2019-12-27 19:35:43 +01:00
|
|
|
package crypto
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"encoding/base64"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
2021-06-30 16:49:30 +02:00
|
|
|
"time"
|
2019-12-27 19:35:43 +01:00
|
|
|
|
|
|
|
|
"github.com/ProtonMail/gopenpgp/v2/constants"
|
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
|
2020-12-08 18:34:39 +01:00
|
|
|
"github.com/ProtonMail/go-crypto/openpgp"
|
2022-02-24 18:57:31 +01:00
|
|
|
pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
|
2020-12-08 18:34:39 +01:00
|
|
|
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
2019-12-27 19:35:43 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// SessionKey stores a decrypted session key.
|
|
|
|
|
type SessionKey struct {
|
|
|
|
|
// The decrypted binary session key.
|
|
|
|
|
Key []byte
|
|
|
|
|
// The symmetric encryption algorithm used with this key.
|
|
|
|
|
Algo string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var symKeyAlgos = map[string]packet.CipherFunction{
|
|
|
|
|
constants.ThreeDES: packet.Cipher3DES,
|
|
|
|
|
constants.TripleDES: packet.Cipher3DES,
|
|
|
|
|
constants.CAST5: packet.CipherCAST5,
|
|
|
|
|
constants.AES128: packet.CipherAES128,
|
|
|
|
|
constants.AES192: packet.CipherAES192,
|
|
|
|
|
constants.AES256: packet.CipherAES256,
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-24 18:57:31 +01:00
|
|
|
type checkReader struct {
|
|
|
|
|
decrypted io.ReadCloser
|
|
|
|
|
body io.Reader
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (cr checkReader) Read(buf []byte) (int, error) {
|
|
|
|
|
n, sensitiveParsingError := cr.body.Read(buf)
|
|
|
|
|
if sensitiveParsingError == io.EOF {
|
|
|
|
|
mdcErr := cr.decrypted.Close()
|
|
|
|
|
if mdcErr != nil {
|
|
|
|
|
return n, mdcErr
|
|
|
|
|
}
|
|
|
|
|
return n, io.EOF
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if sensitiveParsingError != nil {
|
|
|
|
|
return n, pgpErrors.StructuralError("parsing error")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return n, nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
// GetCipherFunc returns the cipher function corresponding to the algorithm used
|
|
|
|
|
// with this SessionKey.
|
|
|
|
|
func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error) {
|
|
|
|
|
cf, ok := symKeyAlgos[sk.Algo]
|
|
|
|
|
if !ok {
|
|
|
|
|
return cf, errors.New("gopenpgp: unsupported cipher function: " + sk.Algo)
|
|
|
|
|
}
|
|
|
|
|
return cf, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetBase64Key returns the session key as base64 encoded string.
|
|
|
|
|
func (sk *SessionKey) GetBase64Key() string {
|
|
|
|
|
return base64.StdEncoding.EncodeToString(sk.Key)
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 13:55:36 +02:00
|
|
|
// RandomToken generates a random token with the specified key size.
|
2019-12-27 19:35:43 +01:00
|
|
|
func RandomToken(size int) ([]byte, error) {
|
|
|
|
|
config := &packet.Config{DefaultCipher: packet.CipherAES256}
|
|
|
|
|
symKey := make([]byte, size)
|
|
|
|
|
if _, err := io.ReadFull(config.Random(), symKey); err != nil {
|
2020-10-29 12:42:32 +01:00
|
|
|
return nil, errors.Wrap(err, "gopenpgp: error in generating random token")
|
2019-12-27 19:35:43 +01:00
|
|
|
}
|
|
|
|
|
return symKey, nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 13:55:36 +02:00
|
|
|
// GenerateSessionKeyAlgo generates a random key of the correct length for the
|
|
|
|
|
// specified algorithm.
|
2019-12-27 19:35:43 +01:00
|
|
|
func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error) {
|
|
|
|
|
cf, ok := symKeyAlgos[algo]
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, errors.New("gopenpgp: unknown symmetric key generation algorithm")
|
|
|
|
|
}
|
|
|
|
|
r, err := RandomToken(cf.KeySize())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sk = &SessionKey{
|
|
|
|
|
Key: r,
|
|
|
|
|
Algo: algo,
|
|
|
|
|
}
|
|
|
|
|
return sk, nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 13:55:36 +02:00
|
|
|
// GenerateSessionKey generates a random key for the default cipher.
