vendor/golang.org/x/crypto/openpgp/packet/packet.go

   1 // Copyright 2011 The Go Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style
   3 // license that can be found in the LICENSE file.
   4
   5 // Package packet implements parsing and serialization of OpenPGP packets, as
   6 // specified in RFC 4880.
   7 package packet // import "golang.org/x/crypto/openpgp/packet"
   8
   9 import (
  10         "bufio"
  11         "crypto/aes"
  12         "crypto/cipher"
  13         "crypto/des"
  14         "golang.org/x/crypto/cast5"
  15         "golang.org/x/crypto/openpgp/errors"
  16         "io"
  17         "math/big"
  18 )
  19
  20 // readFull is the same as io.ReadFull except that reading zero bytes returns
  21 // ErrUnexpectedEOF rather than EOF.
  22 func readFull(r io.Reader, buf []byte) (n int, err error) {
  23         n, err = io.ReadFull(r, buf)
  24         if err == io.EOF {
  25                 err = io.ErrUnexpectedEOF
  26         }
  27         return
  28 }
  29
  30 // readLength reads an OpenPGP length from r. See RFC 4880, section 4.2.2.
  31 func readLength(r io.Reader) (length int64, isPartial bool, err error) {
  32         var buf [4]byte
  33         _, err = readFull(r, buf[:1])
  34         if err != nil {
  35                 return
  36         }
  37         switch {
  38         case buf[0] < 192:
  39                 length = int64(buf[0])
  40         case buf[0] < 224:
  41                 length = int64(buf[0]-192) << 8
  42                 _, err = readFull(r, buf[0:1])
  43                 if err != nil {
  44                         return
  45                 }
  46                 length += int64(buf[0]) + 192
  47         case buf[0] < 255:
  48                 length = int64(1) << (buf[0] & 0x1f)
  49                 isPartial = true
  50         default:
  51                 _, err = readFull(r, buf[0:4])
  52                 if err != nil {
  53                         return
  54                 }
  55                 length = int64(buf[0])<<24 |
  56                         int64(buf[1])<<16 |
  57                         int64(buf[2])<<8 |
  58                         int64(buf[3])
  59         }
  60         return
  61 }
  62
  63 // partialLengthReader wraps an io.Reader and handles OpenPGP partial lengths.
  64 // The continuation lengths are parsed and removed from the stream and EOF is
  65 // returned at the end of the packet. See RFC 4880, section 4.2.2.4.
  66 type partialLengthReader struct {
  67         r         io.Reader
  68         remaining int64
  69         isPartial bool
  70 }
  71
  72 func (r *partialLengthReader) Read(p []byte) (n int, err error) {
  73         for r.remaining == 0 {
  74                 if !r.isPartial {
  75                         return 0, io.EOF
  76                 }
  77                 r.remaining, r.isPartial, err = readLength(r.r)
  78                 if err != nil {
  79                         return 0, err
  80                 }
  81         }
  82
  83         toRead := int64(len(p))
  84         if toRead > r.remaining {
  85                 toRead = r.remaining
  86         }
  87
  88         n, err = r.r.Read(p[:int(toRead)])
  89         r.remaining -= int64(n)
  90         if n < int(toRead) && err == io.EOF {
  91                 err = io.ErrUnexpectedEOF
  92         }
  93         return
  94 }
  95
  96 // partialLengthWriter writes a stream of data using OpenPGP partial lengths.
  97 // See RFC 4880, section 4.2.2.4.
  98 type partialLengthWriter struct {
  99         w          io.WriteCloser
 100         lengthByte [1]byte
 101 }
 102
 103 func (w *partialLengthWriter) Write(p []byte) (n int, err error) {
 104         for len(p) > 0 {
 105                 for power := uint(14); power < 32; power-- {
 106                         l := 1 << power
 107                         if len(p) >= l {
 108                                 w.lengthByte[0] = 224 + uint8(power)
 109                                 _, err = w.w.Write(w.lengthByte[:])
 110                                 if err != nil {
 111                                         return
 112                                 }
 113                                 var m int
 114                                 m, err = w.w.Write(p[:l])
 115                                 n += m
 116                                 if err != nil {
 117                                         return
 118                                 }
 119                                 p = p[l:]
 120                                 break
 121                         }
 122                 }
 123         }
 124         return
 125 }
 126
 127 func (w *partialLengthWriter) Close() error {
 128         w.lengthByte[0] = 0
 129         _, err := w.w.Write(w.lengthByte[:])
 130         if err != nil {
 131                 return err
 132         }
 133         return w.w.Close()
 134 }
 135
 136 // A spanReader is an io.LimitReader, but it returns ErrUnexpectedEOF if the
 137 // underlying Reader returns EOF before the limit has been reached.
