mirrors
/
gitea
огледало от https://github.com/go-gitea/gitea.git
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Версии 211 Уики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8986 Ревизии
17 Клонове
ИН на ревизия: bfd62b6f01
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'bfd62b6f01'
${ noResults }
gitea/vendor/github.com/keybase/go-crypto/openpgp/packet/public_key_v3.go

public_key_v3.go 8.1KB
Директен файл Blame История

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 
  1. // Copyright 2013 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package packet

  6. 

  7. import (

  8. 	"crypto"

  9. 	"crypto/md5"

  10. 	"encoding/binary"

  11. 	"fmt"

  12. 	"hash"

  13. 	"io"

  14. 	"math/big"

  15. 	"strconv"

  16. 	"time"

  17. 

  18. 	"github.com/keybase/go-crypto/openpgp/errors"

  19. 	"github.com/keybase/go-crypto/rsa"

  20. )

  21. 

  22. // PublicKeyV3 represents older, version 3 public keys. These keys are less secure and

  23. // should not be used for signing or encrypting. They are supported here only for

  24. // parsing version 3 key material and validating signatures.

  25. // See RFC 4880, section 5.5.2.

  26. type PublicKeyV3 struct {

  27. 	CreationTime time.Time

  28. 	DaysToExpire uint16

  29. 	PubKeyAlgo   PublicKeyAlgorithm

  30. 	PublicKey    *rsa.PublicKey

  31. 	Fingerprint  [16]byte

  32. 	KeyId        uint64

  33. 	IsSubkey     bool

  34. 

  35. 	n, e parsedMPI

  36. }

  37. 

  38. // newRSAPublicKeyV3 returns a PublicKey that wraps the given rsa.PublicKey.

  39. // Included here for testing purposes only. RFC 4880, section 5.5.2:

  40. // "an implementation MUST NOT generate a V3 key, but MAY accept it."

  41. func newRSAPublicKeyV3(creationTime time.Time, pub *rsa.PublicKey) *PublicKeyV3 {

  42. 	pk := &PublicKeyV3{

  43. 		CreationTime: creationTime,

  44. 		PublicKey:    pub,

  45. 		n:            FromBig(pub.N),

  46. 		e:            FromBig(big.NewInt(int64(pub.E))),

  47. 	}

  48. 

  49. 	pk.setFingerPrintAndKeyId()

  50. 	return pk

  51. }

  52. 

  53. func (pk *PublicKeyV3) parse(r io.Reader) (err error) {

  54. 	// RFC 4880, section 5.5.2

  55. 	var buf [8]byte

  56. 	if _, err = readFull(r, buf[:]); err != nil {

  57. 		return

  58. 	}

  59. 	if buf[0] < 2 || buf[0] > 3 {

  60. 		return errors.UnsupportedError("public key version")

  61. 	}

  62. 	pk.CreationTime = time.Unix(int64(uint32(buf[1])<<24|uint32(buf[2])<<16|uint32(buf[3])<<8|uint32(buf[4])), 0)

  63. 	pk.DaysToExpire = binary.BigEndian.Uint16(buf[5:7])

  64. 	pk.PubKeyAlgo = PublicKeyAlgorithm(buf[7])

  65. 	switch pk.PubKeyAlgo {

  66. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  67. 		err = pk.parseRSA(r)

  68. 	default:

  69. 		err = errors.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo)))

  70. 	}

  71. 	if err != nil {

  72. 		return

  73. 	}

  74. 

  75. 	pk.setFingerPrintAndKeyId()

  76. 	return

  77. }

  78. 

  79. func (pk *PublicKeyV3) setFingerPrintAndKeyId() {

  80. 	// RFC 4880, section 12.2

  81. 	fingerPrint := md5.New()

  82. 	fingerPrint.Write(pk.n.bytes)

  83. 	fingerPrint.Write(pk.e.bytes)

  84. 	fingerPrint.Sum(pk.Fingerprint[:0])

  85. 	pk.KeyId = binary.BigEndian.Uint64(pk.n.bytes[len(pk.n.bytes)-8:])

  86. }

  87. 

  88. // parseRSA parses RSA public key material from the given Reader. See RFC 4880,

  89. // section 5.5.2.

