aes.go 3.55 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
package federation
//
// GangGo Diaspora Federation Library
// Copyright (C) 2017 Lukas Matt <lukas@zauberstuhl.de>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.
//

import (
21
  "bytes"
22
  "io"
23
  "encoding/base64"
24
  "encoding/json"
25
  "crypto/aes"
26
  "crypto/rsa"
27
  "crypto/cipher"
28
  "crypto/rand"
29 30 31 32 33 34 35 36
)

type Aes struct {
  Key string `json:"key,omitempty"`
  Iv string `json:"iv,omitempty"`
  Data string `json:"-"`
}

37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
type AesWrapper struct {
  AesKey string `json:"aes_key"`
  MagicEnvelope string `json:"encrypted_magic_envelope"`
}

func (a *Aes) Generate() error {
  // The key argument should be the AES key,
  // either 16, 24, or 32 bytes to select
  // AES-128, AES-192, or AES-256.
  key := make([]byte, 32)

  _, err := io.ReadFull(rand.Reader, key)
  if err != nil {
    return err
  }
  a.Key = base64.StdEncoding.EncodeToString(key)

  // The IV needs to be unique, but not secure. Therefore it's common to
  // include it at the beginning of the ciphertext.
  iv := make([]byte, aes.BlockSize)
  if _, err := io.ReadFull(rand.Reader, iv); err != nil {
    return err
  }
  a.Iv = base64.StdEncoding.EncodeToString(iv)
  return nil
}

func (a *Aes) Encrypt(data []byte) error {
  // CBC mode works on blocks so plaintexts may need to be padded to the
  // next whole block. For an example of such padding, see
  // https://tools.ietf.org/html/rfc5246#section-6.2.3.2.
68 69 70
  padding := aes.BlockSize - len(data)%aes.BlockSize
  padtext := bytes.Repeat([]byte{byte(padding)}, padding)
  data = append(data, padtext...)
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89

  key, err := base64.StdEncoding.DecodeString(a.Key)
  if err != nil {
    return err
  }

  block, err := aes.NewCipher(key)
  if err != nil {
    return err
  }

  ciphertext := make([]byte, len(data))

  iv, err := base64.StdEncoding.DecodeString(a.Iv)
  if err != nil {
    return err
  }

  mode := cipher.NewCBCEncrypter(block, iv)
90
  mode.CryptBlocks(ciphertext, data)
91 92 93 94 95

  a.Data = base64.StdEncoding.EncodeToString(ciphertext)
  return nil
}

96 97 98 99 100 101 102 103 104 105 106
func (a Aes) Decrypt() (ciphertext []byte, err error) {
  key, err := base64.StdEncoding.DecodeString(a.Key)
  if err != nil {
    return ciphertext, err
  }

  iv, err := base64.StdEncoding.DecodeString(a.Iv)
  if err != nil {
    return ciphertext, err
  }

107 108 109
  ciphertext, err = base64.StdEncoding.DecodeString(a.Data)
  if err != nil {
    return ciphertext, err
110 111
  }

112
  block, err := aes.NewCipher(key)
113 114 115 116
  if err != nil {
    return ciphertext, err
  }

117 118 119 120
  mode := cipher.NewCBCDecrypter(block, iv)
  mode.CryptBlocks(ciphertext, ciphertext)

  return ciphertext, nil
121 122
}

Lukas Matt's avatar
Lukas Matt committed
123
func (w AesWrapper) Decrypt(privKey *rsa.PrivateKey) (entityXML []byte, err error) {
124 125 126 127 128
  encryptedAesKey, err := base64.StdEncoding.DecodeString(w.AesKey)
  if err != nil {
    return
  }

Lukas Matt's avatar
Lukas Matt committed
129
  decryptedAesKey, err := rsa.DecryptPKCS1v15(rand.Reader, privKey, encryptedAesKey)
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
  if err != nil {
    return
  }

  var aes Aes
  err = json.Unmarshal(decryptedAesKey, &aes)
  if err != nil {
    return
  }

  aes.Data = w.MagicEnvelope
  entityXML, err = aes.Decrypt()
  if err != nil {
    return
  }
  return
}