Commit ccbf0084 authored by Lukas Matt's avatar Lukas Matt

Extracted AES from encryption file

related to ganggo/ganggo#12
parent aa0a6e1a
package federation
//
// GangGo Diaspora Federation Library
// Copyright (C) 2017 Lukas Matt <lukas@zauberstuhl.de>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
import (
"encoding/base64"
"crypto/aes"
"crypto/cipher"
)
type Aes struct {
Key string `json:"key,omitempty"`
Iv string `json:"iv,omitempty"`
Data string `json:"-"`
}
func (a Aes) Decrypt() (ciphertext []byte, err error) {
key, err := base64.StdEncoding.DecodeString(a.Key)
if err != nil {
return ciphertext, err
}
iv, err := base64.StdEncoding.DecodeString(a.Iv)
if err != nil {
return ciphertext, err
}
ciphertext, err = base64.URLEncoding.DecodeString(a.Data)
if err != nil {
return ciphertext, err
}
headerText, err := base64.StdEncoding.DecodeString(string(ciphertext))
if err == nil {
// depending on the request
// we have to do it twice
ciphertext = headerText
}
return decryptAES(key, iv, ciphertext)
}
func decryptAES(key, iv, ciphertext []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return ciphertext, err
}
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(ciphertext, ciphertext)
return ciphertext, nil
}
......@@ -23,8 +23,6 @@ import (
"crypto/x509"
"crypto/rand"
"crypto/sha256"
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"encoding/pem"
"encoding/xml"
......@@ -72,69 +70,6 @@ func ParseRSAPrivKey(decodedKey []byte) (privkey *rsa.PrivateKey, err error) {
return
}
func (aes *XmlDecryptedHeader) DecryptAES(ciphertext *[]byte, data string) error {
key, err := base64.StdEncoding.DecodeString(aes.AesKey)
if err != nil {
return err
}
iv, err := base64.StdEncoding.DecodeString(aes.Iv)
if err != nil {
return err
}
*ciphertext, err = base64.URLEncoding.DecodeString(data)
if err != nil {
return err
}
// diaspora magic do it twice
*ciphertext, err = base64.StdEncoding.DecodeString(string(*ciphertext))
if err != nil {
return err
}
*ciphertext, err = DecryptAES(key, iv, *ciphertext)
if err != nil {
return err
}
return nil
}
func (aes *JsonAesKey) DecryptAES(ciphertext *[]byte, data string) error {
key, err := base64.StdEncoding.DecodeString(aes.Key)
if err != nil {
return err
}
iv, err := base64.StdEncoding.DecodeString(aes.Iv)
if err != nil {
return err
}
*ciphertext, err = base64.StdEncoding.DecodeString(data)
if err != nil {
return err
}
*ciphertext, err = DecryptAES(key, iv, *ciphertext)
if err != nil {
return err
}
return nil
}
func DecryptAES(key, iv, ciphertext []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return ciphertext, err
}
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(ciphertext, ciphertext)
return ciphertext, nil
}
func (request *DiasporaUnmarshal) VerifySignature(serialized []byte) error {
pubkey, err := ParseRSAPubKey(serialized)
if err != nil {
......@@ -250,14 +185,14 @@ func (request *DiasporaUnmarshal) DecryptHeader(serialized []byte) error {
return err
}
var aesKey JsonAesKey
err = json.Unmarshal(aesKeyJson, &aesKey)
var aesKeySet Aes
err = json.Unmarshal(aesKeyJson, &aesKeySet)
if err != nil {
return err
}
aesKeySet.Data = header.Ciphertext
var ciphertext []byte
err = aesKey.DecryptAES(&ciphertext, header.Ciphertext)
ciphertext, err := aesKeySet.Decrypt()
if err != nil {
return err
}
......
......@@ -35,11 +35,6 @@ type XmlDecryptedHeader struct {
AuthorId string `xml:"author_id"`
}
type JsonAesKey struct {
Key string `json:"key,omitempty"`
Iv string `json:"iv,omitempty"`
}
type JsonEnvHeader struct {
AesKey string `json:"aes_key"`
Ciphertext string `json:"ciphertext"`
......
......@@ -52,3 +52,7 @@ func MagicEnvelope(privkey string, handle, plainXml []byte) (payload []byte, err
info("payload", string(payload))
return
}
//func EncryptedMagicEnvelope(privkey, pubkey string, handle, plainXml []byte) (payload []byte, err error) {
//
//}
......@@ -70,8 +70,12 @@ func (request *DiasporaUnmarshal) ParsePrivate(pubkey []byte) (entity Entity, er
return
}
var xmlPayload []byte
err = request.DecryptedHeader.DecryptAES(&xmlPayload, request.Env.Data.Data)
aesKeySet := Aes{
Key: request.DecryptedHeader.AesKey,
Iv: request.DecryptedHeader.Iv,
Data: request.Env.Data.Data,
}
xmlPayload, err := aesKeySet.Decrypt()
if err != nil {
warn(err)
return
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment