You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
105 lines
2.7 KiB
105 lines
2.7 KiB
8 years ago
|
package packet
|
||
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"io"
|
||
|
"math/big"
|
||
|
|
||
|
"github.com/keybase/go-crypto/openpgp/ecdh"
|
||
|
"github.com/keybase/go-crypto/openpgp/errors"
|
||
|
"github.com/keybase/go-crypto/openpgp/s2k"
|
||
|
)
|
||
|
|
||
|
// ECDHKdfParams generates KDF parameters sequence for given
|
||
|
// PublicKey. See https://tools.ietf.org/html/rfc6637#section-8
|
||
|
func ECDHKdfParams(pub *PublicKey) []byte {
|
||
|
buf := new(bytes.Buffer)
|
||
|
oid := pub.ec.oid
|
||
|
buf.WriteByte(byte(len(oid)))
|
||
|
buf.Write(oid)
|
||
|
buf.WriteByte(18) // ECDH TYPE
|
||
|
pub.ecdh.serialize(buf)
|
||
|
buf.WriteString("Anonymous Sender ")
|
||
|
buf.Write(pub.Fingerprint[:])
|
||
|
return buf.Bytes()
|
||
|
}
|
||
|
|
||
|
func decryptKeyECDH(priv *PrivateKey, X, Y *big.Int, C []byte) (out []byte, err error) {
|
||
|
ecdhpriv, ok := priv.PrivateKey.(*ecdh.PrivateKey)
|
||
|
if !ok {
|
||
|
return nil, errors.InvalidArgumentError("bad internal ECDH key")
|
||
|
}
|
||
|
|
||
|
Sx := ecdhpriv.DecryptShared(X, Y)
|
||
|
|
||
|
kdfParams := ECDHKdfParams(&priv.PublicKey)
|
||
|
hash, ok := s2k.HashIdToHash(byte(priv.ecdh.KdfHash))
|
||
|
if !ok {
|
||
|
return nil, errors.InvalidArgumentError("invalid hash id in private key")
|
||
|
}
|
||
|
|
||
|
key := ecdhpriv.KDF(Sx, kdfParams, hash)
|
||
|
keySize := CipherFunction(priv.ecdh.KdfAlgo).KeySize()
|
||
|
|
||
|
decrypted, err := ecdh.AESKeyUnwrap(key[:keySize], C)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
// We have to "read ahead" to discover real length of the
|
||
|
// encryption key and properly unpad buffer.
|
||
|
cipherFunc := CipherFunction(decrypted[0])
|
||
|
// +3 bytes = 1-byte cipher id and checksum 2-byte checksum.
|
||
|
out = ecdh.UnpadBuffer(decrypted, cipherFunc.KeySize()+3)
|
||
|
if out == nil {
|
||
|
return nil, errors.InvalidArgumentError("invalid padding while ECDH")
|
||
|
}
|
||
|
return out, nil
|
||
|
}
|
||
|
|
||
|
func serializeEncryptedKeyECDH(w io.Writer, rand io.Reader, header [10]byte, pub *PublicKey, keyBlock []byte) error {
|
||
|
ecdhpub := pub.PublicKey.(*ecdh.PublicKey)
|
||
|
kdfParams := ECDHKdfParams(pub)
|
||
|
|
||
|
hash, ok := s2k.HashIdToHash(byte(pub.ecdh.KdfHash))
|
||
|
if !ok {
|
||
|
return errors.InvalidArgumentError("invalid hash id in private key")
|
||
|
}
|
||
|
|
||
|
kdfKeySize := CipherFunction(pub.ecdh.KdfAlgo).KeySize()
|
||
|
Vx, Vy, C, err := ecdhpub.Encrypt(rand, kdfParams, keyBlock, hash, kdfKeySize)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
mpis, mpiBitLen := ecdh.Marshal(ecdhpub.Curve, Vx, Vy)
|
||
|
|
||
|
packetLen := len(header) /* header length in bytes */
|
||
|
packetLen += 2 /* mpi length in bits */ + len(mpis)
|
||
|
packetLen += 1 /* ciphertext size in bytes */ + len(C)
|
||
|
|
||
|
err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
_, err = w.Write(header[:])
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
_, err = w.Write([]byte{byte(mpiBitLen >> 8), byte(mpiBitLen)})
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
_, err = w.Write(mpis[:])
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
w.Write([]byte{byte(len(C))})
|
||
|
w.Write(C[:])
|
||
|
return nil
|
||
|
}
|