aboutsummaryrefslogtreecommitdiff
path: root/key/key.go
blob: c7581b81976619d577db19510f4b25cc518d293f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
package key

import (
	"bytes"
	"crypto/rand"
	"crypto/sha512"
	"encoding/binary"
	"errors"

	"golang.org/x/crypto/ed25519"
)

const DefaultRounds = 42

var (
	ErrInvalidPK  = errors.New("unsupported format")
	ErrInvalidKDF = errors.New("unsupported KDF")
	ErrPassphrase = errors.New("incorrect passphrase")
	ErrInvalidKey = errors.New("invalid key")
	ErrKeyNum     = errors.New("verification failed: checked against wrong key")
	ErrInvalidSig = errors.New("signature verfication failed")
)

var (
	pkAlg  = [2]byte{'E', 'd'}
	kdfAlg = [2]byte{'B', 'K'}
)

type Sig struct {
	PKAlg  [2]byte
	KeyNum [8]byte
	Sig    [ed25519.SignatureSize]byte
}

type Pub struct {
	PKAlg  [2]byte
	KeyNum [8]byte
	Key    [ed25519.PublicKeySize]byte
}

type Enc struct {
	PKAlg     [2]byte
	KDFAlg    [2]byte
	KDFRounds uint32
	Salt      [16]byte
	Checksum  [8]byte
	KeyNum    [8]byte
	Key       [ed25519.PrivateKeySize]byte
}

func (v *Sig) Check() error {
	if v.PKAlg != pkAlg {
		return ErrInvalidPK
	}
	return nil
}

func (v *Pub) Check() error {
	if v.PKAlg != pkAlg {
		return ErrInvalidPK
	}
	return nil
}

func (v *Pub) Verify(message []byte, sig *Sig) error {
	if v.KeyNum != sig.KeyNum {
		return ErrKeyNum
	}
	if !ed25519.Verify(ed25519.PublicKey(v.Key[:]), message, sig.Sig[:]) {
		return ErrInvalidSig
	}
	return nil
}

func (v *Enc) Sign(message []byte) *Sig {
	sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum}
	copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.Key[:]), message))
	return sig
}

func (v *Enc) Check() error {
	if v.PKAlg != pkAlg {
		return ErrInvalidPK
	}
	if v.KDFAlg != kdfAlg {
		return ErrInvalidKDF
	}
	sum := sha512.Sum512(v.Key[:])
	if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) {
		return ErrInvalidKey
	}
	return nil
}

func Unmarshal(b []byte, v interface{}) error {
	buf := bytes.NewReader(b)
	if err := binary.Read(buf, binary.BigEndian, v); err != nil {
		return err
	}
	return nil
}

func Marshal(v interface{}) ([]byte, error) {
	buf := new(bytes.Buffer)
	if err := binary.Write(buf, binary.BigEndian, v); err != nil {
		return nil, err
	}
	return buf.Bytes(), nil
}

func NewKey() (*Pub, *Enc, error) {
	pub, sec, err := ed25519.GenerateKey(rand.Reader)
	if err != nil {
		return nil, nil, err
	}

	pubKey := &Pub{PKAlg: pkAlg}
	encKey := &Enc{PKAlg: pkAlg, KDFAlg: kdfAlg, KDFRounds: DefaultRounds}

	copy(pubKey.Key[:], pub)
	copy(encKey.Key[:], sec)

	checkSum := sha512.Sum512(sec)
	copy(encKey.Checksum[:], checkSum[:len(encKey.Checksum)])

	rand.Read(encKey.Salt[:])
	rand.Read(encKey.KeyNum[:])
	pubKey.KeyNum = encKey.KeyNum

	return pubKey, encKey, nil
}