forkjo/vendor/github.com/keybase/go-crypto/openpgp/packet/ecdh.go

105 lines
2.7 KiB
Go
Raw Normal View History

package packet
import (
"bytes"
"io"
"math/big"
"github.com/keybase/go-crypto/openpgp/ecdh"
"github.com/keybase/go-crypto/openpgp/errors"
"github.com/keybase/go-crypto/openpgp/s2k"
)
// ECDHKdfParams generates KDF parameters sequence for given
// PublicKey. See https://tools.ietf.org/html/rfc6637#section-8
func ECDHKdfParams(pub *PublicKey) []byte {
buf := new(bytes.Buffer)
oid := pub.ec.oid
buf.WriteByte(byte(len(oid)))
buf.Write(oid)
buf.WriteByte(18) // ECDH TYPE
pub.ecdh.serialize(buf)
buf.WriteString("Anonymous Sender ")
buf.Write(pub.Fingerprint[:])
return buf.Bytes()
}
func decryptKeyECDH(priv *PrivateKey, X, Y *big.Int, C []byte) (out []byte, err error) {
ecdhpriv, ok := priv.PrivateKey.(*ecdh.PrivateKey)
if !ok {
return nil, errors.InvalidArgumentError("bad internal ECDH key")
}
Sx := ecdhpriv.DecryptShared(X, Y)
kdfParams := ECDHKdfParams(&priv.PublicKey)
hash, ok := s2k.HashIdToHash(byte(priv.ecdh.KdfHash))
if !ok {
return nil, errors.InvalidArgumentError("invalid hash id in private key")
}
key := ecdhpriv.KDF(Sx, kdfParams, hash)
keySize := CipherFunction(priv.ecdh.KdfAlgo).KeySize()
decrypted, err := ecdh.AESKeyUnwrap(key[:keySize], C)
if err != nil {
return nil, err
}
// We have to "read ahead" to discover real length of the
// encryption key and properly unpad buffer.
cipherFunc := CipherFunction(decrypted[0])
// +3 bytes = 1-byte cipher id and checksum 2-byte checksum.
out = ecdh.UnpadBuffer(decrypted, cipherFunc.KeySize()+3)
if out == nil {
return nil, errors.InvalidArgumentError("invalid padding while ECDH")
}
return out, nil
}
func serializeEncryptedKeyECDH(w io.Writer, rand io.Reader, header [10]byte, pub *PublicKey, keyBlock []byte) error {
ecdhpub := pub.PublicKey.(*ecdh.PublicKey)
kdfParams := ECDHKdfParams(pub)
hash, ok := s2k.HashIdToHash(byte(pub.ecdh.KdfHash))
if !ok {
return errors.InvalidArgumentError("invalid hash id in private key")
}
kdfKeySize := CipherFunction(pub.ecdh.KdfAlgo).KeySize()
Vx, Vy, C, err := ecdhpub.Encrypt(rand, kdfParams, keyBlock, hash, kdfKeySize)
if err != nil {
return err
}
mpis, mpiBitLen := ecdh.Marshal(ecdhpub.Curve, Vx, Vy)
packetLen := len(header) /* header length in bytes */
packetLen += 2 /* mpi length in bits */ + len(mpis)
packetLen += 1 /* ciphertext size in bytes */ + len(C)
err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
if err != nil {
return err
}
_, err = w.Write(header[:])
if err != nil {
return err
}
_, err = w.Write([]byte{byte(mpiBitLen >> 8), byte(mpiBitLen)})
if err != nil {
return err
}
_, err = w.Write(mpis[:])
if err != nil {
return err
}
w.Write([]byte{byte(len(C))})
w.Write(C[:])
return nil
}