2 * Copyright 2018 Intel Corporation, Inc
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
24 "golang.org/x/crypto/openpgp"
25 "golang.org/x/crypto/openpgp/packet"
31 var tlsConfig *tls.Config
33 // GetTLSConfig initializes a tlsConfig using the CA's certificate
34 // This config is then used to enable the server for mutual TLS
35 func GetTLSConfig(caCertFile string) (*tls.Config, error) {
36 // Initialize tlsConfig once
38 caCert, err := ioutil.ReadFile(caCertFile)
44 caCertPool := x509.NewCertPool()
45 caCertPool.AppendCertsFromPEM(caCert)
47 tlsConfig = &tls.Config{
48 // Change to RequireAndVerify once we have mandatory certs
49 ClientAuth: tls.VerifyClientCertIfGiven,
50 ClientCAs: caCertPool,
51 MinVersion: tls.VersionTLS12,
53 tlsConfig.BuildNameToCertificate()
58 // GeneratePGPKeyPair produces a PGP key pair and returns
60 // A base64 encoded form of the public part of the entity
61 // A base64 encoded form of the private key
62 func GeneratePGPKeyPair() (string, string, error) {
63 var entity *openpgp.Entity
64 entity, err := openpgp.NewEntity("aaf.sms.init", "PGP Key for unsealing", "", nil)
66 smslogger.WriteError(err.Error())
70 // Sign the identity in the entity
71 for _, id := range entity.Identities {
72 err = id.SelfSignature.SignUserId(id.UserId.Id, entity.PrimaryKey, entity.PrivateKey, nil)
74 smslogger.WriteError(err.Error())
79 // Sign the subkey in the entity
80 for _, subkey := range entity.Subkeys {
81 err := subkey.Sig.SignKey(subkey.PublicKey, entity.PrivateKey, nil)
83 smslogger.WriteError(err.Error())
88 buffer := new(bytes.Buffer)
89 entity.Serialize(buffer)
90 pbkey := base64.StdEncoding.EncodeToString(buffer.Bytes())
93 entity.SerializePrivate(buffer, nil)
94 prkey := base64.StdEncoding.EncodeToString(buffer.Bytes())
96 return pbkey, prkey, nil
99 // DecryptPGPBytes decrypts a PGP encoded input string and returns
100 // a base64 representation of the decoded string
101 func DecryptPGPBytes(data string, prKey string) (string, error) {
102 // Convert private key to bytes from base64
103 prKeyBytes, err := base64.StdEncoding.DecodeString(prKey)
105 smslogger.WriteError("Error Decoding base64 private key: " + err.Error())
109 dataBytes, err := base64.StdEncoding.DecodeString(data)
111 smslogger.WriteError("Error Decoding base64 data: " + err.Error())
115 prEntity, err := openpgp.ReadEntity(packet.NewReader(bytes.NewBuffer(prKeyBytes)))
117 smslogger.WriteError("Error reading entity from PGP key: " + err.Error())
121 prEntityList := &openpgp.EntityList{prEntity}
122 message, err := openpgp.ReadMessage(bytes.NewBuffer(dataBytes), prEntityList, nil, nil)
124 smslogger.WriteError("Error Decrypting message: " + err.Error())
128 var retBuf bytes.Buffer
129 retBuf.ReadFrom(message.UnverifiedBody)
131 return retBuf.String(), nil