mirror of https://github.com/perkeep/perkeep.git
vendor: rm code.google.com/p/go.crypto/openpgp
And add golang.org/x/crypto/openpgp instead, at rev ede567c8e044a5913dad1d1af3696d9da953104c As well as golang.org/x/crypto/cast5 , as a dep. Change-Id: I385fb0cd0eef438b43fa1dcd2a36e6a1442fd3b1
This commit is contained in:
parent
10fb1f2bd3
commit
3d048ca304
|
@ -26,7 +26,7 @@ import (
|
|||
. "camlistore.org/pkg/jsonsign"
|
||||
"camlistore.org/pkg/test"
|
||||
. "camlistore.org/pkg/test/asserts"
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
)
|
||||
|
||||
var pubKey1 = `-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
|
|
@ -27,11 +27,11 @@ import (
|
|||
"strings"
|
||||
|
||||
"camlistore.org/pkg/osutil"
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
"code.google.com/p/go.crypto/openpgp/armor"
|
||||
"code.google.com/p/go.crypto/openpgp/packet"
|
||||
|
||||
"go4.org/wkfs"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
)
|
||||
|
||||
const publicKeyMaxSize = 256 * 1024
|
||||
|
|
|
@ -28,10 +28,10 @@ import (
|
|||
|
||||
"camlistore.org/pkg/blob"
|
||||
"camlistore.org/pkg/osutil"
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
"code.google.com/p/go.crypto/openpgp/packet"
|
||||
|
||||
"go4.org/wkfs"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
)
|
||||
|
||||
type EntityFetcher interface {
|
||||
|
|
|
@ -21,7 +21,7 @@ package jsonsign
|
|||
import (
|
||||
"errors"
|
||||
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
)
|
||||
|
||||
func (fe *FileEntityFetcher) decryptEntity(e *openpgp.Entity) error {
|
||||
|
|
|
@ -26,7 +26,7 @@ import (
|
|||
|
||||
"camlistore.org/pkg/misc/gpgagent"
|
||||
"camlistore.org/pkg/misc/pinentry"
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
)
|
||||
|
||||
func (fe *FileEntityFetcher) decryptEntity(e *openpgp.Entity) error {
|
||||
|
|
|
@ -34,9 +34,9 @@ import (
|
|||
"camlistore.org/pkg/osutil"
|
||||
"camlistore.org/pkg/schema"
|
||||
"camlistore.org/pkg/types/camtypes"
|
||||
"go4.org/jsonconfig"
|
||||
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
"go4.org/jsonconfig"
|
||||
"golang.org/x/crypto/openpgp"
|
||||
)
|
||||
|
||||
const kMaxJSONLength = 1024 * 1024
|
||||
|
|
|
@ -28,8 +28,9 @@ import (
|
|||
|
||||
"camlistore.org/pkg/blob"
|
||||
"camlistore.org/pkg/camerrors"
|
||||
"code.google.com/p/go.crypto/openpgp/armor"
|
||||
"code.google.com/p/go.crypto/openpgp/packet"
|
||||
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
)
|
||||
|
||||
const sigSeparator = `,"camliSig":"`
|
||||
|
|
|
@ -27,7 +27,8 @@ import (
|
|||
|
||||
"camlistore.org/pkg/blob"
|
||||
"camlistore.org/pkg/jsonsign"
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
|
||||
"golang.org/x/crypto/openpgp"
|
||||
)
|
||||
|
||||
// A Signer signs the JSON schema blobs that require signing, such as claims
|
||||
|
|
|
@ -1,362 +0,0 @@
|
|||
// Copyright 2012 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package clearsign generates and processes OpenPGP, clear-signed data. See
|
||||
// RFC 4880, section 7.
|
||||
//
|
||||
// Clearsigned messages are cryptographically signed, but the contents of the
|
||||
// message are kept in plaintext so that it can be read without special tools.
|
||||
package clearsign
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"crypto"
|
||||
"hash"
|
||||
"io"
|
||||
"net/textproto"
|
||||
"strconv"
|
||||
|
||||
"code.google.com/p/go.crypto/openpgp/armor"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/packet"
|
||||
)
|
||||
|
||||
// A Block represents a clearsigned message. A signature on a Block can
|
||||
// be checked by passing Bytes into openpgp.CheckDetachedSignature.
|
||||
type Block struct {
|
||||
Headers textproto.MIMEHeader // Optional message headers
|
||||
Plaintext []byte // The original message text
|
||||
Bytes []byte // The signed message
|
||||
ArmoredSignature *armor.Block // The signature block
|
||||
}
|
||||
|
||||
// start is the marker which denotes the beginning of a clearsigned message.
|
||||
var start = []byte("\n-----BEGIN PGP SIGNED MESSAGE-----")
|
||||
|
||||
// dashEscape is prefixed to any lines that begin with a hypen so that they
|
||||
// can't be confused with endText.
|
||||
var dashEscape = []byte("- ")
|
||||
|
||||
// endText is a marker which denotes the end of the message and the start of
|
||||
// an armored signature.
|
||||
var endText = []byte("-----BEGIN PGP SIGNATURE-----")
|
||||
|
||||
// end is a marker which denotes the end of the armored signature.
|
||||
var end = []byte("\n-----END PGP SIGNATURE-----")
|
||||
|
||||
var crlf = []byte("\r\n")
|
||||
var lf = byte('\n')
|
||||
|
||||
// getLine returns the first \r\n or \n delineated line from the given byte
|
||||
// array. The line does not include the \r\n or \n. The remainder of the byte
|
||||
// array (also not including the new line bytes) is also returned and this will
|
||||
// always be smaller than the original argument.
|
||||
func getLine(data []byte) (line, rest []byte) {
|
||||
i := bytes.Index(data, []byte{'\n'})
|
||||
var j int
|
||||
if i < 0 {
|
||||
i = len(data)
|
||||
j = i
|
||||
} else {
|
||||
j = i + 1
|
||||
if i > 0 && data[i-1] == '\r' {
|
||||
i--
|
||||
}
|
||||
}
|
||||
return data[0:i], data[j:]
|
||||
}
|
||||
|
||||
// Decode finds the first clearsigned message in data and returns it, as well
|
||||
// as the suffix of data which remains after the message.
|
||||
func Decode(data []byte) (b *Block, rest []byte) {
|
||||
// start begins with a newline. However, at the very beginning of
|
||||
// the byte array, we'll accept the start string without it.
|
||||
rest = data
|
||||
if bytes.HasPrefix(data, start[1:]) {
|
||||
rest = rest[len(start)-1:]
|
||||
} else if i := bytes.Index(data, start); i >= 0 {
|
||||
rest = rest[i+len(start):]
|
||||
} else {
|
||||
return nil, data
|
||||
}
|
||||
|
||||
// Consume the start line.
|
||||
_, rest = getLine(rest)
|
||||
|
||||
var line []byte
|
||||
b = &Block{
|
||||
Headers: make(textproto.MIMEHeader),
|
||||
}
|
||||
|
||||
// Next come a series of header lines.
|
||||
for {
|
||||
// This loop terminates because getLine's second result is
|
||||
// always smaller than its argument.
|
||||
if len(rest) == 0 {
|
||||
return nil, data
|
||||
}
|
||||
// An empty line marks the end of the headers.
|
||||
if line, rest = getLine(rest); len(line) == 0 {
|
||||
break
|
||||
}
|
||||
|
||||
i := bytes.Index(line, []byte{':'})
|
||||
if i == -1 {
|
||||
return nil, data
|
||||
}
|
||||
|
||||
key, val := line[0:i], line[i+1:]
|
||||
key = bytes.TrimSpace(key)
|
||||
val = bytes.TrimSpace(val)
|
||||
b.Headers.Add(string(key), string(val))
|
||||
}
|
||||
|
||||
for {
|
||||
start := rest
|
||||
|
||||
line, rest = getLine(rest)
|
||||
if bytes.Equal(line, endText) {
|
||||
// Back up to the start of the line because armor expects to see the
|
||||
// header line.
|
||||
rest = start
|
||||
break
|
||||
}
|
||||
|
||||
// The final CRLF isn't included in the hash so we don't write it until
|
||||
// we've seen the next line.
|
||||
if len(b.Bytes) > 0 {
|
||||
b.Bytes = append(b.Bytes, crlf...)
|
||||
}
|
||||
if bytes.HasPrefix(line, dashEscape) {
|
||||
line = line[2:]
|
||||
}
|
||||
line = bytes.TrimRight(line, " \t")
|
||||
b.Bytes = append(b.Bytes, line...)
|
||||
|
||||
b.Plaintext = append(b.Plaintext, line...)
|
||||
b.Plaintext = append(b.Plaintext, lf)
|
||||
}
|
||||
|
||||
// We want to find the extent of the armored data (including any newlines at
|
||||
// the end).
|
||||
i := bytes.Index(rest, end)
|
||||
if i == -1 {
|
||||
return nil, data
|
||||
}
|
||||
i += len(end)
|
||||
for i < len(rest) && (rest[i] == '\r' || rest[i] == '\n') {
|
||||
i++
|
||||
}
|
||||
armored := rest[:i]
|
||||
rest = rest[i:]
|
||||
|
||||
var err error
|
||||
b.ArmoredSignature, err = armor.Decode(bytes.NewBuffer(armored))
|
||||
if err != nil {
|
||||
return nil, data
|
||||
}
|
||||
|
||||
return b, rest
|
||||
}
|
||||
|
||||
// A dashEscaper is an io.WriteCloser which processes the body of a clear-signed
|
||||
// message. The clear-signed message is written to buffered and a hash, suitable
|
||||
// for signing, is maintained in h.
|
||||
//
|
||||
// When closed, an armored signature is created and written to complete the
|
||||
// message.
|
||||
type dashEscaper struct {
|
||||
buffered *bufio.Writer
|
||||
h hash.Hash
|
||||
hashType crypto.Hash
|
||||
|
||||
atBeginningOfLine bool
|
||||
isFirstLine bool
|
||||
|
||||
whitespace []byte
|
||||
byteBuf []byte // a one byte buffer to save allocations
|
||||
|
||||
privateKey *packet.PrivateKey
|
||||
config *packet.Config
|
||||
}
|
||||
|
||||
func (d *dashEscaper) Write(data []byte) (n int, err error) {
|
||||
for _, b := range data {
|
||||
d.byteBuf[0] = b
|
||||
|
||||
if d.atBeginningOfLine {
|
||||
// The final CRLF isn't included in the hash so we have to wait
|
||||
// until this point (the start of the next line) before writing it.
|
||||
if !d.isFirstLine {
|
||||
d.h.Write(crlf)
|
||||
}
|
||||
d.isFirstLine = false
|
||||
|
||||
// At the beginning of a line, hyphens have to be escaped.
|
||||
if b == '-' {
|
||||
// The signature isn't calculated over the dash-escaped text so
|
||||
// the escape is only written to buffered.
|
||||
if _, err = d.buffered.Write(dashEscape); err != nil {
|
||||
return
|
||||
}
|
||||
d.h.Write(d.byteBuf)
|
||||
d.atBeginningOfLine = false
|
||||
} else if b == '\n' {
|
||||
// Nothing to do because we dely writing CRLF to the hash.
|
||||
} else {
|
||||
d.h.Write(d.byteBuf)
|
||||
d.atBeginningOfLine = false
|
||||
}
|
||||
if err = d.buffered.WriteByte(b); err != nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
// Any whitespace at the end of the line has to be removed so we
|
||||
// buffer it until we find out whether there's more on this line.
|
||||
if b == ' ' || b == '\t' || b == '\r' {
|
||||
d.whitespace = append(d.whitespace, b)
|
||||
} else if b == '\n' {
|
||||
// We got a raw \n. Drop any trailing whitespace and write a
|
||||
// CRLF.
|
||||
d.whitespace = d.whitespace[:0]
|
||||
// We dely writing CRLF to the hash until the start of the
|
||||
// next line.
|
||||
if err = d.buffered.WriteByte(b); err != nil {
|
||||
return
|
||||
}
|
||||
d.atBeginningOfLine = true
|
||||
} else {
|
||||
// Any buffered whitespace wasn't at the end of the line so
|
||||
// we need to write it out.
|
||||
if len(d.whitespace) > 0 {
|
||||
d.h.Write(d.whitespace)
|
||||
if _, err = d.buffered.Write(d.whitespace); err != nil {
|
||||
return
|
||||
}
|
||||
d.whitespace = d.whitespace[:0]
|
||||
}
|
||||
d.h.Write(d.byteBuf)
|
||||
if err = d.buffered.WriteByte(b); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
n = len(data)
|
||||
return
|
||||
}
|
||||
|
||||
func (d *dashEscaper) Close() (err error) {
|
||||
if !d.atBeginningOfLine {
|
||||
if err = d.buffered.WriteByte(lf); err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
sig := new(packet.Signature)
|
||||
sig.SigType = packet.SigTypeText
|
||||
sig.PubKeyAlgo = d.privateKey.PubKeyAlgo
|
||||
sig.Hash = d.hashType
|
||||
sig.CreationTime = d.config.Now()
|
||||
sig.IssuerKeyId = &d.privateKey.KeyId
|
||||
|
||||
if err = sig.Sign(d.h, d.privateKey, d.config); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
out, err := armor.Encode(d.buffered, "PGP SIGNATURE", nil)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if err = sig.Serialize(out); err != nil {
|
||||
return
|
||||
}
|
||||
if err = out.Close(); err != nil {
|
||||
return
|
||||
}
|
||||
if err = d.buffered.Flush(); err != nil {
|
||||
return
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Encode returns a WriteCloser which will clear-sign a message with privateKey
|
||||
// and write it to w. If config is nil, sensible defaults are used.
|
||||
func Encode(w io.Writer, privateKey *packet.PrivateKey, config *packet.Config) (plaintext io.WriteCloser, err error) {
|
||||
if privateKey.Encrypted {
|
||||
return nil, errors.InvalidArgumentError("signing key is encrypted")
|
||||
}
|
||||
|
||||
hashType := config.Hash()
|
||||
name := nameOfHash(hashType)
|
||||
if len(name) == 0 {
|
||||
return nil, errors.UnsupportedError("unknown hash type: " + strconv.Itoa(int(hashType)))
|
||||
}
|
||||
|
||||
h := hashType.New()
|
||||
if h == nil {
|
||||
return nil, errors.UnsupportedError("unsupported hash type: " + strconv.Itoa(int(hashType)))
|
||||
}
|
||||
|
||||
buffered := bufio.NewWriter(w)
|
||||
// start has a \n at the beginning that we don't want here.
|
||||
if _, err = buffered.Write(start[1:]); err != nil {
|
||||
return
|
||||
}
|
||||
if err = buffered.WriteByte(lf); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = buffered.WriteString("Hash: "); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = buffered.WriteString(name); err != nil {
|
||||
return
|
||||
}
|
||||
if err = buffered.WriteByte(lf); err != nil {
|
||||
return
|
||||
}
|
||||
if err = buffered.WriteByte(lf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
plaintext = &dashEscaper{
|
||||
buffered: buffered,
|
||||
h: h,
|
||||
hashType: hashType,
|
||||
|
||||
atBeginningOfLine: true,
|
||||
isFirstLine: true,
|
||||
|
||||
byteBuf: make([]byte, 1),
|
||||
|
||||
privateKey: privateKey,
|
||||
config: config,
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// nameOfHash returns the OpenPGP name for the given hash, or the empty string
|
||||
// if the name isn't known. See RFC 4880, section 9.4.
