mirror of
https://github.com/fumiama/go-x25519.git
synced 2026-06-12 22:40:13 +08:00
Refactor
This commit is contained in:
Riobard
109
x25519.go
109
x25519.go
@@ -13,59 +13,65 @@ import (
|
|||||||
// KeySize is the size of keys in bytes used in this package.
|
// KeySize is the size of keys in bytes used in this package.
|
||||||
const KeySize = 32
|
const KeySize = 32
|
||||||
|
|
||||||
type PublicKey [32]byte
|
// SecretKey is the type of Curve25519 secret keys.
|
||||||
|
|
||||||
func (pk *PublicKey) String() string { return string(pk[:]) }
|
|
||||||
|
|
||||||
// SecretKey is the type of Curve25519 secret keys
|
|
||||||
type SecretKey struct {
|
type SecretKey struct {
|
||||||
sk [32]byte
|
sk []byte
|
||||||
pk *PublicKey
|
pk PublicKey
|
||||||
ur *[32]byte
|
ur []byte // uniform representative of pk
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewSecretKey(sk []byte) *SecretKey {
|
// Bytes returns the secret key as a byte slice.
|
||||||
k := new(SecretKey)
|
func (k *SecretKey) Bytes() []byte { return k.sk }
|
||||||
copy(k.sk[:], sk)
|
|
||||||
return k
|
|
||||||
}
|
|
||||||
|
|
||||||
func (k *SecretKey) Bytes() []byte { return k.sk[:] }
|
|
||||||
func (k *SecretKey) String() string { return string(k.sk[:]) }
|
|
||||||
|
|
||||||
// Public returns the PublicKey corresponding to the secret key.
|
// Public returns the PublicKey corresponding to the secret key.
|
||||||
func (k *SecretKey) Public() *PublicKey {
|
func (k *SecretKey) Public() PublicKey {
|
||||||
if k.pk == nil {
|
if k.pk == nil {
|
||||||
k.pk = new(PublicKey)
|
var pk, sk [32]byte
|
||||||
curve25519.ScalarBaseMult((*[32]byte)(k.pk), &k.sk)
|
copy(sk[:], k.sk)
|
||||||
|
curve25519.ScalarBaseMult(&pk, &sk)
|
||||||
|
k.pk = pk[:]
|
||||||
}
|
}
|
||||||
return k.pk
|
return k.pk
|
||||||
}
|
}
|
||||||
|
|
||||||
// Uniform returns the uniform representative of the public key corresponding to the secret key, or nil
|
// PublicUniform returns the uniform representative of the public key corresponding to the secret key, or nil
|
||||||
// if the public key does not have a uniform representative.
|
// if the public key does not have a uniform representative.
|
||||||
func (k *SecretKey) Uniform() *[32]byte {
|
func (k *SecretKey) PublicUniform() UniformRepresentative {
|
||||||
if k.ur == nil {
|
if k.ur == nil {
|
||||||
pk := new(PublicKey)
|
var sk, pk, ur [32]byte
|
||||||
ur := new([32]byte)
|
copy(sk[:], k.sk)
|
||||||
if extra25519.ScalarBaseMult((*[32]byte)(pk), ur, &k.sk) {
|
if extra25519.ScalarBaseMult(&pk, &ur, &sk) {
|
||||||
k.pk = pk
|
k.pk = pk[:]
|
||||||
k.ur = ur
|
k.ur = ur[:]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return k.ur
|
return k.ur
|
||||||
}
|
}
|
||||||
|
|
||||||
// Shared computes the shared secret between our secret key and their public key.
|
// Shared computes the shared secret between our secret key and peer's public key.
|
||||||
func (k *SecretKey) Shared(shared *[32]byte, theirPublic *PublicKey) {
|
func (k *SecretKey) Shared(peer PublicKey) []byte {
|
||||||
curve25519.ScalarMult(shared, &k.sk, (*[32]byte)(theirPublic))
|
var shared, sk, pk [32]byte
|
||||||
|
copy(sk[:], k.sk)
|
||||||
|
copy(pk[:], peer)
|
||||||
|
curve25519.ScalarMult(&shared, &sk, &pk)
|
||||||
|
return shared[:]
|
||||||
}
|
}
|
||||||
|
|
||||||
// SharedUniform computes the shared secret between our secret key and their public key's uniform representative.
