aboutsummaryrefslogtreecommitdiff
path: root/keys.go
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2017-05-01 16:57:53 +0200
committerDimitri Sokolyuk <demon@dim13.org>2017-05-01 16:57:53 +0200
commiteae17147e143094e48050494b2da570f42d21986 (patch)
treeeecf454787918d8f9a07f630b60b8dbe75fb7540 /keys.go
parentd8bd486761d8e90b06a37b0658f81a2ebf3be9a8 (diff)
Reorder package
Diffstat (limited to 'keys.go')
-rw-r--r--keys.go148
1 files changed, 0 insertions, 148 deletions
diff --git a/keys.go b/keys.go
deleted file mode 100644
index b489385..0000000
--- a/keys.go
+++ /dev/null
@@ -1,148 +0,0 @@
-package signify
-
-import (
- "bytes"
- "crypto/rand"
- "crypto/sha512"
- "encoding/binary"
- "errors"
-
- "dim13.org/signify/bhash"
-
- "golang.org/x/crypto/ed25519"
-)
-
-const DefaultRounds = 42
-
-var (
- ErrInvalidPK = errors.New("unsupported format")
- ErrInvalidKDF = errors.New("unsupported KDF")
- ErrPassphrase = errors.New("incorrect passphrase")
- ErrInvalidKey = errors.New("invalid key")
- ErrKeyNum = errors.New("verification failed: checked against wrong key")
- ErrInvalidSig = errors.New("signature verfication failed")
-)
-
-var (
- pkAlg = [2]byte{'E', 'd'}
- kdfAlg = [2]byte{'B', 'K'}
-)
-
-type Sig struct {
- PKAlg [2]byte
- KeyNum [8]byte
- Sig [ed25519.SignatureSize]byte
-}
-
-type PubKey struct {
- PKAlg [2]byte
- KeyNum [8]byte
- PubKey [ed25519.PublicKeySize]byte
-}
-
-type EncKey struct {
- PKAlg [2]byte
- KDFAlg [2]byte
- KDFRounds uint32
- Salt [16]byte
- Checksum [8]byte
- KeyNum [8]byte
- SecKey [ed25519.PrivateKeySize]byte
-}
-
-func (v *Sig) Check() error {
- if v.PKAlg != pkAlg {
- return ErrInvalidPK
- }
- return nil
-}
-
-func (v *PubKey) Check() error {
- if v.PKAlg != pkAlg {
- return ErrInvalidPK
- }
- return nil
-}
-
-func (v *PubKey) Verify(message []byte, sig *Sig) error {
- if v.KeyNum != sig.KeyNum {
- return ErrKeyNum
- }
- if !ed25519.Verify(ed25519.PublicKey(v.PubKey[:]), message, sig.Sig[:]) {
- return ErrInvalidSig
- }
- return nil
-}
-
-func (v *EncKey) Sign(message []byte) *Sig {
- sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum}
- copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.SecKey[:]), message))
- return sig
-}
-
-func (v *EncKey) Check() error {
- if v.PKAlg != pkAlg {
- return ErrInvalidPK
- }
- if v.KDFAlg != kdfAlg {
- return ErrInvalidKDF
- }
- sum := sha512.Sum512(v.SecKey[:])
- if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) {
- return ErrInvalidKey
- }
- return nil
-}
-
-func (e *EncKey) Kdf(ask func() (string, error)) error {
- if e.KDFRounds == 0 {
- return nil
- }
- pass, err := ask()
- if err != nil {
- return err
- }
- xorkey := bhash.Pbkdf([]byte(pass), e.Salt[:], int(e.KDFRounds), len(e.SecKey))
- for i := range xorkey {
- e.SecKey[i] ^= xorkey[i]
- }
- return e.Check()
-}
-
-func Unmarshal(b []byte, v interface{}) error {
- buf := bytes.NewReader(b)
- if err := binary.Read(buf, binary.BigEndian, v); err != nil {
- return err
- }
- return nil
-}
-
-func Marshal(v interface{}) ([]byte, error) {
- buf := new(bytes.Buffer)
- if err := binary.Write(buf, binary.BigEndian, v); err != nil {
- return nil, err
- }
- return buf.Bytes(), nil
-}
-
-func NewKey() (PubKey, EncKey, error) {
- pub, sec, err := ed25519.GenerateKey(rand.Reader)
- if err != nil {
- return PubKey{}, EncKey{}, err
- }
-
- pubKey := PubKey{PKAlg: pkAlg}
- encKey := EncKey{PKAlg: pkAlg, KDFAlg: kdfAlg, KDFRounds: DefaultRounds}
-
- copy(pubKey.PubKey[:], pub)
- copy(encKey.SecKey[:], sec)
-
- checkSum := sha512.Sum512(sec)
- copy(encKey.Checksum[:], checkSum[:len(encKey.Checksum)])
-
- rand.Read(encKey.Salt[:])
- rand.Read(encKey.KeyNum[:])
- pubKey.KeyNum = encKey.KeyNum
-
- return pubKey, encKey, nil
-}