public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-09-06 17:16:44 +00:00
Code Issues Projects Releases Wiki Activity
0310ea2f75
terraform-provider-google/vendor/github.com/keybase/go-crypto/openpgp/packet/private_key.go
Paddy 961c878e0d Switch to using Go modules. (#2679) 
Switch to using Go modules.

This migrates our vendor.json to use Go 1.11's modules system, and
replaces the vendor folder with the output of go mod vendor.

The vendored code should remain basically the same; I believe some
tree shaking of packages and support scripts/licenses/READMEs/etc.
happened.

This also fixes Travis and our Makefile to no longer use govendor.
2018-12-20 17:22:22 -08:00

558 lines
14 KiB
Go
Raw Blame History

// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package packet
import (
"bytes"
"crypto/cipher"
"crypto/dsa"
"crypto/ecdsa"
"crypto/sha1"
"fmt"
"io"
"io/ioutil"
"math/big"
"strconv"
"time"
"github.com/keybase/go-crypto/ed25519"
"github.com/keybase/go-crypto/openpgp/ecdh"
"github.com/keybase/go-crypto/openpgp/elgamal"
"github.com/keybase/go-crypto/openpgp/errors"
"github.com/keybase/go-crypto/openpgp/s2k"
"github.com/keybase/go-crypto/rsa"
)
// PrivateKey represents a possibly encrypted private key. See RFC 4880,
// section 5.5.3.
type PrivateKey struct {
PublicKey
Encrypted bool // if true then the private key is unavailable until Decrypt has been called.
encryptedData []byte
cipher CipherFunction
s2k func(out, in []byte)
PrivateKey interface{} // An *rsa.PrivateKey or *dsa.PrivateKey.
sha1Checksum bool
iv []byte
s2kHeader []byte
}
type EdDSAPrivateKey struct {
PrivateKey
seed parsedMPI
}
func (e *EdDSAPrivateKey) Sign(digest []byte) (R, S []byte, err error) {
r := bytes.NewReader(e.seed.bytes)
publicKey, privateKey, err := ed25519.GenerateKey(r)
if err != nil {
return nil, nil, err
}
if !bytes.Equal(publicKey, e.PublicKey.edk.p.bytes[1:]) { // [1:] because [0] is 0x40 mpi header
return nil, nil, errors.UnsupportedError("EdDSA: Private key does not match public key.")
}
sig := ed25519.Sign(privateKey, digest)
sigLen := ed25519.SignatureSize / 2
return sig[:sigLen], sig[sigLen:], nil
}
func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey) *PrivateKey {
pk := new(PrivateKey)
pk.PublicKey = *NewRSAPublicKey(currentTime, &priv.PublicKey)
pk.PrivateKey = priv
return pk
}
func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey {
pk := new(PrivateKey)
pk.PublicKey = *NewDSAPublicKey(currentTime, &priv.PublicKey)
pk.PrivateKey = priv
return pk
}
func NewElGamalPrivateKey(currentTime time.Time, priv *elgamal.PrivateKey) *PrivateKey {
pk := new(PrivateKey)
pk.PublicKey = *NewElGamalPublicKey(currentTime, &priv.PublicKey)
pk.PrivateKey = priv
return pk
}
func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey {
pk := new(PrivateKey)
pk.PublicKey = *NewECDSAPublicKey(currentTime, &priv.PublicKey)
pk.PrivateKey = priv
return pk
}
func NewECDHPrivateKey(currentTime time.Time, priv *ecdh.PrivateKey) *PrivateKey {
pk := new(PrivateKey)
pk.PublicKey = *NewECDHPublicKey(currentTime, &priv.PublicKey)
pk.PrivateKey = priv
return pk
}
func (pk *PrivateKey) parse(r io.Reader) (err error) {
err = (&pk.PublicKey).parse(r)
if err != nil {
return
}
var buf [1]byte
_, err = readFull(r, buf[:])
if err != nil {
return
}
s2kType := buf[0]
switch s2kType {
case 0:
pk.s2k = nil
pk.Encrypted = false
case 254, 255:
_, err = readFull(r, buf[:])
if err != nil {
return
}
pk.cipher = CipherFunction(buf[0])
pk.Encrypted = true
pk.s2k, err = s2k.Parse(r)
if err != nil {
return
}
if s2kType == 254 {
pk.sha1Checksum = true
}
// S2K == nil implies that we got a "GNU Dummy" S2K. For instance,
// because our master secret key is on a USB key in a vault somewhere.
