github.com/stackdocker/rkt@v0.10.1-0.20151109095037-1aa827478248/Godeps/_workspace/src/golang.org/x/crypto/openpgp/keys.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package openpgp 6 7 import ( 8 "crypto/rsa" 9 "github.com/coreos/rkt/Godeps/_workspace/src/golang.org/x/crypto/openpgp/armor" 10 "github.com/coreos/rkt/Godeps/_workspace/src/golang.org/x/crypto/openpgp/errors" 11 "github.com/coreos/rkt/Godeps/_workspace/src/golang.org/x/crypto/openpgp/packet" 12 "io" 13 "time" 14 ) 15 16 // PublicKeyType is the armor type for a PGP public key. 17 var PublicKeyType = "PGP PUBLIC KEY BLOCK" 18 19 // PrivateKeyType is the armor type for a PGP private key. 20 var PrivateKeyType = "PGP PRIVATE KEY BLOCK" 21 22 // An Entity represents the components of an OpenPGP key: a primary public key 23 // (which must be a signing key), one or more identities claimed by that key, 24 // and zero or more subkeys, which may be encryption keys. 25 type Entity struct { 26 PrimaryKey *packet.PublicKey 27 PrivateKey *packet.PrivateKey 28 Identities map[string]*Identity // indexed by Identity.Name 29 Revocations []*packet.Signature 30 Subkeys []Subkey 31 } 32 33 // An Identity represents an identity claimed by an Entity and zero or more 34 // assertions by other entities about that claim. 35 type Identity struct { 36 Name string // by convention, has the form "Full Name (comment) <email@example.com>" 37 UserId *packet.UserId 38 SelfSignature *packet.Signature 39 Signatures []*packet.Signature 40 } 41 42 // A Subkey is an additional public key in an Entity. Subkeys can be used for 43 // encryption. 44 type Subkey struct { 45 PublicKey *packet.PublicKey 46 PrivateKey *packet.PrivateKey 47 Sig *packet.Signature 48 } 49 50 // A Key identifies a specific public key in an Entity. This is either the 51 // Entity's primary key or a subkey. 52 type Key struct { 53 Entity *Entity 54 PublicKey *packet.PublicKey 55 PrivateKey *packet.PrivateKey 56 SelfSignature *packet.Signature 57 } 58 59 // A KeyRing provides access to public and private keys. 60 type KeyRing interface { 61 // KeysById returns the set of keys that have the given key id. 62 KeysById(id uint64) []Key 63 // KeysByIdAndUsage returns the set of keys with the given id 64 // that also meet the key usage given by requiredUsage. 65 // The requiredUsage is expressed as the bitwise-OR of 66 // packet.KeyFlag* values. 67 KeysByIdUsage(id uint64, requiredUsage byte) []Key 68 // DecryptionKeys returns all private keys that are valid for 69 // decryption. 70 DecryptionKeys() []Key 71 } 72 73 // primaryIdentity returns the Identity marked as primary or the first identity 74 // if none are so marked. 75 func (e *Entity) primaryIdentity() *Identity { 76 var firstIdentity *Identity 77 for _, ident := range e.Identities { 78 if firstIdentity == nil { 79 firstIdentity = ident 80 } 81 if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId { 82 return ident 83 } 84 } 85 return firstIdentity 86 } 87 88 // encryptionKey returns the best candidate Key for encrypting a message to the 89 // given Entity. 90 func (e *Entity) encryptionKey(now time.Time) (Key, bool) { 91 candidateSubkey := -1 92 93 for i, subkey := range e.Subkeys { 94 if subkey.Sig.FlagsValid && 95 subkey.Sig.FlagEncryptCommunications && 96 subkey.PublicKey.PubKeyAlgo.CanEncrypt() && 97 !subkey.Sig.KeyExpired(now) { 98 candidateSubkey = i 99 break 100 } 101 } 102 103 if candidateSubkey != -1 { 104 subkey := e.Subkeys[candidateSubkey] 105 return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig}, true 106 } 107 108 // If we don't have any candidate subkeys for encryption and 109 // the primary key doesn't have any usage metadata then we 110 // assume that the primary key is ok. Or, if the primary key is 111 // marked as ok to encrypt to, then we can obviously use it. 112 i := e.primaryIdentity() 113 if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagEncryptCommunications && 114 e.PrimaryKey.PubKeyAlgo.CanEncrypt() && 115 !i.SelfSignature.KeyExpired(now) { 116 return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true 117 } 118 119 // This Entity appears to be signing only. 120 return Key{}, false 121 } 122 123 // signingKey return the best candidate Key for signing a message with this 124 // Entity. 