|
||||
func nameOfHash(h crypto.Hash) string {
|
||||
switch h {
|
||||
case crypto.MD5:
|
||||
return "MD5"
|
||||
case crypto.SHA1:
|
||||
return "SHA1"
|
||||
case crypto.RIPEMD160:
|
||||
return "RIPEMD160"
|
||||
case crypto.SHA224:
|
||||
return "SHA224"
|
||||
case crypto.SHA256:
|
||||
return "SHA256"
|
||||
case crypto.SHA384:
|
||||
return "SHA384"
|
||||
case crypto.SHA512:
|
||||
return "SHA512"
|
||||
}
|
||||
return ""
|
||||
}
|
|
@ -1,161 +0,0 @@
|
|||
// Copyright 2012 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package clearsign
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestParse(t *testing.T) {
|
||||
b, rest := Decode(clearsignInput)
|
||||
if b == nil {
|
||||
t.Fatal("failed to decode clearsign message")
|
||||
}
|
||||
if !bytes.Equal(rest, []byte("trailing")) {
|
||||
t.Errorf("unexpected remaining bytes returned: %s", string(rest))
|
||||
}
|
||||
if b.ArmoredSignature.Type != "PGP SIGNATURE" {
|
||||
t.Errorf("bad armor type, got:%s, want:PGP SIGNATURE", b.ArmoredSignature.Type)
|
||||
}
|
||||
expected := []byte("Hello world\r\nline 2")
|
||||
if !bytes.Equal(b.Bytes, expected) {
|
||||
t.Errorf("bad body, got:%x want:%x", b.Bytes, expected)
|
||||
}
|
||||
|
||||
expected = []byte("Hello world\nline 2\n")
|
||||
if !bytes.Equal(b.Plaintext, expected) {
|
||||
t.Errorf("bad plaintext, got:%x want:%x", b.Plaintext, expected)
|
||||
}
|
||||
|
||||
keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
|
||||
if err != nil {
|
||||
t.Errorf("failed to parse public key: %s", err)
|
||||
}
|
||||
|
||||
if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
|
||||
t.Errorf("failed to check signature: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseWithNoNewlineAtEnd(t *testing.T) {
|
||||
input := clearsignInput
|
||||
input = input[:len(input)-len("trailing")-1]
|
||||
b, rest := Decode(input)
|
||||
if b == nil {
|
||||
t.Fatal("failed to decode clearsign message")
|
||||
}
|
||||
if len(rest) > 0 {
|
||||
t.Errorf("unexpected remaining bytes returned: %s", string(rest))
|
||||
}
|
||||
}
|
||||
|
||||
var signingTests = []struct {
|
||||
in, signed, plaintext string
|
||||
}{
|
||||
{"", "", ""},
|
||||
{"a", "a", "a\n"},
|
||||
{"a\n", "a", "a\n"},
|
||||
{"-a\n", "-a", "-a\n"},
|
||||
{"--a\nb", "--a\r\nb", "--a\nb\n"},
|
||||
}
|
||||
|
||||
func TestSigning(t *testing.T) {
|
||||
keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
|
||||
if err != nil {
|
||||
t.Errorf("failed to parse public key: %s", err)
|
||||
}
|
||||
|
||||
for i, test := range signingTests {
|
||||
var buf bytes.Buffer
|
||||
|
||||
plaintext, err := Encode(&buf, keyring[0].PrivateKey, nil)
|
||||
if err != nil {
|
||||
t.Errorf("#%d: error from Encode: %s", i, err)
|
||||
continue
|
||||
}
|
||||
if _, err := plaintext.Write([]byte(test.in)); err != nil {
|
||||
t.Errorf("#%d: error from Write: %s", i, err)
|
||||
continue
|
||||
}
|
||||
if err := plaintext.Close(); err != nil {
|
||||
t.Fatalf("#%d: error from Close: %s", i, err)
|
||||
continue
|
||||
}
|
||||
|
||||
b, _ := Decode(buf.Bytes())
|
||||
if b == nil {
|
||||
t.Errorf("#%d: failed to decode clearsign message", i)
|
||||
continue
|
||||
}
|
||||
if !bytes.Equal(b.Bytes, []byte(test.signed)) {
|
||||
t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Bytes, test.signed)
|
||||
continue
|
||||
}
|
||||
if !bytes.Equal(b.Plaintext, []byte(test.plaintext)) {
|
||||
t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Plaintext, test.plaintext)
|
||||
continue
|
||||
}
|
||||
|
||||
if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
|
||||
t.Errorf("#%d: failed to check signature: %s", i, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var clearsignInput = []byte(`
|
||||
;lasjlkfdsa
|
||||
|
||||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA1
|
||||
|
||||
Hello world
|
||||
line 2
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.10 (GNU/Linux)
|
||||
|
||||
iJwEAQECAAYFAk8kMuEACgkQO9o98PRieSpMsAQAhmY/vwmNpflrPgmfWsYhk5O8
|
||||
pjnBUzZwqTDoDeINjZEoPDSpQAHGhjFjgaDx/Gj4fAl0dM4D0wuUEBb6QOrwflog
|
||||
2A2k9kfSOMOtk0IH/H5VuFN1Mie9L/erYXjTQIptv9t9J7NoRBMU0QOOaFU0JaO9
|
||||
MyTpno24AjIAGb+mH1U=
|
||||
=hIJ6
|
||||
-----END PGP SIGNATURE-----
|
||||
trailing`)
|
||||
|
||||
var signingKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
Version: GnuPG v1.4.10 (GNU/Linux)
|
||||
|
||||
lQHYBE2rFNoBBADFwqWQIW/DSqcB4yCQqnAFTJ27qS5AnB46ccAdw3u4Greeu3Bp
|
||||
idpoHdjULy7zSKlwR1EA873dO/k/e11Ml3dlAFUinWeejWaK2ugFP6JjiieSsrKn
|
||||
vWNicdCS4HTWn0X4sjl0ZiAygw6GNhqEQ3cpLeL0g8E9hnYzJKQ0LWJa0QARAQAB
|
||||
AAP/TB81EIo2VYNmTq0pK1ZXwUpxCrvAAIG3hwKjEzHcbQznsjNvPUihZ+NZQ6+X
|
||||
0HCfPAdPkGDCLCb6NavcSW+iNnLTrdDnSI6+3BbIONqWWdRDYJhqZCkqmG6zqSfL
|
||||
IdkJgCw94taUg5BWP/AAeQrhzjChvpMQTVKQL5mnuZbUCeMCAN5qrYMP2S9iKdnk
|
||||
VANIFj7656ARKt/nf4CBzxcpHTyB8+d2CtPDKCmlJP6vL8t58Jmih+kHJMvC0dzn
|
||||
gr5f5+sCAOOe5gt9e0am7AvQWhdbHVfJU0TQJx+m2OiCJAqGTB1nvtBLHdJnfdC9
|
||||
TnXXQ6ZXibqLyBies/xeY2sCKL5qtTMCAKnX9+9d/5yQxRyrQUHt1NYhaXZnJbHx
|
||||
q4ytu0eWz+5i68IYUSK69jJ1NWPM0T6SkqpB3KCAIv68VFm9PxqG1KmhSrQIVGVz
|
||||
dCBLZXmIuAQTAQIAIgUCTasU2gIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
|
||||
CgkQO9o98PRieSoLhgQAkLEZex02Qt7vGhZzMwuN0R22w3VwyYyjBx+fM3JFETy1
|
||||
ut4xcLJoJfIaF5ZS38UplgakHG0FQ+b49i8dMij0aZmDqGxrew1m4kBfjXw9B/v+
|
||||
eIqpODryb6cOSwyQFH0lQkXC040pjq9YqDsO5w0WYNXYKDnzRV0p4H1pweo2VDid
|
||||
AdgETasU2gEEAN46UPeWRqKHvA99arOxee38fBt2CI08iiWyI8T3J6ivtFGixSqV
|
||||
bRcPxYO/qLpVe5l84Nb3X71GfVXlc9hyv7CD6tcowL59hg1E/DC5ydI8K8iEpUmK
|
||||
/UnHdIY5h8/kqgGxkY/T/hgp5fRQgW1ZoZxLajVlMRZ8W4tFtT0DeA+JABEBAAEA
|
||||
A/0bE1jaaZKj6ndqcw86jd+QtD1SF+Cf21CWRNeLKnUds4FRRvclzTyUMuWPkUeX
|
||||
TaNNsUOFqBsf6QQ2oHUBBK4VCHffHCW4ZEX2cd6umz7mpHW6XzN4DECEzOVksXtc
|
||||
lUC1j4UB91DC/RNQqwX1IV2QLSwssVotPMPqhOi0ZLNY7wIA3n7DWKInxYZZ4K+6
|
||||
rQ+POsz6brEoRHwr8x6XlHenq1Oki855pSa1yXIARoTrSJkBtn5oI+f8AzrnN0BN
|
||||
oyeQAwIA/7E++3HDi5aweWrViiul9cd3rcsS0dEnksPhvS0ozCJiHsq/6GFmy7J8
|
||||
QSHZPteedBnZyNp5jR+H7cIfVN3KgwH/Skq4PsuPhDq5TKK6i8Pc1WW8MA6DXTdU
|
||||
nLkX7RGmMwjC0DBf7KWAlPjFaONAX3a8ndnz//fy1q7u2l9AZwrj1qa1iJ8EGAEC
|
||||
AAkFAk2rFNoCGwwACgkQO9o98PRieSo2/QP/WTzr4ioINVsvN1akKuekmEMI3LAp
|
||||
BfHwatufxxP1U+3Si/6YIk7kuPB9Hs+pRqCXzbvPRrI8NHZBmc8qIGthishdCYad
|
||||
AHcVnXjtxrULkQFGbGvhKURLvS9WnzD/m1K2zzwxzkPTzT9/Yf06O6Mal5AdugPL
|
||||
VrM0m72/jnpKo04=
|
||||
=zNCn
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
||||
`
|
|
@ -1,41 +0,0 @@
|
|||
package openpgp
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestKeyExpiry(t *testing.T) {
|
||||
kring, _ := ReadKeyRing(readerFromHex(expiringKeyHex))
|
||||
entity := kring[0]
|
||||
|
||||
const timeFormat = "2006-01-02"
|
||||
time1, _ := time.Parse(timeFormat, "2013-07-01")
|
||||
// The expiringKeyHex key is structured as:
|
||||
//
|
||||
// pub 1024R/5E237D8C created: 2013-07-01 expires: 2013-07-31 usage: SC
|
||||
// sub 1024R/1ABB25A0 created: 2013-07-01 expires: 2013-07-08 usage: E
|
||||
// sub 1024R/96A672F5 created: 2013-07-01 expires: 2013-07-31 usage: E
|
||||
//
|
||||
// So this should select the first, non-expired encryption key.
|
||||
key, _ := entity.encryptionKey(time1)
|
||||
if id := key.PublicKey.KeyIdShortString(); id != "1ABB25A0" {
|
||||
t.Errorf("Expected key 1ABB25A0 at time %s, but got key %s", time1.Format(timeFormat), id)
|
||||
}
|
||||
|
||||
// Once the first encryption subkey has expired, the second should be
|
||||
// selected.
|
||||
time2, _ := time.Parse(timeFormat, "2013-07-09")
|
||||
key, _ = entity.encryptionKey(time2)
|
||||
if id := key.PublicKey.KeyIdShortString(); id != "96A672F5" {
|
||||
t.Errorf("Expected key 96A672F5 at time %s, but got key %s", time2.Format(timeFormat), id)
|
||||
}
|
||||
|
||||
// Once all the keys have expired, nothing should be returned.
|
||||
time3, _ := time.Parse(timeFormat, "2013-08-01")
|
||||
if key, ok := entity.encryptionKey(time3); ok {
|
||||
t.Errorf("Expected no key at time %s, but got key %s", time3.Format(timeFormat), key.PublicKey.KeyIdShortString())
|
||||
}
|
||||
}
|
||||
|
||||
const expiringKeyHex = "988d0451d1ec5d010400ba3385721f2dc3f4ab096b2ee867ab77213f0a27a8538441c35d2fa225b08798a1439a66a5150e6bdc3f40f5d28d588c712394c632b6299f77db8c0d48d37903fb72ebd794d61be6aa774688839e5fdecfe06b2684cc115d240c98c66cb1ef22ae84e3aa0c2b0c28665c1e7d4d044e7f270706193f5223c8d44e0d70b7b8da830011010001b40f4578706972792074657374206b657988be041301020028050251d1ec5d021b03050900278d00060b090807030206150802090a0b0416020301021e01021780000a091072589ad75e237d8c033503fd10506d72837834eb7f994117740723adc39227104b0d326a1161871c0b415d25b4aedef946ca77ea4c05af9c22b32cf98be86ab890111fced1ee3f75e87b7cc3c00dc63bbc85dfab91c0dc2ad9de2c4d13a34659333a85c6acc1a669c5e1d6cecb0cf1e56c10e72d855ae177ddc9e766f9b2dda57ccbb75f57156438bbdb4e42b88d0451d1ec5d0104009c64906559866c5cb61578f5846a94fcee142a489c9b41e67b12bb54cfe86eb9bc8566460f9a720cb00d6526fbccfd4f552071a8e3f7744b1882d01036d811ee5a3fb91a1c568055758f43ba5d2c6a9676b012f3a1a89e47bbf624f1ad571b208f3cc6224eb378f1645dd3d47584463f9eadeacfd1ce6f813064fbfdcc4b5a53001101000188a504180102000f021b0c050251d1f06b050900093e89000a091072589ad75e237d8c20e00400ab8310a41461425b37889c4da28129b5fae6084fafbc0a47dd1adc74a264c6e9c9cc125f40462ee1433072a58384daef88c961c390ed06426a81b464a53194c4e291ddd7e2e2ba3efced01537d713bd111f48437bde2363446200995e8e0d4e528dda377fd1e8f8ede9c8e2198b393bd86852ce7457a7e3daf74d510461a5b77b88d0451d1ece8010400b3a519f83ab0010307e83bca895170acce8964a044190a2b368892f7a244758d9fc193482648acb1fb9780d28cc22d171931f38bb40279389fc9bf2110876d4f3db4fcfb13f22f7083877fe56592b3b65251312c36f83ffcb6d313c6a17f197dd471f0712aad15a8537b435a92471ba2e5b0c72a6c72536c3b567c558d7b6051001101000188a504180102000f021b0c050251d1f07b050900279091000a091072589ad75e237d8ce69e03fe286026afacf7c97ee20673864d4459a2240b5655219950643c7dba0ac384b1d4359c67805b21d98211f7b09c2a0ccf6410c8c04d4ff4a51293725d8d6570d9d8bb0e10c07d22357caeb49626df99c180be02d77d1fe8ed25e7a54481237646083a9f89a11566cd20b9e995b1487c5f9e02aeb434f3a1897cd416dd0a87861838da3e9e"
|
|
@ -1,58 +0,0 @@
|
|||
// Copyright 2011 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package packet
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
var privateKeyTests = []struct {
|
||||
privateKeyHex string
|
||||
creationTime time.Time
|
||||
}{
|
||||
{
|
||||
privKeyRSAHex,
|
||||
time.Unix(0x4cc349a8, 0),
|
||||
},
|
||||
{
|
||||
privKeyElGamalHex,
|
||||
time.Unix(0x4df9ee1a, 0),
|
||||
},
|
||||
}
|
||||
|
||||
func TestPrivateKeyRead(t *testing.T) {
|
||||
for i, test := range privateKeyTests {
|
||||
packet, err := Read(readerFromHex(test.privateKeyHex))
|
||||
if err != nil {
|
||||
t.Errorf("#%d: failed to parse: %s", i, err)
|
||||
continue
|
||||
}
|
||||
|
||||
privKey := packet.(*PrivateKey)
|
||||
|
||||
if !privKey.Encrypted {
|
||||
t.Errorf("#%d: private key isn't encrypted", i)
|
||||
continue
|
||||
}
|
||||
|
||||
err = privKey.Decrypt([]byte("testing"))
|
||||
if err != nil {
|
||||
t.Errorf("#%d: failed to decrypt: %s", i, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if !privKey.CreationTime.Equal(test.creationTime) || privKey.Encrypted {
|
||||
t.Errorf("#%d: bad result, got: %#v", i, privKey)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Generated with `gpg --export-secret-keys "Test Key 2"`
|
||||
const privKeyRSAHex = "9501fe044cc349a8010400b70ca0010e98c090008d45d1ee8f9113bd5861fd57b88bacb7c68658747663f1e1a3b5a98f32fda6472373c024b97359cd2efc88ff60f77751adfbf6af5e615e6a1408cfad8bf0cea30b0d5f53aa27ad59089ba9b15b7ebc2777a25d7b436144027e3bcd203909f147d0e332b240cf63d3395f5dfe0df0a6c04e8655af7eacdf0011010001fe0303024a252e7d475fd445607de39a265472aa74a9320ba2dac395faa687e9e0336aeb7e9a7397e511b5afd9dc84557c80ac0f3d4d7bfec5ae16f20d41c8c84a04552a33870b930420e230e179564f6d19bb153145e76c33ae993886c388832b0fa042ddda7f133924f3854481533e0ede31d51278c0519b29abc3bf53da673e13e3e1214b52413d179d7f66deee35cac8eacb060f78379d70ef4af8607e68131ff529439668fc39c9ce6dfef8a5ac234d234802cbfb749a26107db26406213ae5c06d4673253a3cbee1fcbae58d6ab77e38d6e2c0e7c6317c48e054edadb5a40d0d48acb44643d998139a8a66bb820be1f3f80185bc777d14b5954b60effe2448a036d565c6bc0b915fcea518acdd20ab07bc1529f561c58cd044f723109b93f6fd99f876ff891d64306b5d08f48bab59f38695e9109c4dec34013ba3153488ce070268381ba923ee1eb77125b36afcb4347ec3478c8f2735b06ef17351d872e577fa95d0c397c88c71b59629a36aec"
|
||||
|
||||
// Generated by `gpg --export-secret-keys` followed by a manual extraction of
|
||||
// the ElGamal subkey from the packets.
|
||||
const privKeyElGamalHex = "9d0157044df9ee1a100400eb8e136a58ec39b582629cdadf830bc64e0a94ed8103ca8bb247b27b11b46d1d25297ef4bcc3071785ba0c0bedfe89eabc5287fcc0edf81ab5896c1c8e4b20d27d79813c7aede75320b33eaeeaa586edc00fd1036c10133e6ba0ff277245d0d59d04b2b3421b7244aca5f4a8d870c6f1c1fbff9e1c26699a860b9504f35ca1d700030503fd1ededd3b840795be6d9ccbe3c51ee42e2f39233c432b831ddd9c4e72b7025a819317e47bf94f9ee316d7273b05d5fcf2999c3a681f519b1234bbfa6d359b4752bd9c3f77d6b6456cde152464763414ca130f4e91d91041432f90620fec0e6d6b5116076c2985d5aeaae13be492b9b329efcaf7ee25120159a0a30cd976b42d7afe030302dae7eb80db744d4960c4df930d57e87fe81412eaace9f900e6c839817a614ddb75ba6603b9417c33ea7b6c93967dfa2bcff3fa3c74a5ce2c962db65b03aece14c96cbd0038fc"
|
|
@ -0,0 +1,526 @@
|
|||
// Copyright 2010 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package cast5 implements CAST5, as defined in RFC 2144. CAST5 is a common
|
||||
// OpenPGP cipher.
