Add preferred ciphersuites subpacket

This subpacket replaces both symmetric algorithm preferences and AEAD algorithm preferences when AEAD is supported, by providing sets of preferred symmetric and AEAD algorithm pairs. We still keep the symmetric algorithm preferences in case AEAD is not supported.
2025-03-30 15:08:32 +00:00 · 2022-03-02 18:50:40 +01:00 · 2022-03-02 18:50:40 +01:00 · 5008f07808
commit 5008f07808
parent b6dc112eb3
3 changed files with 23 additions and 3 deletions
--- a/src/enums.js
+++ b/src/enums.js
@ -394,7 +394,8 @@ export default {
    signatureTarget: 31,
    embeddedSignature: 32,
    issuerFingerprint: 33,
-    preferredAEADAlgorithms: 34
+    preferredAEADAlgorithms: 34,
+    preferredCipherSuites: 39
  },

  /** Key flags
--- a/src/key/factory.js
+++ b/src/key/factory.js
@ -195,17 +195,24 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf
  function getKeySignatureProperties() {
    const signatureProperties = {};
    signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];
-    signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([
+    const symmetricAlgorithms = createPreferredAlgos([
      // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)
      enums.symmetric.aes256,
      enums.symmetric.aes128,
      enums.symmetric.aes192
    ], config.preferredSymmetricAlgorithm);
+    signatureProperties.preferredSymmetricAlgorithms = symmetricAlgorithms;
    if (config.aeadProtect) {
-      signatureProperties.preferredAEADAlgorithms = createPreferredAlgos([
+      const aeadAlgorithms = createPreferredAlgos([
+        enums.aead.gcm,
        enums.aead.eax,
        enums.aead.ocb
      ], config.preferredAEADAlgorithm);
+      signatureProperties.preferredCipherSuites = aeadAlgorithms.flatMap(aeadAlgorithm => {
+        return symmetricAlgorithms.map(symmetricAlgorithm => {
+          return [symmetricAlgorithm, aeadAlgorithm];
+        });
+      });
    }
    signatureProperties.preferredHashAlgorithms = createPreferredAlgos([
      // prefer fast asm.js implementations (SHA-256)
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@ -97,6 +97,7 @@ class SignaturePacket {
    this.issuerKeyVersion = null;
    this.issuerFingerprint = null;
    this.preferredAEADAlgorithms = null;
+    this.preferredCipherSuites = null;

    this.revoked = null;
    this[verified] = null;
@ -346,6 +347,10 @@ class SignaturePacket {
      bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));
      arr.push(writeSubPacket(sub.preferredAEADAlgorithms, false, bytes));
    }
+    if (this.preferredCipherSuites !== null) {
+      bytes = new Uint8Array([].concat(...this.preferredCipherSuites));
+      arr.push(writeSubPacket(sub.preferredCipherSuites, false, bytes));
+    }

    const result = util.concat(arr);
    const length = util.writeNumber(result.length, this.version === 6 ? 4 : 2);
@ -551,6 +556,13 @@ class SignaturePacket {
        // Preferred AEAD Algorithms
        this.preferredAEADAlgorithms = [...bytes.subarray(mypos, bytes.length)];
        break;
+      case enums.signatureSubpacket.preferredCipherSuites:
+        // Preferred AEAD Cipher Suites
+        this.preferredCipherSuites = [];
+        for (let i = mypos; i < bytes.length; i += 2) {
+          this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);
+        }
+        break;
      default: {
        const err = new Error(`Unknown signature subpacket type ${type}`);
        if (critical) {