125 func (e *Entity) signingKey(now time.Time) (Key, bool) { 126 candidateSubkey := -1 127 128 for i, subkey := range e.Subkeys { 129 if subkey.Sig.FlagsValid && 130 subkey.Sig.FlagSign && 131 subkey.PublicKey.PubKeyAlgo.CanSign() && 132 !subkey.Sig.KeyExpired(now) { 133 candidateSubkey = i 134 break 135 } 136 } 137 138 if candidateSubkey != -1 { 139 subkey := e.Subkeys[candidateSubkey] 140 return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig}, true 141 } 142 143 // If we have no candidate subkey then we assume that it's ok to sign 144 // with the primary key. 145 i := e.primaryIdentity() 146 if !i.SelfSignature.FlagsValid || i.SelfSignature.FlagSign && 147 !i.SelfSignature.KeyExpired(now) { 148 return Key{e, e.PrimaryKey, e.PrivateKey, i.SelfSignature}, true 149 } 150 151 return Key{}, false 152 } 153 154 // An EntityList contains one or more Entities. 155 type EntityList []*Entity 156 157 // KeysById returns the set of keys that have the given key id. 158 func (el EntityList) KeysById(id uint64) (keys []Key) { 159 for _, e := range el { 160 if e.PrimaryKey.KeyId == id { 161 var selfSig *packet.Signature 162 for _, ident := range e.Identities { 163 if selfSig == nil { 164 selfSig = ident.SelfSignature 165 } else if ident.SelfSignature.IsPrimaryId != nil && *ident.SelfSignature.IsPrimaryId { 166 selfSig = ident.SelfSignature 167 break 168 } 169 } 170 keys = append(keys, Key{e, e.PrimaryKey, e.PrivateKey, selfSig}) 171 } 172 173 for _, subKey := range e.Subkeys { 174 if subKey.PublicKey.KeyId == id { 175 keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig}) 176 } 177 } 178 } 179 return 180 } 181 182 // KeysByIdAndUsage returns the set of keys with the given id that also meet 183 // the key usage given by requiredUsage. The requiredUsage is expressed as 184 // the bitwise-OR of packet.KeyFlag* values. 185 func (el EntityList) KeysByIdUsage(id uint64, requiredUsage byte) (keys []Key) { 186 for _, key := range el.KeysById(id) { 187 if len(key.Entity.Revocations) > 0 { 188 continue 189 } 190 191 if key.SelfSignature.RevocationReason != nil { 192 continue 193 } 194 195 if key.SelfSignature.FlagsValid && requiredUsage != 0 { 196 var usage byte 197 if key.SelfSignature.FlagCertify { 198 usage |= packet.KeyFlagCertify 199 } 200 if key.SelfSignature.FlagSign { 201 usage |= packet.KeyFlagSign 202 } 203 if key.SelfSignature.FlagEncryptCommunications { 204 usage |= packet.KeyFlagEncryptCommunications 205 } 206 if key.SelfSignature.FlagEncryptStorage { 207 usage |= packet.KeyFlagEncryptStorage 208 } 209 if usage&requiredUsage != requiredUsage { 210 continue 211 } 212 } 213 214 keys = append(keys, key) 215 } 216 return 217 } 218 219 // DecryptionKeys returns all private keys that are valid for decryption. 