github.com/olivere/camlistore@v0.0.0-20140121221811-1b7ac2da0199/third_party/code.google.com/p/go.crypto/openpgp/packet/packet.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package packet implements parsing and serialization of OpenPGP packets, as 6 // specified in RFC 4880. 7 package packet 8 9 import ( 10 "camlistore.org/third_party/code.google.com/p/go.crypto/cast5" 11 "camlistore.org/third_party/code.google.com/p/go.crypto/openpgp/errors" 12 "crypto/aes" 13 "crypto/cipher" 14 "io" 15 "math/big" 16 ) 17 18 // readFull is the same as io.ReadFull except that reading zero bytes returns 19 // ErrUnexpectedEOF rather than EOF. 20 func readFull(r io.Reader, buf []byte) (n int, err error) { 21 n, err = io.ReadFull(r, buf) 22 if err == io.EOF { 23 err = io.ErrUnexpectedEOF 24 } 25 return 26 } 27 28 // readLength reads an OpenPGP length from r. See RFC 4880, section 4.2.2. 29 func readLength(r io.Reader) (length int64, isPartial bool, err error) { 30 var buf [4]byte 31 _, err = readFull(r, buf[:1]) 32 if err != nil { 33 return 34 } 35 switch { 36 case buf[0] < 192: 37 length = int64(buf[0]) 38 case buf[0] < 224: 39 length = int64(buf[0]-192) << 8 40 _, err = readFull(r, buf[0:1]) 41 if err != nil { 42 return 43 } 44 length += int64(buf[0]) + 192 45 case buf[0] < 255: 46 length = int64(1) << (buf[0] & 0x1f) 47 isPartial = true 48 default: 49 _, err = readFull(r, buf[0:4]) 50 if err != nil { 51 return 52 } 53 length = int64(buf[0])<<24 | 54 int64(buf[1])<<16 | 55 int64(buf[2])<<8 | 56 int64(buf[3]) 57 } 58 return 59 } 60 61 // partialLengthReader wraps an io.Reader and handles OpenPGP partial lengths. 62 // The continuation lengths are parsed and removed from the stream and EOF is 63 // returned at the end of the packet. See RFC 4880, section 4.2.2.4. 64 type partialLengthReader struct { 65 r io.Reader 66 remaining int64 67 isPartial bool 68 } 69 70 func (r *partialLengthReader) Read(p []byte) (n int, err error) { 71 for r.remaining == 0 { 72 if !r.isPartial { 73 return 0, io.EOF 74 } 75 r.remaining, r.isPartial, err = readLength(r.r) 76 if err != nil { 77 return 0, err 78 } 79 } 80 81 toRead := int64(len(p)) 82 if toRead > r.remaining { 83 toRead = r.remaining 84 } 85 86 n, err = r.r.Read(p[:int(toRead)]) 87 r.remaining -= int64(n) 88 if n < int(toRead) && err == io.EOF { 89 err = io.ErrUnexpectedEOF 90 } 91 return 92 } 93 94 // partialLengthWriter writes a stream of data using OpenPGP partial lengths. 95 // See RFC 4880, section 4.2.2.4. 96 type partialLengthWriter struct { 97 w io.WriteCloser 98 lengthByte [1]byte 99 } 100 101 func (w *partialLengthWriter) Write(p []byte) (n int, err error) { 102 for len(p) > 0 { 103 for power := uint(14); power < 32; power-- { 104 l := 1 << power 105 if len(p) >= l { 106 w.lengthByte[0] = 224 + uint8(power) 107 _, err = w.w.Write(w.lengthByte[:]) 108 if err != nil { 109 return 110 } 111 var m int 112 m, err = w.w.Write(p[:l]) 113 n += m 114 if err != nil { 115 return 116 } 117 p = p[l:] 118 break 119 } 120 } 121 } 122 return 123 } 124 125 func (w *partialLengthWriter) Close() error { 126 w.lengthByte[0] = 0 127 _, err := w.w.Write(w.lengthByte[:]) 128 if err != nil { 129 return err 130 } 131 return w.w.Close() 132 } 133 134 // A spanReader is an io.LimitReader, but it returns ErrUnexpectedEOF if the 135 // underlying Reader returns EOF before the limit has been reached. 136 type spanReader struct { 137 r io.Reader 138 n int64 139 } 140 141 func (l *spanReader) Read(p []byte) (n int, err error) { 142 if l.n <= 0 { 143 return 0, io.EOF 144 } 145 if int64(len(p)) > l.n { 146 p = p[0:l.n] 147 } 148 n, err = l.r.Read(p) 149 l.n -= int64(n) 150 if l.n > 0 && err == io.EOF { 151 err = io.ErrUnexpectedEOF 152 } 153 return 154 } 155 156 // readHeader parses a packet header and returns an io.Reader which will return 157 // the contents of the packet. See RFC 4880, section 4.2. 