|
||||
package cast5 // import "golang.org/x/crypto/cast5"
|
||||
|
||||
import "errors"
|
||||
|
||||
const BlockSize = 8
|
||||
const KeySize = 16
|
||||
|
||||
type Cipher struct {
|
||||
masking [16]uint32
|
||||
rotate [16]uint8
|
||||
}
|
||||
|
||||
func NewCipher(key []byte) (c *Cipher, err error) {
|
||||
if len(key) != KeySize {
|
||||
return nil, errors.New("CAST5: keys must be 16 bytes")
|
||||
}
|
||||
|
||||
c = new(Cipher)
|
||||
c.keySchedule(key)
|
||||
return
|
||||
}
|
||||
|
||||
func (c *Cipher) BlockSize() int {
|
||||
return BlockSize
|
||||
}
|
||||
|
||||
func (c *Cipher) Encrypt(dst, src []byte) {
|
||||
l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
|
||||
r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
|
||||
|
||||
l, r = r, l^f1(r, c.masking[0], c.rotate[0])
|
||||
l, r = r, l^f2(r, c.masking[1], c.rotate[1])
|
||||
l, r = r, l^f3(r, c.masking[2], c.rotate[2])
|
||||
l, r = r, l^f1(r, c.masking[3], c.rotate[3])
|
||||
|
||||
l, r = r, l^f2(r, c.masking[4], c.rotate[4])
|
||||
l, r = r, l^f3(r, c.masking[5], c.rotate[5])
|
||||
l, r = r, l^f1(r, c.masking[6], c.rotate[6])
|
||||
l, r = r, l^f2(r, c.masking[7], c.rotate[7])
|
||||
|
||||
l, r = r, l^f3(r, c.masking[8], c.rotate[8])
|
||||
l, r = r, l^f1(r, c.masking[9], c.rotate[9])
|
||||
l, r = r, l^f2(r, c.masking[10], c.rotate[10])
|
||||
l, r = r, l^f3(r, c.masking[11], c.rotate[11])
|
||||
|
||||
l, r = r, l^f1(r, c.masking[12], c.rotate[12])
|
||||
l, r = r, l^f2(r, c.masking[13], c.rotate[13])
|
||||
l, r = r, l^f3(r, c.masking[14], c.rotate[14])
|
||||
l, r = r, l^f1(r, c.masking[15], c.rotate[15])
|
||||
|
||||
dst[0] = uint8(r >> 24)
|
||||
dst[1] = uint8(r >> 16)
|
||||
dst[2] = uint8(r >> 8)
|
||||
dst[3] = uint8(r)
|
||||
dst[4] = uint8(l >> 24)
|
||||
dst[5] = uint8(l >> 16)
|
||||
dst[6] = uint8(l >> 8)
|
||||
dst[7] = uint8(l)
|
||||
}
|
||||
|
||||
func (c *Cipher) Decrypt(dst, src []byte) {
|
||||
l := uint32(src[0])<<24 | uint32(src[1])<<16 | uint32(src[2])<<8 | uint32(src[3])
|
||||
r := uint32(src[4])<<24 | uint32(src[5])<<16 | uint32(src[6])<<8 | uint32(src[7])
|
||||
|
||||
l, r = r, l^f1(r, c.masking[15], c.rotate[15])
|
||||
l, r = r, l^f3(r, c.masking[14], c.rotate[14])
|
||||
l, r = r, l^f2(r, c.masking[13], c.rotate[13])
|
||||
l, r = r, l^f1(r, c.masking[12], c.rotate[12])
|
||||
|
||||
l, r = r, l^f3(r, c.masking[11], c.rotate[11])
|
||||
l, r = r, l^f2(r, c.masking[10], c.rotate[10])
|
||||
l, r = r, l^f1(r, c.masking[9], c.rotate[9])
|
||||
l, r = r, l^f3(r, c.masking[8], c.rotate[8])
|
||||
|
||||
l, r = r, l^f2(r, c.masking[7], c.rotate[7])
|
||||
l, r = r, l^f1(r, c.masking[6], c.rotate[6])
|
||||
l, r = r, l^f3(r, c.masking[5], c.rotate[5])
|
||||
l, r = r, l^f2(r, c.masking[4], c.rotate[4])
|
||||
|
||||
l, r = r, l^f1(r, c.masking[3], c.rotate[3])
|
||||
l, r = r, l^f3(r, c.masking[2], c.rotate[2])
|
||||
l, r = r, l^f2(r, c.masking[1], c.rotate[1])
|
||||
l, r = r, l^f1(r, c.masking[0], c.rotate[0])
|
||||
|
||||
dst[0] = uint8(r >> 24)
|
||||
dst[1] = uint8(r >> 16)
|
||||
dst[2] = uint8(r >> 8)
|
||||
dst[3] = uint8(r)
|
||||
dst[4] = uint8(l >> 24)
|
||||
dst[5] = uint8(l >> 16)
|
||||
dst[6] = uint8(l >> 8)
|
||||
dst[7] = uint8(l)
|
||||
}
|
||||
|
||||
type keyScheduleA [4][7]uint8
|
||||
type keyScheduleB [4][5]uint8
|
||||
|
||||
// keyScheduleRound contains the magic values for a round of the key schedule.
|
||||
// The keyScheduleA deals with the lines like:
|
||||
// z0z1z2z3 = x0x1x2x3 ^ S5[xD] ^ S6[xF] ^ S7[xC] ^ S8[xE] ^ S7[x8]
|
||||
// Conceptually, both x and z are in the same array, x first. The first
|
||||
// element describes which word of this array gets written to and the
|
||||
// second, which word gets read. So, for the line above, it's "4, 0", because
|
||||
// it's writing to the first word of z, which, being after x, is word 4, and
|
||||
// reading from the first word of x: word 0.
|
||||
//
|
||||
// Next are the indexes into the S-boxes. Now the array is treated as bytes. So
|
||||
// "xD" is 0xd. The first byte of z is written as "16 + 0", just to be clear
|
||||
// that it's z that we're indexing.
|
||||
//
|
||||
// keyScheduleB deals with lines like:
|
||||
// K1 = S5[z8] ^ S6[z9] ^ S7[z7] ^ S8[z6] ^ S5[z2]
|
||||
// "K1" is ignored because key words are always written in order. So the five
|
||||
// elements are the S-box indexes. They use the same form as in keyScheduleA,
|
||||
// above.
|
||||
|
||||
type keyScheduleRound struct{}
|
||||
type keySchedule []keyScheduleRound
|
||||
|
||||
var schedule = []struct {
|
||||
a keyScheduleA
|
||||
b keyScheduleB
|
||||
}{
|
||||
{
|
||||
keyScheduleA{
|
||||
{4, 0, 0xd, 0xf, 0xc, 0xe, 0x8},
|
||||
{5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
|
||||
{6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
|
||||
{7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
|
||||
},
|
||||
keyScheduleB{
|
||||
{16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2},
|
||||
{16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6},
|
||||
{16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9},
|
||||
{16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc},
|
||||
},
|
||||
},
|
||||
{
|
||||
keyScheduleA{
|
||||
{0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
|
||||
{1, 4, 0, 2, 1, 3, 16 + 2},
|
||||
{2, 5, 7, 6, 5, 4, 16 + 1},
|
||||
{3, 7, 0xa, 9, 0xb, 8, 16 + 3},
|
||||
},
|
||||
keyScheduleB{
|
||||
{3, 2, 0xc, 0xd, 8},
|
||||
{1, 0, 0xe, 0xf, 0xd},
|
||||
{7, 6, 8, 9, 3},
|
||||
{5, 4, 0xa, 0xb, 7},
|
||||
},
|
||||
},
|
||||
{
|
||||
keyScheduleA{
|
||||
{4, 0, 0xd, 0xf, 0xc, 0xe, 8},
|
||||
{5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa},
|
||||
{6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9},
|
||||
{7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb},
|
||||
},
|
||||
keyScheduleB{
|
||||
{16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9},
|
||||
{16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc},
|
||||
{16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2},
|
||||
{16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6},
|
||||
},
|
||||
},
|
||||
{
|
||||
keyScheduleA{
|
||||
{0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0},
|
||||
{1, 4, 0, 2, 1, 3, 16 + 2},
|
||||
{2, 5, 7, 6, 5, 4, 16 + 1},
|
||||
{3, 7, 0xa, 9, 0xb, 8, 16 + 3},
|
||||
},
|
||||
keyScheduleB{
|
||||
{8, 9, 7, 6, 3},
|
||||
{0xa, 0xb, 5, 4, 7},
|
||||
{0xc, 0xd, 3, 2, 8},
|
||||
{0xe, 0xf, 1, 0, 0xd},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
func (c *Cipher) keySchedule(in []byte) {
|
||||
var t [8]uint32
|
||||
var k [32]uint32
|
||||
|
||||
for i := 0; i < 4; i++ {
|
||||
j := i * 4
|
||||
t[i] = uint32(in[j])<<24 | uint32(in[j+1])<<16 | uint32(in[j+2])<<8 | uint32(in[j+3])
|
||||
}
|
||||
|
||||
x := []byte{6, 7, 4, 5}
|
||||
ki := 0
|
||||
|
||||
for half := 0; half < 2; half++ {
|
||||
for _, round := range schedule {
|
||||
for j := 0; j < 4; j++ {
|
||||
var a [7]uint8
|
||||
copy(a[:], round.a[j][:])
|
||||
w := t[a[1]]
|
||||
w ^= sBox[4][(t[a[2]>>2]>>(24-8*(a[2]&3)))&0xff]
|
||||
w ^= sBox[5][(t[a[3]>>2]>>(24-8*(a[3]&3)))&0xff]
|
||||
w ^= sBox[6][(t[a[4]>>2]>>(24-8*(a[4]&3)))&0xff]
|
||||
w ^= sBox[7][(t[a[5]>>2]>>(24-8*(a[5]&3)))&0xff]
|
||||
w ^= sBox[x[j]][(t[a[6]>>2]>>(24-8*(a[6]&3)))&0xff]
|
||||
t[a[0]] = w
|
||||
}
|
||||
|
||||
for j := 0; j < 4; j++ {
|
||||
var b [5]uint8
|
||||
copy(b[:], round.b[j][:])
|
||||
w := sBox[4][(t[b[0]>>2]>>(24-8*(b[0]&3)))&0xff]
|
||||
w ^= sBox[5][(t[b[1]>>2]>>(24-8*(b[1]&3)))&0xff]
|
||||
w ^= sBox[6][(t[b[2]>>2]>>(24-8*(b[2]&3)))&0xff]
|
||||
w ^= sBox[7][(t[b[3]>>2]>>(24-8*(b[3]&3)))&0xff]
|
||||
w ^= sBox[4+j][(t[b[4]>>2]>>(24-8*(b[4]&3)))&0xff]
|
||||
k[ki] = w
|
||||
ki++
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for i := 0; i < 16; i++ {
|
||||
c.masking[i] = k[i]
|
||||
c.rotate[i] = uint8(k[16+i] & 0x1f)
|
||||
}
|
||||
}
|
||||
|
||||
// These are the three 'f' functions. See RFC 2144, section 2.2.
|
||||
func f1(d, m uint32, r uint8) uint32 {
|
||||
t := m + d
|
||||
I := (t << r) | (t >> (32 - r))
|
||||
return ((sBox[0][I>>24] ^ sBox[1][(I>>16)&0xff]) - sBox[2][(I>>8)&0xff]) + sBox[3][I&0xff]
|
||||
}
|
||||
|
||||
func f2(d, m uint32, r uint8) uint32 {
|
||||
t := m ^ d
|
||||
I := (t << r) | (t >> (32 - r))
|
||||
return ((sBox[0][I>>24] - sBox[1][(I>>16)&0xff]) + sBox[2][(I>>8)&0xff]) ^ sBox[3][I&0xff]
|
||||
}
|
||||
|
||||
func f3(d, m uint32, r uint8) uint32 {
|
||||
t := m - d
|
||||
I := (t << r) | (t >> (32 - r))
|
||||
return ((sBox[0][I>>24] + sBox[1][(I>>16)&0xff]) ^ sBox[2][(I>>8)&0xff]) - sBox[3][I&0xff]
|
||||
}
|
||||
|
||||
var sBox = [8][256]uint32{
|
||||
{
|
||||
0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
|
||||
0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
|
||||
0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
|
||||
0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
|
||||
0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
|
||||
0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
|
||||
0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
|
||||
0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
|
||||
0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
|
||||
0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
|
||||
0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
|
||||
0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
|
||||
0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
|
||||
0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
|
||||
0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
|
||||
0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
|
||||
0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
|
||||
0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
|
||||
0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
|
||||
0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
|
||||
0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
|
||||
0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
|
||||
0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
|
||||
0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
|
||||
0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
|
||||
0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
|
||||
0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
|
||||
0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
|
||||
0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
|
||||
0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
|
||||
0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
|
||||
0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
|
||||
},
|
||||
{
|
||||
0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
|
||||
0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
|
||||
0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
|
||||
0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
|
||||
0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
|
||||
0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
|
||||
0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
|
||||
0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
|
||||
0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
|
||||
0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
|
||||
0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
|
||||
0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
|
||||
0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
|
||||
0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
|
||||
0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
|
||||
0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
|
||||
0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
|
||||
0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
|
||||
0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
|
||||
0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
|
||||
0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
|
||||
0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
|
||||
0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
|
||||
0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
|
||||
0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
|
||||
0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
|
||||
0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
|
||||
0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
|
||||
0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
|
||||
0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
|
||||
0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
|
||||
0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
|
||||
},
|
||||
{
|
||||
0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
|
||||
0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
|
||||
0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
|
||||
0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
|
||||
0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
|
||||
0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
|
||||
0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
|
||||
0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
|
||||
0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
|
||||
0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
|
||||
0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
|
||||
0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
|
||||
0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
|
||||
0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
|
||||
0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
|
||||
0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
|
||||
0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
|
||||
0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
|
||||
0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
|
||||
0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
|
||||
0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
|
||||
0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
|
||||
0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
|
||||
0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
|
||||
0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
|
||||
0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
|
||||
0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
|
||||
0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
|
||||
0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
|
||||
0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
|
||||
0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
|
||||
0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
|
||||
},
|
||||
{
|
||||
0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
|
||||
0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
|
||||
0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
|
||||
0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
|
||||
0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
|
||||
0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
|
||||
0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
|
||||
0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
|
||||
0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
|
||||
0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
|
||||
0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
|
||||
0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
|
||||
0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
|
||||
0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
|
||||
0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
|
||||
0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
|
||||
0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
|
||||
0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
|
||||
0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
|
||||
0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
|
||||
0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
|
||||
0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
|
||||
0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
|
||||
0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
|
||||
0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
|
||||
0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
|
||||
0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
|
||||
0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
|
||||
0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
|
||||
0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
|
||||
0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
|
||||
0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
|
||||
},
|
||||
{
|
||||
0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
|
||||
0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
|
||||
0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
|
||||
0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
|
||||
0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
|
||||
0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
|
||||
0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
|
||||
0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
|
||||
0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
|
||||
0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
|
||||
0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
|
||||
0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
|
||||
0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
|
||||
0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
|
||||
0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
|
||||
0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
|
||||
0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
|
||||
0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
|
||||
0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
|
||||
0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
|
||||
0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
|
||||
0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
|
||||
0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
|
||||
0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
|
||||
0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
|
||||
0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
|
||||
0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
|
||||
0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
|
||||
0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
|
||||
0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
|
||||
0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
|
||||
0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
|
||||
},
|
||||
{
|
||||
0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
|
||||
0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
|
||||
0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
|
||||
0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
|
||||
0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
|
||||
0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
|
||||
0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
|
||||
0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
|
||||
0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
|
||||
0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
|
||||
0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
|
||||
0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
|
||||
0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
|
||||
0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
|
||||
0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
|
||||
0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
|
||||
0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
|
||||
0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
|
||||
0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
|
||||
0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
|
||||
0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
|
||||
0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
|
||||
0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
|
||||
0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
|
||||
0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
|
||||
0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
|
||||
0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
|
||||
0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
|
||||
0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
|
||||
0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
|
||||
0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
|
||||
0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
|
||||
},
|
||||
{
|
||||
0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
|
||||
0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
|
||||
0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
|
||||
0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
|
||||
0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
|
||||
0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
|
||||
0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
|
||||
0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
|
||||
0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
|
||||
0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
|
||||
0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
|
||||
0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
|
||||
0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
|
||||
0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
|
||||
0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
|
||||
0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
|
||||
0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
|
||||
0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
|
||||
0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
|
||||
0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
|
||||
0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
|
||||
0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
|
||||
0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
|
||||
0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
|
||||
0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
|
||||
0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
|
||||
0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
|
||||
0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
|
||||
0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
|
||||
0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
|
||||
0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
|
||||
0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
|
||||
},
|
||||
{
|
||||
0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
|
||||
0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
|
||||
0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
|
||||
0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
|
||||
0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
|
||||
0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
|
||||
0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
|
||||
0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
|
||||
0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
|
||||
0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
|
||||
0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
|
||||
0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
|
||||
0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
|
||||
0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
|
||||
0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
|
||||
0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
|
||||
0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
|
||||
0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
|
||||
0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
|
||||
0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
|
||||
0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
|
||||
0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
|
||||
0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
|
||||
0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
|
||||
0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
|
||||
0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
|
||||
0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
|
||||
0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
|
||||
0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
|
||||
0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
|
||||
0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
|
||||
0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
|
||||
},
|
||||
}
|
|
@ -0,0 +1,106 @@
|
|||
// Copyright 2010 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package cast5
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/hex"
|
||||
"testing"
|
||||
)
|
||||
|
||||
// This test vector is taken from RFC 2144, App B.1.
|
||||
// Since the other two test vectors are for reduced-round variants, we can't
|
||||
// use them.
|
||||
var basicTests = []struct {
|
||||
key, plainText, cipherText string
|
||||
}{
|
||||
{
|
||||
"0123456712345678234567893456789a",
|
||||
"0123456789abcdef",
|
||||
"238b4fe5847e44b2",
|
||||
},
|
||||
}
|
||||
|
||||
func TestBasic(t *testing.T) {
|
||||
for i, test := range basicTests {
|
||||
key, _ := hex.DecodeString(test.key)
|
||||
plainText, _ := hex.DecodeString(test.plainText)
|
||||
expected, _ := hex.DecodeString(test.cipherText)
|
||||
|
||||
c, err := NewCipher(key)
|
||||
if err != nil {
|
||||
t.Errorf("#%d: failed to create Cipher: %s", i, err)
|
||||
continue
|
||||
}
|
||||
var cipherText [BlockSize]byte
|
||||
c.Encrypt(cipherText[:], plainText)
|
||||
if !bytes.Equal(cipherText[:], expected) {
|
||||
t.Errorf("#%d: got:%x want:%x", i, cipherText, expected)
|
||||
}
|
||||
|
||||
var plainTextAgain [BlockSize]byte
|
||||
c.Decrypt(plainTextAgain[:], cipherText[:])
|
||||
if !bytes.Equal(plainTextAgain[:], plainText) {
|
||||
t.Errorf("#%d: got:%x want:%x", i, plainTextAgain, plainText)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TestFull performs the test specified in RFC 2144, App B.2.
