diff --git a/crypto/attachment.go b/crypto/attachment.go index 4e865ae..57bc37a 100644 --- a/crypto/attachment.go +++ b/crypto/attachment.go @@ -15,7 +15,8 @@ import ( "golang.org/x/crypto/openpgp/packet" ) -// AttachmentProcessor to encrypt an attachment +// AttachmentProcessor keeps track of the progress of encrypting an attachment +// (optimized for encrypting large files). type AttachmentProcessor struct { w *io.WriteCloser pipe *io.PipeWriter @@ -25,14 +26,14 @@ type AttachmentProcessor struct { err error } -// Process allows the attachment processor to write the encrypted attachment +// Process writes attachment data to be encrypted func (ap *AttachmentProcessor) Process(plainData []byte) { if _, err := (*ap.w).Write(plainData); err != nil { panic(err) } } -// Finish attachment process +// Finish closes the attachment and returns the encrypted data func (ap *AttachmentProcessor) Finish() (*models.EncryptedSplit, error) { if ap.err != nil { return nil, ap.err @@ -46,12 +47,13 @@ func (ap *AttachmentProcessor) Finish() (*models.EncryptedSplit, error) { return ap.split, nil } -// encryptAttachment takes input data from file +// encryptAttachment creates an AttachmentProcessor which can be used to encrypt +// a file. It takes an estimatedSize and fileName as hints about the file. func (pgp *GopenPGP) encryptAttachment( estimatedSize int, fileName string, publicKey *KeyRing, garbageCollector int, ) (*AttachmentProcessor, error) { attachmentProc := &AttachmentProcessor{} - // you can also add these one at a time if you need to + // You could also add these one at a time if needed. attachmentProc.done.Add(1) attachmentProc.garbageCollector = garbageCollector @@ -88,8 +90,7 @@ func (pgp *GopenPGP) encryptAttachment( return attachmentProc, nil } -// EncryptAttachment encrypts attachment. Takes input data and key data in -// binary form +// EncryptAttachment encrypts a file. fileName func (pgp *GopenPGP) EncryptAttachment( plainData []byte, fileName string, publicKey *KeyRing, ) (*models.EncryptedSplit, error) { @@ -105,14 +106,18 @@ func (pgp *GopenPGP) EncryptAttachment( return split, nil } -// EncryptAttachmentLowMemory with garbage collected every megabyte +// EncryptAttachmentLowMemory creates an AttachmentProcessor which can be used +// to encrypt a file. It takes an estimatedSize and fileName as hints about the +// file. It is optimized for low-memory environments and collects garbage every +// megabyte. func (pgp *GopenPGP) EncryptAttachmentLowMemory( estimatedSize int, fileName string, publicKey *KeyRing, ) (*AttachmentProcessor, error) { return pgp.encryptAttachment(estimatedSize, fileName, publicKey, 1<<20) } -// SplitArmor is a Helper method. Splits armored pgp session into key and packet data +// SplitArmor is a helper method which splits an armored message into its +// session key packet and symmetrically encrypted data packet. func SplitArmor(encrypted string) (*models.EncryptedSplit, error) { var err error @@ -126,8 +131,9 @@ func SplitArmor(encrypted string) (*models.EncryptedSplit, error) { return SeparateKeyAndData(nil, encryptedReader, len(encrypted), -1) } -// DecryptAttachment takes input data and key data in binary form. The -// privateKeys can contains more keys. The passphrase is used to unlock keys +// DecryptAttachment takes a session key packet and symmetrically encrypted data +// packet. privateKeys is a KeyRing that can contain multiple keys. The +// passphrase is used to unlock keys in privateKeys. func (pgp *GopenPGP) DecryptAttachment( keyPacket, dataPacket []byte, kr *KeyRing, passphrase string, @@ -135,7 +141,7 @@ func (pgp *GopenPGP) DecryptAttachment( privKeyEntries := kr.entities if err := kr.Unlock([]byte(passphrase)); err != nil { - err = fmt.Errorf("pm-crypto: cannot