-
Notifications
You must be signed in to change notification settings - Fork 3
/
signet.go
318 lines (263 loc) · 7.37 KB
/
signet.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
package jess
import (
"crypto"
"errors"
"fmt"
"io"
"time"
"github.com/mr-tron/base58"
uuid "github.com/satori/go.uuid"
"github.com/safing/jess/tools"
"github.com/safing/structures/dsd"
)
// Special signet types.
const (
SignetSchemePassword = "pw"
SignetSchemeKey = "key"
)
// Signet describes a cryptographic key pair. Passwords and Keys may also be wrapped in a Signet for easier integration.
type Signet struct { //nolint:maligned // TODO
Version uint8
ID string
Scheme string
Key []byte
Public bool `json:",omitempty"` // key is the public part of a key pair
Protection *Envelope `json:",omitempty"` // key is a serialized letter
// Metadata about Signet
Info *SignetInfo `json:",omitempty"`
// Signature of Version, Scheme, Key, Public, Protected, Info
Signature *Letter `json:",omitempty"`
// cache
tool *tools.Tool
loadedPublicKey crypto.PublicKey
loadedPrivateKey crypto.PrivateKey
}
// SignetInfo holds human readable meta information about a signet.
type SignetInfo struct {
Name string
Owner string
Created time.Time
Expires time.Time
Details [][2]string
}
// NewSignetBase creates a new signet base without a key.
func NewSignetBase(tool *tools.Tool) *Signet {
return &Signet{
Version: 1,
Scheme: tool.Info.Name,
tool: tool,
}
}
// GenerateSignet returns a new signet with a freshly generated key.
func GenerateSignet(toolID string, securityLevel int) (*Signet, error) {
tool, err := tools.Get(toolID)
if err != nil {
return nil, err
}
// generate signet
signet := NewSignetBase(tool)
err = signet.GenerateKey()
if err != nil {
return nil, err
}
return signet, nil
}
// GenerateKey generates a new key. Will not operate if key is already present.
func (signet *Signet) GenerateKey() error {
// check if there already is a key
if len(signet.Key) > 0 ||
signet.loadedPrivateKey != nil ||
signet.loadedPublicKey != nil {
return errors.New("cannot generate key: key already present")
}
// load tool
err := signet.loadTool()
if err != nil {
return err
}
// check if tool support Signets
switch signet.tool.Info.Purpose {
case tools.PurposeKeyExchange,
tools.PurposeKeyEncapsulation,
tools.PurposeSigning:
// uses signets!
default:
return fmt.Errorf("tool %s does not use signets", signet.tool.Info.Name)
}
// generate key
return signet.tool.StaticLogic.GenerateKey(signet)
}
// GetStoredKey returns the stored key and whether it is public.
func (signet *Signet) GetStoredKey() (key []byte, public bool) {
return signet.Key, signet.Public
}
// SetStoredKey sets a new stored key and whether it is public.
func (signet *Signet) SetStoredKey(key []byte, public bool) {
signet.Key = key
signet.Public = public
}
// PublicKey returns the public key.
func (signet *Signet) PublicKey() crypto.PublicKey {
return signet.loadedPublicKey
}
// PrivateKey returns the private key or nil, if there is none.
func (signet *Signet) PrivateKey() crypto.PrivateKey {
return signet.loadedPrivateKey
}
// SetLoadedKeys sets the loaded public and private keys.
func (signet *Signet) SetLoadedKeys(pubKey crypto.PublicKey, privKey crypto.PrivateKey) {
signet.loadedPublicKey = pubKey
signet.loadedPrivateKey = privKey
}
// AsRecipient returns a public version of the Signet.
func (signet *Signet) AsRecipient() (*Signet, error) {
// Check special signet schemes.