  90. func (pk *PublicKeyV3) parseRSA(r io.Reader) (err error) {

  91. 	if pk.n.bytes, pk.n.bitLength, err = readMPI(r); err != nil {

  92. 		return

  93. 	}

  94. 	if pk.e.bytes, pk.e.bitLength, err = readMPI(r); err != nil {

  95. 		return

  96. 	}

  97. 

  98. 	// RFC 4880 Section 12.2 requires the low 8 bytes of the

  99. 	// modulus to form the key id.

  100. 	if len(pk.n.bytes) < 8 {

  101. 		return errors.StructuralError("v3 public key modulus is too short")

  102. 	}

  103. 	if len(pk.e.bytes) > 7 {

  104. 		err = errors.UnsupportedError("large public exponent")

  105. 		return

  106. 	}

  107. 	rsa := &rsa.PublicKey{N: new(big.Int).SetBytes(pk.n.bytes)}

  108. 	// Warning: incompatibility with crypto/rsa: keybase fork uses

  109. 	// int64 public exponents instead of int32.

  110. 	for i := 0; i < len(pk.e.bytes); i++ {

  111. 		rsa.E <<= 8

  112. 		rsa.E |= int64(pk.e.bytes[i])

  113. 	}

  114. 	pk.PublicKey = rsa

  115. 	return

  116. }

  117. 

  118. // SerializeSignaturePrefix writes the prefix for this public key to the given Writer.

  119. // The prefix is used when calculating a signature over this public key. See

  120. // RFC 4880, section 5.2.4.

  121. func (pk *PublicKeyV3) SerializeSignaturePrefix(w io.Writer) {

  122. 	var pLength uint16

  123. 	switch pk.PubKeyAlgo {

  124. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  125. 		pLength += 2 + uint16(len(pk.n.bytes))

  126. 		pLength += 2 + uint16(len(pk.e.bytes))

  127. 	default:

  128. 		panic("unknown public key algorithm")

  129. 	}

  130. 	pLength += 6

  131. 	w.Write([]byte{0x99, byte(pLength >> 8), byte(pLength)})

  132. 	return

  133. }

  134. 

  135. func (pk *PublicKeyV3) Serialize(w io.Writer) (err error) {

  136. 	length := 8 // 8 byte header

  137. 

  138. 	switch pk.PubKeyAlgo {

  139. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  140. 		length += 2 + len(pk.n.bytes)

  141. 		length += 2 + len(pk.e.bytes)

  142. 	default:

  143. 		panic("unknown public key algorithm")

  144. 	}

  145. 

  146. 	packetType := packetTypePublicKey

  147. 	if pk.IsSubkey {

  148. 		packetType = packetTypePublicSubkey

  149. 	}

  150. 	if err = serializeHeader(w, packetType, length); err != nil {

  151. 		return

  152. 	}

  153. 	return pk.serializeWithoutHeaders(w)

  154. }

  155. 

  156. // serializeWithoutHeaders marshals the PublicKey to w in the form of an

  157. // OpenPGP public key packet, not including the packet header.

  158. func (pk *PublicKeyV3) serializeWithoutHeaders(w io.Writer) (err error) {

  159. 	var buf [8]byte

  160. 	// Version 3

  161. 	buf[0] = 3

  162. 	// Creation time

  163. 	t := uint32(pk.CreationTime.Unix())

  164. 	buf[1] = byte(t >> 24)

  165. 	buf[2] = byte(t >> 16)

  166. 	buf[3] = byte(t >> 8)

  167. 	buf[4] = byte(t)

  168. 	// Days to expire

  169. 	buf[5] = byte(pk.DaysToExpire >> 8)

  170. 	buf[6] = byte(pk.DaysToExpire)

  171. 	// Public key algorithm

  172. 	buf[7] = byte(pk.PubKeyAlgo)

  173. 

  174. 	if _, err = w.Write(buf[:]); err != nil {

  175. 		return

  176. 	}

  177. 

  178. 	switch pk.PubKeyAlgo {

  179. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  180. 		return writeMPIs(w, pk.n, pk.e)

  181. 	}

  182. 	return errors.InvalidArgumentError("bad public-key algorithm")

  183. }

  184. 

