meowlib/asymcrypt.go

314 lines
9.8 KiB
Go
Raw Permalink Normal View History

2022-01-15 22:19:29 +01:00
package meowlib
import (
"encoding/base64"
"time"
"github.com/ProtonMail/gopenpgp/v2/crypto"
"github.com/ProtonMail/gopenpgp/v2/helper"
2022-09-18 21:17:28 +02:00
"github.com/pkg/errors"
2022-01-15 22:19:29 +01:00
"github.com/rs/zerolog/log"
)
type KeyPair struct {
Public string `json:"public,omitempty"`
Private string `json:"private,omitempty"`
Generated time.Time `json:"generated,omitempty"`
}
type KeysArray []KeyPair
func NewKeyPair() KeyPair {
var kp KeyPair
2022-03-01 10:37:11 +01:00
keys, err := crypto.GenerateKey("name", "mail", "x25519", 0)
2022-01-15 22:19:29 +01:00
if err != nil {
log.Error().Msg("Key generation failed")
}
kp.Generated = time.Now()
pub, err := keys.GetArmoredPublicKey()
if err != nil {
log.Error().Msg("Public key extraction failed")
}
kp.Public = base64.StdEncoding.EncodeToString([]byte(pub))
priv, err := keys.Armor()
if err != nil {
log.Error().Msg("Private key extraction failed")
}
kp.Private = base64.StdEncoding.EncodeToString([]byte(priv))
return kp
}
2022-09-06 17:07:35 +02:00
func (Kp *KeyPair) GetCryptoKeyObject() *crypto.Key {
priv, err := base64.StdEncoding.DecodeString(Kp.Private)
2022-01-15 22:19:29 +01:00
if err != nil {
log.Error().Msg("Create key from armoured b64 failed")
}
key, err := crypto.NewKeyFromArmored(string(priv))
if err != nil {
log.Error().Msg("Create key from armoured failed")
}
return key
}
2022-09-18 21:17:28 +02:00
func AsymEncrypt(publicKey string, data []byte) ([]byte, error) {
pub, err := base64.StdEncoding.DecodeString(publicKey)
if err != nil {
log.Error().Msg("Message encryption b64 failed")
}
ciphertext, err := encryptMessage(string(pub), crypto.NewPlainMessage(data))
if err != nil {
log.Error().Msg("Message encryption failed")
return nil, err
}
return ciphertext.GetBinary(), err
}
func AsymDecrypt(PrivateKey string, data []byte) ([]byte, error) {
priv, err := base64.StdEncoding.DecodeString(PrivateKey)
if err != nil {
log.Error().Msg("Message decryption b64 failed")
}
decrypted, err := decryptMessage(string(priv), nil, crypto.NewPGPMessage(data))
if err != nil {
log.Error().Msg("Message decryption failed")
}
return decrypted.GetBinary(), err
}
func AsymEncryptArmored(PublicKey string, data []byte) ([]byte, error) {
2022-09-06 17:07:35 +02:00
pub, err := base64.StdEncoding.DecodeString(PublicKey)
2022-01-15 22:19:29 +01:00
if err != nil {
log.Error().Msg("Message encryption b64 failed")
}
armor, err := helper.EncryptBinaryMessageArmored(string(pub), data)
if err != nil {
log.Error().Msg("Message encryption failed")
}
return []byte(armor), err
}
2022-09-18 21:17:28 +02:00
func AsymDecryptArmored(PrivateKey string, data []byte) ([]byte, error) {
2022-09-06 17:07:35 +02:00
priv, err := base64.StdEncoding.DecodeString(PrivateKey)
2022-01-15 22:19:29 +01:00
if err != nil {
log.Error().Msg("Message decryption b64 failed")
}
2022-09-02 12:07:21 +02:00
decrypted, err := helper.DecryptBinaryMessageArmored(string(priv), nil, string(data))
2022-01-15 22:19:29 +01:00
if err != nil {
log.Error().Msg("Message decryption failed")
}
return []byte(decrypted), err
}
/*
func AsymEncryptAndSign_helpers(PublicEncryptionKey string, PrivateSignatureKey string, data []byte) (*EncryptedMessage, error) {
var enc EncryptedMessage
pub, err := base64.StdEncoding.DecodeString(PublicEncryptionKey)
if err != nil {
log.Error().Msg("Message encryption and sign b64 failed")
}
priv, err := base64.StdEncoding.DecodeString(PrivateSignatureKey)
if err != nil {
log.Error().Msg("Message encryption and sign b64 failed")
}
encrypted, signature, err := helper.EncryptSignBinaryDetached(string(pub), string(priv), nil, data)
if err != nil {
log.Error().Msg("Message encryption and sign failed")
}
enc.data = []byte(encrypted)
enc.signature = []byte(signature)
return &enc, err
2022-01-15 22:19:29 +01:00
}
func AsymDecryptAndCheck_helpers(MyPrivateEncryptionKey string, MyContactPublicKey string, data []byte, Signature []byte) (DecryptedMessage []byte, err error) {
priv, err := base64.StdEncoding.DecodeString(MyPrivateEncryptionKey)
if err != nil {
log.Error().Msg("Message decryption and sign b64 failed")
}
pub, err := base64.StdEncoding.DecodeString(MyContactPublicKey)
if err != nil {
log.Error().Msg("Message decryption and sign b64 failed")
}
DecryptedMessage, err = helper.DecryptVerifyBinaryDetached(string(pub), string(priv), nil, data, string(Signature))
if err != nil {
log.Error().Msg("Message decryption and sign failed")
}
return DecryptedMessage, err
2022-01-15 22:19:29 +01:00
}
*/
2022-09-18 21:17:28 +02:00
func encryptMessage(key string, message *crypto.PlainMessage) (*crypto.PGPMessage, error) {
publicKeyRing, err := createPublicKeyRing(key)
if err != nil {
return nil, err
}
ciphertext, err := publicKeyRing.Encrypt(message, nil)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
}
return ciphertext, nil
}
