From 5af207437fd8f84c51c48ca8bfdf626f9e720ec5 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Tue, 2 May 2017 10:04:54 +0200 Subject: Rename key package --- signify/keys.go | 148 ---------------------------------------- signify/keys_test.go | 69 ------------------- signify/testdata/dim13.pub | 2 - signify/testdata/dim13.sec | 2 - signify/testdata/isc.txt.gz | Bin 501 -> 0 bytes signify/testdata/isc.txt.gz.sig | Bin 775 -> 0 bytes signify/testdata/kdf.pub | 2 - signify/testdata/kdf.sec | 2 - signify/testdata/kdf.txt | 1 - signify/testdata/key.pub | 2 - signify/testdata/key.sec | 2 - signify/testdata/key.txt | 1 - signify/testdata/key.txt.sig | 3 - signify/testdata/test | 1 - signify/testdata/test.sig | 3 - 15 files changed, 238 deletions(-) delete mode 100644 signify/keys.go delete mode 100644 signify/keys_test.go delete mode 100644 signify/testdata/dim13.pub delete mode 100644 signify/testdata/dim13.sec delete mode 100644 signify/testdata/isc.txt.gz delete mode 100644 signify/testdata/isc.txt.gz.sig delete mode 100644 signify/testdata/kdf.pub delete mode 100644 signify/testdata/kdf.sec delete mode 100644 signify/testdata/kdf.txt delete mode 100644 signify/testdata/key.pub delete mode 100644 signify/testdata/key.sec delete mode 100644 signify/testdata/key.txt delete mode 100644 signify/testdata/key.txt.sig delete mode 100644 signify/testdata/test delete mode 100644 signify/testdata/test.sig (limited to 'signify') diff --git a/signify/keys.go b/signify/keys.go deleted file mode 100644 index 07521ea..0000000 --- a/signify/keys.go +++ /dev/null @@ -1,148 +0,0 @@ -package signify - -import ( - "bytes" - "crypto/rand" - "crypto/sha512" - "encoding/binary" - "errors" - - "dim13.org/signify/bhash" - - "golang.org/x/crypto/ed25519" -) - -const DefaultRounds = 42 - -var ( - ErrInvalidPK = errors.New("unsupported format") - ErrInvalidKDF = errors.New("unsupported KDF") - ErrPassphrase = errors.New("incorrect passphrase") - ErrInvalidKey = errors.New("invalid key") - ErrKeyNum = errors.New("verification failed: checked against wrong key") - ErrInvalidSig = errors.New("signature verfication failed") -) - -var ( - pkAlg = [2]byte{'E', 'd'} - kdfAlg = [2]byte{'B', 'K'} -) - -type Sig struct { - PKAlg [2]byte - KeyNum [8]byte - Sig [ed25519.SignatureSize]byte -} - -type Pub struct { - PKAlg [2]byte - KeyNum [8]byte - Key [ed25519.PublicKeySize]byte -} - -type Enc struct { - PKAlg [2]byte - KDFAlg [2]byte - KDFRounds uint32 - Salt [16]byte - Checksum [8]byte - KeyNum [8]byte - Key [ed25519.PrivateKeySize]byte -} - -func (v *Sig) Check() error { - if v.PKAlg != pkAlg { - return ErrInvalidPK - } - return nil -} - -func (v *Pub) Check() error { - if v.PKAlg != pkAlg { - return ErrInvalidPK - } - return nil -} - -func (v *Pub) Verify(message []byte, sig *Sig) error { - if v.KeyNum != sig.KeyNum { - return ErrKeyNum - } - if !ed25519.Verify(ed25519.PublicKey(v.Key[:]), message, sig.Sig[:]) { - return ErrInvalidSig - } - return nil -} - -func (v *Enc) Sign(message []byte) *Sig { - sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum} - copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message)) - return sig -} - -func (v *Enc) Check() error { - if v.PKAlg != pkAlg { - return ErrInvalidPK - } - if v.KDFAlg != kdfAlg { - return ErrInvalidKDF - } - sum := sha512.Sum512(v.Key[:]) - if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) { - return