goldwarden-vaultwarden-bitw.../agent/bitwarden/crypto/encstring.go

283 lines
6.2 KiB
Go
Raw Normal View History

2023-07-17 03:23:26 +02:00
package crypto
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
cryptorand "crypto/rand"
"crypto/rsa"
"crypto/sha1"
"crypto/sha256"
"crypto/x509"
"errors"
"fmt"
"io"
"strconv"
2023-12-22 08:02:23 +01:00
"github.com/awnumar/memguard"
2023-07-17 03:23:26 +02:00
)
type EncString struct {
Type EncStringType
IV, CT, MAC []byte
}
type EncStringType int
const (
AesCbc256_B64 EncStringType = 0
AesCbc128_HmacSha256_B64 EncStringType = 1
AesCbc256_HmacSha256_B64 EncStringType = 2
Rsa2048_OaepSha256_B64 EncStringType = 3
Rsa2048_OaepSha1_B64 EncStringType = 4
Rsa2048_OaepSha256_HmacSha256_B64 EncStringType = 5
Rsa2048_OaepSha1_HmacSha256_B64 EncStringType = 6
)
func (t EncStringType) HasMAC() bool {
return t != AesCbc256_B64
}
func (s *EncString) UnmarshalText(data []byte) error {
if len(data) == 0 {
return nil
}
i := bytes.IndexByte(data, '.')
if i < 0 {
return errors.New("invalid cipher string format")
}
typStr := string(data[:i])
var err error
if t, err := strconv.Atoi(typStr); err != nil {
return errors.New("invalid cipher string type")
} else {
s.Type = EncStringType(t)
}
switch s.Type {
case AesCbc128_HmacSha256_B64, AesCbc256_HmacSha256_B64, AesCbc256_B64:
default:
return errors.New("invalid cipher string type")
}
data = data[i+1:]
parts := bytes.Split(data, []byte("|"))
if len(parts) != 3 {
return errors.New("invalid cipher string format")
}
if s.IV, err = b64decode(parts[0]); err != nil {
return err
}
if s.CT, err = b64decode(parts[1]); err != nil {
return err
}
if s.Type.HasMAC() {
if s.MAC, err = b64decode(parts[2]); err != nil {
return err
}
}
return nil
}
func (s EncString) MarshalText() ([]byte, error) {
if s.Type == 0 {
return nil, nil
}
var buf bytes.Buffer
buf.WriteString(strconv.Itoa(int(s.Type)))
buf.WriteByte('.')
buf.Write(b64encode(s.IV))
buf.WriteByte('|')
buf.Write(b64encode(s.CT))
if s.Type.HasMAC() {
buf.WriteByte('|')
buf.Write(b64encode(s.MAC))
}
return buf.Bytes(), nil
}
func (s EncString) IsNull() bool {
return len(s.IV) == 0 && len(s.CT) == 0 && len(s.MAC) == 0
}
func b64decode(src []byte) ([]byte, error) {
dst := make([]byte, b64enc.DecodedLen(len(src)))
n, err := b64enc.Decode(dst, src)
if err != nil {
return nil, err
}
dst = dst[:n]
return dst, nil
}
func b64encode(src []byte) []byte {
dst := make([]byte, b64enc.EncodedLen(len(src)))
b64enc.Encode(dst, src)
return dst
}
func DecryptWith(s EncString, key SymmetricEncryptionKey) ([]byte, error) {
2023-12-22 10:44:21 +01:00
encKeyData, err := key.EncryptionKeyBytes()
if err != nil {
return nil, err
}
2023-12-22 08:02:23 +01:00
macKeyData, err := key.MacKeyBytes()
2023-07-17 03:23:26 +02:00
if err != nil {
return nil, err
}
2023-12-22 08:02:23 +01:00
block, err := aes.NewCipher(encKeyData)
2023-07-17 03:23:26 +02:00
if err != nil {
return nil, err
}
switch s.Type {
case AesCbc256_B64, AesCbc256_HmacSha256_B64:
break
default:
return nil, fmt.Errorf("decrypt: unsupported cipher type %q", s.Type)
}
if s.Type == AesCbc256_HmacSha256_B64 {
2023-12-22 08:02:23 +01:00
if len(s.MAC) == 0 || len(macKeyData) == 0 {
2023-07-17 03:23:26 +02:00
return nil, fmt.Errorf("decrypt: cipher string type expects a MAC")
}
var msg []byte
msg = append(msg, s.IV...)
msg = append(msg, s.CT...)
