passforios-gopenpgp/crypto/password.go

package crypto

import (
	"bytes"
	"io"
	"time"

	"golang.org/x/crypto/openpgp"
	"golang.org/x/crypto/openpgp/packet"

	"github.com/pkg/errors"
)

// EncryptMessageWithPassword encrypts a PlainMessage to PGPMessage with a
// SymmetricKey.
// * message : The plain data as a PlainMessage.
// * password: A password that will be derived into an encryption key.
// * output  : The encrypted data as PGPMessage.
func EncryptMessageWithPassword(message *PlainMessage, password []byte) (*PGPMessage, error) {
	encrypted, err := passwordEncrypt(message, password)
	if err != nil {
		return nil, err
	}

	return NewPGPMessage(encrypted), nil
}

// DecryptMessageWithPassword decrypts password protected pgp binary messages.
// * encrypted: The encrypted data as PGPMessage.
// * password: A password that will be derived into an encryption key.
// * output: The decrypted data as PlainMessage.
func DecryptMessageWithPassword(message *PGPMessage, password []byte) (*PlainMessage, error) {
	return passwordDecrypt(message.NewReader(), password)
}

// DecryptSessionKeyWithPassword decrypts the binary symmetrically encrypted
// session key packet and returns the session key.
func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error) {
	keyReader := bytes.NewReader(keyPacket)
	packets := packet.NewReader(keyReader)

	var symKeys []*packet.SymmetricKeyEncrypted
	for {
		var p packet.Packet
		var err error
		if p, err = packets.Next(); err != nil {
			break
		}

		if p, ok := p.(*packet.SymmetricKeyEncrypted); ok {
			symKeys = append(symKeys, p)
		}
	}

	// Try the symmetric passphrase first
	if len(symKeys) != 0 && password != nil {
		for _, s := range symKeys {
			key, cipherFunc, err := s.Decrypt(password)
			if err == nil {
				sk := &SessionKey{
					Key:  key,
					Algo: getAlgo(cipherFunc),
				}

				if err = sk.checkSize(); err != nil {
					return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key with password")
				}

				return sk, nil
			}
		}
	}

	return nil, errors.New("gopenpgp: unable to decrypt any packet")
}

// EncryptSessionKeyWithPassword encrypts the session key with the password and
// returns a binary symmetrically encrypted session key packet.
func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error) {
	outbuf := &bytes.Buffer{}

	cf, err := sk.GetCipherFunc()
	if err != nil {
		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
	}

	if len(password) == 0 {
		return nil, errors.New("gopenpgp: password can't be empty")
	}

	if err = sk.checkSize(); err != nil {
		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
	}

	config := &packet.Config{
		DefaultCipher: cf,
	}

	err = packet.SerializeSymmetricKeyEncryptedReuseKey(outbuf, sk.Key, password, config)
	if err != nil {
		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
	}
	return outbuf.Bytes(), nil
}

// ----- INTERNAL FUNCTIONS ------

func passwordEncrypt(message *PlainMessage, password []byte) ([]byte, error) {
	var outBuf bytes.Buffer

	config := &packet.Config{
		DefaultCipher: packet.CipherAES256,
		Time:          getTimeGenerator(),
	}

	hints := &openpgp.FileHints{
		IsBinary: message.IsBinary(),
		FileName: message.GetFilename(),
		ModTime:  time.Unix(int64(message.GetTime()), 0),
	}

	encryptWriter, err := openpgp.SymmetricallyEncrypt(&outBuf, password, hints, config)
	if err != nil {
		return nil, err
	}
	_, err = encryptWriter.Write(message.GetBinary())
	if err != nil {
		return nil, err
	}

	err = encryptWriter.Close()
	if err != nil {
		return nil, err
	}

	return outBuf.Bytes(), nil
}

func passwordDecrypt(encryptedIO io.Reader, password []byte) (*PlainMessage, error) {
	firstTimeCalled := true
	var prompt = func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
		if firstTimeCalled {
			firstTimeCalled = false
			return password, nil
		}
		return nil, errors.New("gopenpgp: wrong password in symmetric decryption")
	}

