aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--key/enc.go59
-rw-r--r--key/key.go131
-rw-r--r--key/pub.go38
-rw-r--r--key/sig.go28
4 files changed, 141 insertions, 115 deletions
diff --git a/key/enc.go b/key/enc.go
new file mode 100644
index 0000000..2f2d48d
--- /dev/null
+++ b/key/enc.go
@@ -0,0 +1,59 @@
+package key
+
+import (
+ "bytes"
+ "crypto/sha512"
+
+ "golang.org/x/crypto/ed25519"
+)
+
+type Enc struct {
+ PKAlg [2]byte
+ KDFAlg [2]byte
+ KDFRounds uint32
+ Salt [16]byte
+ Checksum [8]byte
+ KeyNum [8]byte
+ Key [ed25519.PrivateKeySize]byte
+}
+
+func (v *Enc) Sign(message []byte) *Sig {
+ sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum}
+ copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message))
+ return sig
+}
+
+func (v *Enc) Check() error {
+ if v.PKAlg != pkAlg {
+ return ErrInvalidPK
+ }
+ if v.KDFAlg != kdfAlg {
+ return ErrInvalidKDF
+ }
+ sum := sha512.Sum512(v.Key[:])
+ if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) {
+ return ErrInvalidKey
+ }
+ return nil
+}
+
+func (v *Enc) MarshalBinary() ([]byte, error) {
+ return Marshal(v)
+}
+
+func ParseEnc(data []byte, d KeyDeriver) (*Enc, error) {
+ var enc *Enc
+ if err := Unmarshal(data, enc); err != nil {
+ return nil, err
+ }
+ if d != nil && enc.KDFRounds > 0 {
+ xor, err := d.DeriveKey(enc.Salt[:], int(enc.KDFRounds), len(enc.Key))
+ if err != nil {
+ return nil, err
+ }
+ for i := range xor {
+ enc.Key[i] ^= xor[i]
+ }
+ }
+ return enc, enc.Check()
+}
diff --git a/key/key.go b/key/key.go
index cb1e2b7..baa4deb 100644
--- a/key/key.go
+++ b/key/key.go
@@ -26,119 +26,8 @@ var (
kdfAlg = [2]byte{'B', 'K'}
)
-type Sig struct {
- PKAlg [2]byte
- KeyNum [8]byte
- Sig [ed25519.SignatureSize]byte
-}
-
-type Pub struct {
- PKAlg [2]byte
- KeyNum [8]byte
- Key [ed25519.PublicKeySize]byte
-}
-
-type Enc struct {
- PKAlg [2]byte
- KDFAlg [2]byte
- KDFRounds uint32
- Salt [16]byte
- Checksum [8]byte
- KeyNum [8]byte
- Key [ed25519.PrivateKeySize]byte
-}
-
-func (v *Sig) Check() error {
- if v.PKAlg != pkAlg {
- return ErrInvalidPK
- }
- return nil
-}
-
-func (v *Pub) Check() error {
- if v.PKAlg != pkAlg {
- return ErrInvalidPK
- }
- return nil
-}
-
-func (v *Pub) Verify(message []byte, sig *Sig) error {
- if v.KeyNum != sig.KeyNum {
- return ErrKeyNum
- }
- if !ed25519.Verify(ed25519.PublicKey(v.Key[:]), message, sig.Sig[:]) {
- return ErrInvalidSig
- }
- return nil
-}
-
-func (v *Enc) Sign(message []byte) *Sig {
- sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum}
- copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message))
- return sig
-}
-
-func (v *Enc) Check() error {
- if v.PKAlg != pkAlg {
- return ErrInvalidPK
- }
- if v.KDFAlg != kdfAlg {
- return ErrInvalidKDF
- }
- sum := sha512.Sum512(v.Key[:])
- if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) {
- return ErrInvalidKey
- }
- return nil
-}
-
-func Unmarshal(data []byte, v interface{}) error {
- buf := bytes.NewReader(data)
- if err := binary.Read(buf, binary.BigEndian, v); err != nil {
- return err
- }
