chore(deps): upgrade dependencies

Upgrade all dependencies to newest versions.

vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go

@@ -49,7 +49,7 @@ type PrivateKey struct {
 	s2kParams *s2k.Params
 }
 
-//S2KType s2k packet type
+// S2KType s2k packet type
 type S2KType uint8
 
 const (
@@ -179,6 +179,9 @@ func (pk *PrivateKey) parse(r io.Reader) (err error) {
 			return
 		}
 		pk.cipher = CipherFunction(buf[0])
+		if pk.cipher != 0 && !pk.cipher.IsSupported() {
+			return errors.UnsupportedError("unsupported cipher function in private key")
+		}
 		pk.s2kParams, err = s2k.ParseIntoParams(r)
 		if err != nil {
 			return
@@ -367,8 +370,8 @@ func serializeECDHPrivateKey(w io.Writer, priv *ecdh.PrivateKey) error {
 	return err
 }
 
-// Decrypt decrypts an encrypted private key using a passphrase.
-func (pk *PrivateKey) Decrypt(passphrase []byte) error {
+// decrypt decrypts an encrypted private key using a decryption key.
+func (pk *PrivateKey) decrypt(decryptionKey []byte) error {
 	if pk.Dummy() {
 		return errors.ErrDummyPrivateKey("dummy key found")
 	}
@@ -376,9 +379,7 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error {
 		return nil
 	}
 
-	key := make([]byte, pk.cipher.KeySize())
-	pk.s2k(key, passphrase)
-	block := pk.cipher.new(key)
+	block := pk.cipher.new(decryptionKey)
 	cfb := cipher.NewCFBDecrypter(block, pk.iv)
 
 	data := make([]byte, len(pk.encryptedData))
@@ -427,35 +428,79 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error {
 	return nil
 }
 
-// Encrypt encrypts an unencrypted private key using a passphrase.
-func (pk *PrivateKey) Encrypt(passphrase []byte) error {
+func (pk *PrivateKey) decryptWithCache(passphrase []byte, keyCache *s2k.Cache) error {
+	if pk.Dummy() {
+		return errors.ErrDummyPrivateKey("dummy key found")
+	}
+	if !pk.Encrypted {
+		return nil
+	}
+
+	key, err := keyCache.GetOrComputeDerivedKey(passphrase, pk.s2kParams, pk.cipher.KeySize())
+	if err != nil {
+		return err
+	}
+	return pk.decrypt(key)
+}
+
+// Decrypt decrypts an encrypted private key using a passphrase.
+func (pk *PrivateKey) Decrypt(passphrase []byte) error {
+	if pk.Dummy() {
+		return errors.ErrDummyPrivateKey("dummy key found")
+	}
+	if !pk.Encrypted {
+		return nil
+	}
+
+	key := make([]byte, pk.cipher.KeySize())
+	pk.s2k(key, passphrase)
+	return pk.decrypt(key)
+}
+
+// DecryptPrivateKeys decrypts all encrypted keys with the given config and passphrase.
+// Avoids recomputation of similar s2k key derivations. 
+func DecryptPrivateKeys(keys []*PrivateKey, passphrase []byte) error {
+	// Create a cache to avoid recomputation of key derviations for the same passphrase.
+	s2kCache := &s2k.Cache{}
+	for _, key := range keys {
+		if key != nil && !key.Dummy() && key.Encrypted {
+			err := key.decryptWithCache(passphrase, s2kCache)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// encrypt encrypts an unencrypted private key.
+func (pk *PrivateKey) encrypt(key []byte, params *s2k.Params, cipherFunction CipherFunction) error {
+	if pk.Dummy() {
+		return errors.ErrDummyPrivateKey("dummy key found")
+	}
+	if pk.Encrypted {
+		return nil
+	}
+	// check if encryptionKey has the correct size
+	if len(key) != cipherFunction.KeySize() {
+		return errors.InvalidArgumentError("supplied encryption key has the wrong size")
+	}
+	
 	priv := bytes.NewBuffer(nil)
 	err := pk.serializePrivateKey(priv)
 	if err != nil {
 		return err
 	}
 
-	//Default config of private key encryption
-	pk.cipher = CipherAES256
-	s2kConfig := &s2k.Config{
-		S2KMode:  3, //Iterated
-		S2KCount: 65536,
-		Hash:     crypto.SHA256,
-	}
-
-	pk.s2kParams, err = s2k.Generate(rand.Reader, s2kConfig)
-	if err != nil {
-		return err
-	}
-	privateKeyBytes := priv.Bytes()
-	key := make([]byte, pk.cipher.KeySize())
-
-	pk.sha1Checksum = true
+	pk.cipher = cipherFunction
+	pk.s2kParams = params
 	pk.s2k, err = pk.s2kParams.Function()
 	if err != nil {
 		return err
-	}
-	pk.s2k(key, passphrase)
+	} 
+
+	privateKeyBytes := priv.Bytes()
+	pk.sha1Checksum = true
 	block := pk.cipher.new(key)
 	pk.iv = make([]byte, pk.cipher.blockSize())
 	_, err = rand.Read(pk.iv)
@@ -486,6 +531,62 @@ func (pk *PrivateKey) Encrypt(passphrase []byte) error {
 	return err
 }
 
+// EncryptWithConfig encrypts an unencrypted private key using the passphrase and the config.
+func (pk *PrivateKey) EncryptWithConfig(passphrase []byte, config *Config) error {
+	params, err := s2k.Generate(config.Random(), config.S2K())
+	if err != nil {
+		return err
+	}
+	// Derive an encryption key with the configured s2k function.
+	key := make([]byte, config.Cipher().KeySize())
+	s2k, err := params.Function()
+	if err != nil {
+		return err
+	}
+	s2k(key, passphrase)
+	// Encrypt the private key with the derived encryption key.
+	return pk.encrypt(key, params, config.Cipher())
+}
+
+// EncryptPrivateKeys encrypts all unencrypted keys with the given config and passphrase.
+// Only derives one key from the passphrase, which is then used to encrypt each key.
+func EncryptPrivateKeys(keys []*PrivateKey, passphrase []byte, config *Config) error {
+	params, err := s2k.Generate(config.Random(), config.S2K())
+	if err != nil {
+		return err
+	}
+	// Derive an encryption key with the configured s2k function.
+	encryptionKey := make([]byte, config.Cipher().KeySize())
+	s2k, err := params.Function()
+	if err != nil {
+		return err
+	}
+	s2k(encryptionKey, passphrase)
+	for _, key := range keys {
+		if key != nil && !key.Dummy() && !key.Encrypted {
+			err = key.encrypt(encryptionKey, params, config.Cipher())
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// Encrypt encrypts an unencrypted private key using a passphrase.
+func (pk *PrivateKey) Encrypt(passphrase []byte) error {
+	// Default config of private key encryption
+	config := &Config{
+		S2KConfig: &s2k.Config{
+			S2KMode:  s2k.IteratedSaltedS2K,
+			S2KCount: 65536,
+			Hash:     crypto.SHA256,
+		} ,
+		DefaultCipher: CipherAES256,
+	}
+	return pk.EncryptWithConfig(passphrase, config)
+}
+
 func (pk *PrivateKey) serializePrivateKey(w io.Writer) (err error) {
 	switch priv := pk.PrivateKey.(type) {
 	case *rsa.PrivateKey: