Refactor api (#6)

* Refactor library, remove duplicates * Rebuild structure to use Messages and Signature models * Use PGPSplitMessage * Remove signature model * Various fixes * Add helpers with tests * Fixes, add some docs, add tests * Add attachment helpers * Add helpers Symmetric encryption * Edit docs + examples * Rename kr to keyRing * Various fixes for documentation * Edit JSON handling functions, add decrypt keyring via token * Add proposal changes doc * Fix CI * Drop *Message functions, join CleartextMessage and BinaryMessage * Change canonicalization and trimming only to text signatures * Add cleartextsignature, detach signature from message model, move helpers * Documentation, remove optional parameters * Move verification to separate model * Don't return message in VerifyDetached * Update table of contents in readme * Appease golint * Run go fmt * Rename Encrypt/DecryptMessageWithPassword to ..WithToken These functions shouldn't be used with user-provided passwords, as they don't do any key-stretching. * Change key generation usernames
2019-06-03 17:00:01 +02:00 · 2019-06-03 17:00:01 +02:00 · e65ed17b41
commit e65ed17b41
parent 82d49bf235
34 changed files with 2573 additions and 1478 deletions
--- a/helper/helper.go
+++ b/helper/helper.go
@ -0,0 +1,258 @@
+package helper
+
+import (
+	"errors"
+
+	"github.com/ProtonMail/gopenpgp/constants"
+	"github.com/ProtonMail/gopenpgp/crypto"
+)
+
+var pgp = crypto.GetGopenPGP()
+
+// EncryptMessageWithToken encrypts a string with a passphrase using AES256
+func EncryptMessageWithToken(
+	passphrase, plaintext string,
+) (ciphertext string, err error) {
+	return EncryptMessageWithTokenAlgo(passphrase, plaintext, constants.AES256)
+}
+
+// EncryptMessageWithTokenAlgo encrypts a string with a random token and an algorithm chosen from constants.*
+func EncryptMessageWithTokenAlgo(
+	token, plaintext, algo string,
+) (ciphertext string, err error) {
+	var pgpMessage *crypto.PGPMessage
+
+	var message = crypto.NewPlainMessageFromString(plaintext)
+	var key = crypto.NewSymmetricKeyFromToken(token, algo)
+
+	if pgpMessage, err = key.Encrypt(message); err != nil {
+		return "", err
+	}
+
+	if ciphertext, err = pgpMessage.GetArmored(); err != nil {
+		return "", err
+	}
+
+	return ciphertext, nil
+}
+
+// DecryptMessageWithToken decrypts an armored message with a random token.
+// The algorithm is derived from the armoring.
+func DecryptMessageWithToken(token, ciphertext string) (plaintext string, err error) {
+	var message *crypto.PlainMessage
+	var pgpMessage *crypto.PGPMessage
+
+	var key = crypto.NewSymmetricKeyFromToken(token, "")
+
+	if pgpMessage, err = crypto.NewPGPMessageFromArmored(ciphertext); err != nil {
+		return "", err
+	}
+
+	if message, err = key.Decrypt(pgpMessage); err != nil {
+		return "", err
+	}
+
+	return message.GetString(), nil
+}
+
+// EncryptMessageArmored generates an armored PGP message given a plaintext and an armored public key
+func EncryptMessageArmored(publicKey, plaintext string) (ciphertext string, err error) {
+	var publicKeyRing *crypto.KeyRing
+	var pgpMessage *crypto.PGPMessage
+
+	var message = crypto.NewPlainMessageFromString(plaintext)
+
+	if publicKeyRing, err = pgp.BuildKeyRingArmored(publicKey); err != nil {
+		return "", err
+	}
+
+	if pgpMessage, err = publicKeyRing.Encrypt(message, nil); err != nil {
+		return "", err
+	}
+
+	if ciphertext, err = pgpMessage.GetArmored(); err != nil {
+		return "", err
+	}
+
+	return ciphertext, nil
+}
+
+// EncryptSignMessageArmored generates an armored signed PGP message given a plaintext and an armored public key
+// a private key and its passphrase
+func EncryptSignMessageArmored(
+	publicKey, privateKey, passphrase, plaintext string,
+) (ciphertext string, err error) {
+	var publicKeyRing, privateKeyRing *crypto.KeyRing
+	var pgpMessage *crypto.PGPMessage
+
+	var message = crypto.NewPlainMessageFromString(plaintext)
+
+	if publicKeyRing, err = pgp.BuildKeyRingArmored(publicKey); err != nil {
+		return "", err
+	}
+
+	if privateKeyRing, err = pgp.BuildKeyRingArmored(privateKey); err != nil {
+		return "", err
+	}
+
+	if err = privateKeyRing.UnlockWithPassphrase(passphrase); err != nil {
+		return "", err
+	}
+
+	if pgpMessage, err = publicKeyRing.Encrypt(message, privateKeyRing); err != nil {
+		return "", err
+	}
+
+	if ciphertext, err = pgpMessage.GetArmored(); err != nil {
+		return "", err
+	}
+
+	return ciphertext, nil
+}
+
+// DecryptMessageArmored decrypts an armored PGP message given a private key and its passphrase
+func DecryptMessageArmored(
+	privateKey, passphrase, ciphertext string,
+) (plaintext string, err error) {
+	var privateKeyRing *crypto.KeyRing
+	var pgpMessage *crypto.PGPMessage
+	var message *crypto.PlainMessage
+
+	if privateKeyRing, err = pgp.BuildKeyRingArmored(privateKey); err != nil {
+		return "", err
+	}
+
+	if err = privateKeyRing.UnlockWithPassphrase(passphrase); err != nil {
+		return "", err
+	}
+
+	if pgpMessage, err = crypto.NewPGPMessageFromArmored(ciphertext); err != nil {
+		return "", err
+	}
+
+	if message, _, err = privateKeyRing.Decrypt(pgpMessage, nil, 0); err != nil {
+		return "", err
+	}
+
+	return message.GetString(), nil
+}
+
+// DecryptVerifyMessageArmored decrypts an armored PGP message given a private key and its passphrase
+// and verifies the embedded signature.
