Commit a68494bf authored by Adam Langley's avatar Adam Langley

crypto/openpgp: assorted cleanups

1) Include Szabolcs Nagy's patch which adds serialisation for more
   signature subpackets.
2) Include Szabolcs Nagy's patch which adds functions for making DSA
   keys.
3) Make the random io.Reader an argument to the low-level signature
   functions rather than having them use crypto/rand.
4) Rename crypto/openpgp/error to crypto/openpgp/errors so that it
   doesn't clash with the new error type.

R=bradfitz, r
CC=golang-dev
https://golang.org/cl/5528044
parent 0c012af1
......@@ -9,7 +9,7 @@ package armor
import (
"bufio"
"bytes"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"encoding/base64"
"io"
)
......@@ -35,7 +35,7 @@ type Block struct {
oReader openpgpReader
}
var ArmorCorrupt error = error_.StructuralError("armor invalid")
var ArmorCorrupt error = errors.StructuralError("armor invalid")
const crc24Init = 0xb704ce
const crc24Poly = 0x1864cfb
......
......@@ -4,8 +4,8 @@
include ../../../../Make.inc
TARG=crypto/openpgp/error
TARG=crypto/openpgp/errors
GOFILES=\
error.go\
errors.go\
include ../../../../Make.pkg
......@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package error contains common error types for the OpenPGP packages.
package error
// Package errors contains common error types for the OpenPGP packages.
package errors
import (
"strconv"
......
......@@ -7,8 +7,9 @@ package openpgp
import (
"crypto"
"crypto/openpgp/armor"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/openpgp/packet"
"crypto/rand"
"crypto/rsa"
"io"
"time"
......@@ -181,13 +182,13 @@ func (el EntityList) DecryptionKeys() (keys []Key) {
func ReadArmoredKeyRing(r io.Reader) (EntityList, error) {
block, err := armor.Decode(r)
if err == io.EOF {
return nil, error_.InvalidArgumentError("no armored data found")
return nil, errors.InvalidArgumentError("no armored data found")
}
if err != nil {
return nil, err
}
if block.Type != PublicKeyType && block.Type != PrivateKeyType {
return nil, error_.InvalidArgumentError("expected public or private key block, got: " + block.Type)
return nil, errors.InvalidArgumentError("expected public or private key block, got: " + block.Type)
}
return ReadKeyRing(block.Body)
......@@ -203,7 +204,7 @@ func ReadKeyRing(r io.Reader) (el EntityList, err error) {
var e *Entity
e, err = readEntity(packets)
if err != nil {
if _, ok := err.(error_.UnsupportedError); ok {
if _, ok := err.(errors.UnsupportedError); ok {
lastUnsupportedError = err
err = readToNextPublicKey(packets)
}
......@@ -235,7 +236,7 @@ func readToNextPublicKey(packets *packet.Reader) (err error) {
if err == io.EOF {
return
} else if err != nil {
if _, ok := err.(error_.UnsupportedError); ok {
if _, ok := err.(errors.UnsupportedError); ok {
err = nil
continue
}
......@@ -266,14 +267,14 @@ func readEntity(packets *packet.Reader) (*Entity, error) {
if e.PrimaryKey, ok = p.(*packet.PublicKey); !ok {
if e.PrivateKey, ok = p.(*packet.PrivateKey); !ok {
packets.Unread(p)
return nil, error_.StructuralError("first packet was not a public/private key")
return nil, errors.StructuralError("first packet was not a public/private key")
} else {
e.PrimaryKey = &e.PrivateKey.PublicKey
}
}
if !e.PrimaryKey.PubKeyAlgo.CanSign() {
return nil, error_.StructuralError("primary key cannot be used for signatures")
return nil, errors.StructuralError("primary key cannot be used for signatures")
}
var current *Identity
......@@ -303,12 +304,12 @@ EachPacket:
sig, ok := p.(*packet.Signature)
if !ok {
return nil, error_.StructuralError("user ID packet not followed by self-signature")
return nil, errors.StructuralError("user ID packet not followed by self-signature")
}
if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId {
if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, sig); err != nil {
return nil, error_.StructuralError("user ID self-signature invalid: " + err.Error())
return nil, errors.StructuralError("user ID self-signature invalid: " + err.Error())
}
current.SelfSignature = sig
break
......@@ -317,7 +318,7 @@ EachPacket:
}
case *packet.Signature:
if current == nil {
return nil, error_.StructuralError("signature packet found before user id packet")
return nil, errors.StructuralError("signature packet found before user id packet")
}
current.Signatures = append(current.Signatures, pkt)
case *packet.PrivateKey:
......@@ -344,7 +345,7 @@ EachPacket:
}
if len(e.Identities) == 0 {
return nil, error_.StructuralError("entity without any identities")
return nil, errors.StructuralError("entity without any identities")
