Beispiel #1
0
// UnmarshalPrivate parses a byte slice into a private key.
func UnmarshalPrivate(in []byte) (*PrivateKey, error) {
	priv := PrivateKey{
		D: new([32]byte),
		S: new([64]byte),
		PublicKey: &PublicKey{
			E: new([32]byte),
			V: new([32]byte),
		},
	}

	var mkey struct {
		D []byte
		S []byte
		E []byte
		V []byte
	}

	dec := tlv.NewDecoder(in)
	err := dec.Decode(&mkey.D)
	if err != nil {
		return nil, err
	}
	err = dec.Decode(&mkey.S)
	if err != nil {
		return nil, err
	}
	err = dec.Decode(&mkey.E)
	if err != nil {
		return nil, err
	}
	err = dec.Decode(&mkey.V)
	if err != nil {
		return nil, err
	}

	copy(priv.D[:], mkey.D)
	copy(priv.S[:], mkey.S)
	copy(priv.E[:], mkey.E)
	copy(priv.V[:], mkey.V)

	util.Zero(mkey.D)
	util.Zero(mkey.S)
	util.Zero(mkey.E)
	util.Zero(mkey.V)
	return &priv, nil
}
Beispiel #2
0
// DecryptAndVerify decrypts the message and verifies its signature.
func DecryptAndVerify(priv *PrivateKey, pub *PublicKey, enc []byte) ([]byte, bool) {
	if !priv.Valid() || !pub.Valid() {
		return nil, false
	}

	if len(enc) < overhead {
		return nil, false
	}

	out, ok := decrypt(priv, enc)
	if !ok {
		return nil, false
	}

	var m, s []byte
	dec := tlv.NewDecoder(out)
	err := dec.Decode(&m)
	if err != nil {
		return nil, false
	}

	err = dec.Decode(&s)
	if err != nil {
		util.Zero(m)
		return nil, false
	}

	if dec.Length() != 0 {
		util.Zero(m)
		return nil, false
	}

	if len(s) != ed25519.SignatureSize {
		util.Zero(m)
		return nil, false
	}

	if !Verify(pub, m, s) {
		util.Zero(m)
		return nil, false
	}

	return m, true
}
Beispiel #3
0
// ParseTOTPConfig parses a serialised TOTP configuration.
func ParseTOTPConfig(in []byte) (*TOTPConfig, error) {
	var size int32
	var algo int8
	var provider []byte

	var config = new(TOTPConfig)
	dec := tlv.NewDecoder(in)
	err := dec.Decode(&config.Key)
	if err != nil {
		return nil, errInvalidTOTPConfig
	}

	err = dec.Decode(&config.Start)
	if err != nil {
		return nil, errInvalidTOTPConfig
	}

	err = dec.Decode(&config.Step)
	if err != nil {
		return nil, errInvalidTOTPConfig
	}

	err = dec.Decode(&size)
	if err != nil {
		return nil, errInvalidTOTPConfig
	}
	config.Size = int(size)

	err = dec.Decode(&algo)
	if err != nil {
		return nil, errInvalidTOTPConfig
	}
	config.Algo = crypto.Hash(algo)

	err = dec.Decode(&provider)
	if err != nil {
		return nil, errInvalidTOTPConfig
	}
	config.Provider = string(provider)
	return config, nil
}
Beispiel #4
0
// Decrypt opens the secured message using the private key.
func Decrypt(priv *PrivateKey, enc []byte) (message []byte, ok bool) {
	out, ok := decrypt(priv, enc)
	if !ok {
		return nil, false
	}
	defer util.Zero(out)

	var m []byte
	dec := tlv.NewDecoder(out)
	err := dec.Decode(&m)
	if err != nil {
		return nil, false
	}

	if dec.Length() != 0 {
		util.Zero(m)
		return nil, false
	}

	return m, true
}
Beispiel #5
0
// ParseYubiKeyConfig attempts to parse a YubiKeyConfig from a
// byte slice.
func ParseYubiKeyConfig(in []byte) (*YubiKeyConfig, error) {
	config := &YubiKeyConfig{}
	dec := tlv.NewDecoder(in)
	err := dec.Decode(&config.Key)
	if err != nil {
		return nil, errInvalidYKConfig
	} else if len(config.Key) != yubikey.KeySize {
		return nil, errInvalidYKConfig
	}

	err = dec.Decode(&config.Counter)
	if err != nil {
		return nil, errInvalidYKConfig
	}

	err = dec.Decode(&config.Public)
	if err != nil {
		return nil, errInvalidYKConfig
	}

	return config, nil
}