diff options
Diffstat (limited to 'vendor/golang.org/x/crypto/openpgp/packet/symmetric_key_encrypted.go')
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/symmetric_key_encrypted.go | 155 |
1 files changed, 155 insertions, 0 deletions
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetric_key_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetric_key_encrypted.go new file mode 100644 index 0000000..744c2d2 --- /dev/null +++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetric_key_encrypted.go | |||
@@ -0,0 +1,155 @@ | |||
1 | // Copyright 2011 The Go Authors. All rights reserved. | ||
2 | // Use of this source code is governed by a BSD-style | ||
3 | // license that can be found in the LICENSE file. | ||
4 | |||
5 | package packet | ||
6 | |||
7 | import ( | ||
8 | "bytes" | ||
9 | "crypto/cipher" | ||
10 | "io" | ||
11 | "strconv" | ||
12 | |||
13 | "golang.org/x/crypto/openpgp/errors" | ||
14 | "golang.org/x/crypto/openpgp/s2k" | ||
15 | ) | ||
16 | |||
17 | // This is the largest session key that we'll support. Since no 512-bit cipher | ||
18 | // has even been seriously used, this is comfortably large. | ||
19 | const maxSessionKeySizeInBytes = 64 | ||
20 | |||
21 | // SymmetricKeyEncrypted represents a passphrase protected session key. See RFC | ||
22 | // 4880, section 5.3. | ||
23 | type SymmetricKeyEncrypted struct { | ||
24 | CipherFunc CipherFunction | ||
25 | s2k func(out, in []byte) | ||
26 | encryptedKey []byte | ||
27 | } | ||
28 | |||
29 | const symmetricKeyEncryptedVersion = 4 | ||
30 | |||
31 | func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error { | ||
32 | // RFC 4880, section 5.3. | ||
33 | var buf [2]byte | ||
34 | if _, err := readFull(r, buf[:]); err != nil { | ||
35 | return err | ||
36 | } | ||
37 | if buf[0] != symmetricKeyEncryptedVersion { | ||
38 | return errors.UnsupportedError("SymmetricKeyEncrypted version") | ||
39 | } | ||
40 | ske.CipherFunc = CipherFunction(buf[1]) | ||
41 | |||
42 | if ske.CipherFunc.KeySize() == 0 { | ||
43 | return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[1]))) | ||
44 | } | ||
45 | |||
46 | var err error | ||
47 | ske.s2k, err = s2k.Parse(r) | ||
48 | if err != nil { | ||
49 | return err | ||
50 | } | ||
51 | |||
52 | encryptedKey := make([]byte, maxSessionKeySizeInBytes) | ||
53 | // The session key may follow. We just have to try and read to find | ||
54 | // out. If it exists then we limit it to maxSessionKeySizeInBytes. | ||
55 | n, err := readFull(r, encryptedKey) | ||
56 | if err != nil && err != io.ErrUnexpectedEOF { | ||
57 | return err | ||
58 | } | ||
59 | |||
60 | if n != 0 { | ||
61 | if n == maxSessionKeySizeInBytes { | ||
62 | return errors.UnsupportedError("oversized encrypted session key") | ||
63 | } | ||
64 | ske.encryptedKey = encryptedKey[:n] | ||
65 | } | ||
66 | |||
67 | return nil | ||
68 | } | ||
69 | |||
70 | // Decrypt attempts to decrypt an encrypted session key and returns the key and | ||
71 | // the cipher to use when decrypting a subsequent Symmetrically Encrypted Data | ||
72 | // packet. | ||
73 | func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error) { | ||
74 | key := make([]byte, ske.CipherFunc.KeySize()) | ||
75 | ske.s2k(key, passphrase) | ||
76 | |||
77 | if len(ske.encryptedKey) == 0 { | ||
