func NewAgent(agentID []byte, accessKey *security.ManagedKey) (*Agent, error) {
if accessKey.Encrypted() {
return nil, security.ErrKeyMustBeDecrypted
}
iv := make([]byte, accessKey.KeySize())
if _, err := rand.Read(iv); err != nil {
return nil, err
}
if agentID == nil {
agentID = make([]byte, AgentIDSize)
if _, err := rand.Read(agentID); err != nil {
return nil, err
}
}
var (
mac [16]byte
key [32]byte
)
copy(key[:], accessKey.Plaintext)
poly1305.Sum(&mac, iv, &key)
agent := &Agent{
ID: agentID,
IV: iv,
MAC: mac[:],
Created: time.Now(),
}
return agent, nil
}
func (sec *AccountSecurity) ChangeClientKey(oldKey, newKey *security.ManagedKey) error {
if oldKey.Encrypted() || newKey.Encrypted() {
return security.ErrKeyMustBeDecrypted
}
// Extract decrypted UserKey and verify correctness of oldKey.
kek, _, err := sec.unlock(oldKey)
if err != nil {
return err
}
// Encrypt new UserKey.
if err := kek.Encrypt(newKey); err != nil {
return err
}
// Update MAC and encrypted UserKey.
var (
mac [16]byte
key [32]byte
)
copy(key[:], newKey.Plaintext)
poly1305.Sum(&mac, sec.Nonce, &key)
sec.MAC = mac[:]
sec.UserKey = *kek
return nil
}
func (b *AccountManagerBinding) SetUserKey(
ctx scope.Context, accountID snowflake.Snowflake, key *security.ManagedKey) error {
if !key.Encrypted() {
return security.ErrKeyMustBeEncrypted
}
res, err := b.DbMap.Exec(
"UPDATE account SET encrypted_user_key = $2 WHERE id = $1", accountID.String(), key.Ciphertext)
if err != nil {
if err == sql.ErrNoRows {
return proto.ErrAccountNotFound
}
return err
}
n, err := res.RowsAffected()
if err != nil {
return err
}
if n == 0 {
return proto.ErrAccountNotFound
}
return nil
}
func (sec *AccountSecurity) unlock(clientKey *security.ManagedKey) (
*security.ManagedKey, *security.ManagedKeyPair, error) {
if clientKey.Encrypted() {
return nil, nil, security.ErrKeyMustBeDecrypted
}
var (
mac [16]byte
key [32]byte
)
copy(mac[:], sec.MAC)
copy(key[:], clientKey.Plaintext)
if !poly1305.Verify(&mac, sec.Nonce, &key) {
return nil, nil, ErrAccessDenied
}
kek := sec.UserKey.Clone()
if err := kek.Decrypt(clientKey); err != nil {
return nil, nil, err
}
kp := sec.KeyPair.Clone()
if err := kp.Decrypt(&kek); err != nil {
return nil, nil, err
}
return &kek, &kp, nil
}
func emailVerificationToken(key *security.ManagedKey, email string) ([]byte, error) {
if key.Encrypted() {
return nil, security.ErrKeyMustBeDecrypted
}
mac := hmac.New(sha1.New, key.Plaintext)
mac.Write([]byte(email))
return mac.Sum(nil), nil
}
func newAgentCredentials(agent *proto.Agent, agentKey *security.ManagedKey) (*agentCredentials, error) {
if agentKey.Encrypted() {
return nil, security.ErrKeyMustBeDecrypted
}
ac := &agentCredentials{
ID: agent.IDString(),
Key: agentKey.Plaintext,
}
return ac, nil
}
func (pm *PM) transmitToAccount(kms security.KMS, pmKey *security.ManagedKey, receiver Account) (*PM, error) {
userKey := receiver.SystemKey()
if err := kms.DecryptKey(&userKey); err != nil {
return nil, err
}
encryptedReceiverKey := pmKey.Clone()
encryptedReceiverKey.IV = pm.IV
if err := encryptedReceiverKey.Encrypt(&userKey); err != nil {
return nil, err
}
pm.EncryptedReceiverKey = &encryptedReceiverKey
return pm, nil
}
func (a *Agent) Unlock(accessKey *security.ManagedKey) (*security.ManagedKey, error) {
if a.EncryptedClientKey == nil {
