@@ -160,6 +160,20 @@ fn select_pk_for_encryption(key: &SignedPublicKey) -> Option<&SignedPublicSubKey
160160 . find ( |subkey| subkey. is_encryption_key ( ) )
161161}
162162
163+ /// Version of SEIPD packet to use.
164+ ///
165+ /// See
166+ /// <https://www.rfc-editor.org/rfc/rfc9580#name-avoiding-ciphertext-malleab>
167+ /// for the discussion on when v2 SEIPD should be used.
168+ #[ derive( Debug ) ]
169+ pub enum SeipdVersion {
170+ /// Use v1 SEIPD, for compatibility.
171+ V1 ,
172+
173+ /// Use v2 SEIPD when we know that v2 SEIPD is supported.
174+ V2 ,
175+ }
176+
163177/// Encrypts `plain` text using `public_keys_for_encryption`
164178/// and signs it using `private_key_for_signing`.
165179pub async fn pk_encrypt (
@@ -168,6 +182,7 @@ pub async fn pk_encrypt(
168182 private_key_for_signing : SignedSecretKey ,
169183 compress : bool ,
170184 anonymous_recipients : bool ,
185+ seipd_version : SeipdVersion ,
171186) -> Result < String > {
172187 Handle :: current ( )
173188 . spawn_blocking ( move || {
@@ -178,21 +193,49 @@ pub async fn pk_encrypt(
178193 . filter_map ( select_pk_for_encryption) ;
179194
180195 let msg = MessageBuilder :: from_bytes ( "" , plain) ;
181- let mut msg = msg. seipd_v1 ( & mut rng, SYMMETRIC_KEY_ALGORITHM ) ;
182- for pkey in pkeys {
183- if anonymous_recipients {
184- msg. encrypt_to_key_anonymous ( & mut rng, & pkey) ?;
185- } else {
186- msg. encrypt_to_key ( & mut rng, & pkey) ?;
196+ let encoded_msg = match seipd_version {
197+ SeipdVersion :: V1 => {
198+ let mut msg = msg. seipd_v1 ( & mut rng, SYMMETRIC_KEY_ALGORITHM ) ;
199+
200+ for pkey in pkeys {
201+ if anonymous_recipients {
202+ msg. encrypt_to_key_anonymous ( & mut rng, & pkey) ?;
203+ } else {
204+ msg. encrypt_to_key ( & mut rng, & pkey) ?;
205+ }
206+ }
207+
208+ msg. sign ( & * private_key_for_signing, Password :: empty ( ) , HASH_ALGORITHM ) ;
209+ if compress {
210+ msg. compression ( CompressionAlgorithm :: ZLIB ) ;
211+ }
212+
213+ msg. to_armored_string ( & mut rng, Default :: default ( ) ) ?
187214 }
188- }
189-
190- msg. sign ( & * private_key_for_signing, Password :: empty ( ) , HASH_ALGORITHM ) ;
191- if compress {
192- msg. compression ( CompressionAlgorithm :: ZLIB ) ;
193- }
194-
195- let encoded_msg = msg. to_armored_string ( & mut rng, Default :: default ( ) ) ?;
215+ SeipdVersion :: V2 => {
216+ let mut msg = msg. seipd_v2 (
217+ & mut rng,
218+ SYMMETRIC_KEY_ALGORITHM ,
219+ AeadAlgorithm :: Ocb ,
220+ ChunkSize :: C8KiB ,
221+ ) ;
222+
223+ for pkey in pkeys {
224+ if anonymous_recipients {
225+ msg. encrypt_to_key_anonymous ( & mut rng, & pkey) ?;
226+ } else {
227+ msg. encrypt_to_key ( & mut rng, & pkey) ?;
228+ }
229+ }
230+
231+ msg. sign ( & * private_key_for_signing, Password :: empty ( ) , HASH_ALGORITHM ) ;
232+ if compress {
233+ msg. compression ( CompressionAlgorithm :: ZLIB ) ;
234+ }
235+
236+ msg. to_armored_string ( & mut rng, Default :: default ( ) ) ?
237+ }
238+ } ;
196239
197240 Ok ( encoded_msg)
198241 } )
@@ -547,6 +590,7 @@ mod tests {
547590 KEYS . alice_secret . clone ( ) ,
548591 compress,
549592 anonymous_recipients,
593+ SeipdVersion :: V2 ,
550594 )
551595 . await
552596 . unwrap ( )
@@ -716,6 +760,7 @@ mod tests {
716760 KEYS . alice_secret . clone ( ) ,
717761 true ,
718762 true ,
763+ SeipdVersion :: V2 ,
719764 )
720765 . await ?;
721766
0 commit comments