158 func readHeader(r io.Reader) (tag packetType, length int64, contents io.Reader, err error) { 159 var buf [4]byte 160 _, err = io.ReadFull(r, buf[:1]) 161 if err != nil { 162 return 163 } 164 if buf[0]&0x80 == 0 { 165 err = errors.StructuralError("tag byte does not have MSB set") 166 return 167 } 168 if buf[0]&0x40 == 0 { 169 // Old format packet 170 tag = packetType((buf[0] & 0x3f) >> 2) 171 lengthType := buf[0] & 3 172 if lengthType == 3 { 173 length = -1 174 contents = r 175 return 176 } 177 lengthBytes := 1 << lengthType 178 _, err = readFull(r, buf[0:lengthBytes]) 179 if err != nil { 180 return 181 } 182 for i := 0; i < lengthBytes; i++ { 183 length <<= 8 184 length |= int64(buf[i]) 185 } 186 contents = &spanReader{r, length} 187 return 188 } 189 190 // New format packet 191 tag = packetType(buf[0] & 0x3f) 192 length, isPartial, err := readLength(r) 193 if err != nil { 194 return 195 } 196 if isPartial { 197 contents = &partialLengthReader{ 198 remaining: length, 199 isPartial: true, 200 r: r, 201 } 202 length = -1 203 } else { 204 contents = &spanReader{r, length} 205 } 206 return 207 } 208 209 // serializeHeader writes an OpenPGP packet header to w. See RFC 4880, section 210 // 4.2. 211 func serializeHeader(w io.Writer, ptype packetType, length int) (err error) { 212 var buf [6]byte 213 var n int 214 215 buf[0] = 0x80 | 0x40 | byte(ptype) 216 if length < 192 { 217 buf[1] = byte(length) 218 n = 2 219 } else if length < 8384 { 220 length -= 192 221 buf[1] = 192 + byte(length>>8) 222 buf[2] = byte(length) 223 n = 3 224 } else { 225 buf[1] = 255 226 buf[2] = byte(length >> 24) 227 buf[3] = byte(length >> 16) 228 buf[4] = byte(length >> 8) 229 buf[5] = byte(length) 230 n = 6 231 } 232 233 _, err = w.Write(buf[:n]) 234 return 235 } 236 237 // serializeStreamHeader writes an OpenPGP packet header to w where the 238 // length of the packet is unknown. It returns a io.WriteCloser which can be 239 // used to write the contents of the packet. See RFC 4880, section 4.2. 240 func serializeStreamHeader(w io.WriteCloser, ptype packetType) (out io.WriteCloser, err error) { 241 var buf [1]byte 242 buf[0] = 0x80 | 0x40 | byte(ptype) 243 _, err = w.Write(buf[:]) 244 if err != nil { 245 return 246 } 247 out = &partialLengthWriter{w: w} 248 return 249 } 250 251 // Packet represents an OpenPGP packet. Users are expected to try casting 252 // instances of this interface to specific packet types. 253 type Packet interface { 254 parse(io.Reader) error 255 } 256 257 // consumeAll reads from the given Reader until error, returning the number of 258 // bytes read. 259 func consumeAll(r io.Reader) (n int64, err error) { 260 var m int 261 var buf [1024]byte 262 263 for { 264 m, err = r.Read(buf[:]) 265 n += int64(m) 266 if err == io.EOF { 267 err = nil 268 return 269 } 270 if err != nil { 271 return 272 } 273 } 274 275 panic("unreachable") 276 } 277 278 // packetType represents the numeric ids of the different OpenPGP packet types. See 279 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-2 280 type packetType uint8 281 282 const ( 283 packetTypeEncryptedKey packetType = 1 284 packetTypeSignature packetType = 2 285 packetTypeSymmetricKeyEncrypted packetType = 3 286 packetTypeOnePassSignature packetType = 4 287 packetTypePrivateKey packetType = 5 288 packetTypePublicKey packetType = 6 289 packetTypePrivateSubkey packetType = 7 290 packetTypeCompressed packetType = 8 291 packetTypeSymmetricallyEncrypted packetType = 9 292 packetTypeLiteralData packetType = 11 293 packetTypeUserId packetType = 13 294 packetTypePublicSubkey packetType = 14 295 packetTypeSymmetricallyEncryptedMDC packetType = 18 296 ) 297 298 // Read reads a single OpenPGP packet from the given io.Reader. If there is an 299 // error parsing a packet, the whole packet is consumed from the input. 300 func Read(r io.Reader) (p Packet, err error) { 301 tag, _, contents, err := readHeader(r) 302 if err != nil { 303 return 304 } 305 306 switch tag { 307 case packetTypeEncryptedKey: 308 p = new(EncryptedKey) 309 case packetTypeSignature: 310 p = new(Signature) 311 case packetTypeSymmetricKeyEncrypted: 312 p = new(SymmetricKeyEncrypted) 313 case packetTypeOnePassSignature: 314 p = new(OnePassSignature) 315 case packetTypePrivateKey, packetTypePrivateSubkey: 316 pk := new(PrivateKey) 317 if tag == packetTypePrivateSubkey { 318 pk.IsSubkey = true 319 } 320 p = pk 321 case packetTypePublicKey, packetTypePublicSubkey: 322 pk := new(PublicKey) 323 if tag == packetTypePublicSubkey { 324 pk.IsSubkey = true 325 } 326 p = pk 327 case packetTypeCompressed: 328 p = new(Compressed) 329 case packetTypeSymmetricallyEncrypted: 330 p = new(SymmetricallyEncrypted) 331 case packetTypeLiteralData: 332 p = new(LiteralData) 333 case packetTypeUserId: 334 p = new(UserId) 335 case packetTypeSymmetricallyEncryptedMDC: 336 se := new(SymmetricallyEncrypted) 337 se.MDC = true 338 p = se 339 default: 340 err = errors.UnknownPacketTypeError(tag) 341 } 342 if p != nil { 343 err = p.parse(contents) 344 } 345 if err != nil { 346 consumeAll(contents) 347 } 348 return 349 } 350 351 // SignatureType represents the different semantic meanings of an OpenPGP 352 // signature. See RFC 4880, section 5.2.1. 353 type SignatureType uint8 354 355 const ( 356 SigTypeBinary SignatureType = 0 357 SigTypeText = 1 358 SigTypeGenericCert = 0x10 359 SigTypePersonaCert = 0x11 360 SigTypeCasualCert = 0x12 361 SigTypePositiveCert = 0x13 362 SigTypeSubkeyBinding = 0x18 363 ) 364 365 // PublicKeyAlgorithm represents the different public key system specified for 366 // OpenPGP. See 367 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12 368 type PublicKeyAlgorithm uint8 369 370 const ( 371 PubKeyAlgoRSA PublicKeyAlgorithm = 1 372 PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 373 PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 374 PubKeyAlgoElGamal PublicKeyAlgorithm = 16 375 PubKeyAlgoDSA PublicKeyAlgorithm = 17 376 ) 377 378 // CanEncrypt returns true if it's possible to encrypt a message to a public 379 // key of the given type. 380 func (pka PublicKeyAlgorithm) CanEncrypt() bool { 381 switch pka { 382 case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal: 383 return true 384 } 385 return false 386 } 387 388 // CanSign returns true if it's possible for a public key of the given type to 389 // sign a message. 390 func (pka PublicKeyAlgorithm) CanSign() bool { 391 switch pka { 392 case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA: 393 return true 394 } 395 return false 396 } 397 398 // CipherFunction represents the different block ciphers specified for OpenPGP. See 399 // http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13 400 type CipherFunction uint8 401 402 const ( 403 CipherCAST5 CipherFunction = 3 404 CipherAES128 CipherFunction = 7 405 CipherAES192 CipherFunction = 8 406 CipherAES256 CipherFunction = 9 407 ) 408 409 // KeySize returns the key size, in bytes, of cipher. 410 func (cipher CipherFunction) KeySize() int { 411 switch cipher { 412 case CipherCAST5: 413 return cast5.KeySize 414 case CipherAES128: 415 return 16 416 case CipherAES192: 417 return 24 418 case CipherAES256: 419 return 32 420 } 421 return 0 422 } 423 424 // blockSize returns the block size, in bytes, of cipher. 425 func (cipher CipherFunction) blockSize() int { 426 switch cipher { 427 case CipherCAST5: 428 return 8 429 case CipherAES128, CipherAES192, CipherAES256: 430 return 16 431 } 432 return 0 433 } 434 435 // new returns a fresh instance of the given cipher. 436 func (cipher CipherFunction) new(key []byte) (block cipher.Block) { 437 switch cipher { 438 case CipherCAST5: 439 block, _ = cast5.NewCipher(key) 440 case CipherAES128, CipherAES192, CipherAES256: 441 block, _ = aes.NewCipher(key) 442 } 443 return 444 } 445 446 // readMPI reads a big integer from r. The bit length returned is the bit 447 // length that was specified in r. This is preserved so that the integer can be 448 // reserialized exactly. 449 func readMPI(r io.Reader) (mpi []byte, bitLength uint16, err error) { 450 var buf [2]byte 451 _, err = readFull(r, buf[0:]) 452 if err != nil { 453 return 454 } 455 bitLength = uint16(buf[0])<<8 | uint16(buf[1]) 456 numBytes := (int(bitLength) + 7) / 8 457 mpi = make([]byte, numBytes) 458 _, err = readFull(r, mpi) 459 return 460 } 461 462 // mpiLength returns the length of the given *big.Int when serialized as an 463 // MPI. 464 func mpiLength(n *big.Int) (mpiLengthInBytes int) { 465 mpiLengthInBytes = 2 /* MPI length */ 466 mpiLengthInBytes += (n.BitLen() + 7) / 8 467 return 468 } 469 470 // writeMPI serializes a big integer to w. 471 func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) { 472 _, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)}) 473 if err == nil { 474 _, err = w.Write(mpiBytes) 475 } 476 return 477 } 478 479 // writeBig serializes a *big.Int to w. 480 func writeBig(w io.Writer, i *big.Int) error { 481 return writeMPI(w, uint16(i.BitLen()), i.Bytes()) 482 }