// In that case, there is no further data to consume here.
if pk.s2k == nil {
pk.Encrypted = false
return
}
default:
return errors.UnsupportedError("deprecated s2k function in private key")
}
if pk.Encrypted {
blockSize := pk.cipher.blockSize()
if blockSize == 0 {
return errors.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher)))
}
pk.iv = make([]byte, blockSize)
_, err = readFull(r, pk.iv)
if err != nil {
return
}
}
pk.encryptedData, err = ioutil.ReadAll(r)
if err != nil {
return
}
if !pk.Encrypted {
return pk.parsePrivateKey(pk.encryptedData)
}
return
}
func mod64kHash(d []byte) uint16 {
var h uint16
for _, b := range d {
h += uint16(b)
}
return h
}
// Encrypt is the counterpart to the Decrypt() method below. It encrypts
// the private key with the provided passphrase. If config is nil, then
// the standard, and sensible, defaults apply.
//
// A key will be derived from the given passphrase using S2K Specifier
// Type 3 (Iterated + Salted, see RFC-4880 Sec. 3.7.1.3). This choice
// is hardcoded in s2k.Serialize(). S2KCount is hardcoded to 0, which is
// equivalent to 65536. And the hash algorithm for key-derivation can be
// set with config. The encrypted PrivateKey, using the algorithm specified
// in config (if provided), is written out to the encryptedData member.
// When Serialize() is called, this encryptedData member will be
// serialized, using S2K Usage value of 254, and thus SHA1 checksum.
func (pk *PrivateKey) Encrypt(passphrase []byte, config *Config) (err error) {
if pk.PrivateKey == nil {
return errors.InvalidArgumentError("there is no private key to encrypt")
}
pk.sha1Checksum = true
pk.cipher = config.Cipher()
s2kConfig := s2k.Config{
Hash: config.Hash(),
S2KCount: 0,
}
s2kBuf := bytes.NewBuffer(nil)
derivedKey := make([]byte, pk.cipher.KeySize())
err = s2k.Serialize(s2kBuf, derivedKey, config.Random(), passphrase, &s2kConfig)
if err != nil {
return err
}
pk.s2kHeader = s2kBuf.Bytes()
// No good way to set pk.s2k but to call s2k.Parse(),
// even though we have all the information here, but
// most of the functions needed are private to s2k.
pk.s2k, err = s2k.Parse(s2kBuf)
pk.iv = make([]byte, pk.cipher.blockSize())
if _, err = config.Random().Read(pk.iv); err != nil {
return err
}
privateKeyBuf := bytes.NewBuffer(nil)
if err = pk.serializePrivateKey(privateKeyBuf); err != nil {
return err
}
checksum := sha1.Sum(privateKeyBuf.Bytes())
if _, err = privateKeyBuf.Write(checksum[:]); err != nil {
return err
}
pkData := privateKeyBuf.Bytes()
block := pk.cipher.new(derivedKey)
pk.encryptedData = make([]byte, len(pkData))
cfb := cipher.NewCFBEncrypter(block, pk.iv)
cfb.XORKeyStream(pk.encryptedData, pkData)
pk.Encrypted = true
return nil
}
func (pk *PrivateKey) Serialize(w io.Writer) (err error) {
buf := bytes.NewBuffer(nil)
err = pk.PublicKey.serializeWithoutHeaders(buf)
if err != nil {
return
}
privateKeyBuf := bytes.NewBuffer(nil)
if pk.PrivateKey == nil {
