// Package key implements signify key format package key import ( "bytes" "crypto/rand" "crypto/sha512" "encoding/binary" "errors" "golang.org/x/crypto/ed25519" ) // DefaultRounds of KDF const DefaultRounds = 42 var ( ErrInvalidPK = errors.New("unsupported format") ErrInvalidKDF = errors.New("unsupported KDF") ErrInvalidKey = errors.New("invalid key") ErrKeyNum = errors.New("verification failed: checked against wrong key") ErrInvalidSig = errors.New("signature verfication failed") ) var ( pkAlg = [2]byte{'E', 'd'} kdfAlg = [2]byte{'B', 'K'} ) // Deriver returns a derived key from passphrase type Deriver interface { Derive(salt []byte, rounds int, length int) ([]byte, error) } // Generate a new key pair func Generate(der Deriver) (*Pub, *Sec, error) { pubKey, secKey, err := ed25519.GenerateKey(rand.Reader) if err != nil { return nil, nil, err } // secret key sec := &Sec{PKAlg: pkAlg, KDFAlg: kdfAlg} copy(sec.Key[:], secKey) checkSum := sha512.Sum512(secKey) copy(sec.Checksum[:], checkSum[:len(sec.Checksum)]) if _, err := rand.Read(sec.Salt[:]); err != nil { return nil, nil, err } if _, err := rand.Read(sec.KeyNum[:]); err != nil { return nil, nil, err } // Pbdkf if der != nil { xor, err := der.Derive(sec.Salt[:], DefaultRounds, len(sec.Key)) if err != nil { return nil, nil, err } for i := range xor { sec.Key[i] ^= xor[i] } sec.KDFRounds = DefaultRounds } // public key pub := &Pub{PKAlg: pkAlg, KeyNum: sec.KeyNum} copy(pub.Key[:], pubKey) return pub, sec, nil } func unmarshal(data []byte, v interface{}) error { buf := bytes.NewReader(data) if err := binary.Read(buf, binary.BigEndian, v); err != nil { return err } return nil } func marshal(v interface{}) ([]byte, error) { buf := new(bytes.Buffer) if err := binary.Write(buf, binary.BigEndian, v); err != nil { return nil, err } return buf.Bytes(), nil }