Openpgp security update (V2) (#31)

* Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script
2019-12-27 19:35:43 +01:00 · 2019-12-27 19:35:43 +01:00 · 54f45d0471
commit 54f45d0471
parent 136c0a5495
46 changed files with 2588 additions and 1770 deletions
--- a/crypto/key_clear.go
+++ b/crypto/key_clear.go
@ -0,0 +1,128 @@
+package crypto
+
+import (
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"errors"
+	"math/big"
+
+	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/openpgp/ecdh"
+	"golang.org/x/crypto/openpgp/elgamal"
+	"golang.org/x/crypto/rsa"
+)
+
+func (sk *SessionKey) Clear() (ok bool) {
+	clearMem(sk.Key)
+	return true
+}
+
+func (key *Key) ClearPrivateParams() (ok bool) {
+	num := key.clearPrivateWithSubkeys()
+	key.entity.PrivateKey = nil
+
+	for k := range key.entity.Subkeys {
+		key.entity.Subkeys[k].PrivateKey = nil
+	}
+
+	return num > 0
+}
+
+func (key *Key) clearPrivateWithSubkeys() (num int) {
+	num = 0
+	if key.entity.PrivateKey != nil {
+		err := clearPrivateKey(key.entity.PrivateKey.PrivateKey)
+		if err == nil {
+			num++
+		}
+	}
+	for k := range key.entity.Subkeys {
+		if key.entity.Subkeys[k].PrivateKey != nil {
+			err := clearPrivateKey(key.entity.Subkeys[k].PrivateKey.PrivateKey)
+			if err == nil {
+				num++
+			}
+		}
+	}
+	return num
+}
+
+func clearPrivateKey(privateKey interface{}) error {
+	switch priv := privateKey.(type) {
+	case *rsa.PrivateKey:
+		return clearRSAPrivateKey(priv)
+	case *dsa.PrivateKey:
+		return clearDSAPrivateKey(priv)
+	case *elgamal.PrivateKey:
+		return clearElGamalPrivateKey(priv)
+	case *ecdsa.PrivateKey:
+		return clearECDSAPrivateKey(priv)
+	case ed25519.PrivateKey:
+		return clearEdDSAPrivateKey(priv)
+	case *ecdh.PrivateKey:
+		return clearECDHPrivateKey(priv)
+	default:
+		return errors.New("gopenpgp: unknown private key")
+	}
+}
+
+func clearBigInt(n *big.Int) {
+	w := n.Bits()
+	for k := range w {
+		w[k] = 0x00
+	}
+}
+
+func clearMem(w []byte) {
+	for k := range w {
+		w[k] = 0x00
+	}
+}
+
+func clearRSAPrivateKey(rsaPriv *rsa.PrivateKey) error {
+	clearBigInt(rsaPriv.D)
+	for idx := range rsaPriv.Primes {
+		clearBigInt(rsaPriv.Primes[idx])
+	}
+	clearBigInt(rsaPriv.Precomputed.Qinv)
+	clearBigInt(rsaPriv.Precomputed.Dp)
+	clearBigInt(rsaPriv.Precomputed.Dq)
+
+	for idx := range rsaPriv.Precomputed.CRTValues {
+		clearBigInt(rsaPriv.Precomputed.CRTValues[idx].Exp)
+		clearBigInt(rsaPriv.Precomputed.CRTValues[idx].Coeff)
+		clearBigInt(rsaPriv.Precomputed.CRTValues[idx].R)
+	}
+
+	return nil
+}
+
+func clearDSAPrivateKey(priv *dsa.PrivateKey) error {
+	clearBigInt(priv.X)
+
+	return nil
+}
+
+func clearElGamalPrivateKey(priv *elgamal.PrivateKey) error {
+	clearBigInt(priv.X)
+
+	return nil
+}
+
+func clearECDSAPrivateKey(priv *ecdsa.PrivateKey) error {
+	clearBigInt(priv.D)
+
+	return nil
+}
+
+func clearEdDSAPrivateKey(priv ed25519.PrivateKey) error {
+	clearMem(priv)
+
+	return nil
+}
+
+func clearECDHPrivateKey(priv *ecdh.PrivateKey) error {
+	clearMem(priv.D)
+
+	return nil
+}