WIP: Add compression to API (#91)

* Add compression to API * Add docs * Use defaults for a simpler interface * Update x/crypto * Fix ecdsa key types for lib update
2020-11-04 17:40:45 +01:00 · 2020-11-04 17:40:45 +01:00 · 371d429001
commit 371d429001
parent 9503b68f0c
13 changed files with 177 additions and 31 deletions
--- a/crypto/base_test.go
+++ b/crypto/base_test.go
@ -63,8 +63,8 @@ func assertRSACleared(t *testing.T, rsaPriv *rsa.PrivateKey) {
 	}
 }

-func assertEdDSACleared(t *testing.T, priv ed25519.PrivateKey) {
-	assertMemCleared(t, priv)
+func assertEdDSACleared(t *testing.T, priv *ed25519.PrivateKey) {
+	assertMemCleared(t, *priv)
 }

 func assertECDHCleared(t *testing.T, priv *ecdh.PrivateKey) {
--- a/crypto/key.go
+++ b/crypto/key.go
@ -328,10 +328,10 @@ func (key *Key) Check() (bool, error) {
 func (key *Key) PrintFingerprints() {
 	for _, subKey := range key.entity.Subkeys {
 		if !subKey.Sig.FlagsValid || subKey.Sig.FlagEncryptStorage || subKey.Sig.FlagEncryptCommunications {
-			fmt.Println("SubKey:" + hex.EncodeToString(subKey.PublicKey.Fingerprint[:]))
+			fmt.Println("SubKey:" + hex.EncodeToString(subKey.PublicKey.Fingerprint))
 		}
 	}
-	fmt.Println("PrimaryKey:" + hex.EncodeToString(key.entity.PrimaryKey.Fingerprint[:]))
+	fmt.Println("PrimaryKey:" + hex.EncodeToString(key.entity.PrimaryKey.Fingerprint))
 }

 // GetHexKeyID returns the key ID, hex encoded as a string.
@ -346,7 +346,7 @@ func (key *Key) GetKeyID() uint64 {

 // GetFingerprint gets the fingerprint from the key.
 func (key *Key) GetFingerprint() string {
-	return hex.EncodeToString(key.entity.PrimaryKey.Fingerprint[:])
+	return hex.EncodeToString(key.entity.PrimaryKey.Fingerprint)
 }

 // GetSHA256Fingerprints computes the SHA256 fingerprints of the key and subkeys.
--- a/crypto/key_clear.go
+++ b/crypto/key_clear.go
@ -57,7 +57,7 @@ func clearPrivateKey(privateKey interface{}) error {
 		return clearElGamalPrivateKey(priv)
 	case *ecdsa.PrivateKey:
 		return clearECDSAPrivateKey(priv)
-	case ed25519.PrivateKey:
+	case *ed25519.PrivateKey:
 		return clearEdDSAPrivateKey(priv)
 	case *ecdh.PrivateKey:
 		return clearECDHPrivateKey(priv)
@ -115,8 +115,8 @@ func clearECDSAPrivateKey(priv *ecdsa.PrivateKey) error {
 	return nil
 }

-func clearEdDSAPrivateKey(priv ed25519.PrivateKey) error {
-	clearMem(priv)
+func clearEdDSAPrivateKey(priv *ed25519.PrivateKey) error {
+	clearMem(*priv)

 	return nil
 }
--- a/crypto/key_test.go
+++ b/crypto/key_test.go
@ -257,17 +257,21 @@ func TestFailCheckIntegrity(t *testing.T) {

 	k1.entity.PrivateKey.PrivateKey = k2.entity.PrivateKey.PrivateKey // Swap private keys

-	k3, err := k1.Copy()
+	isVerified, err := k1.Check()
 	if err != nil {
-		t.Fatal("Expected no error while locking keyring kr3, got:", err)
-	}
-
-	isVerified, err := k3.Check()
-	if err != nil {
-		t.Fatal("Expected no error while checking correct passphrase, got:", err)
+		t.Fatal("Expected no error while checking key, got:", err)
 	}

 	assert.Exactly(t, false, isVerified)
+
+	serialized, err := k1.Serialize()
+	if err != nil {
+		t.Fatal("Expected no error while serializing keyring kr3, got:", err)
+	}
+
+	_, err = NewKey(serialized)
+
+	assert.Error(t, err)
 }

 func TestGetPublicKey(t *testing.T) {
--- a/crypto/keyring_message.go
+++ b/crypto/keyring_message.go
@ -6,6 +6,7 @@ import (
 	"io"
 	"io/ioutil"

