diff options
Diffstat (limited to 'vendor/golang.org/x/crypto/openpgp/packet/private_key.go')
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/private_key.go | 380 |
1 files changed, 380 insertions, 0 deletions
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/private_key.go b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go new file mode 100644 index 0000000..34734cc --- /dev/null +++ b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go | |||
@@ -0,0 +1,380 @@ | |||
1 | // Copyright 2011 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | package packet | ||
6 | |||
7 | import ( | ||
8 | "bytes" | ||
9 | "crypto" | ||
10 | "crypto/cipher" | ||
11 | "crypto/dsa" | ||
12 | "crypto/ecdsa" | ||
13 | "crypto/rsa" | ||
14 | "crypto/sha1" | ||
15 | "io" | ||
16 | "io/ioutil" | ||
17 | "math/big" | ||
18 | "strconv" | ||
19 | "time" | ||
20 | |||
21 | "golang.org/x/crypto/openpgp/elgamal" | ||
22 | "golang.org/x/crypto/openpgp/errors" | ||
23 | "golang.org/x/crypto/openpgp/s2k" | ||
24 | ) | ||
25 | |||
26 | // PrivateKey represents a possibly encrypted private key. See RFC 4880, | ||
27 | // section 5.5.3. | ||
28 | type PrivateKey struct { | ||
29 | PublicKey | ||
30 | Encrypted bool // if true then the private key is unavailable until Decrypt has been called. | ||
31 | encryptedData []byte | ||
32 | cipher CipherFunction | ||
33 | s2k func(out, in []byte) | ||
34 | PrivateKey interface{} // An *{rsa|dsa|ecdsa}.PrivateKey or a crypto.Signer. | ||
35 | sha1Checksum bool | ||
36 | iv []byte | ||
37 | } | ||
38 | |||
39 | func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey) *PrivateKey { | ||
40 | pk := new(PrivateKey) | ||
41 | pk.PublicKey = *NewRSAPublicKey(currentTime, &priv.PublicKey) | ||
42 | pk.PrivateKey = priv | ||
43 | return pk | ||
44 | } | ||
45 | |||
46 | func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey { | ||
47 | pk := new(PrivateKey) | ||
48 | pk.PublicKey = *NewDSAPublicKey(currentTime, &priv.PublicKey) | ||
49 | pk.PrivateKey = priv | ||
50 | return pk | ||
51 | } | ||
52 | |||
53 | func NewElGamalPrivateKey(currentTime time.Time, priv *elgamal.PrivateKey) *PrivateKey { | ||
54 | pk := new(PrivateKey) | ||
55 | pk.PublicKey = *NewElGamalPublicKey(currentTime, &priv.PublicKey) | ||
56 | pk.PrivateKey = priv | ||
57 | return pk | ||
58 | } | ||
59 | |||
60 | func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey { | ||
61 | pk := new(PrivateKey) | ||
62 | pk.PublicKey = *NewECDSAPublicKey(currentTime, &priv.PublicKey) | ||
63 | pk.PrivateKey = priv | ||
64 | return pk | ||
65 | } | ||
66 | |||
67 | // NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that | ||
68 | // implements RSA or ECDSA. | ||
69 | func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey { | ||
70 | pk := new(PrivateKey) | ||
71 | switch pubkey := signer.Public().(type) { | ||
72 | case rsa.PublicKey: | ||
73 | pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey) | ||
74 | pk.PubKeyAlgo = PubKeyAlgoRSASignOnly | ||
75 | case ecdsa.PublicKey: | ||
76 | pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey) | ||
77 | default: | ||
