osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Watch 15
Star 7
Wiki 捐赠
本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branch: gamification
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'gamification'
${ noResults }
com/vendor/github.com/keybase/go-crypto/openpgp/packet/encrypted_key.go

227 lines
6.9KB
Raw Permalink Blame History 

  1. // Copyright 2011 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package packet

  6. 

  7. import (

  8. 	"encoding/binary"

  9. 	"io"

  10. 	"math/big"

  11. 	"strconv"

  12. 

  13. 	"github.com/keybase/go-crypto/openpgp/ecdh"

  14. 	"github.com/keybase/go-crypto/openpgp/elgamal"

  15. 	"github.com/keybase/go-crypto/openpgp/errors"

  16. 	"github.com/keybase/go-crypto/rsa"

  17. )

  18. 

  19. const encryptedKeyVersion = 3

  20. 

  21. // EncryptedKey represents a public-key encrypted session key. See RFC 4880,

  22. // section 5.1.

  23. type EncryptedKey struct {

  24. 	KeyId      uint64

  25. 	Algo       PublicKeyAlgorithm

  26. 	CipherFunc CipherFunction // only valid after a successful Decrypt

  27. 	Key        []byte         // only valid after a successful Decrypt

  28. 

  29. 	encryptedMPI1, encryptedMPI2 parsedMPI

  30. 	ecdh_C                       []byte

  31. }

  32. 

  33. func (e *EncryptedKey) parse(r io.Reader) (err error) {

  34. 	var buf [10]byte

  35. 	_, err = readFull(r, buf[:])

  36. 	if err != nil {

  37. 		return

  38. 	}

  39. 	if buf[0] != encryptedKeyVersion {

  40. 		return errors.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0])))

  41. 	}

  42. 	e.KeyId = binary.BigEndian.Uint64(buf[1:9])

  43. 	e.Algo = PublicKeyAlgorithm(buf[9])

  44. 	switch e.Algo {

  45. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  46. 		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)

  47. 	case PubKeyAlgoElGamal:

  48. 		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)

  49. 		if err != nil {

  50. 			return

  51. 		}

  52. 		e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r)

  53. 	case PubKeyAlgoECDH:

  54. 		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)

  55. 		if err != nil {

  56. 			return err

  57. 		}

  58. 		_, err = readFull(r, buf[:1]) // read C len (1 byte)

  59. 		if err != nil {

  60. 			return err

  61. 		}

  62. 		e.ecdh_C = make([]byte, int(buf[0]))

  63. 		_, err = readFull(r, e.ecdh_C)

  64. 	}

  65. 

  66. 	if err != nil {

  67. 		return err

  68. 	}

  69. 

  70. 	_, err = consumeAll(r)

  71. 	return err

  72. }

  73. 

  74. func checksumKeyMaterial(key []byte) uint16 {

  75. 	var checksum uint16

  76. 	for _, v := range key {

  77. 		checksum += uint16(v)

  78. 	}

  79. 	return checksum

  80. }

  81. 

  82. // Decrypt decrypts an encrypted session key with the given private key. The

  83. // private key must have been decrypted first.

  84. // If config is nil, sensible defaults will be used.

  85. func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {

  86. 	var err error

  87. 	var b []byte

  88. 

  89. 	// TODO(agl): use session key decryption routines here to avoid

  90. 	// padding oracle attacks.

  91. 	switch priv.PubKeyAlgo {

  92. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  93. 		b, err = rsa.DecryptPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), e.encryptedMPI1.bytes)

  94. 	case PubKeyAlgoElGamal:

  95. 		c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes)

  96. 		c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes)

  97. 		b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2)

  98. 	case PubKeyAlgoECDH:

  99. 		// Note: Unmarshal checks if point is on the curve.

  100. 		c1, c2 := ecdh.Unmarshal(priv.PrivateKey.(*ecdh.PrivateKey).Curve, e.encryptedMPI1.bytes)

  101. 		if c1 == nil {

  102. 			return errors.InvalidArgumentError("failed to parse EC point for encryption key")

  103. 		}

  104. 		b, err = decryptKeyECDH(priv, c1, c2, e.ecdh_C)

  105. 	default:

  106. 		err = errors.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))

  107. 	}

  108. 

  109. 	if err != nil {

  110. 		return err

  111. 	}

  112. 

  113. 	e.CipherFunc = CipherFunction(b[0])

  114. 	e.Key = b[1 : len(b)-2]

  115. 	expectedChecksum := uint16(b[len(b)-2])<<8 | uint16(b[len(b)-1])

  116. 	checksum := checksumKeyMaterial(e.Key)

  117. 	if checksum != expectedChecksum {

  118. 		return errors.StructuralError("EncryptedKey checksum incorrect")

  119. 	}

  120. 

  121. 	return nil

  122. }

  123. 

  124. // Serialize writes the encrypted key packet, e, to w.

