登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

zhuchance / kubernetes

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
symmetric_key_encrypted.go 4.63 KB
一键复制 编辑 原始数据 按行查看 历史
Yifan Gu 提交于 2015-04-27 18:12 . Godep: Add godep for rkt.
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
// Copyright 2011 The Go Authors. All rights reserved.

// Use of this source code is governed by a BSD-style

// license that can be found in the LICENSE file.



package packet



import (

	"bytes"

	"crypto/cipher"

	"io"

	"strconv"



	"golang.org/x/crypto/openpgp/errors"

	"golang.org/x/crypto/openpgp/s2k"

)



// This is the largest session key that we'll support. Since no 512-bit cipher

// has even been seriously used, this is comfortably large.

const maxSessionKeySizeInBytes = 64



// SymmetricKeyEncrypted represents a passphrase protected session key. See RFC

// 4880, section 5.3.

type SymmetricKeyEncrypted struct {

	CipherFunc   CipherFunction

	Encrypted    bool

	Key          []byte // Empty unless Encrypted is false.

	s2k          func(out, in []byte)

	encryptedKey []byte

}



const symmetricKeyEncryptedVersion = 4



func (ske *SymmetricKeyEncrypted) parse(r io.Reader) (err error) {

	// RFC 4880, section 5.3.

	var buf [2]byte

	_, err = readFull(r, buf[:])

	if err != nil {

		return

	}

	if buf[0] != symmetricKeyEncryptedVersion {

		return errors.UnsupportedError("SymmetricKeyEncrypted version")

	}

	ske.CipherFunc = CipherFunction(buf[1])



	if ske.CipherFunc.KeySize() == 0 {

		return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[1])))

	}



	ske.s2k, err = s2k.Parse(r)

	if err != nil {

		return

	}



	encryptedKey := make([]byte, maxSessionKeySizeInBytes)

	// The session key may follow. We just have to try and read to find

	// out. If it exists then we limit it to maxSessionKeySizeInBytes.

	n, err := readFull(r, encryptedKey)

	if err != nil && err != io.ErrUnexpectedEOF {

		return

	}

	err = nil

	if n != 0 {

		if n == maxSessionKeySizeInBytes {

			return errors.UnsupportedError("oversized encrypted session key")

		}

		ske.encryptedKey = encryptedKey[:n]

	}



	ske.Encrypted = true



	return

}



// Decrypt attempts to decrypt an encrypted session key. If it returns nil,

// ske.Key will contain the session key.

func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) error {

	if !ske.Encrypted {

		return nil

	}



	key := make([]byte, ske.CipherFunc.KeySize())

	ske.s2k(key, passphrase)



	if len(ske.encryptedKey) == 0 {

		ske.Key = key

	} else {

		// the IV is all zeros

		iv := make([]byte, ske.CipherFunc.blockSize())

		c := cipher.NewCFBDecrypter(ske.CipherFunc.new(key), iv)

		c.XORKeyStream(ske.encryptedKey, ske.encryptedKey)

		ske.CipherFunc = CipherFunction(ske.encryptedKey[0])

		if ske.CipherFunc.blockSize() == 0 {

			return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(ske.CipherFunc)))

		}

		ske.CipherFunc = CipherFunction(ske.encryptedKey[0])

		ske.Key = ske.encryptedKey[1:]

		if len(ske.Key)%ske.CipherFunc.blockSize() != 0 {

			ske.Key = nil

			return errors.StructuralError("length of decrypted key not a multiple of block size")

		}

	}



	ske.Encrypted = false

	return nil

}



// SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w. The

// packet contains a random session key, encrypted by a key derived from the

// given passphrase. The session key is returned and must be passed to

// SerializeSymmetricallyEncrypted.

// If config is nil, sensible defaults will be used.

func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error) {

	cipherFunc := config.Cipher()

	keySize := cipherFunc.KeySize()

	if keySize == 0 {

		return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc)))

	}



	s2kBuf := new(bytes.Buffer)

	keyEncryptingKey := make([]byte, keySize)

	// s2k.Serialize salts and stretches the passphrase, and writes the

	// resulting key to keyEncryptingKey and the s2k descriptor to s2kBuf.

	err = s2k.Serialize(s2kBuf, keyEncryptingKey, config.Random(), passphrase, &s2k.Config{Hash: config.Hash(), S2KCount: config.PasswordHashIterations()})

	if err != nil {

		return

	}

	s2kBytes := s2kBuf.Bytes()



	packetLength := 2 /* header */ + len(s2kBytes) + 1 /* cipher type */ + keySize

	err = serializeHeader(w, packetTypeSymmetricKeyEncrypted, packetLength)

	if err != nil {

		return

	}



	var buf [2]byte

	buf[0] = symmetricKeyEncryptedVersion

	buf[1] = byte(cipherFunc)

	_, err = w.Write(buf[:])

	if err != nil {

		return

	}

	_, err = w.Write(s2kBytes)

	if err != nil {

		return

	}



	sessionKey := make([]byte, keySize)

	_, err = io.ReadFull(config.Random(), sessionKey)

	if err != nil {

		return

	}

	iv := make([]byte, cipherFunc.blockSize())

	c := cipher.NewCFBEncrypter(cipherFunc.new(keyEncryptingKey), iv)

	encryptedCipherAndKey := make([]byte, keySize+1)

	c.XORKeyStream(encryptedCipherAndKey, buf[1:])

	c.XORKeyStream(encryptedCipherAndKey[1:], sessionKey)

	_, err = w.Write(encryptedCipherAndKey)

	if err != nil {

		return

	}



	key = sessionKey

	return

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/meoom/kubernetes.git
git@gitee.com:meoom/kubernetes.git
meoom
kubernetes
kubernetes
v0.16.2
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
344bd9b3 5694891 D2dac590 5694891