mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-11-18 19:31:25 +00:00
100 lines
2.4 KiB
Go
100 lines
2.4 KiB
Go
|
package crypto
|
||
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"strconv"
|
||
|
|
||
|
"github.com/pkg/errors"
|
||
|
|
||
|
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
||
|
)
|
||
|
|
||
|
// DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.
|
||
|
func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error) {
|
||
|
var p packet.Packet
|
||
|
var ek *packet.EncryptedKey
|
||
|
|
||
|
var err error
|
||
|
var hasPacket = false
|
||
|
var decryptErr error
|
||
|
|
||
|
keyReader := bytes.NewReader(keyPacket)
|
||
|
packets := packet.NewReader(keyReader)
|
||
|
|
||
|
Loop:
|
||
|
for {
|
||
|
if p, err = packets.Next(); err != nil {
|
||
|
break
|
||
|
}
|
||
|
|
||
|
switch p := p.(type) {
|
||
|
case *packet.EncryptedKey:
|
||
|
hasPacket = true
|
||
|
ek = p
|
||
|
|
||
|
for _, key := range keyRing.entities.DecryptionKeys() {
|
||
|
priv := key.PrivateKey
|
||
|
if priv.Encrypted {
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil {
|
||
|
break Loop
|
||
|
}
|
||
|
}
|
||
|
|
||
|
case *packet.SymmetricallyEncrypted,
|
||
|
*packet.AEADEncrypted,
|
||
|
*packet.Compressed,
|
||
|
*packet.LiteralData:
|
||
|
break Loop
|
||
|
|
||
|
default:
|
||
|
continue Loop
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if !hasPacket {
|
||
|
return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")
|
||
|
}
|
||
|
|
||
|
if decryptErr != nil {
|
||
|
return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting")
|
||
|
}
|
||
|
|
||
|
if ek == nil || ek.Key == nil {
|
||
|
return nil, errors.New("gopenpgp: unable to decrypt session key: no valid decryption key")
|
||
|
}
|
||
|
|
||
|
return newSessionKeyFromEncrypted(ek)
|
||
|
}
|
||
|
|
||
|
// EncryptSessionKey encrypts the session key with the unarmored
|
||
|
// publicKey and returns a binary public-key encrypted session key packet.
|
||
|
func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error) {
|
||
|
outbuf := &bytes.Buffer{}
|
||
|
cf, err := sk.GetCipherFunc()
|
||
|
if err != nil {
|
||
|
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key")
|
||
|
}
|
||
|
|
||
|
pubKeys := make([]*packet.PublicKey, 0, len(keyRing.entities))
|
||
|
for _, e := range keyRing.entities {
|
||
|
encryptionKey, ok := e.EncryptionKey(getNow())
|
||
|
if !ok {
|
||
|
return nil, errors.New("gopenpgp: encryption key is unavailable for key id " + strconv.FormatUint(e.PrimaryKey.KeyId, 16))
|
||
|
}
|
||
|
pubKeys = append(pubKeys, encryptionKey.PublicKey)
|
||
|
}
|
||
|
if len(pubKeys) == 0 {
|
||
|
return nil, errors.New("cannot set key: no public key available")
|
||
|
}
|
||
|
|
||
|
for _, pub := range pubKeys {
|
||
|
if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sk.Key, nil); err != nil {
|
||
|
return nil, errors.Wrap(err, "gopenpgp: cannot set key")
|
||
|
}
|
||
|
}
|
||
|
return outbuf.Bytes(), nil
|
||
|
}
|