|
||||
// However, due to the length of time taken, it's disabled here and a more
|
||||
// limited version is included, below.
|
||||
func TestFull(t *testing.T) {
|
||||
if testing.Short() {
|
||||
// This is too slow for normal testing
|
||||
return
|
||||
}
|
||||
|
||||
a, b := iterate(1000000)
|
||||
|
||||
const expectedA = "eea9d0a249fd3ba6b3436fb89d6dca92"
|
||||
const expectedB = "b2c95eb00c31ad7180ac05b8e83d696e"
|
||||
|
||||
if hex.EncodeToString(a) != expectedA {
|
||||
t.Errorf("a: got:%x want:%s", a, expectedA)
|
||||
}
|
||||
if hex.EncodeToString(b) != expectedB {
|
||||
t.Errorf("b: got:%x want:%s", b, expectedB)
|
||||
}
|
||||
}
|
||||
|
||||
func iterate(iterations int) ([]byte, []byte) {
|
||||
const initValueHex = "0123456712345678234567893456789a"
|
||||
|
||||
initValue, _ := hex.DecodeString(initValueHex)
|
||||
|
||||
var a, b [16]byte
|
||||
copy(a[:], initValue)
|
||||
copy(b[:], initValue)
|
||||
|
||||
for i := 0; i < iterations; i++ {
|
||||
c, _ := NewCipher(b[:])
|
||||
c.Encrypt(a[:8], a[:8])
|
||||
c.Encrypt(a[8:], a[8:])
|
||||
c, _ = NewCipher(a[:])
|
||||
c.Encrypt(b[:8], b[:8])
|
||||
c.Encrypt(b[8:], b[8:])
|
||||
}
|
||||
|
||||
return a[:], b[:]
|
||||
}
|
||||
|
||||
func TestLimited(t *testing.T) {
|
||||
a, b := iterate(1000)
|
||||
|
||||
const expectedA = "23f73b14b02a2ad7dfb9f2c35644798d"
|
||||
const expectedB = "e5bf37eff14c456a40b21ce369370a9f"
|
||||
|
||||
if hex.EncodeToString(a) != expectedA {
|
||||
t.Errorf("a: got:%x want:%s", a, expectedA)
|
||||
}
|
||||
if hex.EncodeToString(b) != expectedB {
|
||||
t.Errorf("b: got:%x want:%s", b, expectedB)
|
||||
}
|
||||
}
|
|
@ -4,13 +4,13 @@
|
|||
|
||||
// Package armor implements OpenPGP ASCII Armor, see RFC 4880. OpenPGP Armor is
|
||||
// very similar to PEM except that it has an additional CRC checksum.
|
||||
package armor
|
||||
package armor // import "golang.org/x/crypto/openpgp/armor"
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"encoding/base64"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"io"
|
||||
)
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
// This form of ElGamal embeds PKCS#1 v1.5 padding, which may make it
|
||||
// unsuitable for other protocols. RSA should be used in preference in any
|
||||
// case.
|
||||
package elgamal
|
||||
package elgamal // import "golang.org/x/crypto/openpgp/elgamal"
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
|
@ -3,7 +3,7 @@
|
|||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package errors contains common error types for the OpenPGP packages.
|
||||
package errors
|
||||
package errors // import "golang.org/x/crypto/openpgp/errors"
|
||||
|
||||
import (
|
||||
"strconv"
|
||||
|
@ -57,6 +57,14 @@ func (unknownIssuerError) Error() string {
|
|||
|
||||
var ErrUnknownIssuer error = unknownIssuerError(0)
|
||||
|
||||
type keyRevokedError int
|
||||
|
||||
func (keyRevokedError) Error() string {
|
||||
return "openpgp: signature made by revoked key"
|
||||
}
|
||||
|
||||
var ErrKeyRevoked error = keyRevokedError(0)
|
||||
|
||||
type UnknownPacketTypeError uint8
|
||||
|
||||
func (upte UnknownPacketTypeError) Error() string {
|
|
@ -5,12 +5,13 @@
|
|||
package openpgp
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/armor"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/packet"
|
||||
"crypto/rsa"
|
||||
"io"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
)
|
||||
|
||||
// PublicKeyType is the armor type for a PGP public key.
|
||||
|
@ -26,6 +27,7 @@ type Entity struct {
|
|||
PrimaryKey *packet.PublicKey
|
||||
PrivateKey *packet.PrivateKey
|
||||
Identities map[string]*Identity // indexed by Identity.Name
|
||||
Revocations []*packet.Signature
|
||||
Subkeys []Subkey
|
||||
}
|
||||
|
||||
|
@ -59,6 +61,11 @@ type Key struct {
|
|||
type KeyRing interface {
|
||||
// KeysById returns the set of keys that have the given key id.
|
||||
KeysById(id uint64) []Key
|
||||
// KeysByIdAndUsage returns the set of keys with the given id
|
||||
// that also meet the key usage given by requiredUsage.
|
||||
// The requiredUsage is expressed as the bitwise-OR of
|
||||
// packet.KeyFlag* values.
|
||||
KeysByIdUsage(id uint64, requiredUsage byte) []Key
|
||||
// DecryptionKeys returns all private keys that are valid for
|
||||
// decryption.
|
||||
DecryptionKeys() []Key
|
||||
|
@ -84,13 +91,16 @@ func (e *Entity) primaryIdentity() *Identity {
|
|||
func (e *Entity) encryptionKey(now time.Time) (Key, bool) {
|
||||
candidateSubkey := -1
|
||||
|
||||
// Iterate the keys to find the newest key
|
||||
var maxTime time.Time
|
||||
for i, subkey := range e.Subkeys {
|
||||
if subkey.Sig.FlagsValid &&
|
||||
subkey.Sig.FlagEncryptCommunications &&
|
||||
subkey.PublicKey.PubKeyAlgo.CanEncrypt() &&
|
||||
!subkey.Sig.KeyExpired(now) {
|
||||
!subkey.Sig.KeyExpired(now) &&
|
||||
(maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) {
|
||||
candidateSubkey = i
|
||||
break
|
||||
maxTime = subkey.Sig.CreationTime
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -173,6 +183,43 @@ func (el EntityList) KeysById(id uint64) (keys []Key) {
|
|||
return
|
||||
}
|
||||
|
||||
// KeysByIdAndUsage returns the set of keys with the given id that also meet
|
||||
// the key usage given by requiredUsage. The requiredUsage is expressed as
|
||||
// the bitwise-OR of packet.KeyFlag* values.
|
||||
func (el EntityList) KeysByIdUsage(id uint64, requiredUsage byte) (keys []Key) {
|
||||
for _, key := range el.KeysById(id) {
|
||||
if len(key.Entity.Revocations) > 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
if key.SelfSignature.RevocationReason != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if key.SelfSignature.FlagsValid && requiredUsage != 0 {
|
||||
var usage byte
|
||||
if key.SelfSignature.FlagCertify {
|
||||
usage |= packet.KeyFlagCertify
|
||||
}
|
||||
if key.SelfSignature.FlagSign {
|
||||
usage |= packet.KeyFlagSign
|
||||
}
|
||||
if key.SelfSignature.FlagEncryptCommunications {
|
||||
usage |= packet.KeyFlagEncryptCommunications
|
||||
}
|
||||
if key.SelfSignature.FlagEncryptStorage {
|
||||
usage |= packet.KeyFlagEncryptStorage
|
||||
}
|
||||
if usage&requiredUsage != requiredUsage {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
keys = append(keys, key)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DecryptionKeys returns all private keys that are valid for decryption.
|
||||
func (el EntityList) DecryptionKeys() (keys []Key) {
|
||||
for _, e := range el {
|
||||
|
@ -290,6 +337,7 @@ func ReadEntity(packets *packet.Reader) (*Entity, error) {
|
|||
}
|
||||
|
||||
var current *Identity
|
||||
var revocations []*packet.Signature
|
||||
EachPacket:
|
||||
for {
|
||||
p, err := packets.Next()
|
||||
|
@ -320,7 +368,7 @@ EachPacket:
|
|||
}
|
||||
|
||||
if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId {
|
||||
if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, sig); err != nil {
|
||||
if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil {
|
||||
return nil, errors.StructuralError("user ID self-signature invalid: " + err.Error())
|
||||
}
|
||||
current.SelfSignature = sig
|
||||
|
@ -329,10 +377,17 @@ EachPacket:
|
|||
current.Signatures = append(current.Signatures, sig)
|
||||
}
|
||||
case *packet.Signature:
|
||||
if current == nil {
|
||||
if pkt.SigType == packet.SigTypeKeyRevocation {
|
||||
revocations = append(revocations, pkt)
|
||||
} else if pkt.SigType == packet.SigTypeDirectSignature {
|
||||
// TODO: RFC4880 5.2.1 permits signatures
|
||||
// directly on keys (eg. to bind additional
|
||||
// revocation keys).
|
||||
} else if current == nil {
|
||||
return nil, errors.StructuralError("signature packet found before user id packet")
|
||||
}
|
||||
} else {
|
||||
current.Signatures = append(current.Signatures, pkt)
|
||||
}
|
||||
case *packet.PrivateKey:
|
||||
if pkt.IsSubkey == false {
|
||||
packets.Unread(p)
|
||||
|
@ -360,6 +415,16 @@ EachPacket:
|
|||
return nil, errors.StructuralError("entity without any identities")
|
||||
}
|
||||
|
||||
for _, revocation := range revocations {
|
||||
err = e.PrimaryKey.VerifyRevocationSignature(revocation)
|
||||
if err == nil {
|
||||
e.Revocations = append(e.Revocations, revocation)
|
||||
} else {
|
||||
// TODO: RFC 4880 5.2.3.15 defines revocation keys.
|
||||
return nil, errors.StructuralError("revocation signature signed by alternate key")
|
||||
}
|
||||
}
|
||||
|
||||
return e, nil
|
||||
}
|
||||
|
||||
|
@ -379,7 +444,7 @@ func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *p
|
|||
if !ok {
|
||||
return errors.StructuralError("subkey packet not followed by signature")
|
||||
}
|
||||
if subKey.Sig.SigType != packet.SigTypeSubkeyBinding {
|
||||
if subKey.Sig.SigType != packet.SigTypeSubkeyBinding && subKey.Sig.SigType != packet.SigTypeSubkeyRevocation {
|
||||
return errors.StructuralError("subkey signature with wrong type")
|
||||
}
|
||||
err = e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, subKey.Sig)
|
||||
|
@ -399,15 +464,20 @@ const defaultRSAKeyBits = 2048
|
|||
func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) {
|
||||
currentTime := config.Now()
|
||||
|
||||
bits := defaultRSAKeyBits
|
||||
if config != nil && config.RSABits != 0 {
|
||||
bits = config.RSABits
|
||||
}
|
||||
|
||||
uid := packet.NewUserId(name, comment, email)
|
||||
if uid == nil {
|
||||
return nil, errors.InvalidArgumentError("user id field contained invalid characters")
|
||||
}
|
||||
signingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits)
|
||||
signingPriv, err := rsa.GenerateKey(config.Random(), bits)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
encryptingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits)
|
||||
encryptingPriv, err := rsa.GenerateKey(config.Random(), bits)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -434,6 +504,12 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err
|
|||
},
|
||||
}
|
||||
|
||||
// If the user passes in a DefaultHash via packet.Config,
|
||||
// set the PreferredHash for the SelfSignature.
|
||||
if config != nil && config.DefaultHash != 0 {
|
||||
e.Identities[uid.Id].SelfSignature.PreferredHash = []uint8{hashToHashId(config.DefaultHash)}
|
||||
}
|
||||
|
||||
e.Subkeys = make([]Subkey, 1)
|
||||
e.Subkeys[0] = Subkey{
|
||||
PublicKey: packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey),
|
||||
|
@ -555,7 +631,7 @@ func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Co
|
|||
CreationTime: config.Now(),
|
||||
IssuerKeyId: &signer.PrivateKey.KeyId,
|
||||
}
|
||||
if err := sig.SignKey(e.PrimaryKey, signer.PrivateKey, config); err != nil {
|
||||
if err := sig.SignUserId(identity, e.PrimaryKey, signer.PrivateKey, config); err != nil {
|
||||
return err
|
||||
}
|
||||
ident.Signatures = append(ident.Signatures, sig)
|
File diff suppressed because one or more lines are too long
|
@ -5,10 +5,10 @@
|
|||
package packet
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"compress/bzip2"
|
||||
"compress/flate"
|
||||
"compress/zlib"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"io"
|
||||
"strconv"
|
||||
)
|
|
@ -32,6 +32,20 @@ type Config struct {
|
|||
DefaultCompressionAlgo CompressionAlgo
|
||||
// CompressionConfig configures the compression settings.
|
||||
CompressionConfig *CompressionConfig
|
||||
// S2KCount is only used for symmetric encryption. It
|
||||
// determines the strength of the passphrase stretching when
|
||||
// the said passphrase is hashed to produce a key. S2KCount
|
||||
// should be between 1024 and 65011712, inclusive. If Config
|
||||
// is nil or S2KCount is 0, the value 65536 used. Not all
|
||||
// values in the above range can be represented. S2KCount will
|
||||
// be rounded up to the next representable value if it cannot
|
||||
// be encoded exactly. When set, it is strongly encrouraged to
|
||||
// use a value that is at least 65536. See RFC 4880 Section
|
||||
// 3.7.1.3.
|
||||
S2KCount int
|
||||
// RSABits is the number of bits in new RSA keys made with NewEntity.
|
||||
// If zero, then 2048 bit keys are created.
|
||||
RSABits int
|
||||
}
|
||||
|
||||
func (c *Config) Random() io.Reader {
|
||||
|
@ -68,3 +82,10 @@ func (c *Config) Compression() CompressionAlgo {
|
|||
}
|
||||
return c.DefaultCompressionAlgo
|
||||
}
|
||||
|
||||
func (c *Config) PasswordHashIterations() int {
|
||||
if c == nil || c.S2KCount == 0 {
|
||||
return 0
|
||||
}
|
||||
return c.S2KCount
|
||||
}
|
|
@ -5,13 +5,14 @@
|
|||
package packet
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/elgamal"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"crypto/rsa"
|
||||
"encoding/binary"
|
||||
"io"
|
||||
"math/big"
|
||||
"strconv"
|
||||
|
||||
"golang.org/x/crypto/openpgp/elgamal"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
)
|
||||
|
||||
const encryptedKeyVersion = 3
|
||||
|
@ -24,7 +25,7 @@ type EncryptedKey struct {
|
|||
CipherFunc CipherFunction // only valid after a successful Decrypt
|
||||
Key []byte // only valid after a successful Decrypt
|
||||
|
||||
encryptedMPI1, encryptedMPI2 []byte
|
||||
encryptedMPI1, encryptedMPI2 parsedMPI
|
||||
}
|
||||
|
||||
func (e *EncryptedKey) parse(r io.Reader) (err error) {
|
||||
|
@ -40,13 +41,13 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) {
|
|||
e.Algo = PublicKeyAlgorithm(buf[9])
|
||||
switch e.Algo {
|
||||
case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
|
||||
e.encryptedMPI1, _, err = readMPI(r)
|
||||
e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
|
||||
case PubKeyAlgoElGamal:
|
||||
e.encryptedMPI1, _, err = readMPI(r)
|
||||
e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
e.encryptedMPI2, _, err = readMPI(r)
|
||||
e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r)
|
||||
}
|
||||
_, err = consumeAll(r)
|
||||
return
|
||||
|
@ -71,10 +72,10 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
|
|||
// padding oracle attacks.
|
||||
switch priv.PubKeyAlgo {
|
||||
case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
|
||||
b, err = rsa.DecryptPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), e.encryptedMPI1)
|
||||
b, err = rsa.DecryptPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), e.encryptedMPI1.bytes)
|
||||
case PubKeyAlgoElGamal:
|
||||
c1 := new(big.Int).SetBytes(e.encryptedMPI1)
|
||||
c2 := new(big.Int).SetBytes(e.encryptedMPI2)
|
||||
c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes)
|
||||
c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes)
|
||||
b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2)
|
||||
default:
|
||||
err = errors.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
|
||||
|
@ -95,6 +96,36 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Serialize writes the encrypted key packet, e, to w.
|
||||
func (e *EncryptedKey) Serialize(w io.Writer) error {
|
||||
var mpiLen int
|
||||
switch e.Algo {
|
||||
case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
|
||||
mpiLen = 2 + len(e.encryptedMPI1.bytes)
|
||||
case PubKeyAlgoElGamal:
|
||||
mpiLen = 2 + len(e.encryptedMPI1.bytes) + 2 + len(e.encryptedMPI2.bytes)
|
||||
default:
|
||||
return errors.InvalidArgumentError("don't know how to serialize encrypted key type " + strconv.Itoa(int(e.Algo)))
|
||||
}
|
||||
|
||||
serializeHeader(w, packetTypeEncryptedKey, 1 /* version */ +8 /* key id */ +1 /* algo */ +mpiLen)
|
||||
|
||||
w.Write([]byte{encryptedKeyVersion})
|
||||
binary.Write(w, binary.BigEndian, e.KeyId)
|
||||
w.Write([]byte{byte(e.Algo)})
|
||||
|
||||
switch e.Algo {
|
||||
case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
|
||||
writeMPIs(w, e.encryptedMPI1)
|
||||
case PubKeyAlgoElGamal:
|
||||
writeMPIs(w, e.encryptedMPI1, e.encryptedMPI2)
|
||||
default:
|
||||
panic("internal error")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// SerializeEncryptedKey serializes an encrypted key packet to w that contains
|
||||
// key, encrypted to pub.
