Ran gofmt on all files; forgot to do that after merging.
This commit is contained in:
parent
d9755bc793
commit
387c75e791
5 changed files with 31 additions and 49 deletions
3
crypt.go
3
crypt.go
|
@ -126,7 +126,6 @@ func encrypt(args []string) {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
err = en.Encrypt(infd, outfd)
|
||||
if err != nil {
|
||||
die("%s", err)
|
||||
|
@ -220,7 +219,6 @@ func decrypt(args []string) {
|
|||
outfd = outf
|
||||
}
|
||||
|
||||
|
||||
d, err := sign.NewDecryptor(infd)
|
||||
if err != nil {
|
||||
die("%s", err)
|
||||
|
@ -237,7 +235,6 @@ func decrypt(args []string) {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
func encryptUsage(fs *flag.FlagSet) {
|
||||
fmt.Printf(`%s encrypt: Encrypt a file to one or more recipients.
|
||||
|
||||
|
|
|
@ -14,22 +14,21 @@
|
|||
package sign
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/ed25519"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"crypto/subtle"
|
||||
"encoding/binary"
|
||||
"fmt"
|
||||
"golang.org/x/crypto/curve25519"
|
||||
"golang.org/x/crypto/hkdf"
|
||||
"io"
|
||||
"math/big"
|
||||
"bytes"
|
||||
"encoding/binary"
|
||||
)
|
||||
|
||||
|
||||
// Encryption chunk size = 4MB
|
||||
const chunkSize int = 4 * 1048576
|
||||
|
||||
|
@ -37,7 +36,6 @@ const _Magic = "SigTool"
|
|||
const _MagicLen = len(_Magic)
|
||||
const _AEADNonceLen = 32
|
||||
|
||||
|
||||
// Encryptor holds the encryption context
|
||||
type Encryptor struct {
|
||||
Header
|
||||
|
@ -81,7 +79,6 @@ func NewEncryptor(sk *PrivateKey) (*Encryptor, error) {
|
|||
return e, nil
|
||||
}
|
||||
|
||||
|
||||
// Add a new recipient to this encryption context.
|
||||
func (e *Encryptor) AddRecipient(pk *PublicKey) error {
|
||||
if e.started {
|
||||
|
@ -104,7 +101,6 @@ func (e *Encryptor) AddRecipient(pk *PublicKey) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
|
||||
// Begin the encryption process by writing the header
|
||||
func (e *Encryptor) start(wr io.Writer) error {
|
||||
msize := e.Size()
|
||||
|
@ -161,7 +157,6 @@ func fullwrite(buf []byte, wr io.Writer) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
|
||||
// Encrypt the input stream 'rd' and write encrypted stream to 'wr'
|
||||
func (e *Encryptor) Encrypt(rd io.Reader, wr io.Writer) error {
|
||||
if !e.started {
|
||||
|
@ -225,7 +220,6 @@ func (e *Encryptor) encrypt(buf []byte, wr io.Writer, i int) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
|
||||
// Decryptor holds the decryption context
|
||||
type Decryptor struct {
|
||||
Header
|
||||
|
@ -238,7 +232,6 @@ type Decryptor struct {
|
|||
key []byte
|
||||
}
|
||||
|
||||
|
||||
// Create a new decryption context and if 'pk' is given, check that it matches
|
||||
// the sender
|
||||
func NewDecryptor(rd io.Reader) (*Decryptor, error) {
|
||||
|
@ -343,7 +336,6 @@ func (d *Decryptor) SetPrivateKey(sk *PrivateKey, senderPk *PublicKey) error {
|
|||
|
||||
return fmt.Errorf("decrypt: Can't find any public key to match the given private key")
|
||||
|
||||
|
||||
havekey:
|
||||
aes, err := aes.NewCipher(d.key)
|
||||
if err != nil {
|
||||
|
@ -363,7 +355,6 @@ func (d *Decryptor) WrappedKeys() []*WrappedKey {
|
|||
return d.Keys
|
||||
}
|
||||
|
||||
|
||||
// Decrypt the file and write to 'wr'
|
||||
func (d *Decryptor) Decrypt(wr io.Writer) error {
|
||||
if d.key == nil {
|
||||
|
