mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-11-21 12:41:27 +00:00
Upgrade gopengpg
This commit is contained in:
parent
3d804027b2
commit
ba81d5d550
@ -57,8 +57,8 @@ http_archive(
|
|||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
|
|
||||||
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
|
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
|
||||||
|
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
|
||||||
load("//:repositories.bzl", "go_repositories")
|
load("//:repositories.bzl", "go_repositories")
|
||||||
|
|
||||||
go_rules_dependencies()
|
go_rules_dependencies()
|
||||||
|
4
go.mod
4
go.mod
@ -8,7 +8,7 @@ require (
|
|||||||
bazel.build/protobuf v0.0.0-00010101000000-000000000000
|
bazel.build/protobuf v0.0.0-00010101000000-000000000000
|
||||||
cirello.io/dynamolock v1.4.0
|
cirello.io/dynamolock v1.4.0
|
||||||
github.com/ProtonMail/go-crypto v1.0.0
|
github.com/ProtonMail/go-crypto v1.0.0
|
||||||
github.com/ProtonMail/gopenpgp/v2 v2.4.7
|
github.com/ProtonMail/gopenpgp/v2 v2.7.5
|
||||||
github.com/authzed/authzed-go v0.3.0
|
github.com/authzed/authzed-go v0.3.0
|
||||||
github.com/authzed/grpcutil v0.0.0-20240123194739-2ea1e3d2d98b
|
github.com/authzed/grpcutil v0.0.0-20240123194739-2ea1e3d2d98b
|
||||||
github.com/aws/aws-sdk-go v1.54.19
|
github.com/aws/aws-sdk-go v1.54.19
|
||||||
@ -65,7 +65,7 @@ require (
|
|||||||
cloud.google.com/go/storage v1.43.0 // indirect
|
cloud.google.com/go/storage v1.43.0 // indirect
|
||||||
dario.cat/mergo v1.0.0 // indirect
|
dario.cat/mergo v1.0.0 // indirect
|
||||||
github.com/Microsoft/go-winio v0.6.2 // indirect
|
github.com/Microsoft/go-winio v0.6.2 // indirect
|
||||||
github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f // indirect
|
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
|
||||||
github.com/VividCortex/ewma v1.2.0 // indirect
|
github.com/VividCortex/ewma v1.2.0 // indirect
|
||||||
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
|
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
|
15
go.sum
15
go.sum
@ -57,13 +57,13 @@ github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v
|
|||||||
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
|
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
|
||||||
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
|
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
|
||||||
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
||||||
github.com/ProtonMail/go-crypto v0.0.0-20220113124808-70ae35bab23f/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
|
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
|
||||||
github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
|
github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
|
||||||
github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
|
github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
|
||||||
github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f h1:CGq7OieOz3wyQJ1fO8S0eO9TCW1JyvLrf8fhzz1i8ko=
|
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
|
||||||
github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f/go.mod h1:NYt+V3/4rEeDuaev/zw1zCq8uqVEuPHzDPo3OZrlGJ4=
|
github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
|
||||||
github.com/ProtonMail/gopenpgp/v2 v2.4.7 h1:V3xeelvXgJiZXZuPtSSE+uYbtPw4RmbmyPqXDAESPhg=
|
github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA=
|
||||||
github.com/ProtonMail/gopenpgp/v2 v2.4.7/go.mod h1:ZW1KxHNG6q5LMgFKf9Ap/d2eVYeyGf5+fAUEAjJWtmo=
|
github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
|
||||||
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
|
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
|
||||||
github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
|
github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
|
||||||
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
|
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
|
||||||
@ -552,7 +552,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
|
|||||||
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
|
||||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||||
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||||
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
|
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
|
||||||
@ -562,7 +561,6 @@ golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/
|
|||||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
||||||
golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
|
|
||||||
golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
|
golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
|
||||||
golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
|
golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
|
||||||
golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
||||||
@ -587,12 +585,10 @@ golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPI
|
|||||||
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||||
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
|
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
|
||||||
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
|
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
|
||||||
golang.org/x/mobile v0.0.0-20200801112145-973feb4309de/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4=
|
|
||||||
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
|
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
|
||||||
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
|
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
|
||||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||||
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||||
golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
|
||||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||||
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||||
@ -775,7 +771,6 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn
|
|||||||
golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||||
golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||||
golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||||
golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
|
||||||
golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||||
golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||||
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||||
|
@ -171,9 +171,9 @@ def go_repositories():
|
|||||||
)
|
)
|
||||||
go_repository(
|
go_repository(
|
||||||
name = "com_github_cloudflare_circl",
|
name = "com_github_cloudflare_circl",
|
||||||
|
importpath = "github.com/cloudflare/circl",
|
||||||
patch_args = ["-p1"],
|
patch_args = ["-p1"],
|
||||||
patches = ["//patches:circl.patch"],
|
patches = ["//patches:circl.patch"],
|
||||||
importpath = "github.com/cloudflare/circl",
|
|
||||||
sum = "h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=",
|
sum = "h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=",
|
||||||
version = "v1.3.9",
|
version = "v1.3.9",
|
||||||
)
|
)
|
||||||
@ -1078,14 +1078,14 @@ def go_repositories():
|
|||||||
go_repository(
|
go_repository(
|
||||||
name = "com_github_protonmail_go_mime",
|
name = "com_github_protonmail_go_mime",
|
||||||
importpath = "github.com/ProtonMail/go-mime",
|
importpath = "github.com/ProtonMail/go-mime",
|
||||||
sum = "h1:CGq7OieOz3wyQJ1fO8S0eO9TCW1JyvLrf8fhzz1i8ko=",
|
sum = "h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=",
|
||||||
version = "v0.0.0-20220302105931-303f85f7fe0f",
|
version = "v0.0.0-20230322103455-7d82a3887f2f",
|
||||||
)
|
)
|
||||||
go_repository(
|
go_repository(
|
||||||
name = "com_github_protonmail_gopenpgp_v2",
|
name = "com_github_protonmail_gopenpgp_v2",
|
||||||
importpath = "github.com/ProtonMail/gopenpgp/v2",
|
importpath = "github.com/ProtonMail/gopenpgp/v2",
|
||||||
sum = "h1:V3xeelvXgJiZXZuPtSSE+uYbtPw4RmbmyPqXDAESPhg=",
|
sum = "h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA=",
|
||||||
version = "v2.4.7",
|
version = "v2.7.5",
|
||||||
)
|
)
|
||||||
go_repository(
|
go_repository(
|
||||||
name = "com_github_rivo_uniseg",
|
name = "com_github_rivo_uniseg",
|
||||||
@ -2285,8 +2285,8 @@ def go_repositories():
|
|||||||
go_repository(
|
go_repository(
|
||||||
name = "org_golang_x_mobile",
|
name = "org_golang_x_mobile",
|
||||||
importpath = "golang.org/x/mobile",
|
importpath = "golang.org/x/mobile",
|
||||||
sum = "h1:OVJ6QQUBAesB8CZijKDSsXX7xYVtUhrkY0gwMfbi4p4=",
|
sum = "h1:4+4C/Iv2U4fMZBiMCc98MG1In4gJY5YRhtpDNeDeHWs=",
|
||||||
version = "v0.0.0-20200801112145-973feb4309de",
|
version = "v0.0.0-20190719004257-d2bd2a29d028",
|
||||||
)
|
)
|
||||||
go_repository(
|
go_repository(
|
||||||
name = "org_golang_x_mod",
|
name = "org_golang_x_mod",
|
||||||
|
1
vendor/github.com/ProtonMail/go-mime/BUILD.bazel
generated
vendored
1
vendor/github.com/ProtonMail/go-mime/BUILD.bazel
generated
vendored
@ -11,7 +11,6 @@ go_library(
|
|||||||
importpath = "github.com/ProtonMail/go-mime",
|
importpath = "github.com/ProtonMail/go-mime",
|
||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
deps = [
|
deps = [
|
||||||
"//vendor/github.com/sirupsen/logrus",
|
|
||||||
"//vendor/golang.org/x/text/encoding",
|
"//vendor/golang.org/x/text/encoding",
|
||||||
"//vendor/golang.org/x/text/encoding/htmlindex",
|
"//vendor/golang.org/x/text/encoding/htmlindex",
|
||||||
"//vendor/golang.org/x/text/transform",
|
"//vendor/golang.org/x/text/transform",
|
||||||
|
19
vendor/github.com/ProtonMail/go-mime/README.md
generated
vendored
19
vendor/github.com/ProtonMail/go-mime/README.md
generated
vendored
@ -1,6 +1,25 @@
|
|||||||
# Go Mime Wrapper Library
|
# Go Mime Wrapper Library
|
||||||
|
|
||||||
|
Provides a parser for MIME messages
|
||||||
|
|
||||||
## Download/Install
|
## Download/Install
|
||||||
|
|
||||||
Run `go get -u github.com/ProtonMail/go-mime`, or manually `git clone` the
|
Run `go get -u github.com/ProtonMail/go-mime`, or manually `git clone` the
|
||||||
repository into `$GOPATH/src/github.com/ProtonMail/go-mime`.
|
repository into `$GOPATH/src/github.com/ProtonMail/go-mime`.
|
||||||
|
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
The library can be used to extract the body and attachments from a MIME message
|
||||||
|
|
||||||
|
Example:
|
||||||
|
```go
|
||||||
|
printAccepter := gomime.NewMIMEPrinter()
|
||||||
|
bodyCollector := gomime.NewBodyCollector(printAccepter)
|
||||||
|
attachmentsCollector := gomime.NewAttachmentsCollector(bodyCollector)
|
||||||
|
mimeVisitor := gomime.NewMimeVisitor(attachmentsCollector)
|
||||||
|
err := gomime.VisitAll(bytes.NewReader(mmBodyData), h, mimeVisitor)
|
||||||
|
attachments := attachmentsCollector.GetAttachments(),
|
||||||
|
attachmentsHeaders := attachmentsCollector.GetAttHeaders()
|
||||||
|
bodyContent, bodyMimeType := bodyCollector.GetBody()
|
||||||
|
```
|
||||||
|
13
vendor/github.com/ProtonMail/go-mime/encoding.go
generated
vendored
13
vendor/github.com/ProtonMail/go-mime/encoding.go
generated
vendored
@ -1,7 +1,6 @@
|
|||||||
package gomime
|
package gomime
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"mime"
|
"mime"
|
||||||
@ -11,9 +10,9 @@ import (
|
|||||||
"unicode/utf8"
|
"unicode/utf8"
|
||||||
|
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
|
||||||
"golang.org/x/text/encoding"
|
"golang.org/x/text/encoding"
|
||||||
"golang.org/x/text/encoding/htmlindex"
|
"golang.org/x/text/encoding/htmlindex"
|
||||||
"golang.org/x/text/transform"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var wordDec = &mime.WordDecoder{
|
var wordDec = &mime.WordDecoder{
|
||||||
@ -189,21 +188,13 @@ func DecodeCharset(original []byte, mediaType string, contentTypeParams map[stri
|
|||||||
}
|
}
|
||||||
err = fmt.Errorf("non-utf8 content without charset specification")
|
err = fmt.Errorf("non-utf8 content without charset specification")
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return original, err
|
return original, err
|
||||||
}
|
}
|
||||||
|
utf8, err := decoder.Bytes(original)
|
||||||
utf8 := make([]byte, len(original))
|
|
||||||
nDst, nSrc, err := decoder.Transform(utf8, original, false)
|
|
||||||
for err == transform.ErrShortDst {
|
|
||||||
utf8 = make([]byte, (nDst/nSrc+1)*len(original))
|
|
||||||
nDst, nSrc, err = decoder.Transform(utf8, original, false)
|
|
||||||
}
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return original, err
|
return original, err
|
||||||
}
|
}
|
||||||
utf8 = bytes.Trim(utf8, "\x00")
|
|
||||||
|
|
||||||
return utf8, nil
|
return utf8, nil
|
||||||
}
|
}
|
||||||
|
13
vendor/github.com/ProtonMail/go-mime/parser.go
generated
vendored
13
vendor/github.com/ProtonMail/go-mime/parser.go
generated
vendored
@ -5,6 +5,7 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
"mime"
|
"mime"
|
||||||
"mime/multipart"
|
"mime/multipart"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -12,8 +13,6 @@ import (
|
|||||||
"net/textproto"
|
"net/textproto"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// VisitAcceptor decidest what to do with part which is processed
|
// VisitAcceptor decidest what to do with part which is processed
|
||||||
@ -181,7 +180,7 @@ func GetMultipartParts(r io.Reader, params map[string]string) (parts []io.Reader
|
|||||||
headers = []textproto.MIMEHeader{}
|
headers = []textproto.MIMEHeader{}
|
||||||
var p *multipart.Part
|
var p *multipart.Part
|
||||||
for {
|
for {
|
||||||
p, err = mr.NextPart()
|
p, err = mr.NextRawPart()
|
||||||
if err == io.EOF {
|
if err == io.EOF {
|
||||||
err = nil
|
err = nil
|
||||||
break
|
break
|
||||||
@ -275,7 +274,7 @@ func checkHeaders(headers []textproto.MIMEHeader) bool {
|
|||||||
func decodePart(partReader io.Reader, header textproto.MIMEHeader) (decodedPart io.Reader) {
|
func decodePart(partReader io.Reader, header textproto.MIMEHeader) (decodedPart io.Reader) {
|
||||||
decodedPart = DecodeContentEncoding(partReader, header.Get("Content-Transfer-Encoding"))
|
decodedPart = DecodeContentEncoding(partReader, header.Get("Content-Transfer-Encoding"))
|
||||||
if decodedPart == nil {
|
if decodedPart == nil {
|
||||||
log.Warnf("Unsupported Content-Transfer-Encoding '%v'", header.Get("Content-Transfer-Encoding"))
|
log.Printf("Unsupported Content-Transfer-Encoding '%v'", header.Get("Content-Transfer-Encoding"))
|
||||||
decodedPart = partReader
|
decodedPart = partReader
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
@ -376,7 +375,7 @@ func (ptc *PlainTextCollector) Accept(partReader io.Reader, header textproto.MIM
|
|||||||
if buffer, err := ioutil.ReadAll(decodedPart); err == nil {
|
if buffer, err := ioutil.ReadAll(decodedPart); err == nil {
|
||||||
buffer, err = DecodeCharset(buffer, mediaType, params)
|
buffer, err = DecodeCharset(buffer, mediaType, params)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warnln("Decode charset error:", err)
|
log.Println("Decode charset error:", err)
|
||||||
err = nil // Don't fail parsing on decoding errors, use original
|
err = nil // Don't fail parsing on decoding errors, use original
|
||||||
}
|
}
|
||||||
ptc.plainTextContents.Write(buffer)
|
ptc.plainTextContents.Write(buffer)
|
||||||
@ -431,7 +430,7 @@ func (bc *BodyCollector) Accept(partReader io.Reader, header textproto.MIMEHeade
|
|||||||
if buffer, err := ioutil.ReadAll(decodedPart); err == nil {
|
if buffer, err := ioutil.ReadAll(decodedPart); err == nil {
|
||||||
buffer, err = DecodeCharset(buffer, mediaType, params)
|
buffer, err = DecodeCharset(buffer, mediaType, params)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warnln("Decode charset error:", err)
|
log.Println("Decode charset error:", err)
|
||||||
err = nil // Don't fail parsing on decoding errors, use original
|
err = nil // Don't fail parsing on decoding errors, use original
|
||||||
}
|
}
|
||||||
if mediaType == "text/html" {
|
if mediaType == "text/html" {
|
||||||
@ -500,7 +499,7 @@ func (ac *AttachmentsCollector) Accept(partReader io.Reader, header textproto.MI
|
|||||||
if buffer, err := ioutil.ReadAll(decodedPart); err == nil {
|
if buffer, err := ioutil.ReadAll(decodedPart); err == nil {
|
||||||
buffer, err = DecodeCharset(buffer, mediaType, params)
|
buffer, err = DecodeCharset(buffer, mediaType, params)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warnln("Decode charset error:", err)
|
log.Println("Decode charset error:", err)
|
||||||
err = nil // Don't fail parsing on decoding errors, use original
|
err = nil // Don't fail parsing on decoding errors, use original
|
||||||
}
|
}
|
||||||
headerBuf := new(bytes.Buffer)
|
headerBuf := new(bytes.Buffer)
|
||||||
|
1
vendor/github.com/ProtonMail/gopenpgp/v2/constants/BUILD.bazel
generated
vendored
1
vendor/github.com/ProtonMail/gopenpgp/v2/constants/BUILD.bazel
generated
vendored
@ -5,6 +5,7 @@ go_library(
|
|||||||
srcs = [
|
srcs = [
|
||||||
"armor.go",
|
"armor.go",
|
||||||
"cipher.go",
|
"cipher.go",
|
||||||
|
"context.go",
|
||||||
"version.go",
|
"version.go",
|
||||||
],
|
],
|
||||||
importmap = "peridot.resf.org/vendor/github.com/ProtonMail/gopenpgp/v2/constants",
|
importmap = "peridot.resf.org/vendor/github.com/ProtonMail/gopenpgp/v2/constants",
|
||||||
|
2
vendor/github.com/ProtonMail/gopenpgp/v2/constants/armor.go
generated
vendored
2
vendor/github.com/ProtonMail/gopenpgp/v2/constants/armor.go
generated
vendored
@ -3,7 +3,7 @@ package constants
|
|||||||
|
|
||||||
// Constants for armored data.
