Use fingerprints instead of KeyIDs

Author: wussler

openpgp/forwarding.go

@@ -11,20 +11,13 @@ import (
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
 
-// ForwardingInstance represents a single forwarding instance (mapping IDs to a Proxy Param)
-type ForwardingInstance struct {
-	ForwarderKeyId uint64
-	ForwardeeKeyId uint64
-	ProxyParameter []byte
-}
-
 // NewForwardingEntity generates a new forwardee key and derives the proxy parameters from the entity e.
 // If strict, it will return an error if encryption-capable non-revoked subkeys with a wrong algorithm are found,
 // instead of ignoring them
 func (e *Entity) NewForwardingEntity(
 	name, comment, email string, config *packet.Config, strict bool,
 ) (
-	forwardeeKey *Entity, instances []ForwardingInstance, err error,
+	forwardeeKey *Entity, instances []packet.ForwardingInstance, err error,
 ) {
 	if e.PrimaryKey.Version != 4 {
 		return nil, nil, errors.InvalidArgumentError("unsupported key version")
@@ -64,7 +57,7 @@ func (e *Entity) NewForwardingEntity(
 	}
 
 	// Init empty instances
-	instances = []ForwardingInstance{}
+	instances = []packet.ForwardingInstance{}
 
 	// Handle all forwarder subkeys
 	for _, forwarderSubKey := range e.Subkeys {
@@ -105,8 +98,9 @@ func (e *Entity) NewForwardingEntity(
 			return nil, nil, goerrors.New("wrong forwarding sub key generation")
 		}
 
-		instance := ForwardingInstance{
-			ForwarderKeyId: forwarderSubKey.PublicKey.KeyId,
+		instance := packet.ForwardingInstance{
+			KeyVersion: 4,
+			ForwarderFingerprint: forwarderSubKey.PublicKey.Fingerprint,
 		}
 
 		instance.ProxyParameter, err = ecdh.DeriveProxyParam(forwarderEcdhKey, forwardeeEcdhKey)
@@ -135,8 +129,8 @@ func (e *Entity) NewForwardingEntity(
 			return nil, nil, err
 		}
 
-		// Set ID after changing the KDF
-		instance.ForwardeeKeyId = forwardeeSubKey.PublicKey.KeyId
+		// Extract fingerprint after changing the KDF
+		instance.ForwardeeFingerprint = forwardeeSubKey.PublicKey.Fingerprint
 
 		// 0x04 - This key may be used to encrypt communications.
 		forwardeeSubKey.Sig.FlagEncryptCommunications = false

openpgp/forwarding_test.go

@@ -89,12 +89,12 @@ func TestForwardingFull(t *testing.T) {
 		t.Fatalf("invalid number of instances, expected 1 got %d", len(instances))
 	}
 
-	if instances[0].ForwarderKeyId != bobEntity.Subkeys[0].PublicKey.KeyId {
-		t.Fatalf("invalid forwarder key ID, expected: %x, got: %x", bobEntity.Subkeys[0].PublicKey.KeyId, instances[0].ForwarderKeyId)
+	if bytes.Compare(instances[0].ForwarderFingerprint, bobEntity.Subkeys[0].PublicKey.Fingerprint) != 0 {
+		t.Fatalf("invalid forwarder key ID, expected: %x, got: %x", bobEntity.Subkeys[0].PublicKey.Fingerprint, instances[0].ForwarderFingerprint)
 	}
 
-	if instances[0].ForwardeeKeyId != charlesEntity.Subkeys[0].PublicKey.KeyId {
-		t.Fatalf("invalid forwardee key ID, expected: %x, got: %x", charlesEntity.Subkeys[0].PublicKey.KeyId, instances[0].ForwardeeKeyId)
+	if bytes.Compare(instances[0].ForwardeeFingerprint, charlesEntity.Subkeys[0].PublicKey.Fingerprint) != 0 {
+		t.Fatalf("invalid forwardee key ID, expected: %x, got: %x", charlesEntity.Subkeys[0].PublicKey.Fingerprint, instances[0].ForwardeeFingerprint)
 	}
 
 	// Encrypt message
@@ -166,7 +166,7 @@ func TestForwardingFull(t *testing.T) {
 	}
 }
 
-func transformTestMessage(t *testing.T, encrypted []byte, instance ForwardingInstance) []byte {
+func transformTestMessage(t *testing.T, encrypted []byte, instance packet.ForwardingInstance) []byte {
 	bytesReader := bytes.NewReader(encrypted)
 	packets := packet.NewReader(bytesReader)
 	splitPoint := int64(0)
@@ -183,11 +183,7 @@ Loop:
 		}
 		switch p := p.(type) {
 		case *packet.EncryptedKey:
-			tp, err := p.ProxyTransform(
-				instance.ProxyParameter,
-				instance.ForwarderKeyId,
-				instance.ForwardeeKeyId,
-			)
+			tp, err := p.ProxyTransform(instance)
 			if err != nil {
 				t.Fatalf("error transforming PKESK: %s", err)
 			}

openpgp/packet/encrypted_key.go

@@ -458,17 +458,17 @@ func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFu
 	return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, config.AEAD() != nil, key, hidden, config)
 }
 
