better error management + shortcode overflow control
This commit is contained in:
ycc
87
asymcrypt.go
87
asymcrypt.go
@@ -7,8 +7,6 @@ import (
|
||||
|
||||
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||
"github.com/ProtonMail/gopenpgp/v2/helper"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
type KeyPair struct {
|
||||
@@ -27,7 +25,7 @@ func NewKeyPair() (*KeyPair, error) { // Return error!
|
||||
}
|
||||
pub, err := keys.GetArmoredPublicKey()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get public key: %w", err)
|
||||
return nil, fmt.Errorf("gopenpgp: unable to get public key: %w", err)
|
||||
}
|
||||
priv, err := keys.Armor()
|
||||
if err != nil {
|
||||
@@ -39,27 +37,26 @@ func NewKeyPair() (*KeyPair, error) { // Return error!
|
||||
return &kp, nil
|
||||
}
|
||||
|
||||
func (Kp *KeyPair) GetCryptoKeyObject() *crypto.Key {
|
||||
func (Kp *KeyPair) GetCryptoKeyObject() (*crypto.Key, error) {
|
||||
priv, err := base64.StdEncoding.DecodeString(Kp.Private)
|
||||
if err != nil {
|
||||
log.Error().Msg("Create key from armoured b64 failed")
|
||||
return nil, fmt.Errorf("failed to decode private key: %w", err)
|
||||
}
|
||||
key, err := crypto.NewKeyFromArmored(string(priv))
|
||||
if err != nil {
|
||||
log.Error().Msg("Create key from armoured failed")
|
||||
return nil, fmt.Errorf("Ccreate key from armoured failed: %w", err)
|
||||
}
|
||||
return key
|
||||
return key, nil
|
||||
}
|
||||
|
||||
func AsymEncrypt(publicKey string, data []byte) ([]byte, error) {
|
||||
pub, err := base64.StdEncoding.DecodeString(publicKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message encryption b64 failed")
|
||||
return nil, fmt.Errorf("Message encryption b64 failed: %w", err)
|
||||
}
|
||||
ciphertext, err := encryptMessage(string(pub), crypto.NewPlainMessage(data))
|
||||
if err != nil {
|
||||
log.Error().Msg("Message encryption failed")
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("Message encryption failed: %w", err)
|
||||
}
|
||||
|
||||
return ciphertext.GetBinary(), err
|
||||
@@ -68,11 +65,11 @@ func AsymEncrypt(publicKey string, data []byte) ([]byte, error) {
|
||||
func AsymDecrypt(PrivateKey string, data []byte) ([]byte, error) {
|
||||
priv, err := base64.StdEncoding.DecodeString(PrivateKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message decryption b64 failed")
|
||||
return nil, fmt.Errorf("Message decryption b64 failed: %w", err)
|
||||
}
|
||||
decrypted, err := decryptMessage(string(priv), nil, crypto.NewPGPMessage(data))
|
||||
if err != nil {
|
||||
log.Error().Msg("Message decryption failed")
|
||||
return nil, fmt.Errorf("Message decryption failed: %w", err)
|
||||
}
|
||||
return decrypted.GetBinary(), err
|
||||
}
|
||||
@@ -80,11 +77,11 @@ func AsymDecrypt(PrivateKey string, data []byte) ([]byte, error) {
|
||||
func AsymEncryptArmored(PublicKey string, data []byte) ([]byte, error) {
|
||||
pub, err := base64.StdEncoding.DecodeString(PublicKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message encryption b64 failed")
|
||||
return nil, fmt.Errorf("Message encryption b64 failed: %w", err)
|
||||
}
|
||||
armor, err := helper.EncryptBinaryMessageArmored(string(pub), data)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message encryption failed")
|
||||
return nil, fmt.Errorf("Message encryption failed: %w", err)
|
||||
}
|
||||
return []byte(armor), err
|
||||
}
|
||||
@@ -92,11 +89,11 @@ func AsymEncryptArmored(PublicKey string, data []byte) ([]byte, error) {
|
||||
func AsymDecryptArmored(PrivateKey string, data []byte) ([]byte, error) {
|
||||
priv, err := base64.StdEncoding.DecodeString(PrivateKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message decryption b64 failed")
|
||||
return nil, fmt.Errorf("Message decryption b64 failed: %w", err)
|
||||
}
|
||||
decrypted, err := helper.DecryptBinaryMessageArmored(string(priv), nil, string(data))
|
||||
if err != nil {
|
||||
log.Error().Msg("Message decryption failed")
|
||||
return nil, fmt.Errorf("Message decryption failed: %w", err)