|
// Constants for armored data.
|
||||||
const (
|
const (
|
||||||
ArmorHeaderVersion = "GopenPGP 2.4.7"
|
ArmorHeaderVersion = "GopenPGP 2.7.5"
|
||||||
ArmorHeaderComment = "https://gopenpgp.org"
|
ArmorHeaderComment = "https://gopenpgp.org"
|
||||||
PGPMessageHeader = "PGP MESSAGE"
|
PGPMessageHeader = "PGP MESSAGE"
|
||||||
PGPSignatureHeader = "PGP SIGNATURE"
|
PGPSignatureHeader = "PGP SIGNATURE"
|
||||||
|
1
vendor/github.com/ProtonMail/gopenpgp/v2/constants/cipher.go
generated
vendored
1
vendor/github.com/ProtonMail/gopenpgp/v2/constants/cipher.go
generated
vendored
@ -15,6 +15,7 @@ const (
|
|||||||
SIGNATURE_NOT_SIGNED int = 1
|
SIGNATURE_NOT_SIGNED int = 1
|
||||||
SIGNATURE_NO_VERIFIER int = 2
|
SIGNATURE_NO_VERIFIER int = 2
|
||||||
SIGNATURE_FAILED int = 3
|
SIGNATURE_FAILED int = 3
|
||||||
|
SIGNATURE_BAD_CONTEXT int = 4
|
||||||
)
|
)
|
||||||
|
|
||||||
const DefaultCompression = 2 // ZLIB
|
const DefaultCompression = 2 // ZLIB
|
||||||
|
3
vendor/github.com/ProtonMail/gopenpgp/v2/constants/context.go
generated
vendored
Normal file
3
vendor/github.com/ProtonMail/gopenpgp/v2/constants/context.go
generated
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
package constants
|
||||||
|
|
||||||
|
const SignatureContextName = "context@proton.ch"
|
2
vendor/github.com/ProtonMail/gopenpgp/v2/constants/version.go
generated
vendored
2
vendor/github.com/ProtonMail/gopenpgp/v2/constants/version.go
generated
vendored
@ -1,3 +1,3 @@
|
|||||||
package constants
|
package constants
|
||||||
|
|
||||||
const Version = "2.4.7"
|
const Version = "2.7.5"
|
||||||
|
3
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/BUILD.bazel
generated
vendored
3
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/BUILD.bazel
generated
vendored
@ -16,6 +16,7 @@ go_library(
|
|||||||
"message_getters.go",
|
"message_getters.go",
|
||||||
"mime.go",
|
"mime.go",
|
||||||
"password.go",
|
"password.go",
|
||||||
|
"sanitize_string.go",
|
||||||
"sessionkey.go",
|
"sessionkey.go",
|
||||||
"sessionkey_streaming.go",
|
"sessionkey_streaming.go",
|
||||||
"signature.go",
|
"signature.go",
|
||||||
@ -34,6 +35,8 @@ go_library(
|
|||||||
"@com_github_protonmail_go_crypto//openpgp",
|
"@com_github_protonmail_go_crypto//openpgp",
|
||||||
"@com_github_protonmail_go_crypto//openpgp/clearsign",
|
"@com_github_protonmail_go_crypto//openpgp/clearsign",
|
||||||
"@com_github_protonmail_go_crypto//openpgp/ecdh",
|
"@com_github_protonmail_go_crypto//openpgp/ecdh",
|
||||||
|
"@com_github_protonmail_go_crypto//openpgp/ecdsa",
|
||||||
|
"@com_github_protonmail_go_crypto//openpgp/eddsa",
|
||||||
"@com_github_protonmail_go_crypto//openpgp/elgamal",
|
"@com_github_protonmail_go_crypto//openpgp/elgamal",
|
||||||
"@com_github_protonmail_go_crypto//openpgp/errors",
|
"@com_github_protonmail_go_crypto//openpgp/errors",
|
||||||
"@com_github_protonmail_go_crypto//openpgp/packet",
|
"@com_github_protonmail_go_crypto//openpgp/packet",
|
||||||
|
4
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/attachment_manual.go
generated
vendored
4
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/attachment_manual.go
generated
vendored
@ -75,7 +75,7 @@ func (keyRing *KeyRing) NewManualAttachmentProcessor(
|
|||||||
estimatedSize int, filename string, dataBuffer []byte,
|
estimatedSize int, filename string, dataBuffer []byte,
|
||||||
) (*ManualAttachmentProcessor, error) {
|
) (*ManualAttachmentProcessor, error) {
|
||||||
if len(dataBuffer) == 0 {
|
if len(dataBuffer) == 0 {
|
||||||
return nil, errors.New("gopenpgp: can't give a nil or empty buffer to process the attachement")
|
return nil, errors.New("gopenpgp: can't give a nil or empty buffer to process the attachment")
|
||||||
}
|
}
|
||||||
|
|
||||||
// forces the gc to be called often
|
// forces the gc to be called often
|
||||||
@ -148,7 +148,7 @@ func (keyRing *KeyRing) NewManualAttachmentProcessor(
|
|||||||
return attachmentProc, nil
|
return attachmentProc, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// readAll works a bit like io.ReadAll
|
// readAll works a bit like ioutil.ReadAll
|
||||||
// but we can choose the buffer to write to
|
// but we can choose the buffer to write to
|
||||||
// and we don't grow the slice in case of overflow.
|
// and we don't grow the slice in case of overflow.
|
||||||
func readAll(buffer []byte, reader io.Reader) (int, error) {
|
func readAll(buffer []byte, reader io.Reader) (int, error) {
|
||||||
|
10
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/key_clear.go
generated
vendored
10
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/key_clear.go
generated
vendored
@ -2,13 +2,13 @@ package crypto
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/dsa" //nolint:staticcheck
|
"crypto/dsa" //nolint:staticcheck
|
||||||
"crypto/ecdsa"
|
|
||||||
"crypto/ed25519"
|
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"errors"
|
"errors"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
"github.com/ProtonMail/go-crypto/openpgp/ecdh"
|
"github.com/ProtonMail/go-crypto/openpgp/ecdh"
|
||||||
|
"github.com/ProtonMail/go-crypto/openpgp/ecdsa"
|
||||||
|
"github.com/ProtonMail/go-crypto/openpgp/eddsa"
|
||||||
"github.com/ProtonMail/go-crypto/openpgp/elgamal"
|
"github.com/ProtonMail/go-crypto/openpgp/elgamal"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -57,7 +57,7 @@ func clearPrivateKey(privateKey interface{}) error {
|
|||||||
return clearElGamalPrivateKey(priv)
|
return clearElGamalPrivateKey(priv)
|
||||||
case *ecdsa.PrivateKey:
|
case *ecdsa.PrivateKey:
|
||||||
return clearECDSAPrivateKey(priv)
|
return clearECDSAPrivateKey(priv)
|
||||||
case *ed25519.PrivateKey:
|
case *eddsa.PrivateKey:
|
||||||
return clearEdDSAPrivateKey(priv)
|
return clearEdDSAPrivateKey(priv)
|
||||||
case *ecdh.PrivateKey:
|
case *ecdh.PrivateKey:
|
||||||
return clearECDHPrivateKey(priv)
|
return clearECDHPrivateKey(priv)
|
||||||
@ -115,8 +115,8 @@ func clearECDSAPrivateKey(priv *ecdsa.PrivateKey) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func clearEdDSAPrivateKey(priv *ed25519.PrivateKey) error {
|
func clearEdDSAPrivateKey(priv *eddsa.PrivateKey) error {
|
||||||
clearMem(*priv)
|
clearMem(priv.D)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
186
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/keyring_message.go
generated
vendored
186
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/keyring_message.go
generated
vendored
@ -2,7 +2,6 @@ package crypto
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto"
|
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"time"
|
"time"
|
||||||
@ -18,13 +17,16 @@ import (
|
|||||||
// * message : The plaintext input as a PlainMessage.
|
// * message : The plaintext input as a PlainMessage.
|
||||||
// * privateKey : (optional) an unlocked private keyring to include signature in the message.
|
// * privateKey : (optional) an unlocked private keyring to include signature in the message.
|
||||||
func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error) {
|
func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error) {
|
||||||
config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: getTimeGenerator()}
|
return asymmetricEncrypt(message, keyRing, privateKey, false, nil)
|
||||||
encrypted, err := asymmetricEncrypt(message, keyRing, privateKey, config)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewPGPMessage(encrypted), nil
|
// EncryptWithContext encrypts a PlainMessage, outputs a PGPMessage.
|
||||||
|
// If an unlocked private key is also provided it will also sign the message.
|
||||||
|
// * message : The plaintext input as a PlainMessage.
|
||||||
|
// * privateKey : (optional) an unlocked private keyring to include signature in the message.
|
||||||
|
// * signingContext : (optional) the context for the signature.
|
||||||
|
func (keyRing *KeyRing) EncryptWithContext(message *PlainMessage, privateKey *KeyRing, signingContext *SigningContext) (*PGPMessage, error) {
|
||||||
|
return asymmetricEncrypt(message, keyRing, privateKey, false, signingContext)
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys.
|
// EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys.
|
||||||
@ -32,60 +34,92 @@ func (keyRing *KeyRing) Encrypt(message *PlainMessage, privateKey *KeyRing) (*PG
|
|||||||
// * privateKey : (optional) an unlocked private keyring to include signature in the message.
|
// * privateKey : (optional) an unlocked private keyring to include signature in the message.
|
||||||
// * output : The encrypted data as PGPMessage.
|
// * output : The encrypted data as PGPMessage.
|
||||||
func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error) {
|
func (keyRing *KeyRing) EncryptWithCompression(message *PlainMessage, privateKey *KeyRing) (*PGPMessage, error) {
|
||||||
config := &packet.Config{
|
return asymmetricEncrypt(message, keyRing, privateKey, true, nil)
|
||||||
DefaultCipher: packet.CipherAES256,
|
|
||||||
Time: getTimeGenerator(),
|
|
||||||
DefaultCompressionAlgo: constants.DefaultCompression,
|
|
||||||
CompressionConfig: &packet.CompressionConfig{Level: constants.DefaultCompressionLevel},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
encrypted, err := asymmetricEncrypt(message, keyRing, privateKey, config)
|
// EncryptWithContextAndCompression encrypts with compression support a PlainMessage to PGPMessage using public/private keys.
|
||||||
if err != nil {
|
// * message : The plain data as a PlainMessage.
|
||||||
return nil, err
|
// * privateKey : (optional) an unlocked private keyring to include signature in the message.
|
||||||
}
|
// * signingContext : (optional) the context for the signature.
|
||||||
|
// * output : The encrypted data as PGPMessage.
|
||||||
return NewPGPMessage(encrypted), nil
|
func (keyRing *KeyRing) EncryptWithContextAndCompression(message *PlainMessage, privateKey *KeyRing, signingContext *SigningContext) (*PGPMessage, error) {
|
||||||
|
return asymmetricEncrypt(message, keyRing, privateKey, true, signingContext)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decrypt decrypts encrypted string using pgp keys, returning a PlainMessage
|
// Decrypt decrypts encrypted string using pgp keys, returning a PlainMessage
|
||||||
// * message : The encrypted input as a PGPMessage
|
// * message : The encrypted input as a PGPMessage
|
||||||
// * verifyKey : Public key for signature verification (optional)
|
// * verifyKey : Public key for signature verification (optional)
|
||||||
// * verifyTime : Time at verification (necessary only if verifyKey is not nil)
|
// * verifyTime : Time at verification (necessary only if verifyKey is not nil)
|
||||||
|
// * verificationContext : (optional) the context for the signature verification.
