Skip to content

Commit

Permalink
feat: Add a preset proton profile and replace default
Browse files Browse the repository at this point in the history
  • Loading branch information
lubux committed Nov 27, 2024
1 parent 280d7e4 commit 8faf8e2
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 19 deletions.
53 changes: 35 additions & 18 deletions profile/preset.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,24 +11,7 @@ import (
// Default returns a custom profile that support features
// that are widely implemented.
func Default() *Custom {
setKeyAlgorithm := func(cfg *packet.Config, securityLevel int8) {
cfg.Algorithm = packet.PubKeyAlgoEdDSA
switch securityLevel {
case constants.HighSecurity:
cfg.Curve = packet.Curve25519
default:
cfg.Curve = packet.Curve25519
}
}
return &Custom{
SetKeyAlgorithm: setKeyAlgorithm,
Hash: crypto.SHA256,
CipherEncryption: packet.CipherAES256,
CompressionAlgorithm: packet.CompressionZLIB,
CompressionConfiguration: &packet.CompressionConfig{
Level: 6,
},
}
return ProtonV1()
}

// RFC4880 returns a custom profile for this library
Expand Down Expand Up @@ -142,3 +125,37 @@ func Symmetric() *Custom {
V6: true,
}
}

// ProtonV1 is the version 1 profile used in proton clients.
func ProtonV1() *Custom {
setKeyAlgorithm := func(cfg *packet.Config, securityLevel int8) {
cfg.Algorithm = packet.PubKeyAlgoEdDSA
switch securityLevel {
case constants.HighSecurity:
cfg.Curve = packet.Curve25519
default:
cfg.Curve = packet.Curve25519
}
}
s2kConfig := s2k.Config{
S2KMode: s2k.IteratedSaltedS2K,
Hash: crypto.SHA256,
S2KCount: 65536,
}
return &Custom{
SetKeyAlgorithm: setKeyAlgorithm,
Hash: crypto.SHA512,
CipherEncryption: packet.CipherAES256,
CipherKeyEncryption: packet.CipherAES256,
CompressionAlgorithm: packet.CompressionZLIB,
CompressionConfiguration: &packet.CompressionConfig{
Level: 6,
},
S2kKeyEncryption: &s2kConfig,
S2kEncryption: &s2kConfig,
DisableIntendedRecipients: true,
AllowAllPublicKeyAlgorithms: true,
InsecureAllowWeakRSA: true,
InsecureAllowDecryptionWithSigningKeys: true,
}
}
11 changes: 10 additions & 1 deletion profile/profile.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,12 @@ type Custom struct {
// S2kKeyEncryption defines the s2k algorithm for key encryption.
S2kKeyEncryption *s2k.Config
// AeadEncryption defines the aead encryption algorithm for pgp encryption.
// If nil, aead is disabled even if the key supports it.
AeadEncryption *packet.AEADConfig
// KeyGenAeadEncryption defines if the output key in key generation
// advertises SEIPDv2 and aead algorithms in its key preferences.
// If nil, uses AeadEncryption as key preferences.
KeyGenAeadEncryption *packet.AEADConfig
// S2kEncryption defines the s2k algorithm for pgp encryption.
S2kEncryption *s2k.Config
// CompressionConfiguration defines the compression configuration to be used if any.
Expand Down Expand Up @@ -56,10 +61,14 @@ type Custom struct {
// KeyGenerationProfile, KeyEncryptionProfile, EncryptionProfile, and SignProfile

func (p *Custom) KeyGenerationConfig(securityLevel int8) *packet.Config {
aeadConfig := p.AeadEncryption
if p.KeyGenAeadEncryption != nil {
aeadConfig = p.KeyGenAeadEncryption
}
cfg := &packet.Config{
DefaultHash: p.Hash,
DefaultCipher: p.CipherEncryption,
AEADConfig: p.AeadEncryption,
AEADConfig: aeadConfig,
DefaultCompressionAlgo: p.CompressionAlgorithm,
CompressionConfig: p.CompressionConfiguration,
V6Keys: p.V6,
Expand Down

0 comments on commit 8faf8e2

Please sign in to comment.