_, err = buf.Write([]byte{
254, // SHA-1 Convention
9, // Encryption scheme (AES256)
101, // GNU Extensions
2, // Hash value (SHA1)
'G', 'N', 'U', // "GNU" as a string
1, // Extension type 1001 (minus 1000)
})
} else if pk.Encrypted {
_, err = buf.Write([]byte{
254, // SHA-1 Convention
byte(pk.cipher), // Encryption scheme
})
if err != nil {
return err
}
if _, err = buf.Write(pk.s2kHeader); err != nil {
return err
}
if _, err = buf.Write(pk.iv); err != nil {
return err
}
if _, err = privateKeyBuf.Write(pk.encryptedData); err != nil {
return err
}
} else {
buf.WriteByte(0 /* no encryption */)
if err = pk.serializePrivateKey(privateKeyBuf); err != nil {
return err
}
}
ptype := packetTypePrivateKey
contents := buf.Bytes()
privateKeyBytes := privateKeyBuf.Bytes()
if pk.IsSubkey {
ptype = packetTypePrivateSubkey
}
totalLen := len(contents) + len(privateKeyBytes)
if !pk.Encrypted {
totalLen += 2
}
err = serializeHeader(w, ptype, totalLen)
if err != nil {
return
}
_, err = w.Write(contents)
if err != nil {
return
}
_, err = w.Write(privateKeyBytes)
if err != nil {
return
}
if len(privateKeyBytes) > 0 && !pk.Encrypted {
checksum := mod64kHash(privateKeyBytes)
var checksumBytes [2]byte
checksumBytes[0] = byte(checksum >> 8)
checksumBytes[1] = byte(checksum)
_, err = w.Write(checksumBytes[:])
}
return
}
func (pk *PrivateKey) serializePrivateKey(w io.Writer) (err error) {
switch priv := pk.PrivateKey.(type) {
case *rsa.PrivateKey:
err = serializeRSAPrivateKey(w, priv)
case *dsa.PrivateKey:
err = serializeDSAPrivateKey(w, priv)
case *elgamal.PrivateKey:
err = serializeElGamalPrivateKey(w, priv)
case *ecdsa.PrivateKey:
err = serializeECDSAPrivateKey(w, priv)
case *ecdh.PrivateKey:
err = serializeECDHPrivateKey(w, priv)
case *EdDSAPrivateKey:
err = serializeEdDSAPrivateKey(w, priv)
default:
err = errors.InvalidArgumentError("unknown private key type")
}
return err
}
func serializeRSAPrivateKey(w io.Writer, priv *rsa.PrivateKey) error {
err := writeBig(w, priv.D)
if err != nil {
return err
}
err = writeBig(w, priv.Primes[1])
if err != nil {
return err
}
err = writeBig(w, priv.Primes[0])
if err != nil {
return err
}
return writeBig(w, priv.Precomputed.Qinv)
}
func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error {
return writeBig(w, priv.X)
}
func serializeElGamalPrivateKey(w io.Writer, priv *elgamal.PrivateKey) error {
return writeBig(w, priv.X)
}
func serializeECDSAPrivateKey(w io.Writer, priv *ecdsa.PrivateKey) error {
return writeBig(w, priv.D)
}
func serializeECDHPrivateKey(w io.Writer, priv *ecdh.PrivateKey) error {
return writeBig(w, priv.X)
}
func serializeEdDSAPrivateKey(w io.Writer, priv *EdDSAPrivateKey) error {
return writeMPI(w, priv.seed.bitLength, priv.seed.bytes)
}
// Decrypt decrypts an encrypted private key using a passphrase.
func (pk *PrivateKey) Decrypt(passphrase []byte) error {
if !pk.Encrypted {
return nil
}
// For GNU Dummy S2K, there's no key here, so don't do anything.
