JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
307 Commits
17 Branches
34 MiB
 
 
 
Tree: 6d23a8f5f3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d23a8f5f3'
${ noResults }
transfer.sh/vendor/golang.org/x/crypto/openpgp/packet/public_key_v3.go

280 lines
8.0 KiB
Raw Blame History 

  1. // Copyright 2013 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package packet

  6. 

  7. import (

  8. 	"crypto"

  9. 	"crypto/md5"

  10. 	"crypto/rsa"

  11. 	"encoding/binary"

  12. 	"fmt"

  13. 	"hash"

  14. 	"io"

  15. 	"math/big"

  16. 	"strconv"

  17. 	"time"

  18. 

  19. 	"golang.org/x/crypto/openpgp/errors"

  20. )

  21. 

  22. // PublicKeyV3 represents older, version 3 public keys. These keys are less secure and

  23. // should not be used for signing or encrypting. They are supported here only for

  24. // parsing version 3 key material and validating signatures.

  25. // See RFC 4880, section 5.5.2.

  26. type PublicKeyV3 struct {

  27. 	CreationTime time.Time

  28. 	DaysToExpire uint16

  29. 	PubKeyAlgo   PublicKeyAlgorithm

  30. 	PublicKey    *rsa.PublicKey

  31. 	Fingerprint  [16]byte

  32. 	KeyId        uint64

  33. 	IsSubkey     bool

  34. 

  35. 	n, e parsedMPI

  36. }

  37. 

  38. // newRSAPublicKeyV3 returns a PublicKey that wraps the given rsa.PublicKey.

  39. // Included here for testing purposes only. RFC 4880, section 5.5.2:

  40. // "an implementation MUST NOT generate a V3 key, but MAY accept it."

  41. func newRSAPublicKeyV3(creationTime time.Time, pub *rsa.PublicKey) *PublicKeyV3 {

  42. 	pk := &PublicKeyV3{

  43. 		CreationTime: creationTime,

  44. 		PublicKey:    pub,

  45. 		n:            fromBig(pub.N),

  46. 		e:            fromBig(big.NewInt(int64(pub.E))),

  47. 	}

  48. 

  49. 	pk.setFingerPrintAndKeyId()

  50. 	return pk

  51. }

  52. 

  53. func (pk *PublicKeyV3) parse(r io.Reader) (err error) {

  54. 	// RFC 4880, section 5.5.2

  55. 	var buf [8]byte

  56. 	if _, err = readFull(r, buf[:]); err != nil {

  57. 		return

  58. 	}

  59. 	if buf[0] < 2 || buf[0] > 3 {

  60. 		return errors.UnsupportedError("public key version")

  61. 	}

  62. 	pk.CreationTime = time.Unix(int64(uint32(buf[1])<<24|uint32(buf[2])<<16|uint32(buf[3])<<8|uint32(buf[4])), 0)

  63. 	pk.DaysToExpire = binary.BigEndian.Uint16(buf[5:7])

  64. 	pk.PubKeyAlgo = PublicKeyAlgorithm(buf[7])

  65. 	switch pk.PubKeyAlgo {

  66. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  67. 		err = pk.parseRSA(r)

  68. 	default:

  69. 		err = errors.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo)))

  70. 	}

  71. 	if err != nil {

  72. 		return

  73. 	}

  74. 

  75. 	pk.setFingerPrintAndKeyId()

  76. 	return

  77. }

  78. 

  79. func (pk *PublicKeyV3) setFingerPrintAndKeyId() {

  80. 	// RFC 4880, section 12.2

  81. 	fingerPrint := md5.New()

  82. 	fingerPrint.Write(pk.n.bytes)

  83. 	fingerPrint.Write(pk.e.bytes)

  84. 	fingerPrint.Sum(pk.Fingerprint[:0])

  85. 	pk.KeyId = binary.BigEndian.Uint64(pk.n.bytes[len(pk.n.bytes)-8:])

  86. }

  87. 

  88. // parseRSA parses RSA public key material from the given Reader. See RFC 4880,

  89. // section 5.5.2.