|
||||||
//
|
//
|
||||||
// When verifyKey is not provided, then verifyTime should be zero, and
|
// When verifyKey is not provided, then verifyTime should be zero, and
|
||||||
// signature verification will be ignored.
|
// signature verification will be ignored.
|
||||||
func (keyRing *KeyRing) Decrypt(
|
func (keyRing *KeyRing) Decrypt(
|
||||||
message *PGPMessage, verifyKey *KeyRing, verifyTime int64,
|
message *PGPMessage, verifyKey *KeyRing, verifyTime int64,
|
||||||
) (*PlainMessage, error) {
|
) (*PlainMessage, error) {
|
||||||
return asymmetricDecrypt(message.NewReader(), keyRing, verifyKey, verifyTime)
|
return asymmetricDecrypt(message.NewReader(), keyRing, verifyKey, verifyTime, nil)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DecryptWithContext decrypts encrypted string using pgp keys, returning a PlainMessage
|
||||||
|
// * message : The encrypted input as a PGPMessage
|
||||||
|
// * verifyKey : Public key for signature verification (optional)
|
||||||
|
// * verifyTime : Time at verification (necessary only if verifyKey is not nil)
|
||||||
|
// * verificationContext : (optional) the context for the signature verification.
|
||||||
|
//
|
||||||
|
// When verifyKey is not provided, then verifyTime should be zero, and
|
||||||
|
// signature verification will be ignored.
|
||||||
|
func (keyRing *KeyRing) DecryptWithContext(
|
||||||
|
message *PGPMessage,
|
||||||
|
verifyKey *KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (*PlainMessage, error) {
|
||||||
|
return asymmetricDecrypt(message.NewReader(), keyRing, verifyKey, verifyTime, verificationContext)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignDetached generates and returns a PGPSignature for a given PlainMessage.
|
// SignDetached generates and returns a PGPSignature for a given PlainMessage.
|
||||||
func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error) {
|
func (keyRing *KeyRing) SignDetached(message *PlainMessage) (*PGPSignature, error) {
|
||||||
signEntity, err := keyRing.getSigningEntity()
|
return keyRing.SignDetachedWithContext(message, nil)
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
config := &packet.Config{DefaultHash: crypto.SHA512, Time: getTimeGenerator()}
|
// SignDetachedWithContext generates and returns a PGPSignature for a given PlainMessage.
|
||||||
var outBuf bytes.Buffer
|
// If a context is provided, it is added to the signature as notation data
|
||||||
// sign bin
|
// with the name set in `constants.SignatureContextName`.
|
||||||
if err := openpgp.DetachSign(&outBuf, signEntity, message.NewReader(), config); err != nil {
|
func (keyRing *KeyRing) SignDetachedWithContext(message *PlainMessage, context *SigningContext) (*PGPSignature, error) {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: error in signing")
|
return signMessageDetached(
|
||||||
}
|
keyRing,
|
||||||
|
message.NewReader(),
|
||||||
return NewPGPSignature(outBuf.Bytes()), nil
|
message.IsBinary(),
|
||||||
|
context,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// VerifyDetached verifies a PlainMessage with a detached PGPSignature
|
// VerifyDetached verifies a PlainMessage with a detached PGPSignature
|
||||||
// and returns a SignatureVerificationError if fails.
|
// and returns a SignatureVerificationError if fails.
|
||||||
func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error {
|
func (keyRing *KeyRing) VerifyDetached(message *PlainMessage, signature *PGPSignature, verifyTime int64) error {
|
||||||
return verifySignature(
|
_, err := verifySignature(
|
||||||
keyRing.entities,
|
keyRing.entities,
|
||||||
message.NewReader(),
|
message.NewReader(),
|
||||||
signature.GetBinary(),
|
signature.GetBinary(),
|
||||||
verifyTime,
|
verifyTime,
|
||||||
|
nil,
|
||||||
)
|
)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyDetachedWithContext verifies a PlainMessage with a detached PGPSignature
|
||||||
|
// and returns a SignatureVerificationError if fails.
|
||||||
|
// If a context is provided, it verifies that the signature is valid in the given context, using
|
||||||
|
// the signature notation with name the name set in `constants.SignatureContextName`.
|
||||||
|
func (keyRing *KeyRing) VerifyDetachedWithContext(message *PlainMessage, signature *PGPSignature, verifyTime int64, verificationContext *VerificationContext) error {
|
||||||
|
_, err := verifySignature(
|
||||||
|
keyRing.entities,
|
||||||
|
message.NewReader(),
|
||||||
|
signature.GetBinary(),
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
|
)
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignDetachedEncrypted generates and returns a PGPMessage
|
// SignDetachedEncrypted generates and returns a PGPMessage
|
||||||
@ -122,38 +156,41 @@ func (keyRing *KeyRing) VerifyDetachedEncrypted(message *PlainMessage, encrypted
|
|||||||
// returns the creation time of the signature if it succeeds
|
// returns the creation time of the signature if it succeeds
|
||||||
// and returns a SignatureVerificationError if fails.
|
// and returns a SignatureVerificationError if fails.
|
||||||
func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error) {
|
func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, signature *PGPSignature, verifyTime int64) (int64, error) {
|
||||||
packets := packet.NewReader(bytes.NewReader(signature.Data))
|
sigPacket, err := verifySignature(
|
||||||
var err error
|
|
||||||
var p packet.Packet
|
|
||||||
for {
|
|
||||||
p, err = packets.Next()
|
|
||||||
if errors.Is(err, io.EOF) {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
if err != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
sigPacket, ok := p.(*packet.Signature)
|
|
||||||
if !ok {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
var outBuf bytes.Buffer
|
|
||||||
err = sigPacket.Serialize(&outBuf)
|
|
||||||
if err != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
err = verifySignature(
|
|
||||||
keyRing.entities,
|
keyRing.entities,
|
||||||
message.NewReader(),
|
message.NewReader(),
|
||||||
outBuf.Bytes(),
|
signature.GetBinary(),
|
||||||
verifyTime,
|
verifyTime,
|
||||||
|
nil,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
return 0, err
|
||||||
}
|
}
|
||||||
return sigPacket.CreationTime.Unix(), nil
|
return sigPacket.CreationTime.Unix(), nil
|
||||||
}
|
}
|
||||||
return 0, errors.Wrap(err, "gopenpgp: can't verify any signature packets")
|
|
||||||
|
// GetVerifiedSignatureTimestampWithContext verifies a PlainMessage with a detached PGPSignature
|
||||||
|
// returns the creation time of the signature if it succeeds
|
||||||
|
// and returns a SignatureVerificationError if fails.
|
||||||
|
// If a context is provided, it verifies that the signature is valid in the given context, using
|
||||||
|
// the signature notation with name the name set in `constants.SignatureContextName`.
|
||||||
|
func (keyRing *KeyRing) GetVerifiedSignatureTimestampWithContext(
|
||||||
|
message *PlainMessage,
|
||||||
|
signature *PGPSignature,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (int64, error) {
|
||||||
|
sigPacket, err := verifySignature(
|
||||||
|
keyRing.entities,
|
||||||
|
message.NewReader(),
|
||||||
|
signature.GetBinary(),
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
return sigPacket.CreationTime.Unix(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ------ INTERNAL FUNCTIONS -------
|
// ------ INTERNAL FUNCTIONS -------
|
||||||
@ -162,8 +199,9 @@ func (keyRing *KeyRing) GetVerifiedSignatureTimestamp(message *PlainMessage, sig
|
|||||||
func asymmetricEncrypt(
|
func asymmetricEncrypt(
|
||||||
plainMessage *PlainMessage,
|
plainMessage *PlainMessage,
|
||||||
publicKey, privateKey *KeyRing,
|
publicKey, privateKey *KeyRing,
|
||||||
config *packet.Config,
|
compress bool,
|
||||||
) ([]byte, error) {
|
signingContext *SigningContext,
|
||||||
|
) (*PGPMessage, error) {
|
||||||
var outBuf bytes.Buffer
|
var outBuf bytes.Buffer
|
||||||
var encryptWriter io.WriteCloser
|
var encryptWriter io.WriteCloser
|
||||||
var err error
|
var err error
|
||||||
@ -174,7 +212,7 @@ func asymmetricEncrypt(
|
|||||||
ModTime: plainMessage.getFormattedTime(),
|
ModTime: plainMessage.getFormattedTime(),
|
||||||
}
|
}
|
||||||
|
|
||||||
encryptWriter, err = asymmetricEncryptStream(hints, &outBuf, &outBuf, publicKey, privateKey, config)
|
encryptWriter, err = asymmetricEncryptStream(hints, &outBuf, &outBuf, publicKey, privateKey, compress, signingContext)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -189,7 +227,7 @@ func asymmetricEncrypt(
|
|||||||
return nil, errors.Wrap(err, "gopenpgp: error in closing message")
|
return nil, errors.Wrap(err, "gopenpgp: error in closing message")
|
||||||
}
|
}
|
||||||
|
|
||||||
return outBuf.Bytes(), nil
|
return &PGPMessage{outBuf.Bytes()}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Core for encryption+signature (all) functions.
|
// Core for encryption+signature (all) functions.
|
||||||
@ -198,10 +236,24 @@ func asymmetricEncryptStream(
|
|||||||
keyPacketWriter io.Writer,
|
keyPacketWriter io.Writer,
|
||||||
dataPacketWriter io.Writer,
|
dataPacketWriter io.Writer,
|
||||||
publicKey, privateKey *KeyRing,
|
publicKey, privateKey *KeyRing,
|
||||||
config *packet.Config,
|
compress bool,
|
||||||
|
signingContext *SigningContext,
|
||||||
) (encryptWriter io.WriteCloser, err error) {
|
) (encryptWriter io.WriteCloser, err error) {
|
||||||
var signEntity *openpgp.Entity
|
config := &packet.Config{
|
||||||
|
DefaultCipher: packet.CipherAES256,
|
||||||
|
Time: getTimeGenerator(),
|
||||||
|
}
|
||||||
|
|
||||||
|
if compress {
|
||||||
|
config.DefaultCompressionAlgo = constants.DefaultCompression
|
||||||
|
config.CompressionConfig = &packet.CompressionConfig{Level: constants.DefaultCompressionLevel}
|
||||||
|
}
|
||||||
|
|
||||||
|
if signingContext != nil {
|
||||||
|
config.SignatureNotations = append(config.SignatureNotations, signingContext.getNotation())
|
||||||
|
}
|
||||||
|
|
||||||
|
var signEntity *openpgp.Entity
|
||||||
if privateKey != nil && len(privateKey.entities) > 0 {
|
if privateKey != nil && len(privateKey.entities) > 0 {
|
||||||
var err error
|
var err error
|
||||||
signEntity, err = privateKey.getSigningEntity()
|
signEntity, err = privateKey.getSigningEntity()
|
||||||
@ -223,13 +275,18 @@ func asymmetricEncryptStream(
|
|||||||
|
|
||||||
// Core for decryption+verification (non streaming) functions.
|
// Core for decryption+verification (non streaming) functions.
|
||||||
func asymmetricDecrypt(
|
func asymmetricDecrypt(
|
||||||
encryptedIO io.Reader, privateKey *KeyRing, verifyKey *KeyRing, verifyTime int64,
|
encryptedIO io.Reader,
|
||||||
|
privateKey *KeyRing,
|
||||||
|
verifyKey *KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
) (message *PlainMessage, err error) {
|
) (message *PlainMessage, err error) {
|
||||||
messageDetails, err := asymmetricDecryptStream(
|
messageDetails, err := asymmetricDecryptStream(
|
||||||
encryptedIO,
|
encryptedIO,
|
||||||
privateKey,
|
privateKey,
|
||||||
verifyKey,
|
verifyKey,
|
||||||
verifyTime,
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -242,7 +299,7 @@ func asymmetricDecrypt(
|
|||||||
|
|
||||||
if verifyKey != nil {
|
if verifyKey != nil {
|
||||||
processSignatureExpiration(messageDetails, verifyTime)
|
processSignatureExpiration(messageDetails, verifyTime)
|
||||||
err = verifyDetailsSignature(messageDetails, verifyKey)
|
err = verifyDetailsSignature(messageDetails, verifyKey, verificationContext)
|
||||||
}
|
}
|
||||||
|
|
||||||
return &PlainMessage{
|
return &PlainMessage{
|
||||||
@ -259,6 +316,7 @@ func asymmetricDecryptStream(
|
|||||||
privateKey *KeyRing,
|
privateKey *KeyRing,
|
||||||
verifyKey *KeyRing,
|
verifyKey *KeyRing,
|
||||||
verifyTime int64,
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
) (messageDetails *openpgp.MessageDetails, err error) {
|
) (messageDetails *openpgp.MessageDetails, err error) {
|
||||||
privKeyEntries := privateKey.entities
|
privKeyEntries := privateKey.entities
|
||||||
var additionalEntries openpgp.EntityList
|
var additionalEntries openpgp.EntityList
|
||||||
@ -285,6 +343,10 @@ func asymmetricDecryptStream(
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if verificationContext != nil {
|
||||||
|
config.KnownNotations = map[string]bool{constants.SignatureContextName: true}
|
||||||
|
}
|
||||||
|
|
||||||
messageDetails, err = openpgp.ReadMessage(encryptedIO, privKeyEntries, nil, config)
|
messageDetails, err = openpgp.ReadMessage(encryptedIO, privKeyEntries, nil, config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: error in reading message")
|
return nil, errors.Wrap(err, "gopenpgp: error in reading message")
|
||||||
|
4
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/keyring_session.go
generated
vendored
4
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/keyring_session.go
generated
vendored
@ -55,7 +55,11 @@ Loop:
|
|||||||
}
|
}
|
||||||
|
|
||||||
if !hasPacket {
|
if !hasPacket {
|
||||||
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")
|
return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")
|
||||||
|
} else {
|
||||||
|
return nil, errors.New("gopenpgp: couldn't find a session key packet")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if decryptErr != nil {
|
if decryptErr != nil {
|
||||||
|
305
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/keyring_streaming.go
generated
vendored
305
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/keyring_streaming.go
generated
vendored
@ -2,12 +2,10 @@ package crypto
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto"
|
|
||||||
"io"
|
"io"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/ProtonMail/go-crypto/openpgp"
|
"github.com/ProtonMail/go-crypto/openpgp"
|
||||||
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -42,8 +40,89 @@ func (keyRing *KeyRing) EncryptStream(
|
|||||||
plainMessageMetadata *PlainMessageMetadata,
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
signKeyRing *KeyRing,
|
signKeyRing *KeyRing,
|
||||||
) (plainMessageWriter WriteCloser, err error) {
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: getTimeGenerator()}
|
return encryptStream(
|
||||||
|
keyRing,
|
||||||
|
pgpMessageWriter,
|
||||||
|
pgpMessageWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
false,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// EncryptStreamWithContext is used to encrypt data as a Writer.