78 | panic("openpgp: unknown crypto.Signer type in NewSignerPrivateKey") | ||
79 | } | ||
80 | pk.PrivateKey = signer | ||
81 | return pk | ||
82 | } | ||
83 | |||
84 | func (pk *PrivateKey) parse(r io.Reader) (err error) { | ||
85 | err = (&pk.PublicKey).parse(r) | ||
86 | if err != nil { | ||
87 | return | ||
88 | } | ||
89 | var buf [1]byte | ||
90 | _, err = readFull(r, buf[:]) | ||
91 | if err != nil { | ||
92 | return | ||
93 | } | ||
94 | |||
95 | s2kType := buf[0] | ||
96 | |||
97 | switch s2kType { | ||
98 | case 0: | ||
99 | pk.s2k = nil | ||
100 | pk.Encrypted = false | ||
101 | case 254, 255: | ||
102 | _, err = readFull(r, buf[:]) | ||
103 | if err != nil { | ||
104 | return | ||
105 | } | ||
106 | pk.cipher = CipherFunction(buf[0]) | ||
107 | pk.Encrypted = true | ||
108 | pk.s2k, err = s2k.Parse(r) | ||
109 | if err != nil { | ||
110 | return | ||
111 | } | ||
112 | if s2kType == 254 { | ||
113 | pk.sha1Checksum = true | ||
114 | } | ||
115 | default: | ||
116 | return errors.UnsupportedError("deprecated s2k function in private key") | ||
117 | } | ||
118 | |||
119 | if pk.Encrypted { | ||
120 | blockSize := pk.cipher.blockSize() | ||
121 | if blockSize == 0 { | ||
122 | return errors.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher))) | ||
123 | } | ||
124 | pk.iv = make([]byte, blockSize) | ||
125 | _, err = readFull(r, pk.iv) | ||
126 | if err != nil { | ||
127 | return | ||
128 | } | ||
129 | } | ||
130 | |||
131 | pk.encryptedData, err = ioutil.ReadAll(r) | ||
132 | if err != nil { | ||
133 | return | ||
134 | } | ||
135 | |||
136 | if !pk.Encrypted { | ||
137 | return pk.parsePrivateKey(pk.encryptedData) | ||
138 | } | ||
139 | |||
140 | return | ||
141 | } | ||
142 | |||
143 | func mod64kHash(d []byte) uint16 { | ||
144 | var h uint16 | ||
145 | for _, b := range d { | ||
146 | h += uint16(b) | ||
147 | } | ||
148 | return h | ||
149 | } | ||
150 | |||
151 | func (pk *PrivateKey) Serialize(w io.Writer) (err error) { | ||
152 | // TODO(agl): support encrypted private keys | ||
153 | buf := bytes.NewBuffer(nil) | ||
154 | err = pk.PublicKey.serializeWithoutHeaders(buf) | ||
155 | if err != nil { | ||
156 | return | ||
157 | } | ||
158 | buf.WriteByte(0 /* no encryption */) | ||
159 | |||
160 | privateKeyBuf := bytes.NewBuffer(nil) | ||
161 | |||
162 | switch priv := pk.PrivateKey.(type) { | ||
163 | case *rsa.PrivateKey: | ||
164 | err = serializeRSAPrivateKey(privateKeyBuf, priv) | ||
165 | case *dsa.PrivateKey: | ||
166 | err = serializeDSAPrivateKey(privateKeyBuf, priv) | ||
167 | case *elgamal.PrivateKey: | ||
168 | err = serializeElGamalPrivateKey(privateKeyBuf, priv) | ||
169 | case *ecdsa.PrivateKey: | ||
170 | err = serializeECDSAPrivateKey(privateKeyBuf, priv) | ||
171 | default: | ||
172 | err = errors.InvalidArgumentError("unknown private key type") | ||
173 | } | ||
174 | if err != nil { | ||
175 | return | ||
176 | } | ||
177 | |||
178 | ptype := packetTypePrivateKey | ||
179 | contents := buf.Bytes() | ||
180 | privateKeyBytes := privateKeyBuf.Bytes() | ||
181 | if pk.IsSubkey { | ||
182 | ptype = packetTypePrivateSubkey | ||
183 | } | ||
184 | err = serializeHeader(w, ptype, len(contents)+len(privateKeyBytes)+2) | ||
