors.InvalidArgumentError("SerializeEncrypted called with empty config.SerializePrivatePassword")
}

if config != nil && config.S2KCount >= s2k.S2KCountMin && config.S2KCount <= s2k.S2KCountMax {
count = config.S2KCount
}

publicKeyBytes, err := getPublicKeyBytes(pk)
if err != nil {
return
Expand All @@ -265,6 +279,10 @@ func (pk *PrivateKey) SerializeEncrypted(w io.Writer, config *Config) (err error
encryptionHeaderBytes, symmetricKey, err := getS2KHeaderAndSymmetricKey(
[]byte(password),
cipher,
&s2k.Config{
S2KCount: count,
Hash: hash,
},
)
if err != nil {
return
Expand Down Expand Up @@ -375,7 +393,7 @@ func symmetricEncrypt(
return ciphertext, nil
}

func getS2KHeaderAndSymmetricKey(password []byte, cipherFunc CipherFunction) (header []byte, symmetricKey []byte, err error) {
func getS2KHeaderAndSymmetricKey(password []byte, cipherFunc CipherFunction, config *s2k.Config) (header []byte, symmetricKey []byte, err error) {
rand := rand.Reader // TODO: use config.Random() or pass in rand

keySize := cipherFunc.KeySize()
Expand All @@ -387,11 +405,6 @@ func getS2KHeaderAndSymmetricKey(password []byte, cipherFunc CipherFunction) (he
s2kBuf := new(bytes.Buffer)
passwordDerivedKey := make([]byte, keySize)

config := s2k.Config{
S2KCount: s2k.S2KCountMax,
Hash: crypto.SHA256,
}

// s2k.Serialize salts and stretches the passphrase, and writes the
// resulting key to passwordDerivedKey and the s2k descriptor to s2kBuf.

Expand All @@ -400,7 +413,7 @@ func getS2KHeaderAndSymmetricKey(password []byte, cipherFunc CipherFunction) (he
passwordDerivedKey,
rand,
password,
&config,
config,
)
if err != nil {
return
Expand Down