|
||||||
|
// It takes a writer for the encrypted data and returns a WriteCloser for the plaintext data
|
||||||
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
|
// * signingContext : (optional) a context for the embedded signature.
|
||||||
|
func (keyRing *KeyRing) EncryptStreamWithContext(
|
||||||
|
pgpMessageWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
|
return encryptStream(
|
||||||
|
keyRing,
|
||||||
|
pgpMessageWriter,
|
||||||
|
pgpMessageWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
false,
|
||||||
|
signingContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// EncryptStreamWithCompression is used to encrypt data as a Writer.
|
||||||
|
// The plaintext data is compressed before being encrypted.
|
||||||
|
// It takes a writer for the encrypted data and returns a WriteCloser for the plaintext data
|
||||||
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
|
func (keyRing *KeyRing) EncryptStreamWithCompression(
|
||||||
|
pgpMessageWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
|
return encryptStream(
|
||||||
|
keyRing,
|
||||||
|
pgpMessageWriter,
|
||||||
|
pgpMessageWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
true,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// EncryptStreamWithContextAndCompression is used to encrypt data as a Writer.
|
||||||
|
// The plaintext data is compressed before being encrypted.
|
||||||
|
// It takes a writer for the encrypted data and returns a WriteCloser for the plaintext data
|
||||||
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
|
// * signingContext : (optional) a context for the embedded signature.
|
||||||
|
func (keyRing *KeyRing) EncryptStreamWithContextAndCompression(
|
||||||
|
pgpMessageWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
|
return encryptStream(
|
||||||
|
keyRing,
|
||||||
|
pgpMessageWriter,
|
||||||
|
pgpMessageWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
true,
|
||||||
|
signingContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func encryptStream(
|
||||||
|
encryptionKeyRing *KeyRing,
|
||||||
|
keyPacketWriter Writer,
|
||||||
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
compress bool,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
if plainMessageMetadata == nil {
|
if plainMessageMetadata == nil {
|
||||||
// Use sensible default metadata
|
// Use sensible default metadata
|
||||||
plainMessageMetadata = &PlainMessageMetadata{
|
plainMessageMetadata = &PlainMessageMetadata{
|
||||||
@ -59,7 +138,7 @@ func (keyRing *KeyRing) EncryptStream(
|
|||||||
ModTime: time.Unix(plainMessageMetadata.ModTime, 0),
|
ModTime: time.Unix(plainMessageMetadata.ModTime, 0),
|
||||||
}
|
}
|
||||||
|
|
||||||
plainMessageWriter, err = asymmetricEncryptStream(hints, pgpMessageWriter, pgpMessageWriter, keyRing, signKeyRing, config)
|
plainMessageWriter, err = asymmetricEncryptStream(hints, keyPacketWriter, dataPacketWriter, encryptionKeyRing, signKeyRing, compress, signingContext)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -107,28 +186,102 @@ func (keyRing *KeyRing) EncryptSplitStream(
|
|||||||
plainMessageMetadata *PlainMessageMetadata,
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
signKeyRing *KeyRing,
|
signKeyRing *KeyRing,
|
||||||
) (*EncryptSplitResult, error) {
|
) (*EncryptSplitResult, error) {
|
||||||
config := &packet.Config{DefaultCipher: packet.CipherAES256, Time: getTimeGenerator()}
|
return encryptSplitStream(
|
||||||
|
keyRing,
|
||||||
if plainMessageMetadata == nil {
|
dataPacketWriter,
|
||||||
// Use sensible default metadata
|
plainMessageMetadata,
|
||||||
plainMessageMetadata = &PlainMessageMetadata{
|
signKeyRing,
|
||||||
IsBinary: true,
|
false,
|
||||||
Filename: "",
|
nil,
|
||||||
ModTime: GetUnixTime(),
|
)
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
hints := &openpgp.FileHints{
|
// EncryptSplitStreamWithContext is used to encrypt data as a stream.
|
||||||
FileName: plainMessageMetadata.Filename,
|
// It takes a writer for the Symmetrically Encrypted Data Packet
|
||||||
IsBinary: plainMessageMetadata.IsBinary,
|
// (https://datatracker.ietf.org/doc/html/rfc4880#section-5.7)
|
||||||
ModTime: time.Unix(plainMessageMetadata.ModTime, 0),
|
// and returns a writer for the plaintext data and the key packet.
|
||||||
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
|
// * signingContext : (optional) a context for the embedded signature.
|
||||||
|
func (keyRing *KeyRing) EncryptSplitStreamWithContext(
|
||||||
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (*EncryptSplitResult, error) {
|
||||||
|
return encryptSplitStream(
|
||||||
|
keyRing,
|
||||||
|
dataPacketWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
false,
|
||||||
|
signingContext,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EncryptSplitStreamWithCompression is used to encrypt data as a stream.
|
||||||
|
// It takes a writer for the Symmetrically Encrypted Data Packet
|
||||||
|
// (https://datatracker.ietf.org/doc/html/rfc4880#section-5.7)
|
||||||
|
// and returns a writer for the plaintext data and the key packet.
|
||||||
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
|
func (keyRing *KeyRing) EncryptSplitStreamWithCompression(
|
||||||
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
) (*EncryptSplitResult, error) {
|
||||||
|
return encryptSplitStream(
|
||||||
|
keyRing,
|
||||||
|
dataPacketWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
true,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// EncryptSplitStreamWithContextAndCompression is used to encrypt data as a stream.
|
||||||
|
// It takes a writer for the Symmetrically Encrypted Data Packet
|
||||||
|
// (https://datatracker.ietf.org/doc/html/rfc4880#section-5.7)
|
||||||
|
// and returns a writer for the plaintext data and the key packet.
|
||||||
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
|
// * signingContext : (optional) a context for the embedded signature.
|
||||||
|
func (keyRing *KeyRing) EncryptSplitStreamWithContextAndCompression(
|
||||||
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (*EncryptSplitResult, error) {
|
||||||
|
return encryptSplitStream(
|
||||||
|
keyRing,
|
||||||
|
dataPacketWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
true,
|
||||||
|
signingContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func encryptSplitStream(
|
||||||
|
encryptionKeyRing *KeyRing,
|
||||||
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
compress bool,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (*EncryptSplitResult, error) {
|
||||||
var keyPacketBuf bytes.Buffer
|
var keyPacketBuf bytes.Buffer
|
||||||
plainMessageWriter, err := asymmetricEncryptStream(hints, &keyPacketBuf, dataPacketWriter, keyRing, signKeyRing, config)
|
plainMessageWriter, err := encryptStream(
|
||||||
|
encryptionKeyRing,
|
||||||
|
&keyPacketBuf,
|
||||||
|
dataPacketWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
compress,
|
||||||
|
signingContext,
|
||||||
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return &EncryptSplitResult{
|
return &EncryptSplitResult{
|
||||||
keyPacketBuf: &keyPacketBuf,
|
keyPacketBuf: &keyPacketBuf,
|
||||||
plainMessageWriter: plainMessageWriter,
|
plainMessageWriter: plainMessageWriter,
|
||||||
@ -142,6 +295,7 @@ type PlainMessageReader struct {
|
|||||||
verifyKeyRing *KeyRing
|
verifyKeyRing *KeyRing
|
||||||
verifyTime int64
|
verifyTime int64
|
||||||
readAll bool
|
readAll bool
|
||||||
|
verificationContext *VerificationContext
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetMetadata returns the metadata of the decrypted message.
|
// GetMetadata returns the metadata of the decrypted message.
|
||||||
@ -173,7 +327,7 @@ func (msg *PlainMessageReader) VerifySignature() (err error) {
|
|||||||
}
|
}
|
||||||
if msg.verifyKeyRing != nil {
|
if msg.verifyKeyRing != nil {
|
||||||
processSignatureExpiration(msg.details, msg.verifyTime)
|
processSignatureExpiration(msg.details, msg.verifyTime)
|
||||||
err = verifyDetailsSignature(msg.details, msg.verifyKeyRing)
|
err = verifyDetailsSignature(msg.details, msg.verifyKeyRing, msg.verificationContext)
|
||||||
} else {
|
} else {
|
||||||
err = errors.New("gopenpgp: no verify keyring was provided before decryption")
|
err = errors.New("gopenpgp: no verify keyring was provided before decryption")
|
||||||
}
|
}
|
||||||
@ -190,11 +344,49 @@ func (keyRing *KeyRing) DecryptStream(
|
|||||||
verifyKeyRing *KeyRing,
|
verifyKeyRing *KeyRing,
|
||||||
verifyTime int64,
|
verifyTime int64,
|
||||||
) (plainMessage *PlainMessageReader, err error) {
|
) (plainMessage *PlainMessageReader, err error) {
|
||||||
messageDetails, err := asymmetricDecryptStream(
|
return decryptStream(
|
||||||
message,
|
|
||||||
keyRing,
|
keyRing,
|
||||||
|
message,
|
||||||
verifyKeyRing,
|
verifyKeyRing,
|
||||||
verifyTime,
|
verifyTime,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DecryptStreamWithContext is used to decrypt a pgp message as a Reader.
|
||||||
|
// It takes a reader for the message data
|
||||||
|
// and returns a PlainMessageReader for the plaintext data.
|
||||||
|
// If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will
|
||||||
|
// verify the embedded signature with the given key ring and verification time.
|
||||||
|
// * verificationContext (optional): context for the signature verification.
|
||||||
|
func (keyRing *KeyRing) DecryptStreamWithContext(
|
||||||
|
message Reader,
|
||||||
|
verifyKeyRing *KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (plainMessage *PlainMessageReader, err error) {
|
||||||
|
return decryptStream(
|
||||||
|
keyRing,
|
||||||
|
message,
|
||||||
|
verifyKeyRing,
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func decryptStream(
|
||||||
|
decryptionKeyRing *KeyRing,
|
||||||
|
message Reader,
|
||||||
|
verifyKeyRing *KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (plainMessage *PlainMessageReader, err error) {
|
||||||
|
messageDetails, err := asymmetricDecryptStream(
|
||||||
|
message,
|
||||||
|
decryptionKeyRing,
|
||||||
|
verifyKeyRing,
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -205,6 +397,7 @@ func (keyRing *KeyRing) DecryptStream(
|
|||||||
verifyKeyRing,
|
verifyKeyRing,
|
||||||
verifyTime,
|
verifyTime,
|
||||||
false,
|
false,
|
||||||
|
verificationContext,
|
||||||
}, err
|
}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -229,21 +422,45 @@ func (keyRing *KeyRing) DecryptSplitStream(
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DecryptSplitStreamWithContext is used to decrypt a split pgp message as a Reader.
|
||||||
|
// It takes a key packet and a reader for the data packet
|
||||||
|
// and returns a PlainMessageReader for the plaintext data.
|
||||||
|
// If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will
|
||||||
|
// verify the embedded signature with the given key ring and verification time.
|
||||||
|
// * verificationContext (optional): context for the signature verification.
|
||||||
|
func (keyRing *KeyRing) DecryptSplitStreamWithContext(
|
||||||
|
keypacket []byte,
|
||||||
|
dataPacketReader Reader,
|
||||||
|
verifyKeyRing *KeyRing, verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (plainMessage *PlainMessageReader, err error) {
|
||||||
|
messageReader := io.MultiReader(
|
||||||
|
bytes.NewReader(keypacket),
|
||||||
|
dataPacketReader,
|
||||||
|
)
|
||||||
|
return keyRing.DecryptStreamWithContext(
|
||||||
|
messageReader,
|
||||||
|
verifyKeyRing,
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
// SignDetachedStream generates and returns a PGPSignature for a given message Reader.
|
// SignDetachedStream generates and returns a PGPSignature for a given message Reader.
|
||||||
func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error) {
|
func (keyRing *KeyRing) SignDetachedStream(message Reader) (*PGPSignature, error) {
|
||||||
signEntity, err := keyRing.getSigningEntity()
|
return keyRing.SignDetachedStreamWithContext(message, nil)
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
config := &packet.Config{DefaultHash: crypto.SHA512, Time: getTimeGenerator()}
|
// SignDetachedStreamWithContext generates and returns a PGPSignature for a given message Reader.
|
||||||
var outBuf bytes.Buffer
|
// If a context is provided, it is added to the signature as notation data
|
||||||
// sign bin
|
// with the name set in `constants.SignatureContextName`.
|
||||||
if err := openpgp.DetachSign(&outBuf, signEntity, message, config); err != nil {
|
func (keyRing *KeyRing) SignDetachedStreamWithContext(message Reader, context *SigningContext) (*PGPSignature, error) {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: error in signing")
|
return signMessageDetached(
|
||||||
}
|
keyRing,
|
||||||
|
message,
|
||||||
return NewPGPSignature(outBuf.Bytes()), nil
|
true,
|
||||||
|
context,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// VerifyDetachedStream verifies a message reader with a detached PGPSignature
|
// VerifyDetachedStream verifies a message reader with a detached PGPSignature
|
||||||
@ -253,12 +470,34 @@ func (keyRing *KeyRing) VerifyDetachedStream(
|
|||||||
signature *PGPSignature,
|
signature *PGPSignature,
|
||||||
verifyTime int64,
|
verifyTime int64,
|
||||||
) error {
|
) error {
|
||||||
return verifySignature(
|
_, err := verifySignature(
|
||||||
keyRing.entities,
|
keyRing.entities,
|
||||||
message,
|
message,
|
||||||
signature.GetBinary(),
|
signature.GetBinary(),
|
||||||
verifyTime,
|
verifyTime,
|
||||||
|
nil,
|
||||||
)
|
)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyDetachedStreamWithContext verifies a message reader with a detached PGPSignature
|
||||||
|
// and returns a SignatureVerificationError if fails.
|
||||||
|
// If a context is provided, it verifies that the signature is valid in the given context, using
|
||||||
|
// the signature notations.