  90. func (pk *PublicKeyV3) parseRSA(r io.Reader) (err error) {

  91. 	if pk.n.bytes, pk.n.bitLength, err = readMPI(r); err != nil {

  92. 		return

  93. 	}

  94. 	if pk.e.bytes, pk.e.bitLength, err = readMPI(r); err != nil {

  95. 		return

  96. 	}

  97. 

  98. 	// RFC 4880 Section 12.2 requires the low 8 bytes of the

  99. 	// modulus to form the key id.

  100. 	if len(pk.n.bytes) < 8 {

  101. 		return errors.StructuralError("v3 public key modulus is too short")

  102. 	}

  103. 	if len(pk.e.bytes) > 3 {

  104. 		err = errors.UnsupportedError("large public exponent")

  105. 		return

  106. 	}

  107. 	rsa := &rsa.PublicKey{N: new(big.Int).SetBytes(pk.n.bytes)}

  108. 	for i := 0; i < len(pk.e.bytes); i++ {

  109. 		rsa.E <<= 8

  110. 		rsa.E |= int(pk.e.bytes[i])

  111. 	}

  112. 	pk.PublicKey = rsa

  113. 	return

  114. }

  115. 

  116. // SerializeSignaturePrefix writes the prefix for this public key to the given Writer.

  117. // The prefix is used when calculating a signature over this public key. See

  118. // RFC 4880, section 5.2.4.

  119. func (pk *PublicKeyV3) SerializeSignaturePrefix(w io.Writer) {

  120. 	var pLength uint16

  121. 	switch pk.PubKeyAlgo {

  122. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  123. 		pLength += 2 + uint16(len(pk.n.bytes))

  124. 		pLength += 2 + uint16(len(pk.e.bytes))

  125. 	default:

  126. 		panic("unknown public key algorithm")

  127. 	}

  128. 	pLength += 6

  129. 	w.Write([]byte{0x99, byte(pLength >> 8), byte(pLength)})

  130. 	return

  131. }

  132. 

  133. func (pk *PublicKeyV3) Serialize(w io.Writer) (err error) {

  134. 	length := 8 // 8 byte header

  135. 

  136. 	switch pk.PubKeyAlgo {

  137. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  138. 		length += 2 + len(pk.n.bytes)

  139. 		length += 2 + len(pk.e.bytes)

  140. 	default:

  141. 		panic("unknown public key algorithm")

  142. 	}

  143. 

  144. 	packetType := packetTypePublicKey

  145. 	if pk.IsSubkey {

  146. 		packetType = packetTypePublicSubkey

  147. 	}

  148. 	if err = serializeHeader(w, packetType, length); err != nil {

  149. 		return

  150. 	}

  151. 	return pk.serializeWithoutHeaders(w)

  152. }

  153. 

  154. // serializeWithoutHeaders marshals the PublicKey to w in the form of an

  155. // OpenPGP public key packet, not including the packet header.

  156. func (pk *PublicKeyV3) serializeWithoutHeaders(w io.Writer) (err error) {

  157. 	var buf [8]byte

  158. 	// Version 3

  159. 	buf[0] = 3

  160. 	// Creation time

  161. 	t := uint32(pk.CreationTime.Unix())

  162. 	buf[1] = byte(t >> 24)

  163. 	buf[2] = byte(t >> 16)

  164. 	buf[3] = byte(t >> 8)

  165. 	buf[4] = byte(t)

  166. 	// Days to expire

  167. 	buf[5] = byte(pk.DaysToExpire >> 8)

  168. 	buf[6] = byte(pk.DaysToExpire)

  169. 	// Public key algorithm

  170. 	buf[7] = byte(pk.PubKeyAlgo)

  171. 

  172. 	if _, err = w.Write(buf[:]); err != nil {

  173. 		return

  174. 	}

  175. 

  176. 	switch pk.PubKeyAlgo {

  177. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  178. 		return writeMPIs(w, pk.n, pk.e)

  179. 	}

  180. 	return errors.InvalidArgumentError("bad public-key algorithm")

  181. }

  182. 

  183. // CanSign returns true iff this public key can generate signatures

  184. func (pk *PublicKeyV3) CanSign() bool {

  185. 	return pk.PubKeyAlgo != PubKeyAlgoRSAEncryptOnly

  186. }

  187. 

