forked from jamesruan/sodium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexchange.go
141 lines (119 loc) · 3.26 KB
/
exchange.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package sodium
// #cgo pkg-config: libsodium
// #include <stdlib.h>
// #include <sodium.h>
import "C"
var (
cryptoKXPublicKeyBytes = int(C.crypto_kx_publickeybytes())
cryptoKXSecretKeyBytes = int(C.crypto_kx_secretkeybytes())
cryptoKXSeedBytes = int(C.crypto_kx_seedbytes())
cryptoKXSessionKeyBytes = int(C.crypto_kx_sessionkeybytes())
)
type KXKP struct {
PublicKey KXPublicKey
SecretKey KXSecretKey
}
// MakeKXKP generates a keypair for signing
func MakeKXKP() KXKP {
pkb := make([]byte, cryptoKXPublicKeyBytes)
skb := make([]byte, cryptoKXSecretKeyBytes)
if int(C.crypto_kx_keypair(
(*C.uchar)(&pkb[0]),
(*C.uchar)(&skb[0]))) != 0 {
panic("see libsodium")
}
return KXKP{
KXPublicKey{pkb},
KXSecretKey{skb},
}
}
// SeedKXKP generates a keypair for exchanging from a KXSeed.
//
// The same pair of keys will be generated with the same 'seed'
func SeedKXKP(seed KXSeed) KXKP {
checkTypedSize(&seed, "seed")
pkb := make([]byte, cryptoKXPublicKeyBytes)
skb := make([]byte, cryptoKXSecretKeyBytes)
if int(C.crypto_kx_seed_keypair(
(*C.uchar)(&pkb[0]),
(*C.uchar)(&skb[0]),
(*C.uchar)(&seed.Bytes[0]))) != 0 {
panic("see libsodium")
}
return KXKP{
KXPublicKey{pkb},
KXSecretKey{skb},
}
}
// ClientSessionKeys calculates Rx (for receving) and Tx (for sending) session keys
// with server's public key.
// return error when server_pk is not acceptable.
func (kp KXKP) ClientSessionKeys(server_pk KXPublicKey) (*KXSessionKeys, error) {
checkTypedSize(&kp.PublicKey, "Client Public Key")
checkTypedSize(&kp.SecretKey, "Client Secret Key")
checkTypedSize(&server_pk, "Server Public Key")
rxb := make([]byte, cryptoKXSessionKeyBytes)
txb := make([]byte, cryptoKXSessionKeyBytes)
if int(C.crypto_kx_client_session_keys(
(*C.uchar)(&rxb[0]),
(*C.uchar)(&txb[0]),
(*C.uchar)(&kp.PublicKey.Bytes[0]),
(*C.uchar)(&kp.SecretKey.Bytes[0]),
(*C.uchar)(&server_pk.Bytes[0]))) != 0 {
return nil, ErrInvalidKey
}
return &KXSessionKeys{
Rx: KXSessionKey{rxb},
Tx: KXSessionKey{txb},
}, nil
}
// ServerSessionKeys calculates Rx (for receving) and Tx (for sending) session keys
// with client's public key.
// return error when client_pk is not acceptable.
func (kp KXKP) ServerSessionKeys(client_pk KXPublicKey) (*KXSessionKeys, error) {
checkTypedSize(&kp.PublicKey, "Server Public Key")
checkTypedSize(&kp.SecretKey, "Server Secret Key")
checkTypedSize(&client_pk, "Client Public Key")
rxb := make([]byte, cryptoKXSessionKeyBytes)
txb := make([]byte, cryptoKXSessionKeyBytes)
if int(C.crypto_kx_server_session_keys(
(*C.uchar)(&rxb[0]),
(*C.uchar)(&txb[0]),
(*C.uchar)(&kp.PublicKey.Bytes[0]),
(*C.uchar)(&kp.SecretKey.Bytes[0]),
(*C.uchar)(&client_pk.Bytes[0]))) != 0 {
return nil, ErrInvalidKey
}
return &KXSessionKeys{
Rx: KXSessionKey{rxb},
Tx: KXSessionKey{txb},
}, nil
}
type KXSessionKeys struct {
Rx KXSessionKey
Tx KXSessionKey
}
type KXPublicKey struct {
Bytes
}
func (k KXPublicKey) Size() int {
return cryptoKXPublicKeyBytes
}
type KXSecretKey struct {
Bytes
}
func (k KXSecretKey) Size() int {
return cryptoKXSecretKeyBytes
}
type KXSessionKey struct {
Bytes
}
func (k KXSessionKey) Size() int {
return cryptoKXSessionKeyBytes
}
type KXSeed struct {
Bytes
}
func (k KXSeed) Size() int {
return cryptoKXSeedBytes
}