+// Returns the plain data or an error on signature verification failure.
+func DecryptVerifyMessageArmored(
+	publicKey, privateKey, passphrase, ciphertext string,
+) (plaintext string, err error) {
+	var publicKeyRing, privateKeyRing *crypto.KeyRing
+	var pgpMessage *crypto.PGPMessage
+	var message *crypto.PlainMessage
+	var verification *crypto.Verification
+
+	if publicKeyRing, err = pgp.BuildKeyRingArmored(publicKey); err != nil {
+		return "", err
+	}
+
+	if privateKeyRing, err = pgp.BuildKeyRingArmored(privateKey); err != nil {
+		return "", err
+	}
+
+	if err = privateKeyRing.UnlockWithPassphrase(passphrase); err != nil {
+		return "", err
+	}
+
+	if pgpMessage, err = crypto.NewPGPMessageFromArmored(ciphertext); err != nil {
+		return "", err
+	}
+
+	if message, verification, err = privateKeyRing.Decrypt(pgpMessage, publicKeyRing, pgp.GetUnixTime()); err != nil {
+		return "", err
+	}
+
+	if !verification.IsValid() {
+		return "", errors.New("gopenpgp: unable to verify message")
+	}
+
+	return message.GetString(), nil
+}
+
+// EncryptSignAttachment encrypts an attachment using a detached signature, given a publicKey, a privateKey
+// and its passphrase, the filename, and the unencrypted file data.
+// Returns keypacket, dataPacket and unarmored (!) signature separate.
+func EncryptSignAttachment(
+	publicKey, privateKey, passphrase, fileName string,
+	plainData []byte,
+) (keyPacket, dataPacket, signature []byte, err error) {
+	var publicKeyRing, privateKeyRing *crypto.KeyRing
+	var packets *crypto.PGPSplitMessage
+	var signatureObj *crypto.PGPSignature
+
+	var binMessage = crypto.NewPlainMessage(plainData)
+
+	if publicKeyRing, err = pgp.BuildKeyRingArmored(publicKey); err != nil {
+		return nil, nil, nil, err
+	}
+
+	if privateKeyRing, err = pgp.BuildKeyRingArmored(privateKey); err != nil {
+		return nil, nil, nil, err
+	}
+
+	if err = privateKeyRing.UnlockWithPassphrase(passphrase); err != nil {
+		return nil, nil, nil, err
+	}
+
+	if packets, err = publicKeyRing.EncryptAttachment(binMessage, fileName); err != nil {
+		return nil, nil, nil, err
+	}
+
+	if signatureObj, err = privateKeyRing.SignDetached(binMessage); err != nil {
+		return nil, nil, nil, err
+	}
+
+	return packets.GetKeyPacket(), packets.GetDataPacket(), signatureObj.GetBinary(), nil
+}
+
+// DecryptVerifyAttachment decrypts and verifies an attachment split into the keyPacket, dataPacket
+// and an armored (!) signature, given a publicKey, and a privateKey with its passphrase.
+// Returns the plain data or an error on signature verification failure.
+func DecryptVerifyAttachment(
+	publicKey, privateKey, passphrase string,
+	keyPacket, dataPacket []byte,
+	armoredSignature string,
+) (plainData []byte, err error) {
+	var publicKeyRing, privateKeyRing *crypto.KeyRing
+	var detachedSignature *crypto.PGPSignature
+	var message *crypto.PlainMessage
+	var verification *crypto.Verification
+
+	var packets = crypto.NewPGPSplitMessage(keyPacket, dataPacket)
+
+	if publicKeyRing, err = pgp.BuildKeyRingArmored(publicKey); err != nil {
+		return nil, err
+	}
+
+	if privateKeyRing, err = pgp.BuildKeyRingArmored(privateKey); err != nil {
+		return nil, err
+	}
+
+	if err = privateKeyRing.UnlockWithPassphrase(passphrase); err != nil {
+		return nil, err
+	}
+
+	if detachedSignature, err = crypto.NewPGPSignatureFromArmored(armoredSignature); err != nil {
+		return nil, err
+	}
+
+	if message, err = privateKeyRing.DecryptAttachment(packets); err != nil {
+		return nil, err
+	}
+
+	if verification, err = publicKeyRing.VerifyDetached(message, detachedSignature, pgp.GetUnixTime()); err != nil {
+		return nil, errors.New("gopenpgp: unable to verify attachment")
+	}
+
+	if !verification.IsValid() {
+		return nil, errors.New("gopenpgp: unable to verify attachment")
+	}
+
+	return message.GetBinary(), nil
+}