diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-01-16 15:21:33 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-01-16 15:21:33 +0100 |
| commit | 9dcff17ee0075213fa3f2fefcaa6579336f68be1 (patch) | |
| tree | df699b50b6cc25f5b0af69be6eec79f768ba0675 /openpgp/src | |
| parent | 91c1881b81491882128c78e454adb41a5161a1f5 (diff) | |
openpgp: Consolidate public key encryption code.
Diffstat (limited to 'openpgp/src')
| -rw-r--r-- | openpgp/src/crypto/asymmetric.rs | 36 | ||||
| -rw-r--r-- | openpgp/src/packet/pkesk.rs | 39 |
2 files changed, 38 insertions, 37 deletions
diff --git a/openpgp/src/crypto/asymmetric.rs b/openpgp/src/crypto/asymmetric.rs index 7185a471..e8dd32e4 100644 --- a/openpgp/src/crypto/asymmetric.rs +++ b/openpgp/src/crypto/asymmetric.rs @@ -269,3 +269,39 @@ impl From<KeyPair> for Key<key::SecretParts, key::UnspecifiedRole> { key.mark_parts_secret().expect("XXX") } } + +impl<P: key::KeyParts, R: key::KeyRole> Key<P, R> { + /// Encrypts the given data with this key. + pub fn encrypt(&self, data: &SessionKey) -> Result<mpis::Ciphertext> { + use crate::PublicKeyAlgorithm::*; + + #[allow(deprecated)] + match self.pk_algo() { + RSAEncryptSign | RSAEncrypt => { + // Extract the public recipient. + match self.mpis() { + mpis::PublicKey::RSA { e, n } => { + // The ciphertext has the length of the modulus. + let mut esk = vec![0u8; n.value().len()]; + let mut rng = Yarrow::default(); + let pk = rsa::PublicKey::new(n.value(), e.value())?; + rsa::encrypt_pkcs1(&pk, &mut rng, data, + &mut esk)?; + Ok(mpis::Ciphertext::RSA { + c: MPI::new(&esk), + }) + }, + pk => { + Err(Error::MalformedPacket( + format!( + "Key: Expected RSA public key, got {:?}", + pk)).into()) + }, + } + }, + ECDH => crate::crypto::ecdh::encrypt(self.mark_parts_public_ref(), + data), + algo => Err(Error::UnsupportedPublicKeyAlgorithm(algo).into()), + } + } +} diff --git a/openpgp/src/packet/pkesk.rs b/openpgp/src/packet/pkesk.rs index 5b2a9ae9..3554f991 100644 --- a/openpgp/src/packet/pkesk.rs +++ b/openpgp/src/packet/pkesk.rs @@ -12,14 +12,12 @@ use crate::packet::key; use crate::packet::Key; use crate::KeyID; use crate::crypto::Decryptor; -use crate::crypto::mpis::{self, MPI, Ciphertext}; +use crate::crypto::mpis::Ciphertext; use crate::Packet; use crate::PublicKeyAlgorithm; use crate::Result; use crate::SymmetricAlgorithm; use crate::crypto::SessionKey; -use crate::crypto::ecdh; -use nettle::{rsa, Yarrow}; use crate::packet; /// Holds an asymmetrically encrypted session key. @@ -81,9 +79,6 @@ impl PKESK3 { -> Result<PKESK3> where R: key::KeyRole { - use crate::PublicKeyAlgorithm::*; - let mut rng = Yarrow::default(); - // We need to prefix the cipher specifier to the session key, // and a two-octet checksum. let mut psk = Vec::with_capacity(1 + session_key.len() + 2); @@ -96,37 +91,7 @@ impl PKESK3 { psk.push((checksum >> 8) as u8); psk.push((checksum >> 0) as u8); let psk: SessionKey = psk.into(); - - #[allow(deprecated)] - let esk = match recipient.pk_algo() { - RSAEncryptSign | RSAEncrypt => { - // Extract the public recipient. - match recipient.mpis() { - &mpis::PublicKey::RSA { ref e, ref n } => { - // The ciphertext has the length of the modulus. - let mut esk = vec![0u8; n.value().len()]; - - let pk = rsa::PublicKey::new(n.value(), e.value())?; - rsa::encrypt_pkcs1(&pk, &mut rng, &psk, &mut esk)?; - Ciphertext::RSA {c: MPI::new(&esk)} - } - - pk => { - return Err( - Error::MalformedPacket( - format!( - "Key: Expected RSA public key, got {:?}", - pk)).into()); - } - } - }, - - ECDH => ecdh::encrypt(recipient, &psk)?, - - algo => - return Err(Error::UnsupportedPublicKeyAlgorithm(algo).into()), - }; - + let esk = recipient.encrypt(&psk)?; Ok(PKESK3{ common: Default::default(), recipient: recipient.keyid(), |