-
Notifications
You must be signed in to change notification settings - Fork 53
/
mac.go
40 lines (35 loc) · 930 Bytes
/
mac.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
package b2mac
import (
"crypto/ed25519"
"crypto/subtle"
"errors"
"golang.org/x/crypto/blake2b"
"github.com/google/uuid"
)
// Computes a blake2b-512 MAC for the given tenant ID and message payload
// using the provided private key and random nonce.
// This function will only return an error if there is a problem with the
// private key.
func New512(id []byte, nonce uuid.UUID, payload []byte, key ed25519.PrivateKey) ([]byte, error) {
mac, err := blake2b.New512(key)
if err != nil {
return nil, err
}
mac.Write(id)
mac.Write(nonce[:])
mac.Write(payload)
return mac.Sum(nil), nil
}
func Verify(mac []byte, id []byte, nonce uuid.UUID, payload []byte, key ed25519.PrivateKey) error {
m, err := blake2b.New512(key)
if err != nil {
return err
}
m.Write(id)
m.Write(nonce[:])
m.Write(payload)
if subtle.ConstantTimeCompare(m.Sum(nil), mac) == 1 {
return nil
}
return errors.New("verification failed")
}