示例#1
0
文件: uid.go 项目: JonathanLogan/mute
// VerifyNonce verifies the nonce signature with the given sigPubKey.
func VerifyNonce(sigPubKey string, nonce uint64, signature string) error {
	var ed25519Key cipher.Ed25519Key
	sig, err := base64.Decode(signature)
	if err != nil {
		return err
	}
	pubKey, err := base64.Decode(sigPubKey)
	if err != nil {
		return err
	}
	if err := ed25519Key.SetPublicKey(pubKey); err != nil {
		return err
	}
	if !ed25519Key.Verify(encode.ToByte8(nonce), sig) {
		return log.Error(ErrInvalidNonceSig)
	}
	return nil
}
示例#2
0
// writeKeyFile writes a key file with the given filename that contains the
// supplied key in AES-256 encrypted form.
func writeKeyfile(filename string, passphrase []byte, iter int, key []byte) error {
	// make sure keyfile does not exist already
	if _, err := os.Stat(filename); err == nil {
		return log.Errorf("encdb: keyfile '%s' exists already", filename)
	}
	// convert iter to uint64
	var uiter uint64
	if iter < 0 || iter > 2147483647 {
		return log.Errorf("encdb: writeKeyfile: invalid iter value")
	}
	uiter = uint64(iter)
	// check keylength
	if len(key) != 32 {
		return log.Errorf("encdb: writeKeyfile: len(key) != 32")
	}
	// create keyfile
	keyfile, err := os.Create(filename)
	if err != nil {
		return log.Error(err)
	}
	defer keyfile.Close()
	// generate salt
	var salt = make([]byte, 32)
	if _, err := io.ReadFull(cipher.RandReader, salt); err != nil {
		return err
	}
	// compute derived key from passphrase
	dk := pbkdf2.Key(passphrase, salt, iter, 32, sha256.New)
	// compute AES-256 encrypted key (with IV)
	encKey := cipher.AES256CBCEncrypt([]byte(dk), key, cipher.RandReader)
	// write number of iterations
	if _, err := keyfile.Write(encode.ToByte8(uiter)); err != nil {
		return err
	}
	// write salt
	if _, err := keyfile.Write(salt); err != nil {
		return err
	}
	// write IV and AES-256 encrypted key
	if _, err := keyfile.Write(encKey); err != nil {
		return err
	}
	return nil
}
示例#3
0
文件: uid.go 项目: JonathanLogan/mute
// SignNonce signs the current time as nonce and returns it.
func (msg *Message) SignNonce() (nonce uint64, signature string) {
	nonce = uint64(times.Now())
	signature = base64.Encode(msg.UIDContent.SIGKEY.ed25519Key.Sign(encode.ToByte8(nonce)))
	return
}