peridot/vendor/github.com/ProtonMail/gopenpgp/v2/crypto/keyring_session.go
2022-07-07 22:13:21 +02:00

99 lines
2.4 KiB
Go

package crypto
import (
"bytes"
"strconv"
"github.com/pkg/errors"
"github.com/ProtonMail/go-crypto/openpgp/packet"
)
// DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.
func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error) {
var p packet.Packet
var ek *packet.EncryptedKey
var err error
var hasPacket = false
var decryptErr error
keyReader := bytes.NewReader(keyPacket)
packets := packet.NewReader(keyReader)
Loop:
for {
if p, err = packets.Next(); err != nil {
break
}
switch p := p.(type) {
case *packet.EncryptedKey:
hasPacket = true
ek = p
for _, key := range keyRing.entities.DecryptionKeys() {
priv := key.PrivateKey
if priv.Encrypted {
continue
}
if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil {
break Loop
}
}
case *packet.SymmetricallyEncrypted,
*packet.AEADEncrypted,
*packet.Compressed,
*packet.LiteralData:
break Loop
default:
continue Loop
}
}
if !hasPacket {
return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")
}
if decryptErr != nil {
return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting")
}
if ek == nil || ek.Key == nil {
return nil, errors.New("gopenpgp: unable to decrypt session key: no valid decryption key")
}
return newSessionKeyFromEncrypted(ek)
}
// EncryptSessionKey encrypts the session key with the unarmored
// publicKey and returns a binary public-key encrypted session key packet.
func (keyRing *KeyRing) EncryptSessionKey(sk *SessionKey) ([]byte, error) {
outbuf := &bytes.Buffer{}
cf, err := sk.GetCipherFunc()
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt session key")
}
pubKeys := make([]*packet.PublicKey, 0, len(keyRing.entities))
for _, e := range keyRing.entities {
encryptionKey, ok := e.EncryptionKey(getNow())
if !ok {
return nil, errors.New("gopenpgp: encryption key is unavailable for key id " + strconv.FormatUint(e.PrimaryKey.KeyId, 16))
}
pubKeys = append(pubKeys, encryptionKey.PublicKey)
}
if len(pubKeys) == 0 {
return nil, errors.New("cannot set key: no public key available")
}
for _, pub := range pubKeys {
if err := packet.SerializeEncryptedKey(outbuf, pub, cf, sk.Key, nil); err != nil {
return nil, errors.Wrap(err, "gopenpgp: cannot set key")
}
}
return outbuf.Bytes(), nil
}