Skip to content

Commit c38aca0

Browse files
wusslerlubux
wussler
authored and
lubux
committed
Create a copy of the encrypted key when forwarding
1 parent b77643d commit c38aca0

File tree

2 files changed

+21
-11
lines changed

2 files changed

+21
-11
lines changed

openpgp/forwarding_test.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ Loop:
183183
}
184184
switch p := p.(type) {
185185
case *packet.EncryptedKey:
186-
err = p.ProxyTransform(
186+
tp, err := p.ProxyTransform(
187187
instance.ProxyParameter,
188188
instance.ForwarderKeyId,
189189
instance.ForwardeeKeyId,
@@ -194,7 +194,7 @@ Loop:
194194

195195
splitPoint = bytesReader.Size() - int64(bytesReader.Len())
196196

197-
err = p.Serialize(transformedEncryptedKey)
197+
err = tp.Serialize(transformedEncryptedKey)
198198
if err != nil {
199199
t.Fatalf("error serializing transformed PKESK: %s", err)
200200
}

openpgp/packet/encrypted_key.go

+19-9
Original file line numberDiff line numberDiff line change
@@ -463,27 +463,37 @@ func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFu
463463
return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, config.AEAD() != nil, key, hidden, config)
464464
}
465465

466-
func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) error {
466+
func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) (transformed *EncryptedKey, err error) {
467467
if e.Algo != PubKeyAlgoECDH {
468-
return errors.InvalidArgumentError("invalid PKESK")
468+
return nil, errors.InvalidArgumentError("invalid PKESK")
469469
}
470470

471471
if e.KeyId != 0 && e.KeyId != forwarderKeyId {
472-
return errors.InvalidArgumentError("invalid key id in PKESK")
472+
return nil, errors.InvalidArgumentError("invalid key id in PKESK")
473473
}
474474

475475
ephemeral := e.encryptedMPI1.Bytes()
476-
transformed, err := ecdh.ProxyTransform(ephemeral, proxyParam)
476+
transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, proxyParam)
477477
if err != nil {
478-
return err
478+
return nil, err
479479
}
480480

481-
e.encryptedMPI1 = encoding.NewMPI(transformed)
482-
if e.KeyId != 0 {
483-
e.KeyId = forwardeeKeyId
481+
wrappedKey := e.encryptedMPI2.Bytes()
482+
copiedWrappedKey := make([]byte, len(wrappedKey))
483+
copy(copiedWrappedKey, wrappedKey)
484+
485+
transformed = &EncryptedKey{
486+
KeyId: forwardeeKeyId,
487+
Algo: e.Algo,
488+
encryptedMPI1: encoding.NewMPI(transformedEphemeral),
489+
encryptedMPI2: encoding.NewOID(copiedWrappedKey),
484490
}
485491

486-
return nil
492+
if e.KeyId == 0 {
493+
e.KeyId = 0
494+
}
495+
496+
return transformed, nil
487497
}
488498

489499
func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header []byte, pub *rsa.PublicKey, keyBlock []byte) error {

0 commit comments

Comments
 (0)