- return nil
-}
-
-func Marshal(v interface{}) ([]byte, error) {
- buf := new(bytes.Buffer)
- if err := binary.Write(buf, binary.BigEndian, v); err != nil {
- return nil, err
- }
- return buf.Bytes(), nil
-}
-
-func ParseSig(data []byte) (*Sig, error) {
- var sig *Sig
- if err := Unmarshal(data, sig); err != nil {
- return nil, err
- }
- return sig, sig.Check()
-}
-
-func ParsePub(data []byte) (*Pub, error) {
- var pub *Pub
- if err := Unmarshal(data, pub); err != nil {
- return nil, err
- }
- return pub, pub.Check()
-}
-
-func ParseEnc(data []byte, d KeyDeriver) (*Enc, error) {
- var enc *Enc
- if err := Unmarshal(data, enc); err != nil {
- return nil, err
- }
- if d != nil && enc.KDFRounds > 0 {
- xor, err := d.DeriveKey(enc.Salt[:], int(enc.KDFRounds), len(enc.Key))
- if err != nil {
- return nil, err
- }
- for i := range xor {
- enc.Key[i] ^= xor[i]
- }
- }
- return enc, enc.Check()
+type KeyDeriver interface {
+ DeriveKey(salt []byte, rounds int, length int) ([]byte, error)
}
func NewKey(d KeyDeriver) (*Pub, *Enc, error) {
@@ -174,6 +63,18 @@ func NewKey(d KeyDeriver) (*Pub, *Enc, error) {
return pub, enc, nil
}
-type KeyDeriver interface {
- DeriveKey(salt []byte, rounds int, length int) ([]byte, error)
+func Unmarshal(data []byte, v interface{}) error {
+ buf := bytes.NewReader(data)
+ if err := binary.Read(buf, binary.BigEndian, v); err != nil {
+ return err
+ }
+ return nil
+}
+
+func Marshal(v interface{}) ([]byte, error) {
+ buf := new(bytes.Buffer)
+ if err := binary.Write(buf, binary.BigEndian, v); err != nil {
+ return nil, err
+ }
+ return buf.Bytes(), nil
}
diff --git a/key/pub.go b/key/pub.go
new file mode 100644
index 0000000..bc94e30
--- /dev/null
+++ b/key/pub.go
@@ -0,0 +1,38 @@
+package key
+
+import "golang.org/x/crypto/ed25519"
+
+type Pub struct {
+ PKAlg [2]byte
+ KeyNum [8]byte
+ Key [ed25519.PublicKeySize]byte
+}
+
+func (v *Pub) Check() error {
+ if v.PKAlg != pkAlg {
+ return ErrInvalidPK
+ }
+ return nil
+}
+
+func (v *Pub) Verify(message []byte, sig *Sig) error {
+ if v.KeyNum != sig.KeyNum {
+ return ErrKeyNum
+ }
+ if !ed25519.Verify(ed25519.PublicKey(v.Key[:]), message, sig.Sig[:]) {
+ return ErrInvalidSig
+ }
+ return nil
+}
+
+func (v *Pub) MarshalBinary() ([]byte, error) {
+ return Marshal(v)
+}
+
+func ParsePub(data []byte) (*Pub, error) {
+ var pub *Pub
+ if err := Unmarshal(data, pub); err != nil {
+ return nil, err
+ }
+ return pub, pub.Check()
+}
diff --git a/key/sig.go b/key/sig.go
new file mode 100644
index 0000000..ecd02c6
--- /dev/null
+++ b/key/sig.go
@@ -0,0 +1,28 @@
+package key
+
+import "golang.org/x/crypto/ed25519"
+
+type Sig struct {
+ PKAlg [2]byte
+ KeyNum [8]byte
+ Sig [ed25519.SignatureSize]byte
+}
+
+func (v *Sig) Check() error {
+ if v.PKAlg != pkAlg {
+ return ErrInvalidPK
+ }
+ return nil
+}
+
+func (v *Sig) MarshalBinary() ([]byte, error) {
+ return Marshal(v)
+}
+
+func ParseSig(data []byte) (*Sig, error) {
+ var sig *Sig
+ if err := Unmarshal(data, sig); err != nil {
+ return nil, err
+ }
+ return sig, sig.Check()
+}