diff --git a/profile/preset.go b/profile/preset.go index ac95f0e6..054e96e2 100644 --- a/profile/preset.go +++ b/profile/preset.go @@ -11,25 +11,7 @@ import ( // Default returns a custom profile that support features // that are widely implemented. func Default() *Custom { - setKeyAlgorithm := func(cfg *packet.Config, securityLevel int8) { - cfg.Algorithm = packet.PubKeyAlgoEdDSA - switch securityLevel { - case constants.HighSecurity: - cfg.Curve = packet.Curve25519 - default: - cfg.Curve = packet.Curve25519 - } - } - return &Custom{ - Name: "default", - SetKeyAlgorithm: setKeyAlgorithm, - Hash: crypto.SHA256, - CipherEncryption: packet.CipherAES256, - CompressionAlgorithm: packet.CompressionZLIB, - CompressionConfiguration: &packet.CompressionConfig{ - Level: 6, - }, - } + return ProtonV1() } // RFC4880 returns a custom profile for this library @@ -83,3 +65,32 @@ func RFC9580() *Custom { V6: true, } } + +// ProtonV1 is the version 1 profile used in proton clients. +func ProtonV1() *Custom { + setKeyAlgorithm := func(cfg *packet.Config, securityLevel int8) { + cfg.Algorithm = packet.PubKeyAlgoEdDSA + switch securityLevel { + case constants.HighSecurity: + cfg.Curve = packet.Curve25519 + default: + cfg.Curve = packet.Curve25519 + } + } + return &Custom{ + Name: "proton-v1", + SetKeyAlgorithm: setKeyAlgorithm, + Hash: crypto.SHA512, + CipherEncryption: packet.CipherAES256, + CompressionAlgorithm: packet.CompressionZLIB, + KeyGenAeadEncryption: &packet.AEADConfig{ + DefaultMode: packet.AEADModeGCM, + }, + CompressionConfiguration: &packet.CompressionConfig{ + Level: 6, + }, + DisableIntendedRecipients: true, + AllowAllPublicKeyAlgorithms: true, + AllowWeakRSA: true, + } +} diff --git a/profile/profile.go b/profile/profile.go index d86930b3..51c3e9b9 100644 --- a/profile/profile.go +++ b/profile/profile.go @@ -26,7 +26,12 @@ type Custom struct { // S2kKeyEncryption defines the s2k algorithm for key encryption. S2kKeyEncryption *s2k.Config // AeadEncryption defines the aead encryption algorithm for pgp encryption. + // If nil, aead is disabled even if the key supports it. AeadEncryption *packet.AEADConfig + // KeyGenAeadEncryption defines if the output key in key generation + // advertises SEIPDv2 and aead algorithms in its key preferences. + // If nil, uses AeadEncryption as key preferences. + KeyGenAeadEncryption *packet.AEADConfig // S2kEncryption defines the s2k algorithm for pgp encryption. S2kEncryption *s2k.Config // CompressionConfiguration defines the compression configuration to be used if any. @@ -56,10 +61,14 @@ type Custom struct { // KeyGenerationProfile, KeyEncryptionProfile, EncryptionProfile, and SignProfile func (p *Custom) KeyGenerationConfig(securityLevel int8) *packet.Config { + aeadConfig := p.AeadEncryption + if p.KeyGenAeadEncryption != nil { + aeadConfig = p.KeyGenAeadEncryption + } cfg := &packet.Config{ DefaultHash: p.Hash, DefaultCipher: p.CipherEncryption, - AEADConfig: p.AeadEncryption, + AEADConfig: aeadConfig, DefaultCompressionAlgo: p.CompressionAlgorithm, CompressionConfig: p.CompressionConfiguration, V6Keys: p.V6,