}
return e, nil
......@@ -359,19 +360,19 @@ func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *p
return io.ErrUnexpectedEOF
}
if err != nil {
return error_.StructuralError("subkey signature invalid: " + err.Error())
return errors.StructuralError("subkey signature invalid: " + err.Error())
}
var ok bool
subKey.Sig, ok = p.(*packet.Signature)
if !ok {
return error_.StructuralError("subkey packet not followed by signature")
return errors.StructuralError("subkey packet not followed by signature")
}
if subKey.Sig.SigType != packet.SigTypeSubkeyBinding {
return error_.StructuralError("subkey signature with wrong type")
return errors.StructuralError("subkey signature with wrong type")
}
err = e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, subKey.Sig)
if err != nil {
return error_.StructuralError("subkey signature invalid: " + err.Error())
return errors.StructuralError("subkey signature invalid: " + err.Error())
}
e.Subkeys = append(e.Subkeys, subKey)
return nil
......@@ -385,7 +386,7 @@ const defaultRSAKeyBits = 2048
func NewEntity(rand io.Reader, currentTime time.Time, name, comment, email string) (*Entity, error) {
uid := packet.NewUserId(name, comment, email)
if uid == nil {
return nil, error_.InvalidArgumentError("user id field contained invalid characters")
return nil, errors.InvalidArgumentError("user id field contained invalid characters")
}
signingPriv, err := rsa.GenerateKey(rand, defaultRSAKeyBits)
if err != nil {
......@@ -397,8 +398,8 @@ func NewEntity(rand io.Reader, currentTime time.Time, name, comment, email strin
}
e := &Entity{
PrimaryKey: packet.NewRSAPublicKey(currentTime, &signingPriv.PublicKey, false /* not a subkey */ ),
PrivateKey: packet.NewRSAPrivateKey(currentTime, signingPriv, false /* not a subkey */ ),
PrimaryKey: packet.NewRSAPublicKey(currentTime, &signingPriv.PublicKey),
PrivateKey: packet.NewRSAPrivateKey(currentTime, signingPriv),
Identities: make(map[string]*Identity),
}
isPrimaryId := true
......@@ -420,8 +421,8 @@ func NewEntity(rand io.Reader, currentTime time.Time, name, comment, email strin
e.Subkeys = make([]Subkey, 1)
e.Subkeys[0] = Subkey{
PublicKey: packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey, true /* is a subkey */ ),
PrivateKey: packet.NewRSAPrivateKey(currentTime, encryptingPriv, true /* is a subkey */ ),
PublicKey: packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey),
PrivateKey: packet.NewRSAPrivateKey(currentTime, encryptingPriv),
Sig: &packet.Signature{
CreationTime: currentTime,
SigType: packet.SigTypeSubkeyBinding,
......@@ -433,6 +434,8 @@ func NewEntity(rand io.Reader, currentTime time.Time, name, comment, email strin
IssuerKeyId: &e.PrimaryKey.KeyId,
},
}
e.Subkeys[0].PublicKey.IsSubkey = true
e.Subkeys[0].PrivateKey.IsSubkey = true
return e, nil
}
......@@ -450,7 +453,7 @@ func (e *Entity) SerializePrivate(w io.Writer) (err error) {
if err != nil {
return
}
err = ident.SelfSignature.SignUserId(ident.UserId.Id, e.PrimaryKey, e.PrivateKey)
err = ident.SelfSignature.SignUserId(rand.Reader, ident.UserId.Id, e.PrimaryKey, e.PrivateKey)
if err != nil {
return
}
......@@ -464,7 +467,7 @@ func (e *Entity) SerializePrivate(w io.Writer) (err error) {
if err != nil {
return
}
err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey)
err = subkey.Sig.SignKey(rand.Reader, subkey.PublicKey, e.PrivateKey)
if err != nil {
return
}
......@@ -518,14 +521,14 @@ func (e *Entity) Serialize(w io.Writer) error {
// necessary.
func (e *Entity) SignIdentity(identity string, signer *Entity) error {
if signer.PrivateKey == nil {
return error_.InvalidArgumentError("signing Entity must have a private key")
return errors.InvalidArgumentError("signing Entity must have a private key")
}
if signer.PrivateKey.Encrypted {
return error_.InvalidArgumentError("signing Entity's private key must be decrypted")
return errors.InvalidArgumentError("signing Entity's private key must be decrypted")
}
ident, ok := e.Identities[identity]
if !ok {
return error_.InvalidArgumentError("given identity string not found in Entity")
return errors.InvalidArgumentError("given identity string not found in Entity")
}
sig := &packet.Signature{
......@@ -535,7 +538,7 @@ func (e *Entity) SignIdentity(identity string, signer *Entity) error {
CreationTime: time.Now(),
IssuerKeyId: &signer.PrivateKey.KeyId,
}
if err := sig.SignKey(e.PrimaryKey, signer.PrivateKey); err != nil {
if err := sig.SignKey(rand.Reader, e.PrimaryKey, signer.PrivateKey); err != nil {
return err
}
ident.Signatures = append(ident.Signatures, sig)
......
