github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/saltpack_dec.go (about)

     1  // Copyright 2015 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  package libkb
     5  
     6  import (
     7  	"io"
     8  
     9  	"github.com/keybase/saltpack"
    10  )
    11  
    12  func getStatusCodeFromDecryptionError(err *DecryptionError) (code int) {
    13  	switch err.Cause.Err.(type) {
    14  	case APINetError:
    15  		code = SCAPINetworkError
    16  	case saltpack.ErrNoSenderKey:
    17  		code = SCDecryptionKeyNotFound
    18  	case saltpack.ErrWrongMessageType:
    19  		code = SCWrongCryptoMsgType
    20  	}
    21  	return code
    22  }
    23  
    24  func SaltpackDecrypt(m MetaContext, source io.Reader, sink io.WriteCloser,
    25  	decryptionKeyring saltpack.SigncryptKeyring,
    26  	checkSenderMki func(*saltpack.MessageKeyInfo) error,
    27  	checkSenderSigningKey func(saltpack.SigningPublicKey) error,
    28  	keyResolver saltpack.SymmetricKeyResolver) (mki *saltpack.MessageKeyInfo, err error) {
    29  	defer func() {
    30  		if derr, ok := err.(DecryptionError); ok {
    31  			derr.Cause.StatusCode = getStatusCodeFromDecryptionError(&derr)
    32  			err = derr
    33  		}
    34  	}()
    35  
    36  	sc, newSource, err := ClassifyStream(source)
    37  	if err != nil {
    38  		return nil, err
    39  	}
    40  
    41  	if sc.Format != CryptoMessageFormatSaltpack {
    42  		return nil, WrongCryptoFormatError{
    43  			Wanted:    CryptoMessageFormatSaltpack,
    44  			Received:  sc.Format,
    45  			Operation: "decrypt",
    46  		}
    47  	}
    48  
    49  	source = newSource
    50  
    51  	// mki will be set for DH mode, senderSigningKey will be set for signcryption mode
    52  	plainsource, typ, mki, senderSigningKey, isArmored, brand, _, err := saltpack.ClassifyEncryptedStreamAndMakeDecoder(source, decryptionKeyring, keyResolver)
    53  	if err != nil {
    54  		return mki, DecryptionError{Cause: ErrorCause{Err: err}}
    55  	}
    56  
    57  	if typ == saltpack.MessageTypeEncryption && checkSenderMki != nil {
    58  		if err = checkSenderMki(mki); err != nil {
    59  			return mki, DecryptionError{Cause: ErrorCause{Err: err}}
    60  		}
    61  	}
    62  	if typ == saltpack.MessageTypeSigncryption && checkSenderSigningKey != nil {
    63  		if err = checkSenderSigningKey(senderSigningKey); err != nil {
    64  			return nil, DecryptionError{Cause: ErrorCause{Err: err}}
    65  		}
    66  	}
    67  
    68  	n, err := io.Copy(sink, plainsource)
    69  	if err != nil {
    70  		return mki, DecryptionError{Cause: ErrorCause{Err: err}}
    71  	}
    72  
    73  	if isArmored {
    74  		// Note: the following check always passes!
    75  		if err = checkSaltpackBrand(brand); err != nil {
    76  			return mki, DecryptionError{Cause: ErrorCause{Err: err}}
    77  		}
    78  	}
    79  
    80  	m.Debug("Decrypt: read %d bytes", n)
    81  
    82  	if err := sink.Close(); err != nil {
    83  		return mki, DecryptionError{Cause: ErrorCause{Err: err}}
    84  	}
    85  	return mki, nil
    86  }