passforios-gopenpgp/crypto/session.go

package crypto

import (
	"bytes"
	"errors"
	"fmt"
	"io"

	"golang.org/x/crypto/openpgp/packet"
)

// RandomToken generated a random token of the same size of the keysize of the default cipher.
func (pgp *GopenPGP) RandomToken() ([]byte, error) {
	config := &packet.Config{DefaultCipher: packet.CipherAES256}
	return pgp.RandomTokenSize(config.DefaultCipher.KeySize())
}

// RandomTokenSize generates a random token with the specified key size
func (pgp *GopenPGP) RandomTokenSize(size int) ([]byte, error) {
	config := &packet.Config{DefaultCipher: packet.CipherAES256}
	symKey := make([]byte, size)
	if _, err := io.ReadFull(config.Random(), symKey); err != nil {
		return nil, err
	}
	return symKey, nil
}

// DecryptSessionKey returns the decrypted session key from a binary encrypted session key packet.
func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SymmetricKey, error) {
	keyReader := bytes.NewReader(keyPacket)
	packets := packet.NewReader(keyReader)

	var p packet.Packet
	var err error
	if p, err = packets.Next(); err != nil {
		return nil, err
	}

	ek := p.(*packet.EncryptedKey)
	var decryptErr error
	for _, key := range keyRing.entities.DecryptionKeys() {
		priv := key.PrivateKey
		if priv.Encrypted {
			continue
		}

		if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil {
			break
		}
	}

	if decryptErr != nil {
		return nil, decryptErr
	}

	if ek == nil {
		return nil, errors.New("gopenpgp: unable to decrypt session key")
	}

	return newSymmetricKeyFromEncrypted(ek)
}

// EncryptSessionKey encrypts the session key with the unarmored
// publicKey and returns a binary public-key encrypted session key packet.
func (keyRing *KeyRing) EncryptSessionKey(sessionSplit *SymmetricKey) ([]byte, error) {
	outbuf := &bytes.Buffer{}

	cf := sessionSplit.GetCipherFunc()

	var pub *packet.PublicKey
	for _, e := range keyRing.GetEntities() {
		if encryptionKey, ok := e.EncryptionKey(pgp.getNow()); ok {
			pub = encryptionKey.PublicKey
			break
		}
	}
	if pub == nil {
		return nil, errors.New("cannot set key: no public key available")
	}

	if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sessionSplit.Key, nil); err != nil {
		err = fmt.Errorf("gopenpgp: cannot set key: %v", err)
		return nil, err
	}
	return outbuf.Bytes(), nil
}
Add decryptMime and refactor package structure 2018-09-11 11:09:28 +02:00			`package crypto`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`import (`
			`"bytes"`
			`"errors"`
			`"fmt"`
			`"io"`

			`"golang.org/x/crypto/openpgp/packet"`
			`)`

Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`// RandomToken generated a random token of the same size of the keysize of the default cipher.`
Rename PmCrypto to GopenPGP 2019-05-14 18:05:01 +02:00			`func (pgp *GopenPGP) RandomToken() ([]byte, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`config := &packet.Config{DefaultCipher: packet.CipherAES256}`
Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`return pgp.RandomTokenSize(config.DefaultCipher.KeySize())`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`// RandomTokenSize generates a random token with the specified key size`
			`func (pgp *GopenPGP) RandomTokenSize(size int) ([]byte, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`config := &packet.Config{DefaultCipher: packet.CipherAES256}`
			`symKey := make([]byte, size)`
			`if _, err := io.ReadFull(config.Random(), symKey); err != nil {`
			`return nil, err`
			`}`
			`return symKey, nil`
			`}`

Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`// DecryptSessionKey returns the decrypted session key from a binary encrypted session key packet.`
			`func (keyRing KeyRing) DecryptSessionKey(keyPacket []byte) (SymmetricKey, error) {`
Improve documentation and naming - Rename pmmime to gomime - Rename pmKeyObject to pgpKeyObject 2019-05-15 13:40:19 +02:00			`keyReader := bytes.NewReader(keyPacket)`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`packets := packet.NewReader(keyReader)`

			`var p packet.Packet`
			`var err error`
			`if p, err = packets.Next(); err != nil {`
			`return nil, err`
			`}`

			`ek := p.(*packet.EncryptedKey)`
			`var decryptErr error`
Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`for _, key := range keyRing.entities.DecryptionKeys() {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`priv := key.PrivateKey`
			`if priv.Encrypted {`
Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`continue`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

			`if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil {`
			`break`
			`}`
			`}`

			`if decryptErr != nil {`
return decrypt error 2019-03-07 14:08:17 +01:00			`return nil, decryptErr`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`if ek == nil {`
			`return nil, errors.New("gopenpgp: unable to decrypt session key")`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`
Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00
			`return newSymmetricKeyFromEncrypted(ek)`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`// EncryptSessionKey encrypts the session key with the unarmored`
Improve documentation and naming - Rename pmmime to gomime - Rename pmKeyObject to pgpKeyObject 2019-05-15 13:40:19 +02:00			`// publicKey and returns a binary public-key encrypted session key packet.`
Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`func (keyRing KeyRing) EncryptSessionKey(sessionSplit SymmetricKey) ([]byte, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`outbuf := &bytes.Buffer{}`

Issue #3: mobile client fallback version 2018-11-05 22:55:45 +01:00			`cf := sessionSplit.GetCipherFunc()`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`var pub *packet.PublicKey`
Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`for _, e := range keyRing.GetEntities() {`
Use Entitiy.EncryptionKey instead of reimplementing it This fixes us sometimes using subkeys whose key flags allow encryption but don't have a valid algorithm for encryption, or that are expired, etc. 2019-05-23 16:36:24 +02:00			`if encryptionKey, ok := e.EncryptionKey(pgp.getNow()); ok {`
			`pub = encryptionKey.PublicKey`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`break`
			`}`
			`}`
			`if pub == nil {`
			`return nil, errors.New("cannot set key: no public key available")`
			`}`

Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sessionSplit.Key, nil); err != nil {`
Improve documentation and naming - Rename pmmime to gomime - Rename pmKeyObject to pgpKeyObject 2019-05-15 13:40:19 +02:00			`err = fmt.Errorf("gopenpgp: cannot set key: %v", err)`
go vet and lint * Naming * If this is not some OpenPGP standard I follow rule that `DES` should be upper case as it is abreviation and `Triple` should be camel-case as it is normal word hence `TripleDES` * rename `errors2` -> `errorsPGP` * long lines * https://github.com/golang/go/wiki/CodeReviewComments#line-length * I bit improved long lines based on my folding * reuse type in definition if possible i.e. `a string, b string, c string` -> `a,b,c string` * `if long_statetent(); err!=nil {` -> `long_statement;↵ if err!=nil {` * spaces around operators (e.g. `a + b` -> `a+b`) * removing empty lines on start and end of scope * comments * on all exported functions * start with function name * import: * order in alphabet * separate native, golang.org/x/ and our libs 2019-05-14 14:42:38 +00:00			`return nil, err`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`
			`return outbuf.Bytes(), nil`
			`}`