......@@ -7,7 +7,7 @@ package packet
import (
"compress/flate"
"compress/zlib"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"io"
"strconv"
)
......@@ -31,7 +31,7 @@ func (c *Compressed) parse(r io.Reader) error {
case 2:
c.Body, err = zlib.NewReader(r)
default:
err = error_.UnsupportedError("unknown compression algorithm: " + strconv.Itoa(int(buf[0])))
err = errors.UnsupportedError("unknown compression algorithm: " + strconv.Itoa(int(buf[0])))
}
return err
......
......@@ -6,7 +6,7 @@ package packet
import (
"crypto/openpgp/elgamal"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/rand"
"crypto/rsa"
"encoding/binary"
......@@ -35,7 +35,7 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) {
return
}
if buf[0] != encryptedKeyVersion {
return error_.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0])))
return errors.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0])))
}
e.KeyId = binary.BigEndian.Uint64(buf[1:9])
e.Algo = PublicKeyAlgorithm(buf[9])
......@@ -77,7 +77,7 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey) error {
c2 := new(big.Int).SetBytes(e.encryptedMPI2)
b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2)
default:
err = error_.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
err = errors.InvalidArgumentError("cannot decrypted encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
}
if err != nil {
......@@ -89,7 +89,7 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey) error {
expectedChecksum := uint16(b[len(b)-2])<<8 | uint16(b[len(b)-1])
checksum := checksumKeyMaterial(e.Key)
if checksum != expectedChecksum {
return error_.StructuralError("EncryptedKey checksum incorrect")
return errors.StructuralError("EncryptedKey checksum incorrect")
}
return nil
......@@ -116,16 +116,16 @@ func SerializeEncryptedKey(w io.Writer, rand io.Reader, pub *PublicKey, cipherFu
case PubKeyAlgoElGamal:
return serializeEncryptedKeyElGamal(w, rand, buf, pub.PublicKey.(*elgamal.PublicKey), keyBlock)
case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly:
return error_.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
}
return error_.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
return errors.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
}
func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub *rsa.PublicKey, keyBlock []byte) error {
cipherText, err := rsa.EncryptPKCS1v15(rand, pub, keyBlock)
if err != nil {
return error_.InvalidArgumentError("RSA encryption failed: " + err.Error())
return errors.InvalidArgumentError("RSA encryption failed: " + err.Error())
}
packetLen := 10 /* header length */ + 2 /* mpi size */ + len(cipherText)
......@@ -144,7 +144,7 @@ func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header [10]byte, pub
func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header [10]byte, pub *elgamal.PublicKey, keyBlock []byte) error {
c1, c2, err := elgamal.Encrypt(rand, pub, keyBlock)
if err != nil {
return error_.InvalidArgumentError("ElGamal encryption failed: " + err.Error())
return errors.InvalidArgumentError("ElGamal encryption failed: " + err.Error())
}
packetLen := 10 /* header length */
......
......@@ -6,7 +6,7 @@ package packet
import (
"crypto"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/openpgp/s2k"
"encoding/binary"
"io"
......@@ -33,13 +33,13 @@ func (ops *OnePassSignature) parse(r io.Reader) (err error) {
return
}
if buf[0] != onePassSignatureVersion {
err = error_.UnsupportedError("one-pass-signature packet version " + strconv.Itoa(int(buf[0])))
err = errors.UnsupportedError("one-pass-signature packet version " + strconv.Itoa(int(buf[0])))
}
var ok bool
ops.Hash, ok = s2k.HashIdToHash(buf[2])
if !ok {
return error_.UnsupportedError("hash function: " + strconv.Itoa(int(buf[2])))
return errors.UnsupportedError("hash function: " + strconv.Itoa(int(buf[2])))
}
ops.SigType = SignatureType(buf[1])
......@@ -57,7 +57,7 @@ func (ops *OnePassSignature) Serialize(w io.Writer) error {
var ok bool
buf[2], ok = s2k.HashToHashId(ops.Hash)
if !ok {
return error_.UnsupportedError("hash type: " + strconv.Itoa(int(ops.Hash)))
return errors.UnsupportedError("hash type: " + strconv.Itoa(int(ops.Hash)))
}
buf[3] = uint8(ops.PubKeyAlgo)
binary.BigEndian.PutUint64(buf[4:12], ops.KeyId)
......
......@@ -10,7 +10,7 @@ import (
"crypto/aes"
"crypto/cast5"
"crypto/cipher"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"io"
"math/big"
)
......@@ -162,7 +162,7 @@ func readHeader(r io.Reader) (tag packetType, length int64, contents io.Reader,
return
}
if buf[0]&0x80 == 0 {
err = error_.StructuralError("tag byte does not have MSB set")
err = errors.StructuralError("tag byte does not have MSB set")
return
}
if buf[0]&0x40 == 0 {
......@@ -337,7 +337,7 @@ func Read(r io.Reader) (p Packet, err error) {
se.MDC = true
p = se
default:
err = error_.UnknownPacketTypeError(tag)
err = errors.UnknownPacketTypeError(tag)
}
if p != nil {
err = p.parse(contents)
......