func decryptMessage(privateKey string, passphrase []byte, ciphertext *crypto.PGPMessage) (*crypto.PlainMessage, error) {
privateKeyObj, err := crypto.NewKeyFromArmored(privateKey)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to parse the private key")
}
privateKeyUnlocked, err := privateKeyObj.Unlock(passphrase)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to unlock key")
}
defer privateKeyUnlocked.ClearPrivateParams()
privateKeyRing, err := crypto.NewKeyRing(privateKeyUnlocked)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to create the private key ring")
}
message, err := privateKeyRing.Decrypt(ciphertext, nil, 0)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt message")
}
return message, nil
}
func createPublicKeyRing(publicKey string) (*crypto.KeyRing, error) {
publicKeyObj, err := crypto.NewKeyFromArmored(publicKey)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to parse public key")
}
if publicKeyObj.IsPrivate() {
publicKeyObj, err = publicKeyObj.ToPublic()
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to extract public key from private key")
}
}
publicKeyRing, err := crypto.NewKeyRing(publicKeyObj)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to create new keyring")
}
return publicKeyRing, nil
}
func AsymEncryptAndSign(PublicEncryptionKey string, PrivateSignatureKey string, data []byte) (*EncryptedMessage, error) {
var enc EncryptedMessage
pub, err := base64.StdEncoding.DecodeString(PublicEncryptionKey)
if err != nil {
log.Error().Msg("Message encryption and sign b64 failed")
return nil, err
}
priv, err := base64.StdEncoding.DecodeString(PrivateSignatureKey)
if err != nil {
log.Error().Msg("Message encryption and sign b64 failed")
return nil, err
}
ciphertext, signature, err := encryptAndSignMessage(string(pub), string(priv), crypto.NewPlainMessage(data))
if err != nil {
log.Error().Msg("Message encryption failed")
return nil, err
}
enc.Data = ciphertext.GetBinary()
enc.Signature = []byte(signature)
return &enc, err
}
2022-12-15 21:59:31 +01:00
func AsymDecryptAndCheck(MyPrivateEncryptionKey string, MyContactPublicKey string, data []byte, Signature []byte) (DecryptedMessage []byte, err error) {
priv, err := base64.StdEncoding.DecodeString(MyPrivateEncryptionKey)
if err != nil {
log.Error().Msg("Message decryption and sign b64 failed")
return nil, err
}
pub, err := base64.StdEncoding.DecodeString(MyContactPublicKey)
if err != nil {
log.Error().Msg("Message decryption and sign b64 failed")
return nil, err
}
DecryptedMessage, err = decryptAndCheckMessage(string(pub), string(priv), crypto.NewPGPMessage(data), crypto.NewPGPSignature(Signature))
if err != nil {
log.Error().Msg("Message decryption and sign failed")
return nil, err
}
return DecryptedMessage, err
}
func encryptAndSignMessage(pub string, priv string, message *crypto.PlainMessage) (*crypto.PGPMessage, []byte, error) {
var privateKeyObj, unlockedKeyObj *crypto.Key
var privateKeyRing *crypto.KeyRing
publicKeyRing, err := createPublicKeyRing(pub)
if err != nil {
return nil, nil, err
}
if err != nil {
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
}
if privateKeyObj, err = crypto.NewKeyFromArmored(priv); err != nil {
return nil, nil, errors.Wrap(err, "gopenpgp: unable to parse private key")
}
if unlockedKeyObj, err = privateKeyObj.Unlock(nil); err != nil {
return nil, nil, errors.Wrap(err, "gopenpgp: unable to unlock key")
}
defer unlockedKeyObj.ClearPrivateParams()
if privateKeyRing, err = crypto.NewKeyRing(unlockedKeyObj); err != nil {
return nil, nil, errors.Wrap(err, "gopenpgp: unable to create private keyring")
}
ciphertext, err := publicKeyRing.Encrypt(message, nil)
if err != nil {
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
}
signature, err := privateKeyRing.SignDetached(message)
if err != nil {
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
}
return ciphertext, signature.GetBinary(), nil
}
func decryptAndCheckMessage(pub string, priv string, message *crypto.PGPMessage, signature *crypto.PGPSignature) ([]byte, error) {
var privateKeyObj, unlockedKeyObj *crypto.Key
var privateKeyRing *crypto.KeyRing
publicKeyRing, err := createPublicKeyRing(pub)
if err != nil {
return nil, err
}
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
}
if privateKeyObj, err = crypto.NewKeyFromArmored(priv); err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to parse private key")
}
if unlockedKeyObj, err = privateKeyObj.Unlock(nil); err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to unlock key")
}
defer unlockedKeyObj.ClearPrivateParams()
if privateKeyRing, err = crypto.NewKeyRing(unlockedKeyObj); err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to create private keyring")
}
plainmessage, err := privateKeyRing.Decrypt(message, nil, 0)
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt message")
}
err = publicKeyRing.VerifyDetached(plainmessage, signature, crypto.GetUnixTime())
if err != nil {
return nil, errors.Wrap(err, "gopenpgp: unable to check message signature")
}
return plainmessage.GetBinary(), nil
}