aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--keys.go42
-rw-r--r--keys_test.go8
-rw-r--r--main.go25
3 files changed, 43 insertions, 32 deletions
diff --git a/keys.go b/keys.go
index 9ca7e73..96e5c2a 100644
--- a/keys.go
+++ b/keys.go
@@ -15,9 +15,12 @@ import (
const DefaultRounds = 42
var (
+ ErrInvalidPK = errors.New("unsupported format")
ErrInvalidKDF = errors.New("unsupported KDF")
ErrPassphrase = errors.New("incorrect passphrase")
+ ErrInvalidKey = errors.New("invalid key")
ErrKeyNum = errors.New("verification failed: checked against wrong key")
+ ErrInvalidSig = errors.New("signature verfication failed")
)
var (
@@ -47,19 +50,28 @@ type EncKey struct {
SecKey [ed25519.PrivateKeySize]byte
}
-func (v *Sig) IsValid() bool {
- return v.PKAlg == PKAlg
+func (v *Sig) Check() error {
+ if v.PKAlg != PKAlg {
+ return ErrInvalidPK
+ }
+ return nil
}
-func (v *PubKey) IsValid() bool {
- return v.PKAlg == PKAlg
+func (v *PubKey) Check() error {
+ if v.PKAlg != PKAlg {
+ return ErrInvalidPK
+ }
+ return nil
}
-func (v *PubKey) Verify(message []byte, sig *Sig) bool {
- if v.PKAlg != sig.PKAlg || v.KeyNum != sig.KeyNum {
- return false
+func (v *PubKey) Verify(message []byte, sig *Sig) error {
+ if v.KeyNum != sig.KeyNum {
+ return ErrKeyNum
+ }
+ if !ed25519.Verify(ed25519.PublicKey(v.PubKey[:]), message, sig.Sig[:]) {
+ return ErrInvalidSig
}
- return ed25519.Verify(ed25519.PublicKey(v.PubKey[:]), message, sig.Sig[:])
+ return nil
}
func (v *EncKey) Sign(message []byte) *Sig {
@@ -68,12 +80,18 @@ func (v *EncKey) Sign(message []byte) *Sig {
return sig
}
-func (v *EncKey) IsValid() bool {
- if v.PKAlg != PKAlg || v.KDFAlg != KDFAlg {
- return false
+func (v *EncKey) Check() error {
+ if v.PKAlg != PKAlg {
+ return ErrInvalidPK
+ }
+ if v.KDFAlg != KDFAlg {
+ return ErrInvalidKDF
}
sum := sha512.Sum512(v.SecKey[:])
- return bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:])
+ if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) {
+ return ErrInvalidKey
+ }
+ return nil
}
func (e *EncKey) Kdf(pass string, rounds int) {
diff --git a/keys_test.go b/keys_test.go
index 0eb7e0c..92c222b 100644
--- a/keys_test.go
+++ b/keys_test.go
@@ -47,8 +47,8 @@ func TestUnmarshalEnc(t *testing.T) {
if !bytes.Equal(raw, out) {
t.Errorf("want %v, got %v", raw, out)
}
- if !v.IsValid() {
- t.Error("invalid %+v", v)
+ if err := v.Check(); err != nil {
+ t.Error(err)
}
}
@@ -64,7 +64,7 @@ func TestUnmarshalKDF(t *testing.T) {
t.Errorf("want %v, got %v", raw, out)
}
v.Kdf("test", DefaultRounds)
- if !v.IsValid() {
- t.Errorf("invalid %+v", v)
+ if err := v.Check(); err != nil {
+ t.Error(err)
}
}
diff --git a/main.go b/main.go
index 08e9cd9..7f97d99 100644
--- a/main.go
+++ b/main.go
@@ -1,7 +1,6 @@
package main
import (
- "errors"
"flag"
"fmt"
"io/ioutil"
@@ -17,12 +16,6 @@ import (
*/
var (
- ErrInvalidKey = errors.New("invalid key")
- ErrInvalidSig = errors.New("signature verfication failed")
- verOK = "Signature Verfied"
-)
-
-var (
checksum = flag.Bool("C", false, "Verify a signed checksum list")
generate = flag.Bool("G", false, "Generate a new key pair")
sign = flag.Bool("S", false, "Sign the specfied message")
@@ -121,8 +114,8 @@ func OpenSec(fname string) (*EncKey, error) {
}
encKey.Kdf(pass, int(encKey.KDFRounds))
}
- if !encKey.IsValid() {
- return nil, ErrInvalidKey
+ if err := encKey.Check(); err != nil {
+ return nil, err
}
return encKey, nil
}
@@ -136,8 +129,8 @@ func OpenPub(fname string) (*PubKey, error) {
if err := Unmarshal(f.RawKey, pubKey); err != nil {
return nil, err
}
- if !pubKey.IsValid() {
- return nil, ErrInvalidKey
+ if err := pubKey.Check(); err != nil {
+ return nil, err
}
return pubKey, nil
}
@@ -151,8 +144,8 @@ func OpenSig(fname string) (*Sig, []byte, error) {
if err := Unmarshal(f.RawKey, sig); err != nil {
return nil, nil, err
}
- if !sig.IsValid() {
- return nil, nil, ErrInvalidKey
+ if err := sig.Check(); err != nil {
+ return nil, nil, err
}
if f.Embedded() {
return sig, f.Message, nil
@@ -200,9 +193,9 @@ func Verify(msgFile, pubFile string) error {
if err != nil {
return err
}
- if !pubKey.Verify(body, sig) {
- return ErrInvalidSig
+ if err := pubKey.Verify(body, sig); err != nil {
+ return err
}
- log.Println(verOK)
+ log.Println("Signature Verfied")
return nil
}