......@@ -6,7 +6,7 @@ package packet
import (
"bytes"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"encoding/hex"
"fmt"
"io"
......@@ -152,7 +152,7 @@ func TestReadHeader(t *testing.T) {
for i, test := range readHeaderTests {
tag, length, contents, err := readHeader(readerFromHex(test.hexInput))
if test.structuralError {
if _, ok := err.(error_.StructuralError); ok {
if _, ok := err.(errors.StructuralError); ok {
continue
}
t.Errorf("%d: expected StructuralError, got:%s", i, err)
......
......@@ -9,7 +9,7 @@ import (
"crypto/cipher"
"crypto/dsa"
"crypto/openpgp/elgamal"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/openpgp/s2k"
"crypto/rsa"
"crypto/sha1"
......@@ -28,14 +28,21 @@ type PrivateKey struct {
encryptedData []byte
cipher CipherFunction
s2k func(out, in []byte)
PrivateKey interface{} // An *rsa.PrivateKey.
PrivateKey interface{} // An *rsa.PrivateKey or *dsa.PrivateKey.
sha1Checksum bool
iv []byte
}
func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey, isSubkey bool) *PrivateKey {
func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey) *PrivateKey {
pk := new(PrivateKey)
pk.PublicKey = *NewRSAPublicKey(currentTime, &priv.PublicKey, isSubkey)
pk.PublicKey = *NewRSAPublicKey(currentTime, &priv.PublicKey)
pk.PrivateKey = priv
return pk
}
func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey {
pk := new(PrivateKey)
pk.PublicKey = *NewDSAPublicKey(currentTime, &priv.PublicKey)
pk.PrivateKey = priv
return pk
}
......@@ -72,13 +79,13 @@ func (pk *PrivateKey) parse(r io.Reader) (err error) {
pk.sha1Checksum = true
}
default:
return error_.UnsupportedError("deprecated s2k function in private key")
return errors.UnsupportedError("deprecated s2k function in private key")
}
if pk.Encrypted {
blockSize := pk.cipher.blockSize()
if blockSize == 0 {
return error_.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher)))
return errors.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher)))
}
pk.iv = make([]byte, blockSize)
_, err = readFull(r, pk.iv)
......@@ -121,8 +128,10 @@ func (pk *PrivateKey) Serialize(w io.Writer) (err error) {
switch priv := pk.PrivateKey.(type) {
case *rsa.PrivateKey:
err = serializeRSAPrivateKey(privateKeyBuf, priv)
case *dsa.PrivateKey:
err = serializeDSAPrivateKey(privateKeyBuf, priv)
default:
err = error_.InvalidArgumentError("non-RSA private key")
err = errors.InvalidArgumentError("unknown private key type")
}
if err != nil {
return
......@@ -172,6 +181,10 @@ func serializeRSAPrivateKey(w io.Writer, priv *rsa.PrivateKey) error {
return writeBig(w, priv.Precomputed.Qinv)
}
func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error {
return writeBig(w, priv.X)
}
// Decrypt decrypts an encrypted private key using a passphrase.
func (pk *PrivateKey) Decrypt(passphrase []byte) error {
if !pk.Encrypted {
......@@ -188,18 +201,18 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error {
if pk.sha1Checksum {
if len(data) < sha1.Size {
return error_.StructuralError("truncated private key data")
return errors.StructuralError("truncated private key data")
}
h := sha1.New()
h.Write(data[:len(data)-sha1.Size])
sum := h.Sum(nil)
if !bytes.Equal(sum, data[len(data)-sha1.Size:]) {
return error_.StructuralError("private key checksum failure")
return errors.StructuralError("private key checksum failure")
}
data = data[:len(data)-sha1.Size]
} else {
if len(data) < 2 {
return error_.StructuralError("truncated private key data")
return errors.StructuralError("truncated private key data")
}
var sum uint16
for i := 0; i < len(data)-2; i++ {
......@@ -207,7 +220,7 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error {
}
if data[len(data)-2] != uint8(sum>>8) ||
data[len(data)-1] != uint8(sum) {
return error_.StructuralError("private key checksum failure")
return errors.StructuralError("private key checksum failure")
}
data = data[:len(data)-2]
}
......
