aboutsummaryrefslogtreecommitdiff
path: root/key/gen.go
diff options
context:
space:
mode:
Diffstat (limited to 'key/gen.go')
-rw-r--r--key/gen.go66
1 files changed, 66 insertions, 0 deletions
diff --git a/key/gen.go b/key/gen.go
new file mode 100644
index 0000000..39436a1
--- /dev/null
+++ b/key/gen.go
@@ -0,0 +1,66 @@
+// Package key implements signify key format
+package key
+
+import (
+ "crypto/rand"
+ "crypto/sha512"
+ "errors"
+
+ "golang.org/x/crypto/ed25519"
+)
+
+const kdfRounds = 42
+
+var (
+ ErrInvalidPK = errors.New("unsupported format")
+ ErrInvalidKDF = errors.New("unsupported KDF")
+ ErrInvalidKey = errors.New("invalid key")
+ ErrKeyNum = errors.New("verification failed: checked against wrong key")
+ ErrInvalidSig = errors.New("signature verfication failed")
+)
+
+var (
+ pkAlg = [2]byte{'E', 'd'}
+ kdfAlg = [2]byte{'B', 'K'}
+)
+
+// Deriver returns a derived encryption key
+type Deriver interface {
+ Derive(salt []byte, rounds int, length int) ([]byte, error)
+}
+
+// Generate a new key pair
+func Generate(der Deriver) (*Pub, *Sec, error) {
+ pubKey, secKey, err := ed25519.GenerateKey(rand.Reader)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ // secret key
+ sec := &Sec{PKAlg: pkAlg, KDFAlg: kdfAlg}
+ copy(sec.Key[:], secKey)
+
+ checkSum := sha512.Sum512(secKey)
+ copy(sec.Checksum[:], checkSum[:len(sec.Checksum)])
+
+ if _, err := rand.Read(sec.Salt[:]); err != nil {
+ return nil, nil, err
+ }
+ if _, err := rand.Read(sec.KeyNum[:]); err != nil {
+ return nil, nil, err
+ }
+
+ // Pbdkf
+ if der != nil {
+ sec.KDFRounds = kdfRounds
+ }
+ if err := sec.Crypt(der); err != nil {
+ return nil, nil, err
+ }
+
+ // public key
+ pub := &Pub{PKAlg: pkAlg, KeyNum: sec.KeyNum}
+ copy(pub.Key[:], pubKey)
+
+ return pub, sec, nil
+}