|
||||
}
|
||||
return []byte(decrypted), err
|
||||
}
|
||||
@@ -145,7 +142,7 @@ func encryptMessage(key string, message *crypto.PlainMessage) (*crypto.PGPMessag
|
||||
|
||||
ciphertext, err := publicKeyRing.Encrypt(message, nil)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to encrypt message: %w", err)
|
||||
}
|
||||
|
||||
return ciphertext, nil
|
||||
@@ -154,24 +151,24 @@ func encryptMessage(key string, message *crypto.PlainMessage) (*crypto.PGPMessag
|
||||
func decryptMessage(privateKey string, passphrase []byte, ciphertext *crypto.PGPMessage) (*crypto.PlainMessage, error) {
|
||||
privateKeyObj, err := crypto.NewKeyFromArmored(privateKey)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to parse the private key")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to parse the private key: %w", err)
|
||||
}
|
||||
|
||||
privateKeyUnlocked, err := privateKeyObj.Unlock(passphrase)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to unlock key")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to unlock key: %w", err)
|
||||
}
|
||||
|
||||
defer privateKeyUnlocked.ClearPrivateParams()
|
||||
|
||||
privateKeyRing, err := crypto.NewKeyRing(privateKeyUnlocked)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to create the private key ring")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to create the private key ring: %w", err)
|
||||
}
|
||||
|
||||
message, err := privateKeyRing.Decrypt(ciphertext, nil, 0)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt message")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to decrypt message: %w", err)
|
||||
}
|
||||
|
||||
return message, nil
|
||||
@@ -180,19 +177,19 @@ func decryptMessage(privateKey string, passphrase []byte, ciphertext *crypto.PGP
|
||||
func createPublicKeyRing(publicKey string) (*crypto.KeyRing, error) {
|
||||
publicKeyObj, err := crypto.NewKeyFromArmored(publicKey)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to parse public key")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to parse public key: %w", err)
|
||||
}
|
||||
|
||||
if publicKeyObj.IsPrivate() {
|
||||
publicKeyObj, err = publicKeyObj.ToPublic()
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to extract public key from private key")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to extract public key from private key: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
publicKeyRing, err := crypto.NewKeyRing(publicKeyObj)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to create new keyring")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to create new keyring: %w", err)
|
||||
}
|
||||
|
||||
return publicKeyRing, nil
|
||||
@@ -202,18 +199,15 @@ func AsymEncryptAndSign(PublicEncryptionKey string, PrivateSignatureKey string,
|
||||
var enc EncryptedMessage
|
||||
pub, err := base64.StdEncoding.DecodeString(PublicEncryptionKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message encryption and sign b64 failed")
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("Message encryption and sign b64 failed: %w", err)
|
||||
}
|
||||
priv, err := base64.StdEncoding.DecodeString(PrivateSignatureKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message encryption and sign b64 failed")
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("Message encryption and sign b64 failed: %w", err)
|
||||
}
|
||||
ciphertext, signature, err := encryptAndSignMessage(string(pub), string(priv), crypto.NewPlainMessage(data))
|
||||
if err != nil {
|
||||
log.Error().Msg("Message encryption failed")
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("Message encryption failed: %w", err)
|
||||
}
|
||||
enc.Data = ciphertext.GetBinary()
|
||||
enc.Signature = []byte(signature)
|
||||
@@ -223,18 +217,15 @@ func AsymEncryptAndSign(PublicEncryptionKey string, PrivateSignatureKey string,
|
||||
func AsymDecryptAndCheck(MyPrivateEncryptionKey string, MyContactPublicKey string, data []byte, Signature []byte) (DecryptedMessage []byte, err error) {
|
||||