......@@ -7,7 +7,7 @@ package packet
import (
"crypto/dsa"
"crypto/openpgp/elgamal"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/rsa"
"crypto/sha1"
"encoding/binary"
......@@ -39,12 +39,11 @@ func fromBig(n *big.Int) parsedMPI {
}
// NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey, isSubkey bool) *PublicKey {
func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey {
pk := &PublicKey{
CreationTime: creationTime,
PubKeyAlgo: PubKeyAlgoRSA,
PublicKey: pub,
IsSubkey: isSubkey,
n: fromBig(pub.N),
e: fromBig(big.NewInt(int64(pub.E))),
}
......@@ -53,6 +52,22 @@ func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey, isSubkey bool)
return pk
}
// NewDSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey {
pk := &PublicKey{
CreationTime: creationTime,
PubKeyAlgo: PubKeyAlgoDSA,
PublicKey: pub,
p: fromBig(pub.P),
q: fromBig(pub.Q),
g: fromBig(pub.G),
y: fromBig(pub.Y),
}
pk.setFingerPrintAndKeyId()
return pk
}
func (pk *PublicKey) parse(r io.Reader) (err error) {
// RFC 4880, section 5.5.2
var buf [6]byte
......@@ -61,7 +76,7 @@ func (pk *PublicKey) parse(r io.Reader) (err error) {
return
}
if buf[0] != 4 {
return error_.UnsupportedError("public key version")
return errors.UnsupportedError("public key version")
}
pk.CreationTime = time.Unix(int64(uint32(buf[1])<<24|uint32(buf[2])<<16|uint32(buf[3])<<8|uint32(buf[4])), 0)
pk.PubKeyAlgo = PublicKeyAlgorithm(buf[5])
......@@ -73,7 +88,7 @@ func (pk *PublicKey) parse(r io.Reader) (err error) {
case PubKeyAlgoElGamal:
err = pk.parseElGamal(r)
default:
err = error_.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo)))
err = errors.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo)))
}
if err != nil {
return
......@@ -105,7 +120,7 @@ func (pk *PublicKey) parseRSA(r io.Reader) (err error) {
}
if len(pk.e.bytes) > 3 {
err = error_.UnsupportedError("large public exponent")
err = errors.UnsupportedError("large public exponent")
return
}
rsa := &rsa.PublicKey{
......@@ -255,7 +270,7 @@ func (pk *PublicKey) serializeWithoutHeaders(w io.Writer) (err error) {
case PubKeyAlgoElGamal:
return writeMPIs(w, pk.p, pk.g, pk.y)
}
return error_.InvalidArgumentError("bad public-key algorithm")
return errors.InvalidArgumentError("bad public-key algorithm")
}
// CanSign returns true iff this public key can generate signatures
......@@ -267,18 +282,18 @@ func (pk *PublicKey) CanSign() bool {
// public key, of the data hashed into signed. signed is mutated by this call.
func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error) {
if !pk.CanSign() {
return error_.InvalidArgumentError("public key cannot generate signatures")
return errors.InvalidArgumentError("public key cannot generate signatures")
}
signed.Write(sig.HashSuffix)
hashBytes := signed.Sum(nil)
if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {
return error_.SignatureError("hash tag doesn't match")
return errors.SignatureError("hash tag doesn't match")
}
if pk.PubKeyAlgo != sig.PubKeyAlgo {
return error_.InvalidArgumentError("public key and signature use different algorithms")
return errors.InvalidArgumentError("public key and signature use different algorithms")
}
switch pk.PubKeyAlgo {
......@@ -286,7 +301,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro
rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey)
err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes)
if err != nil {
return error_.SignatureError("RSA verification failure")
return errors.SignatureError("RSA verification failure")
}
return nil
case PubKeyAlgoDSA:
......@@ -297,7 +312,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro
hashBytes = hashBytes[:subgroupSize]
}
if !dsa.Verify(dsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.DSASigR.bytes), new(big.Int).SetBytes(sig.DSASigS.bytes)) {
return error_.SignatureError("DSA verification failure")
return errors.SignatureError("DSA verification failure")
}
return nil
default:
......@@ -311,7 +326,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro
func keySignatureHash(pk, signed *PublicKey, sig *Signature) (h hash.Hash, err error) {
h = sig.Hash.New()
if h == nil {
return nil, error_.UnsupportedError("hash function")
return nil, errors.UnsupportedError("hash function")
}
// RFC 4880, section 5.2.4
......@@ -337,7 +352,7 @@ func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) (err
func userIdSignatureHash(id string, pk *PublicKey, sig *Signature) (h hash.Hash, err error) {
h = sig.Hash.New()
if h == nil {
return nil, error_.UnsupportedError("hash function")
return nil, errors.UnsupportedError("hash function")
}
// RFC 4880, section 5.2.4
......
......@@ -5,7 +5,7 @@
package packet
import (
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"io"
)
......@@ -34,7 +34,7 @@ func (r *Reader) Next() (p Packet, err error) {
r.readers = r.readers[:len(r.readers)-1]
continue
}
if _, ok := err.(error_.UnknownPacketTypeError); !ok {
if _, ok := err.(errors.UnknownPacketTypeError); !ok {
return nil, err
}
}
......
This diff is collapsed.
