-
Notifications
You must be signed in to change notification settings - Fork 0
/
lib.go
90 lines (78 loc) · 2.17 KB
/
lib.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package pbes1
import (
"crypto/cipher"
"crypto/des"
"crypto/md5"
"crypto/sha1"
"crypto/x509/pkix"
"encoding/asn1"
"hash"
)
var (
oidPBEMD5DESCBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 3}
oidPBEMD5RC2CBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 6}
oidPBESHA1DESCBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 10}
oidPBESHA1RC2CBC = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 11}
)
type encryptedPrivateKeyInfo struct {
EncryptionAlgorithm pkix.AlgorithmIdentifier
EncryptedData []byte
}
type pbes1Params struct {
Salt []uint8
Iterations int64
}
func DecryptPBES1(encrypted []byte, password []byte) ([]byte, error) {
var info encryptedPrivateKeyInfo
_, err := asn1.Unmarshal(encrypted, &info)
if err != nil {
return nil, err
}
var pbeParams pbes1Params
_, err = asn1.Unmarshal(info.EncryptionAlgorithm.Parameters.FullBytes, &pbeParams)
if err != nil {
panic(err)
}
var md hash.Hash
if info.EncryptionAlgorithm.Algorithm.Equal(oidPBEMD5DESCBC) {
md = md5.New()
} else if info.EncryptionAlgorithm.Algorithm.Equal(oidPBEMD5RC2CBC) {
md = md5.New()
} else if info.EncryptionAlgorithm.Algorithm.Equal(oidPBESHA1DESCBC) {
md = sha1.New()
} else if info.EncryptionAlgorithm.Algorithm.Equal(oidPBESHA1RC2CBC) {
md = sha1.New()
}
keyIv, err := pbkdf1(password, pbeParams.Salt, 16, int(pbeParams.Iterations), md)
if err != nil {
panic(err)
}
key := keyIv[:8]
iv := keyIv[8:]
var cb cipher.Block
if info.EncryptionAlgorithm.Algorithm.Equal(oidPBEMD5DESCBC) {
cb, err = des.NewCipher(key)
if err != nil {
return nil, err
}
} else if info.EncryptionAlgorithm.Algorithm.Equal(oidPBEMD5RC2CBC) {
cb, err = NewRC2(key, 64)
if err != nil {
return nil, err
}
} else if info.EncryptionAlgorithm.Algorithm.Equal(oidPBESHA1DESCBC) {
cb, err = des.NewCipher(key)
if err != nil {
return nil, err
}
} else if info.EncryptionAlgorithm.Algorithm.Equal(oidPBESHA1RC2CBC) {
cb, err = NewRC2(key, 64)
if err != nil {
return nil, err
}
}
dst := make([]byte, len(info.EncryptedData))
bm := cipher.NewCBCDecrypter(cb, iv)
bm.CryptBlocks(dst, info.EncryptedData)
return dst[:len(dst)-(int)(dst[len(dst)-1])], nil
}