|
||||||
|
func (keyRing *KeyRing) VerifyDetachedStreamWithContext(
|
||||||
|
message Reader,
|
||||||
|
signature *PGPSignature,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) error {
|
||||||
|
_, err := verifySignature(
|
||||||
|
keyRing.entities,
|
||||||
|
message,
|
||||||
|
signature.GetBinary(),
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
|
)
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignDetachedEncryptedStream generates and returns a PGPMessage
|
// SignDetachedEncryptedStream generates and returns a PGPMessage
|
||||||
|
55
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/message.go
generated
vendored
55
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/message.go
generated
vendored
@ -3,6 +3,7 @@ package crypto
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
"encoding/json"
|
||||||
goerrors "errors"
|
goerrors "errors"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
@ -92,7 +93,7 @@ func NewPlainMessageFromFile(data []byte, filename string, time uint32) *PlainMe
|
|||||||
// This allows seamless conversion to clear text signed messages (see RFC 4880 5.2.1 and 7.1).
|
// This allows seamless conversion to clear text signed messages (see RFC 4880 5.2.1 and 7.1).
|
||||||
func NewPlainMessageFromString(text string) *PlainMessage {
|
func NewPlainMessageFromString(text string) *PlainMessage {
|
||||||
return &PlainMessage{
|
return &PlainMessage{
|
||||||
Data: []byte(internal.CanonicalizeAndTrim(text)),
|
Data: []byte(internal.Canonicalize(text)),
|
||||||
TextType: true,
|
TextType: true,
|
||||||
Filename: "",
|
Filename: "",
|
||||||
Time: uint32(GetUnixTime()),
|
Time: uint32(GetUnixTime()),
|
||||||
@ -202,7 +203,7 @@ func (msg *PlainMessage) GetBinary() []byte {
|
|||||||
|
|
||||||
// GetString returns the content of the message as a string.
|
// GetString returns the content of the message as a string.
|
||||||
func (msg *PlainMessage) GetString() string {
|
func (msg *PlainMessage) GetString() string {
|
||||||
return strings.ReplaceAll(string(msg.Data), "\r\n", "\n")
|
return sanitizeString(strings.ReplaceAll(string(msg.Data), "\r\n", "\n"))
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetBase64 returns the base-64 encoded binary content of the message as a
|
// GetBase64 returns the base-64 encoded binary content of the message as a
|
||||||
@ -287,6 +288,21 @@ func (msg *PGPMessage) GetHexEncryptionKeyIDs() ([]string, bool) {
|
|||||||
return getHexKeyIDs(msg.GetEncryptionKeyIDs())
|
return getHexKeyIDs(msg.GetEncryptionKeyIDs())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetHexEncryptionKeyIDsJson returns the key IDs of the keys to which the session key is encrypted as a JSON array.
|
||||||
|
// If an error occurs it returns nil.
|
||||||
|
// Helper function for go-mobile clients.
|
||||||
|
func (msg *PGPMessage) GetHexEncryptionKeyIDsJson() []byte {
|
||||||
|
hexIds, ok := msg.GetHexEncryptionKeyIDs()
|
||||||
|
if !ok {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
hexIdsJson, err := json.Marshal(hexIds)
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return hexIdsJson
|
||||||
|
}
|
||||||
|
|
||||||
// GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.
|
// GetSignatureKeyIDs Returns the key IDs of the keys to which the (readable) signature packets are encrypted to.
|
||||||
func (msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool) {
|
func (msg *PGPMessage) GetSignatureKeyIDs() ([]uint64, bool) {
|
||||||
return getSignatureKeyIDs(msg.Data)
|
return getSignatureKeyIDs(msg.Data)
|
||||||
@ -297,6 +313,20 @@ func (msg *PGPMessage) GetHexSignatureKeyIDs() ([]string, bool) {
|
|||||||
return getHexKeyIDs(msg.GetSignatureKeyIDs())
|
return getHexKeyIDs(msg.GetSignatureKeyIDs())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetHexSignatureKeyIDsJson returns the key IDs of the keys to which the (readable) signature packets
|
||||||
|
// are encrypted to as a JSON array. Helper function for go-mobile clients.
|
||||||
|
func (msg *PGPMessage) GetHexSignatureKeyIDsJson() []byte {
|
||||||
|
sigHexSigIds, ok := msg.GetHexSignatureKeyIDs()
|
||||||
|
if !ok {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
sigHexKeyIdsJSON, err := json.Marshal(sigHexSigIds)
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return sigHexKeyIdsJSON
|
||||||
|
}
|
||||||
|
|
||||||
// GetBinaryDataPacket returns the unarmored binary datapacket as a []byte.
|
// GetBinaryDataPacket returns the unarmored binary datapacket as a []byte.
|
||||||
func (msg *PGPSplitMessage) GetBinaryDataPacket() []byte {
|
func (msg *PGPSplitMessage) GetBinaryDataPacket() []byte {
|
||||||
return msg.DataPacket
|
return msg.DataPacket
|
||||||
@ -324,6 +354,27 @@ func (msg *PGPSplitMessage) GetPGPMessage() *PGPMessage {
|
|||||||
return NewPGPMessage(append(msg.KeyPacket, msg.DataPacket...))
|
return NewPGPMessage(append(msg.KeyPacket, msg.DataPacket...))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetNumberOfKeyPackets returns the number of keys packets in this message.
|
||||||
|
func (msg *PGPSplitMessage) GetNumberOfKeyPackets() (int, error) {
|
||||||
|
bytesReader := bytes.NewReader(msg.KeyPacket)
|
||||||
|
packets := packet.NewReader(bytesReader)
|
||||||
|
var keyPacketCount int
|
||||||
|
for {
|
||||||
|
p, err := packets.Next()
|
||||||
|
if goerrors.Is(err, io.EOF) {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
switch p.(type) {
|
||||||
|
case *packet.SymmetricKeyEncrypted, *packet.EncryptedKey:
|
||||||
|
keyPacketCount += 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return keyPacketCount, nil
|
||||||
|
}
|
||||||
|
|
||||||
// SplitMessage splits the message into key and data packet(s).
|
// SplitMessage splits the message into key and data packet(s).
|
||||||
// Parameters are for backwards compatibility and are unused.
|
// Parameters are for backwards compatibility and are unused.
|
||||||
func (msg *PGPMessage) SplitMessage() (*PGPSplitMessage, error) {
|
func (msg *PGPMessage) SplitMessage() (*PGPSplitMessage, error) {
|
||||||
|
3
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/mime.go
generated
vendored
3
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/mime.go
generated
vendored
@ -49,7 +49,8 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
|
|||||||
callbacks.OnVerified(constants.SIGNATURE_OK)
|
callbacks.OnVerified(constants.SIGNATURE_OK)
|
||||||
}
|
}
|
||||||
bodyContent, bodyMimeType := body.GetBody()
|
bodyContent, bodyMimeType := body.GetBody()
|
||||||
callbacks.OnBody(bodyContent, bodyMimeType)
|
bodyContentSanitized := sanitizeString(bodyContent)
|
||||||
|
callbacks.OnBody(bodyContentSanitized, bodyMimeType)
|
||||||
for i := 0; i < len(attachments); i++ {
|
for i := 0; i < len(attachments); i++ {
|
||||||
callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
|
callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
|
||||||
}
|
}
|
||||||
|
7
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/sanitize_string.go
generated
vendored
Normal file
7
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/sanitize_string.go
generated
vendored
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
package crypto
|
||||||
|
|
||||||
|
import "strings"
|
||||||
|
|
||||||
|
func sanitizeString(input string) string {
|
||||||
|
return strings.ToValidUTF8(input, "\ufffd")
|
||||||
|
}
|
194
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/sessionkey.go
generated
vendored
194
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/sessionkey.go
generated
vendored
@ -138,17 +138,7 @@ func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
|
|||||||
// * message : The plain data as a PlainMessage.
|
// * message : The plain data as a PlainMessage.
|
||||||
// * output : The encrypted data as PGPMessage.
|
// * output : The encrypted data as PGPMessage.
|
||||||
func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error) {
|
func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error) {
|
||||||
dc, err := sk.GetCipherFunc()
|
return encryptWithSessionKey(message, sk, nil, false, nil)
|
||||||
if err != nil {
|
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
|
||||||
}
|
|
||||||
|
|
||||||
config := &packet.Config{
|
|
||||||
Time: getTimeGenerator(),
|
|
||||||
DefaultCipher: dc,
|
|
||||||
}
|
|
||||||
|
|
||||||
return encryptWithSessionKey(message, sk, nil, config)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptAndSign encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key.
|
// EncryptAndSign encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key.
|
||||||
@ -156,59 +146,50 @@ func (sk *SessionKey) Encrypt(message *PlainMessage) ([]byte, error) {
|
|||||||
// * signKeyRing: The KeyRing to sign the message
|
// * signKeyRing: The KeyRing to sign the message
|
||||||
// * output : The encrypted data as PGPMessage.
|
// * output : The encrypted data as PGPMessage.
|
||||||
func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error) {
|
func (sk *SessionKey) EncryptAndSign(message *PlainMessage, signKeyRing *KeyRing) ([]byte, error) {
|
||||||
dc, err := sk.GetCipherFunc()
|
return encryptWithSessionKey(message, sk, signKeyRing, false, nil)
|
||||||
if err != nil {
|
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
config := &packet.Config{
|
// EncryptAndSignWithContext encrypts a PlainMessage to PGPMessage with a SessionKey and signs it with a Private key.
|
||||||
Time: getTimeGenerator(),
|
// * message : The plain data as a PlainMessage.
|
||||||
DefaultCipher: dc,
|
// * signKeyRing: The KeyRing to sign the message
|
||||||
}
|
// * output : The encrypted data as PGPMessage.
|
||||||
|
// * signingContext : (optional) the context for the signature.
|
||||||
signEntity, err := signKeyRing.getSigningEntity()
|
func (sk *SessionKey) EncryptAndSignWithContext(message *PlainMessage, signKeyRing *KeyRing, signingContext *SigningContext) ([]byte, error) {
|
||||||
if err != nil {
|
return encryptWithSessionKey(message, sk, signKeyRing, false, signingContext)
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to sign")
|
|
||||||
}
|
|
||||||
|
|
||||||
return encryptWithSessionKey(message, sk, signEntity, config)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey.
|
// EncryptWithCompression encrypts with compression support a PlainMessage to PGPMessage with a SessionKey.
|
||||||
// * message : The plain data as a PlainMessage.
|
// * message : The plain data as a PlainMessage.
|
||||||
// * output : The encrypted data as PGPMessage.
|
// * output : The encrypted data as PGPMessage.
|
||||||
func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error) {
|
func (sk *SessionKey) EncryptWithCompression(message *PlainMessage) ([]byte, error) {
|
||||||
dc, err := sk.GetCipherFunc()
|
return encryptWithSessionKey(message, sk, nil, true, nil)
|
||||||
if err != nil {
|
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
config := &packet.Config{
|
func encryptWithSessionKey(
|
||||||
Time: getTimeGenerator(),
|
message *PlainMessage,
|
||||||
DefaultCipher: dc,
|
sk *SessionKey,
|
||||||
DefaultCompressionAlgo: constants.DefaultCompression,
|
signKeyRing *KeyRing,
|
||||||
CompressionConfig: &packet.CompressionConfig{Level: constants.DefaultCompressionLevel},
|
compress bool,
|
||||||
}
|
signingContext *SigningContext,
|
||||||
|
) ([]byte, error) {
|
||||||
return encryptWithSessionKey(message, sk, nil, config)
|
|
||||||
}
|
|
||||||
|
|
||||||
func encryptWithSessionKey(message *PlainMessage, sk *SessionKey, signEntity *openpgp.Entity, config *packet.Config) ([]byte, error) {
|
|
||||||
var encBuf = new(bytes.Buffer)
|
var encBuf = new(bytes.Buffer)
|
||||||
|
|
||||||
encryptWriter, signWriter, err := encryptStreamWithSessionKey(
|
encryptWriter, signWriter, err := encryptStreamWithSessionKey(
|
||||||
|
NewPlainMessageMetadata(
|
||||||
message.IsBinary(),
|
message.IsBinary(),
|
||||||
message.Filename,
|
message.Filename,
|
||||||
message.Time,
|
int64(message.Time),
|
||||||
|
),
|
||||||
encBuf,
|
encBuf,
|
||||||
sk,
|
sk,
|
||||||
signEntity,
|
signKeyRing,
|
||||||
config,
|
compress,
|
||||||
|
signingContext,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if signEntity != nil {
|
if signKeyRing != nil {
|
||||||
_, err = signWriter.Write(message.GetBinary())
|
_, err = signWriter.Write(message.GetBinary())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: error in writing signed message")
|
return nil, errors.Wrap(err, "gopenpgp: error in writing signed message")
|
||||||
@ -231,6 +212,61 @@ func encryptWithSessionKey(message *PlainMessage, sk *SessionKey, signEntity *op
|
|||||||
}
|
}
|
||||||
|
|
||||||
func encryptStreamWithSessionKey(
|
func encryptStreamWithSessionKey(
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
dataPacketWriter io.Writer,
|
||||||
|
sk *SessionKey,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
compress bool,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (encryptWriter, signWriter io.WriteCloser, err error) {
|
||||||
|
dc, err := sk.GetCipherFunc()
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
||||||
|
}
|
||||||
|
|
||||||
|
config := &packet.Config{
|
||||||
|
Time: getTimeGenerator(),
|
||||||
|
DefaultCipher: dc,
|
||||||
|
}
|
||||||
|
|
||||||
|
var signEntity *openpgp.Entity
|
||||||
|
if signKeyRing != nil {
|
||||||
|
signEntity, err = signKeyRing.getSigningEntity()
|
||||||
|
if err != nil {
|
||||||
|
return nil, nil, errors.Wrap(err, "gopenpgp: unable to sign")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if compress {
|
||||||
|
config.DefaultCompressionAlgo = constants.DefaultCompression
|
||||||
|
config.CompressionConfig = &packet.CompressionConfig{Level: constants.DefaultCompressionLevel}
|
||||||
|
}
|
||||||
|
|
||||||
|
if signingContext != nil {
|
||||||
|
config.SignatureNotations = append(config.SignatureNotations, signingContext.getNotation())
|
||||||
|
}
|
||||||
|
|
||||||
|
if plainMessageMetadata == nil {
|
||||||
|
// Use sensible default metadata
|
||||||
|
plainMessageMetadata = &PlainMessageMetadata{
|
||||||
|
IsBinary: true,
|
||||||
|
Filename: "",
|
||||||
|
ModTime: GetUnixTime(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return encryptStreamWithSessionKeyAndConfig(
|
||||||
|
plainMessageMetadata.IsBinary,
|
||||||
|
plainMessageMetadata.Filename,
|
||||||
|
uint32(plainMessageMetadata.ModTime),
|
||||||
|
dataPacketWriter,
|
||||||
|
sk,
|
||||||
|
signEntity,
|
||||||
|
config,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func encryptStreamWithSessionKeyAndConfig(
|
||||||
isBinary bool,
|
isBinary bool,
|
||||||
filename string,
|
filename string,
|
||||||
modTime uint32,
|
modTime uint32,
|
||||||
@ -239,7 +275,15 @@ func encryptStreamWithSessionKey(
|
|||||||
signEntity *openpgp.Entity,
|
signEntity *openpgp.Entity,
|
||||||
config *packet.Config,
|
config *packet.Config,
|
||||||
) (encryptWriter, signWriter io.WriteCloser, err error) {
|
) (encryptWriter, signWriter io.WriteCloser, err error) {
|
||||||
encryptWriter, err = packet.SerializeSymmetricallyEncrypted(dataPacketWriter, config.Cipher(), sk.Key, config)
|
encryptWriter, err = packet.SerializeSymmetricallyEncrypted(
|
||||||
|
dataPacketWriter,
|
||||||
|
config.Cipher(),
|
||||||
|
config.AEAD() != nil,
|
||||||
|
packet.CipherSuite{Cipher: config.Cipher(), Mode: config.AEAD().Mode()},
|
||||||
|
sk.Key,
|
||||||
|
config,
|
||||||
|
)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt")
|
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt")
|
||||||
}
|
}
|
||||||
@ -289,9 +333,41 @@ func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error) {
|
|||||||
// * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled.