78 | return key, ske.CipherFunc, nil | ||
79 | } | ||
80 | |||
81 | // the IV is all zeros | ||
82 | iv := make([]byte, ske.CipherFunc.blockSize()) | ||
83 | c := cipher.NewCFBDecrypter(ske.CipherFunc.new(key), iv) | ||
84 | plaintextKey := make([]byte, len(ske.encryptedKey)) | ||
85 | c.XORKeyStream(plaintextKey, ske.encryptedKey) | ||
86 | cipherFunc := CipherFunction(plaintextKey[0]) | ||
87 | if cipherFunc.blockSize() == 0 { | ||
88 | return nil, ske.CipherFunc, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc))) | ||
89 | } | ||
90 | plaintextKey = plaintextKey[1:] | ||
91 | if l, cipherKeySize := len(plaintextKey), cipherFunc.KeySize(); l != cipherFunc.KeySize() { | ||
92 | return nil, cipherFunc, errors.StructuralError("length of decrypted key (" + strconv.Itoa(l) + ") " + | ||
93 | "not equal to cipher keysize (" + strconv.Itoa(cipherKeySize) + ")") | ||
94 | } | ||
95 | return plaintextKey, cipherFunc, nil | ||
96 | } | ||
97 | |||
98 | // SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w. The | ||
99 | // packet contains a random session key, encrypted by a key derived from the | ||
100 | // given passphrase. The session key is returned and must be passed to | ||
101 | // SerializeSymmetricallyEncrypted. | ||
102 | // If config is nil, sensible defaults will be used. | ||
103 | func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error) { | ||
104 | cipherFunc := config.Cipher() | ||
105 | keySize := cipherFunc.KeySize() | ||
106 | if keySize == 0 { | ||
107 | return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc))) | ||
108 | } | ||
109 | |||
110 | s2kBuf := new(bytes.Buffer) | ||
111 | keyEncryptingKey := make([]byte, keySize) | ||
112 | // s2k.Serialize salts and stretches the passphrase, and writes the | ||
113 | // resulting key to keyEncryptingKey and the s2k descriptor to s2kBuf. | ||
114 | err = s2k.Serialize(s2kBuf, keyEncryptingKey, config.Random(), passphrase, &s2k.Config{Hash: config.Hash(), S2KCount: config.PasswordHashIterations()}) | ||
115 | if err != nil { | ||
116 | return | ||
117 | } | ||
118 | s2kBytes := s2kBuf.Bytes() | ||
119 | |||
120 | packetLength := 2 /* header */ + len(s2kBytes) + 1 /* cipher type */ + keySize | ||
121 | err = serializeHeader(w, packetTypeSymmetricKeyEncrypted, packetLength) | ||
122 | if err != nil { | ||
123 | return | ||
124 | } | ||
125 | |||
126 | var buf [2]byte | ||
127 | buf[0] = symmetricKeyEncryptedVersion | ||
128 | buf[1] = byte(cipherFunc) | ||
129 | _, err = w.Write(buf[:]) | ||
130 | if err != nil { | ||
131 | return | ||
132 | } | ||
133 | _, err = w.Write(s2kBytes) | ||
134 | if err != nil { | ||
135 | return | ||
136 | } | ||
137 | |||
138 | sessionKey := make([]byte, keySize) | ||
139 | _, err = io.ReadFull(config.Random(), sessionKey) | ||
140 | if err != nil { | ||
141 | return | ||
142 | } | ||
143 | iv := make([]byte, cipherFunc.blockSize()) | ||
144 | c := cipher.NewCFBEncrypter(cipherFunc.new(keyEncryptingKey), iv) | ||
145 | encryptedCipherAndKey := make([]byte, keySize+1) | ||
146 | c.XORKeyStream(encryptedCipherAndKey, buf[1:]) | ||
147 | c.XORKeyStream(encryptedCipherAndKey[1:], sessionKey) | ||
148 | _, err = w.Write(encryptedCipherAndKey) | ||
149 | if err != nil { | ||
150 | return | ||
151 | } | ||
152 | |||
153 | key = sessionKey | ||
154 | return | ||
155 | } | ||