  125. func (e *EncryptedKey) Serialize(w io.Writer) error {

  126. 	var mpiLen int

  127. 	switch e.Algo {

  128. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  129. 		mpiLen = 2 + len(e.encryptedMPI1.bytes)

  130. 	case PubKeyAlgoElGamal:

  131. 		mpiLen = 2 + len(e.encryptedMPI1.bytes) + 2 + len(e.encryptedMPI2.bytes)

  132. 	default:

  133. 		return errors.InvalidArgumentError("don't know how to serialize encrypted key type " + strconv.Itoa(int(e.Algo)))

  134. 	}

  135. 

  136. 	serializeHeader(w, packetTypeEncryptedKey, 1 /* version */ +8 /* key id */ +1 /* algo */ +mpiLen)

  137. 

  138. 	w.Write([]byte{encryptedKeyVersion})

  139. 	binary.Write(w, binary.BigEndian, e.KeyId)

  140. 	w.Write([]byte{byte(e.Algo)})

  141. 

  142. 	switch e.Algo {

  143. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  144. 		writeMPIs(w, e.encryptedMPI1)

  145. 	case PubKeyAlgoElGamal:

  146. 		writeMPIs(w, e.encryptedMPI1, e.encryptedMPI2)

  147. 	default:

  148. 		panic("internal error")

  149. 	}

  150. 

  151. 	return nil

  152. }

  153. 

  154. // SerializeEncryptedKey serializes an encrypted key packet to w that contains

  155. // key, encrypted to pub.

  156. // If config is nil, sensible defaults will be used.

  157. func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error {

  158. 	var buf [10]byte

  159. 	buf[0] = encryptedKeyVersion

  160. 	binary.BigEndian.PutUint64(buf[1:9], pub.KeyId)

  161. 	buf[9] = byte(pub.PubKeyAlgo)

  162. 

  163. 	keyBlock := make([]byte, 1 /* cipher type */ +len(key)+2 /* checksum */)

  164. 	keyBlock[0] = byte(cipherFunc)

  165. 	copy(keyBlock[1:], key)

  166. 	checksum := checksumKeyMaterial(key)

  167. 	keyBlock[1+len(key)] = byte(checksum >> 8)

  168. 	keyBlock[1+len(key)+1] = byte(checksum)

  169. 

  170. 	switch pub.PubKeyAlgo {

  171. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:

  172. 		return serializeEncryptedKeyRSA(w, config.Random(), buf, pub.PublicKey.(*rsa.PublicKey), keyBlock)

  173. 	case PubKeyAlgoElGamal:

  174. 		return serializeEncryptedKeyElGamal(w, config.Random(), buf, pub.PublicKey.(*elgamal.PublicKey), keyBlock)

  175. 	case PubKeyAlgoECDH:

  176. 		return serializeEncryptedKeyECDH(w, config.Random(), buf, pub, keyBlock)

  177. 	case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly:

  178. 		return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))

  179. 	}

  180. 

  181. 	return errors.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))

  182. }

  183. 

  184. func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub *rsa.PublicKey, keyBlock []byte) error {

  185. 	cipherText, err := rsa.EncryptPKCS1v15(rand, pub, keyBlock)

  186. 	if err != nil {

  187. 		return errors.InvalidArgumentError("RSA encryption failed: " + err.Error())

  188. 	}

  189. 

  190. 	packetLen := 10 /* header length */ + 2 /* mpi size */ + len(cipherText)

  191. 

  192. 	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)

  193. 	if err != nil {

  194. 		return err

  195. 	}

  196. 	_, err = w.Write(header[:])

  197. 	if err != nil {

  198. 		return err

  199. 	}

  200. 	return writeMPI(w, 8*uint16(len(cipherText)), cipherText)

  201. }

  202. 

  203. func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header [10]byte, pub *elgamal.PublicKey, keyBlock []byte) error {

  204. 	c1, c2, err := elgamal.Encrypt(rand, pub, keyBlock)

  205. 	if err != nil {

  206. 		return errors.InvalidArgumentError("ElGamal encryption failed: " + err.Error())

  207. 	}

  208. 

  209. 	packetLen := 10 /* header length */

  210. 	packetLen += 2 /* mpi size */ + (c1.BitLen()+7)/8

  211. 	packetLen += 2 /* mpi size */ + (c2.BitLen()+7)/8

  212. 

  213. 	err = serializeHeader(w, packetTypeEncryptedKey, packetLen)

  214. 	if err != nil {

  215. 		return err

  216. 	}

  217. 	_, err = w.Write(header[:])

  218. 	if err != nil {

  219. 		return err

  220. 	}

  221. 	err = writeBig(w, c1)

  222. 	if err != nil {

  223. 		return err

  224. 	}

  225. 	return writeBig(w, c2)

  226. }
上海开阖软件有限公司 沪ICP备12045867号-1