2023-12-22 08:02:23 +01:00
if !isMacValid(msg, s.MAC, macKeyData) {
2023-07-17 03:23:26 +02:00
return nil, fmt.Errorf("decrypt: MAC mismatch")
}
} else if s.Type == AesCbc256_B64 {
return nil, fmt.Errorf("decrypt: cipher of unsupported type %q", s.Type)
}
if len(s.IV) != block.BlockSize() {
return nil, fmt.Errorf("decrypt: invalid IV length, expected %d, got %d", block.BlockSize(), len(s.IV))
2023-07-17 03:23:26 +02:00
}
mode := cipher.NewCBCDecrypter(block, s.IV)
dst := make([]byte, len(s.CT))
mode.CryptBlocks(dst, s.CT)
dst, err = unpadPKCS7(dst, aes.BlockSize)
if err != nil {
return nil, err
}
return dst, nil
}
2024-01-09 23:31:09 +01:00
func EncryptWith(data []byte, encType EncStringType, key SymmetricEncryptionKey) (EncString, error) {
2023-12-22 08:02:23 +01:00
encKeyData, err := key.EncryptionKeyBytes()
if err != nil {
return EncString{}, err
}
2023-12-22 08:02:23 +01:00
macKeyData, err := key.MacKeyBytes()
if err != nil {
return EncString{}, err
}
2023-07-17 03:23:26 +02:00
s := EncString{}
2024-01-09 23:31:09 +01:00
switch encType {
2023-07-17 03:23:26 +02:00
case AesCbc256_B64, AesCbc256_HmacSha256_B64:
default:
return s, fmt.Errorf("encrypt: unsupported cipher type %q", s.Type)
}
2024-01-09 23:31:09 +01:00
s.Type = encType
2023-07-17 03:23:26 +02:00
data = padPKCS7(data, aes.BlockSize)
2023-12-22 08:02:23 +01:00
block, err := aes.NewCipher(encKeyData)
2023-07-17 03:23:26 +02:00
if err != nil {
return s, err
}
s.IV = make([]byte, aes.BlockSize)
if _, err := io.ReadFull(cryptorand.Reader, s.IV); err != nil {
return s, err
}
s.CT = make([]byte, len(data))
mode := cipher.NewCBCEncrypter(block, s.IV)
mode.CryptBlocks(s.CT, data)
2024-01-09 23:31:09 +01:00
if encType == AesCbc256_HmacSha256_B64 {
2023-12-22 08:02:23 +01:00
if len(macKeyData) == 0 {
2023-07-17 03:23:26 +02:00
return s, fmt.Errorf("encrypt: cipher string type expects a MAC")
}
var macMessage []byte
macMessage = append(macMessage, s.IV...)
macMessage = append(macMessage, s.CT...)
2023-12-22 08:02:23 +01:00
mac := hmac.New(sha256.New, macKeyData)
2023-07-17 03:23:26 +02:00
mac.Write(macMessage)
s.MAC = mac.Sum(nil)
}
return s, nil
}
2023-12-22 08:02:23 +01:00
func GenerateAsymmetric(useMemguard bool) (AsymmetricEncryptionKey, error) {
2023-08-21 13:52:06 +02:00
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
2023-12-22 08:02:23 +01:00
return MemoryAsymmetricEncryptionKey{}, err
2023-08-21 13:52:06 +02:00
}
encKey, err := x509.MarshalPKCS8PrivateKey(key)
if err != nil {
2023-12-22 08:02:23 +01:00
return MemoryAsymmetricEncryptionKey{}, err
2023-08-21 13:52:06 +02:00
}
2023-12-22 08:02:23 +01:00
if useMemguard {
return MemguardAsymmetricEncryptionKey{memguard.NewEnclave(encKey)}, nil
} else {
return MemoryAsymmetricEncryptionKey{encKey}, nil
}
2023-08-21 13:52:06 +02:00
}
2023-07-17 03:23:26 +02:00
func DecryptWithAsymmetric(s []byte, asymmetrickey AsymmetricEncryptionKey) ([]byte, error) {
2023-12-22 08:02:23 +01:00
key, err := asymmetrickey.PrivateBytes()
2023-07-17 03:23:26 +02:00
if err != nil {
return nil, err
}
2023-12-22 08:02:23 +01:00
parsedKey, err := x509.ParsePKCS8PrivateKey(key)
2023-07-17 03:23:26 +02:00
if err != nil {
return nil, err
}
rawKey, err := b64decode(s[2:])
if err != nil {
return nil, err
}
res, err := rsa.DecryptOAEP(sha1.New(), rand.Reader, parsedKey.(*rsa.PrivateKey), rawKey, nil)
if err != nil {
return nil, err
}
return res, nil
}
func EncryptWithAsymmetric(s []byte, asymmbetrickey AsymmetricEncryptionKey) ([]byte, error) {
2023-12-22 08:02:23 +01:00
key, err := asymmbetrickey.PrivateBytes()
2023-07-17 03:23:26 +02:00
if err != nil {
return nil, err
}
2023-12-22 08:02:23 +01:00
parsedKey, err := x509.ParsePKIXPublicKey(key)
2023-07-17 03:23:26 +02:00
if err != nil {
return nil, err
}
res, err := rsa.EncryptOAEP(sha1.New(), rand.Reader, parsedKey.(*rsa.PublicKey), s, nil)
if err != nil {
return nil, err
}
resB64 := b64encode(res)
res = append([]byte("4."), resB64...)
return res, nil
}