priv, err := base64.StdEncoding.DecodeString(MyPrivateEncryptionKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message decryption and sign b64 failed")
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("Message decryption and sign b64 failed: %w", err)
|
||||
}
|
||||
pub, err := base64.StdEncoding.DecodeString(MyContactPublicKey)
|
||||
if err != nil {
|
||||
log.Error().Msg("Message decryption and sign b64 failed")
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("Message decryption and sign b64 failed: %w", err)
|
||||
}
|
||||
DecryptedMessage, err = decryptAndCheckMessage(string(pub), string(priv), crypto.NewPGPMessage(data), crypto.NewPGPSignature(Signature))
|
||||
if err != nil {
|
||||
log.Error().Msg("Message decryption and sign failed")
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("Message decryption and sign failed: %w", err)
|
||||
}
|
||||
return DecryptedMessage, err
|
||||
}
|
||||
@@ -248,30 +239,30 @@ func encryptAndSignMessage(pub string, priv string, message *crypto.PlainMessage
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
|
||||
return nil, nil, fmt.Errorf("gopenpgp: unable to encrypt message")
|
||||
}
|
||||
|
||||
if privateKeyObj, err = crypto.NewKeyFromArmored(priv); err != nil {
|
||||
return nil, nil, errors.Wrap(err, "gopenpgp: unable to parse private key")
|
||||
return nil, nil, fmt.Errorf("gopenpgp: unable to parse private key")
|
||||
}
|
||||
|
||||
if unlockedKeyObj, err = privateKeyObj.Unlock(nil); err != nil {
|
||||
return nil, nil, errors.Wrap(err, "gopenpgp: unable to unlock key")
|
||||
return nil, nil, fmt.Errorf("gopenpgp: unable to unlock key")
|
||||
}
|
||||
defer unlockedKeyObj.ClearPrivateParams()
|
||||
|
||||
if privateKeyRing, err = crypto.NewKeyRing(unlockedKeyObj); err != nil {
|
||||
return nil, nil, errors.Wrap(err, "gopenpgp: unable to create private keyring")
|
||||
return nil, nil, fmt.Errorf("gopenpgp: unable to create private keyring")
|
||||
}
|
||||
|
||||
ciphertext, err := publicKeyRing.Encrypt(message, nil)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
|
||||
return nil, nil, fmt.Errorf("gopenpgp: unable to encrypt message")
|
||||
}
|
||||
|
||||
signature, err := privateKeyRing.SignDetached(message)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
|
||||
return nil, nil, fmt.Errorf("gopenpgp: unable to encrypt message")
|
||||
}
|
||||
return ciphertext, signature.GetBinary(), nil
|
||||
}
|
||||
@@ -285,30 +276,30 @@ func decryptAndCheckMessage(pub string, priv string, message *crypto.PGPMessage,
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to encrypt message")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to encrypt message")
|
||||
}
|
||||
|
||||
if privateKeyObj, err = crypto.NewKeyFromArmored(priv); err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to parse private key")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to parse private key")
|
||||
}
|
||||
|
||||
if unlockedKeyObj, err = privateKeyObj.Unlock(nil); err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to unlock key")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to unlock key")
|
||||
}
|
||||
defer unlockedKeyObj.ClearPrivateParams()
|
||||
|
||||
if privateKeyRing, err = crypto.NewKeyRing(unlockedKeyObj); err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to create private keyring")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to create private keyring")
|
||||
}
|
||||
|
||||
plainmessage, err := privateKeyRing.Decrypt(message, nil, 0)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to decrypt message")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to decrypt message")
|
||||
}
|
||||
|
||||
err = publicKeyRing.VerifyDetached(plainmessage, signature, crypto.GetUnixTime())
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "gopenpgp: unable to check message signature")
|
||||
return nil, fmt.Errorf("gopenpgp: unable to check message signature")
|
||||
}
|
||||
return plainmessage.GetBinary(), nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user