|
2019-12-27 19:35:43 +01:00
|
|
|
func GenerateSessionKey() (*SessionKey, error) {
|
|
|
|
|
return GenerateSessionKeyAlgo(constants.AES256)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewSessionKeyFromToken(token []byte, algo string) *SessionKey {
|
|
|
|
|
return &SessionKey{
|
2020-04-08 11:11:16 +02:00
|
|
|
Key: clone(token),
|
2019-12-27 19:35:43 +01:00
|
|
|
Algo: algo,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
|
|
|
|
|
var algo string
|
|
|
|
|
for k, v := range symKeyAlgos {
|
|
|
|
|
if v == ek.CipherFunc {
|
|
|
|
|
algo = k
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if algo == "" {
|
|
|
|
|
return nil, fmt.Errorf("gopenpgp: unsupported cipher function: %v", ek.CipherFunc)
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-20 11:43:36 +02:00
|
|
|
sk := &SessionKey{
|
2019-12-27 19:35:43 +01:00
|
|
|
Key: ek.Key,
|
|
|
|
|
Algo: algo,
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-20 11:43:36 +02:00
|
|
|
if err := sk.checkSize(); err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return sk, nil
|
2019-12-27 19:35:43 +01:00
|
|
|
}
|
|
|
|
|
|
2020-04-28 13:55:36 +02:00
|
|
|
// Encrypt encrypts a PlainMessage to PGPMessage with a SessionKey.
|
|
|
|
|
// * message : The plain data as a PlainMessage.
|
|
|
|
|
// * output : The encrypted data as PGPMessage.
|
2019-12-27 19:35:43 +01:00
|
|
|
func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error) {
|
|
|
|
|
dc, err := sk.GetCipherFunc()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config := &packet.Config{
|
|
|
|
|
Time: getTimeGenerator(),
|
|
|
|
|
DefaultCipher: dc,
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-27 17:38:25 +02:00
|
|
|
return encryptWithSessionKey(message, sk, nil, config)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// EncryptAndSign encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key.
|
|
|
|
|
// * message : The plain data as a PlainMessage.
|
|
|
|
|
// * signKeyRing: The KeyRing to sign the message
|
|
|
|
|
// * output : The encrypted data as PGPMessage.
|
|
|
|
|
func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error) {
|
|
|
|
|
dc, err := sk.GetCipherFunc()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config := &packet.Config{
|
|
|
|
|
Time: getTimeGenerator(),
|
|
|
|
|
DefaultCipher: dc,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
signEntity, err := signKeyRing.getSigningEntity()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to sign")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return encryptWithSessionKey(message, sk, signEntity, config)
|
2020-11-04 17:40:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey.
|
|
|
|
|
// * message : The plain data as a PlainMessage.
|
|
|
|
|
// * output : The encrypted data as PGPMessage.
|
|
|
|
|
func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error) {
|
|
|
|
|
dc, err := sk.GetCipherFunc()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config := &packet.Config{
|
|
|
|
|
Time: getTimeGenerator(),
|
|
|
|
|
DefaultCipher: dc,
|
|
|
|
|
DefaultCompressionAlgo: constants.DefaultCompression,
|
|
|
|
|
CompressionConfig: &packet.CompressionConfig{Level: constants.DefaultCompressionLevel},
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-27 17:38:25 +02:00
|
|
|
return encryptWithSessionKey(message, sk, nil, config)
|
2020-11-04 17:40:45 +01:00
|
|
|
}
|
|
|
|
|
|
2021-04-27 17:38:25 +02:00
|
|
|
func encryptWithSessionKey(message *PlainMessage, sk *SessionKey, signEntity *openpgp.Entity, config *packet.Config) ([]byte, error) {
|
|
|
|
|
var encBuf = new(bytes.Buffer)
|
2020-11-04 17:40:45 +01:00
|
|
|
|
2021-06-30 16:49:30 +02:00
|
|
|
encryptWriter, signWriter, err := encryptStreamWithSessionKey(
|
|
|
|
|
message.IsBinary(),
|
|
|
|
|