  185. // CanSign returns true iff this public key can generate signatures

  186. func (pk *PublicKeyV3) CanSign() bool {

  187. 	return pk.PubKeyAlgo != PubKeyAlgoRSAEncryptOnly

  188. }

  189. 

  190. // VerifySignatureV3 returns nil iff sig is a valid signature, made by this

  191. // public key, of the data hashed into signed. signed is mutated by this call.

  192. func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error) {

  193. 	if !pk.CanSign() {

  194. 		return errors.InvalidArgumentError("public key cannot generate signatures")

  195. 	}

  196. 

  197. 	suffix := make([]byte, 5)

  198. 	suffix[0] = byte(sig.SigType)

  199. 	binary.BigEndian.PutUint32(suffix[1:], uint32(sig.CreationTime.Unix()))

  200. 	signed.Write(suffix)

  201. 	hashBytes := signed.Sum(nil)

  202. 

  203. 	if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {

  204. 		return errors.SignatureError("hash tag doesn't match")

  205. 	}

  206. 

  207. 	if pk.PubKeyAlgo != sig.PubKeyAlgo {

  208. 		return errors.InvalidArgumentError("public key and signature use different algorithms")

  209. 	}

  210. 

  211. 	switch pk.PubKeyAlgo {

  212. 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:

  213. 		if err = rsa.VerifyPKCS1v15(pk.PublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes); err != nil {

  214. 			return errors.SignatureError("RSA verification failure")

  215. 		}

  216. 		return

  217. 	default:

  218. 		// V3 public keys only support RSA.

  219. 		panic("shouldn't happen")

  220. 	}

  221. 	panic("unreachable")

  222. }

  223. 

  224. // VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this

  225. // public key, that id is the identity of pub.

  226. func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, pub *PublicKeyV3, sig *SignatureV3) (err error) {

  227. 	h, err := userIdSignatureV3Hash(id, pk, sig.Hash)

  228. 	if err != nil {

  229. 		return err

  230. 	}

  231. 	return pk.VerifySignatureV3(h, sig)

  232. }

  233. 

  234. // VerifyKeySignatureV3 returns nil iff sig is a valid signature, made by this

  235. // public key, of signed.

  236. func (pk *PublicKeyV3) VerifyKeySignatureV3(signed *PublicKeyV3, sig *SignatureV3) (err error) {

  237. 	h, err := keySignatureHash(pk, signed, sig.Hash)

  238. 	if err != nil {

  239. 		return err

  240. 	}

  241. 	return pk.VerifySignatureV3(h, sig)

  242. }

  243. 

  244. // userIdSignatureV3Hash returns a Hash of the message that needs to be signed

  245. // to assert that pk is a valid key for id.

  246. func userIdSignatureV3Hash(id string, pk signingKey, hfn crypto.Hash) (h hash.Hash, err error) {

  247. 	if !hfn.Available() {

  248. 		return nil, errors.UnsupportedError("hash function")

  249. 	}

  250. 	h = hfn.New()

  251. 

  252. 	// RFC 4880, section 5.2.4

  253. 	pk.SerializeSignaturePrefix(h)

  254. 	pk.serializeWithoutHeaders(h)

  255. 

  256. 	h.Write([]byte(id))

  257. 

  258. 	return

  259. }

  260. 

  261. // KeyIdString returns the public key's fingerprint in capital hex

  262. // (e.g. "6C7EE1B8621CC013").

  263. func (pk *PublicKeyV3) KeyIdString() string {

  264. 	return fmt.Sprintf("%X", pk.KeyId)

  265. }

  266. 

  267. // KeyIdShortString returns the short form of public key's fingerprint

  268. // in capital hex, as shown by gpg --list-keys (e.g. "621CC013").

  269. func (pk *PublicKeyV3) KeyIdShortString() string {

  270. 	return fmt.Sprintf("%X", pk.KeyId&0xFFFFFFFF)

  271. }

  272. 

  273. // BitLength returns the bit length for the given public key.

  274. func (pk *PublicKeyV3) BitLength() (bitLength uint16, err error) {

  275. 	switch pk.PubKeyAlgo {

  276. 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:

  277. 		bitLength = pk.n.bitLength

  278. 	default:

  279. 		err = errors.InvalidArgumentError("bad public-key algorithm")

  280. 	}

  281. 	return

  282. }