 138 type spanReader struct {
 139         r io.Reader
 140         n int64
 141 }
 142
 143 func (l *spanReader) Read(p []byte) (n int, err error) {
 144         if l.n <= 0 {
 145                 return 0, io.EOF
 146         }
 147         if int64(len(p)) > l.n {
 148                 p = p[0:l.n]
 149         }
 150         n, err = l.r.Read(p)
 151         l.n -= int64(n)
 152         if l.n > 0 && err == io.EOF {
 153                 err = io.ErrUnexpectedEOF
 154         }
 155         return
 156 }
 157
 158 // readHeader parses a packet header and returns an io.Reader which will return
 159 // the contents of the packet. See RFC 4880, section 4.2.
 160 func readHeader(r io.Reader) (tag packetType, length int64, contents io.Reader, err error) {
 161         var buf [4]byte
 162         _, err = io.ReadFull(r, buf[:1])
 163         if err != nil {
 164                 return
 165         }
 166         if buf[0]&0x80 == 0 {
 167                 err = errors.StructuralError("tag byte does not have MSB set")
 168                 return
 169         }
 170         if buf[0]&0x40 == 0 {
 171                 // Old format packet
 172                 tag = packetType((buf[0] & 0x3f) >> 2)
 173                 lengthType := buf[0] & 3
 174                 if lengthType == 3 {
 175                         length = -1
 176                         contents = r
 177                         return
 178                 }
 179                 lengthBytes := 1 << lengthType
 180                 _, err = readFull(r, buf[0:lengthBytes])
 181                 if err != nil {
 182                         return
 183                 }
 184                 for i := 0; i < lengthBytes; i++ {
 185                         length <<= 8
 186                         length |= int64(buf[i])
 187                 }
 188                 contents = &spanReader{r, length}
 189                 return
 190         }
 191
 192         // New format packet
 193         tag = packetType(buf[0] & 0x3f)
 194         length, isPartial, err := readLength(r)
 195         if err != nil {
 196                 return
 197         }
 198         if isPartial {
 199                 contents = &partialLengthReader{
 200                         remaining: length,
 201                         isPartial: true,
 202                         r:         r,
 203                 }
 204                 length = -1
 205         } else {
 206                 contents = &spanReader{r, length}
 207         }
 208         return
 209 }
 210
 211 // serializeHeader writes an OpenPGP packet header to w. See RFC 4880, section
 212 // 4.2.
 213 func serializeHeader(w io.Writer, ptype packetType, length int) (err error) {
 214         var buf [6]byte
 215         var n int
 216
 217         buf[0] = 0x80 | 0x40 | byte(ptype)
 218         if length < 192 {
 219                 buf[1] = byte(length)
 220                 n = 2
 221         } else if length < 8384 {
 222                 length -= 192
 223                 buf[1] = 192 + byte(length>>8)
 224                 buf[2] = byte(length)
 225                 n = 3
 226         } else {
 227                 buf[1] = 255
 228                 buf[2] = byte(length >> 24)
 229                 buf[3] = byte(length >> 16)
 230                 buf[4] = byte(length >> 8)
 231                 buf[5] = byte(length)
 232                 n = 6
 233         }
 234
 235         _, err = w.Write(buf[:n])
 236         return
 237 }
 238
 239 // serializeStreamHeader writes an OpenPGP packet header to w where the
 240 // length of the packet is unknown. It returns a io.WriteCloser which can be
 241 // used to write the contents of the packet. See RFC 4880, section 4.2.
 242 func serializeStreamHeader(w io.WriteCloser, ptype packetType) (out io.WriteCloser, err error) {
 243         var buf [1]byte
 244         buf[0] = 0x80 | 0x40 | byte(ptype)
 245         _, err = w.Write(buf[:])
 246         if err != nil {
 247                 return
 248         }
 249         out = &partialLengthWriter{w: w}
 250         return
 251 }
 252
 253 // Packet represents an OpenPGP packet. Users are expected to try casting
 254 // instances of this interface to specific packet types.
 255 type Packet interface {
 256         parse(io.Reader) error
 257 }
 258
 259 // consumeAll reads from the given Reader until error, returning the number of
 260 // bytes read.