......@@ -7,7 +7,7 @@ package packet
import (
"bytes"
"crypto/cipher"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/openpgp/s2k"
"io"
"strconv"
......@@ -37,12 +37,12 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) {
return
}
if buf[0] != symmetricKeyEncryptedVersion {
return error_.UnsupportedError("SymmetricKeyEncrypted version")
return errors.UnsupportedError("SymmetricKeyEncrypted version")
}
ske.CipherFunc = CipherFunction(buf[1])
if ske.CipherFunc.KeySize() == 0 {
return error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[1])))
return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[1])))
}
ske.s2k, err = s2k.Parse(r)
......@@ -60,7 +60,7 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) {
err = nil
if n != 0 {
if n == maxSessionKeySizeInBytes {
return error_.UnsupportedError("oversized encrypted session key")
return errors.UnsupportedError("oversized encrypted session key")
}
ske.encryptedKey = encryptedKey[:n]
}
......@@ -89,13 +89,13 @@ func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) error {
c.XORKeyStream(ske.encryptedKey, ske.encryptedKey)
ske.CipherFunc = CipherFunction(ske.encryptedKey[0])
if ske.CipherFunc.blockSize() == 0 {
return error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(ske.CipherFunc)))
return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(ske.CipherFunc)))
}
ske.CipherFunc = CipherFunction(ske.encryptedKey[0])
ske.Key = ske.encryptedKey[1:]
if len(ske.Key)%ske.CipherFunc.blockSize() != 0 {
ske.Key = nil
return error_.StructuralError("length of decrypted key not a multiple of block size")
return errors.StructuralError("length of decrypted key not a multiple of block size")
}
}
......@@ -110,7 +110,7 @@ func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) error {
func SerializeSymmetricKeyEncrypted(w io.Writer, rand io.Reader, passphrase []byte, cipherFunc CipherFunction) (key []byte, err error) {
keySize := cipherFunc.KeySize()
if keySize == 0 {
return nil, error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc)))
return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc)))
}
s2kBuf := new(bytes.Buffer)
......
......@@ -6,8 +6,7 @@ package packet
import (
"crypto/cipher"
error_ "crypto/openpgp/error"
"crypto/rand"
"crypto/openpgp/errors"
"crypto/sha1"
"crypto/subtle"
"hash"
......@@ -35,7 +34,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
return err
}
if buf[0] != symmetricallyEncryptedVersion {
return error_.UnsupportedError("unknown SymmetricallyEncrypted version")
return errors.UnsupportedError("unknown SymmetricallyEncrypted version")
}
}
se.contents = r
......@@ -48,10 +47,10 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
keySize := c.KeySize()
if keySize == 0 {
return nil, error_.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
}
if len(key) != keySize {
return nil, error_.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
}
if se.prefix == nil {
......@@ -61,7 +60,7 @@ func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.Read
return nil, err
}
} else if len(se.prefix) != c.blockSize()+2 {
return nil, error_.InvalidArgumentError("can't try ciphers with different block lengths")
return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
}
ocfbResync := cipher.OCFBResync
......@@ -72,7 +71,7 @@ func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.Read
s := cipher.NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
if s == nil {
return nil, error_.KeyIncorrectError
return nil, errors.KeyIncorrectError
}
plaintext := cipher.StreamReader{S: s, R: se.contents}
......@@ -181,7 +180,7 @@ const mdcPacketTagByte = byte(0x80) | 0x40 | 19
func (ser *seMDCReader) Close() error {
if ser.error {
return error_.SignatureError("error during reading")
return errors.SignatureError("error during reading")
}
for !ser.eof {
......@@ -192,18 +191,18 @@ func (ser *seMDCReader) Close() error {
break
}
if err != nil {
return error_.SignatureError("error during reading")
return errors.SignatureError("error during reading")
}
}
if ser.trailer[0] != mdcPacketTagByte || ser.trailer[1] != sha1.Size {
return error_.SignatureError("MDC packet not found")
return errors.SignatureError("MDC packet not found")
}
ser.h.Write(ser.trailer[:2])
final := ser.h.Sum(nil)
if subtle.ConstantTimeCompare(final, ser.trailer[2:]) != 1 {
return error_.SignatureError("hash mismatch")
return errors.SignatureError("hash mismatch")
}
return nil
}
......@@ -253,9 +252,9 @@ func (c noOpCloser) Close() error {
// SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet
// to w and returns a WriteCloser to which the to-be-encrypted packets can be
// written.
func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte) (contents io.WriteCloser, err error) {
func SerializeSymmetricallyEncrypted(w io.Writer, rand io.Reader, c CipherFunction, key []byte) (contents io.WriteCloser, err error) {
if c.KeySize() != len(key) {
return nil, error_.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
}
writeCloser := noOpCloser{w}
ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
......@@ -271,7 +270,7 @@ func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte)
block := c.new(key)
blockSize := block.BlockSize()
iv := make([]byte, blockSize)
_, err = rand.Reader.Read(iv)
_, err = rand.Read(iv)
if err != nil {
return
}
......
......@@ -6,7 +6,8 @@ package packet
import (
"bytes"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/rand"
"crypto/sha1"
"encoding/hex"
"io"
......@@ -70,7 +71,7 @@ func testMDCReader(t *testing.T) {
err = mdcReader.Close()
if err == nil {
t.Error("corruption: no error")
} else if _, ok := err.(*error_.SignatureError); !ok {
} else if _, ok := err.(*errors.SignatureError); !ok {
t.Errorf("corruption: expected SignatureError, got: %s", err)
}
}
......@@ -82,7 +83,7 @@ func TestSerialize(t *testing.T) {
c := CipherAES128
key := make([]byte, c.KeySize())
w, err := SerializeSymmetricallyEncrypted(buf, c, key)
w, err := SerializeSymmetricallyEncrypted(buf, rand.Reader, c, key)
if err != nil {
t.Errorf("error from SerializeSymmetricallyEncrypted: %s", err)
return
......