ErrInvalidKey - } - return nil -} - -func (e *Enc) Kdf(ask func() (string, error)) error { - if e.KDFRounds == 0 { - return nil - } - pass, err := ask() - if err != nil { - return err - } - xor := bhash.Pbkdf([]byte(pass), e.Salt[:], int(e.KDFRounds), len(e.Key)) - for i := range xor { - e.Key[i] ^= xor[i] - } - return e.Check() -} - -func Unmarshal(b []byte, v interface{}) error { - buf := bytes.NewReader(b) - if err := binary.Read(buf, binary.BigEndian, v); err != nil { - return err - } - return nil -} - -func Marshal(v interface{}) ([]byte, error) { - buf := new(bytes.Buffer) - if err := binary.Write(buf, binary.BigEndian, v); err != nil { - return nil, err - } - return buf.Bytes(), nil -} - -func NewKey() (Pub, Enc, error) { - pub, sec, err := ed25519.GenerateKey(rand.Reader) - if err != nil { - return Pub{}, Enc{}, err - } - - pubKey := Pub{PKAlg: pkAlg} - encKey := Enc{PKAlg: pkAlg, KDFAlg: kdfAlg, KDFRounds: DefaultRounds} - - copy(pubKey.Key[:], pub) - copy(encKey.Key[:], sec) - - checkSum := sha512.Sum512(sec) - copy(encKey.Checksum[:], checkSum[:len(encKey.Checksum)]) - - rand.Read(encKey.Salt[:]) - rand.Read(encKey.KeyNum[:]) - pubKey.KeyNum = encKey.KeyNum - - return pubKey, encKey, nil -} diff --git a/signify/keys_test.go b/signify/keys_test.go deleted file mode 100644 index 70ebb2d..0000000 --- a/signify/keys_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package signify - -import ( - "bytes" - "encoding/base64" - "testing" -) - -func decode(s string) ([]byte, error) { - return base64.StdEncoding.DecodeString(s) -} - -func TestUnmarshalSig(t *testing.T) { - raw, err := decode("RWRbOC0bBf7abaGwGtq45KLDK63tgcF7CO4qTZSlTKCSbZTYlDfFm/DISQ60u+/jEzrk22suvXXAEsxQTe2xUOfV90get1YRGQo=") - if err != nil { - t.Fatal(err) - } - v := new(Sig) - Unmarshal(raw, v) - out, _ := Marshal(v) - if !bytes.Equal(raw, out) { - t.Errorf("want %v, got %v", raw, out) - } -} - -func TestUnmarshalPub(t *testing.T) { - raw, err := decode("RWRbOC0bBf7abfanaXuTYfCa6+YO69Kxyz8RD5nL/3Ta7umY6iOwnBrG") - if err != nil { - t.Fatal(err) - } - v := new(Pub) - Unmarshal(raw, v) - out, _ := Marshal(v) - if !bytes.Equal(raw, out) { - t.Errorf("want %v, got %v", raw, out) - } -} - -func TestUnmarshalEnc(t *testing.T) { - raw, err := decode("RWRCSwAAAACzJBN2gC5//jVvDiV76rs4m2aKXkljqDpbOC0bBf7abZhV/Zygr6b0KIbSI56JQutwzsQeouxnnHuVTZp3IW4M9qdpe5Nh8Jrr5g7r0rHLPxEPmcv/dNru6ZjqI7CcGsY=") - if err != nil { - t.Fatal(err) - } - v := new(Enc) - Unmarshal(raw, v) - out, _ := Marshal(v) - if !bytes.Equal(raw, out) { - t.Errorf("want %v, got %v", raw, out) - } - if err := v.Kdf(func() (string, error) { return "", nil }); err != nil { - t.Error(err) - } -} - -func TestUnmarshalEncKDF(t *testing.T) { - raw, err := decode("RWRCSwAAACoXv4r2lp3RYYLEWZRsY+1Z+1mJtEScNBaKdOKcMdhUHrztnf8a4sUNGY19MoV3wX2cyW2Mn1MduKxi9s3Se070TGF0IZG/hH4SKiNUYi+yi1mandWAwmhY3ahIHApigTk=") - if err != nil { - t.Fatal(err) - } - v := new(Enc) - Unmarshal(raw, v) - out, _ := Marshal(v) - if !bytes.Equal(raw, out) { - t.Errorf("want %v, got %v", raw, out) - } - if err := v.Kdf(func() (string, error) { return "test", nil }); err != nil { - t.Error(err) - } -} diff --git a/signify/testdata/dim13.pub b/signify/testdata/dim13.pub deleted file mode 100644 index 0efc253..0000000 --- a/signify/testdata/dim13.pub +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: dim13.org public key -RWRbOC0bBf7abfanaXuTYfCa6+YO69Kxyz8RD5nL/3Ta7umY6iOwnBrG diff --git a/signify/testdata/dim13.sec b/signify/testdata/dim13.sec deleted file mode 100644 index 51e0d28..0000000 --- a/signify/testdata/dim13.sec +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: dim13.org secret key -RWRCSwAAAACzJBN2gC5//jVvDiV76rs4m2aKXkljqDpbOC0bBf7abZhV/Zygr6b0KIbSI56JQutwzsQeouxnnHuVTZp3IW4M9qdpe5Nh8Jrr5g7r0rHLPxEPmcv/dNru6ZjqI7CcGsY= diff --git a/signify/testdata/isc.txt.gz b/signify/testdata/isc.txt.gz deleted file mode 100644 index 9800c17..0000000 Binary files a/signify/testdata/isc.txt.gz and /dev/null differ diff --git a/signify/testdata/isc.txt.gz.sig b/signify/testdata/isc.txt.gz.sig deleted file mode 100644 index 0b2ab0e..0000000 Binary files a/signify/testdata/isc.txt.gz.sig and /dev/null differ diff --git a/signify/testdata/kdf.pub b/signify/testdata/kdf.pub deleted file mode 100644 index abc3893..0000000 --- a/signify/testdata/kdf.pub +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: signify public key -RWSKdOKcMdhUHtD9TWgPRZnRRTwl2WTeRpEZLCjtf4TTS24EfqT7uoPz diff --git a/signify/testdata/kdf.sec b/signify/testdata/kdf.sec deleted file mode 100644 index b69b5e8..0000000 --- a/signify/testdata/kdf.sec +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: signify secret key -RWRCSwAAACoXv4r2lp3RYYLEWZRsY+1Z+1mJtEScNBaKdOKcMdhUHrztnf8a4sUNGY19MoV3wX2cyW2Mn1MduKxi9s3Se070TGF0IZG/hH4SKiNUYi+yi1mandWAwmhY3ahIHApigTk= diff --git a/signify/testdata/kdf.txt b/signify/testdata/kdf.txt deleted file mode 100644 index 9daeafb..0000000 --- a/signify/testdata/kdf.txt +++ /dev/null @@ -1 +0,0 @@ -test diff --git a/signify/testdata/key.pub b/signify/testdata/key.pub deleted file mode 100644 index 07f9107..0000000 --- a/signify/testdata/key.pub +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: signify public key -RWTkgMtoLot+Y1KOfKO8Q4JMnmMp40AwMqkSU++oUOVVloMtv/Y0tDbe diff --git a/signify/testdata/key.sec b/signify/testdata/key.sec deleted file mode 100644 index 32abaed..0000000 --- a/signify/testdata/key.sec +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: signify secret key -RWRCSwAAACpjn/Y5du0k4LT23ConAYrBM6A/ML4cEQrkgMtoLot+YyzUwyr5f1hUz8W0pkzPx+wZz51Z2oyM6gf/PaG7KPzyO/6VC0l29ZzLUfQGVoOGGKZxuPA6k8iMHvqONFGQ7hA= diff --git a/signify/testdata/key.txt b/signify/testdata/key.txt deleted file mode 100644 index 1a4db74..0000000 --- a/signify/testdata/key.txt +++ /dev/null @@ -1 +0,0 @@ -Password: test diff --git a/signify/testdata/key.txt.sig b/signify/testdata/key.txt.sig deleted file mode 100644 index c8326bd..0000000 --- a/signify/testdata/key.txt.sig +++ /dev/null @@ -1,3 +0,0 @@ -untrusted comment: verify with key.pub -RWTkgMtoLot+Y4mRk5LYyq04fwaGaMeFxbvyZLEA+xxv0TmHQzpmirMxTgSp9D9jT+rtW2d1X9VKK3mBoIKZNMatkdBsU1gKCgc= -Password: test diff --git a/signify/testdata/test b/signify/testdata/test deleted file mode 100644 index 557db03..0000000 --- a/signify/testdata/test +++ /dev/null @@ -1 +0,0 @@ -Hello World diff --git a/signify/testdata/test.sig b/signify/testdata/test.sig deleted file mode 100644 index 1a1bdf0..0000000 --- a/signify/testdata/test.sig +++ /dev/null @@ -1,3 +0,0 @@ -untrusted comment: verify with dim13.pub -RWRbOC0bBf7abaGwGtq45KLDK63tgcF7CO4qTZSlTKCSbZTYlDfFm/DISQ60u+/jEzrk22suvXXAEsxQTe2xUOfV90get1YRGQo= -Hello World -- cgit v1.2.3