JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
307 Commits
17 Branches
34 MiB
 
 
 
Tree: 6d23a8f5f3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d23a8f5f3'
${ noResults }
transfer.sh/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go

207 lines
6.1 KiB
Raw Blame History 

  1. // Copyright 2011 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package packet

  6. 

  7. import (

  8. 	"crypto/rsa"

  9. 	"encoding/binary"

  10. 	"io"

  11. 	"math/big"

  12. 	"strconv"

  13. 

  14. 	"golang.org/x/crypto/openpgp/elgamal"

  15. 	"golang.org/x/crypto/openpgp/errors"

  16. )

  17. 

  18. const encryptedKeyVersion = 3

  19. 

  20. // EncryptedKey represents a public-key encrypted session key. See RFC 4880,

  21. // section 5.1.

  22. type EncryptedKey struct {

  23. 	KeyId      uint64

  24. 	Algo       PublicKeyAlgorithm

  25. 	CipherFunc CipherFunction // only valid after a successful Decrypt

  26. 	Key        []byte         // only valid after a successful Decrypt

  27. 

  28. 	encryptedMPI1, encryptedMPI2 parsedMPI

  29. }

  30. 

  31. func (e *EncryptedKey) parse(r io.Reader) (err error) {

  32. 	var buf [10]byte

  33. 	_, err = readFull(r, buf[:])

  34. 	if err != nil {

  35. 		return

  36. 	}

  37. 	if buf[0] != encryptedKeyVersion {

  38. 		return errors.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0])))

  39. 	}

  40. 	e.KeyId = binary.BigEndian.Uint64(buf[1:9])

  41. 	e.Algo = PublicKeyAlgorithm(buf[9])

  42. 	switch e.Algo {

  43. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  44. 		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)

  45. 		if err != nil {

  46. 			return

  47. 		}

  48. 	case PubKeyAlgoElGamal:

  49. 		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)

  50. 		if err != nil {

  51. 			return

  52. 		}

  53. 		e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r)

  54. 		if err != nil {

  55. 			return

  56. 		}

  57. 	}

  58. 	_, err = consumeAll(r)

  59. 	return

  60. }

  61. 

  62. func checksumKeyMaterial(key []byte) uint16 {

  63. 	var checksum uint16

  64. 	for _, v := range key {

  65. 		checksum += uint16(v)

  66. 	}

  67. 	return checksum

  68. }

  69. 

  70. // Decrypt decrypts an encrypted session key with the given private key. The

  71. // private key must have been decrypted first.

  72. // If config is nil, sensible defaults will be used.

  73. func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {

  74. 	var err error

  75. 	var b []byte

  76. 

  77. 	// TODO(agl): use session key decryption routines here to avoid

  78. 	// padding oracle attacks.

  79. 	switch priv.PubKeyAlgo {

  80. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  81. 		k := priv.PrivateKey.(*rsa.PrivateKey)

  82. 		b, err = rsa.DecryptPKCS1v15(config.Random(), k, padToKeySize(&k.PublicKey, e.encryptedMPI1.bytes))

  83. 	case PubKeyAlgoElGamal:

  84. 		c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes)

  85. 		c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes)

  86. 		b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2)

  87. 	default:

  88. 		err = errors.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))

  89. 	}

  90. 

  91. 	if err != nil {

  92. 		return err

  93. 	}

  94. 

  95. 	e.CipherFunc = CipherFunction(b[0])

  96. 	e.Key = b[1 : len(b)-2]

  97. 	expectedChecksum := uint16(b[len(b)-2])<<8 | uint16(b[len(b)-1])

  98. 	checksum := checksumKeyMaterial(e.Key)

  99. 	if checksum != expectedChecksum {

  100. 		return errors.StructuralError("EncryptedKey checksum incorrect")

  101. 	}

  102. 

  103. 	return nil

  104. }

  105. 

  106. // Serialize writes the encrypted key packet, e, to w.

  107. func (e *EncryptedKey) Serialize(w io.Writer) error {

  108. 	var mpiLen int

  109. 	switch e.Algo {

  110. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  111. 		mpiLen = 2 + len(e.encryptedMPI1.bytes)

  112. 	case PubKeyAlgoElGamal:

  113. 		mpiLen = 2 + len(e.encryptedMPI1.bytes) + 2 + len(e.encryptedMPI2.bytes)

  114. 	default:

  115. 		return errors.InvalidArgumentError("don't know how to serialize encrypted key type " + strconv.Itoa(int(e.Algo)))

  116. 	}

  117. 

