passforios-gopenpgp/crypto/keyring_session.go

package crypto

import (
	"bytes"
	"strconv"

	"github.com/pkg/errors"

	"github.com/ProtonMail/go-crypto/openpgp/packet"
)

// DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.
func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error) {
	var p packet.Packet
	var ek *packet.EncryptedKey

	var err error
	var hasPacket = false
	var decryptErr error

	keyReader := bytes.NewReader(keyPacket)
	packets := packet.NewReader(keyReader)

Loop:
	for {
		if p, err = packets.Next(); err != nil {
			break
		}

		switch p := p.(type) {
		case *packet.EncryptedKey:
			hasPacket = true
			ek = p

			for _, key := range keyRing.entities.DecryptionKeys() {
				priv := key.PrivateKey
				if priv.Encrypted {
					continue
				}

				if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil {
					break Loop
				}
			}

		case *packet.SymmetricallyEncrypted,
			*packet.AEADEncrypted,
			*packet.Compressed,
			*packet.LiteralData:
			break Loop

		default:
			continue Loop
		}
	}

	if !hasPacket {
		return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")
	}

	if decryptErr != nil {
		return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting")
	}

	if ek == nil || ek.Key == nil {
		return nil, errors.New("gopenpgp: unable to decrypt session key: no valid decryption key")
	}

	return newSessionKeyFromEncrypted(ek)
}

// EncryptSessionKey encrypts the session key with the unarmored
// publicKey and returns a binary public-key encrypted session key packet.
func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error) {
	outbuf := &bytes.Buffer{}
	cf, err := sk.GetCipherFunc()
	if err != nil {
		return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key")
	}

	pubKeys := make([]*packet.PublicKey, 0, len(keyRing.entities))
	for _, e := range keyRing.entities {
		encryptionKey, ok := e.EncryptionKey(getNow())
		if !ok {
			return nil, errors.New("gopenpgp: encryption key is unavailable for key id " + strconv.FormatUint(e.PrimaryKey.KeyId, 16))
		}
		pubKeys = append(pubKeys, encryptionKey.PublicKey)
	}
	if len(pubKeys) == 0 {
		return nil, errors.New("cannot set key: no public key available")
	}

	for _, pub := range pubKeys {
		if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sk.Key, nil); err != nil {
			return nil, errors.Wrap(err, "gopenpgp: cannot set key")
		}
	}
	return outbuf.Bytes(), nil
}
Add decryptMime and refactor package structure 2018-09-11 11:09:28 +02:00			`package crypto`
wrapper for mobile 2018-06-04 16:05:14 -07:00
			`import (`
			`"bytes"`
Throw error EncryptSessionKey (#60) * throw error EncryptSessionKey throw error if one of the keys in keyring does not have valid encryption key * add key id to error description 2020-07-15 16:17:49 +07:00			`"strconv"`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00
			`"github.com/pkg/errors"`
wrapper for mobile 2018-06-04 16:05:14 -07:00
Update x/crypto fork to github.com/ProtonMail/go-crypto (#106) 2020-12-08 18:34:39 +01:00			`"github.com/ProtonMail/go-crypto/openpgp/packet"`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`)`

Allow multiple keypackets in session key decryption (#99) * Fix session key decryption * Break on all data packets Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-11-13 14:13:11 +01:00			`// DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`func (keyRing KeyRing) DecryptSessionKey(keyPacket []byte) (SessionKey, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`var p packet.Packet`
Allow multiple keypackets in session key decryption (#99) * Fix session key decryption * Break on all data packets Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-11-13 14:13:11 +01:00			`var ek *packet.EncryptedKey`
wrapper for mobile 2018-06-04 16:05:14 -07:00
Allow multiple keypackets in session key decryption (#99) * Fix session key decryption * Break on all data packets Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-11-13 14:13:11 +01:00			`var err error`
			`var hasPacket = false`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`var decryptErr error`

Allow multiple keypackets in session key decryption (#99) * Fix session key decryption * Break on all data packets Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-11-13 14:13:11 +01:00			`keyReader := bytes.NewReader(keyPacket)`
			`packets := packet.NewReader(keyReader)`

			`Loop:`
			`for {`
			`if p, err = packets.Next(); err != nil {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`break`
			`}`
Allow multiple keypackets in session key decryption (#99) * Fix session key decryption * Break on all data packets Co-authored-by: Daniel Huigens <d.huigens@protonmail.com> 2020-11-13 14:13:11 +01:00
			`switch p := p.(type) {`
			`case *packet.EncryptedKey:`
			`hasPacket = true`
			`ek = p`

