Add basic Encrypt and Sign functions

Author: emersion

pgpmail.go

@@ -2,3 +2,18 @@
 //
 // PGP/MIME is defined in RFC 3156.
 package pgpmail
+
+import (
+	"crypto"
+)
+
+// See RFC 4880, section 9.4.
+var hashAlgs = map[string]crypto.Hash{
+	"pgp-md5":       crypto.MD5,
+	"pgp-sha1":      crypto.SHA1,
+	"pgp-ripemd160": crypto.RIPEMD160,
+	"pgp-sha256":    crypto.SHA256,
+	"pgp-sha384":    crypto.SHA384,
+	"pgp-sha512":    crypto.SHA512,
+	"pgp-sha224":    crypto.SHA224,
+}

reader.go

@@ -4,9 +4,9 @@ import (
 	"bufio"
 	"crypto"
 	"fmt"
+	"hash"
 	"io"
 	"mime"
-	"hash"
 	"strings"
 
 	"github.com/emersion/go-message/textproto"
@@ -105,24 +105,13 @@ func newEncryptedReader(h textproto.Header, mr *textproto.MultipartReader, keyri
 	}, nil
 }
 
-// See RFC 4880, section 9.4.
-var hashAlgs = map[string]crypto.Hash{
-	"pgp-md5": crypto.MD5,
-	"pgp-sha1": crypto.SHA1,
-	"pgp-ripemd160": crypto.RIPEMD160,
-	"pgp-sha256": crypto.SHA256,
-	"pgp-sha384": crypto.SHA384,
-	"pgp-sha512": crypto.SHA512,
-	"pgp-sha224": crypto.SHA224,
-}
-
 type signedReader struct {
-	keyring openpgp.KeyRing
+	keyring   openpgp.KeyRing
 	multipart *textproto.MultipartReader
-	signed io.Reader
-	hashFunc crypto.Hash
-	hash hash.Hash
-	md *openpgp.MessageDetails
+	signed    io.Reader
+	hashFunc  crypto.Hash
+	hash      hash.Hash
+	md        *openpgp.MessageDetails
 }
 
 func (r *signedReader) Read(b []byte) (int, error) {
@@ -234,10 +223,10 @@ func newSignedReader(h textproto.Header, mr *textproto.MultipartReader, micalg s
 
 	sr := &signedReader{
 		multipart: mr,
-		signed: p,
-		hashFunc: hashFunc,
-		hash: hash,
-		md: md,
+		signed:    p,
+		hashFunc:  hashFunc,
+		hash:      hash,
+		md:        md,
 	}
 	md.UnverifiedBody = sr
 

writer.go

@@ -0,0 +1,164 @@
+package pgpmail
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"mime"
+
+	"github.com/emersion/go-message/textproto"
+	"golang.org/x/crypto/openpgp"
+	"golang.org/x/crypto/openpgp/armor"
+	"golang.org/x/crypto/openpgp/packet"
+)
+
+type multiCloser []io.Closer
+
+func (mc multiCloser) Close() error {
+	for _, c := range mc {
+		if err := c.Close(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func Encrypt(w io.Writer, h textproto.Header, to []*openpgp.Entity, signed *openpgp.Entity, config *packet.Config) (io.WriteCloser, error) {
+	mw := textproto.NewMultipartWriter(w)
+
+	params := map[string]string{
+		"boundary": mw.Boundary(),
+		"protocol": "application/pgp-encrypted",
+	}
+	h.Set("Content-Type", mime.FormatMediaType("multipart/encrypted", params))
+
+	if err := textproto.WriteHeader(w, h); err != nil {
+		return nil, err
+	}
+
+	var controlHeader textproto.Header
+	controlHeader.Set("Content-Type", "application/pgp-encrypted")
+	controlWriter, err := mw.CreatePart(controlHeader)
+	if err != nil {
+		return nil, err
+	}
+	if _, err := controlWriter.Write([]byte("Version: 1\r\n")); err != nil {
+		return nil, err
+	}
+
+	var encryptedHeader textproto.Header
+	encryptedHeader.Set("Content-Type", "application/octet-stream")
+	encryptedWriter, err := mw.CreatePart(encryptedHeader)
+	if err != nil {
+		return nil, err
+	}
+
+	armorWriter, err := armor.Encode(encryptedWriter, "PGP MESSAGE", nil)
+	if err != nil {
+		return nil, err
+	}
+
+	plaintext, err := openpgp.Encrypt(armorWriter, to, signed, nil, config)
+	if err != nil {
+		return nil, err
+	}
+
+	return struct {
+		io.Writer
+		io.Closer
+	}{
+		plaintext,
+		multiCloser{
+			plaintext,
+			armorWriter,
+			mw,
+		},
+	}, nil
+}
+
+type signer struct {
+	io.Writer
+	pw     *io.PipeWriter
+	done   <-chan error
+	sigBuf bytes.Buffer
+	mw     *textproto.MultipartWriter
+}
+
+func (s *signer) Close() error {
+	// Close the pipe to let openpgp.DetachSign finish
+	if err := s.pw.Close(); err != nil {
+		return err
+	}
+	if err := <-s.done; err != nil {
+		return err
+	}
+	// At this point s.sigBuf contains the complete signature
+
+	var sigHeader textproto.Header
+	sigHeader.Set("Content-Type", "application/pgp-signature")
+	sigWriter, err := s.mw.CreatePart(sigHeader)
+	if err != nil {
+		return err
+	}
+
+	armorWriter, err := armor.Encode(sigWriter, "PGP MESSAGE", nil)
+	if err != nil {
+		return err
+	}
+
+	if _, err := io.Copy(armorWriter, &s.sigBuf); err != nil {
+		return err
+	}
+
+	if err := armorWriter.Close(); err != nil {
+		return err
+	}
+	return s.mw.Close()
+}
+
+func Sign(w io.Writer, header, signedHeader textproto.Header, signed *openpgp.Entity, config *packet.Config) (io.WriteCloser, error) {
+	mw := textproto.NewMultipartWriter(w)
+
+	var micalg string
+	for name, hash := range hashAlgs {
+		if hash == config.Hash() {
+			micalg = name
+			break
+		}
+	}
+	if micalg == "" {
+		return nil, fmt.Errorf("pgpmail: unknown hash algorithm %v", config.Hash())
+	}
+
+	params := map[string]string{
+		"boundary": mw.Boundary(),
+		"protocol": "application/pgp-signature",
+		"micalg":   micalg,
+	}
+	header.Set("Content-Type", mime.FormatMediaType("multipart/signed", params))
+
+	if err := textproto.WriteHeader(w, header); err != nil {
+		return nil, err
+	}
+
+	signedWriter, err := mw.CreatePart(signedHeader)
+	if err != nil {
+		return nil, err
+	}
+	// TODO: canonicalize text written to signedWriter
+
+	pr, pw := io.Pipe()
+	done := make(chan error, 1)
+	s := &signer{
+		Writer: signedWriter,
+		pw:     pw,
+		done:   done,
+		mw:     mw,
+	}
+
+	go func() {
+		done <- openpgp.DetachSign(&s.sigBuf, signed, pr, config)
+	}()
+
+	return s, nil
+}