  118. 	serializeHeader(w, packetTypeEncryptedKey, 1 /* version */ +8 /* key id */ +1 /* algo */ +mpiLen)

  119. 

  120. 	w.Write([]byte{encryptedKeyVersion})

  121. 	binary.Write(w, binary.BigEndian, e.KeyId)

  122. 	w.Write([]byte{byte(e.Algo)})

  123. 

  124. 	switch e.Algo {

  125. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  126. 		writeMPIs(w, e.encryptedMPI1)

  127. 	case PubKeyAlgoElGamal:

  128. 		writeMPIs(w, e.encryptedMPI1, e.encryptedMPI2)

  129. 	default:

  130. 		panic("internal error")

  131. 	}

  132. 

  133. 	return nil

  134. }

  135. 

  136. // SerializeEncryptedKey serializes an encrypted key packet to w that contains

  137. // key, encrypted to pub.

  138. // If config is nil, sensible defaults will be used.

  139. func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error {

  140. 	var buf [10]byte

  141. 	buf[0] = encryptedKeyVersion

  142. 	binary.BigEndian.PutUint64(buf[1:9], pub.KeyId)

  143. 	buf[9] = byte(pub.PubKeyAlgo)

  144. 

  145. 	keyBlock := make([]byte, 1 /* cipher type */ +len(key)+2 /* checksum */)

  146. 	keyBlock[0] = byte(cipherFunc)

  147. 	copy(keyBlock[1:], key)

  148. 	checksum := checksumKeyMaterial(key)

  149. 	keyBlock[1+len(key)] = byte(checksum >> 8)

  150. 	keyBlock[1+len(key)+1] = byte(checksum)

  151. 

  152. 	switch pub.PubKeyAlgo {

  153. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  154. 		return serializeEncryptedKeyRSA(w, config.Random(), buf, pub.PublicKey.(*rsa.PublicKey), keyBlock)

  155. 	case PubKeyAlgoElGamal:

  156. 		return serializeEncryptedKeyElGamal(w, config.Random(), buf, pub.PublicKey.(*elgamal.PublicKey), keyBlock)

  157. 	case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly:

  158. 		return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))

  159. 	}

  160. 

  161. 	return errors.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))

  162. }

  163. 

  164. func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub *rsa.PublicKey, keyBlock []byte) error {

  165. 	cipherText, err := rsa.EncryptPKCS1v15(rand, pub, keyBlock)

  166. 	if err != nil {

  167. 		return errors.InvalidArgumentError("RSA encryption failed: " + err.Error())

  168. 	}

  169. 

  170. 	packetLen := 10 /* header length */ + 2 /* mpi size */ + len(cipherText)

  171. 

  172. 	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)

  173. 	if err != nil {

  174. 		return err

  175. 	}

  176. 	_, err = w.Write(header[:])

  177. 	if err != nil {

  178. 		return err

  179. 	}

  180. 	return writeMPI(w, 8*uint16(len(cipherText)), cipherText)

  181. }

  182. 

  183. func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header [10]byte, pub *elgamal.PublicKey, keyBlock []byte) error {

  184. 	c1, c2, err := elgamal.Encrypt(rand, pub, keyBlock)

  185. 	if err != nil {

  186. 		return errors.InvalidArgumentError("ElGamal encryption failed: " + err.Error())

  187. 	}

  188. 

  189. 	packetLen := 10 /* header length */

  190. 	packetLen += 2 /* mpi size */ + (c1.BitLen()+7)/8

  191. 	packetLen += 2 /* mpi size */ + (c2.BitLen()+7)/8

  192. 

  193. 	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)

  194. 	if err != nil {

  195. 		return err

  196. 	}

  197. 	_, err = w.Write(header[:])

  198. 	if err != nil {

  199. 		return err

  200. 	}

  201. 	err = writeBig(w, c1)

  202. 	if err != nil {

  203. 		return err

  204. 	}

  205. 	return writeBig(w, c2)

  206. }