-
Notifications
You must be signed in to change notification settings - Fork 0
/
keys.go
110 lines (96 loc) · 2.94 KB
/
keys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package ecc
import (
"crypto/rand"
"fmt"
"dev.shib.me/xipher/internal/xcp"
"golang.org/x/crypto/curve25519"
)
// KeyLength is the length of the ECC key.
const KeyLength = curve25519.ScalarSize
var errInvalidKeyLength = fmt.Errorf("%s: invalid key lengths [please use %d bytes]", "xipher", KeyLength)
// PrivateKey represents a private key.
type PrivateKey struct {
key *[]byte
publicKey *PublicKey
}
// PublicKey represents a public key.
type PublicKey struct {
key *[]byte
encrypter *encrypter
}
type encrypter struct {
ephPubKey []byte
cipher *xcp.SymmetricCipher
}
// Bytes returns the bytes of the private key.
func (privateKey *PrivateKey) Bytes() []byte {
return *privateKey.key
}
// NewPrivateKey generates a new random private key.
func NewPrivateKey() (*PrivateKey, error) {
key := make([]byte, KeyLength)
if _, err := rand.Read(key); err != nil {
return nil, fmt.Errorf("%s: failed to generate private key: %w", "xipher", err)
}
return ParsePrivateKey(key)
}
// ParsePrivateKey returns the instance private key for given bytes. Please use exactly 32 bytes.
func ParsePrivateKey(key []byte) (*PrivateKey, error) {
if len(key) != KeyLength {
return nil, errInvalidKeyLength
}
return &PrivateKey{
key: &key,
}, nil
}
// PublicKey returns the public key corresponding to the private key. The public key is derived from the private key.
func (privateKey *PrivateKey) PublicKey() (*PublicKey, error) {
if privateKey.publicKey == nil {
key, err := curve25519.X25519(*privateKey.key, curve25519.Basepoint)
if err != nil {
return nil, fmt.Errorf("%s: failed to generate public key: %w", "xipher", err)
}
privateKey.publicKey = &PublicKey{
key: &key,
}
}
return privateKey.publicKey, nil
}
// ParsePublicKey returns the instance of public key for given bytes. Please use exactly 32 bytes.
func ParsePublicKey(key []byte) (*PublicKey, error) {
if len(key) != KeyLength {
return nil, errInvalidKeyLength
}
return &PublicKey{
key: &key,
}, nil
}
// Bytes returns the bytes of the public key.
func (publicKey *PublicKey) Bytes() []byte {
return *publicKey.key
}
func (publicKey *PublicKey) getEncrypter() (*encrypter, error) {
if publicKey.encrypter == nil {
ephPrivKey := make([]byte, KeyLength)
if _, err := rand.Read(ephPrivKey); err != nil {
return nil, fmt.Errorf("%s: encrypter failed to generate ephemeral private key: %w", "xipher", err)
}
ephPubKey, err := curve25519.X25519(ephPrivKey, curve25519.Basepoint)
if err != nil {
return nil, fmt.Errorf("%s: encrypter failed to generate ephemeral public key: %w", "xipher", err)
}
sharedKey, err := curve25519.X25519(ephPrivKey, *publicKey.key)
if err != nil {
return nil, fmt.Errorf("%s: encrypter failed to generate shared key: %w", "xipher", err)
}
cipher, err := xcp.New(sharedKey)
if err != nil {
return nil, err
}
publicKey.encrypter = &encrypter{
ephPubKey: ephPubKey,
cipher: cipher,
}
}
return publicKey.encrypter, nil
}