-func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) (transformed *EncryptedKey, err error) {
+func (e *EncryptedKey) ProxyTransform(instance ForwardingInstance) (transformed *EncryptedKey, err error) {
 	if e.Algo != PubKeyAlgoECDH {
 		return nil, errors.InvalidArgumentError("invalid PKESK")
 	}
 
-	if e.KeyId != 0 && e.KeyId != forwarderKeyId {
+	if e.KeyId != 0 && e.KeyId != instance.GetForwarderKeyId() {
 		return nil, errors.InvalidArgumentError("invalid key id in PKESK")
 	}
 
 	ephemeral := e.encryptedMPI1.Bytes()
-	transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, proxyParam)
+	transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, instance.ProxyParameter)
 	if err != nil {
 		return nil, err
 	}
@@ -478,16 +478,12 @@ func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forward
 	copy(copiedWrappedKey, wrappedKey)
 
 	transformed = &EncryptedKey{
-		KeyId:         forwardeeKeyId,
-		Algo:          e.Algo,
+		KeyId: instance.getForwardeeKeyIdOrZero(e.KeyId),
+		Algo: e.Algo,
 		encryptedMPI1: encoding.NewMPI(transformedEphemeral),
 		encryptedMPI2: encoding.NewOID(copiedWrappedKey),
 	}
 
-	if e.KeyId == 0 {
-		e.KeyId = 0
-	}
-
 	return transformed, nil
 }
 
@@ -636,27 +632,60 @@ func serializeEncryptedKeyAEAD(w io.Writer, rand io.Reader, header [10]byte, pub
 	return err
 }
 
+<<<<<<< HEAD
 func checksumKeyMaterial(key []byte) uint16 {
 	var checksum uint16
 	for _, v := range key {
 		checksum += uint16(v)
+=======
+func (e *EncryptedKey) ProxyTransform(instance ForwardingInstance) (transformed *EncryptedKey, err error) {
+	if e.Algo != PubKeyAlgoECDH {
+		return nil, errors.InvalidArgumentError("invalid PKESK")
+>>>>>>> edf1961 (Use fingerprints instead of KeyIDs)
 	}
 	return checksum
 }
 
+<<<<<<< HEAD
 func decodeChecksumKey(msg []byte) (key []byte, err error) {
 	key = msg[:len(msg)-2]
 	expectedChecksum := uint16(msg[len(msg)-2])<<8 | uint16(msg[len(msg)-1])
 	checksum := checksumKeyMaterial(key)
 	if checksum != expectedChecksum {
 		err = errors.StructuralError("session key checksum is incorrect")
+=======
+	if e.KeyId != 0 && e.KeyId != instance.GetForwarderKeyId() {
+		return nil, errors.InvalidArgumentError("invalid key id in PKESK")
+>>>>>>> edf1961 (Use fingerprints instead of KeyIDs)
 	}
 	return
 }
 
+<<<<<<< HEAD
 func encodeChecksumKey(buffer []byte, key []byte) {
 	copy(buffer, key)
 	checksum := checksumKeyMaterial(key)
 	buffer[len(key)] = byte(checksum >> 8)
 	buffer[len(key)+1] = byte(checksum)
 }
+=======
+	ephemeral := e.encryptedMPI1.Bytes()
+	transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, instance.ProxyParameter)
+	if err != nil {
+		return nil, err
+	}
+
+	wrappedKey := e.encryptedMPI2.Bytes()
+	copiedWrappedKey := make([]byte, len(wrappedKey))
+	copy(copiedWrappedKey, wrappedKey)
+
+	transformed = &EncryptedKey{
+		KeyId: instance.getForwardeeKeyIdOrZero(e.KeyId),
+		Algo: e.Algo,
+		encryptedMPI1: encoding.NewMPI(transformedEphemeral),
+		encryptedMPI2: encoding.NewOID(copiedWrappedKey),
+	}
+
+	return transformed, nil
+}
+>>>>>>> edf1961 (Use fingerprints instead of KeyIDs)

openpgp/packet/forwarding.go

@@ -0,0 +1,36 @@
+package packet
+
+import "encoding/binary"
+
+// ForwardingInstance represents a single forwarding instance (mapping IDs to a Proxy Param)
+type ForwardingInstance struct {
+	KeyVersion int
+	ForwarderFingerprint []byte
+	ForwardeeFingerprint []byte
+	ProxyParameter       []byte
+}
+
+func (f *ForwardingInstance) GetForwarderKeyId() uint64 {
+	return computeForwardingKeyId(f.ForwarderFingerprint, f.KeyVersion)
+}
+
+func (f *ForwardingInstance) GetForwardeeKeyId() uint64 {
+	return computeForwardingKeyId(f.ForwardeeFingerprint, f.KeyVersion)
+}
+
+func (f *ForwardingInstance) getForwardeeKeyIdOrZero(originalKeyId uint64) uint64 {
+	if originalKeyId == 0 {
+		return 0
+	}
+
+	return f.GetForwardeeKeyId()
+}
+
+func computeForwardingKeyId(fingerprint []byte, version int) uint64 {
+	switch version {
+	case 4:
+		return binary.BigEndian.Uint64(fingerprint[12:20])
+	default:
+		panic("invalid pgp key version")
+	}
+}