Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-08 09:26:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat(pgp): use preferred hash algorithm for signing instead of hardcoded SHA256

Browse Source 
There is no difference for RSA and Ed25519,
the only signing keys that we generate.
The both use SHA256:
<7e3b6c0af2/src/types/params/public.rs (L231-L234)>

The only difference is for the possible future PQC signing keys
and imported NIST P-512 and NIST P-384 keys.
This commit is contained in:
link2xt
2026-01-15 22:59:47 +00:00
committed by l
parent a67a5299bf
commit 5ff323ce15
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/pgp.rs
View File

@@ -17,7 +17,9 @@ use pgp::crypto::ecc_curve::ECCCurve;
use pgp::crypto::hash::HashAlgorithm; use pgp::crypto::hash::HashAlgorithm;
use pgp::crypto::sym::SymmetricKeyAlgorithm; use pgp::crypto::sym::SymmetricKeyAlgorithm;
use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData}; use pgp::packet::{SignatureConfig, SignatureType, Subpacket, SubpacketData};
use pgp::types::{CompressionAlgorithm, KeyDetails, Password, PublicKeyTrait, StringToKey}; use pgp::types::{
CompressionAlgorithm, KeyDetails, Password, PublicKeyTrait, SecretKeyTrait as _, StringToKey,
};
use rand_old::{Rng as _, thread_rng}; use rand_old::{Rng as _, thread_rng};
use tokio::runtime::Handle; use tokio::runtime::Handle;
@@ -31,9 +33,6 @@ pub(crate) const HEADER_SETUPCODE: &str = "passphrase-begin";
/// Preferred symmetric encryption algorithm. /// Preferred symmetric encryption algorithm.
const SYMMETRIC_KEY_ALGORITHM: SymmetricKeyAlgorithm = SymmetricKeyAlgorithm::AES128; const SYMMETRIC_KEY_ALGORITHM: SymmetricKeyAlgorithm = SymmetricKeyAlgorithm::AES128;
/// Preferred cryptographic hash.
const HASH_ALGORITHM: HashAlgorithm = HashAlgorithm::Sha256;
/// Split data from PGP Armored Data as defined in <https://tools.ietf.org/html/rfc4880#section-6.2>. /// Split data from PGP Armored Data as defined in <https://tools.ietf.org/html/rfc4880#section-6.2>.
/// ///
/// Returns (type, headers, base64 encoded body). /// Returns (type, headers, base64 encoded body).
@@ -205,7 +204,8 @@ pub async fn pk_encrypt(
} }
} }
msg.sign(&*private_key_for_signing, Password::empty(), HASH_ALGORITHM); let hash_algorithm = private_key_for_signing.hash_alg();
msg.sign(&*private_key_for_signing, Password::empty(), hash_algorithm);
if compress { if compress {
msg.compression(CompressionAlgorithm::ZLIB); msg.compression(CompressionAlgorithm::ZLIB);
} }
@@ -228,7 +228,8 @@ pub async fn pk_encrypt(
} }
} }
msg.sign(&*private_key_for_signing, Password::empty(), HASH_ALGORITHM); let hash_algorithm = private_key_for_signing.hash_alg();
msg.sign(&*private_key_for_signing, Password::empty(), hash_algorithm);
if compress { if compress {
msg.compression(CompressionAlgorithm::ZLIB); msg.compression(CompressionAlgorithm::ZLIB);
} }
@@ -453,7 +454,8 @@ pub async fn symm_encrypt_message(
); );
msg.encrypt_with_password(&mut rng, s2k, &shared_secret)?; msg.encrypt_with_password(&mut rng, s2k, &shared_secret)?;
msg.sign(&*private_key_for_signing, Password::empty(), HASH_ALGORITHM); let hash_algorithm = private_key_for_signing.hash_alg();
msg.sign(&*private_key_for_signing, Password::empty(), hash_algorithm);
if compress { if compress {
msg.compression(CompressionAlgorithm::ZLIB); msg.compression(CompressionAlgorithm::ZLIB);
} }