......@@ -8,7 +8,7 @@ package openpgp
import (
"crypto"
"crypto/openpgp/armor"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/openpgp/packet"
_ "crypto/sha256"
"hash"
......@@ -27,7 +27,7 @@ func readArmored(r io.Reader, expectedType string) (body io.Reader, err error) {
}
if block.Type != expectedType {
return nil, error_.InvalidArgumentError("expected '" + expectedType + "', got: " + block.Type)
return nil, errors.InvalidArgumentError("expected '" + expectedType + "', got: " + block.Type)
}
return block.Body, nil
......@@ -130,7 +130,7 @@ ParsePackets:
case *packet.Compressed, *packet.LiteralData, *packet.OnePassSignature:
// This message isn't encrypted.
if len(symKeys) != 0 || len(pubKeys) != 0 {
return nil, error_.StructuralError("key material not followed by encrypted message")
return nil, errors.StructuralError("key material not followed by encrypted message")
}
packets.Unread(p)
return readSignedMessage(packets, nil, keyring)
......@@ -161,7 +161,7 @@ FindKey:
continue
}
decrypted, err = se.Decrypt(pk.encryptedKey.CipherFunc, pk.encryptedKey.Key)
if err != nil && err != error_.KeyIncorrectError {
if err != nil && err != errors.KeyIncorrectError {
return nil, err
}
if decrypted != nil {
......@@ -179,11 +179,11 @@ FindKey:
}
if len(candidates) == 0 && len(symKeys) == 0 {
return nil, error_.KeyIncorrectError
return nil, errors.KeyIncorrectError
}
if prompt == nil {
return nil, error_.KeyIncorrectError
return nil, errors.KeyIncorrectError
}
passphrase, err := prompt(candidates, len(symKeys) != 0)
......@@ -197,7 +197,7 @@ FindKey:
err = s.Decrypt(passphrase)
if err == nil && !s.Encrypted {
decrypted, err = se.Decrypt(s.CipherFunc, s.Key)
if err != nil && err != error_.KeyIncorrectError {
if err != nil && err != errors.KeyIncorrectError {
return nil, err
}
if decrypted != nil {
......@@ -237,7 +237,7 @@ FindLiteralData:
packets.Push(p.Body)
case *packet.OnePassSignature:
if !p.IsLast {
return nil, error_.UnsupportedError("nested signatures")
return nil, errors.UnsupportedError("nested signatures")
}
h, wrappedHash, err = hashForSignature(p.Hash, p.SigType)
......@@ -281,7 +281,7 @@ FindLiteralData:
func hashForSignature(hashId crypto.Hash, sigType packet.SignatureType) (hash.Hash, hash.Hash, error) {
h := hashId.New()
if h == nil {
return nil, nil, error_.UnsupportedError("hash not available: " + strconv.Itoa(int(hashId)))
return nil, nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashId)))
}
switch sigType {
......@@ -291,7 +291,7 @@ func hashForSignature(hashId crypto.Hash, sigType packet.SignatureType) (hash.Ha
return h, NewCanonicalTextHash(h), nil
}
return nil, nil, error_.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(sigType)))
return nil, nil, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(sigType)))
}
// checkReader wraps an io.Reader from a LiteralData packet. When it sees EOF
......@@ -333,7 +333,7 @@ func (scr *signatureCheckReader) Read(buf []byte) (n int, err error) {
var ok bool
if scr.md.Signature, ok = p.(*packet.Signature); !ok {
scr.md.SignatureError = error_.StructuralError("LiteralData not followed by Signature")
scr.md.SignatureError = errors.StructuralError("LiteralData not followed by Signature")
return
}
......@@ -363,16 +363,16 @@ func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signe
sig, ok := p.(*packet.Signature)
if !ok {
return nil, error_.StructuralError("non signature packet found")
return nil, errors.StructuralError("non signature packet found")
}
if sig.IssuerKeyId == nil {
return nil, error_.StructuralError("signature doesn't have an issuer")
return nil, errors.StructuralError("signature doesn't have an issuer")
}
keys := keyring.KeysById(*sig.IssuerKeyId)
if len(keys) == 0 {
return nil, error_.UnknownIssuerError
return nil, errors.UnknownIssuerError
}
h, wrappedHash, err := hashForSignature(sig.Hash, sig.SigType)
......@@ -399,7 +399,7 @@ func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signe
return
}
return nil, error_.UnknownIssuerError
return nil, errors.UnknownIssuerError
}
// CheckArmoredDetachedSignature performs the same actions as
......