185 | if err != nil { | ||
186 | return | ||
187 | } | ||
188 | _, err = w.Write(contents) | ||
189 | if err != nil { | ||
190 | return | ||
191 | } | ||
192 | _, err = w.Write(privateKeyBytes) | ||
193 | if err != nil { | ||
194 | return | ||
195 | } | ||
196 | |||
197 | checksum := mod64kHash(privateKeyBytes) | ||
198 | var checksumBytes [2]byte | ||
199 | checksumBytes[0] = byte(checksum >> 8) | ||
200 | checksumBytes[1] = byte(checksum) | ||
201 | _, err = w.Write(checksumBytes[:]) | ||
202 | |||
203 | return | ||
204 | } | ||
205 | |||
206 | func serializeRSAPrivateKey(w io.Writer, priv *rsa.PrivateKey) error { | ||
207 | err := writeBig(w, priv.D) | ||
208 | if err != nil { | ||
209 | return err | ||
210 | } | ||
211 | err = writeBig(w, priv.Primes[1]) | ||
212 | if err != nil { | ||
213 | return err | ||
214 | } | ||
215 | err = writeBig(w, priv.Primes[0]) | ||
216 | if err != nil { | ||
217 | return err | ||
218 | } | ||
219 | return writeBig(w, priv.Precomputed.Qinv) | ||
220 | } | ||
221 | |||
222 | func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error { | ||
223 | return writeBig(w, priv.X) | ||
224 | } | ||
225 | |||
226 | func serializeElGamalPrivateKey(w io.Writer, priv *elgamal.PrivateKey) error { | ||
227 | return writeBig(w, priv.X) | ||
228 | } | ||
229 | |||
230 | func serializeECDSAPrivateKey(w io.Writer, priv *ecdsa.PrivateKey) error { | ||
231 | return writeBig(w, priv.D) | ||
232 | } | ||
233 | |||
234 | // Decrypt decrypts an encrypted private key using a passphrase. | ||
235 | func (pk *PrivateKey) Decrypt(passphrase []byte) error { | ||
236 | if !pk.Encrypted { | ||
237 | return nil | ||
238 | } | ||
239 | |||
240 | key := make([]byte, pk.cipher.KeySize()) | ||
241 | pk.s2k(key, passphrase) | ||
242 | block := pk.cipher.new(key) | ||
243 | cfb := cipher.NewCFBDecrypter(block, pk.iv) | ||
244 | |||
245 | data := make([]byte, len(pk.encryptedData)) | ||
246 | cfb.XORKeyStream(data, pk.encryptedData) | ||
247 | |||
248 | if pk.sha1Checksum { | ||
249 | if len(data) < sha1.Size { | ||
250 | return errors.StructuralError("truncated private key data") | ||
251 | } | ||
252 | h := sha1.New() | ||
253 | h.Write(data[:len(data)-sha1.Size]) | ||
254 | sum := h.Sum(nil) | ||
255 | if !bytes.Equal(sum, data[len(data)-sha1.Size:]) { | ||
256 | return errors.StructuralError("private key checksum failure") | ||
257 | } | ||
258 | data = data[:len(data)-sha1.Size] | ||
259 | } else { | ||
260 | if len(data) < 2 { | ||
261 | return errors.StructuralError("truncated private key data") | ||
262 | } | ||
263 | var sum uint16 | ||
264 | for i := 0; i < len(data)-2; i++ { | ||
265 | sum += uint16(data[i]) | ||
266 | } | ||
267 | if data[len(data)-2] != uint8(sum>>8) || | ||
268 | data[len(data)-1] != uint8(sum) { | ||
269 | return errors.StructuralError("private key checksum failure") | ||
270 | } | ||
271 | data = data[:len(data)-2] | ||
272 | } | ||
273 | |||
274 | return pk.parsePrivateKey(data) | ||
275 | } | ||
276 | |||
277 | func (pk *PrivateKey) parsePrivateKey(data []byte) (err error) { | ||
278 | switch pk.PublicKey.PubKeyAlgo { | ||
