From aafefa7f344441c709198e16cd07da11b4651a98 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Sun, 3 May 2020 02:53:40 -0400
Subject: also make the agent store decrypted org keys in memory

---
 src/cipherstring.rs | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

(limited to 'src/cipherstring.rs')

diff --git a/src/cipherstring.rs b/src/cipherstring.rs
index 15c9add..7ba64ca 100644
--- a/src/cipherstring.rs
+++ b/src/cipherstring.rs
@@ -10,6 +10,10 @@ pub enum CipherString {
         ciphertext: Vec<u8>,
         mac: Option<Vec<u8>>,
     },
+    Asymmetric {
+        // ty: 4 (RSA_2048_OAEP_SHA1)
+        ciphertext: Vec<u8>,
+    },
 }
 
 impl CipherString {
@@ -53,6 +57,11 @@ impl CipherString {
                     mac,
                 })
             }
+            4 => {
+                let ciphertext = base64::decode(contents)
+                    .context(crate::error::InvalidBase64)?;
+                Ok(Self::Asymmetric { ciphertext })
+            }
             _ => Err(Error::InvalidCipherString),
         }
     }
@@ -106,6 +115,7 @@ impl CipherString {
                     .decrypt_vec(ciphertext)
                     .context(crate::error::Decrypt)
             }
+            _ => Err(Error::InvalidCipherString),
         }
     }
 
@@ -132,6 +142,40 @@ impl CipherString {
                     .context(crate::error::Decrypt)?;
                 Ok(res)
             }
+            _ => Err(Error::InvalidCipherString),
+        }
+    }
+
+    pub fn decrypt_locked_asymmetric(
+        &self,
+        private_key: &crate::locked::PrivateKey,
+    ) -> Result<crate::locked::Vec> {
+        match self {
+            Self::Asymmetric { ciphertext } => {
+                // ring doesn't currently support asymmetric encryption (only
+                // signatures). see
+                // https://github.com/briansmith/ring/issues/691
+                let pkey = openssl::pkey::PKey::private_key_from_pkcs8(
+                    private_key.private_key(),
+                )
+                .unwrap(); // XXX
+                let rsa = pkey.rsa().unwrap(); // XXX
+
+                let mut res = crate::locked::Vec::new();
+                res.extend(std::iter::repeat(0).take(rsa.size() as usize));
+
+                let bytes = rsa
+                    .private_decrypt(
+                        ciphertext,
+                        res.data_mut(),
+                        openssl::rsa::Padding::PKCS1_OAEP,
+                    )
+                    .unwrap(); // XXX
+                res.truncate(bytes);
+
+                Ok(res)
+            }
+            _ => Err(Error::InvalidCipherString),
         }
     }
 }
@@ -183,6 +227,10 @@ impl std::fmt::Display for CipherString {
                     write!(f, "2.{}|{}", iv, ciphertext)
                 }
             }
+            Self::Asymmetric { ciphertext } => {
+                let ciphertext = base64::encode(&ciphertext);
+                write!(f, "4.{}", ciphertext)
+            }
         }
     }
 }
-- 
cgit v1.2.3-54-g00ecf