......@@ -6,7 +6,7 @@ package openpgp
import (
"bytes"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
_ "crypto/sha512"
"encoding/hex"
"io"
......@@ -161,18 +161,18 @@ func TestSignedEncryptedMessage(t *testing.T) {
prompt := func(keys []Key, symmetric bool) ([]byte, error) {
if symmetric {
t.Errorf("prompt: message was marked as symmetrically encrypted")
return nil, error_.KeyIncorrectError
return nil, errors.KeyIncorrectError
}
if len(keys) == 0 {
t.Error("prompt: no keys requested")
return nil, error_.KeyIncorrectError
return nil, errors.KeyIncorrectError
}
err := keys[0].PrivateKey.Decrypt([]byte("passphrase"))
if err != nil {
t.Errorf("prompt: error decrypting key: %s", err)
return nil, error_.KeyIncorrectError
return nil, errors.KeyIncorrectError
}
return nil, nil
......@@ -296,7 +296,7 @@ func TestReadingArmoredPrivateKey(t *testing.T) {
func TestNoArmoredData(t *testing.T) {
_, err := ReadArmoredKeyRing(bytes.NewBufferString("foo"))
if _, ok := err.(error_.InvalidArgumentError); !ok {
if _, ok := err.(errors.InvalidArgumentError); !ok {
t.Errorf("error was not an InvalidArgumentError: %s", err)
}
}
......
......@@ -8,7 +8,7 @@ package s2k
import (
"crypto"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"hash"
"io"
"strconv"
......@@ -89,11 +89,11 @@ func Parse(r io.Reader) (f func(out, in []byte), err error) {
hash, ok := HashIdToHash(buf[1])
if !ok {
return nil, error_.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(buf[1])))
return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(buf[1])))
}
h := hash.New()
if h == nil {
return nil, error_.UnsupportedError("hash not available: " + strconv.Itoa(int(hash)))
return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hash)))
}
switch buf[0] {
......@@ -123,7 +123,7 @@ func Parse(r io.Reader) (f func(out, in []byte), err error) {
return f, nil
}
return nil, error_.UnsupportedError("S2K function")
return nil, errors.UnsupportedError("S2K function")
}
// Serialize salts and stretches the given passphrase and writes the resulting
......
......@@ -7,7 +7,7 @@ package openpgp
import (
"crypto"
"crypto/openpgp/armor"
error_ "crypto/openpgp/error"
"crypto/openpgp/errors"
"crypto/openpgp/packet"
"crypto/openpgp/s2k"
"crypto/rand"
......@@ -58,10 +58,10 @@ func armoredDetachSign(w io.Writer, signer *Entity, message io.Reader, sigType p
func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType) (err error) {
if signer.PrivateKey == nil {
return error_.InvalidArgumentError("signing key doesn't have a private key")
return errors.InvalidArgumentError("signing key doesn't have a private key")
}
if signer.PrivateKey.Encrypted {
return error_.InvalidArgumentError("signing key is encrypted")
return errors.InvalidArgumentError("signing key is encrypted")
}
sig := new(packet.Signature)
......@@ -77,7 +77,7 @@ func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.S
}
io.Copy(wrappedHash, message)
err = sig.Sign(h, signer.PrivateKey)
err = sig.Sign(rand.Reader, h, signer.PrivateKey)
if err != nil {
return
}
......@@ -111,7 +111,7 @@ func SymmetricallyEncrypt(ciphertext io.Writer, passphrase []byte, hints *FileHi
if err != nil {
return
}
w, err := packet.SerializeSymmetricallyEncrypted(ciphertext, packet.CipherAES128, key)
w, err := packet.SerializeSymmetricallyEncrypted(ciphertext, rand.Reader, packet.CipherAES128, key)
if err != nil {
return
}
......@@ -156,7 +156,7 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
if signed != nil {
signer = signed.signingKey().PrivateKey
if signer == nil || signer.Encrypted {
return nil, error_.InvalidArgumentError("signing key must be decrypted")
return nil, errors.InvalidArgumentError("signing key must be decrypted")
}
}
......@@ -183,7 +183,7 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
for i := range to {
encryptKeys[i] = to[i].encryptionKey()
if encryptKeys[i].PublicKey == nil {
return nil, error_.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no encryption keys")
return nil, errors.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no encryption keys")
}
sig := to[i].primaryIdentity().SelfSignature
......@@ -201,7 +201,7 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
}
if len(candidateCiphers) == 0 || len(candidateHashes) == 0 {
return nil, error_.InvalidArgumentError("cannot encrypt because recipient set shares no common algorithms")
return nil, errors.InvalidArgumentError("cannot encrypt because recipient set shares no common algorithms")
}
cipher := packet.CipherFunction(candidateCiphers[0])
......@@ -217,7 +217,7 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
}
}
encryptedData, err := packet.SerializeSymmetricallyEncrypted(ciphertext, cipher, symKey)
encryptedData, err := packet.SerializeSymmetricallyEncrypted(ciphertext, rand.Reader, cipher, symKey)
if err != nil {
return
}
......@@ -287,7 +287,7 @@ func (s signatureWriter) Close() error {
IssuerKeyId: &s.signer.KeyId,
}
if err := sig.Sign(s.h, s.signer); err != nil {
if err := sig.Sign(rand.Reader, s.h, s.signer); err != nil {
return err
}
if err := s.literalData.Close(); err != nil {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment