aboutsummaryrefslogtreecommitdiff
path: root/key/sec.go
diff options
context:
space:
mode:
Diffstat (limited to 'key/sec.go')
-rw-r--r--key/sec.go68
1 files changed, 68 insertions, 0 deletions
diff --git a/key/sec.go b/key/sec.go
new file mode 100644
index 0000000..b5ddc63
--- /dev/null
+++ b/key/sec.go
@@ -0,0 +1,68 @@
+package key
+
+import (
+ "bytes"
+ "crypto/sha512"
+
+ "golang.org/x/crypto/ed25519"
+)
+
+type Sec struct {
+ PKAlg [2]byte
+ KDFAlg [2]byte
+ KDFRounds uint32
+ Salt [16]byte
+ Checksum [8]byte
+ KeyNum [8]byte
+ Key [ed25519.PrivateKeySize]byte
+}
+
+// Sign message
+func (v *Sec) Sign(message []byte) *Sig {
+ sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum}
+ copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message))
+ return sig
+}
+
+func (v *Sec) Validate() error {
+ if v.PKAlg != pkAlg {
+ return ErrInvalidPK
+ }
+ if v.KDFAlg != kdfAlg {
+ return ErrInvalidKDF
+ }
+ sum := sha512.Sum512(v.Key[:])
+ if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) {
+ return ErrInvalidKey
+ }
+ return nil
+}
+
+func (v *Sec) MarshalBinary() ([]byte, error) { return marshal(v) }
+func (v *Sec) UnmarshalBinary(data []byte) error { return unmarshal(data, v) }
+
+// Public key of secret key
+func (v *Sec) Public() *Pub {
+ key := ed25519.PrivateKey(v.Key[:]).Public().(ed25519.PublicKey)
+ pub := &Pub{PKAlg: pkAlg, KeyNum: v.KeyNum}
+ copy(pub.Key[:], key)
+ return pub
+}
+
+// NewSec returns a parsed and decoded secret key
+func NewSec(data []byte, der Deriver) (*Sec, error) {
+ sec := new(Sec)
+ if err := sec.UnmarshalBinary(data); err != nil {
+ return nil, err
+ }
+ if der != nil && sec.KDFRounds > 0 {
+ xor, err := der.Derive(sec.Salt[:], int(sec.KDFRounds), len(sec.Key))
+ if err != nil {
+ return nil, err
+ }
+ for i := range xor {
+ sec.Key[i] ^= xor[i]
+ }
+ }
+ return sec, sec.Validate()
+}