-
-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathv2_keys.go
195 lines (160 loc) · 6.19 KB
/
v2_keys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
package paseto
import (
"crypto/ed25519"
"encoding/hex"
"aidanwoods.dev/go-paseto/v2/internal/encoding"
"aidanwoods.dev/go-paseto/v2/internal/random"
t "aidanwoods.dev/go-result"
)
// V2AsymmetricPublicKey V2 public public key
type V2AsymmetricPublicKey struct {
material ed25519.PublicKey
}
// NewV2AsymmetricPublicKeyFromHex Construct a v2 public key from hex
func NewV2AsymmetricPublicKeyFromHex(hexEncoded string) (V2AsymmetricPublicKey, error) {
var publicKey []byte
if err := encoding.HexDecode(hexEncoded).Ok(&publicKey); err != nil {
// even though we return error, return a random key here rather than
// a nil key
return NewV2AsymmetricSecretKey().Public(), err
}
return NewV2AsymmetricPublicKeyFromBytes(publicKey)
}
// NewV2AsymmetricPublicKeyFromBytes Construct a v2 public key from bytes
func NewV2AsymmetricPublicKeyFromBytes(publicKey []byte) (V2AsymmetricPublicKey, error) {
if len(publicKey) != 32 {
// even though we return error, return a random key here rather than
// a nil key
return NewV2AsymmetricSecretKey().Public(), errorKeyLength(32, len(publicKey))
}
return V2AsymmetricPublicKey{publicKey}, nil
}
// NewV2AsymmetricPublicKeyFromEd25519 Construct a v2 public key from a standard Go object
func NewV2AsymmetricPublicKeyFromEd25519(publicKey ed25519.PublicKey) (V2AsymmetricPublicKey, error) {
return NewV2AsymmetricPublicKeyFromBytes([]byte(publicKey))
}
// ExportHex export a V2AsymmetricPublicKey to hex for storage
func (k V2AsymmetricPublicKey) ExportHex() string {
return encoding.HexEncode(k.ExportBytes())
}
// ExportBytes export a V2AsymmetricPublicKey to raw byte array
func (k V2AsymmetricPublicKey) ExportBytes() []byte {
return k.material
}
// V2AsymmetricSecretKey V2 public private key
type V2AsymmetricSecretKey struct {
material ed25519.PrivateKey
}
// Public returns the corresponding public key for a secret key
func (k V2AsymmetricSecretKey) Public() V2AsymmetricPublicKey {
return V2AsymmetricPublicKey{
material: t.Cast[ed25519.PublicKey](k.material.Public()).
Expect("wrong public key returned"),
}
}
// ExportHex export a V2AsymmetricSecretKey to hex for storage
func (k V2AsymmetricSecretKey) ExportHex() string {
return encoding.HexEncode(k.ExportBytes())
}
// ExportBytes export a V2AsymmetricSecretKey to raw byte array
func (k V2AsymmetricSecretKey) ExportBytes() []byte {
return k.material
}
// ExportSeedHex export a V2AsymmetricSecretKey's seed to hex for storage
func (k V2AsymmetricSecretKey) ExportSeedHex() string {
return encoding.HexEncode(k.material.Seed())
}
// NewV2AsymmetricSecretKey generate a new secret key for use with asymmetric
// cryptography. Don't forget to export the public key for sharing, DO NOT share
// this secret key.
func NewV2AsymmetricSecretKey() V2AsymmetricSecretKey {
return V2AsymmetricSecretKey{
material: t.NewTupleResult(ed25519.GenerateKey(nil)).
Expect("CSPRNG should not fail").
Second,
}
}
// NewV2AsymmetricSecretKeyFromHex creates a secret key from hex
func NewV2AsymmetricSecretKeyFromHex(hexEncoded string) (V2AsymmetricSecretKey, error) {
var privateKey []byte
if err := encoding.HexDecode(hexEncoded).Ok(&privateKey); err != nil {
// even though we return error, return a random key here rather than
// a nil key
return NewV2AsymmetricSecretKey(), err
}
return NewV2AsymmetricSecretKeyFromBytes(privateKey)
}
// NewV2AsymmetricSecretKeyFromBytes creates a secret key from bytes
func NewV2AsymmetricSecretKeyFromBytes(privateKey []byte) (V2AsymmetricSecretKey, error) {
if len(privateKey) != 64 {
// even though we return error, return a random key here rather than
// a nil key
return NewV2AsymmetricSecretKey(), errorKeyLength(64, len(privateKey))
}
if isEd25519KeyPairMalformed(privateKey) {
// even though we return error, return a random key here rather than
// a nil key
// This should catch poorly formed private keys (ones that do not embed
// a public key which corresponds to their private portion)
return NewV2AsymmetricSecretKey(), errorKeyInvalid
}
return V2AsymmetricSecretKey{privateKey}, nil
}
// NewV2AsymmetricSecretKeyFromEd25519 creates a secret key from a standard Go object
func NewV2AsymmetricSecretKeyFromEd25519(privateKey ed25519.PrivateKey) (V2AsymmetricSecretKey, error) {
return NewV2AsymmetricSecretKeyFromBytes([]byte(privateKey))
}
// NewV2AsymmetricSecretKeyFromSeed creates a secret key from a seed (hex)
func NewV2AsymmetricSecretKeyFromSeed(hexEncoded string) (V2AsymmetricSecretKey, error) {
var seedBytes []byte
if err := encoding.HexDecode(hexEncoded).Ok(&seedBytes); err != nil {
// even though we return error, return a random key here rather than
// a nil key
return NewV2AsymmetricSecretKey(), err
}
if len(seedBytes) != 32 {
// even though we return error, return a random key here rather than
// a nil key
return NewV2AsymmetricSecretKey(), errorSeedLength(32, len(seedBytes))
}
return V2AsymmetricSecretKey{ed25519.NewKeyFromSeed(seedBytes)}, nil
}
// V2SymmetricKey v2 local symmetric key
type V2SymmetricKey struct {
material [32]byte
}
// NewV2SymmetricKey generates a new symmetric key for encryption
func NewV2SymmetricKey() V2SymmetricKey {
var material [32]byte
random.FillBytes(material[:])
return V2SymmetricKey{material}
}
// ExportHex exports the key as hex for storage
func (k V2SymmetricKey) ExportHex() string {
return hex.EncodeToString(k.ExportBytes())
}
// ExportBytes exports the key as raw bytes
func (k V2SymmetricKey) ExportBytes() []byte {
return k.material[:]
}
// V2SymmetricKeyFromHex constructs a key from hex
func V2SymmetricKeyFromHex(hexEncoded string) (V2SymmetricKey, error) {
var bytes []byte
if err := encoding.HexDecode(hexEncoded).Ok(&bytes); err != nil {
// even though we return error, return a random key here rather than
// a nil key
return NewV2SymmetricKey(), err
}
return V2SymmetricKeyFromBytes(bytes)
}
// V2SymmetricKeyFromBytes constructs a key from bytes
func V2SymmetricKeyFromBytes(bytes []byte) (V2SymmetricKey, error) {
if len(bytes) != 32 {
// even though we return error, return a random key here rather than
// a nil key
return NewV2SymmetricKey(), errorKeyLength(32, len(bytes))
}
var material [32]byte
copy(material[:], bytes)
return V2SymmetricKey{material}, nil
}