220 func (el EntityList) DecryptionKeys() (keys []Key) { 221 for _, e := range el { 222 for _, subKey := range e.Subkeys { 223 if subKey.PrivateKey != nil && (!subKey.Sig.FlagsValid || subKey.Sig.FlagEncryptStorage || subKey.Sig.FlagEncryptCommunications) { 224 keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig}) 225 } 226 } 227 } 228 return 229 } 230 231 // ReadArmoredKeyRing reads one or more public/private keys from an armor keyring file. 232 func ReadArmoredKeyRing(r io.Reader) (EntityList, error) { 233 block, err := armor.Decode(r) 234 if err == io.EOF { 235 return nil, errors.InvalidArgumentError("no armored data found") 236 } 237 if err != nil { 238 return nil, err 239 } 240 if block.Type != PublicKeyType && block.Type != PrivateKeyType { 241 return nil, errors.InvalidArgumentError("expected public or private key block, got: " + block.Type) 242 } 243 244 return ReadKeyRing(block.Body) 245 } 246 247 // ReadKeyRing reads one or more public/private keys. Unsupported keys are 248 // ignored as long as at least a single valid key is found. 249 func ReadKeyRing(r io.Reader) (el EntityList, err error) { 250 packets := packet.NewReader(r) 251 var lastUnsupportedError error 252 253 for { 254 var e *Entity 255 e, err = ReadEntity(packets) 256 if err != nil { 257 // TODO: warn about skipped unsupported/unreadable keys 258 if _, ok := err.(errors.UnsupportedError); ok { 259 lastUnsupportedError = err 260 err = readToNextPublicKey(packets) 261 } else if _, ok := err.(errors.StructuralError); ok { 262 // Skip unreadable, badly-formatted keys 263 lastUnsupportedError = err 264 err = readToNextPublicKey(packets) 265 } 266 if err == io.EOF { 267 err = nil 268 break 269 } 270 if err != nil { 271 el = nil 272 break 273 } 274 } else { 275 el = append(el, e) 276 } 277 } 278 279 if len(el) == 0 && err == nil { 280 err = lastUnsupportedError 281 } 282 return 283 } 284 285 // readToNextPublicKey reads packets until the start of the entity and leaves 286 // the first packet of the new entity in the Reader. 287 func readToNextPublicKey(packets *packet.Reader) (err error) { 288 var p packet.Packet 289 for { 290 p, err = packets.Next() 291 if err == io.EOF { 292 return 293 } else if err != nil { 294 if _, ok := err.(errors.UnsupportedError); ok { 295 err = nil 296 continue 297 } 298 return 299 } 300 301 if pk, ok := p.(*packet.PublicKey); ok && !pk.IsSubkey { 302 packets.Unread(p) 303 return 304 } 305 } 306 307 panic("unreachable") 308 } 309 310 // ReadEntity reads an entity (public key, identities, subkeys etc) from the 311 // given Reader. 312 func ReadEntity(packets *packet.Reader) (*Entity, error) { 313 e := new(Entity) 314 e.Identities = make(map[string]*Identity) 315 316 p, err := packets.Next() 317 if err != nil { 318 return nil, err 319 } 320 321 var ok bool 322 if e.PrimaryKey, ok = p.(*packet.PublicKey); !ok { 323 if e.PrivateKey, ok = p.(*packet.PrivateKey); !ok { 324 packets.Unread(p) 325 return nil, errors.StructuralError("first packet was not a public/private key") 326 } else { 327 e.PrimaryKey = &e.PrivateKey.PublicKey 328 } 329 } 330 331 if !e.PrimaryKey.PubKeyAlgo.CanSign() { 332 return nil, errors.StructuralError("primary key cannot be used for signatures") 333 } 334 335 var current *Identity 336 var revocations []*packet.Signature 337 EachPacket: 338 for { 339 p, err := packets.Next() 340 if err == io.EOF { 341 break 342 } else if err != nil { 343 return nil, err 344 } 345 346 switch pkt := p.(type) { 347 case *packet.UserId: 348 current = new(Identity) 349 current.Name = pkt.Id 350 current.UserId = pkt 351 e.Identities[pkt.Id] = current 352 353 for { 354 p, err = packets.Next() 355 if err == io.EOF { 356 return nil, io.ErrUnexpectedEOF 357 } else if err != nil { 358 return nil, err 359 } 360 361 sig, ok := p.(*packet.Signature) 362 if !ok { 363 return nil, errors.StructuralError("user ID packet not followed by self-signature") 364 } 365 366 if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId { 367 if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil { 368 return nil, errors.StructuralError("user ID self-signature invalid: " + err.Error()) 369 } 370 current.SelfSignature = sig 371 break 372 } 373 current.Signatures = append(current.Signatures, sig) 374 } 375 case *packet.Signature: 376 if pkt.SigType == packet.SigTypeKeyRevocation { 377 revocations = append(revocations, pkt) 378 } else if pkt.SigType == packet.SigTypeDirectSignature { 379 // TODO: RFC4880 5.2.1 permits signatures 380 // directly on keys (eg. to bind additional 381 // revocation keys). 