|
// * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled.
|
||||||
// * output: PlainMessage.
|
// * output: PlainMessage.
|
||||||
func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error) {
|
func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64) (*PlainMessage, error) {
|
||||||
|
return decryptWithSessionKeyAndContext(
|
||||||
|
sk,
|
||||||
|
dataPacket,
|
||||||
|
verifyKeyRing,
|
||||||
|
verifyTime,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DecryptAndVerifyWithContext decrypts pgp data packets using directly a session key and verifies embedded signatures.
|
||||||
|
// * encrypted: PGPMessage.
|
||||||
|
// * verifyKeyRing: KeyRing with verification public keys
|
||||||
|
// * verifyTime: when should the signature be valid, as timestamp. If 0 time verification is disabled.
|
||||||
|
// * output: PlainMessage.
|
||||||
|
// * verificationContext (optional): context for the signature verification.
|
||||||
|
func (sk *SessionKey) DecryptAndVerifyWithContext(dataPacket []byte, verifyKeyRing *KeyRing, verifyTime int64, verificationContext *VerificationContext) (*PlainMessage, error) {
|
||||||
|
return decryptWithSessionKeyAndContext(
|
||||||
|
sk,
|
||||||
|
dataPacket,
|
||||||
|
verifyKeyRing,
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func decryptWithSessionKeyAndContext(
|
||||||
|
sk *SessionKey,
|
||||||
|
dataPacket []byte,
|
||||||
|
verifyKeyRing *KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (*PlainMessage, error) {
|
||||||
var messageReader = bytes.NewReader(dataPacket)
|
var messageReader = bytes.NewReader(dataPacket)
|
||||||
|
|
||||||
md, err := decryptStreamWithSessionKey(sk, messageReader, verifyKeyRing)
|
md, err := decryptStreamWithSessionKey(sk, messageReader, verifyKeyRing, verificationContext)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -303,7 +379,7 @@ func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing
|
|||||||
|
|
||||||
if verifyKeyRing != nil {
|
if verifyKeyRing != nil {
|
||||||
processSignatureExpiration(md, verifyTime)
|
processSignatureExpiration(md, verifyTime)
|
||||||
err = verifyDetailsSignature(md, verifyKeyRing)
|
err = verifyDetailsSignature(md, verifyKeyRing, verificationContext)
|
||||||
}
|
}
|
||||||
|
|
||||||
return &PlainMessage{
|
return &PlainMessage{
|
||||||
@ -314,7 +390,12 @@ func (sk *SessionKey) DecryptAndVerify(dataPacket []byte, verifyKeyRing *KeyRing
|
|||||||
}, err
|
}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func decryptStreamWithSessionKey(sk *SessionKey, messageReader io.Reader, verifyKeyRing *KeyRing) (*openpgp.MessageDetails, error) {
|
func decryptStreamWithSessionKey(
|
||||||
|
sk *SessionKey,
|
||||||
|
messageReader io.Reader,
|
||||||
|
verifyKeyRing *KeyRing,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (*openpgp.MessageDetails, error) {
|
||||||
var decrypted io.ReadCloser
|
var decrypted io.ReadCloser
|
||||||
var keyring openpgp.EntityList
|
var keyring openpgp.EntityList
|
||||||
|
|
||||||
@ -327,17 +408,24 @@ func decryptStreamWithSessionKey(sk *SessionKey, messageReader io.Reader, verify
|
|||||||
|
|
||||||
// Decrypt data packet
|
// Decrypt data packet
|
||||||
switch p := p.(type) {
|
switch p := p.(type) {
|
||||||
case *packet.SymmetricallyEncrypted:
|
case *packet.SymmetricallyEncrypted, *packet.AEADEncrypted:
|
||||||
|
if symPacket, ok := p.(*packet.SymmetricallyEncrypted); ok {
|
||||||
|
if !symPacket.IntegrityProtected {
|
||||||
|
return nil, errors.New("gopenpgp: message is not authenticated")
|
||||||
|
}
|
||||||
|
}
|
||||||
dc, err := sk.GetCipherFunc()
|
dc, err := sk.GetCipherFunc()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt with session key")
|
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt with session key")
|
||||||
}
|
}
|
||||||
|
encryptedDataPacket, isDataPacket := p.(packet.EncryptedDataPacket)
|
||||||
decrypted, err = p.Decrypt(dc, sk.Key)
|
if !isDataPacket {
|
||||||
|
return nil, errors.Wrap(err, "gopenpgp: unknown data packet")
|
||||||
|
}
|
||||||
|
decrypted, err = encryptedDataPacket.Decrypt(dc, sk.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt symmetric packet")
|
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt symmetric packet")
|
||||||
}
|
}
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return nil, errors.New("gopenpgp: invalid packet type")
|
return nil, errors.New("gopenpgp: invalid packet type")
|
||||||
}
|
}
|
||||||
@ -346,6 +434,10 @@ func decryptStreamWithSessionKey(sk *SessionKey, messageReader io.Reader, verify
|
|||||||
Time: getTimeGenerator(),
|
Time: getTimeGenerator(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if verificationContext != nil {
|
||||||
|
config.KnownNotations = map[string]bool{constants.SignatureContextName: true}
|
||||||
|
}
|
||||||
|
|
||||||
// Push decrypted packet as literal packet and use openpgp's reader
|
// Push decrypted packet as literal packet and use openpgp's reader
|
||||||
if verifyKeyRing != nil {
|
if verifyKeyRing != nil {
|
||||||
keyring = verifyKeyRing.entities
|
keyring = verifyKeyRing.entities
|
||||||
|
140
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/sessionkey_streaming.go
generated
vendored
140
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/sessionkey_streaming.go
generated
vendored
@ -1,8 +1,6 @@
|
|||||||
package crypto
|
package crypto
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/ProtonMail/go-crypto/openpgp"
|
|
||||||
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -30,40 +28,87 @@ func (sk *SessionKey) EncryptStream(
|
|||||||
plainMessageMetadata *PlainMessageMetadata,
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
signKeyRing *KeyRing,
|
signKeyRing *KeyRing,
|
||||||
) (plainMessageWriter WriteCloser, err error) {
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
dc, err := sk.GetCipherFunc()
|
return sk.encryptStream(
|
||||||
if err != nil {
|
dataPacketWriter,
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
false,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
config := &packet.Config{
|
// EncryptStreamWithContext is used to encrypt data as a Writer.
|
||||||
Time: getTimeGenerator(),
|
// It takes a writer for the encrypted data packet and returns a writer for the plaintext data.
|
||||||
DefaultCipher: dc,
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
}
|
// * signingContext : (optional) the context for the signature.
|
||||||
var signEntity *openpgp.Entity
|
func (sk *SessionKey) EncryptStreamWithContext(
|
||||||
if signKeyRing != nil {
|
dataPacketWriter Writer,
|
||||||
signEntity, err = signKeyRing.getSigningEntity()
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
if err != nil {
|
signKeyRing *KeyRing,
|
||||||
return nil, errors.Wrap(err, "gopenpgp: unable to sign")
|
signingContext *SigningContext,
|
||||||
}
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
|
return sk.encryptStream(
|
||||||
|
dataPacketWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
false,
|
||||||
|
signingContext,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
if plainMessageMetadata == nil {
|
// EncryptStreamWithCompression is used to encrypt data as a Writer.
|
||||||
// Use sensible default metadata
|
// The plaintext data is compressed before being encrypted.
|
||||||
plainMessageMetadata = &PlainMessageMetadata{
|
// It takes a writer for the encrypted data packet and returns a writer for the plaintext data.
|
||||||
IsBinary: true,
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
Filename: "",
|
// * signingContext : (optional) the context for the signature.
|
||||||
ModTime: GetUnixTime(),
|
func (sk *SessionKey) EncryptStreamWithCompression(
|
||||||
}
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
|
return sk.encryptStream(
|
||||||
|
dataPacketWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
true,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EncryptStreamWithContextAndCompression is used to encrypt data as a Writer.
|
||||||
|
// The plaintext data is compressed before being encrypted.
|
||||||
|
// It takes a writer for the encrypted data packet and returns a writer for the plaintext data.
|
||||||
|
// If signKeyRing is not nil, it is used to do an embedded signature.
|
||||||
|
// * signingContext : (optional) the context for the signature.
|
||||||
|
func (sk *SessionKey) EncryptStreamWithContextAndCompression(
|
||||||
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
|
return sk.encryptStream(
|
||||||
|
dataPacketWriter,
|
||||||
|
plainMessageMetadata,
|
||||||
|
signKeyRing,
|
||||||
|
true,
|
||||||
|
signingContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (sk *SessionKey) encryptStream(
|
||||||
|
dataPacketWriter Writer,
|
||||||
|
plainMessageMetadata *PlainMessageMetadata,
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
compress bool,
|
||||||
|
signingContext *SigningContext,
|
||||||
|
) (plainMessageWriter WriteCloser, err error) {
|
||||||
encryptWriter, signWriter, err := encryptStreamWithSessionKey(
|
encryptWriter, signWriter, err := encryptStreamWithSessionKey(
|
||||||
plainMessageMetadata.IsBinary,
|
plainMessageMetadata,
|
||||||
plainMessageMetadata.Filename,
|
|
||||||
uint32(plainMessageMetadata.ModTime),
|
|
||||||
dataPacketWriter,
|
dataPacketWriter,
|
||||||
sk,
|
sk,
|
||||||
signEntity,
|
signKeyRing,
|
||||||
config,
|
compress,
|
||||||
|
signingContext,
|
||||||
)
|
)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -87,10 +132,48 @@ func (sk *SessionKey) DecryptStream(
|
|||||||
verifyKeyRing *KeyRing,
|
verifyKeyRing *KeyRing,
|
||||||
verifyTime int64,
|
verifyTime int64,
|
||||||
) (plainMessage *PlainMessageReader, err error) {
|
) (plainMessage *PlainMessageReader, err error) {
|
||||||
messageDetails, err := decryptStreamWithSessionKey(
|
return decryptStreamWithSessionKeyAndContext(
|
||||||
sk,
|
sk,
|
||||||
dataPacketReader,
|
dataPacketReader,
|
||||||
verifyKeyRing,
|
verifyKeyRing,
|
||||||
|
verifyTime,
|
||||||
|
nil,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DecryptStreamWithContext is used to decrypt a data packet as a Reader.
|
||||||
|
// It takes a reader for the data packet
|
||||||
|
// and returns a PlainMessageReader for the plaintext data.
|
||||||
|
// If verifyKeyRing is not nil, PlainMessageReader.VerifySignature() will
|
||||||
|
// verify the embedded signature with the given key ring and verification time.
|
||||||
|
// * verificationContext (optional): context for the signature verification.
|
||||||
|
func (sk *SessionKey) DecryptStreamWithContext(
|
||||||
|
dataPacketReader Reader,
|
||||||
|
verifyKeyRing *KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (plainMessage *PlainMessageReader, err error) {
|
||||||
|
return decryptStreamWithSessionKeyAndContext(
|
||||||
|
sk,
|
||||||
|
dataPacketReader,
|
||||||
|
verifyKeyRing,
|
||||||
|
verifyTime,
|
||||||
|
verificationContext,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
func decryptStreamWithSessionKeyAndContext(
|
||||||
|
sessionKey *SessionKey,
|
||||||
|
dataPacketReader Reader,
|
||||||
|
verifyKeyRing *KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (plainMessage *PlainMessageReader, err error) {
|
||||||
|
messageDetails, err := decryptStreamWithSessionKey(
|
||||||
|
sessionKey,
|
||||||
|
dataPacketReader,
|
||||||
|
verifyKeyRing,
|
||||||
|
verificationContext,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "gopenpgp: error in reading message")
|
return nil, errors.Wrap(err, "gopenpgp: error in reading message")
|
||||||
@ -101,5 +184,6 @@ func (sk *SessionKey) DecryptStream(
|
|||||||
verifyKeyRing,
|
verifyKeyRing,
|
||||||
verifyTime,
|
verifyTime,
|
||||||
false,
|
false,
|
||||||
|
verificationContext,
|
||||||
}, err
|
}, err
|
||||||
}
|
}
|
||||||
|
199
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/signature.go
generated
vendored
199
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/signature.go
generated
vendored
@ -3,7 +3,6 @@ package crypto
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto"
|
"crypto"
|
||||||
"errors"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"math"
|
"math"
|
||||||
@ -12,6 +11,7 @@ import (
|
|||||||
"github.com/ProtonMail/go-crypto/openpgp"
|
"github.com/ProtonMail/go-crypto/openpgp"
|
||||||
pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
|
pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
|
||||||
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
|
||||||
"github.com/ProtonMail/gopenpgp/v2/constants"
|
"github.com/ProtonMail/gopenpgp/v2/constants"
|
||||||
"github.com/ProtonMail/gopenpgp/v2/internal"
|
"github.com/ProtonMail/gopenpgp/v2/internal"
|
||||||
@ -29,23 +29,41 @@ var allowedHashes = []crypto.Hash{
|
|||||||
type SignatureVerificationError struct {
|
type SignatureVerificationError struct {
|
||||||
Status int
|
Status int
|
||||||
Message string
|
Message string
|
||||||
|
Cause error
|
||||||
}
|
}
|
||||||
|
|
||||||
// Error is the base method for all errors.