|
||||
// If config is nil, sensible defaults will be used.
|
|
@ -7,6 +7,7 @@ package packet
|
|||
import (
|
||||
"bytes"
|
||||
"crypto/rsa"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"math/big"
|
||||
"testing"
|
||||
|
@ -123,3 +124,23 @@ func TestEncryptingEncryptedKey(t *testing.T) {
|
|||
t.Errorf("bad key, got %s want %x", keyHex, expectedKeyHex)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSerializingEncryptedKey(t *testing.T) {
|
||||
const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
|
||||
|
||||
p, err := Read(readerFromHex(encryptedKeyHex))
|
||||
if err != nil {
|
||||
t.Fatalf("error from Read: %s", err)
|
||||
}
|
||||
ek, ok := p.(*EncryptedKey)
|
||||
if !ok {
|
||||
t.Fatalf("didn't parse an EncryptedKey, got %#v", p)
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
ek.Serialize(&buf)
|
||||
|
||||
if bufHex := hex.EncodeToString(buf.Bytes()); bufHex != encryptedKeyHex {
|
||||
t.Fatalf("serialization of encrypted key differed from original. Original was %s, but reserialized as %s", encryptedKeyHex, bufHex)
|
||||
}
|
||||
}
|
|
@ -5,10 +5,10 @@
|
|||
package packet
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/s2k"
|
||||
"crypto"
|
||||
"encoding/binary"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/s2k"
|
||||
"io"
|
||||
"strconv"
|
||||
)
|
|
@ -6,9 +6,10 @@ package packet
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
)
|
||||
|
||||
// OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is
|
||||
|
@ -138,7 +139,7 @@ func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacke
|
|||
uint32(contents[4])
|
||||
contents = contents[5:]
|
||||
}
|
||||
if subLen > uint32(len(contents)) {
|
||||
if subLen > uint32(len(contents)) || subLen == 0 {
|
||||
goto Truncated
|
||||
}
|
||||
subPacket.SubType = contents[0]
|
|
@ -4,15 +4,15 @@
|
|||
|
||||
// Package packet implements parsing and serialization of OpenPGP packets, as
|
||||
// specified in RFC 4880.
|
||||
package packet
|
||||
package packet // import "golang.org/x/crypto/openpgp/packet"
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"code.google.com/p/go.crypto/cast5"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/des"
|
||||
"golang.org/x/crypto/cast5"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"io"
|
||||
"math/big"
|
||||
)
|
||||
|
@ -392,6 +392,10 @@ const (
|
|||
SigTypeCasualCert = 0x12
|
||||
SigTypePositiveCert = 0x13
|
||||
SigTypeSubkeyBinding = 0x18
|
||||
SigTypePrimaryKeyBinding = 0x19
|
||||
SigTypeDirectSignature = 0x1F
|
||||
SigTypeKeyRevocation = 0x20
|
||||
SigTypeSubkeyRevocation = 0x28
|
||||
)
|
||||
|
||||
// PublicKeyAlgorithm represents the different public key system specified for
|
||||
|
@ -424,7 +428,7 @@ func (pka PublicKeyAlgorithm) CanEncrypt() bool {
|
|||
// sign a message.
|
||||
func (pka PublicKeyAlgorithm) CanSign() bool {
|
||||
switch pka {
|
||||
case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA:
|
||||
case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA:
|
||||
return true
|
||||
}
|
||||
return false
|
|
@ -6,9 +6,9 @@ package packet
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"testing"
|
|
@ -6,11 +6,10 @@ package packet
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp/elgamal"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/s2k"
|
||||
"crypto"
|
||||
"crypto/cipher"
|
||||
"crypto/dsa"
|
||||
"crypto/ecdsa"
|
||||
"crypto/rsa"
|
||||
"crypto/sha1"
|
||||
"io"
|
||||
|
@ -18,6 +17,10 @@ import (
|
|||
"math/big"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/openpgp/elgamal"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/s2k"
|
||||
)
|
||||
|
||||
// PrivateKey represents a possibly encrypted private key. See RFC 4880,
|
||||
|
@ -28,7 +31,7 @@ type PrivateKey struct {
|
|||
encryptedData []byte
|
||||
cipher CipherFunction
|
||||
s2k func(out, in []byte)
|
||||
PrivateKey interface{} // An *rsa.PrivateKey or *dsa.PrivateKey.
|
||||
PrivateKey interface{} // An *{rsa|dsa|ecdsa}.PrivateKey or a crypto.Signer.
|
||||
sha1Checksum bool
|
||||
iv []byte
|
||||
}
|
||||
|
@ -47,6 +50,37 @@ func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey {
|
|||
return pk
|
||||
}
|
||||
|
||||
func NewElGamalPrivateKey(currentTime time.Time, priv *elgamal.PrivateKey) *PrivateKey {
|
||||
pk := new(PrivateKey)
|
||||
pk.PublicKey = *NewElGamalPublicKey(currentTime, &priv.PublicKey)
|
||||
pk.PrivateKey = priv
|
||||
return pk
|
||||
}
|
||||
|
||||
func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey {
|
||||
pk := new(PrivateKey)
|
||||
pk.PublicKey = *NewECDSAPublicKey(currentTime, &priv.PublicKey)
|
||||
pk.PrivateKey = priv
|
||||
return pk
|
||||
}
|
||||
|
||||
// NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that
|
||||
// implements RSA or ECDSA.
|
||||
func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey {
|
||||
pk := new(PrivateKey)
|
||||
switch pubkey := signer.Public().(type) {
|
||||
case rsa.PublicKey:
|
||||
pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey)
|
||||
pk.PubKeyAlgo = PubKeyAlgoRSASignOnly
|
||||
case ecdsa.PublicKey:
|
||||
pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey)
|
||||
default:
|
||||
panic("openpgp: unknown crypto.Signer type in NewSignerPrivateKey")
|
||||
}
|
||||
pk.PrivateKey = signer
|
||||
return pk
|
||||
}
|
||||
|
||||
func (pk *PrivateKey) parse(r io.Reader) (err error) {
|
||||
err = (&pk.PublicKey).parse(r)
|
||||
if err != nil {
|
||||
|
@ -130,6 +164,10 @@ func (pk *PrivateKey) Serialize(w io.Writer) (err error) {
|
|||
err = serializeRSAPrivateKey(privateKeyBuf, priv)
|
||||
case *dsa.PrivateKey:
|
||||
err = serializeDSAPrivateKey(privateKeyBuf, priv)
|
||||
case *elgamal.PrivateKey:
|
||||
err = serializeElGamalPrivateKey(privateKeyBuf, priv)
|
||||
case *ecdsa.PrivateKey:
|
||||
err = serializeECDSAPrivateKey(privateKeyBuf, priv)
|
||||
default:
|
||||
err = errors.InvalidArgumentError("unknown private key type")
|
||||
}
|
||||
|
@ -185,6 +223,14 @@ func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error {
|
|||
return writeBig(w, priv.X)
|
||||
}
|
||||
|
||||
func serializeElGamalPrivateKey(w io.Writer, priv *elgamal.PrivateKey) error {
|
||||
return writeBig(w, priv.X)
|
||||
}
|
||||
|
||||
func serializeECDSAPrivateKey(w io.Writer, priv *ecdsa.PrivateKey) error {
|
||||
return writeBig(w, priv.D)
|
||||
}
|
||||
|
||||
// Decrypt decrypts an encrypted private key using a passphrase.
|
||||
func (pk *PrivateKey) Decrypt(passphrase []byte) error {
|
||||
if !pk.Encrypted {
|
||||
|
@ -196,8 +242,8 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error {
|
|||
block := pk.cipher.new(key)
|
||||
cfb := cipher.NewCFBDecrypter(block, pk.iv)
|
||||
|
||||
data := pk.encryptedData
|
||||
cfb.XORKeyStream(data, data)
|
||||
data := make([]byte, len(pk.encryptedData))
|
||||
cfb.XORKeyStream(data, pk.encryptedData)
|
||||
|
||||
if pk.sha1Checksum {
|
||||
if len(data) < sha1.Size {
|
||||
|
@ -236,6 +282,8 @@ func (pk *PrivateKey) parsePrivateKey(data []byte) (err error) {
|
|||
return pk.parseDSAPrivateKey(data)
|
||||
case PubKeyAlgoElGamal:
|
||||
return pk.parseElGamalPrivateKey(data)
|
||||
case PubKeyAlgoECDSA:
|
||||
return pk.parseECDSAPrivateKey(data)
|
||||
}
|
||||
panic("impossible")
|
||||
}
|
||||
|
@ -263,6 +311,9 @@ func (pk *PrivateKey) parseRSAPrivateKey(data []byte) (err error) {
|
|||
rsaPriv.Primes = make([]*big.Int, 2)
|
||||
rsaPriv.Primes[0] = new(big.Int).SetBytes(p)
|
||||
rsaPriv.Primes[1] = new(big.Int).SetBytes(q)
|
||||
if err := rsaPriv.Validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
rsaPriv.Precompute()
|
||||
pk.PrivateKey = rsaPriv
|
||||
pk.Encrypted = false
|
||||
|
@ -308,3 +359,22 @@ func (pk *PrivateKey) parseElGamalPrivateKey(data []byte) (err error) {
|
|||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (pk *PrivateKey) parseECDSAPrivateKey(data []byte) (err error) {
|
||||
ecdsaPub := pk.PublicKey.PublicKey.(*ecdsa.PublicKey)
|
||||
|
||||
buf := bytes.NewBuffer(data)
|
||||
d, _, err := readMPI(buf)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
pk.PrivateKey = &ecdsa.PrivateKey{
|
||||
PublicKey: *ecdsaPub,
|
||||
D: new(big.Int).SetBytes(d),
|
||||
}
|
||||
pk.Encrypted = false
|
||||
pk.encryptedData = nil
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,270 @@
|
|||
// Copyright 2011 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package packet
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"hash"
|
||||
"io"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
var privateKeyTests = []struct {
|
||||
privateKeyHex string
|
||||
creationTime time.Time
|
||||
}{
|
||||
{
|
||||
privKeyRSAHex,
|
||||
time.Unix(0x4cc349a8, 0),
|
||||
},
|
||||
{
|
||||
privKeyElGamalHex,
|
||||
time.Unix(0x4df9ee1a, 0),
|
||||
},
|
||||
}
|
||||
|
||||
func TestPrivateKeyRead(t *testing.T) {
|
||||
for i, test := range privateKeyTests {
|
||||
packet, err := Read(readerFromHex(test.privateKeyHex))
|
||||
if err != nil {
|
||||
t.Errorf("#%d: failed to parse: %s", i, err)
|
||||
continue
|
||||
}
|
||||
|
||||
privKey := packet.(*PrivateKey)
|
||||
|
||||
if !privKey.Encrypted {
|
||||
t.Errorf("#%d: private key isn't encrypted", i)
|
||||
continue
|
||||
}
|
||||
|
||||
err = privKey.Decrypt([]byte("wrong password"))
|
||||
if err == nil {
|
||||
t.Errorf("#%d: decrypted with incorrect key", i)
|
||||
continue
|
||||
}
|
||||
|
||||
err = privKey.Decrypt([]byte("testing"))
|
||||
if err != nil {
|
||||
t.Errorf("#%d: failed to decrypt: %s", i, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if !privKey.CreationTime.Equal(test.creationTime) || privKey.Encrypted {
|
||||
t.Errorf("#%d: bad result, got: %#v", i, privKey)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func populateHash(hashFunc crypto.Hash, msg []byte) (hash.Hash, error) {
|
||||
h := hashFunc.New()
|
||||
if _, err := h.Write(msg); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return h, nil
|
||||
}
|
||||
|
||||
func TestRSAPrivateKey(t *testing.T) {
|
||||
privKeyDER, _ := hex.DecodeString(pkcs1PrivKeyHex)
|
||||
rsaPriv, err := x509.ParsePKCS1PrivateKey(privKeyDER)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
if err := NewRSAPrivateKey(time.Now(), rsaPriv).Serialize(&buf); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
p, err := Read(&buf)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
priv, ok := p.(*PrivateKey)
|
||||
if !ok {
|
||||
t.Fatal("didn't parse private key")
|
||||
}
|
||||
|
||||
sig := &Signature{
|
||||
PubKeyAlgo: PubKeyAlgoRSA,
|
||||
Hash: crypto.SHA256,
|
||||
}
|
||||
msg := []byte("Hello World!")
|
||||
|
||||
h, err := populateHash(sig.Hash, msg)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := sig.Sign(h, priv, nil); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if h, err = populateHash(sig.Hash, msg); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := priv.VerifySignature(h, sig); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestECDSAPrivateKey(t *testing.T) {
|
||||
ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
if err := NewECDSAPrivateKey(time.Now(), ecdsaPriv).Serialize(&buf); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
p, err := Read(&buf)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
priv, ok := p.(*PrivateKey)
|
||||
if !ok {
|
||||
t.Fatal("didn't parse private key")
|
||||
}
|
||||
|
||||
sig := &Signature{
|
||||
PubKeyAlgo: PubKeyAlgoECDSA,
|
||||
Hash: crypto.SHA256,
|
||||
}
|
||||
msg := []byte("Hello World!")
|
||||
|
||||
h, err := populateHash(sig.Hash, msg)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := sig.Sign(h, priv, nil); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if h, err = populateHash(sig.Hash, msg); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := priv.VerifySignature(h, sig); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
type rsaSigner struct {
|
||||
priv *rsa.PrivateKey
|
||||
}
|
||||
|
||||
func (s *rsaSigner) Public() crypto.PublicKey {
|
||||
return s.priv.PublicKey
|
||||
}
|
||||
|
||||
func (s *rsaSigner) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
|
||||
return s.priv.Sign(rand, msg, opts)
|
||||
}
|
||||
|
||||
func TestRSASignerPrivateKey(t *testing.T) {
|
||||
rsaPriv, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
priv := NewSignerPrivateKey(time.Now(), &rsaSigner{rsaPriv})
|
||||
|
||||
if priv.PubKeyAlgo != PubKeyAlgoRSASignOnly {
|
||||
t.Fatal("NewSignerPrivateKey should have made a sign-only RSA private key")
|
||||
}
|
||||
|
||||
sig := &Signature{
|
||||
PubKeyAlgo: PubKeyAlgoRSASignOnly,
|
||||
Hash: crypto.SHA256,
|
||||
}
|
||||
msg := []byte("Hello World!")
|
||||
|
||||
h, err := populateHash(sig.Hash, msg)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := sig.Sign(h, priv, nil); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if h, err = populateHash(sig.Hash, msg); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := priv.VerifySignature(h, sig); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
type ecdsaSigner struct {
|
||||
priv *ecdsa.PrivateKey
|
||||
}
|
||||
|
||||
func (s *ecdsaSigner) Public() crypto.PublicKey {
|
||||
return s.priv.PublicKey
|
||||
}
|
||||
|
||||
func (s *ecdsaSigner) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
|
||||
return s.priv.Sign(rand, msg, opts)
|
||||
}
|
||||
|
||||
func TestECDSASignerPrivateKey(t *testing.T) {
|
||||
ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
priv := NewSignerPrivateKey(time.Now(), &ecdsaSigner{ecdsaPriv})
|
||||
|
||||
if priv.PubKeyAlgo != PubKeyAlgoECDSA {
|
||||
t.Fatal("NewSignerPrivateKey should have made a ECSDA private key")
|
||||
}
|
||||
|
||||
sig := &Signature{
|
||||
PubKeyAlgo: PubKeyAlgoECDSA,
|
||||
Hash: crypto.SHA256,
|
||||
}
|
||||
msg := []byte("Hello World!")
|
||||
|
||||
h, err := populateHash(sig.Hash, msg)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := sig.Sign(h, priv, nil); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if h, err = populateHash(sig.Hash, msg); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if err := priv.VerifySignature(h, sig); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestIssue11505(t *testing.T) {
|
||||
// parsing a rsa private key with p or q == 1 used to panic due to a divide by zero
|
||||
_, _ = Read(readerFromHex("9c3004303030300100000011303030000000000000010130303030303030303030303030303030303030303030303030303030303030303030303030303030303030"))
|
||||
}
|
||||
|
||||
// Generated with `gpg --export-secret-keys "Test Key 2"`
|
||||
const privKeyRSAHex = "9501fe044cc349a8010400b70ca0010e98c090008d45d1ee8f9113bd5861fd57b88bacb7c68658747663f1e1a3b5a98f32fda6472373c024b97359cd2efc88ff60f77751adfbf6af5e615e6a1408cfad8bf0cea30b0d5f53aa27ad59089ba9b15b7ebc2777a25d7b436144027e3bcd203909f147d0e332b240cf63d3395f5dfe0df0a6c04e8655af7eacdf0011010001fe0303024a252e7d475fd445607de39a265472aa74a9320ba2dac395faa687e9e0336aeb7e9a7397e511b5afd9dc84557c80ac0f3d4d7bfec5ae16f20d41c8c84a04552a33870b930420e230e179564f6d19bb153145e76c33ae993886c388832b0fa042ddda7f133924f3854481533e0ede31d51278c0519b29abc3bf53da673e13e3e1214b52413d179d7f66deee35cac8eacb060f78379d70ef4af8607e68131ff529439668fc39c9ce6dfef8a5ac234d234802cbfb749a26107db26406213ae5c06d4673253a3cbee1fcbae58d6ab77e38d6e2c0e7c6317c48e054edadb5a40d0d48acb44643d998139a8a66bb820be1f3f80185bc777d14b5954b60effe2448a036d565c6bc0b915fcea518acdd20ab07bc1529f561c58cd044f723109b93f6fd99f876ff891d64306b5d08f48bab59f38695e9109c4dec34013ba3153488ce070268381ba923ee1eb77125b36afcb4347ec3478c8f2735b06ef17351d872e577fa95d0c397c88c71b59629a36aec"
|
||||
|
||||
// Generated by `gpg --export-secret-keys` followed by a manual extraction of
|
||||
// the ElGamal subkey from the packets.
