Experimental: Symmetric Keys and Forwarding

.github/workflows/go.yml

@@ -2,9 +2,9 @@ name: Go
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, Proton ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, Proton ]
 
 jobs:
 
@@ -26,22 +26,3 @@ jobs:
 
     - name: Randomized test suite 2
       run: go test -v ./... -run RandomizeSlow -count=32
-
-  test-old:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set up Go 1.17
-        uses: actions/setup-go@v3
-        with:
-          go-version: 1.17
-
-      - name: Short test
-        run: go test -short -v ./...
-
-      - name: Randomized test suite 1
-        run: go test -v ./... -run RandomizeFast -count=512
-
-      - name: Randomized test suite 2
-        run: go test -v ./... -run RandomizeSlow -count=32

go.mod

@@ -1,10 +1,10 @@
 module github.com/ProtonMail/go-crypto
 
-go 1.17
+go 1.22.0
 
 require (
-	github.com/cloudflare/circl v1.3.7
-	golang.org/x/crypto v0.17.0
+	github.com/cloudflare/circl v1.5.0
+	golang.org/x/crypto v0.25.0
 )
 
-require golang.org/x/sys v0.16.0 // indirect
+require golang.org/x/sys v0.22.0 // indirect

go.sum

@@ -1,44 +1,6 @@
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys=
+github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=