return nil, ErrClientKeyNotFound
}
if accessKey.Encrypted() {
return nil, security.ErrKeyMustBeDecrypted
}
if !a.verify(accessKey) {
return nil, ErrAccessDenied
}
clientKey := a.EncryptedClientKey.Clone()
if err := clientKey.Decrypt(accessKey); err != nil {
return nil, err
}
return &clientKey, nil
}
func (k *KMS) DecryptKey(key *security.ManagedKey) error {
if !key.Encrypted() {
return fmt.Errorf("aws kms: key is already decrypted")
}
ctx := map[string]*string{key.ContextKey: &key.ContextValue}
req := &kms.DecryptInput{
CiphertextBlob: key.Ciphertext,
EncryptionContext: ctx,
}
resp, err := k.kms.Decrypt(req)
if err != nil {
if apiErr, ok := err.(awserr.Error); ok && apiErr.Message() == "" {
err = fmt.Errorf("%s", apiErr.Code())
}
return fmt.Errorf("aws kms: error decrypting data key: %s", err)
}
key.Plaintext = resp.Plaintext
key.Ciphertext = nil
return nil
}
func decryptRoomKey(clientKey *security.ManagedKey, capability security.Capability) (
*security.ManagedKey, error) {
if clientKey.Encrypted() {
return nil, security.ErrKeyMustBeDecrypted
}
iv, err := base64.URLEncoding.DecodeString(capability.CapabilityID())
if err != nil {
return nil, err
}
roomKeyJSON := capability.EncryptedPayload()
if err := clientKey.BlockCrypt(iv, clientKey.Plaintext, roomKeyJSON, false); err != nil {
return nil, err
}
roomKey := &security.ManagedKey{
KeyType: security.AES128,
}
if err := json.Unmarshal(clientKey.Unpad(roomKeyJSON), &roomKey.Plaintext); err != nil {
return nil, err
}
return roomKey, nil
}
func (sec *RoomSecurity) Unlock(managerKey *security.ManagedKey) (*security.ManagedKeyPair, error) {
if managerKey.Encrypted() {
return nil, security.ErrKeyMustBeDecrypted
}
var (
mac [16]byte
key [32]byte
)
copy(mac[:], sec.MAC)
copy(key[:], managerKey.Plaintext)
if !poly1305.Verify(&mac, sec.KeyPair.IV, &key) {
return nil, ErrAccessDenied
}
kp := sec.KeyPair.Clone()
if err := kp.Decrypt(managerKey); err != nil {
return nil, err
}
return &kp, nil
}
func EncryptMessage(msg *Message, keyID string, key *security.ManagedKey) error {
if key == nil {
return security.ErrInvalidKey
}
if key.Encrypted() {
return security.ErrKeyMustBeDecrypted
}
payload := &Message{
Sender: msg.Sender,
Content: msg.Content,
}
plaintext, err := json.Marshal(payload)
if err != nil {
return err
}
// TODO: incorporate last edit ID into nonce
nonce := []byte(msg.ID.String())
data := []byte(msg.Sender.ID)
digest, ciphertext, err := security.EncryptGCM(key, nonce, plaintext, data)
if err != nil {
return fmt.Errorf("message encrypt: %s", err)
}
digestStr := base64.URLEncoding.EncodeToString(digest)
cipherStr := base64.URLEncoding.EncodeToString(ciphertext)
msg.Sender = SessionView{
IdentityView: IdentityView{ID: msg.Sender.ID},
SessionID: msg.Sender.SessionID,
}
msg.Content = digestStr + "/" + cipherStr
msg.EncryptionKeyID = "v1/" + keyID
return nil
}
func (a *Agent) SetClientKey(accessKey, clientKey *security.ManagedKey) error {
if accessKey.Encrypted() || clientKey.Encrypted() {
return security.ErrKeyMustBeDecrypted
}
if !a.verify(accessKey) {
return ErrAccessDenied
}
encryptedClientKey := clientKey.Clone()
encryptedClientKey.IV = a.IV
if err := encryptedClientKey.Encrypt(accessKey); err != nil {
return err
}
a.EncryptedClientKey = &encryptedClientKey
return nil
}