Example #1
0
// Authorize will decrypt the request, and it's a buildin middleware for skynet.
func Authorize(servSeckey string) HandlerFunc {
	return func(c *Context) error {
		var (
			req pp.EncryptReq
			rlt *pp.EmptyRes
		)

		c.ServSeckey = servSeckey

		for {
			if c.UnmarshalReq(&req) == nil {
				// validate pubkey.
				if err := validatePubkey(req.GetPubkey()); err != nil {
					logger.Error(err.Error())
					rlt = pp.MakeErrResWithCode(pp.ErrCode_WrongPubkey)
					break
				}
				pubkey, err := cipher.PubKeyFromHex(req.GetPubkey())
				if err != nil {
					logger.Error(err.Error())
					rlt = pp.MakeErrResWithCode(pp.ErrCode_WrongPubkey)
					break
				}
				c.Pubkey = pubkey.Hex()

				seckey, err := cipher.SecKeyFromHex(servSeckey)
				if err != nil {
					logger.Error(err.Error())
					rlt = pp.MakeErrResWithCode(pp.ErrCode_ServerError)
					break
				}

				key := cipher.ECDH(pubkey, seckey)
				data, err := cipher.Chacha20Decrypt(req.GetEncryptdata(), key, req.GetNonce())
				if err != nil {
					logger.Error(err.Error())
					rlt = pp.MakeErrResWithCode(pp.ErrCode_UnAuthorized)
					break
				}

				ok, err := regexp.MatchString(`^\{.*\}$`, string(data))
				if err != nil || !ok {
					logger.Error(err.Error())
					rlt = pp.MakeErrResWithCode(pp.ErrCode_UnAuthorized)
					break
				}

				c.Raw = data

				return c.Next()
			}
			rlt = pp.MakeErrRes(errors.New("bad request"))
			break
		}
		return c.Error(rlt)
	}
}
Example #2
0
func Decrypt(in []byte, nonce []byte, pubkey string, seckey string) (data []byte, err error) {
	defer func() {
		if r := recover(); r != nil {
			err = errors.New("encrypt faild")
		}
	}()
	p := cipher.MustPubKeyFromHex(pubkey)
	s := cipher.MustSecKeyFromHex(seckey)
	key := cipher.ECDH(p, s)
	data, err = cipher.Chacha20Decrypt(in, key, nonce)
	return
}