-
Notifications
You must be signed in to change notification settings - Fork 25
/
ende25519.go
126 lines (108 loc) · 2.89 KB
/
ende25519.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package ende25519
import (
"crypto"
"crypto/sha256"
"github.com/pkg/errors"
"github.com/scryinfo/dot/lib/scrypto"
"github.com/scryinfo/dot/lib/scrypto/sx25519"
"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/hkdf"
"io"
)
type ende25519 struct{}
func EcdhDecoder25519() scrypto.AsymmetricDecoder {
return &ende25519{}
}
func EcdhEncoder25519() scrypto.AsymmetricEncoder {
return &ende25519{}
}
var (
salt []byte
hash = sha256.New
info = []byte("scry info")
nonce = make([]byte, chacha20poly1305.NonceSize)
ecdh = sx25519.X25519()
endeType = scrypto.EndeType_X25519
)
func init() {
scrypto.Encoders[scrypto.EndeType_X25519] = EcdhEncoder25519()
scrypto.Decoders[scrypto.EndeType_X25519] = EcdhDecoder25519()
}
func (c *ende25519) EcdhDecode(privateKey crypto.PrivateKey, _cipher *scrypto.EndeData) (plain scrypto.EndeData, err error) {
plain = *_cipher
if !plain.EnData {
return
}
if plain.EndeType != endeType {
err = errors.New("the ende type is not " + string(endeType))
return
}
var peersKey crypto.PublicKey = plain.PublicKey
plain.Body, err = c._ecdhDecode(privateKey, peersKey, plain.Body)
if err != nil {
return
}
plain.EnData = false //decode data
return
}
func (c *ende25519) EcdhEncode(privateKey crypto.PrivateKey, peersKey crypto.PublicKey, _plain *scrypto.EndeData) (cipher scrypto.EndeData, err error) {
cipher = *_plain
if cipher.EnData {
return cipher, nil
}
cipher.EndeType = endeType
publicKey, err := ecdh.PublicKey(privateKey)
if err != nil {
return
}
cipher.PublicKey, err = ecdh.PublicKeyToBytes(publicKey)
if err != nil {
return
}
cipher.Body, err = c._ecdhEncode(privateKey, peersKey, cipher.Body)
if err != nil {
return
}
cipher.EnData = true
return
}
// EcdhDecode
// privateKey sx25519, peersKey sx25519
//
func (c *ende25519) _ecdhDecode(privateKey crypto.PrivateKey, peersKey crypto.PublicKey, ciphertext []byte) (plaintext []byte, err error) {
key, err := ecdh.ComputeSecret(privateKey, peersKey)
if err != nil {
return
}
dk := hkdf.New(hash, key, salt, info)
wrappingKey := make([]byte, chacha20poly1305.KeySize)
if _, err = io.ReadFull(dk, wrappingKey); err != nil {
return
}
aead, err := chacha20poly1305.New(key)
if err != nil {
return
}
plaintext, err = aead.Open(nil, nonce, ciphertext, nil)
return
}
// EcdhEncode
// privateKey sx25519, peersKey sx25519
func (c *ende25519) _ecdhEncode(privateKey crypto.PrivateKey, peersKey crypto.PublicKey, plaintext []byte) (ciphertext []byte, err error) {
echg := sx25519.X25519()
key, err := echg.ComputeSecret(privateKey, peersKey)
if err != nil {
return
}
dk := hkdf.New(hash, key, salt, info)
wrappingKey := make([]byte, chacha20poly1305.KeySize)
if _, err = io.ReadFull(dk, wrappingKey); err != nil {
return
}
aead, err := chacha20poly1305.New(key)
if err != nil {
return
}
ciphertext = aead.Seal(nil, nonce, plaintext, nil)
return
}