-
Notifications
You must be signed in to change notification settings - Fork 85
/
csprng.go
112 lines (86 loc) · 2.18 KB
/
csprng.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package gokey
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"crypto/sha256"
"io"
"golang.org/x/crypto/hkdf"
"golang.org/x/crypto/pbkdf2"
)
const (
keySeedLength = 256
)
type devZero struct{}
func (dz devZero) Read(p []byte) (n int, err error) {
for i, _ := range p {
p[i] = 0
}
return len(p), nil
}
func passKey(password, realm string) []byte {
return pbkdf2.Key([]byte(password), []byte(realm), 4096, 32, sha256.New)
}
func NewDRNG(password, realm string) io.Reader {
block, _ := aes.NewCipher(passKey(password, realm))
stream := cipher.NewCTR(block, make([]byte, 16))
return cipher.StreamReader{S: stream, R: devZero{}}
}
func NewDRNGwithSeed(password, realm string, seed []byte) (io.Reader, error) {
uSeed, err := unwrapSeed(password, seed)
if err != nil {
return nil, err
}
// will reuse some of the public seed info
salt := make([]byte, 12+16)
copy(salt[:12], uSeed[:12])
copy(salt[12:], uSeed[len(uSeed)-16:])
hkdf := hkdf.New(sha256.New, uSeed, salt, []byte(realm))
rngSeed := make([]byte, 32)
_, err = io.ReadFull(hkdf, rngSeed)
if err != nil {
return nil, err
}
block, _ := aes.NewCipher(rngSeed)
stream := cipher.NewCTR(block, make([]byte, 16))
return cipher.StreamReader{S: stream, R: devZero{}}, nil
}
func GenerateEncryptedKeySeed(password string) ([]byte, error) {
seed := make([]byte, keySeedLength)
_, err := rand.Read(seed)
if err != nil {
return nil, err
}
masterkey := passKey(password, string(seed[:12]))
aes, err := aes.NewCipher(masterkey)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(aes)
if err != nil {
return nil, err
}
pt := seed[12 : len(seed)-16]
// encrypt in place
gcm.Seal(pt[:0], seed[:12], pt, nil)
return seed, nil
}
func unwrapSeed(password string, seed []byte) ([]byte, error) {
masterkey := passKey(password, string(seed[:12]))
aes, err := aes.NewCipher(masterkey)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(aes)
if err != nil {
return nil, err
}
pt := make([]byte, len(seed))
_, err = gcm.Open(pt[12:], seed[:12], seed[12:], nil)
if err != nil {
return nil, err
}
copy(pt[:12], seed[:12])
copy(pt[len(pt)-16:], seed[len(seed)-16:])
return pt, nil
}