package auth
import (
+ "bytes"
"crypto/tls"
"crypto/x509"
+ "encoding/base64"
+ "golang.org/x/crypto/openpgp"
+ "golang.org/x/crypto/openpgp/packet"
"io/ioutil"
+
+ smslogger "sms/log"
)
var tlsConfig *tls.Config
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig = &tls.Config{
- ClientAuth: tls.RequireAndVerifyClientCert,
+ // Change to RequireAndVerify once we have mandatory certs
+ ClientAuth: tls.VerifyClientCertIfGiven,
ClientCAs: caCertPool,
MinVersion: tls.VersionTLS12,
}
}
return tlsConfig, nil
}
+
+// GeneratePGPKeyPair produces a PGP key pair and returns
+// two things:
+// A base64 encoded form of the public part of the entity
+// A base64 encoded form of the private key
+func GeneratePGPKeyPair() (string, string, error) {
+ var entity *openpgp.Entity
+ entity, err := openpgp.NewEntity("aaf.sms.init", "PGP Key for unsealing", "", nil)
+ if err != nil {
+ smslogger.WriteError(err.Error())
+ return "", "", err
+ }
+
+ // Sign the identity in the entity
+ for _, id := range entity.Identities {
+ err = id.SelfSignature.SignUserId(id.UserId.Id, entity.PrimaryKey, entity.PrivateKey, nil)
+ if err != nil {
+ smslogger.WriteError(err.Error())
+ return "", "", err
+ }
+ }
+
+ // Sign the subkey in the entity
+ for _, subkey := range entity.Subkeys {
+ err := subkey.Sig.SignKey(subkey.PublicKey, entity.PrivateKey, nil)
+ if err != nil {
+ smslogger.WriteError(err.Error())
+ return "", "", err
+ }
+ }
+
+ buffer := new(bytes.Buffer)
+ entity.Serialize(buffer)
+ pbkey := base64.StdEncoding.EncodeToString(buffer.Bytes())
+
+ buffer.Reset()
+ entity.SerializePrivate(buffer, nil)
+ prkey := base64.StdEncoding.EncodeToString(buffer.Bytes())
+
+ return pbkey, prkey, nil
+}
+
+// DecryptPGPBytes decrypts a PGP encoded input string and returns
+// a base64 representation of the decoded string
+func DecryptPGPBytes(data string, prKey string) (string, error) {
+ // Convert private key to bytes from base64
+ prKeyBytes, err := base64.StdEncoding.DecodeString(prKey)
+ if err != nil {
+ smslogger.WriteError("Error Decoding base64 private key: " + err.Error())
+ return "", err
+ }
+
+ dataBytes, err := base64.StdEncoding.DecodeString(data)
+ if err != nil {
+ smslogger.WriteError("Error Decoding base64 data: " + err.Error())
+ return "", err
+ }
+
+ prEntity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(prKeyBytes)))
+ if err != nil {
+ smslogger.WriteError("Error reading entity from PGP key: " + err.Error())
+ return "", err
+ }
+
+ prEntityList := &openpgp.EntityList{prEntity}
+ message, err := openpgp.ReadMessage(bytes.NewBuffer(dataBytes), prEntityList, nil, nil)
+ if err != nil {
+ smslogger.WriteError("Error Decrypting message: " + err.Error())
+ return "", err
+ }
+
+ var retBuf bytes.Buffer
+ retBuf.ReadFrom(message.UnverifiedBody)
+
+ return retBuf.String(), nil
+}