	config := &packet.Config{
		Time: getTimeGenerator(),
	}

	var emptyKeyRing openpgp.EntityList
	md, err := openpgp.ReadMessage(encryptedIO, emptyKeyRing, prompt, config)
	if err != nil {
		return nil, err
	}

	messageBuf := bytes.NewBuffer(nil)
	_, err = io.Copy(messageBuf, md.UnverifiedBody)
	if err != nil {
		return nil, err
	}

	return &PlainMessage{
		Data:     messageBuf.Bytes(),
		TextType: !md.LiteralData.IsBinary,
		filename: md.LiteralData.FileName,
		time:     md.LiteralData.Time,
	}, nil
}
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`package crypto`

			`import (`
			`"bytes"`
			`"io"`
Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`"time"`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00
			`"golang.org/x/crypto/openpgp"`
			`"golang.org/x/crypto/openpgp/packet"`

			`"github.com/pkg/errors"`
			`)`

Update lint (#44) * Reduce complexity of SignatureCollector.Accept * Add stylecheck linter, and lint accordingly * Rephrase some comments * godot - Top level comments should end with a dot. * nestif - Reduce nested complexity of code * Review changes Co-authored-by: Aron Wussler <aron@wussler.it> 2020-04-28 13:55:36 +02:00			`// EncryptMessageWithPassword encrypts a PlainMessage to PGPMessage with a`
			`// SymmetricKey.`
			`// * message : The plain data as a PlainMessage.`
			`// * password: A password that will be derived into an encryption key.`
			`// * output : The encrypted data as PGPMessage.`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`func EncryptMessageWithPassword(message PlainMessage, password []byte) (PGPMessage, error) {`
Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`encrypted, err := passwordEncrypt(message, password)`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`if err != nil {`
			`return nil, err`
			`}`

			`return NewPGPMessage(encrypted), nil`
			`}`

Update lint (#44) * Reduce complexity of SignatureCollector.Accept * Add stylecheck linter, and lint accordingly * Rephrase some comments * godot - Top level comments should end with a dot. * nestif - Reduce nested complexity of code * Review changes Co-authored-by: Aron Wussler <aron@wussler.it> 2020-04-28 13:55:36 +02:00			`// DecryptMessageWithPassword decrypts password protected pgp binary messages.`
			`// * encrypted: The encrypted data as PGPMessage.`
			`// * password: A password that will be derived into an encryption key.`
			`// * output: The decrypted data as PlainMessage.`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`func DecryptMessageWithPassword(message PGPMessage, password []byte) (PlainMessage, error) {`
Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`return passwordDecrypt(message.NewReader(), password)`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`}`

			`// DecryptSessionKeyWithPassword decrypts the binary symmetrically encrypted`
			`// session key packet and returns the session key.`
			`func DecryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, error) {`
			`keyReader := bytes.NewReader(keyPacket)`
			`packets := packet.NewReader(keyReader)`

			`var symKeys []*packet.SymmetricKeyEncrypted`
			`for {`
			`var p packet.Packet`
			`var err error`
			`if p, err = packets.Next(); err != nil {`
			`break`
			`}`

			`if p, ok := p.(*packet.SymmetricKeyEncrypted); ok {`
			`symKeys = append(symKeys, p)`
			`}`
			`}`

			`// Try the symmetric passphrase first`
			`if len(symKeys) != 0 && password != nil {`
			`for _, s := range symKeys {`
			`key, cipherFunc, err := s.Decrypt(password)`
			`if err == nil {`
Add session key size check (#62) * Add session key size check Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-07-20 11:43:36 +02:00			`sk := &SessionKey{`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`Key: key,`
			`Algo: getAlgo(cipherFunc),`
Add session key size check (#62) * Add session key size check Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-07-20 11:43:36 +02:00			`}`

			`if err = sk.checkSize(); err != nil {`
			`return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key with password")`
			`}`