|
// Error is the base method for all errors.
|
||||||
func (e SignatureVerificationError) Error() string {
|
func (e SignatureVerificationError) Error() string {
|
||||||
|
if e.Cause != nil {
|
||||||
|
return fmt.Sprintf("Signature Verification Error: %v caused by %v", e.Message, e.Cause)
|
||||||
|
}
|
||||||
return fmt.Sprintf("Signature Verification Error: %v", e.Message)
|
return fmt.Sprintf("Signature Verification Error: %v", e.Message)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Unwrap returns the cause of failure.
|
||||||
|
func (e SignatureVerificationError) Unwrap() error {
|
||||||
|
return e.Cause
|
||||||
|
}
|
||||||
|
|
||||||
// ------------------
|
// ------------------
|
||||||
// Internal functions
|
// Internal functions
|
||||||
// ------------------
|
// ------------------
|
||||||
|
|
||||||
// newSignatureFailed creates a new SignatureVerificationError, type
|
// newSignatureFailed creates a new SignatureVerificationError, type
|
||||||
// SignatureFailed.
|
// SignatureFailed.
|
||||||
func newSignatureFailed() SignatureVerificationError {
|
func newSignatureBadContext(cause error) SignatureVerificationError {
|
||||||
|
return SignatureVerificationError{
|
||||||
|
Status: constants.SIGNATURE_BAD_CONTEXT,
|
||||||
|
Message: "Invalid signature context",
|
||||||
|
Cause: cause,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func newSignatureFailed(cause error) SignatureVerificationError {
|
||||||
return SignatureVerificationError{
|
return SignatureVerificationError{
|
||||||
Status: constants.SIGNATURE_FAILED,
|
Status: constants.SIGNATURE_FAILED,
|
||||||
Message: "Invalid signature",
|
Message: "Invalid signature",
|
||||||
|
Cause: cause,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -98,7 +116,7 @@ func processSignatureExpiration(md *openpgp.MessageDetails, verifyTime int64) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// verifyDetailsSignature verifies signature from message details.
|
// verifyDetailsSignature verifies signature from message details.
|
||||||
func verifyDetailsSignature(md *openpgp.MessageDetails, verifierKey *KeyRing) error {
|
func verifyDetailsSignature(md *openpgp.MessageDetails, verifierKey *KeyRing, verificationContext *VerificationContext) error {
|
||||||
if !md.IsSigned {
|
if !md.IsSigned {
|
||||||
return newSignatureNotSigned()
|
return newSignatureNotSigned()
|
||||||
}
|
}
|
||||||
@ -108,18 +126,113 @@ func verifyDetailsSignature(md *openpgp.MessageDetails, verifierKey *KeyRing) er
|
|||||||
return newSignatureNoVerifier()
|
return newSignatureNoVerifier()
|
||||||
}
|
}
|
||||||
if md.SignatureError != nil {
|
if md.SignatureError != nil {
|
||||||
return newSignatureFailed()
|
return newSignatureFailed(md.SignatureError)
|
||||||
}
|
}
|
||||||
if md.Signature == nil ||
|
if md.Signature == nil ||
|
||||||
md.Signature.Hash < allowedHashes[0] ||
|
md.Signature.Hash < allowedHashes[0] ||
|
||||||
md.Signature.Hash > allowedHashes[len(allowedHashes)-1] {
|
md.Signature.Hash > allowedHashes[len(allowedHashes)-1] {
|
||||||
return newSignatureInsecure()
|
return newSignatureInsecure()
|
||||||
}
|
}
|
||||||
|
if verificationContext != nil {
|
||||||
|
err := verificationContext.verifyContext(md.Signature)
|
||||||
|
if err != nil {
|
||||||
|
return newSignatureBadContext(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// SigningContext gives the context that will be
|
||||||
|
// included in the signature's notation data.
|
||||||
|
type SigningContext struct {
|
||||||
|
Value string
|
||||||
|
IsCritical bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSigningContext creates a new signing context.
|
||||||
|
// The value is set to the notation data.
|
||||||
|
// isCritical controls whether the notation is flagged as a critical packet.
|
||||||
|
func NewSigningContext(value string, isCritical bool) *SigningContext {
|
||||||
|
return &SigningContext{Value: value, IsCritical: isCritical}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (context *SigningContext) getNotation() *packet.Notation {
|
||||||
|
return &packet.Notation{
|
||||||
|
Name: constants.SignatureContextName,
|
||||||
|
Value: []byte(context.Value),
|
||||||
|
IsCritical: context.IsCritical,
|
||||||
|
IsHumanReadable: true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerificationContext gives the context that will be
|
||||||
|
// used to verify the signature.
|
||||||
|
type VerificationContext struct {
|
||||||
|
Value string
|
||||||
|
IsRequired bool
|
||||||
|
RequiredAfter int64
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewVerificationContext creates a new verification context.
|
||||||
|
// The value is checked against the signature's notation data.
|
||||||
|
// If isRequired is false, the signature is allowed to have no context set.
|
||||||
|
// If requiredAfter is != 0, the signature is allowed to have no context set if it
|
||||||
|
// was created before the unix time set in requiredAfter.
|
||||||
|
func NewVerificationContext(value string, isRequired bool, requiredAfter int64) *VerificationContext {
|
||||||
|
return &VerificationContext{
|
||||||
|
Value: value,
|
||||||
|
IsRequired: isRequired,
|
||||||
|
RequiredAfter: requiredAfter,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (context *VerificationContext) isRequiredAtTime(signatureTime time.Time) bool {
|
||||||
|
return context.IsRequired &&
|
||||||
|
(context.RequiredAfter == 0 || signatureTime.After(time.Unix(context.RequiredAfter, 0)))
|
||||||
|
}
|
||||||
|
|
||||||
|
func findContext(notations []*packet.Notation) (string, error) {
|
||||||
|
context := ""
|
||||||
|
for _, notation := range notations {
|
||||||
|
if notation.Name == constants.SignatureContextName {
|
||||||
|
if context != "" {
|
||||||
|
return "", errors.New("gopenpgp: signature has multiple context notations")
|
||||||
|
}
|
||||||
|
if !notation.IsHumanReadable {
|
||||||
|
return "", errors.New("gopenpgp: context notation was not set as human-readable")
|
||||||
|
}
|
||||||
|
context = string(notation.Value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return context, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (context *VerificationContext) verifyContext(sig *packet.Signature) error {
|
||||||
|
signatureContext, err := findContext(sig.Notations)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if signatureContext != context.Value {
|
||||||
|
contextRequired := context.isRequiredAtTime(sig.CreationTime)
|
||||||
|
if contextRequired {
|
||||||
|
return errors.New("gopenpgp: signature did not have the required context")
|
||||||
|
} else if signatureContext != "" {
|
||||||
|
return errors.New("gopenpgp: signature had a wrong context")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// verifySignature verifies if a signature is valid with the entity list.
|
// verifySignature verifies if a signature is valid with the entity list.
|
||||||
func verifySignature(pubKeyEntries openpgp.EntityList, origText io.Reader, signature []byte, verifyTime int64) error {
|
func verifySignature(
|
||||||
|
pubKeyEntries openpgp.EntityList,
|
||||||
|
origText io.Reader,
|
||||||
|
signature []byte,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *VerificationContext,
|
||||||
|
) (*packet.Signature, error) {
|
||||||
config := &packet.Config{}
|
config := &packet.Config{}
|
||||||
if verifyTime == 0 {
|
if verifyTime == 0 {
|
||||||
config.Time = func() time.Time {
|
config.Time = func() time.Time {
|
||||||
@ -130,32 +243,90 @@ func verifySignature(pubKeyEntries openpgp.EntityList, origText io.Reader, signa
|
|||||||
return time.Unix(verifyTime+internal.CreationTimeOffset, 0)
|
return time.Unix(verifyTime+internal.CreationTimeOffset, 0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if verificationContext != nil {
|
||||||
|
config.KnownNotations = map[string]bool{constants.SignatureContextName: true}
|
||||||
|
}
|
||||||
signatureReader := bytes.NewReader(signature)
|
signatureReader := bytes.NewReader(signature)
|
||||||
|
|
||||||
signer, err := openpgp.CheckDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config)
|
sig, signer, err := openpgp.VerifyDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config)
|
||||||
|
|
||||||
if errors.Is(err, pgpErrors.ErrSignatureExpired) && signer != nil && verifyTime > 0 {
|
if sig != nil && signer != nil && (errors.Is(err, pgpErrors.ErrSignatureExpired) || errors.Is(err, pgpErrors.ErrKeyExpired)) { //nolint:nestif
|
||||||
// if verifyTime = 0: time check disabled, everything is okay
|
if verifyTime == 0 { // Expiration check disabled
|
||||||
|
err = nil
|
||||||
|
} else {
|
||||||
// Maybe the creation time offset pushed it over the edge
|
// Maybe the creation time offset pushed it over the edge
|
||||||
// Retry with the actual verification time
|
// Retry with the actual verification time
|
||||||
config.Time = func() time.Time {
|
config.Time = func() time.Time {
|
||||||
return time.Unix(verifyTime, 0)
|
return time.Unix(verifyTime, 0)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
seeker, ok := origText.(io.ReadSeeker)
|
||||||
|
if !ok {
|
||||||
|
return nil, errors.Wrap(err, "gopenpgp: message reader do not support seeking, cannot retry signature verification")
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = seeker.Seek(0, io.SeekStart)
|
||||||
|
if err != nil {
|
||||||
|
return nil, newSignatureFailed(errors.Wrap(err, "gopenpgp: could not rewind the data reader."))
|
||||||
|
}
|
||||||
|
|
||||||
_, err = signatureReader.Seek(0, io.SeekStart)
|
_, err = signatureReader.Seek(0, io.SeekStart)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return newSignatureFailed()
|
return nil, newSignatureFailed(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
sig, signer, err = openpgp.VerifyDetachedSignatureAndHash(pubKeyEntries, seeker, signatureReader, allowedHashes, config)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
signer, err = openpgp.CheckDetachedSignatureAndHash(pubKeyEntries, origText, signatureReader, allowedHashes, config)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return newSignatureFailed()
|
return nil, newSignatureFailed(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if sig == nil || signer == nil {
|
||||||
|
return nil, newSignatureFailed(errors.New("gopenpgp: no signer or valid signature"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if verificationContext != nil {
|
||||||
|
err := verificationContext.verifyContext(sig)
|
||||||
|
if err != nil {
|
||||||
|
return nil, newSignatureBadContext(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if signer == nil {
|
return sig, nil
|
||||||
return newSignatureFailed()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
func signMessageDetached(
|
||||||
|
signKeyRing *KeyRing,
|
||||||
|
messageReader io.Reader,
|
||||||
|
isBinary bool,
|
||||||
|
context *SigningContext,
|
||||||
|
) (*PGPSignature, error) {
|
||||||
|
config := &packet.Config{
|
||||||
|
DefaultHash: crypto.SHA512,
|
||||||
|
Time: getTimeGenerator(),
|
||||||
|
}
|
||||||
|
|
||||||
|
signEntity, err := signKeyRing.getSigningEntity()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if context != nil {
|
||||||
|
config.SignatureNotations = append(config.SignatureNotations, context.getNotation())
|
||||||
|
}
|
||||||
|
|
||||||
|
var outBuf bytes.Buffer
|
||||||
|
if isBinary {
|
||||||
|
err = openpgp.DetachSign(&outBuf, signEntity, messageReader, config)
|
||||||
|
} else {
|
||||||
|
err = openpgp.DetachSignText(&outBuf, signEntity, messageReader, config)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "gopenpgp: error in signing")
|
||||||
|
}
|
||||||
|
|
||||||
|
return NewPGPSignature(outBuf.Bytes()), nil
|
||||||
}
|
}
|
||||||
|
4
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/signature_collector.go
generated
vendored
4
vendor/github.com/ProtonMail/gopenpgp/v2/crypto/signature_collector.go
generated
vendored
@ -99,7 +99,7 @@ func (sc *SignatureCollector) Accept(
|
|||||||
}
|
}
|
||||||
sc.signature = string(buffer)
|
sc.signature = string(buffer)
|
||||||
str, _ := ioutil.ReadAll(rawBody)
|
str, _ := ioutil.ReadAll(rawBody)
|
||||||
canonicalizedBody := internal.CanonicalizeAndTrim(string(str))
|
canonicalizedBody := internal.Canonicalize(internal.TrimEachLine(string(str)))
|
||||||
rawBody = bytes.NewReader([]byte(canonicalizedBody))
|
rawBody = bytes.NewReader([]byte(canonicalizedBody))
|
||||||
if sc.keyring != nil {
|
if sc.keyring != nil {
|
||||||
_, err = openpgp.CheckArmoredDetachedSignature(sc.keyring, rawBody, bytes.NewReader(buffer), sc.config)
|
_, err = openpgp.CheckArmoredDetachedSignature(sc.keyring, rawBody, bytes.NewReader(buffer), sc.config)
|
||||||
@ -110,7 +110,7 @@ func (sc *SignatureCollector) Accept(
|
|||||||
case errors.Is(err, pgpErrors.ErrUnknownIssuer):
|
case errors.Is(err, pgpErrors.ErrUnknownIssuer):
|
||||||
sc.verified = newSignatureNoVerifier()
|
sc.verified = newSignatureNoVerifier()
|
||||||
default:
|
default:
|
||||||
sc.verified = newSignatureFailed()
|
sc.verified = newSignatureFailed(err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
sc.verified = newSignatureNoVerifier()
|
sc.verified = newSignatureNoVerifier()
|
||||||
|
4
vendor/github.com/ProtonMail/gopenpgp/v2/helper/BUILD.bazel
generated
vendored
4
vendor/github.com/ProtonMail/gopenpgp/v2/helper/BUILD.bazel
generated
vendored
@ -4,8 +4,10 @@ go_library(
|
|||||||
name = "helper",
|
name = "helper",
|
||||||
srcs = [
|
srcs = [
|
||||||
"cleartext.go",
|
"cleartext.go",
|
||||||
|
"decrypt_check.go",
|
||||||
"helper.go",
|
"helper.go",
|
||||||
"key.go",
|
"key.go",
|
||||||
|
"message.go",
|
||||||
"mobile.go",
|
"mobile.go",
|
||||||
"mobile_stream.go",
|
"mobile_stream.go",
|
||||||
"sign_detached.go",
|
"sign_detached.go",
|
||||||
@ -15,6 +17,8 @@ go_library(
|
|||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
deps = [
|
deps = [
|
||||||
"//vendor/github.com/ProtonMail/gopenpgp/v2/crypto",
|
"//vendor/github.com/ProtonMail/gopenpgp/v2/crypto",
|
||||||
|
"//vendor/github.com/ProtonMail/gopenpgp/v2/internal",
|
||||||
"//vendor/github.com/pkg/errors",
|
"//vendor/github.com/pkg/errors",
|
||||||
|
"@com_github_protonmail_go_crypto//openpgp/packet",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
5
vendor/github.com/ProtonMail/gopenpgp/v2/helper/cleartext.go
generated
vendored
5
vendor/github.com/ProtonMail/gopenpgp/v2/helper/cleartext.go
generated
vendored
@ -2,6 +2,7 @@ package helper
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||||
|
"github.com/ProtonMail/gopenpgp/v2/internal"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -48,7 +49,7 @@ func VerifyCleartextMessageArmored(publicKey, armored string, verifyTime int64)
|
|||||||
// SignCleartextMessage signs text given a private keyring, canonicalizes and
|
// SignCleartextMessage signs text given a private keyring, canonicalizes and
|
||||||
// trims the newlines, and returns the PGP-compliant special armoring.