@ -403,8 +394,13 @@ func (d *Decryptor) decrypt(i int) ([]byte, error) {
|
|||
return nil, fmt.Errorf("decrypt: can't read chunk %d length: %s", i, err)
|
||||
}
|
||||
|
||||
|
||||
chunklen := int(binary.BigEndian.Uint32(b[:4]))
|
||||
|
||||
// Sanity check - in case of corrupt header
|
||||
if chunklen > (d.ae.Overhead()+chunkSize) {
|
||||
return nil, fmt.Errorf("decrypt: chunksize is too large (%d)", chunklen)
|
||||
}
|
||||
|
||||
binary.BigEndian.PutUint32(b[4:], uint32(i))
|
||||
h := sha256.New()
|
||||
h.Write(d.Salt)
|
||||
|
@ -448,7 +444,6 @@ func (sk *PrivateKey) WrapKey(pk *PublicKey, key []byte) (*WrappedKey, error) {
|
|||
return wrapKey(pk, key, &ourSK)
|
||||
}
|
||||
|
||||
|
||||
func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) {
|
||||
var curvePK, theirPK, shared [32]byte
|
||||
|
||||
|
@ -469,8 +464,6 @@ func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) {
|
|||
}, nil
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Unwrap a wrapped key using the private key 'sk'
|
||||
func (w *WrappedKey) UnwrapKey(sk *PrivateKey, senderPk *PublicKey) ([]byte, error) {
|
||||
var shared, theirPK, ourSK [32]byte
|
||||
|
@ -501,7 +494,6 @@ func (w *WrappedKey) UnwrapKey(sk *PrivateKey, senderPk *PublicKey) ([]byte, err
|
|||
return key, nil
|
||||
}
|
||||
|
||||
|
||||
// Convert an Ed25519 Private Key to Curve25519 Private key
|
||||
func (sk *PrivateKey) toCurve25519SK() []byte {
|
||||
if sk.ck == nil {
|
||||
|
@ -565,7 +557,6 @@ func expand(shared, pk []byte) ([]byte, error) {
|
|||
return kek, err
|
||||
}
|
||||
|
||||
|
||||
// seal the data via AEAD after suitably expanding 'shared'
|
||||
func aeadSeal(data, shared, pk []byte) ([]byte, []byte, error) {
|
||||
kek, err := expand(shared[:], pk)
|
||||
|
@ -624,7 +615,6 @@ func aeadOpen(data, nonce, shared, pk []byte) ([]byte, error) {
|
|||
return c, nil
|
||||
}
|
||||
|
||||
|
||||
func clamp(k []byte) []byte {
|
||||
k[0] &= 248
|
||||
k[31] &= 127
|
||||
|
|
|
@ -223,7 +223,6 @@ func MakePrivateKey(yml []byte, pw string) (*PrivateKey, error) {
|
|||
return nil, fmt.Errorf("can't decode YAML:Verify: %s", err)
|
||||
}
|
||||
|
||||
|
||||
// We take short passwords and extend them
|
||||
pwb := sha512.Sum512([]byte(pw))
|
||||
|
||||
|
@ -250,7 +249,6 @@ func MakePrivateKey(yml []byte, pw string) (*PrivateKey, error) {
|
|||
return PrivateKeyFromBytes(skb)
|
||||
}
|
||||
|
||||
|
||||
// Make a private key from 64-bytes of extended Ed25519 key
|
||||
func PrivateKeyFromBytes(skb []byte) (*PrivateKey, error) {
|
||||
if len(skb) != 64 {
|
||||
|
@ -272,7 +270,6 @@ func PrivateKeyFromBytes(skb []byte) (*PrivateKey, error) {
|
|||
return sk, nil
|
||||
}
|
||||
|
||||
|
||||
// Given a secret key, return the corresponding Public Key
|
||||
func (sk *PrivateKey) PublicKey() *PublicKey {
|
||||
return sk.pk
|
||||
|
@ -481,7 +478,6 @@ func MakePublicKey(yml []byte) (*PublicKey, error) {
|
|||
return PublicKeyFromBytes(pk)
|
||||
}
|
||||
|
||||
|
||||
// Make a public key from a byte string
|
||||
func PublicKeyFromBytes(b []byte) (*PublicKey, error) {
|
||||
if len(b) != 32 {
|
||||
|
|
|
@ -90,7 +90,6 @@ r: 8
|
|||
p: 1
|
||||
`
|
||||
|
||||
|
||||
// #1. Create new key pair, and read them back.
|
||||
func Test0(t *testing.T) {
|
||||
assert := newAsserter(t)
|
||||
|
|
2
version
2
version
|
@ -1 +1 @@
|
|||
0.2.0
|
||||
0.2.1
|
||||
|
|
Loading…
Add table
Reference in a new issue