if pk.s2k == nil {
return nil
}
key := make([]byte, pk.cipher.KeySize())
pk.s2k(key, passphrase)
block := pk.cipher.new(key)
cfb := cipher.NewCFBDecrypter(block, pk.iv)
data := make([]byte, len(pk.encryptedData))
cfb.XORKeyStream(data, pk.encryptedData)
if pk.sha1Checksum {
if len(data) < sha1.Size {
return errors.StructuralError("truncated private key data")
}
h := sha1.New()
h.Write(data[:len(data)-sha1.Size])
sum := h.Sum(nil)
if !bytes.Equal(sum, data[len(data)-sha1.Size:]) {
return errors.StructuralError("private key checksum failure")
}
data = data[:len(data)-sha1.Size]
} else {
if len(data) < 2 {
return errors.StructuralError("truncated private key data")
}
var sum uint16
for i := 0; i < len(data)-2; i++ {
sum += uint16(data[i])
}
if data[len(data)-2] != uint8(sum>>8) ||
data[len(data)-1] != uint8(sum) {
return errors.StructuralError("private key checksum failure")
}
data = data[:len(data)-2]
}
return pk.parsePrivateKey(data)
}
func (pk *PrivateKey) parsePrivateKey(data []byte) (err error) {
switch pk.PublicKey.PubKeyAlgo {
case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoRSAEncryptOnly:
return pk.parseRSAPrivateKey(data)
case PubKeyAlgoDSA:
return pk.parseDSAPrivateKey(data)
case PubKeyAlgoElGamal:
return pk.parseElGamalPrivateKey(data)
case PubKeyAlgoECDSA:
return pk.parseECDSAPrivateKey(data)
case PubKeyAlgoECDH:
return pk.parseECDHPrivateKey(data)
case PubKeyAlgoEdDSA:
return pk.parseEdDSAPrivateKey(data)
}
panic("impossible")
}
func (pk *PrivateKey) parseRSAPrivateKey(data []byte) (err error) {
rsaPub := pk.PublicKey.PublicKey.(*rsa.PublicKey)
rsaPriv := new(rsa.PrivateKey)
rsaPriv.PublicKey = *rsaPub
buf := bytes.NewBuffer(data)
d, _, err := readMPI(buf)
if err != nil {
return
}
p, _, err := readMPI(buf)
if err != nil {
return
}
q, _, err := readMPI(buf)
if err != nil {
return
}
rsaPriv.D = new(big.Int).SetBytes(d)
rsaPriv.Primes = make([]*big.Int, 2)
rsaPriv.Primes[0] = new(big.Int).SetBytes(p)
rsaPriv.Primes[1] = new(big.Int).SetBytes(q)
if err := rsaPriv.Validate(); err != nil {
return err
}
rsaPriv.Precompute()
pk.PrivateKey = rsaPriv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
func (pk *PrivateKey) parseDSAPrivateKey(data []byte) (err error) {
dsaPub := pk.PublicKey.PublicKey.(*dsa.PublicKey)
dsaPriv := new(dsa.PrivateKey)
dsaPriv.PublicKey = *dsaPub
buf := bytes.NewBuffer(data)
x, _, err := readMPI(buf)
if err != nil {
return
}
dsaPriv.X = new(big.Int).SetBytes(x)
pk.PrivateKey = dsaPriv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
func (pk *PrivateKey) parseElGamalPrivateKey(data []byte) (err error) {
pub := pk.PublicKey.PublicKey.(*elgamal.PublicKey)
priv := new(elgamal.PrivateKey)
priv.PublicKey = *pub
buf := bytes.NewBuffer(data)
x, _, err := readMPI(buf)
if err != nil {
return
}
priv.X = new(big.Int).SetBytes(x)
pk.PrivateKey = priv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
func (pk *PrivateKey) parseECDHPrivateKey(data []byte) (err error) {
pub := pk.PublicKey.PublicKey.(*ecdh.PublicKey)
priv := new(ecdh.PrivateKey)
priv.PublicKey = *pub
buf := bytes.NewBuffer(data)
d, _, err := readMPI(buf)
if err != nil {
return
}
priv.X = new(big.Int).SetBytes(d)
pk.PrivateKey = priv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
func (pk *PrivateKey) parseECDSAPrivateKey(data []byte) (err error) {
ecdsaPub := pk.PublicKey.PublicKey.(*ecdsa.PublicKey)
ecdsaPriv := new(ecdsa.PrivateKey)
ecdsaPriv.PublicKey = *ecdsaPub
buf := bytes.NewBuffer(data)
d, _, err := readMPI(buf)
if err != nil {
return
}
ecdsaPriv.D = new(big.Int).SetBytes(d)
pk.PrivateKey = ecdsaPriv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
func (pk *PrivateKey) parseEdDSAPrivateKey(data []byte) (err error) {
eddsaPriv := new(EdDSAPrivateKey)
eddsaPriv.PublicKey = pk.PublicKey
buf := bytes.NewBuffer(data)
eddsaPriv.seed.bytes, eddsaPriv.seed.bitLength, err = readMPI(buf)
if err != nil {
return err
}
if bLen := len(eddsaPriv.seed.bytes); bLen != 32 { // 32 bytes private part of ed25519 key.
return errors.UnsupportedError(fmt.Sprintf("Unexpected EdDSA private key length: %d", bLen))
}
pk.PrivateKey = eddsaPriv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
Reference in New Issue View Git Blame Copy Permalink