			`return sk, nil`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`}`
			`}`
			`}`

Fix symmetric session key test 2020-04-29 17:23:16 +02:00			`return nil, errors.New("gopenpgp: unable to decrypt any packet")`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`}`

			`// EncryptSessionKeyWithPassword encrypts the session key with the password and`
			`// returns a binary symmetrically encrypted session key packet.`
			`func EncryptSessionKeyWithPassword(sk *SessionKey, password []byte) ([]byte, error) {`
			`outbuf := &bytes.Buffer{}`

			`cf, err := sk.GetCipherFunc()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")`
			`}`

			`if len(password) == 0 {`
			`return nil, errors.New("gopenpgp: password can't be empty")`
			`}`

Add session key size check (#62) * Add session key size check Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-07-20 11:43:36 +02:00			`if err = sk.checkSize(); err != nil {`
			`return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")`
			`}`

Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`config := &packet.Config{`
			`DefaultCipher: cf,`
			`}`

			`err = packet.SerializeSymmetricKeyEncryptedReuseKey(outbuf, sk.Key, password, config)`
			`if err != nil {`
			`return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")`
			`}`
			`return outbuf.Bytes(), nil`
			`}`

			`// ----- INTERNAL FUNCTIONS ------`

Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`func passwordEncrypt(message *PlainMessage, password []byte) ([]byte, error) {`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`var outBuf bytes.Buffer`

			`config := &packet.Config{`
use aes256 for password encryption (#75) 2020-08-31 13:42:06 +03:00			`DefaultCipher: packet.CipherAES256,`
			`Time: getTimeGenerator(),`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`}`

Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`hints := &openpgp.FileHints{`
			`IsBinary: message.IsBinary(),`
			`FileName: message.GetFilename(),`
			`ModTime: time.Unix(int64(message.GetTime()), 0),`
			`}`
Fix various minor issues (#45) * Update header version to 2.0.0 * Add space to cleartext message armouring * Fix password encrypted binary files * Clear key private params in helpers * Do not unlock key if private key is nil * Document changes * Use defer for ClearPrivateKeyParams 2020-04-27 21:01:23 +02:00
			`encryptWriter, err := openpgp.SymmetricallyEncrypt(&outBuf, password, hints, config)`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`if err != nil {`
			`return nil, err`
			`}`
Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`_, err = encryptWriter.Write(message.GetBinary())`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`if err != nil {`
			`return nil, err`
			`}`

			`err = encryptWriter.Close()`
			`if err != nil {`
			`return nil, err`
			`}`

			`return outBuf.Bytes(), nil`
			`}`

Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`func passwordDecrypt(encryptedIO io.Reader, password []byte) (*PlainMessage, error) {`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`firstTimeCalled := true`
			`var prompt = func(keys []openpgp.Key, symmetric bool) ([]byte, error) {`
			`if firstTimeCalled {`
			`firstTimeCalled = false`
			`return password, nil`
			`}`
			`return nil, errors.New("gopenpgp: wrong password in symmetric decryption")`
			`}`

			`config := &packet.Config{`
			`Time: getTimeGenerator(),`
			`}`
Fix mixed symmetric/asymmetric decryption (#77) 2020-09-01 11:07:30 +02:00
			`var emptyKeyRing openpgp.EntityList`
			`md, err := openpgp.ReadMessage(encryptedIO, emptyKeyRing, prompt, config)`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`if err != nil {`
			`return nil, err`
			`}`

			`messageBuf := bytes.NewBuffer(nil)`
			`_, err = io.Copy(messageBuf, md.UnverifiedBody)`
			`if err != nil {`
			`return nil, err`
			`}`

Add filename and time properties to message (#85) * Add filename and time properties to message * Message time defaults to current time 2020-10-12 18:45:57 +02:00			`return &PlainMessage{`
			`Data: messageBuf.Bytes(),`
			`TextType: !md.LiteralData.IsBinary,`
			`filename: md.LiteralData.FileName,`
			`time: md.LiteralData.Time,`
			`}, nil`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`}`