|
||||
const privKeyElGamalHex = "9d0157044df9ee1a100400eb8e136a58ec39b582629cdadf830bc64e0a94ed8103ca8bb247b27b11b46d1d25297ef4bcc3071785ba0c0bedfe89eabc5287fcc0edf81ab5896c1c8e4b20d27d79813c7aede75320b33eaeeaa586edc00fd1036c10133e6ba0ff277245d0d59d04b2b3421b7244aca5f4a8d870c6f1c1fbff9e1c26699a860b9504f35ca1d700030503fd1ededd3b840795be6d9ccbe3c51ee42e2f39233c432b831ddd9c4e72b7025a819317e47bf94f9ee316d7273b05d5fcf2999c3a681f519b1234bbfa6d359b4752bd9c3f77d6b6456cde152464763414ca130f4e91d91041432f90620fec0e6d6b5116076c2985d5aeaae13be492b9b329efcaf7ee25120159a0a30cd976b42d7afe030302dae7eb80db744d4960c4df930d57e87fe81412eaace9f900e6c839817a614ddb75ba6603b9417c33ea7b6c93967dfa2bcff3fa3c74a5ce2c962db65b03aece14c96cbd0038fc"
|
||||
|
||||
// pkcs1PrivKeyHex is a PKCS#1, RSA private key.
|
||||
// Generated by `openssl genrsa 1024 | openssl rsa -outform DER | xxd -p`
|
||||
const pkcs1PrivKeyHex = "3082025d02010002818100e98edfa1c3b35884a54d0b36a6a603b0290fa85e49e30fa23fc94fef9c6790bc4849928607aa48d809da326fb42a969d06ad756b98b9c1a90f5d4a2b6d0ac05953c97f4da3120164a21a679793ce181c906dc01d235cc085ddcdf6ea06c389b6ab8885dfd685959e693138856a68a7e5db263337ff82a088d583a897cf2d59e9020301000102818100b6d5c9eb70b02d5369b3ee5b520a14490b5bde8a317d36f7e4c74b7460141311d1e5067735f8f01d6f5908b2b96fbd881f7a1ab9a84d82753e39e19e2d36856be960d05ac9ef8e8782ea1b6d65aee28fdfe1d61451e8cff0adfe84322f12cf455028b581cf60eb9e0e140ba5d21aeba6c2634d7c65318b9a665fc01c3191ca21024100fa5e818da3705b0fa33278bb28d4b6f6050388af2d4b75ec9375dd91ccf2e7d7068086a8b82a8f6282e4fbbdb8a7f2622eb97295249d87acea7f5f816f54d347024100eecf9406d7dc49cdfb95ab1eff4064de84c7a30f64b2798936a0d2018ba9eb52e4b636f82e96c49cc63b80b675e91e40d1b2e4017d4b9adaf33ab3d9cf1c214f024100c173704ace742c082323066226a4655226819a85304c542b9dacbeacbf5d1881ee863485fcf6f59f3a604f9b42289282067447f2b13dfeed3eab7851fc81e0550240741fc41f3fc002b382eed8730e33c5d8de40256e4accee846667f536832f711ab1d4590e7db91a8a116ac5bff3be13d3f9243ff2e976662aa9b395d907f8e9c9024046a5696c9ef882363e06c9fa4e2f5b580906452befba03f4a99d0f873697ef1f851d2226ca7934b30b7c3e80cb634a67172bbbf4781735fe3e09263e2dd723e7"
|
|
@ -6,8 +6,6 @@ package packet
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp/elgamal"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/ecdsa"
|
||||
|
@ -23,6 +21,9 @@ import (
|
|||
"math/big"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/openpgp/elgamal"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -192,7 +193,7 @@ func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey {
|
|||
return pk
|
||||
}
|
||||
|
||||
// NewDSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
|
||||
// NewDSAPublicKey returns a PublicKey that wraps the given dsa.PublicKey.
|
||||
func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey {
|
||||
pk := &PublicKey{
|
||||
CreationTime: creationTime,
|
||||
|
@ -208,6 +209,47 @@ func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey {
|
|||
return pk
|
||||
}
|
||||
|
||||
// NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey.
|
||||
func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey {
|
||||
pk := &PublicKey{
|
||||
CreationTime: creationTime,
|
||||
PubKeyAlgo: PubKeyAlgoElGamal,
|
||||
PublicKey: pub,
|
||||
p: fromBig(pub.P),
|
||||
g: fromBig(pub.G),
|
||||
y: fromBig(pub.Y),
|
||||
}
|
||||
|
||||
pk.setFingerPrintAndKeyId()
|
||||
return pk
|
||||
}
|
||||
|
||||
func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey {
|
||||
pk := &PublicKey{
|
||||
CreationTime: creationTime,
|
||||
PubKeyAlgo: PubKeyAlgoECDSA,
|
||||
PublicKey: pub,
|
||||
ec: new(ecdsaKey),
|
||||
}
|
||||
|
||||
switch pub.Curve {
|
||||
case elliptic.P256():
|
||||
pk.ec.oid = oidCurveP256
|
||||
case elliptic.P384():
|
||||
pk.ec.oid = oidCurveP384
|
||||
case elliptic.P521():
|
||||
pk.ec.oid = oidCurveP521
|
||||
default:
|
||||
panic("unknown elliptic curve")
|
||||
}
|
||||
|
||||
pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
|
||||
pk.ec.p.bitLength = uint16(8 * len(pk.ec.p.bytes))
|
||||
|
||||
pk.setFingerPrintAndKeyId()
|
||||
return pk
|
||||
}
|
||||
|
||||
func (pk *PublicKey) parse(r io.Reader) (err error) {
|
||||
// RFC 4880, section 5.5.2
|
||||
var buf [6]byte
|
||||
|
@ -564,11 +606,55 @@ func keySignatureHash(pk, signed signingKey, hashFunc crypto.Hash) (h hash.Hash,
|
|||
|
||||
// VerifyKeySignature returns nil iff sig is a valid signature, made by this
|
||||
// public key, of signed.
|
||||
func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) (err error) {
|
||||
func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error {
|
||||
h, err := keySignatureHash(pk, signed, sig.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err = pk.VerifySignature(h, sig); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if sig.FlagSign {
|
||||
// Signing subkeys must be cross-signed. See
|
||||
// https://www.gnupg.org/faq/subkey-cross-certify.html.
|
||||
if sig.EmbeddedSignature == nil {
|
||||
return errors.StructuralError("signing subkey is missing cross-signature")
|
||||
}
|
||||
// Verify the cross-signature. This is calculated over the same
|
||||
// data as the main signature, so we cannot just recursively
|
||||
// call signed.VerifyKeySignature(...)
|
||||
if h, err = keySignatureHash(pk, signed, sig.EmbeddedSignature.Hash); err != nil {
|
||||
return errors.StructuralError("error while hashing for cross-signature: " + err.Error())
|
||||
}
|
||||
if err := signed.VerifySignature(h, sig.EmbeddedSignature); err != nil {
|
||||
return errors.StructuralError("error while verifying cross-signature: " + err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func keyRevocationHash(pk signingKey, hashFunc crypto.Hash) (h hash.Hash, err error) {
|
||||
if !hashFunc.Available() {
|
||||
return nil, errors.UnsupportedError("hash function")
|
||||
}
|
||||
h = hashFunc.New()
|
||||
|
||||
// RFC 4880, section 5.2.4
|
||||
pk.SerializeSignaturePrefix(h)
|
||||
pk.serializeWithoutHeaders(h)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// VerifyRevocationSignature returns nil iff sig is a valid signature, made by this
|
||||
// public key.
|
||||
func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error) {
|
||||
h, err := keyRevocationHash(pk, sig.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return pk.VerifySignature(h, sig)
|
||||
}
|
||||
|
||||
|
@ -597,9 +683,9 @@ func userIdSignatureHash(id string, pk *PublicKey, hashFunc crypto.Hash) (h hash
|
|||
}
|
||||
|
||||
// VerifyUserIdSignature returns nil iff sig is a valid signature, made by this
|
||||
// public key, of id.
|
||||
func (pk *PublicKey) VerifyUserIdSignature(id string, sig *Signature) (err error) {
|
||||
h, err := userIdSignatureHash(id, pk, sig.Hash)
|
||||
// public key, that id is the identity of pub.
|
||||
func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error) {
|
||||
h, err := userIdSignatureHash(id, pub, sig.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -607,9 +693,9 @@ func (pk *PublicKey) VerifyUserIdSignature(id string, sig *Signature) (err error
|
|||
}
|
||||
|
||||
// VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this
|
||||
// public key, of id.
|
||||
func (pk *PublicKey) VerifyUserIdSignatureV3(id string, sig *SignatureV3) (err error) {
|
||||
h, err := userIdSignatureV3Hash(id, pk, sig.Hash)
|
||||
// public key, that id is the identity of pub.
|
||||
func (pk *PublicKey) VerifyUserIdSignatureV3(id string, pub *PublicKey, sig *SignatureV3) (err error) {
|
||||
h, err := userIdSignatureV3Hash(id, pub, sig.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
|
@ -133,7 +133,7 @@ func TestEcc384Serialize(t *testing.T) {
|
|||
t.Error(err)
|
||||
}
|
||||
uidSig := p.(*Signature)
|
||||
err = pubkey.VerifyUserIdSignature(uid.Id, uidSig)
|
||||
err = pubkey.VerifyUserIdSignature(uid.Id, pubkey, uidSig)
|
||||
if err != nil {
|
||||
t.Error(err, ": UID")
|
||||
}
|
|
@ -16,7 +16,7 @@ import (
|
|||
"strconv"
|
||||
"time"
|
||||
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
)
|
||||
|
||||
// PublicKeyV3 represents older, version 3 public keys. These keys are less secure and
|
||||
|
@ -95,6 +95,11 @@ func (pk *PublicKeyV3) parseRSA(r io.Reader) (err error) {
|
|||
return
|
||||
}
|
||||
|
||||
// RFC 4880 Section 12.2 requires the low 8 bytes of the
|
||||
// modulus to form the key id.
|
||||
if len(pk.n.bytes) < 8 {
|
||||
return errors.StructuralError("v3 public key modulus is too short")
|
||||
}
|
||||
if len(pk.e.bytes) > 3 {
|
||||
err = errors.UnsupportedError("large public exponent")
|
||||
return
|
||||
|
@ -215,8 +220,8 @@ func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (er
|
|||
}
|
||||
|
||||
// VerifyUserIdSignatureV3 returns nil iff sig is a valid signature, made by this
|
||||
// public key, of id.
|
||||
func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, sig *SignatureV3) (err error) {
|
||||
// public key, that id is the identity of pub.
|
||||
func (pk *PublicKeyV3) VerifyUserIdSignatureV3(id string, pub *PublicKeyV3, sig *SignatureV3) (err error) {
|
||||
h, err := userIdSignatureV3Hash(id, pk, sig.Hash)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -237,9 +242,10 @@ func (pk *PublicKeyV3) VerifyKeySignatureV3(signed *PublicKeyV3, sig *SignatureV
|
|||
// userIdSignatureV3Hash returns a Hash of the message that needs to be signed
|
||||
// to assert that pk is a valid key for id.
|
||||
func userIdSignatureV3Hash(id string, pk signingKey, hfn crypto.Hash) (h hash.Hash, err error) {
|
||||
if h = hfn.New(); h == nil {
|
||||
if !hfn.Available() {
|
||||
return nil, errors.UnsupportedError("hash function")
|
||||
}
|
||||
h = hfn.New()
|
||||
|
||||
// RFC 4880, section 5.2.4
|
||||
pk.SerializeSignaturePrefix(h)
|
|
@ -5,7 +5,7 @@
|
|||
package packet
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"io"
|
||||
)
|
||||
|
||||
|
@ -16,6 +16,14 @@ type Reader struct {
|
|||
readers []io.Reader
|
||||
}
|
||||
|
||||
// New io.Readers are pushed when a compressed or encrypted packet is processed
|
||||
// and recursively treated as a new source of packets. However, a carefully
|
||||
// crafted packet can trigger an infinite recursive sequence of packets. See
|
||||
// http://mumble.net/~campbell/misc/pgp-quine
|
||||
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402
|
||||
// This constant limits the number of recursive packets that may be pushed.
|
||||
const maxReaders = 32
|
||||
|
||||
// Next returns the most recently unread Packet, or reads another packet from
|
||||
// the top-most io.Reader. Unknown packet types are skipped.
|
||||
func (r *Reader) Next() (p Packet, err error) {
|
||||
|
@ -44,9 +52,15 @@ func (r *Reader) Next() (p Packet, err error) {
|
|||
|
||||
// Push causes the Reader to start reading from a new io.Reader. When an EOF
|
||||
// error is seen from the new io.Reader, it is popped and the Reader continues
|
||||
// to read from the next most recent io.Reader.
|
||||
func (r *Reader) Push(reader io.Reader) {
|
||||
// to read from the next most recent io.Reader. Push returns a StructuralError
|
||||
// if pushing the reader would exceed the maximum recursion level, otherwise it
|
||||
// returns nil.
|
||||
func (r *Reader) Push(reader io.Reader) (err error) {
|
||||
if len(r.readers) >= maxReaders {
|
||||
return errors.StructuralError("too many layers of packets")
|
||||
}
|
||||
r.readers = append(r.readers, reader)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Unread causes the given Packet to be returned from the next call to Next.
|
|
@ -5,16 +5,28 @@
|
|||
package packet
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/s2k"
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/rsa"
|
||||
"crypto/ecdsa"
|
||||
"encoding/asn1"
|
||||
"encoding/binary"
|
||||
"hash"
|
||||
"io"
|
||||
"math/big"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/s2k"
|
||||
)
|
||||
|
||||
const (
|
||||
// See RFC 4880, section 5.2.3.21 for details.
|
||||
KeyFlagCertify = 1 << iota
|
||||
KeyFlagSign
|
||||
KeyFlagEncryptCommunications
|
||||
KeyFlagEncryptStorage
|
||||
)
|
||||
|
||||
// Signature represents a signature. See RFC 4880, section 5.2.
|
||||
|
@ -50,6 +62,20 @@ type Signature struct {
|
|||
FlagsValid bool
|
||||
FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage bool
|
||||
|
||||
// RevocationReason is set if this signature has been revoked.
|
||||
// See RFC 4880, section 5.2.3.23 for details.
|
||||
RevocationReason *uint8
|
||||
RevocationReasonText string
|
||||
|
||||
// MDC is set if this signature has a feature packet that indicates
|
||||
// support for MDC subpackets.
|
||||
MDC bool
|
||||
|
||||
// EmbeddedSignature, if non-nil, is a signature of the parent key, by
|
||||
// this key. This prevents an attacker from claiming another's signing
|
||||
// subkey as their own.
|
||||
EmbeddedSignature *Signature
|
||||
|
||||
outSubpackets []outputSubpacket
|
||||
}
|
||||
|
||||
|
@ -176,6 +202,9 @@ const (
|
|||
prefCompressionSubpacket signatureSubpacketType = 22
|
||||
primaryUserIdSubpacket signatureSubpacketType = 25
|
||||
keyFlagsSubpacket signatureSubpacketType = 27
|
||||
reasonForRevocationSubpacket signatureSubpacketType = 29
|
||||
featuresSubpacket signatureSubpacketType = 30
|
||||
embeddedSignatureSubpacket signatureSubpacketType = 32
|
||||
)
|
||||
|
||||
// parseSignatureSubpacket parses a single subpacket. len(subpacket) is >= 1.
|
||||
|
@ -305,19 +334,54 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
|
|||
return
|
||||
}
|
||||
sig.FlagsValid = true
|
||||
if subpacket[0]&1 != 0 {
|
||||
if subpacket[0]&KeyFlagCertify != 0 {
|
||||
sig.FlagCertify = true
|
||||
}
|
||||
if subpacket[0]&2 != 0 {
|
||||
if subpacket[0]&KeyFlagSign != 0 {
|
||||
sig.FlagSign = true
|
||||
}
|
||||
if subpacket[0]&4 != 0 {
|
||||
if subpacket[0]&KeyFlagEncryptCommunications != 0 {
|
||||
sig.FlagEncryptCommunications = true
|
||||
}
|
||||
if subpacket[0]&8 != 0 {
|
||||
if subpacket[0]&KeyFlagEncryptStorage != 0 {
|
||||
sig.FlagEncryptStorage = true
|
||||
}
|
||||
|
||||
case reasonForRevocationSubpacket:
|
||||
// Reason For Revocation, section 5.2.3.23
|
||||
if !isHashed {
|
||||
return
|
||||
}
|
||||
if len(subpacket) == 0 {
|
||||
err = errors.StructuralError("empty revocation reason subpacket")
|
||||
return
|
||||
}
|
||||
sig.RevocationReason = new(uint8)
|
||||
*sig.RevocationReason = subpacket[0]
|
||||
sig.RevocationReasonText = string(subpacket[1:])
|
||||
case featuresSubpacket:
|
||||
// Features subpacket, section 5.2.3.24 specifies a very general
|
||||
// mechanism for OpenPGP implementations to signal support for new
|
||||
// features. In practice, the subpacket is used exclusively to
|
||||
// indicate support for MDC-protected encryption.
|
||||
sig.MDC = len(subpacket) >= 1 && subpacket[0]&1 == 1
|
||||
case embeddedSignatureSubpacket:
|
||||
// Only usage is in signatures that cross-certify
|
||||
// signing subkeys. section 5.2.3.26 describes the
|
||||
// format, with its usage described in section 11.1
|
||||
if sig.EmbeddedSignature != nil {
|
||||
err = errors.StructuralError("Cannot have multiple embedded signatures")
|
||||
return
|
||||
}
|
||||
sig.EmbeddedSignature = new(Signature)
|
||||
// Embedded signatures are required to be v4 signatures see
|
||||
// section 12.1. However, we only parse v4 signatures in this
|
||||
// file anyway.
