Add support for draft-ietf-openpgp-persistent-symmetric-keys-00

This partially reverts commit f280790.

Author: twiss

openpgp/internal/algorithm/aead.go

@@ -12,6 +12,11 @@ import (
 // operation.
 type AEADMode uint8
 
+// Id returns the algorithm ID, as a byte, of mode.
+func (mode AEADMode) Id() uint8 {
+	return uint8(mode)
+}
+
 // Supported modes of operation (see RFC4880bis [EAX] and RFC7253)
 const (
 	AEADModeEAX = AEADMode(1)

openpgp/internal/algorithm/cipher.go

@@ -46,7 +46,7 @@ var CipherById = map[uint8]Cipher{
 
 type CipherFunction uint8
 
-// ID returns the algorithm Id, as a byte, of cipher.
+// Id returns the algorithm ID, as a byte, of cipher.
 func (sk CipherFunction) Id() uint8 {
 	return uint8(sk)
 }

openpgp/key_generation.go

@@ -322,9 +322,12 @@ func newSigner(config *packet.Config) (signer interface{}, err error) {
 			return nil, err
 		}
 		return priv, nil
-	case packet.ExperimentalPubKeyAlgoHMAC:
+	case packet.PubKeyAlgoHMAC:
 		hash := algorithm.HashById[hashToHashId(config.Hash())]
 		return symmetric.HMACGenerateKey(config.Random(), hash)
+	case packet.ExperimentalPubKeyAlgoHMAC:
+		hash := algorithm.HashById[hashToHashId(config.Hash())]
+		return symmetric.ExperimentalHMACGenerateKey(config.Random(), hash)
 	case packet.PubKeyAlgoMldsa65Ed25519, packet.PubKeyAlgoMldsa87Ed448:
 		if !config.V6() {
 			return nil, goerrors.New("openpgp: cannot create a non-v6 mldsa_eddsa key")
@@ -383,9 +386,13 @@ func newDecrypter(config *packet.Config) (decrypter interface{}, err error) {
 		return x25519.GenerateKey(config.Random())
 	case packet.PubKeyAlgoEd448, packet.PubKeyAlgoX448: // When passing Ed448, we generate an x448 subkey
 		return x448.GenerateKey(config.Random())
-	case packet.ExperimentalPubKeyAlgoAEAD:
+	case packet.PubKeyAlgoHMAC, packet.PubKeyAlgoAEAD: // When passing HMAC, we generate an AEAD subkey
+		cipher := algorithm.CipherFunction(config.Cipher())
+		aead := algorithm.AEADMode(config.AEAD().Mode())
+		return symmetric.AEADGenerateKey(config.Random(), cipher, aead)
+	case packet.ExperimentalPubKeyAlgoHMAC, packet.ExperimentalPubKeyAlgoAEAD: // When passing HMAC, we generate an AEAD subkey
 		cipher := algorithm.CipherFunction(config.Cipher())
-		return symmetric.AEADGenerateKey(config.Random(), cipher)
+		return symmetric.ExperimentalAEADGenerateKey(config.Random(), cipher)
 	case packet.PubKeyAlgoMldsa65Ed25519, packet.PubKeyAlgoMldsa87Ed448:
 		if pubKeyAlgo, err = packet.GetMatchingMlkem(config.PublicKeyAlgorithm()); err != nil {
 			return nil, err

openpgp/keys.go

@@ -771,7 +771,9 @@ func (e *Entity) serializePrivate(w io.Writer, config *packet.Config, reSign boo
 // Serialize writes the public part of the given Entity to w, including
 // signatures from other entities. No private key material will be output.
 func (e *Entity) Serialize(w io.Writer) error {
-	if e.PrimaryKey.PubKeyAlgo == packet.ExperimentalPubKeyAlgoHMAC ||
+	if e.PrimaryKey.PubKeyAlgo == packet.PubKeyAlgoHMAC ||
+		e.PrimaryKey.PubKeyAlgo == packet.PubKeyAlgoAEAD ||
+		e.PrimaryKey.PubKeyAlgo == packet.ExperimentalPubKeyAlgoHMAC ||
 		e.PrimaryKey.PubKeyAlgo == packet.ExperimentalPubKeyAlgoAEAD {
 		return errors.InvalidArgumentError("Can't serialize symmetric primary key")
 	}
@@ -808,7 +810,9 @@ func (e *Entity) Serialize(w io.Writer) error {
 		// public key packets contain no meaningful information and do not need
 		// to be serialized.
 		// Prevent public key export for forwarding keys, see forwarding section 4.1.
-		if subkey.PublicKey.PubKeyAlgo == packet.ExperimentalPubKeyAlgoHMAC ||
+		if subkey.PublicKey.PubKeyAlgo == packet.PubKeyAlgoHMAC ||
+			subkey.PublicKey.PubKeyAlgo == packet.PubKeyAlgoAEAD ||
+			subkey.PublicKey.PubKeyAlgo == packet.ExperimentalPubKeyAlgoHMAC ||
 			subkey.PublicKey.PubKeyAlgo == packet.ExperimentalPubKeyAlgoAEAD ||
 			subkey.Sig.FlagForward {
 			continue