2018-09-11 11:09:28 +02:00
|
|
|
package crypto
|
2018-06-04 16:05:14 -07:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"io"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
|
2018-11-01 17:03:43 +01:00
|
|
|
armorUtils "github.com/ProtonMail/go-pm-crypto/armor"
|
|
|
|
|
"github.com/ProtonMail/go-pm-crypto/internal"
|
|
|
|
|
"github.com/ProtonMail/go-pm-crypto/models"
|
2018-06-04 16:05:14 -07:00
|
|
|
"golang.org/x/crypto/openpgp"
|
2018-09-11 11:09:28 +02:00
|
|
|
"golang.org/x/crypto/openpgp/armor"
|
2018-09-19 11:52:14 +02:00
|
|
|
"golang.org/x/crypto/openpgp/packet"
|
2018-06-04 16:05:14 -07:00
|
|
|
)
|
|
|
|
|
|
2018-11-05 22:55:45 +01:00
|
|
|
// Encrypt attachment. Takes input data and key data in binary form
|
2018-09-11 11:09:28 +02:00
|
|
|
func (pm *PmCrypto) EncryptAttachmentBinKey(plainData []byte, fileName string, publicKey []byte) (*models.EncryptedSplit, error) {
|
2018-06-04 16:05:14 -07:00
|
|
|
|
|
|
|
|
var outBuf bytes.Buffer
|
2018-11-05 22:55:45 +01:00
|
|
|
w, err := armor.Encode(&outBuf, armorUtils.PGP_MESSAGE_HEADER, internal.ArmorHeaders)
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pubKeyReader := bytes.NewReader(publicKey)
|
|
|
|
|
pubKeyEntries, err := openpgp.ReadKeyRing(pubKeyReader)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
hints := &openpgp.FileHints{
|
|
|
|
|
FileName: fileName,
|
|
|
|
|
}
|
2018-06-22 16:04:20 +02:00
|
|
|
|
|
|
|
|
config := &packet.Config{
|
|
|
|
|
DefaultCipher: packet.CipherAES256,
|
2018-09-11 11:09:28 +02:00
|
|
|
Time: pm.getTimeGenerator(),
|
2018-06-22 16:04:20 +02:00
|
|
|
}
|
2018-06-04 16:05:14 -07:00
|
|
|
|
|
|
|
|
ew, err := openpgp.Encrypt(w, pubKeyEntries, nil, hints, config)
|
|
|
|
|
|
|
|
|
|
_, _ = ew.Write(plainData)
|
|
|
|
|
ew.Close()
|
|
|
|
|
w.Close()
|
|
|
|
|
|
2018-11-05 22:55:45 +01:00
|
|
|
split, err := SplitArmor(outBuf.String())
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-06-04 17:50:26 -07:00
|
|
|
split.Algo = "aes256"
|
|
|
|
|
return split, nil
|
2018-06-04 16:05:14 -07:00
|
|
|
}
|
|
|
|
|
|
2018-11-05 22:55:45 +01:00
|
|
|
// Helper method. Splits armored pgp session into key and packet data
|
|
|
|
|
func SplitArmor(encrypted string) (*models.EncryptedSplit, error) {
|
|
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
encryptedRaw, err := armorUtils.Unarmor(encrypted)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
encryptedReader := bytes.NewReader(encryptedRaw)
|
|
|
|
|
|
|
|
|
|
return SeparateKeyAndData(nil, encryptedReader)
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Encrypt attachment. Takes input data in binary form and key in as a string
|
2018-09-11 11:09:28 +02:00
|
|
|
func (pm *PmCrypto) EncryptAttachment(plainData []byte, fileName string, publicKey string) (*models.EncryptedSplit, error) {
|
2018-09-19 11:52:14 +02:00
|
|
|
rawPubKey, err := armorUtils.Unarmor(publicKey)
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-09-11 11:09:28 +02:00
|
|
|
return pm.EncryptAttachmentBinKey(plainData, fileName, rawPubKey)
|
2018-06-04 16:05:14 -07:00
|
|
|
}
|
|
|
|
|
|
2018-11-05 22:55:45 +01:00
|
|
|
// Decrypt attachment. Takes input data and key data in binary form. privateKeys can contains more keys. passphrase is used to unlock keys
|
2018-09-11 11:09:28 +02:00
|
|
|
func (pm *PmCrypto) DecryptAttachmentBinKey(keyPacket []byte, dataPacket []byte, privateKeys []byte, passphrase string) ([]byte, error) {
|
2018-06-04 16:05:14 -07:00
|
|
|
privKeyRaw := bytes.NewReader(privateKeys)
|
|
|
|
|
privKeyEntries, err := openpgp.ReadKeyRing(privKeyRaw)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rawPwd := []byte(passphrase)
|
|
|
|
|
