aboutsummaryrefslogtreecommitdiff
path: root/keys.go
blob: b489385ffb00bd44aa5954df6c06a189123cdb1c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package signify

import (
	"bytes"
	"crypto/rand"
	"crypto/sha512"
	"encoding/binary"
	"errors"

	"dim13.org/signify/bhash"

	"golang.org/x/crypto/ed25519"
)

const DefaultRounds = 42

var (
	ErrInvalidPK  = errors.New("unsupported format")
	ErrInvalidKDF = errors.New("unsupported KDF")
	ErrPassphrase = errors.New("incorrect passphrase")
	ErrInvalidKey = errors.New("invalid key")
	ErrKeyNum     = errors.New("verification failed: checked against wrong key")
	ErrInvalidSig = errors.New("signature verfication failed")
)

var (
	pkAlg  = [2]byte{'E', 'd'}
	kdfAlg = [2]byte{'B', 'K'}
)

type Sig struct {
	PKAlg  [2]byte
	KeyNum [8]byte
	Sig    [ed25519.SignatureSize]byte
}

type PubKey struct {
	PKAlg  [2]byte
	KeyNum [8]byte
	PubKey [ed25519.PublicKeySize]byte
}

type EncKey struct {
	PKAlg     [2]byte
	KDFAlg    [2]byte
	KDFRounds uint32
	Salt      [16]byte
	Checksum  [8]byte
	KeyNum    [8]byte
	SecKey    [ed25519.PrivateKeySize]byte
}

func (v *Sig) Check() error {
	if v.PKAlg != pkAlg {
		return ErrInvalidPK
	}
	return nil
}

func (v *PubKey) Check() error {
	if v.PKAlg != pkAlg {
		return ErrInvalidPK
	}
	return nil
}

func (v *PubKey) Verify(message []byte, sig *Sig) error {
	if v.KeyNum != sig.KeyNum {
		return ErrKeyNum
	}
	if !ed25519.Verify(ed25519.PublicKey(v.PubKey[:]), message, sig.Sig[:]) {
		return ErrInvalidSig
	}
	return nil
}

func (v *EncKey) Sign(message []byte) *Sig {
	sig := &Sig{PKAlg: v.PKAlg, KeyNum: v.KeyNum}
	copy(sig.Sig[:], ed25519.Sign(ed25519.PrivateKey(v.SecKey[:]), message))
	return sig
}

func (v *EncKey) Check() error {
	if v.PKAlg != pkAlg {
		return ErrInvalidPK
	}
	if v.KDFAlg != kdfAlg {
		return ErrInvalidKDF
	}
	sum := sha512.Sum512(v.SecKey[:])
	if !bytes.Equal(sum[:len(v.Checksum)], v.Checksum[:]) {
		return ErrInvalidKey
	}
	return nil
}

func (e *EncKey) Kdf(ask func() (string, error)) error {
	if e.KDFRounds == 0 {
		return nil
	}
	pass, err := ask()
	if err != nil {
		return err
	}
	xorkey := bhash.Pbkdf([]byte(pass), e.Salt[:], int(e.KDFRounds), len(e.SecKey))
	for i := range xorkey {
		e.SecKey[i] ^= xorkey[i]
	}
	return e.Check()
}

func Unmarshal(b []byte, v interface{}) error {
	buf := bytes.NewReader(b)
	if err := binary.Read(buf, binary.BigEndian, v); err != nil {
		return err
	}
	return nil
}

func Marshal(v interface{}) ([]byte, error) {
	buf := new(bytes.Buffer)
	if err := binary.Write(buf, binary.BigEndian, v); err != nil {
		return nil, err
	}
	return buf.Bytes(), nil
}

func NewKey() (PubKey, EncKey, error) {
	pub, sec, err := ed25519.GenerateKey(rand.Reader)
	if err != nil {
		return PubKey{}, EncKey{}, err
	}

	pubKey := PubKey{PKAlg: pkAlg}
	encKey := EncKey{PKAlg: pkAlg, KDFAlg: kdfAlg, KDFRounds: DefaultRounds}

	copy(pubKey.PubKey[:], pub)
	copy(encKey.SecKey[:], sec)

	checkSum := sha512.Sum512(sec)
	copy(encKey.Checksum[:], checkSum[:len(encKey.Checksum)])

	rand.Read(encKey.Salt[:])
	rand.Read(encKey.KeyNum[:])
	pubKey.KeyNum = encKey.KeyNum

	return pubKey, encKey, nil
}