diff --git a/profile/preset.go b/profile/preset.go index bab552f8..21c77141 100644 --- a/profile/preset.go +++ b/profile/preset.go @@ -11,24 +11,7 @@ import ( // Default returns a custom profile that support features // that are widely implemented. func Default() *Custom { - setKeyAlgorithm := func(cfg *packet.Config, securityLevel int8) { - cfg.Algorithm = packet.PubKeyAlgoEdDSA - switch securityLevel { - case constants.HighSecurity: - cfg.Curve = packet.Curve25519 - default: - cfg.Curve = packet.Curve25519 - } - } - return &Custom{ - SetKeyAlgorithm: setKeyAlgorithm, - Hash: crypto.SHA256, - CipherEncryption: packet.CipherAES256, - CompressionAlgorithm: packet.CompressionZLIB, - CompressionConfiguration: &packet.CompressionConfig{ - Level: 6, - }, - } + return ProtonV1() } // RFC4880 returns a custom profile for this library @@ -142,3 +125,34 @@ func Symmetric() *Custom { V6: true, } } + +// ProtonV1 is the version 1 profile used in proton clients. +func ProtonV1() *Custom { + setKeyAlgorithm := func(cfg *packet.Config, securityLevel int8) { + cfg.Algorithm = packet.PubKeyAlgoEdDSA + switch securityLevel { + case constants.HighSecurity: + cfg.Curve = packet.Curve25519 + default: + cfg.Curve = packet.Curve25519 + } + } + return &Custom{ + SetKeyAlgorithm: setKeyAlgorithm, + Hash: crypto.SHA512, + CipherEncryption: packet.CipherAES256, + CipherKeyEncryption: packet.CipherAES256, + CompressionAlgorithm: packet.CompressionZLIB, + CompressionConfiguration: &packet.CompressionConfig{ + Level: 6, + }, + S2kKeyEncryption: &s2k.Config{ + S2KMode: s2k.IteratedSaltedS2K, + Hash: crypto.SHA256, + S2KCount: 65536, + }, + DisableIntendedRecipients: true, + AllowAllPublicKeyAlgorithms: true, + AllowWeakRSA: true, + } +} diff --git a/profile/profile.go b/profile/profile.go index c2e88c14..87f920bf 100644 --- a/profile/profile.go +++ b/profile/profile.go @@ -24,7 +24,12 @@ type Custom struct { // S2kKeyEncryption defines the s2k algorithm for key encryption. S2kKeyEncryption *s2k.Config // AeadEncryption defines the aead encryption algorithm for pgp encryption. + // If nil, aead is disabled even if the key supports it. AeadEncryption *packet.AEADConfig + // KeyGenAeadEncryption defines if the output key in key generation + // advertises SEIPDv2 and aead algorithms in its key preferences. + // If nil, uses AeadEncryption as key preferences. + KeyGenAeadEncryption *packet.AEADConfig // S2kEncryption defines the s2k algorithm for pgp encryption. S2kEncryption *s2k.Config // CompressionConfiguration defines the compression configuration to be used if any. @@ -54,10 +59,14 @@ type Custom struct { // KeyGenerationProfile, KeyEncryptionProfile, EncryptionProfile, and SignProfile func (p *Custom) KeyGenerationConfig(securityLevel int8) *packet.Config { + aeadConfig := p.AeadEncryption + if p.KeyGenAeadEncryption != nil { + aeadConfig = p.KeyGenAeadEncryption + } cfg := &packet.Config{ DefaultHash: p.Hash, DefaultCipher: p.CipherEncryption, - AEADConfig: p.AeadEncryption, + AEADConfig: aeadConfig, DefaultCompressionAlgo: p.CompressionAlgorithm, CompressionConfig: p.CompressionConfiguration, V6Keys: p.V6,