Signing/unlocking entities simplification

2018-11-21 21:11:30 +01:00 · 2018-11-21 21:11:30 +01:00 · fc706ffa3e
commit fc706ffa3e
parent d57b71e5ec
4 changed files with 31 additions and 67 deletions
--- a/crypto/attachment.go
+++ b/crypto/attachment.go
@ -65,19 +65,7 @@ func (pm *PmCrypto) DecryptAttachment(keyPacket []byte, dataPacket []byte, kr *K
 	privKeyEntries := kr.entities
-	rawPwd := []byte(passphrase)
+	kr.Unlock([]byte(passphrase))
 	for _, e := range privKeyEntries {
 		if e.PrivateKey != nil && e.PrivateKey.Encrypted {
 			e.PrivateKey.Decrypt(rawPwd)
 		}
 		for _, sub := range e.Subkeys {
 			if sub.PrivateKey != nil && sub.PrivateKey.Encrypted {
 				sub.PrivateKey.Decrypt(rawPwd)
 			}
 		}
 	}
 	keyReader := bytes.NewReader(keyPacket)
 	dataReader := bytes.NewReader(dataPacket)
--- a/crypto/keyring.go
+++ b/crypto/keyring.go
@ -105,6 +105,25 @@ func (kr *KeyRing) GetEntities() openpgp.EntityList {
 	return kr.entities
 }
 func (kr *KeyRing) GetSigningEntity(passphrase string) *openpgp.Entity {
 	var signEntity *openpgp.Entity
 	for _, e := range kr.entities {
 		// Entity.PrivateKey must be a signing key
 		if e.PrivateKey != nil {
 			if e.PrivateKey.Encrypted {
 				e.PrivateKey.Decrypt([]byte(passphrase))
 			}
 			if !e.PrivateKey.Encrypted {
 				signEntity = e
 				break
 			}
 		}
 	}
 	return signEntity
 }
 // Encrypt encrypts data to this keyring's owner. If sign is not nil, it also
 // signs data with it. sign must be unlock to be able to sign data, if it's not
 // the case an error will be returned.
@ -347,7 +366,7 @@ func (kr *KeyRing) Unlock(passphrase []byte) error {
 	}
 	if len(keys) == 0 {
-		return errors.New("pmapi: cannot unlock key ring, no private key available")
+		return errors.New("go-pm-crypto: cannot unlock key ring, no private key available")
 	}
 	var err error
--- a/crypto/message.go
+++ b/crypto/message.go
@ -40,7 +40,7 @@ func (pm *PmCrypto) DecryptMessageStringKey(encryptedText string, privateKey str
 // passphrase : match with private key to decrypt message
 func (pm *PmCrypto) DecryptMessage(encryptedText string, privateKey *KeyRing, passphrase string) (string, error) {
-	md, err := decryptCore(encryptedText, nil, privateKey.entities, passphrase, pm.getTimeGenerator())
+	md, err := decryptCore(encryptedText, nil, privateKey, passphrase, pm.getTimeGenerator())
 	if err != nil {
 		return "", err
 	}
@ -55,20 +55,14 @@ func (pm *PmCrypto) DecryptMessage(encryptedText string, privateKey *KeyRing, pa
 	return string(b), nil
 }
-func decryptCore(encryptedText string, additionalEntries openpgp.EntityList, privKeyEntries openpgp.EntityList, passphrase string, timeFunc func() time.Time) (*openpgp.MessageDetails, error) {
+func decryptCore(encryptedText string, additionalEntries openpgp.EntityList, privKey *KeyRing, passphrase string, timeFunc func() time.Time) (*openpgp.MessageDetails, error) {
 	rawPwd := []byte(passphrase)
-	for _, e := range privKeyEntries {
+	privKey.Unlock(rawPwd)
-		if e.PrivateKey != nil && e.PrivateKey.Encrypted {
+	privKeyEntries := privKey.entities
-			e.PrivateKey.Decrypt(rawPwd)
+	for _, entity := range privKey.entities {
-		}
+		privKeyEntries = append(privKeyEntries, entity)
 		for _, sub := range e.Subkeys {
 			if sub.PrivateKey != nil && sub.PrivateKey.Encrypted {
 				sub.PrivateKey.Decrypt(rawPwd)
 			}
 		}
 	}
 	if additionalEntries != nil {
@ -101,7 +95,7 @@ func (pm *PmCrypto) DecryptMessageVerify(encryptedText string, verifierKey *KeyR
 		out.Verify = noVerifier
 	}
-	md, err := decryptCore(encryptedText, verifierEntries, privateKeyRing.entities, passphrase, func() time.Time { return time.Unix(0, 0) }) // TODO: I doubt this time is correct
+	md, err := decryptCore(encryptedText, verifierEntries, privateKeyRing, passphrase, func() time.Time { return time.Unix(0, 0) }) // TODO: I doubt this time is correct
 	decrypted := md.UnverifiedBody
 	b, err := ioutil.ReadAll(decrypted)
@ -205,18 +199,7 @@ func (pm *PmCrypto) EncryptMessage(plainText string, publicKey *KeyRing, private
 	if len(passphrase) > 0 && len(privateKey.entities) > 0 {
-		for _, e := range privateKey.entities {
+		signEntity := privateKey.GetSigningEntity(passphrase)
 			// Entity.PrivateKey must be a signing key
 			if e.PrivateKey != nil {
 				if e.PrivateKey.Encrypted {
 					e.PrivateKey.Decrypt([]byte(passphrase))
 				}
 				if !e.PrivateKey.Encrypted {
 					signEntity = e
 					break
 				}
 			}
 		}
 		if signEntity == nil {
 			return "", errors.New("cannot sign message, signer key is not unlocked")
--- a/crypto/sign_detached.go
+++ b/crypto/sign_detached.go
@ -16,24 +16,11 @@ import (
 // SignTextDetached sign detached text type
 func (pm *PmCrypto) SignTextDetached(plainText string, privateKey *KeyRing, passphrase string, trim bool) (string, error) {
 	//sign with 0x01 text
 	var signEntity *openpgp.Entity
 	if trim {
 		plainText = internal.TrimNewlines(plainText)
 	}
-	for _, e := range privateKey.entities {
+	signEntity := privateKey.GetSigningEntity(passphrase)
 		// Entity.PrivateKey must be a signing key
 		if e.PrivateKey != nil {
 			if e.PrivateKey.Encrypted {
 				e.PrivateKey.Decrypt([]byte(passphrase))
 			}
 			if !e.PrivateKey.Encrypted {
 				signEntity = e
 				break
 			}
 		}
 	}
 	if signEntity == nil {
 		return "", errors.New("cannot sign message, signer key is not unlocked")
@ -55,20 +42,7 @@ func (pm *PmCrypto) SignTextDetached(plainText string, privateKey *KeyRing, pass
 // Sign detached bin data using string key
 func (pm *PmCrypto) SignBinDetached(plainData []byte, privateKey *KeyRing, passphrase string) (string, error) {
 	//sign with 0x00
-	var signEntity *openpgp.Entity
+	signEntity := privateKey.GetSigningEntity(passphrase)
 	for _, e := range privateKey.entities {
 		// Entity.PrivateKey must be a signing key
 		if e.PrivateKey != nil {
 			if e.PrivateKey.Encrypted {
 				e.PrivateKey.Decrypt([]byte(passphrase))
 			}
 			if !e.PrivateKey.Encrypted {
 				signEntity = e
 				break
 			}
 		}
 	}
 	if signEntity == nil {
 		return "", errors.New("cannot sign message, singer key is not unlocked")