From 1f4d966115b4a7292f59b6dbbf4a6cc7666f7218 Mon Sep 17 00:00:00 2001
From: Ilya Chesnokov <ilya.chesnokov@protonmail.com>
Date: Mon, 31 Aug 2020 13:42:06 +0300
Subject: [PATCH] use aes256 for password encryption (#75)

---
 CHANGELOG.md           |  1 +
 crypto/message_test.go | 19 +++++++++++++++++++
 crypto/password.go     |  3 ++-
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97ea6f2..53fe77d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,6 +41,7 @@ DecryptBinaryMessageArmored(privateKey string, passphrase []byte, ciphertext str
 - Improved key and message armoring testing
 - `EncryptSessionKey` now creates encrypted key packets for each valid encryption key in the provided keyring. 
     Returns a byte slice with all the concatenated key packets.
+- Use aes256 chiper for message encryption with password.
 
 ### Fixed
 - Public key armoring headers
diff --git a/crypto/message_test.go b/crypto/message_test.go
index e3cf53a..32c752b 100644
--- a/crypto/message_test.go
+++ b/crypto/message_test.go
@@ -3,6 +3,7 @@ package crypto
 import (
 	"bytes"
 	"encoding/base64"
+	"io"
 	"testing"
 	"time"
 
@@ -18,6 +19,24 @@ func TestTextMessageEncryptionWithPassword(t *testing.T) {
 	if err != nil {
 		t.Fatal("Expected no error when encrypting, got:", err)
 	}
+	packets := packet.NewReader(bytes.NewReader(encrypted.GetBinary()))
+	var foundSk bool
+	for {
+		var p packet.Packet
+		var errEOF error
+		if p, errEOF = packets.Next(); errEOF == io.EOF {
+			break
+		}
+		sessionKey, ok := p.(*packet.SymmetricKeyEncrypted)
+		if ok {
+			assert.Equal(t, sessionKey.CipherFunc, packet.CipherAES256)
+			foundSk = true
+			break
+		}
+	}
+	if !foundSk {
+		t.Fatal("Expect to found encrypted session key")
+	}
 	// Decrypt data with wrong password
 	_, err = DecryptMessageWithPassword(encrypted, []byte("Wrong password"))
 	assert.NotNil(t, err)
diff --git a/crypto/password.go b/crypto/password.go
index 051e031..7c63f1e 100644
--- a/crypto/password.go
+++ b/crypto/password.go
@@ -114,7 +114,8 @@ func passwordEncrypt(message []byte, password []byte, isBinary bool) ([]byte, er
 	var outBuf bytes.Buffer
 
 	config := &packet.Config{
-		Time: getTimeGenerator(),
+		DefaultCipher: packet.CipherAES256,
+		Time:          getTimeGenerator(),
 	}
 
 	hints := &openpgp.FileHints{IsBinary: isBinary}