 261 func consumeAll(r io.Reader) (n int64, err error) {
 262         var m int
 263         var buf [1024]byte
 264
 265         for {
 266                 m, err = r.Read(buf[:])
 267                 n += int64(m)
 268                 if err == io.EOF {
 269                         err = nil
 270                         return
 271                 }
 272                 if err != nil {
 273                         return
 274                 }
 275         }
 276 }
 277
 278 // packetType represents the numeric ids of the different OpenPGP packet types. See
 279 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-2
 280 type packetType uint8
 281
 282 const (
 283         packetTypeEncryptedKey              packetType = 1
 284         packetTypeSignature                 packetType = 2
 285         packetTypeSymmetricKeyEncrypted     packetType = 3
 286         packetTypeOnePassSignature          packetType = 4
 287         packetTypePrivateKey                packetType = 5
 288         packetTypePublicKey                 packetType = 6
 289         packetTypePrivateSubkey             packetType = 7
 290         packetTypeCompressed                packetType = 8
 291         packetTypeSymmetricallyEncrypted    packetType = 9
 292         packetTypeLiteralData               packetType = 11
 293         packetTypeUserId                    packetType = 13
 294         packetTypePublicSubkey              packetType = 14
 295         packetTypeUserAttribute             packetType = 17
 296         packetTypeSymmetricallyEncryptedMDC packetType = 18
 297 )
 298
 299 // peekVersion detects the version of a public key packet about to
 300 // be read. A bufio.Reader at the original position of the io.Reader
 301 // is returned.
 302 func peekVersion(r io.Reader) (bufr *bufio.Reader, ver byte, err error) {
 303         bufr = bufio.NewReader(r)
 304         var verBuf []byte
 305         if verBuf, err = bufr.Peek(1); err != nil {
 306                 return
 307         }
 308         ver = verBuf[0]
 309         return
 310 }
 311
 312 // Read reads a single OpenPGP packet from the given io.Reader. If there is an
 313 // error parsing a packet, the whole packet is consumed from the input.
 314 func Read(r io.Reader) (p Packet, err error) {
 315         tag, _, contents, err := readHeader(r)
 316         if err != nil {
 317                 return
 318         }
 319
 320         switch tag {
 321         case packetTypeEncryptedKey:
 322                 p = new(EncryptedKey)
 323         case packetTypeSignature:
 324                 var version byte
 325                 // Detect signature version
 326                 if contents, version, err = peekVersion(contents); err != nil {
 327                         return
 328                 }
 329                 if version < 4 {
 330                         p = new(SignatureV3)
 331                 } else {
 332                         p = new(Signature)
 333                 }
 334         case packetTypeSymmetricKeyEncrypted:
 335                 p = new(SymmetricKeyEncrypted)
 336         case packetTypeOnePassSignature:
 337                 p = new(OnePassSignature)
 338         case packetTypePrivateKey, packetTypePrivateSubkey:
 339                 pk := new(PrivateKey)
 340                 if tag == packetTypePrivateSubkey {
 341                         pk.IsSubkey = true
 342                 }
 343                 p = pk
 344         case packetTypePublicKey, packetTypePublicSubkey:
 345                 var version byte
 346                 if contents, version, err = peekVersion(contents); err != nil {
 347                         return
 348                 }
 349                 isSubkey := tag == packetTypePublicSubkey
 350                 if version < 4 {
 351                         p = &PublicKeyV3{IsSubkey: isSubkey}
 352                 } else {
 353                         p = &PublicKey{IsSubkey: isSubkey}
 354                 }
 355         case packetTypeCompressed:
 356                 p = new(Compressed)
 357         case packetTypeSymmetricallyEncrypted:
 358                 p = new(SymmetricallyEncrypted)
 359         case packetTypeLiteralData:
 360                 p = new(LiteralData)
 361         case packetTypeUserId:
 362                 p = new(UserId)
 363         case packetTypeUserAttribute:
 364                 p = new(UserAttribute)
 365         case packetTypeSymmetricallyEncryptedMDC:
 366                 se := new(SymmetricallyEncrypted)
 367                 se.MDC = true
 368                 p = se
 369         default:
 370                 err = errors.UnknownPacketTypeError(tag)
 371         }
 372         if p != nil {
 373                 err = p.parse(contents)
 374         }
 375         if err != nil {
 376                 consumeAll(contents)
 377         }
 378         return
 379 }
 380
 381 // SignatureType represents the different semantic meanings of an OpenPGP
 382 // signature. See RFC 4880, section 5.2.1.
 383 type SignatureType uint8
 384
 385 const (
 386         SigTypeBinary            SignatureType = 0
 387         SigTypeText                            = 1
 388         SigTypeGenericCert                     = 0x10
 389         SigTypePersonaCert                     = 0x11
 390         SigTypeCasualCert                      = 0x12
 391         SigTypePositiveCert                    = 0x13
 392         SigTypeSubkeyBinding                   = 0x18
 393         SigTypePrimaryKeyBinding               = 0x19
 394         SigTypeDirectSignature                 = 0x1F
 395         SigTypeKeyRevocation                   = 0x20
 396         SigTypeSubkeyRevocation                = 0x28
 397 )
 398
 399 // PublicKeyAlgorithm represents the different public key system specified for
 400 // OpenPGP. See
 401 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12
 402 type PublicKeyAlgorithm uint8
 403
 404 const (
 405         PubKeyAlgoRSA            PublicKeyAlgorithm = 1
 406         PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
 407         PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
 408         PubKeyAlgoElGamal        PublicKeyAlgorithm = 16
 409         PubKeyAlgoDSA            PublicKeyAlgorithm = 17
 410         // RFC 6637, Section 5.
 411         PubKeyAlgoECDH  PublicKeyAlgorithm = 18
 412         PubKeyAlgoECDSA PublicKeyAlgorithm = 19
 413 )
 414
 415 // CanEncrypt returns true if it's possible to encrypt a message to a public
 416 // key of the given type.
 417 func (pka PublicKeyAlgorithm) CanEncrypt() bool {
 418         switch pka {
 419         case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal:
 420                 return true
 421         }
 422         return false
 423 }
 424
 425 // CanSign returns true if it's possible for a public key of the given type to
 426 // sign a message.
 427 func (pka PublicKeyAlgorithm) CanSign() bool {
 428         switch pka {
 429         case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA:
 430                 return true
 431         }
 432         return false
 433 }
 434
 435 // CipherFunction represents the different block ciphers specified for OpenPGP. See
 436 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
 437 type CipherFunction uint8
 438
 439 const (
 440         Cipher3DES   CipherFunction = 2
 441         CipherCAST5  CipherFunction = 3
 442         CipherAES128 CipherFunction = 7
 443         CipherAES192 CipherFunction = 8
 444         CipherAES256 CipherFunction = 9
 445 )
 446
 447 // KeySize returns the key size, in bytes, of cipher.
 448 func (cipher CipherFunction) KeySize() int {
 449         switch cipher {
 450         case Cipher3DES:
 451                 return 24
 452         case CipherCAST5:
 453                 return cast5.KeySize
 454         case CipherAES128:
 455                 return 16
 456         case CipherAES192:
 457                 return 24
 458         case CipherAES256:
 459                 return 32
 460         }
 461         return 0
 462 }
 463
 464 // blockSize returns the block size, in bytes, of cipher.
 465 func (cipher CipherFunction) blockSize() int {
 466         switch cipher {
 467         case Cipher3DES:
 468                 return des.BlockSize
 469         case CipherCAST5:
 470                 return 8
 471         case CipherAES128, CipherAES192, CipherAES256:
 472                 return 16
 473         }
 474         return 0
 475 }
 476
 477 // new returns a fresh instance of the given cipher.
 478 func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
 479         switch cipher {
 480         case Cipher3DES:
 481                 block, _ = des.NewTripleDESCipher(key)
 482         case CipherCAST5:
 483                 block, _ = cast5.NewCipher(key)
 484         case CipherAES128, CipherAES192, CipherAES256:
 485                 block, _ = aes.NewCipher(key)
 486         }
 487         return
 488 }
 489
 490 // readMPI reads a big integer from r. The bit length returned is the bit
 491 // length that was specified in r. This is preserved so that the integer can be
 492 // reserialized exactly.
 493 func readMPI(r io.Reader) (mpi []byte, bitLength uint16, err error) {
 494         var buf [2]byte
 495         _, err = readFull(r, buf[0:])
 496         if err != nil {
 497                 return
 498         }
 499         bitLength = uint16(buf[0])<<8 | uint16(buf[1])
 500         numBytes := (int(bitLength) + 7) / 8
 501         mpi = make([]byte, numBytes)
 502         _, err = readFull(r, mpi)
 503         return
 504 }
 505
 506 // mpiLength returns the length of the given *big.Int when serialized as an
 507 // MPI.
 508 func mpiLength(n *big.Int) (mpiLengthInBytes int) {
 509         mpiLengthInBytes = 2 /* MPI length */
 510         mpiLengthInBytes += (n.BitLen() + 7) / 8
 511         return
 512 }
 513
 514 // writeMPI serializes a big integer to w.
 515 func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) {
 516         _, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)})
 517         if err == nil {
 518                 _, err = w.Write(mpiBytes)
 519         }
 520         return
 521 }
 522
 523 // writeBig serializes a *big.Int to w.
 524 func writeBig(w io.Writer, i *big.Int) error {
 525         return writeMPI(w, uint16(i.BitLen()), i.Bytes())
 526 }
 527
 528 // CompressionAlgo Represents the different compression algorithms
 529 // supported by OpenPGP (except for BZIP2, which is not currently
 530 // supported). See Section 9.3 of RFC 4880.
 531 type CompressionAlgo uint8
 532
 533 const (
 534         CompressionNone CompressionAlgo = 0
 535         CompressionZIP  CompressionAlgo = 1
 536         CompressionZLIB CompressionAlgo = 2
 537 )