aboutsummaryrefslogtreecommitdiff
path: root/keys.go
blob: 9ca7e7362d2d436cca245a0f841b274fd0070c95 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package main

import (
	"bytes"
	"crypto/rand"
	"crypto/sha512"
	"encoding/binary"
	"errors"

	"dim13.org/signify/bhash"

	"golang.org/x/crypto/ed25519"
)

const DefaultRounds = 42

var (
	ErrInvalidKDF = errors.New("unsupported KDF")
	ErrPassphrase = errors.New("incorrect passphrase")
	ErrKeyNum     = errors.New("verification failed: checked against wrong key")
)

var (
	PKAlg  = [2]byte{'E', 'd'}
	KDFAlg = [2]byte{'B', 'K'}
)

type Sig struct {
	PKAlg  [2]byte
	KeyNum [8]byte
	Sig    [ed25519.SignatureSize]byte
}

type PubKey struct {
	PKAlg  [2]byte
	KeyNum [8]byte
	PubKey [ed25519.PublicKeySize]byte
}

type EncKey struct {
	PKAlg     [2]byte
	KDFAlg    [2]byte
	KDFRounds uint32
	Salt      [16]byte
	Checksum  [8]byte
	KeyNum    [8]byte
	SecKey    [ed25519.PrivateKeySize]byte
}

func (v *Sig) IsValid() bool {
	return v.PKAlg == PKAlg
}

func (v *PubKey) IsValid() bool {
	return v.PKAlg == PKAlg
}

func (v *PubKey) Verify(message []byte, sig *Sig) bool {
	if v.PKAlg != sig.PKAlg || v.KeyNum != sig.KeyNum {
		return false
	}
	return ed25519.Verify(ed25519.PublicKey(v.PubKey[:]), message, sig.Sig[:])
}

func (v *EncKey) Sign(message []byte) *Sig {
	sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum}
	copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.SecKey[:]), message))
	return sig
}

func (v *EncKey) IsValid() bool {
	if v.PKAlg != PKAlg || v.KDFAlg != KDFAlg {
		return false
	}
	sum := sha512.Sum512(v.SecKey[:])
	return bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:])
}

func (e *EncKey) Kdf(pass string, rounds int) {
	if rounds == 0 {
		return
	}
	xorkey := bhash.Pbkdf([]byte(pass), e.Salt[:], rounds, len(e.SecKey))
	for i := range xorkey {
		e.SecKey[i] ^= xorkey[i]
	}
	e.KDFRounds = uint32(rounds)
}

func Unmarshal(b []byte, v interface{}) error {
	buf := bytes.NewReader(b)
	if err := binary.Read(buf, binary.BigEndian, v); err != nil {
		return err
	}
	return nil
}

func Marshal(v interface{}) ([]byte, error) {
	buf := new(bytes.Buffer)
	if err := binary.Write(buf, binary.BigEndian, v); err != nil {
		return nil, err
	}
	return buf.Bytes(), nil
}

func NewKey() (PubKey, EncKey, error) {
	pub, sec, err := ed25519.GenerateKey(rand.Reader)
	if err != nil {
		return PubKey{}, EncKey{}, err
	}

	pubKey := PubKey{PKAlg: PKAlg}
	encKey := EncKey{PKAlg: PKAlg, KDFAlg: KDFAlg}

	copy(pubKey.PubKey[:], pub)
	copy(encKey.SecKey[:], sec)

	checkSum := sha512.Sum512(sec)
	copy(encKey.Checksum[:], checkSum[:len(encKey.Checksum)])

	rand.Read(encKey.Salt[:])
	rand.Read(encKey.KeyNum[:])
	pubKey.KeyNum = encKey.KeyNum

	return pubKey, encKey, nil
}