Add SerializeSymmetricKeyEncryptedAEADReuseKey

Allow explicitly indicating whether AEAD is supported when creating
an SKESK packet, instead of looking at config.AEAD().

The config is no longer reliable, and we shouldn't mix SKESKv3 and
SEIPDv2, for example.

Author: twiss

Diff for: openpgp/packet/symmetric_key_encrypted.go

@@ -196,8 +196,17 @@ func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Conf
 // SerializeSymmetricallyEncrypted.
 // If config is nil, sensible defaults will be used.
 func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, config *Config) (err error) {
+	return SerializeSymmetricKeyEncryptedAEADReuseKey(w, sessionKey, passphrase, config.AEAD() != nil, config)
+}
+
+// SerializeSymmetricKeyEncryptedAEADReuseKey serializes a symmetric key packet to w.
+// The packet contains the given session key, encrypted by a key derived from
+// the given passphrase. The returned session key must be passed to
+// SerializeSymmetricallyEncrypted.
+// If config is nil, sensible defaults will be used.
+func SerializeSymmetricKeyEncryptedAEADReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, aeadSupported bool, config *Config) (err error) {
 	var version int
-	if config.AEAD() != nil {
+	if aeadSupported {
 		version = 6
 	} else {
 		version = 4

Diff for: openpgp/v2/write.go

@@ -691,7 +691,7 @@ func encrypt(
 	}
 
 	for _, password := range params.Passwords {
-		if err = packet.SerializeSymmetricKeyEncryptedReuseKey(params.KeyWriter, params.SessionKey, password, params.Config); err != nil {
+		if err = packet.SerializeSymmetricKeyEncryptedAEADReuseKey(params.KeyWriter, params.SessionKey, password, aeadSupported, params.Config); err != nil {
 			return nil, err
 		}
 	}