decrypt attachment: %v", err) + err = fmt.Errorf("gopenpgp: cannot decrypt attachment: %v", err) return nil, err } diff --git a/crypto/attachment_test.go b/crypto/attachment_test.go index 84f2aa2..a8fae68 100644 --- a/crypto/attachment_test.go +++ b/crypto/attachment_test.go @@ -31,7 +31,7 @@ func TestAttachmentGetKey(t *testing.T) { } func TestAttachmentSetKey(t *testing.T) { - packets, err := SetKey(testPublicKeyRing, testSymmetricKey) + packets, err := testPublicKeyRing.EncryptKey(testSymmetricKey) if err != nil { t.Fatal("Expected no error while encrypting attachment key, got:", err) } diff --git a/crypto/gopenpgp.go b/crypto/gopenpgp.go index f3817db..9b7fd84 100644 --- a/crypto/gopenpgp.go +++ b/crypto/gopenpgp.go @@ -1,15 +1,11 @@ -// Package crypto contains all methods and classes needed for manipulation -// with underlying cryptographic operations. It uses low-level openpgp functions -// and provides higher level views. It uses models of messages, attachments -// and other higher-level entities +// Package crypto provides a high-level API for common OpenPGP functionality. package crypto import "time" -// GopenPGP structure is used to manage server time shift. It should be also used for any -// other specific general cryptographic entities. +// GopenPGP is used as a "namespace" for many of the functions in this package. +// It is a struct that keeps track of time skew between server and client. type GopenPGP struct { - //latestServerTime unix time cache latestServerTime int64 latestClientTime time.Time } diff --git a/crypto/key.go b/crypto/key.go index 09573f5..438a317 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -23,15 +23,12 @@ import ( // SymmetricKey stores a decrypted session key. type SymmetricKey struct { - // The clear base64-encoded key. + // The decrypted binary session key. Key []byte - // The algorithm used by this key. + // The symmetric encryption algorithm used with this key. Algo string } -// SymmetricallyEncryptedTag is 18 with the 2 highest order bits set to 1 -const SymmetricallyEncryptedTag = 210 - var symKeyAlgos = map[string]packet.CipherFunction{ constants.ThreeDES: packet.Cipher3DES, constants.TripleDES: packet.Cipher3DES, @@ -41,18 +38,18 @@ var symKeyAlgos = map[string]packet.CipherFunction{ constants.AES256: packet.CipherAES256, } -// GetCipherFunc returns function corresponding to an algorithm used in -// this SymmetricKey +// GetCipherFunc returns the cipher function corresponding to the algorithm used +// with this SymmetricKey. func (sk *SymmetricKey) GetCipherFunc() packet.CipherFunction { cf, ok := symKeyAlgos[sk.Algo] if ok { return cf } - panic("pm-crypto: unsupported cipher function: " + sk.Algo) + panic("gopenpgp: unsupported cipher function: " + sk.Algo) } -// GetBase64Key returns a key as base64 encoded string +// GetBase64Key returns the session key as base64 encoded string. func (sk *SymmetricKey) GetBase64Key() string { return base64.StdEncoding.EncodeToString(sk.Key) } @@ -66,7 +63,7 @@ func newSymmetricKey(ek *packet.EncryptedKey) *SymmetricKey { } } if algo == "" { - panic(fmt.Sprintf("pm-crypto: unsupported cipher function: %v", ek.CipherFunc)) + panic(fmt.Sprintf("gopenpgp: unsupported cipher function: %v", ek.CipherFunc)) } return &SymmetricKey{ @@ -75,7 +72,8 @@ func newSymmetricKey(ek *packet.EncryptedKey) *SymmetricKey { } } -// DecryptAttKey and returns a symmetric key +// DecryptAttKey decrypts a public-key encrypted session key and returns the +// decrypted symmetric session key. func DecryptAttKey(kr *KeyRing, keyPacket string) (key *SymmetricKey, err error) { r := base64.NewDecoder(base64.StdEncoding, strings.NewReader(keyPacket)) packets := packet.NewReader(r) @@ -100,7 +98,7 @@ func DecryptAttKey(kr *KeyRing, keyPacket string) (key *SymmetricKey, err error) } if decryptErr != nil { - err = fmt.Errorf("pm-crypto: cannot decrypt encrypted key packet: %v", decryptErr) + err = fmt.Errorf("gopenpgp: cannot decrypt encrypted key packet: %v", decryptErr) return } @@ -108,7 +106,8 @@ func DecryptAttKey(kr *KeyRing, keyPacket string) (key *SymmetricKey, err error) return } -// SeparateKeyAndData from packets in a pgp session +// SeparateKeyAndData reads a binary PGP message from r and splits it into its +// session key packet and symmetrically encrypted data packet. func SeparateKeyAndData( kr *KeyRing, r io.Reader, estimatedLength, garbageCollector int, @@ -118,7 +117,7 @@ func SeparateKeyAndData( outSplit = &models.EncryptedSplit{} gcCounter := 0 - // Save encrypted key and signature apart + // Store encrypted key and symmetrically encrypted packet separately var ek *packet.EncryptedKey var decryptErr error for { @@ -199,18 +198,18 @@ func SeparateKeyAndData( } } if decryptErr != nil { - err = fmt.Errorf("pm-crypto: cannot decrypt encrypted key packet: %v", decryptErr) + err = fmt.Errorf("gopenpgp: cannot decrypt encrypted key packet: %v", decryptErr) return nil, err } if ek == nil { - err = errors.New("pm-crypto: packets don't include an encrypted key packet") + err = errors.New("gopenpgp: packets don't include an encrypted key packet") return nil, err } if kr == nil { var buf bytes.Buffer if err := ek.Serialize(&buf); err != nil { - err = fmt.Errorf("pm-crypto: cannot serialize encrypted key: %v", err) + err = fmt.Errorf("gopenpgp: cannot serialize encrypted key: %v", err) return nil, err } outSplit.KeyPacket = buf.Bytes() @@ -223,15 +222,15 @@ func SeparateKeyAndData( return outSplit, nil } -// SetKey encrypts the provided key. -func SetKey(kr *KeyRing, symKey *SymmetricKey) (packets string, err error) { +// EncryptKey encrypts the provided key. +func (kr *KeyRing) EncryptKey(symKey *SymmetricKey) (packets string, err error) { b := &bytes.Buffer{} w := base64.NewEncoder(base64.StdEncoding, b) cf := symKey.GetCipherFunc() if len(kr.entities) == 0 { - err = fmt.Errorf("pm-crypto: cannot set key: key ring is empty") + err = fmt.Errorf("gopenpgp: cannot set key: key ring is empty") return } @@ -257,24 +256,24 @@ func SetKey(kr *KeyRing, symKey *SymmetricKey) (packets string, err error) { } } if pub == nil { - err = fmt.Errorf("pm-crypto: cannot set key: no public key available") + err = fmt.Errorf("gopenpgp: cannot set key: no public key available") return "", err } if err = packet.SerializeEncryptedKey(w, pub, cf, symKey.Key, nil); err != nil { - err = fmt.Errorf("pm-crypto: cannot set key: %v", err) + err = fmt.Errorf("gopenpgp: cannot set key: %v", err) return "", err } if err = w.Close(); err != nil { - err = fmt.Errorf("pm-crypto: cannot set key: %v", err) + err = fmt.Errorf("gopenpgp: cannot set key: %v", err) return "", err } return b.String(), nil } -// IsKeyExpiredBin checks if the given key is expired. Input in binary format +// IsKeyExpiredBin checks whether the given (unarmored, binary) key is expired. func (pgp *GopenPGP) IsKeyExpiredBin(publicKey []byte) (bool, error) { now := pgp.getNow() pubKeyReader := bytes.NewReader(publicKey) @@ -333,7 +332,7 @@ const ( failed = 3 ) -// IsKeyExpired checks if the given key is expired. Input in armored format +// IsKeyExpired checks whether the given armored key is expired. func (pgp *GopenPGP) IsKeyExpired(publicKey string) (bool, error) { rawPubKey, err := armor.Unarmor(publicKey) if err != nil { @@ -416,7 +415,7 @@ func (pgp *GopenPGP) generateKey( return armor.ArmorWithType(serialized, constants.PrivateKeyHeader) } -// GenerateRSAKeyWithPrimes generates RSA key with given primes. +// GenerateRSAKeyWithPrimes generates a RSA key using the given primes. func (pgp *GopenPGP) GenerateRSAKeyWithPrimes( userName, domain, passphrase string, bits int, @@ -425,13 +424,16 @@ func (pgp *GopenPGP) GenerateRSAKeyWithPrimes( return pgp.generateKey(userName, domain, passphrase, "rsa", bits, primeone, primetwo, primethree, primefour) } -// GenerateKey and generate primes +// GenerateKey generates a key of the given keyType ("rsa" or "x25519"). If +// keyType is "rsa", bits is the RSA bitsize of the key. If keyType is "x25519", +// bits is unused. func (pgp *GopenPGP) GenerateKey(userName, domain, passphrase, keyType string, bits int) (string, error) { return pgp.generateKey(userName, domain, passphrase, keyType, bits, nil, nil, nil, nil) } -// UpdatePrivateKeyPassphrase decrypts the given private key with oldPhrase and -// re-encrypts with the newPassphrase +// UpdatePrivateKeyPassphrase decrypts the given armored privateKey with +// oldPassphrase, re-encrypts it with newPassphrase, and returns the new armored +// key. func (pgp *GopenPGP) UpdatePrivateKeyPassphrase( privateKey string, oldPassphrase string, newPassphrase string, ) (string, error) { @@ -477,7 +479,8 @@ func (pgp *GopenPGP) UpdatePrivateKeyPassphrase( return armor.ArmorWithType(serialized, constants.PrivateKeyHeader) } -// CheckKey prints out the key and subkey fingerprint +// CheckKey is a debug helper function that prints the key and subkey +// fingerprints. func (pgp *GopenPGP) CheckKey(pubKey string) (string, error) { pubKeyReader := strings.NewReader(pubKey) entries, err := openpgp.ReadArmoredKeyRing(pubKeyReader) diff --git a/crypto/key_test.go b/crypto/key_test.go index f03783d..3bcafce 100644 --- a/crypto/key_test.go +++ b/crypto/key_test.go @@ -88,7 +88,7 @@ func TestEncryptDecryptKeys(t *testing.T) { Algo: constants.AES256, } - packet, err := SetKey(rsaPublicKeyRing, testSymmetricKey) + packet, err := rsaPublicKeyRing.EncryptKey(testSymmetricKey) if err != nil { t.Fatal("Cannot encrypt keypacket with RSA keyring", err) } @@ -98,7 +98,7 @@ func TestEncryptDecryptKeys(t *testing.T) { } assert.Exactly(t, testSymmetricKey, rsaTestSymmetricKey) - packet, err = SetKey(ecPublicKeyRing, testSymmetricKey) + packet, err = ecPublicKeyRing.EncryptKey(testSymmetricKey) if err != nil { t.Fatal("Cannot encrypt keypacket with EC keyring", err) } diff --git a/crypto/keyring.go b/crypto/keyring.go index 45d949b..033dc81 100644 --- a/crypto/keyring.go +++ b/crypto/keyring.go @@ -25,19 +25,18 @@ import ( ) // A keypair contains a private key and a public key. -type pmKeyObject struct { +type pgpKeyObject struct { ID string Version int Flags int Fingerprint string PublicKey string `json:",omitempty"` PrivateKey string - //Activation string // Undocumented Primary int } // PrivateKeyReader -func (ko *pmKeyObject) PrivateKeyReader() io.Reader { +func (ko *pgpKeyObject) PrivateKeyReader() io.Reader { return strings.NewReader(ko.PrivateKey) } @@ -61,7 +60,7 @@ type SignedString struct { Signed *Signature } -var errKeyringNotUnlocked = errors.New("pm-crypto: cannot sign message, key ring is not unlocked") +var errKeyringNotUnlocked = errors.New("gopenpgp: cannot sign message, key ring is not unlocked") // Err returns a non-nil error if the signature is invalid. func (s *Signature) Err() error { @@ -377,7 +376,7 @@ func (kr *KeyRing) DecryptArmored(r io.Reader) (decrypted io.Reader, signed *Sig } if block.Type != constants.PGPMessageHeader { - err = errors.New("pm-crypto: not an armored PGP message") + err = errors.New("gopenpgp: not an armored PGP message") return } @@ -510,7 +509,7 @@ func (kr *KeyRing) readFrom(r io.Reader, armored bool) error { } if len(entities) == 0 { - return errors.New("pm-crypto: key ring doesn't contain any key") + return errors.New("gopenpgp: key ring doesn't contain any key") } kr.entities = append(kr.entities, entities...) @@ -547,7 +546,7 @@ func (pgp *GopenPGP) BuildKeyRingArmored(key string) (kr *KeyRing, err error) { func (kr *KeyRing) UnmarshalJSON(b []byte) (err error) { kr.entities = nil - keyObjs := []pmKeyObject{} + keyObjs := []pgpKeyObject{} if err = json.Unmarshal(b, &keyObjs); err != nil { return } diff --git a/crypto/keyring_test.go b/crypto/keyring_test.go index 53dfa4a..6abcd8a 100644 --- a/crypto/keyring_test.go +++ b/crypto/keyring_test.go @@ -121,11 +121,11 @@ func TestKeyRing_ArmoredPublicKeyString(t *testing.T) { func TestCheckPassphrase(t *testing.T) { encryptedKeyRing, _ := ReadArmoredKeyRing(strings.NewReader(readTestFile("keyring_privateKey", false))) - is_correct := encryptedKeyRing.CheckPassphrase("Wrong password") - assert.Exactly(t, false, is_correct) + isCorrect := encryptedKeyRing.CheckPassphrase("Wrong password") + assert.Exactly(t, false, isCorrect) - is_correct = encryptedKeyRing.CheckPassphrase(testMailboxPassword) - assert.Exactly(t, true, is_correct) + isCorrect = encryptedKeyRing.CheckPassphrase(testMailboxPassword) + assert.Exactly(t, true, isCorrect) } func TestIdentities(t *testing.T) { diff --git a/crypto/message.go b/crypto/message.go index 32e115a..0283993 100644 --- a/crypto/message.go +++ b/crypto/message.go @@ -66,7 +66,7 @@ func decryptCore( ) (*openpgp.MessageDetails, error) { rawPwd := []byte(passphrase) if err := privKey.Unlock(rawPwd); err != nil { - err = fmt.Errorf("pm-crypto: cannot decrypt passphrase: %v", err) + err = fmt.Errorf("gopenpgp: cannot decrypt passphrase: %v", err) return nil, err } diff --git a/crypto/mime.go b/crypto/mime.go index 5cc0055..479ad51 100644 --- a/crypto/mime.go +++ b/crypto/mime.go @@ -7,7 +7,7 @@ import ( "net/textproto" "strings" - pmmime "github.com/ProtonMail/go-mime" + gomime "github.com/ProtonMail/go-mime" "golang.org/x/crypto/openpgp" "golang.org/x/crypto/openpgp/packet" @@ -15,7 +15,7 @@ import ( func (pgp GopenPGP) parseMIME( mimeBody string, verifierKey *KeyRing, -) (*pmmime.BodyCollector, int, []string, []string, error) { +) (*gomime.BodyCollector, int, []string, []string, error) { mm, err := mail.ReadMessage(strings.NewReader(mimeBody)) if err != nil { return nil, 0, nil, nil, err @@ -28,10 +28,10 @@ func (pgp GopenPGP) parseMIME( return nil, 0, nil, nil, err } - printAccepter := pmmime.NewMIMEPrinter() - bodyCollector := pmmime.NewBodyCollector(printAccepter) - attachmentsCollector := pmmime.NewAttachmentsCollector(bodyCollector) - mimeVisitor := pmmime.NewMimeVisitor(attachmentsCollector) + printAccepter := gomime.NewMIMEPrinter() + bodyCollector := gomime.NewBodyCollector(printAccepter) + attachmentsCollector := gomime.NewAttachmentsCollector(bodyCollector) + mimeVisitor := gomime.NewMimeVisitor(attachmentsCollector) var pgpKering openpgp.KeyRing if verifierKey != nil { @@ -40,7 +40,7 @@ func (pgp GopenPGP) parseMIME( signatureCollector := newSignatureCollector(mimeVisitor, pgpKering, config) - err = pmmime.VisitAll(bytes.NewReader(mmBodyData), h, signatureCollector) + err = gomime.VisitAll(bytes.NewReader(mmBodyData), h, signatureCollector) verified := signatureCollector.verified body := bodyCollector @@ -50,17 +50,17 @@ func (pgp GopenPGP) parseMIME( return body, verified, atts, attHeaders, err } -// MIMECallbacks defines a call back methods to process MIME message +// MIMECallbacks defines callback methods to process a MIME message. type MIMECallbacks interface { OnBody(body string, mimetype string) OnAttachment(headers string, data []byte) - // Encrypted headers can be an attachment and thus be placed at the end of the mime structure + // Encrypted headers can be in an attachment and thus be placed at the end of the mime structure. OnEncryptedHeaders(headers string) OnVerified(verified int) OnError(err