382 } else if current == nil { 383 return nil, errors.StructuralError("signature packet found before user id packet") 384 } else { 385 current.Signatures = append(current.Signatures, pkt) 386 } 387 case *packet.PrivateKey: 388 if pkt.IsSubkey == false { 389 packets.Unread(p) 390 break EachPacket 391 } 392 err = addSubkey(e, packets, &pkt.PublicKey, pkt) 393 if err != nil { 394 return nil, err 395 } 396 case *packet.PublicKey: 397 if pkt.IsSubkey == false { 398 packets.Unread(p) 399 break EachPacket 400 } 401 err = addSubkey(e, packets, pkt, nil) 402 if err != nil { 403 return nil, err 404 } 405 default: 406 // we ignore unknown packets 407 } 408 } 409 410 if len(e.Identities) == 0 { 411 return nil, errors.StructuralError("entity without any identities") 412 } 413 414 for _, revocation := range revocations { 415 err = e.PrimaryKey.VerifyRevocationSignature(revocation) 416 if err == nil { 417 e.Revocations = append(e.Revocations, revocation) 418 } else { 419 // TODO: RFC 4880 5.2.3.15 defines revocation keys. 420 return nil, errors.StructuralError("revocation signature signed by alternate key") 421 } 422 } 423 424 return e, nil 425 } 426 427 func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *packet.PrivateKey) error { 428 var subKey Subkey 429 subKey.PublicKey = pub 430 subKey.PrivateKey = priv 431 p, err := packets.Next() 432 if err == io.EOF { 433 return io.ErrUnexpectedEOF 434 } 435 if err != nil { 436 return errors.StructuralError("subkey signature invalid: " + err.Error()) 437 } 438 var ok bool 439 subKey.Sig, ok = p.(*packet.Signature) 440 if !ok { 441 return errors.StructuralError("subkey packet not followed by signature") 442 } 443 if subKey.Sig.SigType != packet.SigTypeSubkeyBinding && subKey.Sig.SigType != packet.SigTypeSubkeyRevocation { 444 return errors.StructuralError("subkey signature with wrong type") 445 } 446 err = e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, subKey.Sig) 447 if err != nil { 448 return errors.StructuralError("subkey signature invalid: " + err.Error()) 449 } 450 e.Subkeys = append(e.Subkeys, subKey) 451 return nil 452 } 453 454 const defaultRSAKeyBits = 2048 455 456 // NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a 457 // single identity composed of the given full name, comment and email, any of 458 // which may be empty but must not contain any of "()<>\x00". 459 // If config is nil, sensible defaults will be used. 460 func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) { 461 currentTime := config.Now() 462 463 uid := packet.NewUserId(name, comment, email) 464 if uid == nil { 465 return nil, errors.InvalidArgumentError("user id field contained invalid characters") 466 } 467 signingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits) 468 if err != nil { 469 return nil, err 470 } 471 encryptingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits) 472 if err != nil { 473 return nil, err 474 } 475 476 e := &Entity{ 477 PrimaryKey: packet.NewRSAPublicKey(currentTime, &signingPriv.PublicKey), 478 PrivateKey: packet.NewRSAPrivateKey(currentTime, signingPriv), 479 Identities: make(map[string]*Identity), 480 } 481 isPrimaryId := true 482 e.Identities[uid.Id] = &Identity{ 483 Name: uid.Name, 484 UserId: uid, 485 SelfSignature: &packet.Signature{ 486 CreationTime: currentTime, 487 SigType: packet.SigTypePositiveCert, 488 PubKeyAlgo: packet.PubKeyAlgoRSA, 489 Hash: config.Hash(), 490 IsPrimaryId: &isPrimaryId, 491 FlagsValid: true, 