Use Entitiy.EncryptionKey instead of reimplementing it

This fixes us sometimes using subkeys whose key flags allow
encryption but don't have a valid algorithm for encryption,
or that are expired, etc.

crypto/key.go

@@ -8,7 +8,6 @@ import (
 	"fmt"
 	"math/big"
 	"strings"
-	"time"
 
 	"github.com/ProtonMail/gopenpgp/armor"
 	"github.com/ProtonMail/gopenpgp/constants"
@@ -25,46 +24,10 @@ func (pgp *GopenPGP) IsKeyExpired(publicKey []byte) (bool, error) {
 	if err != nil {
 		return true, err
 	}
-	candidateSubkey := -1
 	for _, e := range pubKeyEntries {
-		var maxTime time.Time
+		if _, ok := e.EncryptionKey(now); ok {
-		for i, subkey := range e.Subkeys {
-			if subkey.Sig.FlagsValid &&
-				subkey.Sig.FlagEncryptCommunications &&
-				subkey.PublicKey.PubKeyAlgo.CanEncrypt() &&
-				!subkey.PublicKey.KeyExpired(subkey.Sig, now) &&
-				(maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) {
-				candidateSubkey = i
-				maxTime = subkey.Sig.CreationTime
-			}
-		}
-
-		if candidateSubkey != -1 {
 			return false, nil
 		}
-
-		// If we don't have any candidate subkeys for encryption and
-		// the primary key doesn't have any usage metadata then we
-		// assume that the primary key is ok. Or, if the primary key is
-		// marked as ok to encrypt to, then we can obviously use it.
-		var firstIdentity *openpgp.Identity
-		for _, ident := range e.Identities {
-			if firstIdentity == nil {
-				firstIdentity = ident
-			}
-			if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId {
-				firstIdentity = ident
-				break
-			}
-		}
-		if firstIdentity != nil {
-			i := firstIdentity
-			if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagEncryptCommunications &&
-				e.PrimaryKey.PubKeyAlgo.CanEncrypt() &&
-				!e.PrimaryKey.KeyExpired(i.SelfSignature, now) {
-				return false, nil
-			}
-		}
 	}
 	return true, errors.New("keys expired")
 }

crypto/session.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"io"
 
-	"golang.org/x/crypto/openpgp"
 	"golang.org/x/crypto/openpgp/packet"
 )
 
@@ -70,22 +69,8 @@ func (keyRing *KeyRing) EncryptSessionKey(sessionSplit *SymmetricKey) ([]byte, e
 
 	var pub *packet.PublicKey
 	for _, e := range keyRing.GetEntities() {
-		for _, subKey := range e.Subkeys {
+		if encryptionKey, ok := e.EncryptionKey(pgp.getNow()); ok {
-			if !subKey.Sig.FlagsValid || subKey.Sig.FlagEncryptStorage || subKey.Sig.FlagEncryptCommunications {
+			pub = encryptionKey.PublicKey
-				pub = subKey.PublicKey
-				break
-			}
-		}
-		if pub == nil && len(e.Identities) > 0 {
-			var i *openpgp.Identity
-			for _, i = range e.Identities {
-				break
-			}
-			if i.SelfSignature.FlagsValid || i.SelfSignature.FlagEncryptStorage || i.SelfSignature.FlagEncryptCommunications {
-				pub = e.PrimaryKey
-			}
-		}
-		if pub != nil {
 			break
 		}
 	}

go.mod

@@ -8,4 +8,4 @@ require (
 	golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f
 )
 
-replace golang.org/x/crypto => github.com/ProtonMail/crypto v0.0.0-20190427044656-efb430e751f2
+replace golang.org/x/crypto => github.com/ProtonMail/crypto v0.0.0-20190604143603-d3d8a14a4d4f

go.sum

@@ -1,5 +1,5 @@
-github.com/ProtonMail/crypto v0.0.0-20190427044656-efb430e751f2 h1:AKtmaNbSAHE/YsFKiizxHLwTizqGYZXuOaAe15Qy8SE=
+github.com/ProtonMail/crypto v0.0.0-20190604143603-d3d8a14a4d4f h1:cFhATQTJGK2iZ0dc+jRhr75mh6bsc5Ug6NliaBya8Kw=
-github.com/ProtonMail/crypto v0.0.0-20190427044656-efb430e751f2/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+github.com/ProtonMail/crypto v0.0.0-20190604143603-d3d8a14a4d4f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 github.com/ProtonMail/go-mime v0.0.0-20190521135552-09454e3dbe72 h1:hGCc4Oc2fD3I5mNnZ1VlREncVc9EXJF8dxW3sw16gWM=
 github.com/ProtonMail/go-mime v0.0.0-20190521135552-09454e3dbe72/go.mod h1:NYt+V3/4rEeDuaev/zw1zCq8uqVEuPHzDPo3OZrlGJ4=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=