switch signet.Scheme {
case SignetSchemeKey:
return nil, errors.New("keys cannot be a recipient")
case SignetSchemePassword:
return nil, errors.New("passwords cannot be a recipient")
}
// load so we can split keys
err := signet.LoadKey()
if err != nil {
return nil, err
}
return &Signet{
Version: signet.Version,
ID: signet.ID,
Scheme: signet.Scheme,
Key: nil, // do not copy serialized key
Public: true, // mark explicitly as public
Protection: nil, // remove protection
Info: signet.Info,
Signature: nil, // remove signature, as it would be invalid
tool: signet.tool,
loadedPublicKey: signet.loadedPublicKey,
loadedPrivateKey: nil, // remove private key
}, nil
}
// LoadKey loads the serialized key pair.
func (signet *Signet) LoadKey() error {
// check if already loaded
if signet.loadedPublicKey != nil {
return nil
}
// check if protected
if signet.Protection != nil {
return tools.ErrProtected
}
// load tool
err := signet.loadTool()
if err != nil {
return err
}
return signet.tool.StaticLogic.LoadKey(signet)
}
// Tool returns the tool of the signet.
func (signet *Signet) Tool() (*tools.Tool, error) {
// load tool
err := signet.loadTool()
if err != nil {
return nil, err
}
return signet.tool, nil
}
// loadTool gets and caches the tool for the signet.
func (signet *Signet) loadTool() error {
if signet.tool != nil {
return nil
}
tool, err := tools.Get(signet.Scheme)
if err != nil {
return err
}
signet.tool = tool
return nil
}
// StoreKey serializes the loaded key pair.
func (signet *Signet) StoreKey() error {
// check if already stored
if len(signet.Key) != 0 {
return nil
}
// load tool
err := signet.loadTool()
if err != nil {
return err
}
return signet.tool.StaticLogic.StoreKey(signet)
}
// Verify verifies the signature of the signet.
func (signet *Signet) Verify() error {
// TODO
return errors.New("signet verification not yet implemented")
}
// Burn destroys all the key material and renders the Signet unusable. This is currently ineffective, see known issues in the project's README.
func (signet *Signet) Burn() error {
// load tool
err := signet.loadTool()
if err != nil {
return err
}
return signet.tool.StaticLogic.BurnKey(signet)
}
// AssignUUID generates a (new) UUID for the Signet.
func (signet *Signet) AssignUUID() error {
// generate UUID v4
u := uuid.UUID{}
_, err := io.ReadFull(Random(), u[:])
if err != nil {
return err
}
u.SetVersion(uuid.V4)
u.SetVariant(uuid.VariantRFC4122)
signet.ID = u.String()
return nil
}
// ToBytes serializes the Signet to a byte slice.
func (signet *Signet) ToBytes() ([]byte, error) {
// Make sure the key is stored in the serializable format.
if err := signet.StoreKey(); err != nil {
return nil, fmt.Errorf("failed to serialize the key: %w", err)
}
// Serialize Signet.
data, err := dsd.Dump(signet, dsd.CBOR)
if err != nil {
return nil, fmt.Errorf("failed to serialize the signet: %w", err)
}
return data, nil
}
// SignetFromBytes parses and loads a serialized signet.
func SignetFromBytes(data []byte) (*Signet, error) {
signet := &Signet{}
// Parse Signet from data.
if _, err := dsd.Load(data, signet); err != nil {
return nil, fmt.Errorf("failed to parse data format: %w", err)
}
// Load the key.
if err := signet.LoadKey(); err != nil {
return nil, fmt.Errorf("failed to parse key: %w", err)
}
return signet, nil
}
// ToBase58 serializes the signet and encodes it with base58.
func (signet *Signet) ToBase58() (string, error) {
// Serialize Signet.
data, err := signet.ToBytes()
if err != nil {
return "", err
}
// Encode and return.
return base58.Encode(data), nil
}
// SignetFromBase58 parses and loads a base58 encoded serialized signet.
func SignetFromBase58(base58Encoded string) (*Signet, error) {
// Decode string.
data, err := base58.Decode(base58Encoded)
if err != nil {
return nil, fmt.Errorf("failed to decode base58: %w", err)
}
// Parse and return.
return SignetFromBytes(data)
}