492 FlagSign: true, 493 FlagCertify: true, 494 IssuerKeyId: &e.PrimaryKey.KeyId, 495 }, 496 } 497 498 e.Subkeys = make([]Subkey, 1) 499 e.Subkeys[0] = Subkey{ 500 PublicKey: packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey), 501 PrivateKey: packet.NewRSAPrivateKey(currentTime, encryptingPriv), 502 Sig: &packet.Signature{ 503 CreationTime: currentTime, 504 SigType: packet.SigTypeSubkeyBinding, 505 PubKeyAlgo: packet.PubKeyAlgoRSA, 506 Hash: config.Hash(), 507 FlagsValid: true, 508 FlagEncryptStorage: true, 509 FlagEncryptCommunications: true, 510 IssuerKeyId: &e.PrimaryKey.KeyId, 511 }, 512 } 513 e.Subkeys[0].PublicKey.IsSubkey = true 514 e.Subkeys[0].PrivateKey.IsSubkey = true 515 516 return e, nil 517 } 518 519 // SerializePrivate serializes an Entity, including private key material, to 520 // the given Writer. For now, it must only be used on an Entity returned from 521 // NewEntity. 522 // If config is nil, sensible defaults will be used. 523 func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) { 524 err = e.PrivateKey.Serialize(w) 525 if err != nil { 526 return 527 } 528 for _, ident := range e.Identities { 529 err = ident.UserId.Serialize(w) 530 if err != nil { 531 return 532 } 533 err = ident.SelfSignature.SignUserId(ident.UserId.Id, e.PrimaryKey, e.PrivateKey, config) 534 if err != nil { 535 return 536 } 537 err = ident.SelfSignature.Serialize(w) 538 if err != nil { 539 return 540 } 541 } 542 for _, subkey := range e.Subkeys { 543 err = subkey.PrivateKey.Serialize(w) 544 if err != nil { 545 return 546 } 547 err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config) 548 if err != nil { 549 return 550 } 551 err = subkey.Sig.Serialize(w) 552 if err != nil { 553 return 554 } 555 } 556 return nil 557 } 558 559 // Serialize writes the public part of the given Entity to w. (No private 560 // key material will be output). 561 func (e *Entity) Serialize(w io.Writer) error { 562 err := e.PrimaryKey.Serialize(w) 563 if err != nil { 564 return err 565 } 566 for _, ident := range e.Identities { 567 err = ident.UserId.Serialize(w) 568 if err != nil { 569 return err 570 } 571 err = ident.SelfSignature.Serialize(w) 572 if err != nil { 573 return err 574 } 575 for _, sig := range ident.Signatures { 576 err = sig.Serialize(w) 577 if err != nil { 578 return err 579 } 580 } 581 } 582 for _, subkey := range e.Subkeys { 583 err = subkey.PublicKey.Serialize(w) 584 if err != nil { 585 return err 586 } 587 err = subkey.Sig.Serialize(w) 588 if err != nil { 589 return err 590 } 591 } 592 return nil 593 } 594 595 // SignIdentity adds a signature to e, from signer, attesting that identity is 596 // associated with e. The provided identity must already be an element of 597 // e.Identities and the private key of signer must have been decrypted if 598 // necessary. 599 // If config is nil, sensible defaults will be used. 600 func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Config) error { 601 if signer.PrivateKey == nil { 602 return errors.InvalidArgumentError("signing Entity must have a private key") 603 } 604 if signer.PrivateKey.Encrypted { 605 return errors.InvalidArgumentError("signing Entity's private key must be decrypted") 606 } 607 ident, ok := e.Identities[identity] 608 if !ok { 609 return errors.InvalidArgumentError("given identity string not found in Entity") 610 } 611 612 sig := &packet.Signature{ 613 SigType: packet.SigTypeGenericCert, 614 PubKeyAlgo: signer.PrivateKey.PubKeyAlgo, 615 Hash: config.Hash(), 616 CreationTime: config.Now(), 617 IssuerKeyId: &signer.PrivateKey.KeyId, 618 } 619 if err := sig.SignUserId(identity, e.PrimaryKey, signer.PrivateKey, config); err != nil { 620 return err 621 } 622 ident.Signatures = append(ident.Signatures, sig) 623 return nil 624 }