|
// trims the newlines, and returns the PGP-compliant special armoring.
|
||||||
func SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error) {
|
func SignCleartextMessage(keyRing *crypto.KeyRing, text string) (string, error) {
|
||||||
message := crypto.NewPlainMessageFromString(text)
|
message := crypto.NewPlainMessageFromString(internal.TrimEachLine(text))
|
||||||
|
|
||||||
signature, err := keyRing.SignDetached(message)
|
signature, err := keyRing.SignDetached(message)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -67,7 +68,7 @@ func VerifyCleartextMessage(keyRing *crypto.KeyRing, armored string, verifyTime
|
|||||||
return "", errors.Wrap(err, "gopengpp: unable to unarmor cleartext message")
|
return "", errors.Wrap(err, "gopengpp: unable to unarmor cleartext message")
|
||||||
}
|
}
|
||||||
|
|
||||||
message := crypto.NewPlainMessageFromString(clearTextMessage.GetString())
|
message := crypto.NewPlainMessageFromString(internal.TrimEachLine(clearTextMessage.GetString()))
|
||||||
signature := crypto.NewPGPSignature(clearTextMessage.GetBinarySignature())
|
signature := crypto.NewPGPSignature(clearTextMessage.GetBinarySignature())
|
||||||
err = keyRing.VerifyDetached(message, signature, verifyTime)
|
err = keyRing.VerifyDetached(message, signature, verifyTime)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
86
vendor/github.com/ProtonMail/gopenpgp/v2/helper/decrypt_check.go
generated
vendored
Normal file
86
vendor/github.com/ProtonMail/gopenpgp/v2/helper/decrypt_check.go
generated
vendored
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
package helper
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto/aes"
|
||||||
|
"crypto/cipher"
|
||||||
|
"io"
|
||||||
|
|
||||||
|
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
||||||
|
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
const AES_BLOCK_SIZE = 16
|
||||||
|
|
||||||
|
func supported(cipher packet.CipherFunction) bool {
|
||||||
|
switch cipher {
|
||||||
|
case packet.CipherAES128, packet.CipherAES192, packet.CipherAES256:
|
||||||
|
return true
|
||||||
|
case packet.CipherCAST5, packet.Cipher3DES:
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func blockSize(cipher packet.CipherFunction) int {
|
||||||
|
switch cipher {
|
||||||
|
case packet.CipherAES128, packet.CipherAES192, packet.CipherAES256:
|
||||||
|
return AES_BLOCK_SIZE
|
||||||
|
case packet.CipherCAST5, packet.Cipher3DES:
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
func blockCipher(cipher packet.CipherFunction, key []byte) (cipher.Block, error) {
|
||||||
|
switch cipher {
|
||||||
|
case packet.CipherAES128, packet.CipherAES192, packet.CipherAES256:
|
||||||
|
return aes.NewCipher(key)
|
||||||
|
case packet.CipherCAST5, packet.Cipher3DES:
|
||||||
|
return nil, errors.New("gopenpgp: cipher not supported for quick check")
|
||||||
|
}
|
||||||
|
return nil, errors.New("gopenpgp: unknown cipher")
|
||||||
|
}
|
||||||
|
|
||||||
|
// QuickCheckDecryptReader checks with high probability if the provided session key
|
||||||
|
// can decrypt a data packet given its 24 byte long prefix.
|
||||||
|
// The method reads up to but not exactly 24 bytes from the prefixReader.
|
||||||
|
// NOTE: Only works for SEIPDv1 packets with AES.
|
||||||
|
func QuickCheckDecryptReader(sessionKey *crypto.SessionKey, prefixReader crypto.Reader) (bool, error) {
|
||||||
|
algo, err := sessionKey.GetCipherFunc()
|
||||||
|
if err != nil {
|
||||||
|
return false, errors.New("gopenpgp: cipher algorithm not found")
|
||||||
|
}
|
||||||
|
if !supported(algo) {
|
||||||
|
return false, errors.New("gopenpgp: cipher not supported for quick check")
|
||||||
|
}
|
||||||
|
packetParser := packet.NewReader(prefixReader)
|
||||||
|
_, err = packetParser.Next()
|
||||||
|
if err != nil {
|
||||||
|
return false, errors.New("gopenpgp: failed to parse packet prefix")
|
||||||
|
}
|
||||||
|
|
||||||
|
blockSize := blockSize(algo)
|
||||||
|
encryptedData := make([]byte, blockSize+2)
|
||||||
|
_, err = io.ReadFull(prefixReader, encryptedData)
|
||||||
|
if err != nil {
|
||||||
|
return false, errors.New("gopenpgp: prefix is too short to check")
|
||||||
|
}
|
||||||
|
|
||||||
|
blockCipher, err := blockCipher(algo, sessionKey.Key)
|
||||||
|
if err != nil {
|
||||||
|
return false, errors.New("gopenpgp: failed to initialize the cipher")
|
||||||
|
}
|
||||||
|
_ = packet.NewOCFBDecrypter(blockCipher, encryptedData, packet.OCFBNoResync)
|
||||||
|
return encryptedData[blockSize-2] == encryptedData[blockSize] &&
|
||||||
|
encryptedData[blockSize-1] == encryptedData[blockSize+1], nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// QuickCheckDecrypt checks with high probability if the provided session key
|
||||||
|
// can decrypt the encrypted data packet given its 24 byte long prefix.
|
||||||
|
// The method only considers the first 24 bytes of the prefix slice (prefix[:24]).
|
||||||
|
// NOTE: Only works for SEIPDv1 packets with AES.
|
||||||
|
func QuickCheckDecrypt(sessionKey *crypto.SessionKey, prefix []byte) (bool, error) {
|
||||||
|
return QuickCheckDecryptReader(sessionKey, bytes.NewReader(prefix))
|
||||||
|
}
|
22
vendor/github.com/ProtonMail/gopenpgp/v2/helper/message.go
generated
vendored
Normal file
22
vendor/github.com/ProtonMail/gopenpgp/v2/helper/message.go
generated
vendored
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
package helper
|
||||||
|
|
||||||
|
import "github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||||
|
|
||||||
|
// EncryptPGPMessageToAdditionalKey decrypts the session key of the input PGPSplitMessage with a private key in keyRing
|
||||||
|
// and encrypts it towards the additionalKeys by adding the additional key packets to the input PGPSplitMessage.
|
||||||
|
// If successful, new key packets are added to message.
|
||||||
|
// * messageToModify : The encrypted pgp message that should be modified
|
||||||
|
// * keyRing : The private keys to decrypt the session key in the messageToModify.
|
||||||
|
// * additionalKey : The public keys the message should be additionally encrypted to.
|
||||||
|
func EncryptPGPMessageToAdditionalKey(messageToModify *crypto.PGPSplitMessage, keyRing *crypto.KeyRing, additionalKey *crypto.KeyRing) error {
|
||||||
|
sessionKey, err := keyRing.DecryptSessionKey(messageToModify.KeyPacket)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
additionalKeyPacket, err := additionalKey.EncryptSessionKey(sessionKey)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
messageToModify.KeyPacket = append(messageToModify.KeyPacket, additionalKeyPacket...)
|
||||||
|
return nil
|
||||||
|
}
|
29
vendor/github.com/ProtonMail/gopenpgp/v2/helper/mobile.go
generated
vendored
29
vendor/github.com/ProtonMail/gopenpgp/v2/helper/mobile.go
generated
vendored
@ -26,6 +26,20 @@ func DecryptExplicitVerify(
|
|||||||
return newExplicitVerifyMessage(message, err)
|
return newExplicitVerifyMessage(message, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DecryptExplicitVerifyWithContext decrypts a PGP message given a private keyring
|
||||||
|
// and a public keyring to verify the embedded signature. Returns the plain
|
||||||
|
// data and an error on signature verification failure.
|
||||||
|
// The caller can provide a context that will be used to verify the signature.
|
||||||
|
func DecryptExplicitVerifyWithContext(
|
||||||
|
pgpMessage *crypto.PGPMessage,
|
||||||
|
privateKeyRing, publicKeyRing *crypto.KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *crypto.VerificationContext,
|
||||||
|
) (*ExplicitVerifyMessage, error) {
|
||||||
|
message, err := privateKeyRing.DecryptWithContext(pgpMessage, publicKeyRing, verifyTime, verificationContext)
|
||||||
|
return newExplicitVerifyMessage(message, err)
|
||||||
|
}
|
||||||
|
|
||||||
// DecryptSessionKeyExplicitVerify decrypts a PGP data packet given a session key
|
// DecryptSessionKeyExplicitVerify decrypts a PGP data packet given a session key
|
||||||
// and a public keyring to verify the embedded signature. Returns the plain data and
|
// and a public keyring to verify the embedded signature. Returns the plain data and
|
||||||
// an error on signature verification failure.
|
// an error on signature verification failure.
|
||||||
@ -39,6 +53,21 @@ func DecryptSessionKeyExplicitVerify(
|
|||||||
return newExplicitVerifyMessage(message, err)
|
return newExplicitVerifyMessage(message, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DecryptSessionKeyExplicitVerifyWithContext decrypts a PGP data packet given a session key
|
||||||
|
// and a public keyring to verify the embedded signature. Returns the plain data and
|
||||||
|
// an error on signature verification failure.
|
||||||
|
// The caller can provide a context that will be used to verify the signature.
|
||||||
|
func DecryptSessionKeyExplicitVerifyWithContext(
|
||||||
|
dataPacket []byte,
|
||||||
|
sessionKey *crypto.SessionKey,
|
||||||
|
publicKeyRing *crypto.KeyRing,
|
||||||
|
verifyTime int64,
|
||||||
|
verificationContext *crypto.VerificationContext,
|
||||||
|
) (*ExplicitVerifyMessage, error) {
|
||||||
|
message, err := sessionKey.DecryptAndVerifyWithContext(dataPacket, publicKeyRing, verifyTime, verificationContext)
|
||||||
|
return newExplicitVerifyMessage(message, err)
|
||||||
|
}
|
||||||
|
|
||||||
func newExplicitVerifyMessage(message *crypto.PlainMessage, err error) (*ExplicitVerifyMessage, error) {
|
func newExplicitVerifyMessage(message *crypto.PlainMessage, err error) (*ExplicitVerifyMessage, error) {
|
||||||
var explicitVerify *ExplicitVerifyMessage
|
var explicitVerify *ExplicitVerifyMessage
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
8
vendor/github.com/ProtonMail/gopenpgp/v2/internal/common.go
generated
vendored
8
vendor/github.com/ProtonMail/gopenpgp/v2/internal/common.go
generated
vendored
@ -7,14 +7,18 @@ import (
|
|||||||
"github.com/ProtonMail/gopenpgp/v2/constants"
|
"github.com/ProtonMail/gopenpgp/v2/constants"
|
||||||
)
|
)
|
||||||
|
|
||||||
func CanonicalizeAndTrim(text string) string {
|
func Canonicalize(text string) string {
|
||||||
|
return strings.ReplaceAll(strings.ReplaceAll(text, "\r\n", "\n"), "\n", "\r\n")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TrimEachLine(text string) string {
|
||||||
lines := strings.Split(text, "\n")
|
lines := strings.Split(text, "\n")
|
||||||
|
|
||||||
for i := range lines {
|
for i := range lines {
|
||||||
lines[i] = strings.TrimRight(lines[i], " \t\r")
|
lines[i] = strings.TrimRight(lines[i], " \t\r")
|
||||||
}
|
}
|
||||||
|
|
||||||
return strings.Join(lines, "\r\n")
|
return strings.Join(lines, "\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreationTimeOffset stores the amount of seconds that a signature may be
|
// CreationTimeOffset stores the amount of seconds that a signature may be
|
||||||
|
4
vendor/modules.txt
vendored
4
vendor/modules.txt
vendored
@ -76,10 +76,10 @@ github.com/ProtonMail/go-crypto/openpgp/internal/ecc
|
|||||||
github.com/ProtonMail/go-crypto/openpgp/internal/encoding
|
github.com/ProtonMail/go-crypto/openpgp/internal/encoding
|
||||||
github.com/ProtonMail/go-crypto/openpgp/packet
|
github.com/ProtonMail/go-crypto/openpgp/packet
|
||||||
github.com/ProtonMail/go-crypto/openpgp/s2k
|
github.com/ProtonMail/go-crypto/openpgp/s2k
|
||||||
# github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f
|
# github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f
|
||||||
## explicit; go 1.12
|
## explicit; go 1.12
|
||||||
github.com/ProtonMail/go-mime
|
github.com/ProtonMail/go-mime
|
||||||
# github.com/ProtonMail/gopenpgp/v2 v2.4.7
|
# github.com/ProtonMail/gopenpgp/v2 v2.7.5
|
||||||
## explicit; go 1.15
|
## explicit; go 1.15
|
||||||
github.com/ProtonMail/gopenpgp/v2/armor
|
github.com/ProtonMail/gopenpgp/v2/armor
|
||||||
github.com/ProtonMail/gopenpgp/v2/constants
|
github.com/ProtonMail/gopenpgp/v2/constants
|
||||||
|
Loading…
Reference in New Issue
Block a user