|
||||
if err := sig.EmbeddedSignature.parse(bytes.NewBuffer(subpacket)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if sigType := sig.EmbeddedSignature.SigType; sigType != SigTypePrimaryKeyBinding {
|
||||
return nil, errors.StructuralError("cross-signature has unexpected type " + strconv.Itoa(int(sigType)))
|
||||
}
|
||||
default:
|
||||
if isCritical {
|
||||
err = errors.UnsupportedError("unknown critical signature subpacket type " + strconv.Itoa(int(packetType)))
|
||||
|
@ -453,7 +517,8 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
|
|||
|
||||
switch priv.PubKeyAlgo {
|
||||
case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
|
||||
sig.RSASignature.bytes, err = rsa.SignPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), sig.Hash, digest)
|
||||
// supports both *rsa.PrivateKey and crypto.Signer
|
||||
sig.RSASignature.bytes, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
|
||||
sig.RSASignature.bitLength = uint16(8 * len(sig.RSASignature.bytes))
|
||||
case PubKeyAlgoDSA:
|
||||
dsaPriv := priv.PrivateKey.(*dsa.PrivateKey)
|
||||
|
@ -470,6 +535,22 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
|
|||
sig.DSASigS.bytes = s.Bytes()
|
||||
sig.DSASigS.bitLength = uint16(8 * len(sig.DSASigS.bytes))
|
||||
}
|
||||
case PubKeyAlgoECDSA:
|
||||
var r, s *big.Int
|
||||
if pk, ok := priv.PrivateKey.(*ecdsa.PrivateKey); ok {
|
||||
// direct support, avoid asn1 wrapping/unwrapping
|
||||
r, s, err = ecdsa.Sign(config.Random(), pk, digest)
|
||||
} else {
|
||||
var b []byte
|
||||
b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, nil)
|
||||
if err == nil {
|
||||
r, s, err = unwrapECDSASig(b)
|
||||
}
|
||||
}
|
||||
if err == nil {
|
||||
sig.ECDSASigR = fromBig(r)
|
||||
sig.ECDSASigS = fromBig(s)
|
||||
}
|
||||
default:
|
||||
err = errors.UnsupportedError("public key algorithm: " + strconv.Itoa(int(sig.PubKeyAlgo)))
|
||||
}
|
||||
|
@ -477,6 +558,19 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
|
|||
return
|
||||
}
|
||||
|
||||
// unwrapECDSASig parses the two integer components of an ASN.1-encoded ECDSA
|
||||
// signature.
|
||||
func unwrapECDSASig(b []byte) (r, s *big.Int, err error) {
|
||||
var ecsdaSig struct {
|
||||
R, S *big.Int
|
||||
}
|
||||
_, err = asn1.Unmarshal(b, &ecsdaSig)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
return ecsdaSig.R, ecsdaSig.S, nil
|
||||
}
|
||||
|
||||
// SignUserId computes a signature from priv, asserting that pub is a valid
|
||||
// key for the identity id. On success, the signature is stored in sig. Call
|
||||
// Serialize to write it out.
|
||||
|
@ -484,7 +578,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
|
|||
func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error {
|
||||
h, err := userIdSignatureHash(id, pub, sig.Hash)
|
||||
if err != nil {
|
||||
return nil
|
||||
return err
|
||||
}
|
||||
return sig.Sign(h, priv, config)
|
||||
}
|
||||
|
@ -595,16 +689,16 @@ func (sig *Signature) buildSubpackets() (subpackets []outputSubpacket) {
|
|||
if sig.FlagsValid {
|
||||
var flags byte
|
||||
if sig.FlagCertify {
|
||||
flags |= 1
|
||||
flags |= KeyFlagCertify
|
||||
}
|
||||
if sig.FlagSign {
|
||||
flags |= 2
|
||||
flags |= KeyFlagSign
|
||||
}
|
||||
if sig.FlagEncryptCommunications {
|
||||
flags |= 4
|
||||
flags |= KeyFlagEncryptCommunications
|
||||
}
|
||||
if sig.FlagEncryptStorage {
|
||||
flags |= 8
|
||||
flags |= KeyFlagEncryptStorage
|
||||
}
|
||||
subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, false, []byte{flags}})
|
||||
}
|
|
@ -39,4 +39,40 @@ func TestSignatureReserialize(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestSignUserId(t *testing.T) {
|
||||
sig := &Signature{
|
||||
SigType: SigTypeGenericCert,
|
||||
PubKeyAlgo: PubKeyAlgoRSA,
|
||||
Hash: 0, // invalid hash function
|
||||
}
|
||||
|
||||
packet, err := Read(readerFromHex(rsaPkDataHex))
|
||||
if err != nil {
|
||||
t.Fatalf("failed to deserialize public key: %v", err)
|
||||
}
|
||||
pubKey := packet.(*PublicKey)
|
||||
|
||||
packet, err = Read(readerFromHex(privKeyRSAHex))
|
||||
if err != nil {
|
||||
t.Fatalf("failed to deserialize private key: %v", err)
|
||||
}
|
||||
privKey := packet.(*PrivateKey)
|
||||
|
||||
err = sig.SignUserId("", pubKey, privKey, nil)
|
||||
if err == nil {
|
||||
t.Errorf("did not receive an error when expected")
|
||||
}
|
||||
|
||||
sig.Hash = crypto.SHA256
|
||||
err = privKey.Decrypt([]byte("testing"))
|
||||
if err != nil {
|
||||
t.Fatalf("failed to decrypt private key: %v", err)
|
||||
}
|
||||
|
||||
err = sig.SignUserId("", pubKey, privKey, nil)
|
||||
if err != nil {
|
||||
t.Errorf("failed to sign user id: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
const signatureDataHex = "c2c05c04000102000605024cb45112000a0910ab105c91af38fb158f8d07ff5596ea368c5efe015bed6e78348c0f033c931d5f2ce5db54ce7f2a7e4b4ad64db758d65a7a71773edeab7ba2a9e0908e6a94a1175edd86c1d843279f045b021a6971a72702fcbd650efc393c5474d5b59a15f96d2eaad4c4c426797e0dcca2803ef41c6ff234d403eec38f31d610c344c06f2401c262f0993b2e66cad8a81ebc4322c723e0d4ba09fe917e8777658307ad8329adacba821420741009dfe87f007759f0982275d028a392c6ed983a0d846f890b36148c7358bdb8a516007fac760261ecd06076813831a36d0459075d1befa245ae7f7fb103d92ca759e9498fe60ef8078a39a3beda510deea251ea9f0a7f0df6ef42060f20780360686f3e400e"
|
|
@ -12,8 +12,8 @@ import (
|
|||
"strconv"
|
||||
"time"
|
||||
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/s2k"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/s2k"
|
||||
)
|
||||
|
||||
// SignatureV3 represents older version 3 signatures. These signatures are less secure
|
|
@ -12,7 +12,7 @@ import (
|
|||
"io/ioutil"
|
||||
"testing"
|
||||
|
||||
"code.google.com/p/go.crypto/openpgp/armor"
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
)
|
||||
|
||||
func TestSignatureV3Read(t *testing.T) {
|
|
@ -6,11 +6,12 @@ package packet
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/s2k"
|
||||
"crypto/cipher"
|
||||
"io"
|
||||
"strconv"
|
||||
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/s2k"
|
||||
)
|
||||
|
||||
// This is the largest session key that we'll support. Since no 512-bit cipher
|
||||
|
@ -21,20 +22,17 @@ const maxSessionKeySizeInBytes = 64
|
|||
// 4880, section 5.3.
|
||||
type SymmetricKeyEncrypted struct {
|
||||
CipherFunc CipherFunction
|
||||
Encrypted bool
|
||||
Key []byte // Empty unless Encrypted is false.
|
||||
s2k func(out, in []byte)
|
||||
encryptedKey []byte
|
||||
}
|
||||
|
||||
const symmetricKeyEncryptedVersion = 4
|
||||
|
||||
func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) {
|
||||
func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error {
|
||||
// RFC 4880, section 5.3.
|
||||
var buf [2]byte
|
||||
_, err = readFull(r, buf[:])
|
||||
if err != nil {
|
||||
return
|
||||
if _, err := readFull(r, buf[:]); err != nil {
|
||||
return err
|
||||
}
|
||||
if buf[0] != symmetricKeyEncryptedVersion {
|
||||
return errors.UnsupportedError("SymmetricKeyEncrypted version")
|
||||
|
@ -45,9 +43,10 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) {
|
|||
return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[1])))
|
||||
}
|
||||
|
||||
var err error
|
||||
ske.s2k, err = s2k.Parse(r)
|
||||
if err != nil {
|
||||
return
|
||||
return err
|
||||
}
|
||||
|
||||
encryptedKey := make([]byte, maxSessionKeySizeInBytes)
|
||||
|
@ -55,9 +54,9 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) {
|
|||
// out. If it exists then we limit it to maxSessionKeySizeInBytes.
|
||||
n, err := readFull(r, encryptedKey)
|
||||
if err != nil && err != io.ErrUnexpectedEOF {
|
||||
return
|
||||
return err
|
||||
}
|
||||
err = nil
|
||||
|
||||
if n != 0 {
|
||||
if n == maxSessionKeySizeInBytes {
|
||||
return errors.UnsupportedError("oversized encrypted session key")
|
||||
|
@ -65,42 +64,35 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) {
|
|||
ske.encryptedKey = encryptedKey[:n]
|
||||
}
|
||||
|
||||
ske.Encrypted = true
|
||||
|
||||
return
|
||||
return nil
|
||||
}
|
||||
|
||||
// Decrypt attempts to decrypt an encrypted session key. If it returns nil,
|
||||
// ske.Key will contain the session key.
|
||||
func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) error {
|
||||
if !ske.Encrypted {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Decrypt attempts to decrypt an encrypted session key and returns the key and
|
||||
// the cipher to use when decrypting a subsequent Symmetrically Encrypted Data
|
||||
// packet.
|
||||
func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error) {
|
||||
key := make([]byte, ske.CipherFunc.KeySize())
|
||||
ske.s2k(key, passphrase)
|
||||
|
||||
if len(ske.encryptedKey) == 0 {
|
||||
ske.Key = key
|
||||
} else {
|
||||
return key, ske.CipherFunc, nil
|
||||
}
|
||||
|
||||
// the IV is all zeros
|
||||
iv := make([]byte, ske.CipherFunc.blockSize())
|
||||
c := cipher.NewCFBDecrypter(ske.CipherFunc.new(key), iv)
|
||||
c.XORKeyStream(ske.encryptedKey, ske.encryptedKey)
|
||||
ske.CipherFunc = CipherFunction(ske.encryptedKey[0])
|
||||
if ske.CipherFunc.blockSize() == 0 {
|
||||
return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(ske.CipherFunc)))
|
||||
}
|
||||
ske.CipherFunc = CipherFunction(ske.encryptedKey[0])
|
||||
ske.Key = ske.encryptedKey[1:]
|
||||
if len(ske.Key)%ske.CipherFunc.blockSize() != 0 {
|
||||
ske.Key = nil
|
||||
return errors.StructuralError("length of decrypted key not a multiple of block size")
|
||||
plaintextKey := make([]byte, len(ske.encryptedKey))
|
||||
c.XORKeyStream(plaintextKey, ske.encryptedKey)
|
||||
cipherFunc := CipherFunction(plaintextKey[0])
|
||||
if cipherFunc.blockSize() == 0 {
|
||||
return nil, ske.CipherFunc, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc)))
|
||||
}
|
||||
plaintextKey = plaintextKey[1:]
|
||||
if l := len(plaintextKey); l == 0 || l%cipherFunc.blockSize() != 0 {
|
||||
return nil, cipherFunc, errors.StructuralError("length of decrypted key not a multiple of block size")
|
||||
}
|
||||
|
||||
ske.Encrypted = false
|
||||
return nil
|
||||
return plaintextKey, cipherFunc, nil
|
||||
}
|
||||
|
||||
// SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w. The
|
||||
|
@ -119,7 +111,7 @@ func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Conf
|
|||
keyEncryptingKey := make([]byte, keySize)
|
||||
// s2k.Serialize salts and stretches the passphrase, and writes the
|
||||
// resulting key to keyEncryptingKey and the s2k descriptor to s2kBuf.
|
||||
err = s2k.Serialize(s2kBuf, keyEncryptingKey, config.Random(), passphrase)
|
||||
err = s2k.Serialize(s2kBuf, keyEncryptingKey, config.Random(), passphrase, &s2k.Config{Hash: config.Hash(), S2KCount: config.PasswordHashIterations()})
|
||||
if err != nil {
|
||||
return
|
||||
}
|
|
@ -24,7 +24,7 @@ func TestSymmetricKeyEncrypted(t *testing.T) {
|
|||
t.Error("didn't find SymmetricKeyEncrypted packet")
|
||||
return
|
||||
}
|
||||
err = ske.Decrypt([]byte("password"))
|
||||
key, cipherFunc, err := ske.Decrypt([]byte("password"))
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
|
@ -40,7 +40,7 @@ func TestSymmetricKeyEncrypted(t *testing.T) {
|
|||
t.Error("didn't find SymmetricallyEncrypted packet")
|
||||
return
|
||||
}
|
||||
r, err := se.Decrypt(ske.CipherFunc, ske.Key)
|
||||
r, err := se.Decrypt(cipherFunc, key)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
return
|
||||
|
@ -64,8 +64,9 @@ const symmetricallyEncryptedContentsHex = "cb1062004d14c4df636f6e74656e74732e0a"
|
|||
func TestSerializeSymmetricKeyEncrypted(t *testing.T) {
|
||||
buf := bytes.NewBuffer(nil)
|
||||
passphrase := []byte("testing")
|
||||
const cipherFunc = CipherAES128
|
||||
config := &Config{
|
||||
DefaultCipher: CipherAES128,
|
||||
DefaultCipher: cipherFunc,
|
||||
}
|
||||
|
||||
key, err := SerializeSymmetricKeyEncrypted(buf, passphrase, config)
|
||||
|
@ -85,18 +86,18 @@ func TestSerializeSymmetricKeyEncrypted(t *testing.T) {
|
|||
return
|
||||
}
|
||||
|
||||
if !ske.Encrypted {
|
||||
t.Errorf("SKE not encrypted but should be")
|
||||
}
|
||||
if ske.CipherFunc != config.DefaultCipher {
|
||||
t.Errorf("SKE cipher function is %d (expected %d)", ske.CipherFunc, config.DefaultCipher)
|
||||
}
|
||||
err = ske.Decrypt(passphrase)
|
||||
parsedKey, parsedCipherFunc, err := ske.Decrypt(passphrase)
|
||||
if err != nil {
|
||||
t.Errorf("failed to decrypt reparsed SKE: %s", err)
|
||||
return
|
||||
}
|
||||
if !bytes.Equal(key, ske.Key) {
|
||||
t.Errorf("keys don't match after Decrpyt: %x (original) vs %x (parsed)", key, ske.Key)
|
||||
if !bytes.Equal(key, parsedKey) {
|
||||
t.Errorf("keys don't match after Decrypt: %x (original) vs %x (parsed)", key, parsedKey)
|
||||
}
|
||||
if parsedCipherFunc != cipherFunc {
|
||||
t.Errorf("cipher function doesn't match after Decrypt: %d (original) vs %d (parsed)", cipherFunc, parsedCipherFunc)
|
||||
}
|
||||
}
|
|
@ -5,10 +5,10 @@
|
|||
package packet
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"crypto/cipher"
|
||||
"crypto/sha1"
|
||||
"crypto/subtle"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"hash"
|
||||
"io"
|
||||
"strconv"
|
|
@ -6,9 +6,9 @@ package packet
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"crypto/sha1"
|
||||
"encoding/hex"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"testing"
|
|
@ -3,17 +3,18 @@
|
|||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package openpgp implements high level operations on OpenPGP messages.
|
||||
package openpgp
|
||||
package openpgp // import "golang.org/x/crypto/openpgp"
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/armor"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/packet"
|
||||
"crypto"
|
||||
_ "crypto/sha256"
|
||||
"hash"
|
||||
"io"
|
||||
"strconv"
|
||||
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
)
|
||||
|
||||
// SignatureType is the armor type for a PGP signature.
|
||||
|
@ -49,14 +50,15 @@ type MessageDetails struct {
|
|||
// If IsSigned is true and SignedBy is non-zero then the signature will
|
||||
// be verified as UnverifiedBody is read. The signature cannot be
|
||||
// checked until the whole of UnverifiedBody is read so UnverifiedBody
|
||||
// must be consumed until EOF before the data can trusted. Even if a
|
||||
// must be consumed until EOF before the data can be trusted. Even if a
|
||||
// message isn't signed (or the signer is unknown) the data may contain
|
||||
// an authentication code that is only checked once UnverifiedBody has
|
||||
// been consumed. Once EOF has been seen, the following fields are
|
||||
// valid. (An authentication code failure is reported as a
|
||||
// SignatureError error when reading from UnverifiedBody.)
|
||||
SignatureError error // nil if the signature is good.
|
||||
Signature *packet.Signature // the signature packet itself.
