diff --git a/openpgp/forwarding_test.go b/openpgp/forwarding_test.go index 2267c4ca6..3241a7942 100644 --- a/openpgp/forwarding_test.go +++ b/openpgp/forwarding_test.go @@ -183,7 +183,7 @@ Loop: } switch p := p.(type) { case *packet.EncryptedKey: - err = p.ProxyTransform( + tp, err := p.ProxyTransform( instance.ProxyParameter, instance.ForwarderKeyId, instance.ForwardeeKeyId, @@ -194,7 +194,7 @@ Loop: splitPoint = bytesReader.Size() - int64(bytesReader.Len()) - err = p.Serialize(transformedEncryptedKey) + err = tp.Serialize(transformedEncryptedKey) if err != nil { t.Fatalf("error serializing transformed PKESK: %s", err) } diff --git a/openpgp/packet/encrypted_key.go b/openpgp/packet/encrypted_key.go index a19ece8f3..a7fdb43ce 100644 --- a/openpgp/packet/encrypted_key.go +++ b/openpgp/packet/encrypted_key.go @@ -458,27 +458,37 @@ func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFu return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, config.AEAD() != nil, key, hidden, config) } -func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) error { +func (e *EncryptedKey) ProxyTransform(proxyParam []byte, forwarderKeyId, forwardeeKeyId uint64) (transformed *EncryptedKey, err error) { if e.Algo != PubKeyAlgoECDH { - return errors.InvalidArgumentError("invalid PKESK") + return nil, errors.InvalidArgumentError("invalid PKESK") } if e.KeyId != 0 && e.KeyId != forwarderKeyId { - return errors.InvalidArgumentError("invalid key id in PKESK") + return nil, errors.InvalidArgumentError("invalid key id in PKESK") } ephemeral := e.encryptedMPI1.Bytes() - transformed, err := ecdh.ProxyTransform(ephemeral, proxyParam) + transformedEphemeral, err := ecdh.ProxyTransform(ephemeral, proxyParam) if err != nil { - return err + return nil, err } - e.encryptedMPI1 = encoding.NewMPI(transformed) - if e.KeyId != 0 { - e.KeyId = forwardeeKeyId + wrappedKey := e.encryptedMPI2.Bytes() + copiedWrappedKey := make([]byte, len(wrappedKey)) + copy(copiedWrappedKey, wrappedKey) + + transformed = &EncryptedKey{ + KeyId: forwardeeKeyId, + Algo: e.Algo, + encryptedMPI1: encoding.NewMPI(transformedEphemeral), + encryptedMPI2: encoding.NewOID(copiedWrappedKey), } - return nil + if e.KeyId == 0 { + e.KeyId = 0 + } + + return transformed, nil } func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header []byte, pub *rsa.PublicKey, keyBlock []byte) error {