openpgp/benchmark_v6_test.go

@@ -0,0 +1,295 @@
+package openpgp
+
+import (
+	"bytes"
+	"crypto/rand"
+	"io/ioutil"
+	"testing"
+	"time"
+
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
+)
+
+const benchmarkMessageSize = 1024 // Signed / encrypted message size in bytes
+
+var benchmarkTestSet = map[string]*packet.Config{
+	"RSA_1024": {
+		Algorithm: packet.PubKeyAlgoRSA,
+		RSABits:   1024,
+	},
+	"RSA_2048": {
+		Algorithm: packet.PubKeyAlgoRSA,
+		RSABits:   2048,
+	},
+	"RSA_3072": {
+		Algorithm: packet.PubKeyAlgoRSA,
+		RSABits:   3072,
+	},
+	"RSA_4096": {
+		Algorithm: packet.PubKeyAlgoRSA,
+		RSABits:   4096,
+	},
+	"Ed25519_X25519": {
+		Algorithm: packet.PubKeyAlgoEd25519,
+	},
+	"Ed448_X448": {
+		Algorithm: packet.PubKeyAlgoEd448,
+	},
+	"P256": {
+		Algorithm: packet.PubKeyAlgoECDSA,
+		Curve:     packet.CurveNistP256,
+	},
+	"P384": {
+		Algorithm: packet.PubKeyAlgoECDSA,
+		Curve:     packet.CurveNistP384,
+	},
+	"P521": {
+		Algorithm: packet.PubKeyAlgoECDSA,
+		Curve:     packet.CurveNistP521,
+	},
+	"Brainpool256": {
+		Algorithm: packet.PubKeyAlgoECDSA,
+		Curve:     packet.CurveBrainpoolP256,
+	},
+	"Brainpool384": {
+		Algorithm: packet.PubKeyAlgoECDSA,
+		Curve:     packet.CurveBrainpoolP384,
+	},
+	"Brainpool512": {
+		Algorithm: packet.PubKeyAlgoECDSA,
+		Curve:     packet.CurveBrainpoolP512,
+	},
+	"ML-DSA3Ed25519_ML-KEM768X25519": {
+		Algorithm: packet.PubKeyAlgoMldsa65Ed25519,
+	},
+	"ML-DSA5Ed448_ML-KEM1024X448": {
+		Algorithm: packet.PubKeyAlgoMldsa87Ed448,
+	},
+}
+
+func benchmarkGenerateKey(b *testing.B, config *packet.Config) [][]byte {
+	var serializedEntities [][]byte
+	config.V6Keys = true
+
+	config.AEADConfig = &packet.AEADConfig{
+		DefaultMode: packet.AEADModeOCB,
+	}
+
+	config.Time = func() time.Time {
+		parsed, _ := time.Parse("2006-01-02", "2013-07-01")
+		return parsed
+	}
+
+	b.ResetTimer()
+	for n := 0; n < b.N; n++ {
+		entity, err := NewEntity("Golang Gopher", "Test Key", "[email protected]", config)
+		if err != nil {
+			b.Fatal(err)
+		}
+
+		serializedEntity := bytes.NewBuffer(nil)
+		err = entity.SerializePrivate(serializedEntity, nil)
+		if err != nil {
+			b.Fatalf("Failed to serialize entity: %s", err)
+		}
+
+		serializedEntities = append(serializedEntities, serializedEntity.Bytes())
+	}
+
+	return serializedEntities
+}
+
+func benchmarkParse(b *testing.B, keys [][]byte) []*Entity {
+	var parsedKeys []*Entity
+
+	b.ResetTimer()
+	for n := 0; n < b.N; n++ {
+		keyring, err := ReadKeyRing(bytes.NewReader(keys[n]))
+		if err != nil {
+			b.Errorf("Failed to initalize encryption: %s", err)
+			continue
+		}
+
+		parsedKeys = append(parsedKeys, keyring[0])
+	}
+
+	return parsedKeys
+}
+
+func benchmarkEncrypt(b *testing.B, keys []*Entity, plaintext []byte, sign bool) [][]byte {
+	var encryptedMessages [][]byte
+
+	var config = &packet.Config{
+		AEADConfig: &packet.AEADConfig{
+			DefaultMode: packet.AEADModeOCB,
+		},
+		V6Keys: true,
+	}
+
+	b.ResetTimer()
+	for n := 0; n < b.N; n++ {
+		buf := new(bytes.Buffer)
+
+		var signed *Entity
+		if sign {
+			signed = keys[n%len(keys)]
+		}
+
+		w, err := Encrypt(buf, EntityList{keys[n%len(keys)]}, signed, nil, config)
+		if err != nil {
+			b.Errorf("Failed to initalize encryption: %s", err)
+			continue
+		}
+
+		_, err = w.Write(plaintext)
+		if err != nil {
+			b.Errorf("Error writing plaintext: %s", err)
+			continue
+		}
+
+		err = w.Close()
+		if err != nil {
+			b.Errorf("Error closing WriteCloser: %s", err)
+			continue
+		}
+
+		encryptedMessages = append(encryptedMessages, buf.Bytes())
+	}
+
+	return encryptedMessages
+}
+
+func benchmarkDecrypt(b *testing.B, keys []*Entity, plaintext []byte, encryptedMessages [][]byte, verify bool) {
+	b.ResetTimer()
+	for n := 0; n < b.N; n++ {
+		reader := bytes.NewReader(encryptedMessages[n%len(encryptedMessages)])
+		md, err := ReadMessage(reader, EntityList{keys[n%len(keys)]}, nil, nil)
+		if err != nil {
+			b.Errorf("Error reading message: %s", err)
+			continue
+		}
+
+		decrypted, err := ioutil.ReadAll(md.UnverifiedBody)
+		if err != nil {
+			b.Errorf("Error reading encrypted content: %s", err)
+			continue
+		}
+
+		if !bytes.Equal(decrypted, plaintext) {
+			b.Error("Decrypted wrong plaintext")
+		}
+
+		if verify {
+			if md.SignatureError != nil {
+				b.Errorf("Signature error: %s", md.SignatureError)
+			}
+			if md.Signature == nil {
+				b.Error("Signature missing")
+			}
+		}
+	}
+}
+
+func benchmarkSign(b *testing.B, keys []*Entity, plaintext []byte) [][]byte {
+	var signatures [][]byte
+
+	b.ResetTimer()
+	for n := 0; n < b.N; n++ {
+		buf := new(bytes.Buffer)
+
+		err := DetachSign(buf, keys[n%len(keys)], bytes.NewReader(plaintext), nil)
+		if err != nil {
+			b.Errorf("Failed to sign: %s", err)
+			continue
+		}
+
+		signatures = append(signatures, buf.Bytes())
+	}
+
+	return signatures
+}
+
+func benchmarkVerify(b *testing.B, keys []*Entity, plaintext []byte, signatures [][]byte) {
+	b.ResetTimer()
+	for n := 0; n < b.N; n++ {
+		signed := bytes.NewReader(plaintext)
+		signature := bytes.NewReader(signatures[n%len(signatures)])
+
+		parsedSignature, signer, signatureError := VerifyDetachedSignature(EntityList{keys[n%len(keys)]}, signed, signature, nil)
+
+		if signatureError != nil {
+			b.Errorf("Signature error: %s", signatureError)
+		}
+
+		if parsedSignature == nil {
+			b.Error("Signature missing")
+		}
+
+		if signer == nil {
+			b.Error("Signer missing")
+		}
+	}
+}
+
+func BenchmarkV6Keys(b *testing.B) {
+	serializedKeys := make(map[string][][]byte)
+	parsedKeys := make(map[string][]*Entity)
+	encryptedMessages := make(map[string][][]byte)
+	encryptedSignedMessages := make(map[string][][]byte)
+	signatures := make(map[string][][]byte)
+
+	var plaintext [benchmarkMessageSize]byte
+	_, _ = rand.Read(plaintext[:])
+
+	for name, config := range benchmarkTestSet {
+		b.Run("Generate "+name, func(b *testing.B) {
+			serializedKeys[name] = benchmarkGenerateKey(b, config)
+			b.Logf("Generate %s: %d bytes", name, len(serializedKeys[name][0]))
+		})
+	}
+
+	for name, keys := range serializedKeys {
+		b.Run("Parse_"+name, func(b *testing.B) {
+			parsedKeys[name] = benchmarkParse(b, keys)
+		})
+	}
+
+	for name, keys := range parsedKeys {
+		b.Run("Encrypt_"+name, func(b *testing.B) {
+			encryptedMessages[name] = benchmarkEncrypt(b, keys, plaintext[:], false)
+			b.Logf("Encrypt %s: %d bytes", name, len(encryptedMessages[name][0]))
+		})
+	}
+
+	for name, keys := range parsedKeys {
+		b.Run("Decrypt_"+name, func(b *testing.B) {
+			benchmarkDecrypt(b, keys, plaintext[:], encryptedMessages[name], false)
+		})
+	}
+
+	for name, keys := range parsedKeys {
+		b.Run("Encrypt_Sign_"+name, func(b *testing.B) {
+			encryptedSignedMessages[name] = benchmarkEncrypt(b, keys, plaintext[:], true)
+			b.Logf("Encrypt_Sign %s: %d bytes", name, len(encryptedSignedMessages[name][0]))
+		})
+	}
+
+	for name, keys := range parsedKeys {
+		b.Run("Decrypt_Verify_"+name, func(b *testing.B) {
+			benchmarkDecrypt(b, keys, plaintext[:], encryptedSignedMessages[name], true)
+		})
+	}
+
+	for name, keys := range parsedKeys {
+		b.Run("Sign_"+name, func(b *testing.B) {
+			signatures[name] = benchmarkSign(b, keys, plaintext[:])
+			b.Logf("Sign %s: %d bytes", name, len(signatures[name][0]))
+		})
+	}
+
+	for name, keys := range parsedKeys {
+		b.Run("Verify_"+name, func(b *testing.B) {
+			benchmarkVerify(b, keys, plaintext[:], signatures[name])
+		})
+	}
+}