package key import ( "bytes" "crypto/rand" "crypto/sha512" "encoding/binary" "errors" "golang.org/x/crypto/ed25519" ) const DefaultRounds = 42 var ( ErrInvalidPK = errors.New("unsupported format") ErrInvalidKDF = errors.New("unsupported KDF") ErrPassphrase = errors.New("incorrect passphrase") ErrInvalidKey = errors.New("invalid key") ErrKeyNum = errors.New("verification failed: checked against wrong key") ErrInvalidSig = errors.New("signature verfication failed") ) var ( pkAlg = [2]byte{'E', 'd'} kdfAlg = [2]byte{'B', 'K'} ) type Sig struct { PKAlg [2]byte KeyNum [8]byte Sig [ed25519.SignatureSize]byte } type Pub struct { PKAlg [2]byte KeyNum [8]byte Key [ed25519.PublicKeySize]byte } type Enc struct { PKAlg [2]byte KDFAlg [2]byte KDFRounds uint32 Salt [16]byte Checksum [8]byte KeyNum [8]byte Key [ed25519.PrivateKeySize]byte } func (v *Sig) Check() error { if v.PKAlg != pkAlg { return ErrInvalidPK } return nil } func (v *Pub) Check() error { if v.PKAlg != pkAlg { return ErrInvalidPK } return nil } func (v *Pub) Verify(message []byte, sig *Sig) error { if v.KeyNum != sig.KeyNum { return ErrKeyNum } if !ed25519.Verify(ed25519.PublicKey(v.Key[:]), message, sig.Sig[:]) { return ErrInvalidSig } return nil } func (v *Enc) Sign(message []byte) *Sig { sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum} copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message)) return sig } func (v *Enc) Check() error { if v.PKAlg != pkAlg { return ErrInvalidPK } if v.KDFAlg != kdfAlg { return ErrInvalidKDF } sum := sha512.Sum512(v.Key[:]) if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) { return ErrInvalidKey } return nil } func Unmarshal(data []byte, v interface{}) error { buf := bytes.NewReader(data) if err := binary.Read(buf, binary.BigEndian, v); err != nil { return err } return nil } func Marshal(v interface{}) ([]byte, error) { buf := new(bytes.Buffer) if err := binary.Write(buf, binary.BigEndian, v); err != nil { return nil, err } return buf.Bytes(), nil } func NewKey() (*Pub, *Enc, error) { pub, sec, err := ed25519.GenerateKey(rand.Reader) if err != nil { return nil, nil, err } pubKey := &Pub{PKAlg: pkAlg} encKey := &Enc{PKAlg: pkAlg, KDFAlg: kdfAlg, KDFRounds: DefaultRounds} copy(pubKey.Key[:], pub) copy(encKey.Key[:], sec) checkSum := sha512.Sum512(sec) copy(encKey.Checksum[:], checkSum[:len(encKey.Checksum)]) rand.Read(encKey.Salt[:]) rand.Read(encKey.KeyNum[:]) pubKey.KeyNum = encKey.KeyNum return pubKey, encKey, nil }