+	"github.com/ProtonMail/gopenpgp/v2/constants"
 	"github.com/pkg/errors"
 	"golang.org/x/crypto/openpgp"
 	"golang.org/x/crypto/openpgp/packet"
@ -16,7 +17,28 @@ import (
 // * message    : The plaintext input as a PlainMessage.
 // * privateKey : (optional) an unlocked private keyring to include signature in the message.
 func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error) {
-	encrypted, err := asymmetricEncrypt(message, keyRing, privateKey)
+	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: getTimeGenerator()}
+	encrypted, err := asymmetricEncrypt(message, keyRing, privateKey, config)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewPGPMessage(encrypted), nil
+}
+
+// EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys.
+// * message : The plain data as a PlainMessage.
+// * privateKey : (optional) an unlocked private keyring to include signature in the message.
+// * output  : The encrypted data as PGPMessage.
+func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error) {
+	config := &packet.Config{
+		DefaultCipher:          packet.CipherAES256,
+		Time:                   getTimeGenerator(),
+		DefaultCompressionAlgo: constants.DefaultCompression,
+		CompressionConfig:      &packet.CompressionConfig{Level: constants.DefaultCompressionLevel},
+	}
+
+	encrypted, err := asymmetricEncrypt(message, keyRing, privateKey, config)
 	if err != nil {
 		return nil, err
 	}
@ -68,7 +90,11 @@ func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSign
 // ------ INTERNAL FUNCTIONS -------

 // Core for encryption+signature functions.
-func asymmetricEncrypt(plainMessage *PlainMessage, publicKey, privateKey *KeyRing) ([]byte, error) {
+func asymmetricEncrypt(
+	plainMessage *PlainMessage,
+	publicKey, privateKey *KeyRing,
+	config *packet.Config,
+) ([]byte, error) {
 	var outBuf bytes.Buffer
 	var encryptWriter io.WriteCloser
 	var signEntity *openpgp.Entity
@ -82,8 +108,6 @@ func asymmetricEncrypt(plainMessage *PlainMessage, publicKey, privateKey *KeyRin
 		}
 	}

-	config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: getTimeGenerator()}
-
 	hints := &openpgp.FileHints{
 		IsBinary: plainMessage.IsBinary(),
 		FileName: plainMessage.Filename,
--- a/crypto/keyring_test.go
+++ b/crypto/keyring_test.go
@ -157,7 +157,7 @@ func TestClearPrivateKey(t *testing.T) {

 	keys := keyRingCopy.GetKeys()
 	assertRSACleared(t, keys[0].entity.PrivateKey.PrivateKey.(*rsa.PrivateKey))
-	assertEdDSACleared(t, keys[1].entity.PrivateKey.PrivateKey.(ed25519.PrivateKey))
+	assertEdDSACleared(t, keys[1].entity.PrivateKey.PrivateKey.(*ed25519.PrivateKey))
 	assertRSACleared(t, keys[2].entity.PrivateKey.PrivateKey.(*rsa.PrivateKey))
 }

@ -175,7 +175,7 @@ func TestClearPrivateWithSubkeys(t *testing.T) {
 	assertRSACleared(t, keys[0].entity.PrivateKey.PrivateKey.(*rsa.PrivateKey))
 	assertRSACleared(t, keys[0].entity.Subkeys[0].PrivateKey.PrivateKey.(*rsa.PrivateKey))

-	assertEdDSACleared(t, keys[1].entity.PrivateKey.PrivateKey.(ed25519.PrivateKey))
+	assertEdDSACleared(t, keys[1].entity.PrivateKey.PrivateKey.(*ed25519.PrivateKey))
 	assertECDHCleared(t, keys[1].entity.Subkeys[0].PrivateKey.PrivateKey.(*ecdh.PrivateKey))

 	assertRSACleared(t, keys[2].entity.PrivateKey.PrivateKey.(*rsa.PrivateKey))
--- a/crypto/message_test.go
+++ b/crypto/message_test.go
@ -87,6 +87,54 @@ func TestTextMixedMessageDecryptionWithPassword(t *testing.T) {
 }

 func TestTextMessageEncryption(t *testing.T) {
+	var message = NewPlainMessageFromString(
+		"The secret code is... 1, 2, 3, 4, 5. I repeat: the secret code is... 1, 2, 3, 4, 5",
+	)
+
+	ciphertext, err := keyRingTestPublic.Encrypt(message, nil)
+	if err != nil {
+		t.Fatal("Expected no error when encrypting, got:", err)
+	}
+
+	split, err := ciphertext.SeparateKeyAndData(1024, 0)
+	if err != nil {
+		t.Fatal("Expected no error when splitting, got:", err)
+	}
+
+	assert.Len(t, split.GetBinaryDataPacket(), 133) // Assert uncompressed encrypted body length
+
+	decrypted, err := keyRingTestPrivate.Decrypt(ciphertext, nil, 0)
+	if err != nil {
+		t.Fatal("Expected no error when decrypting, got:", err)
+	}
+	assert.Exactly(t, message.GetString(), decrypted.GetString())
+}
+
+func TestTextMessageEncryptionWithCompression(t *testing.T) {
+	var message = NewPlainMessageFromString(
+		"The secret code is... 1, 2, 3, 4, 5. I repeat: the secret code is... 1, 2, 3, 4, 5",
+	)
+
+	ciphertext, err := keyRingTestPublic.EncryptWithCompression(message, nil)
+	if err != nil {
+		t.Fatal("Expected no error when encrypting, got:", err)
+	}
+
+	split, err := ciphertext.SeparateKeyAndData(1024, 0)
+	if err != nil {
+		t.Fatal("Expected no error when splitting, got:", err)
+	}
+
+	assert.Len(t, split.GetBinaryDataPacket(), 117) // Assert uncompressed encrypted body length
+
+	decrypted, err := keyRingTestPrivate.Decrypt(ciphertext, nil, 0)
+	if err != nil {
+		t.Fatal("Expected no error when decrypting, got:", err)
+	}
+	assert.Exactly(t, message.GetString(), decrypted.GetString())
+}
+
+func TestTextMessageEncryptionWithSignature(t *testing.T) {
 	var message = NewPlainMessageFromString("plain text")

