diff options
-rw-r--r-- | key/enc.go | 59 | ||||
-rw-r--r-- | key/key.go | 131 | ||||
-rw-r--r-- | key/pub.go | 38 | ||||
-rw-r--r-- | key/sig.go | 28 |
4 files changed, 141 insertions, 115 deletions
diff --git a/key/enc.go b/key/enc.go new file mode 100644 index 0000000..2f2d48d --- /dev/null +++ b/key/enc.go @@ -0,0 +1,59 @@ +package key + +import ( + "bytes" + "crypto/sha512" + + "golang.org/x/crypto/ed25519" +) + +type Enc struct { + PKAlg [2]byte + KDFAlg [2]byte + KDFRounds uint32 + Salt [16]byte + Checksum [8]byte + KeyNum [8]byte + Key [ed25519.PrivateKeySize]byte +} + +func (v *Enc) Sign(message []byte) *Sig { + sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum} + copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message)) + return sig +} + +func (v *Enc) Check() error { + if v.PKAlg != pkAlg { + return ErrInvalidPK + } + if v.KDFAlg != kdfAlg { + return ErrInvalidKDF + } + sum := sha512.Sum512(v.Key[:]) + if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) { + return ErrInvalidKey + } + return nil +} + +func (v *Enc) MarshalBinary() ([]byte, error) { + return Marshal(v) +} + +func ParseEnc(data []byte, d KeyDeriver) (*Enc, error) { + var enc *Enc + if err := Unmarshal(data, enc); err != nil { + return nil, err + } + if d != nil && enc.KDFRounds > 0 { + xor, err := d.DeriveKey(enc.Salt[:], int(enc.KDFRounds), len(enc.Key)) + if err != nil { + return nil, err + } + for i := range xor { + enc.Key[i] ^= xor[i] + } + } + return enc, enc.Check() +} @@ -26,119 +26,8 @@ var ( kdfAlg = [2]byte{'B', 'K'} ) -type Sig struct { - PKAlg [2]byte - KeyNum [8]byte - Sig [ed25519.SignatureSize]byte -} - -type Pub struct { - PKAlg [2]byte - KeyNum [8]byte - Key [ed25519.PublicKeySize]byte -} - -type Enc struct { - PKAlg [2]byte - KDFAlg [2]byte - KDFRounds uint32 - Salt [16]byte - Checksum [8]byte - KeyNum [8]byte - Key [ed25519.PrivateKeySize]byte -} - -func (v *Sig) Check() error { - if v.PKAlg != pkAlg { - return ErrInvalidPK - } - return nil -} - -func (v *Pub) Check() error { - if v.PKAlg != pkAlg { - return ErrInvalidPK - } - return nil -} - -func (v *Pub) Verify(message []byte, sig *Sig) error { - if v.KeyNum != sig.KeyNum { - return ErrKeyNum - } - if !ed25519.Verify(ed25519.PublicKey(v.Key[:]), message, sig.Sig[:]) { - return ErrInvalidSig - } - return nil -} - -func (v *Enc) Sign(message []byte) *Sig { - sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum} - copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message)) - return sig -} - -func (v *Enc) Check() error { - if v.PKAlg != pkAlg { - return ErrInvalidPK - } - if v.KDFAlg != kdfAlg { - return ErrInvalidKDF - } - sum := sha512.Sum512(v.Key[:]) - if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) { - return ErrInvalidKey - } - return nil -} - -func Unmarshal(data []byte, v interface{}) error { - buf := bytes.NewReader(data) - if err := binary.Read(buf, binary.BigEndian, v); err != nil { - return err - } - return nil -} - -func Marshal(v interface{}) ([]byte, error) { - buf := new(bytes.Buffer) - if err := binary.Write(buf, binary.BigEndian, v); err != nil { - return nil, err - } - return buf.Bytes(), nil -} - -func ParseSig(data []byte) (*Sig, error) { - var sig *Sig - if err := Unmarshal(data, sig); err != nil { - return nil, err - } - return sig, sig.Check() -} - -func ParsePub(data []byte) (*Pub, error) { - var pub *Pub - if err := Unmarshal(data, pub); err != nil { - return nil, err - } - return pub, pub.Check() -} - -func ParseEnc(data []byte, d KeyDeriver) (*Enc, error) { - var enc *Enc - if err := Unmarshal(data, enc); err != nil { - return nil, err - } - if d != nil && enc.KDFRounds > 0 { - xor, err := d.DeriveKey(enc.Salt[:], int(enc.KDFRounds), len(enc.Key)) - if err != nil { - return nil, err - } - for i := range xor { - enc.Key[i] ^= xor[i] - } - } - return enc, enc.Check() +type KeyDeriver interface { + DeriveKey(salt []byte, rounds int, length int) ([]byte, error) } func NewKey(d KeyDeriver) (*Pub, *Enc, error) { @@ -174,6 +63,18 @@ func NewKey(d KeyDeriver) (*Pub, *Enc, error) { return pub, enc, nil } -type KeyDeriver interface { - DeriveKey(salt []byte, rounds int, length int) ([]byte, error) +func Unmarshal(data []byte, v interface{}) error { + buf := bytes.NewReader(data) + if err := binary.Read(buf, binary.BigEndian, v); err != nil { + return err + } + return nil +} + +func Marshal(v interface{}) ([]byte, error) { + buf := new(bytes.Buffer) + if err := binary.Write(buf, binary.BigEndian, v); err != nil { + return nil, err + } + return buf.Bytes(), nil } diff --git a/key/pub.go b/key/pub.go new file mode 100644 index 0000000..bc94e30 --- /dev/null +++ b/key/pub.go @@ -0,0 +1,38 @@ +package key + +import "golang.org/x/crypto/ed25519" + +type Pub struct { + PKAlg [2]byte + KeyNum [8]byte + Key [ed25519.PublicKeySize]byte +} + +func (v *Pub) Check() error { + if v.PKAlg != pkAlg { + return ErrInvalidPK + } + return nil +} + +func (v *Pub) Verify(message []byte, sig *Sig) error { + if v.KeyNum != sig.KeyNum { + return ErrKeyNum + } + if !ed25519.Verify(ed25519.PublicKey(v.Key[:]), message, sig.Sig[:]) { + return ErrInvalidSig + } + return nil +} + +func (v *Pub) MarshalBinary() ([]byte, error) { + return Marshal(v) +} + +func ParsePub(data []byte) (*Pub, error) { + var pub *Pub + if err := Unmarshal(data, pub); err != nil { + return nil, err + } + return pub, pub.Check() +} diff --git a/key/sig.go b/key/sig.go new file mode 100644 index 0000000..ecd02c6 --- /dev/null +++ b/key/sig.go @@ -0,0 +1,28 @@ +package key + +import "golang.org/x/crypto/ed25519" + +type Sig struct { + PKAlg [2]byte + KeyNum [8]byte + Sig [ed25519.SignatureSize]byte +} + +func (v *Sig) Check() error { + if v.PKAlg != pkAlg { + return ErrInvalidPK + } + return nil +} + +func (v *Sig) MarshalBinary() ([]byte, error) { + return Marshal(v) +} + +func ParseSig(data []byte) (*Sig, error) { + var sig *Sig + if err := Unmarshal(data, sig); err != nil { + return nil, err + } + return sig, sig.Check() +} |