|
||||
Signature *packet.Signature // the signature packet itself, if v4 (default)
|
||||
SignatureV3 *packet.SignatureV3 // the signature packet if it is a v2 or v3 signature
|
||||
|
||||
decrypted io.ReadCloser
|
||||
}
|
||||
|
@ -195,9 +197,9 @@ FindKey:
|
|||
// Try the symmetric passphrase first
|
||||
if len(symKeys) != 0 && passphrase != nil {
|
||||
for _, s := range symKeys {
|
||||
err = s.Decrypt(passphrase)
|
||||
if err == nil && !s.Encrypted {
|
||||
decrypted, err = se.Decrypt(s.CipherFunc, s.Key)
|
||||
key, cipherFunc, err := s.Decrypt(passphrase)
|
||||
if err == nil {
|
||||
decrypted, err = se.Decrypt(cipherFunc, key)
|
||||
if err != nil && err != errors.ErrKeyIncorrect {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -211,7 +213,9 @@ FindKey:
|
|||
}
|
||||
|
||||
md.decrypted = decrypted
|
||||
packets.Push(decrypted)
|
||||
if err := packets.Push(decrypted); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return readSignedMessage(packets, md, keyring)
|
||||
}
|
||||
|
||||
|
@ -235,7 +239,9 @@ FindLiteralData:
|
|||
}
|
||||
switch p := p.(type) {
|
||||
case *packet.Compressed:
|
||||
packets.Push(p.Body)
|
||||
if err := packets.Push(p.Body); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
case *packet.OnePassSignature:
|
||||
if !p.IsLast {
|
||||
return nil, errors.UnsupportedError("nested signatures")
|
||||
|
@ -249,13 +255,9 @@ FindLiteralData:
|
|||
|
||||
md.IsSigned = true
|
||||
md.SignedByKeyId = p.KeyId
|
||||
keys := keyring.KeysById(p.KeyId)
|
||||
for i, key := range keys {
|
||||
if key.SelfSignature.FlagsValid && !key.SelfSignature.FlagSign {
|
||||
continue
|
||||
}
|
||||
md.SignedBy = &keys[i]
|
||||
break
|
||||
keys := keyring.KeysByIdUsage(p.KeyId, packet.KeyFlagSign)
|
||||
if len(keys) > 0 {
|
||||
md.SignedBy = &keys[0]
|
||||
}
|
||||
case *packet.LiteralData:
|
||||
md.LiteralData = p
|
||||
|
@ -280,10 +282,10 @@ FindLiteralData:
|
|||
// returns two hashes. The second should be used to hash the message itself and
|
||||
// performs any needed preprocessing.
|
||||
func hashForSignature(hashId crypto.Hash, sigType packet.SignatureType) (hash.Hash, hash.Hash, error) {
|
||||
h := hashId.New()
|
||||
if h == nil {
|
||||
if !hashId.Available() {
|
||||
return nil, nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashId)))
|
||||
}
|
||||
h := hashId.New()
|
||||
|
||||
switch sigType {
|
||||
case packet.SigTypeBinary:
|
||||
|
@ -333,13 +335,15 @@ func (scr *signatureCheckReader) Read(buf []byte) (n int, err error) {
|
|||
}
|
||||
|
||||
var ok bool
|
||||
if scr.md.Signature, ok = p.(*packet.Signature); !ok {
|
||||
if scr.md.Signature, ok = p.(*packet.Signature); ok {
|
||||
scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignature(scr.h, scr.md.Signature)
|
||||
} else if scr.md.SignatureV3, ok = p.(*packet.SignatureV3); ok {
|
||||
scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignatureV3(scr.h, scr.md.SignatureV3)
|
||||
} else {
|
||||
scr.md.SignatureError = errors.StructuralError("LiteralData not followed by Signature")
|
||||
return
|
||||
}
|
||||
|
||||
scr.md.SignatureError = scr.md.SignedBy.PublicKey.VerifySignature(scr.h, scr.md.Signature)
|
||||
|
||||
// The SymmetricallyEncrypted packet, if any, might have an
|
||||
// unsigned hash of its own. In order to check this we need to
|
||||
// close that Reader.
|
||||
|
@ -357,14 +361,21 @@ func (scr *signatureCheckReader) Read(buf []byte) (n int, err error) {
|
|||
// returns the signer if the signature is valid. If the signer isn't known,
|
||||
// ErrUnknownIssuer is returned.
|
||||
func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signer *Entity, err error) {
|
||||
p, err := packet.Read(signature)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
var issuerKeyId uint64
|
||||
var hashFunc crypto.Hash
|
||||
var sigType packet.SignatureType
|
||||
var keys []Key
|
||||
var p packet.Packet
|
||||
|
||||
packets := packet.NewReader(signature)
|
||||
for {
|
||||
p, err = packets.Next()
|
||||
if err == io.EOF {
|
||||
return nil, errors.ErrUnknownIssuer
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
switch sig := p.(type) {
|
||||
case *packet.Signature:
|
||||
|
@ -382,41 +393,41 @@ func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signe
|
|||
return nil, errors.StructuralError("non signature packet found")
|
||||
}
|
||||
|
||||
keys := keyring.KeysById(issuerKeyId)
|
||||
keys = keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign)
|
||||
if len(keys) > 0 {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if len(keys) == 0 {
|
||||
return nil, errors.ErrUnknownIssuer
|
||||
panic("unreachable")
|
||||
}
|
||||
|
||||
h, wrappedHash, err := hashForSignature(hashFunc, sigType)
|
||||
if err != nil {
|
||||
return
|
||||
return nil, err
|
||||
}
|
||||
|
||||
_, err = io.Copy(wrappedHash, signed)
|
||||
if err != nil && err != io.EOF {
|
||||
return
|
||||
if _, err := io.Copy(wrappedHash, signed); err != nil && err != io.EOF {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
for _, key := range keys {
|
||||
if key.SelfSignature.FlagsValid && !key.SelfSignature.FlagSign {
|
||||
continue
|
||||
}
|
||||
switch sig := p.(type) {
|
||||
case *packet.Signature:
|
||||
err = key.PublicKey.VerifySignature(h, sig)
|
||||
case *packet.SignatureV3:
|
||||
err = key.PublicKey.VerifySignatureV3(h, sig)
|
||||
default:
|
||||
panic("unreachable")
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
return key.Entity, nil
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return nil, errors.ErrUnknownIssuer
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// CheckArmoredDetachedSignature performs the same actions as
|
File diff suppressed because one or more lines are too long
|
@ -4,16 +4,90 @@
|
|||
|
||||
// Package s2k implements the various OpenPGP string-to-key transforms as
|
||||
// specified in RFC 4800 section 3.7.1.
|
||||
package s2k
|
||||
package s2k // import "golang.org/x/crypto/openpgp/s2k"
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"crypto"
|
||||
"hash"
|
||||
"io"
|
||||
"strconv"
|
||||
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
)
|
||||
|
||||
// Config collects configuration parameters for s2k key-stretching
|
||||
// transformatioms. A nil *Config is valid and results in all default
|
||||
// values. Currently, Config is used only by the Serialize function in
|
||||
// this package.
|
||||
type Config struct {
|
||||
// Hash is the default hash function to be used. If
|
||||
// nil, SHA1 is used.
|
||||
Hash crypto.Hash
|
||||
// S2KCount is only used for symmetric encryption. It
|
||||
// determines the strength of the passphrase stretching when
|
||||
// the said passphrase is hashed to produce a key. S2KCount
|
||||
// should be between 1024 and 65011712, inclusive. If Config
|
||||
// is nil or S2KCount is 0, the value 65536 used. Not all
|
||||
// values in the above range can be represented. S2KCount will
|
||||
// be rounded up to the next representable value if it cannot
|
||||
// be encoded exactly. When set, it is strongly encrouraged to
|
||||
// use a value that is at least 65536. See RFC 4880 Section
|
||||
// 3.7.1.3.
|
||||
S2KCount int
|
||||
}
|
||||
|
||||
func (c *Config) hash() crypto.Hash {
|
||||
if c == nil || uint(c.Hash) == 0 {
|
||||
// SHA1 is the historical default in this package.
|
||||
return crypto.SHA1
|
||||
}
|
||||
|
||||
return c.Hash
|
||||
}
|
||||
|
||||
func (c *Config) encodedCount() uint8 {
|
||||
if c == nil || c.S2KCount == 0 {
|
||||
return 96 // The common case. Correspoding to 65536
|
||||
}
|
||||
|
||||
i := c.S2KCount
|
||||
switch {
|
||||
// Behave like GPG. Should we make 65536 the lowest value used?
|
||||
case i < 1024:
|
||||
i = 1024
|
||||
case i > 65011712:
|
||||
i = 65011712
|
||||
}
|
||||
|
||||
return encodeCount(i)
|
||||
}
|
||||
|
||||
// encodeCount converts an iterative "count" in the range 1024 to
|
||||
// 65011712, inclusive, to an encoded count. The return value is the
|
||||
// octet that is actually stored in the GPG file. encodeCount panics
|
||||
// if i is not in the above range (encodedCount above takes care to
|
||||
// pass i in the correct range). See RFC 4880 Section 3.7.7.1.
|
||||
func encodeCount(i int) uint8 {
|
||||
if i < 1024 || i > 65011712 {
|
||||
panic("count arg i outside the required range")
|
||||
}
|
||||
|
||||
for encoded := 0; encoded < 256; encoded++ {
|
||||
count := decodeCount(uint8(encoded))
|
||||
if count >= i {
|
||||
return uint8(encoded)
|
||||
}
|
||||
}
|
||||
|
||||
return 255
|
||||
}
|
||||
|
||||
// decodeCount returns the s2k mode 3 iterative "count" corresponding to
|
||||
// the encoded octet c.
|
||||
func decodeCount(c uint8) int {
|
||||
return (16 + int(c&15)) << (uint32(c>>4) + 6)
|
||||
}
|
||||
|
||||
// Simple writes to out the result of computing the Simple S2K function (RFC
|
||||
// 4880, section 3.7.1.1) using the given hash and input passphrase.
|
||||
func Simple(out []byte, h hash.Hash, in []byte) {
|
||||
|
@ -91,10 +165,10 @@ func Parse(r io.Reader) (f func(out, in []byte), err error) {
|
|||
if !ok {
|
||||
return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(buf[1])))
|
||||
}
|
||||
h := hash.New()
|
||||
if h == nil {
|
||||
if !hash.Available() {
|
||||
return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hash)))
|
||||
}
|
||||
h := hash.New()
|
||||
|
||||
switch buf[0] {
|
||||
case 0:
|
||||
|
@ -116,7 +190,7 @@ func Parse(r io.Reader) (f func(out, in []byte), err error) {
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
count := (16 + int(buf[8]&15)) << (uint32(buf[8]>>4) + 6)
|
||||
count := decodeCount(buf[8])
|
||||
f := func(out, in []byte) {
|
||||
Iterated(out, h, in, buf[:8], count)
|
||||
}
|
||||
|
@ -126,23 +200,26 @@ func Parse(r io.Reader) (f func(out, in []byte), err error) {
|
|||
return nil, errors.UnsupportedError("S2K function")
|
||||
}
|
||||
|
||||
// Serialize salts and stretches the given passphrase and writes the resulting
|
||||
// key into key. It also serializes an S2K descriptor to w.
|
||||
func Serialize(w io.Writer, key []byte, rand io.Reader, passphrase []byte) error {
|
||||
// Serialize salts and stretches the given passphrase and writes the
|
||||
// resulting key into key. It also serializes an S2K descriptor to
|
||||
// w. The key stretching can be configured with c, which may be
|
||||
// nil. In that case, sensible defaults will be used.
|
||||
func Serialize(w io.Writer, key []byte, rand io.Reader, passphrase []byte, c *Config) error {
|
||||
var buf [11]byte
|
||||
buf[0] = 3 /* iterated and salted */
|
||||
buf[1], _ = HashToHashId(crypto.SHA1)
|
||||
buf[1], _ = HashToHashId(c.hash())
|
||||
salt := buf[2:10]
|
||||
if _, err := io.ReadFull(rand, salt); err != nil {
|
||||
return err
|
||||
}
|
||||
const count = 65536 // this is the default in gpg
|
||||
buf[10] = 96 // 65536 iterations
|
||||
encodedCount := c.encodedCount()
|
||||
count := decodeCount(encodedCount)
|
||||
buf[10] = encodedCount
|
||||
if _, err := w.Write(buf[:]); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
Iterated(key, crypto.SHA1.New(), passphrase, salt, count)
|
||||
Iterated(key, c.hash().New(), passphrase, salt, count)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -174,7 +251,7 @@ func HashIdToHash(id byte) (h crypto.Hash, ok bool) {
|
|||
}
|
||||
|
||||
// HashIdToString returns the name of the hash function corresponding to the
|
||||
// given OpenPGP hash id, or panics if id is unknown.
|
||||
// given OpenPGP hash id.
|
||||
func HashIdToString(id byte) (name string, ok bool) {
|
||||
for _, m := range hashToHashIdMapping {
|
||||
if m.id == id {
|
|
@ -6,10 +6,16 @@ package s2k
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
_ "crypto/md5"
|
||||
"crypto/rand"
|
||||
"crypto/sha1"
|
||||
_ "crypto/sha256"
|
||||
_ "crypto/sha512"
|
||||
"encoding/hex"
|
||||
"testing"
|
||||
|
||||
_ "golang.org/x/crypto/ripemd160"
|
||||
)
|
||||
|
||||
var saltedTests = []struct {
|
||||
|
@ -96,10 +102,23 @@ func TestParse(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestSerialize(t *testing.T) {
|
||||
hashes := []crypto.Hash{crypto.MD5, crypto.SHA1, crypto.RIPEMD160,
|
||||
crypto.SHA256, crypto.SHA384, crypto.SHA512, crypto.SHA224}
|
||||
testCounts := []int{-1, 0, 1024, 65536, 4063232, 65011712}
|
||||
for _, h := range hashes {
|
||||
for _, c := range testCounts {
|
||||
testSerializeConfig(t, &Config{Hash: h, S2KCount: c})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func testSerializeConfig(t *testing.T, c *Config) {
|
||||
t.Logf("Running testSerializeConfig() with config: %+v", c)
|
||||
|
||||
buf := bytes.NewBuffer(nil)
|
||||
key := make([]byte, 16)
|
||||
passphrase := []byte("testing")
|
||||
err := Serialize(buf, key, rand.Reader, passphrase)
|
||||
err := Serialize(buf, key, rand.Reader, passphrase, c)
|
||||
if err != nil {
|
||||
t.Errorf("failed to serialize: %s", err)
|
||||
return
|
|
@ -5,15 +5,16 @@
|
|||
package openpgp
|
||||
|
||||
import (
|
||||
"code.google.com/p/go.crypto/openpgp/armor"
|
||||
"code.google.com/p/go.crypto/openpgp/errors"
|
||||
"code.google.com/p/go.crypto/openpgp/packet"
|
||||
"code.google.com/p/go.crypto/openpgp/s2k"
|
||||
"crypto"
|
||||
"hash"
|
||||
"io"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/openpgp/armor"
|
||||
"golang.org/x/crypto/openpgp/errors"
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
"golang.org/x/crypto/openpgp/s2k"
|
||||
)
|
||||
|
||||
// DetachSign signs message with the private key from signer (which must
|
||||
|
@ -176,6 +177,9 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
|
|||
return nil, errors.InvalidArgumentError("no valid signing keys")
|
||||
}
|
||||
signer = signKey.PrivateKey
|
||||
if signer == nil {
|
||||
return nil, errors.InvalidArgumentError("no private key in signing key")
|
||||
}
|
||||
if signer.Encrypted {
|
||||
return nil, errors.InvalidArgumentError("signing key must be decrypted")
|
||||
}
|
||||
|
@ -227,7 +231,7 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
|
|||
}
|
||||
|
||||
cipher := packet.CipherFunction(candidateCiphers[0])
|
||||
// If the cipher specifed by config is a candidate, we'll use that.
|
||||
// If the cipher specified by config is a candidate, we'll use that.
|
||||
configuredCipher := config.Cipher()
|
||||
for _, c := range candidateCiphers {
|
||||
cipherFunc := packet.CipherFunction(c)
|
|
@ -10,6 +10,8 @@ import (
|
|||
"io/ioutil"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/openpgp/packet"
|
||||
)
|
||||
|
||||
func TestSignDetached(t *testing.T) {
|
||||
|
@ -48,16 +50,53 @@ func TestSignDetachedDSA(t *testing.T) {
|
|||
testDetachedSignature(t, kring, out, signedInput, "check", testKey3KeyId)
|
||||
}
|
||||
|
||||
func TestSignDetachedP256(t *testing.T) {
|
||||
kring, _ := ReadKeyRing(readerFromHex(p256TestKeyPrivateHex))
|
||||
kring[0].PrivateKey.Decrypt([]byte("passphrase"))
|
||||
|
||||
out := bytes.NewBuffer(nil)
|
||||
message := bytes.NewBufferString(signedInput)
|
||||
err := DetachSign(out, kring[0], message, nil)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
||||
testDetachedSignature(t, kring, out, signedInput, "check", testKeyP256KeyId)
|
||||
}
|
||||
|
||||
func TestNewEntity(t *testing.T) {
|
||||
if testing.Short() {
|
||||
return
|
||||
}
|
||||
|
||||
// Check bit-length with no config.
|
||||
e, err := NewEntity("Test User", "test", "test@example.com", nil)
|
||||
if err != nil {
|
||||
t.Errorf("failed to create entity: %s", err)
|
||||
return
|
||||
}
|
||||
bl, err := e.PrimaryKey.BitLength()
|
||||
if err != nil {
|
||||
t.Errorf("failed to find bit length: %s", err)
|
||||
}
|
||||
if int(bl) != defaultRSAKeyBits {
|
||||
t.Errorf("BitLength %v, expected %v", defaultRSAKeyBits)
|
||||
}
|
||||
|
||||
// Check bit-length with a config.
|
||||
cfg := &packet.Config{RSABits: 1024}
|
||||
e, err = NewEntity("Test User", "test", "test@example.com", cfg)
|
||||
if err != nil {
|
||||
t.Errorf("failed to create entity: %s", err)
|
||||
return
|
||||
}
|
||||
bl, err = e.PrimaryKey.BitLength()
|
||||
if err != nil {
|
||||
t.Errorf("failed to find bit length: %s", err)
|
||||
}
|
||||
if int(bl) != cfg.RSABits {
|
||||
t.Errorf("BitLength %v, expected %v", bl, cfg.RSABits)
|
||||
}
|
||||
|
||||
w := bytes.NewBuffer(nil)
|
||||
if err := e.SerializePrivate(w, nil); err != nil {
|
Loading…
Reference in New Issue