error) } -// DecryptMIMEMessage decrypts a MIME message +// DecryptMIMEMessage decrypts a MIME message. func (pgp *GopenPGP) DecryptMIMEMessage( encryptedText string, verifierKey, privateKeyRing *KeyRing, passphrase string, callbacks MIMECallbacks, verifyTime int64, diff --git a/crypto/session.go b/crypto/session.go index 629de6d..9979904 100644 --- a/crypto/session.go +++ b/crypto/session.go @@ -13,7 +13,7 @@ import ( "golang.org/x/crypto/openpgp/packet" ) -// RandomToken with a default key size +// RandomToken generates a random token with the key size of the default cipher. func (pgp *GopenPGP) RandomToken() ([]byte, error) { config := &packet.Config{DefaultCipher: packet.CipherAES256} keySize := config.DefaultCipher.KeySize() @@ -24,7 +24,7 @@ func (pgp *GopenPGP) RandomToken() ([]byte, error) { return symKey, nil } -// RandomTokenWith a given key size +// RandomTokenWith generates a random token with the given key size. func (pgp *GopenPGP) RandomTokenWith(size int) ([]byte, error) { config := &packet.Config{DefaultCipher: packet.CipherAES256} symKey := make([]byte, size) @@ -34,12 +34,13 @@ func (pgp *GopenPGP) RandomTokenWith(size int) ([]byte, error) { return symKey, nil } -// GetSessionFromKeyPacket gets session key no encoding in and out +// GetSessionFromKeyPacket returns the decrypted session key from a binary +// public-key encrypted session key packet. func (pgp *GopenPGP) GetSessionFromKeyPacket( - keyPackage []byte, privateKey *KeyRing, passphrase string, + keyPacket []byte, privateKey *KeyRing, passphrase string, ) (*SymmetricKey, error) { - keyReader := bytes.NewReader(keyPackage) + keyReader := bytes.NewReader(keyPacket) packets := packet.NewReader(keyReader) var p packet.Packet @@ -72,7 +73,8 @@ func (pgp *GopenPGP) GetSessionFromKeyPacket( return getSessionSplit(ek) } -// KeyPacketWithPublicKey returns binary packet from symmetric key and armored public key +// KeyPacketWithPublicKey encrypts the session key with the armored publicKey +// and returns a binary public-key encrypted session key packet. func (pgp *GopenPGP) KeyPacketWithPublicKey(sessionSplit *SymmetricKey, publicKey string) ([]byte, error) { pubkeyRaw, err := armor.Unarmor(publicKey) if err != nil { @@ -81,7 +83,8 @@ func (pgp *GopenPGP) KeyPacketWithPublicKey(sessionSplit *SymmetricKey, publicKe return pgp.KeyPacketWithPublicKeyBin(sessionSplit, pubkeyRaw) } -// KeyPacketWithPublicKeyBin returns binary packet from symmetric key and binary public key +// KeyPacketWithPublicKeyBin encrypts the session key with the unarmored +// publicKey and returns a binary public-key encrypted session key packet. func (pgp *GopenPGP) KeyPacketWithPublicKeyBin(sessionSplit *SymmetricKey, publicKey []byte) ([]byte, error) { publicKeyReader := bytes.NewReader(publicKey) pubKeyEntries, err := openpgp.ReadKeyRing(publicKeyReader) @@ -123,15 +126,16 @@ func (pgp *GopenPGP) KeyPacketWithPublicKeyBin(sessionSplit *SymmetricKey, publi } if err = packet.SerializeEncryptedKey(outbuf, pub, cf, sessionSplit.Key, nil); err != nil { - err = fmt.Errorf("pm-crypto: cannot set key: %v", err) + err = fmt.Errorf("gopenpgp: cannot set key: %v", err) return nil, err } return outbuf.Bytes(), nil } -// GetSessionFromSymmetricPacket extracts symmentric key from binary packet -func (pgp *GopenPGP) GetSessionFromSymmetricPacket(keyPackage []byte, password string) (*SymmetricKey, error) { - keyReader := bytes.NewReader(keyPackage) +// GetSessionFromSymmetricPacket decrypts the binary symmetrically encrypted +// session key packet and returns the session key. +func (pgp *GopenPGP) GetSessionFromSymmetricPacket(keyPacket []byte, password string) (*SymmetricKey, error) { + keyReader := bytes.NewReader(keyPacket) packets := packet.NewReader(keyReader) var symKeys []*packet.SymmetricKeyEncrypted @@ -167,7 +171,8 @@ func (pgp *GopenPGP) GetSessionFromSymmetricPacket(keyPackage []byte, password s return nil, errors.New("password incorrect") } -// SymmetricKeyPacketWithPassword return binary packet from symmetric key and password +// SymmetricKeyPacketWithPassword encrypts the session key with the password and +// returns a binary symmetrically encrypted session key packet. func (pgp *GopenPGP) SymmetricKeyPacketWithPassword(sessionSplit *SymmetricKey, password string) ([]byte, error) { outbuf := &bytes.Buffer{} diff --git a/crypto/signature_collector.go b/crypto/signature_collector.go index 6668db1..31127eb 100644 --- a/crypto/signature_collector.go +++ b/crypto/signature_collector.go @@ -7,7 +7,7 @@ import ( "mime" "net/textproto" - "github.com/ProtonMail/go-mime" + gomime "github.com/ProtonMail/go-mime" "golang.org/x/crypto/openpgp" "golang.org/x/crypto/openpgp/packet" @@ -17,13 +17,13 @@ import ( type SignatureCollector struct { config *packet.Config keyring openpgp.KeyRing - target pmmime.VisitAcceptor + target gomime.VisitAcceptor signature string verified int } func newSignatureCollector( - targetAcceptor pmmime.VisitAcceptor, keyring openpgp.KeyRing, config *packet.Config, + targetAcceptor gomime.VisitAcceptor, keyring openpgp.KeyRing, config *packet.Config, ) *SignatureCollector { return &SignatureCollector{ target: targetAcceptor, @@ -39,10 +39,10 @@ func (sc *SignatureCollector) Accept( ) (err error) { parentMediaType, params, _ := mime.ParseMediaType(header.Get("Content-Type")) if parentMediaType == "multipart/signed" { - newPart, rawBody := pmmime.GetRawMimePart(part, "--"+params["boundary"]) + newPart, rawBody := gomime.GetRawMimePart(part, "--"+params["boundary"]) var multiparts []io.Reader var multipartHeaders []textproto.MIMEHeader - if multiparts, multipartHeaders, err = pmmime.GetMultipartParts(newPart, params); err == nil { + if multiparts, multipartHeaders, err = gomime.GetMultipartParts(newPart, params); err == nil { hasPlainChild := false for _, header := range multipartHeaders { mediaType, _, _ := mime.ParseMediaType(header.Get("Content-Type")) @@ -77,7 +77,7 @@ func (sc *SignatureCollector) Accept( return err } - decodedPart := pmmime.DecodeContentEncoding( + decodedPart := gomime.DecodeContentEncoding( bytes.NewReader(partData), multipartHeaders[1].Get("Content-Transfer-Encoding")) @@ -85,7 +85,7 @@ func (sc *SignatureCollector) Accept( if err != nil { return err } - buffer, err = pmmime.DecodeCharset(buffer, params) + buffer, err = gomime.DecodeCharset(buffer, params) if err != nil { return err } diff --git a/glide.yaml b/glide.yaml index f7b9c53..90562f3 100644 --- a/glide.yaml +++ b/glide.yaml @@ -1,9 +1,8 @@ -package: proton/gopenpgp +package: github.com/ProtonMail/gopenpgp import: - package: golang.org/x/crypto - version: master repo: https://github.com/ProtonMail/crypto.git - version: 9e4251120d8c43f10024d798bc6dde21d40704a0 + version: master - package: github.com/ProtonMail/go-mime repo: https://github.com/ProtonMail/go-mime.git - + version: master diff --git a/internal/common.go b/internal/common.go index 66d8356..ed7d664 100644 --- a/internal/common.go +++ b/internal/common.go @@ -1,8 +1,9 @@ package internal import ( - "github.com/ProtonMail/gopenpgp/constants" "regexp" + + "github.com/ProtonMail/gopenpgp/constants" ) // TrimNewlines removes a whitespace in the end of string (don't stop on linebreak) @@ -15,7 +16,7 @@ func TrimNewlines(input string) string { // created in the future, to compensate for clock skew const CreationTimeOffset = int64(60 * 60 * 24 * 2) -// ArmorHeaders from golang pm-crypto +// ArmorHeaders from gopenpgp var ArmorHeaders = map[string]string{ "Version": constants.ArmorHeaderVersion, "Comment": constants.ArmorHeaderComment,