279 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoRSAEncryptOnly: | ||
280 | return pk.parseRSAPrivateKey(data) | ||
281 | case PubKeyAlgoDSA: | ||
282 | return pk.parseDSAPrivateKey(data) | ||
283 | case PubKeyAlgoElGamal: | ||
284 | return pk.parseElGamalPrivateKey(data) | ||
285 | case PubKeyAlgoECDSA: | ||
286 | return pk.parseECDSAPrivateKey(data) | ||
287 | } | ||
288 | panic("impossible") | ||
289 | } | ||
290 | |||
291 | func (pk *PrivateKey) parseRSAPrivateKey(data []byte) (err error) { | ||
292 | rsaPub := pk.PublicKey.PublicKey.(*rsa.PublicKey) | ||
293 | rsaPriv := new(rsa.PrivateKey) | ||
294 | rsaPriv.PublicKey = *rsaPub | ||
295 | |||
296 | buf := bytes.NewBuffer(data) | ||
297 | d, _, err := readMPI(buf) | ||
298 | if err != nil { | ||
299 | return | ||
300 | } | ||
301 | p, _, err := readMPI(buf) | ||
302 | if err != nil { | ||
303 | return | ||
304 | } | ||
305 | q, _, err := readMPI(buf) | ||
306 | if err != nil { | ||
307 | return | ||
308 | } | ||
309 | |||
310 | rsaPriv.D = new(big.Int).SetBytes(d) | ||
311 | rsaPriv.Primes = make([]*big.Int, 2) | ||
312 | rsaPriv.Primes[0] = new(big.Int).SetBytes(p) | ||
313 | rsaPriv.Primes[1] = new(big.Int).SetBytes(q) | ||
314 | if err := rsaPriv.Validate(); err != nil { | ||
315 | return err | ||
316 | } | ||
317 | rsaPriv.Precompute() | ||
318 | pk.PrivateKey = rsaPriv | ||
319 | pk.Encrypted = false | ||
320 | pk.encryptedData = nil | ||
321 | |||
322 | return nil | ||
323 | } | ||
324 | |||
325 | func (pk *PrivateKey) parseDSAPrivateKey(data []byte) (err error) { | ||
326 | dsaPub := pk.PublicKey.PublicKey.(*dsa.PublicKey) | ||
327 | dsaPriv := new(dsa.PrivateKey) | ||
328 | dsaPriv.PublicKey = *dsaPub | ||
329 | |||
330 | buf := bytes.NewBuffer(data) | ||
331 | x, _, err := readMPI(buf) | ||
332 | if err != nil { | ||
333 | return | ||
334 | } | ||
335 | |||
336 | dsaPriv.X = new(big.Int).SetBytes(x) | ||
337 | pk.PrivateKey = dsaPriv | ||
338 | pk.Encrypted = false | ||
339 | pk.encryptedData = nil | ||
340 | |||
341 | return nil | ||
342 | } | ||
343 | |||
344 | func (pk *PrivateKey) parseElGamalPrivateKey(data []byte) (err error) { | ||
345 | pub := pk.PublicKey.PublicKey.(*elgamal.PublicKey) | ||
346 | priv := new(elgamal.PrivateKey) | ||
347 | priv.PublicKey = *pub | ||
348 | |||
349 | buf := bytes.NewBuffer(data) | ||
350 | x, _, err := readMPI(buf) | ||
351 | if err != nil { | ||
352 | return | ||
353 | } | ||
354 | |||
355 | priv.X = new(big.Int).SetBytes(x) | ||
356 | pk.PrivateKey = priv | ||
357 | pk.Encrypted = false | ||
358 | pk.encryptedData = nil | ||
359 | |||
360 | return nil | ||
361 | } | ||
362 | |||
363 | func (pk *PrivateKey) parseECDSAPrivateKey(data []byte) (err error) { | ||
364 | ecdsaPub := pk.PublicKey.PublicKey.(*ecdsa.PublicKey) | ||
365 | |||
366 | buf := bytes.NewBuffer(data) | ||
367 | d, _, err := readMPI(buf) | ||
368 | if err != nil { | ||
369 | return | ||
370 | } | ||
371 | |||
372 | pk.PrivateKey = &ecdsa.PrivateKey{ | ||
373 | PublicKey: *ecdsaPub, | ||
374 | D: new(big.Int).SetBytes(d), | ||
375 | } | ||
376 | pk.Encrypted = false | ||
377 | pk.encryptedData = nil | ||
378 | |||
379 | return nil | ||
380 | } | ||