Add support for the crypto refresh in v2 (#265)

This commit adds support for the OpenPGP crypto-refresh.
- Updates go-crypto dependency to v1.1.0-alpha.1
- Adapts the session key logic to handle PKESK/SKESK v6 packets without an algorithm attached
- Updates the min go version to 1.17 as requires by  go-crypto v1.1.0-alpha.1
- Update the cricl dependency to 1.3.7 matching go-crypto
Not supported:
- crypto-refresh intended recipients
- v6 key generation

crypto/key_clear.go

@@ -8,8 +8,12 @@ import (
 
 	"github.com/ProtonMail/go-crypto/openpgp/ecdh"
 	"github.com/ProtonMail/go-crypto/openpgp/ecdsa"
+	"github.com/ProtonMail/go-crypto/openpgp/ed25519"
+	"github.com/ProtonMail/go-crypto/openpgp/ed448"
 	"github.com/ProtonMail/go-crypto/openpgp/eddsa"
 	"github.com/ProtonMail/go-crypto/openpgp/elgamal"
+	"github.com/ProtonMail/go-crypto/openpgp/x25519"
+	"github.com/ProtonMail/go-crypto/openpgp/x448"
 )
 
 func (sk *SessionKey) Clear() (ok bool) {
@@ -61,6 +65,14 @@ func clearPrivateKey(privateKey interface{}) error {
 		return clearEdDSAPrivateKey(priv)
 	case *ecdh.PrivateKey:
 		return clearECDHPrivateKey(priv)
+	case *x25519.PrivateKey:
+		return clearX25519PrivateKey(priv)
+	case *ed25519.PrivateKey:
+		return clearEd25519PrivateKey(priv)
+	case *x448.PrivateKey:
+		return clearX448PrivateKey(priv)
+	case *ed448.PrivateKey:
+		return clearEd448PrivateKey(priv)
 	default:
 		return errors.New("gopenpgp: unknown private key")
 	}
@@ -126,3 +138,27 @@ func clearECDHPrivateKey(priv *ecdh.PrivateKey) error {
 
 	return nil
 }
+
+func clearX25519PrivateKey(priv *x25519.PrivateKey) error {
+	clearMem(priv.Secret)
+
+	return nil
+}
+
+func clearEd25519PrivateKey(priv *ed25519.PrivateKey) error {
+	clearMem(priv.Key[:ed25519.SeedSize])
+
+	return nil
+}
+
+func clearX448PrivateKey(priv *x448.PrivateKey) error {
+	clearMem(priv.Secret)
+
+	return nil
+}
+
+func clearEd448PrivateKey(priv *ed448.PrivateKey) error {
+	clearMem(priv.Key[:ed448.SeedSize])
+
+	return nil
+}

crypto/password.go

@@ -57,6 +57,7 @@ func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, err
 			key, cipherFunc, err := s.Decrypt(password)
 			if err == nil {
 				sk := &SessionKey{
+					V6:   s.Version == 6,
 					Key:  key,
 					Algo: getAlgo(cipherFunc),
 				}

crypto/sessionkey.go

@@ -17,6 +17,7 @@ import (
 
 // SessionKey stores a decrypted session key.
 type SessionKey struct {
+	V6 bool
 	// The decrypted binary session key.
 	Key []byte
 	// The symmetric encryption algorithm used with this key.
@@ -57,6 +58,9 @@ func (cr checkReader) Read(buf []byte) (int, error) {
 // GetCipherFunc returns the cipher function corresponding to the algorithm used
 // with this SessionKey.
 func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error) {
+	if sk.V6 {
+		return 0, nil
+	}
 	cf, ok := symKeyAlgos[sk.Algo]
 	if !ok {
 		return cf, errors.New("gopenpgp: unsupported cipher function: " + sk.Algo)
@@ -107,6 +111,7 @@ func NewSessionKeyFromToken(token []byte, algo string) *SessionKey {
 	return &SessionKey{
 		Key:  clone(token),
 		Algo: algo,
+		V6:   algo == "",
 	}
 }
 
@@ -118,13 +123,14 @@ func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
 			break
 		}
 	}
-	if algo == "" {
+	if algo == "" && ek.Version < 6 {
 		return nil, fmt.Errorf("gopenpgp: unsupported cipher function: %v", ek.CipherFunc)
 	}
 
 	sk := &SessionKey{
 		Key:  ek.Key,
 		Algo: algo,
+		V6:   ek.Version == 6,
 	}
 
 	if err := sk.checkSize(); err != nil {
@@ -455,6 +461,12 @@ func decryptStreamWithSessionKey(
 }
 
 func (sk *SessionKey) checkSize() error {
+	if sk.V6 {
+		if len(sk.Key) == 0 {
+			return errors.New("empty session key")
+		}
+		return nil
+	}
 	cf, ok := symKeyAlgos[sk.Algo]
 	if !ok {
 		return errors.New("unknown symmetric key algorithm")
@@ -468,6 +480,9 @@ func (sk *SessionKey) checkSize() error {
 }
 
 func getAlgo(cipher packet.CipherFunction) string {
+	if cipher == 0 {
+		return ""
+	}
 	algo := constants.AES256
 	for k, v := range symKeyAlgos {
 		if v == cipher {