for _, e := range privKeyEntries {
|
|
|
|
|
|
|
|
|
|
if e.PrivateKey != nil && e.PrivateKey.Encrypted {
|
|
|
|
|
e.PrivateKey.Decrypt(rawPwd)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, sub := range e.Subkeys {
|
|
|
|
|
if sub.PrivateKey != nil && sub.PrivateKey.Encrypted {
|
|
|
|
|
sub.PrivateKey.Decrypt(rawPwd)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keyReader := bytes.NewReader(keyPacket)
|
|
|
|
|
dataReader := bytes.NewReader(dataPacket)
|
|
|
|
|
|
|
|
|
|
encryptedReader := io.MultiReader(keyReader, dataReader)
|
|
|
|
|
|
2018-09-19 11:52:14 +02:00
|
|
|
config := &packet.Config{Time: pm.getTimeGenerator()}
|
2018-06-22 16:04:20 +02:00
|
|
|
|
|
|
|
|
md, err := openpgp.ReadMessage(encryptedReader, privKeyEntries, nil, config)
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
decrypted := md.UnverifiedBody
|
|
|
|
|
b, err := ioutil.ReadAll(decrypted)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return b, nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-05 22:55:45 +01:00
|
|
|
// Decrypt attachment. Takes input data and key data in binary form and key as an armored string. passphrase is used to unlock keys
|
2018-09-11 11:09:28 +02:00
|
|
|
func (pm *PmCrypto) DecryptAttachment(keyPacket []byte, dataPacket []byte, privateKey string, passphrase string) ([]byte, error) {
|
2018-09-19 11:52:14 +02:00
|
|
|
rawPrivKey, err := armorUtils.Unarmor(privateKey)
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-09-11 11:09:28 +02:00
|
|
|
return pm.DecryptAttachmentBinKey(keyPacket, dataPacket, rawPrivKey, passphrase)
|
2018-06-04 16:05:14 -07:00
|
|
|
}
|
|
|
|
|
|
2018-11-05 22:55:45 +01:00
|
|
|
//Encrypt attachment. Use symmetrical cipher with key in password input string
|
2018-09-11 11:09:28 +02:00
|
|
|
func (pm *PmCrypto) EncryptAttachmentWithPassword(plainData []byte, password string) (string, error) {
|
2018-06-04 16:05:14 -07:00
|
|
|
|
|
|
|
|
var outBuf bytes.Buffer
|
2018-11-05 22:55:45 +01:00
|
|
|
w, err := armor.Encode(&outBuf, armorUtils.PGP_MESSAGE_HEADER, internal.ArmorHeaders)
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-19 11:52:14 +02:00
|
|
|
config := &packet.Config{Time: pm.getTimeGenerator()}
|
2018-06-22 16:04:20 +02:00
|
|
|
|
|
|
|
|
plaintext, err := openpgp.SymmetricallyEncrypt(w, []byte(password), nil, config)
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = plaintext.Write(plainData)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
err = plaintext.Close()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
w.Close()
|
|
|
|
|
|
|
|
|
|
return outBuf.String(), nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-05 22:55:45 +01:00
|
|
|
//Decrypt attachment using password locked key.
|
2018-09-11 11:09:28 +02:00
|
|
|
func (pm *PmCrypto) DecryptAttachmentWithPassword(keyPacket []byte, dataPacket []byte, password string) ([]byte, error) {
|
2018-06-04 16:05:14 -07:00
|
|
|
|
|
|
|
|
encrypted := append(keyPacket, dataPacket...)
|
|
|
|
|
|
|
|
|
|
encryptedReader := bytes.NewReader(encrypted)
|
|
|
|
|
|
|
|
|
|
var prompt = func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
|
|
|
|
|
return []byte(password), nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-19 11:52:14 +02:00
|
|
|
config := &packet.Config{Time: pm.getTimeGenerator()}
|
2018-06-22 16:04:20 +02:00
|
|
|
|
|
|
|
|
md, err := openpgp.ReadMessage(encryptedReader, nil, prompt, config)
|
2018-06-04 16:05:14 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
messageBuf := bytes.NewBuffer(nil)
|
|
|
|
|
_, err = io.Copy(messageBuf, md.UnverifiedBody)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return messageBuf.Bytes(), nil
|
|
|
|
|
}
|