  188. // VerifySignatureV3 returns nil iff sig is a valid signature, made by this

  189. // public key, of the data hashed into signed. signed is mutated by this call.

  190. func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error) {

  191. 	if !pk.CanSign() {

  192. 		return errors.InvalidArgumentError("public key cannot generate signatures")

  193. 	}

  194. 

  195. 	suffix := make([]byte, 5)

  196. 	suffix[0] = byte(sig.SigType)

  197. 	binary.BigEndian.PutUint32(suffix[1:], uint32(sig.CreationTime.Unix()))

  198. 	signed.Write(suffix)

  199. 	hashBytes := signed.Sum(nil)

  200. 

  201. 	if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {

  202. 		return errors.SignatureError("hash tag doesn't match")

  203. 	}

  204. 

  205. 	if pk.PubKeyAlgo != sig.PubKeyAlgo {

  206. 		return errors.InvalidArgumentError("public key and signature use different algorithms")

  207. 	}

  208. 

  209. 	switch pk.PubKeyAlgo {

  210. 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:

  211. 		if err = rsa.VerifyPKCS1v15(pk.PublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes); err != nil {

  212. 			return errors.SignatureError("RSA verification failure")

  213. 		}

  214. 		return

  215. 	default:

  216. 		// V3 public keys only support RSA.

  217. 		panic("shouldn't happen")

  218. 	}

  219. }

  220. 

  221. // VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this

  222. // public key, that id is the identity of pub.

  223. func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, pub *PublicKeyV3, sig *SignatureV3) (err error) {

  224. 	h, err := userIdSignatureV3Hash(id, pk, sig.Hash)

  225. 	if err != nil {

  226. 		return err

  227. 	}

  228. 	return pk.VerifySignatureV3(h, sig)

  229. }

  230. 

  231. // VerifyKeySignatureV3 returns nil iff sig is a valid signature, made by this

  232. // public key, of signed.

  233. func (pk *PublicKeyV3) VerifyKeySignatureV3(signed *PublicKeyV3, sig *SignatureV3) (err error) {

  234. 	h, err := keySignatureHash(pk, signed, sig.Hash)

  235. 	if err != nil {

  236. 		return err

  237. 	}

  238. 	return pk.VerifySignatureV3(h, sig)

  239. }

  240. 

  241. // userIdSignatureV3Hash returns a Hash of the message that needs to be signed

  242. // to assert that pk is a valid key for id.

  243. func userIdSignatureV3Hash(id string, pk signingKey, hfn crypto.Hash) (h hash.Hash, err error) {

  244. 	if !hfn.Available() {

  245. 		return nil, errors.UnsupportedError("hash function")

  246. 	}

  247. 	h = hfn.New()

  248. 

  249. 	// RFC 4880, section 5.2.4

  250. 	pk.SerializeSignaturePrefix(h)

  251. 	pk.serializeWithoutHeaders(h)

  252. 

  253. 	h.Write([]byte(id))

  254. 

  255. 	return

  256. }

  257. 

  258. // KeyIdString returns the public key's fingerprint in capital hex

  259. // (e.g. "6C7EE1B8621CC013").

  260. func (pk *PublicKeyV3) KeyIdString() string {

  261. 	return fmt.Sprintf("%X", pk.KeyId)

  262. }

  263. 

  264. // KeyIdShortString returns the short form of public key's fingerprint

  265. // in capital hex, as shown by gpg --list-keys (e.g. "621CC013").

  266. func (pk *PublicKeyV3) KeyIdShortString() string {

  267. 	return fmt.Sprintf("%X", pk.KeyId&0xFFFFFFFF)

  268. }

  269. 

  270. // BitLength returns the bit length for the given public key.

  271. func (pk *PublicKeyV3) BitLength() (bitLength uint16, err error) {

  272. 	switch pk.PubKeyAlgo {

  273. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  274. 		bitLength = pk.n.bitLength

  275. 	default:

  276. 		err = errors.InvalidArgumentError("bad public-key algorithm")

  277. 	}

  278. 	return

  279. }