-
-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathv2.go
89 lines (62 loc) · 2.56 KB
/
v2.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package paseto
import (
"crypto/ed25519"
"aidanwoods.dev/go-paseto/v2/internal/encoding"
"aidanwoods.dev/go-paseto/v2/internal/hashing"
"aidanwoods.dev/go-paseto/v2/internal/random"
t "aidanwoods.dev/go-result"
"golang.org/x/crypto/chacha20poly1305"
)
func v2PublicSign(packet TokenClaimsAndFooter, key V2AsymmetricSecretKey) message {
data, footer := packet.Claims, packet.Footer
header := []byte(V2Public.Header())
m2 := encoding.Pae(header, data, footer)
sig := ed25519.Sign(key.material, m2)
if len(sig) != 64 {
panic("Bad signature length")
}
var signature [64]byte
copy(signature[:], sig)
return newMessageFromPayloadAndFooter(v2PublicPayload{data, signature}, footer)
}
func v2PublicVerify(msg message, key V2AsymmetricPublicKey) t.Result[TokenClaimsAndFooter] {
payload, ok := msg.p.(v2PublicPayload)
if msg.header() != V2Public.Header() || !ok {
return t.Err[TokenClaimsAndFooter](errorMessageHeaderVerify(V2Public, msg.header()))
}
header, footer := []byte(msg.header()), msg.footer
data := payload.message
m2 := encoding.Pae(header, data, footer)
if !ed25519.Verify(key.material, m2, payload.signature[:]) {
return t.Err[TokenClaimsAndFooter](errorBadSignature)
}
return t.Ok(TokenClaimsAndFooter{data, footer})
}
func v2LocalEncrypt(p TokenClaimsAndFooter, key V2SymmetricKey, unitTestNonce []byte) message {
var b [24]byte
random.UseProvidedOrFillBytes(unitTestNonce, b[:])
var nonce [24]byte
hashing.GenericHash(p.Claims, nonce[:], b[:])
cipher := t.NewResult(chacha20poly1305.NewX(key.material[:])).
Expect("constructing cipher should not fail")
header := []byte(V2Local.Header())
preAuth := encoding.Pae(header, nonce[:], p.Footer)
cipherText := cipher.Seal(nil, nonce[:], p.Claims, preAuth)
return newMessageFromPayloadAndFooter(v2LocalPayload{nonce, cipherText}, p.Footer)
}
func v2LocalDecrypt(msg message, key V2SymmetricKey) t.Result[TokenClaimsAndFooter] {
payload, ok := msg.p.(v2LocalPayload)
if msg.header() != V2Local.Header() || !ok {
return t.Err[TokenClaimsAndFooter](errorMessageHeaderDecrypt(V2Local, msg.header()))
}
nonce, cipherText := payload.nonce, payload.cipherText
header := []byte(msg.header())
preAuth := encoding.Pae(header, nonce[:], msg.footer)
cipher := t.NewResult(chacha20poly1305.NewX(key.material[:])).
Expect("constructing cipher should not fail")
var plaintext []byte
if err := t.NewResult(cipher.Open(nil, nonce[:], cipherText, preAuth)).Ok(&plaintext); err != nil {
return t.Err[TokenClaimsAndFooter](errorDecrypt(err))
}
return t.Ok(TokenClaimsAndFooter{plaintext, msg.footer})
}