			`for _, key := range keyRing.entities.DecryptionKeys() {`
			`priv := key.PrivateKey`
			`if priv.Encrypted {`
			`continue`
			`}`

			`if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil {`
			`break Loop`
			`}`
			`}`

			`case *packet.SymmetricallyEncrypted,`
			`*packet.AEADEncrypted,`
			`*packet.Compressed,`
			`*packet.LiteralData:`
			`break Loop`

			`default:`
			`continue Loop`
			`}`
			`}`

			`if !hasPacket {`
Fix various keys issues (#117) * Fix armouring headers for public keys * Fix error for session key decryption failure 2021-03-09 19:06:35 +01:00			`return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

			`if decryptErr != nil {`
Improve error handling, fix linter (#92) * Improve error handling, fix linter 2020-10-29 12:42:32 +01:00			`return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting")`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

Fix various keys issues (#117) * Fix armouring headers for public keys * Fix error for session key decryption failure 2021-03-09 19:06:35 +01:00			`if ek == nil \|\| ek.Key == nil {`
			`return nil, errors.New("gopenpgp: unable to decrypt session key: no valid decryption key")`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`
Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`return newSessionKeyFromEncrypted(ek)`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`

Refactor api (#6) * Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop Message functions, join CleartextMessage and BinaryMessage Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames 2019-06-03 17:00:01 +02:00			`// EncryptSessionKey encrypts the session key with the unarmored`
Improve documentation and naming - Rename pmmime to gomime - Rename pmKeyObject to pgpKeyObject 2019-05-15 13:40:19 +02:00			`// publicKey and returns a binary public-key encrypted session key packet.`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`func (keyRing KeyRing) EncryptSessionKey(sk SessionKey) ([]byte, error) {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`outbuf := &bytes.Buffer{}`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`cf, err := sk.GetCipherFunc()`
			`if err != nil {`
			`return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key")`
			`}`
wrapper for mobile 2018-06-04 16:05:14 -07:00
Throw error EncryptSessionKey (#60) * throw error EncryptSessionKey throw error if one of the keys in keyring does not have valid encryption key * add key id to error description 2020-07-15 16:17:49 +07:00			`pubKeys := make([]*packet.PublicKey, 0, len(keyRing.entities))`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`for _, e := range keyRing.entities {`
Throw error EncryptSessionKey (#60) * throw error EncryptSessionKey throw error if one of the keys in keyring does not have valid encryption key * add key id to error description 2020-07-15 16:17:49 +07:00			`encryptionKey, ok := e.EncryptionKey(getNow())`
			`if !ok {`
			`return nil, errors.New("gopenpgp: encryption key is unavailable for key id " + strconv.FormatUint(e.PrimaryKey.KeyId, 16))`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`
Throw error EncryptSessionKey (#60) * throw error EncryptSessionKey throw error if one of the keys in keyring does not have valid encryption key * add key id to error description 2020-07-15 16:17:49 +07:00			`pubKeys = append(pubKeys, encryptionKey.PublicKey)`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`
Encrypt session key to multiple keys in keyring. (#59) `EncryptSessionKey` now creates encrypted key packet for each valid key in keyring. Co-authored-by: Aron Wussler <aron@wussler.it> 2020-07-10 00:31:57 +07:00			`if len(pubKeys) == 0 {`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`return nil, errors.New("cannot set key: no public key available")`
			`}`

Encrypt session key to multiple keys in keyring. (#59) `EncryptSessionKey` now creates encrypted key packet for each valid key in keyring. Co-authored-by: Aron Wussler <aron@wussler.it> 2020-07-10 00:31:57 +07:00			`for _, pub := range pubKeys {`
			`if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sk.Key, nil); err != nil {`
Improve error handling, fix linter (#92) * Improve error handling, fix linter 2020-10-29 12:42:32 +01:00			`return nil, errors.Wrap(err, "gopenpgp: cannot set key")`
Encrypt session key to multiple keys in keyring. (#59) `EncryptSessionKey` now creates encrypted key packet for each valid key in keyring. Co-authored-by: Aron Wussler <aron@wussler.it> 2020-07-10 00:31:57 +07:00			`}`
wrapper for mobile 2018-06-04 16:05:14 -07:00			`}`
			`return outbuf.Bytes(), nil`
			`}`