// PBSignRequest signs a http request using the password specified
// Signature changes if:
// remote address changes
// request URI changes
// request header is deleted
// request header is added
// request header is modified
//
// Signature doesn't change if:
// request header ordering is changed
func (p *pbe) PBSignRequest(req *http.Request, password string, pattern *util.SignaturePattern) error {
saltlen := p.pbkdf2_salt_length
keylen := p.hmac_key_length
salt, err := rnd.Salt(saltlen)
if err != nil {
return err
}
salt_hex := hex.EncodeToString(salt)
req.Header.Set(REQ_HEADER_SALT, salt_hex)
key := PBKDF2Key(password, salt, keylen)
message := util.MarshalRequest(req, pattern)
hmac_sha := hmac_sha(message, key)
signature_hex := hex.EncodeToString(hmac_sha)
req.Header.Set(REQ_HEADER_HMAC, signature_hex)
return nil
}
// PBAesEncryptPtr: AES-based password-based encryption
// Changes the slice supplied itself
func (p *pbe) PBAesEncryptPtr(block *[]byte, password string) error {
// extract constants
saltlen := p.pbkdf2_salt_length
keylen := p.aes_key_length
blocklen := AES_BLOCK_LENGTH
// generate salt
salt, err := rnd.Salt(saltlen)
if err != nil {
return err
}
// generate IV
iv, err := rnd.IV(blocklen)
if err != nil {
return err
}
// generate key
key := p.PBKDF2Key(password, salt, keylen)
// pad data block
*block = pad.PKCS7Pad(*block, blocklen)
// encrypt it
err = aes_enc_block(*block, iv, key)
if err != nil {
return err
}
// join padded block + IV + salt into single buffer
*block = append(*block, iv...)
*block = append(*block, salt...)
return nil
}
