2 * Copyright 2018 Intel Corporation, Inc
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
24 "golang.org/x/crypto/openpgp"
25 "golang.org/x/crypto/openpgp/packet"
31 var tlsConfig *tls.Config
33 // GetTLSConfig initializes a tlsConfig using the CA's certificate
34 // This config is then used to enable the server for mutual TLS
35 func GetTLSConfig(caCertFile string) (*tls.Config, error) {
36 // Initialize tlsConfig once
38 caCert, err := ioutil.ReadFile(caCertFile)
44 caCertPool := x509.NewCertPool()
45 caCertPool.AppendCertsFromPEM(caCert)
47 tlsConfig = &tls.Config{
48 ClientAuth: tls.RequireAndVerifyClientCert,
49 ClientCAs: caCertPool,
50 MinVersion: tls.VersionTLS12,
52 tlsConfig.BuildNameToCertificate()
57 // GeneratePGPKeyPair produces a PGP key pair and returns
59 // A base64 encoded form of the public part of the entity
60 // A base64 encoded form of the private key
61 func GeneratePGPKeyPair() (string, string, error) {
62 var entity *openpgp.Entity
63 entity, err := openpgp.NewEntity("aaf.sms.init", "PGP Key for unsealing", "", nil)
65 smslogger.WriteError(err.Error())
69 // Sign the identity in the entity
70 for _, id := range entity.Identities {
71 err = id.SelfSignature.SignUserId(id.UserId.Id, entity.PrimaryKey, entity.PrivateKey, nil)
73 smslogger.WriteError(err.Error())
78 // Sign the subkey in the entity
79 for _, subkey := range entity.Subkeys {
80 err := subkey.Sig.SignKey(subkey.PublicKey, entity.PrivateKey, nil)
82 smslogger.WriteError(err.Error())
87 buffer := new(bytes.Buffer)
88 entity.Serialize(buffer)
89 pbkey := base64.StdEncoding.EncodeToString(buffer.Bytes())
92 entity.SerializePrivate(buffer, nil)
93 prkey := base64.StdEncoding.EncodeToString(buffer.Bytes())
95 return pbkey, prkey, nil
98 // DecryptPGPBytes decrypts a PGP encoded input string and returns
99 // a base64 representation of the decoded string
100 func DecryptPGPBytes(data string, prKey string) (string, error) {
101 // Convert private key to bytes from base64
102 prKeyBytes, err := base64.StdEncoding.DecodeString(prKey)
104 smslogger.WriteError("Error Decoding base64 private key: " + err.Error())
108 dataBytes, err := base64.StdEncoding.DecodeString(data)
110 smslogger.WriteError("Error Decoding base64 data: " + err.Error())
114 prEntity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(prKeyBytes)))
116 smslogger.WriteError("Error reading entity from PGP key: " + err.Error())
120 prEntityList := &openpgp.EntityList{prEntity}
121 message, err := openpgp.ReadMessage(bytes.NewBuffer(dataBytes), prEntityList, nil, nil)
123 smslogger.WriteError("Error Decrypting message: " + err.Error())
127 var retBuf bytes.Buffer
128 retBuf.ReadFrom(message.UnverifiedBody)
130 return retBuf.String(), nil