message.Filename,
|
|
|
|
|
message.Time,
|
|
|
|
|
encBuf,
|
|
|
|
|
sk,
|
|
|
|
|
signEntity,
|
|
|
|
|
config,
|
|
|
|
|
)
|
2019-12-27 19:35:43 +01:00
|
|
|
if err != nil {
|
2021-06-30 16:49:30 +02:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if signEntity != nil {
|
|
|
|
|
_, err = signWriter.Write(message.GetBinary())
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: error in writing signed message")
|
|
|
|
|
}
|
|
|
|
|
err = signWriter.Close()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: error in closing signing writer")
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
_, err = encryptWriter.Write(message.GetBinary())
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: error in writing message")
|
|
|
|
|
}
|
|
|
|
|
err = encryptWriter.Close()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: error in closing encryption writer")
|
|
|
|
|
}
|
|
|
|
|
return encBuf.Bytes(), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func encryptStreamWithSessionKey(
|
|
|
|
|
isBinary bool,
|
|
|
|
|
filename string,
|
|
|
|
|
modTime uint32,
|
|
|
|
|
dataPacketWriter io.Writer,
|
|
|
|
|
sk *SessionKey,
|
|
|
|
|
signEntity *openpgp.Entity,
|
|
|
|
|
config *packet.Config,
|
|
|
|
|
) (encryptWriter, signWriter io.WriteCloser, err error) {
|
|
|
|
|
encryptWriter, err = packet.SerializeSymmetricallyEncrypted(dataPacketWriter, config.Cipher(), sk.Key, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt")
|
2019-12-27 19:35:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if algo := config.Compression(); algo != packet.CompressionNone {
|
|
|
|
|
encryptWriter, err = packet.SerializeCompressed(encryptWriter, algo, config.CompressionConfig)
|
|
|
|
|
if err != nil {
|
2021-06-30 16:49:30 +02:00
|
|
|
return nil, nil, errors.Wrap(err, "gopenpgp: error in compression")
|
2019-12-27 19:35:43 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-30 16:49:30 +02:00
|
|
|
if signEntity != nil {
|
2021-04-27 17:38:25 +02:00
|
|
|
hints := &openpgp.FileHints{
|
2021-06-30 16:49:30 +02:00
|
|
|
IsBinary: isBinary,
|
|
|
|
|
FileName: filename,
|
|
|
|
|
ModTime: time.Unix(int64(modTime), 0),
|
2021-04-27 17:38:25 +02:00
|
|
|
}
|
2020-10-12 18:45:57 +02:00
|
|
|
|
2021-04-27 17:38:25 +02:00
|
|
|
signWriter, err = openpgp.Sign(encryptWriter, signEntity, hints, config)
|
|
|
|
|
if err != nil {
|
2021-06-30 16:49:30 +02:00
|
|
|
return nil, nil, errors.Wrap(err, "gopenpgp: unable to sign")
|
2021-04-27 17:38:25 +02:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
encryptWriter, err = packet.SerializeLiteral(
|
|
|
|
|
encryptWriter,
|
2021-06-30 16:49:30 +02:00
|
|
|
isBinary,
|
|
|
|
|
filename,
|
|
|
|
|
modTime,
|
2021-04-27 17:38:25 +02:00
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-06-30 16:49:30 +02:00
|
|
|
return nil, nil, errors.Wrap(err, "gopenpgp: unable to serialize")
|
2021-04-27 17:38:25 +02:00
|
|
|
}
|
2019-12-27 19:35:43 +01:00
|
|
|
}
|
2021-06-30 16:49:30 +02:00
|
|
|
return encryptWriter, signWriter, nil
|
2019-12-27 19:35:43 +01:00
|
|
|
}
|
|
|
|
|
|
2021-04-27 17:38:25 +02:00
|
|
|
// Decrypt decrypts pgp data packets using directly a session key.
|
2020-04-28 13:55:36 +02:00
|
|
|
// * encrypted: PGPMessage.
|
|
|
|
|
// * output: PlainMessage.
|
2019-12-27 19:35:43 +01:00
|
|
|
func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error) {
|
2021-04-27 17:38:25 +02:00
|
|
|
return sk.DecryptAndVerify(dataPacket, nil, 0)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DecryptAndVerify decrypts pgp data packets using directly a session key and verifies embedded signatures.
|
|
|
|
|
// * encrypted: PGPMessage.
|
|
|
|
|
// * verifyKeyRing: KeyRing with verification public keys
|
|
|
|
|
// * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled.
|
|
|
|
|
// * output: PlainMessage.
|
|
|
|
|
func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error) {
|
2019-12-27 19:35:43 +01:00
|
|
|
var messageReader = bytes.NewReader(dataPacket)
|
2021-06-30 16:49:30 +02:00
|
|
|
|
|
|
|
|
md, err := decryptStreamWithSessionKey(sk, messageReader, verifyKeyRing)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
messageBuf := new(bytes.Buffer)
|
|
|
|
|
_, err = messageBuf.ReadFrom(md.UnverifiedBody)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: error in reading message body")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if verifyKeyRing != nil {
|
|
|
|
|
processSignatureExpiration(md, verifyTime)
|
|
|
|
|
err = verifyDetailsSignature(md, verifyKeyRing)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &PlainMessage{
|
|
|
|
|
Data: messageBuf.Bytes(),
|
|
|
|
|
TextType: !md.LiteralData.IsBinary,
|
|
|
|
|
Filename: md.LiteralData.FileName,
|
|
|
|
|
Time: md.LiteralData.Time,
|
|
|
|
|
}, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func decryptStreamWithSessionKey(sk *SessionKey, messageReader io.Reader, verifyKeyRing *KeyRing) (*openpgp.MessageDetails, error) {
|
2019-12-27 19:35:43 +01:00
|
|
|
var decrypted io.ReadCloser
|
2021-04-27 17:38:25 +02:00
|
|
|
var keyring openpgp.EntityList
|
2019-12-27 19:35:43 +01:00
|
|
|
|
|
|
|
|
// Read symmetrically encrypted data packet
|
|
|
|
|
packets := packet.NewReader(messageReader)
|
|
|
|
|
p, err := packets.Next()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to read symmetric packet")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Decrypt data packet
|
|
|
|
|
switch p := p.(type) {
|
2022-06-14 16:10:25 +02:00
|
|
|
case *packet.SymmetricallyEncrypted, *packet.AEADEncrypted:
|
2019-12-27 19:35:43 +01:00
|
|
|
dc, err := sk.GetCipherFunc()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt with session key")
|
|
|
|
|
}
|
2022-06-14 16:10:25 +02:00
|
|
|
encryptedDataPacket, isDataPacket := p.(packet.EncryptedDataPacket)
|
|
|
|
|
if !isDataPacket {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unknown data packet")
|
|
|
|
|
}
|
|
|
|
|
decrypted, err = encryptedDataPacket.Decrypt(dc, sk.Key)
|
2019-12-27 19:35:43 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt symmetric packet")
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
return nil, errors.New("gopenpgp: invalid packet type")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config := &packet.Config{
|
|
|
|
|
Time: getTimeGenerator(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Push decrypted packet as literal packet and use openpgp's reader
|
2021-04-27 17:38:25 +02:00
|
|
|
if verifyKeyRing != nil {
|
|
|
|
|
keyring = verifyKeyRing.entities
|
|
|
|
|
} else {
|
|
|
|
|
keyring = openpgp.EntityList{}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-30 16:49:30 +02:00
|
|
|
md, err := openpgp.ReadMessage(decrypted, keyring, nil, config)
|
2019-12-27 19:35:43 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "gopenpgp: unable to decode symmetric packet")
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-24 18:57:31 +01:00
|
|
|
md.UnverifiedBody = checkReader{decrypted, md.UnverifiedBody}
|
2021-06-30 16:49:30 +02:00
|
|
|
return md, nil
|
2019-12-27 19:35:43 +01:00
|
|
|
}
|
|
|
|
|
|
2020-07-20 11:43:36 +02:00
|
|
|
func (sk *SessionKey) checkSize() error {
|
|
|
|
|
cf, ok := symKeyAlgos[sk.Algo]
|
|
|
|
|
if !ok {
|
|
|
|
|
return errors.New("unknown symmetric key algorithm")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if cf.KeySize() != len(sk.Key) {
|
|
|
|
|
return errors.New("wrong session key size")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
func getAlgo(cipher packet.CipherFunction) string {
|
|
|
|
|
algo := constants.AES256
|
|
|
|
|
for k, v := range symKeyAlgos {
|
|
|
|
|
if v == cipher {
|
|
|
|
|
algo = k
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return algo
|
|
|
|
|
}
|