 	ciphertext, err := keyRingTestPublic.Encrypt(message, keyRingTestPrivate)
--- a/crypto/sessionkey.go
+++ b/crypto/sessionkey.go
@ -114,9 +114,6 @@ func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
 // * message : The plain data as a PlainMessage.
 // * output  : The encrypted data as PGPMessage.
 func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error) {
-	var encBuf bytes.Buffer
-	var encryptWriter io.WriteCloser
-
 	dc, err := sk.GetCipherFunc()
 	if err != nil {
 		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
@ -127,7 +124,33 @@ func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error) {
 		DefaultCipher: dc,
 	}

-	encryptWriter, err = packet.SerializeSymmetricallyEncrypted(&encBuf, config.Cipher(), sk.Key, config)
+	return encryptWithSessionKey(message, sk, config)
+}
+
+// EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey.
+// * message : The plain data as a PlainMessage.
+// * output  : The encrypted data as PGPMessage.
+func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error) {
+	dc, err := sk.GetCipherFunc()
+	if err != nil {
+		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
+	}
+
+	config := &packet.Config{
+		Time:                   getTimeGenerator(),
+		DefaultCipher:          dc,
+		DefaultCompressionAlgo: constants.DefaultCompression,
+		CompressionConfig:      &packet.CompressionConfig{Level: constants.DefaultCompressionLevel},
+	}
+
+	return encryptWithSessionKey(message, sk, config)
+}
+
+func encryptWithSessionKey(message *PlainMessage, sk *SessionKey, config *packet.Config) ([]byte, error) {
+	var encBuf bytes.Buffer
+	var encryptWriter io.WriteCloser
+
+	encryptWriter, err := packet.SerializeSymmetricallyEncrypted(&encBuf, config.Cipher(), sk.Key, config)
 	if err != nil {
 		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt")
 	}
--- a/crypto/sessionkey_test.go
+++ b/crypto/sessionkey_test.go
@ -101,13 +101,18 @@ func TestSymmetricKeyPacketWrongSize(t *testing.T) {
 }

 func TestDataPacketEncryption(t *testing.T) {
-	var message = NewPlainMessageFromString("The secret code is... 1, 2, 3, 4, 5")
+	var message = NewPlainMessageFromString(
+		"The secret code is... 1, 2, 3, 4, 5. I repeat: the secret code is... 1, 2, 3, 4, 5",
+	)

 	// Encrypt data with session key
 	dataPacket, err := testSessionKey.Encrypt(message)
 	if err != nil {
 		t.Fatal("Expected no error when encrypting, got:", err)
 	}
+
+	assert.Len(t, dataPacket, 133) // Assert uncompressed encrypted body length
+
 	// Decrypt data with wrong session key
 	wrongKey := SessionKey{
 		Key:  []byte("wrong pass"),
@ -184,3 +189,24 @@ func TestSessionKeyClear(t *testing.T) {
 	testSessionKey.Clear()
 	assertMemCleared(t, testSessionKey.Key)
 }
+
+func TestDataPacketEncryptionWithCompression(t *testing.T) {
+	var message = NewPlainMessageFromString(
+		"The secret code is... 1, 2, 3, 4, 5. I repeat: the secret code is... 1, 2, 3, 4, 5",
+	)
+
+	// Encrypt data with session key
+	dataPacket, err := testSessionKey.EncryptWithCompression(message)
+	if err != nil {
+		t.Fatal("Expected no error when encrypting, got:", err)
+	}
+
+	assert.Len(t, dataPacket, 117) // Assert compressed encrypted body length
+
+	// Decrypt data with the good session key
+	decrypted, err := testSessionKey.Decrypt(dataPacket)
+	if err != nil {
+		t.Fatal("Expected no error when decrypting, got:", err)
+	}
+	assert.Exactly(t, message.GetString(), decrypted.GetString())
+}