|
// SharedUniform computes the shared secret between our secret key and peer public key's uniform representative.
|
||||||
func (k *SecretKey) SharedUniform(shared, theirRepresentative *[32]byte) {
|
func (k *SecretKey) SharedUniform(peer UniformRepresentative) []byte {
|
||||||
pk := new([32]byte)
|
var shared, pk, sk, ur [32]byte
|
||||||
extra25519.RepresentativeToPublicKey(pk, theirRepresentative)
|
copy(ur[:], peer)
|
||||||
curve25519.ScalarMult(shared, &k.sk, pk)
|
copy(sk[:], k.sk)
|
||||||
|
extra25519.RepresentativeToPublicKey(&pk, &ur)
|
||||||
|
curve25519.ScalarMult(&shared, &sk, &pk)
|
||||||
|
return shared[:]
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSecretKey creates a SecretKey from byte slice sk and len(sk) must be 32.
|
||||||
|
func NewSecretKey(sk []byte) *SecretKey {
|
||||||
|
k := new(SecretKey)
|
||||||
|
k.sk = sk
|
||||||
|
return k
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateKey generates a secret key using entropy from random, or crypto/rand.Reader
|
// GenerateKey generates a secret key using entropy from random, or crypto/rand.Reader
|
||||||
@@ -74,9 +80,10 @@ func GenerateKey(random io.Reader) (*SecretKey, error) {
|
|||||||
if random == nil {
|
if random == nil {
|
||||||
random = rand.Reader
|
random = rand.Reader
|
||||||
}
|
}
|
||||||
sk := new(SecretKey)
|
k := new(SecretKey)
|
||||||
_, err := io.ReadFull(random, sk.sk[:])
|
k.sk = make([]byte, 32)
|
||||||
return sk, err
|
_, err := io.ReadFull(random, k.sk)
|
||||||
|
return k, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateKeyUniform generates a secret key whose corresponding public key has a uniform representative
|
// GenerateKeyUniform generates a secret key whose corresponding public key has a uniform representative
|
||||||
@@ -85,16 +92,30 @@ func GenerateKeyUniform(random io.Reader) (*SecretKey, error) {
|
|||||||
if random == nil {
|
if random == nil {
|
||||||
random = rand.Reader
|
random = rand.Reader
|
||||||
}
|
}
|
||||||
sk := new(SecretKey)
|
var pk, sk, ur [32]byte
|
||||||
for ok := false; !ok; ok = extra25519.ScalarBaseMult((*[32]byte)(sk.pk), sk.ur, &sk.sk) {
|
for ok := false; !ok; ok = extra25519.ScalarBaseMult(&pk, &ur, &sk) {
|
||||||
if _, err := io.ReadFull(random, sk.sk[:]); err != nil {
|
if _, err := io.ReadFull(random, sk[:]); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return sk, nil
|
k := new(SecretKey)
|
||||||
|
k.sk = sk[:]
|
||||||
|
k.pk = pk[:]
|
||||||
|
k.ur = ur[:]
|
||||||
|
return k, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// RepresentativeToPublicKey converts a uniform representative to a curve25519 public key.
|
// UniformRepresentative is the type of Curve25519 public key uniform representatives.
|
||||||
func RepresentativeToPublicKey(publicKey, representative *[32]byte) {
|
// See https://www.imperialviolet.org/2013/12/25/elligator.html
|
||||||
extra25519.RepresentativeToPublicKey(publicKey, representative)
|
type UniformRepresentative []byte
|
||||||
|
|
||||||
|
// Public returns the curve25519 public key corresponding to the uniform presentative.
|
||||||
|
func (u UniformRepresentative) Public() PublicKey {
|
||||||
|
var pk, ur [32]byte
|
||||||
|
copy(ur[:], u)
|
||||||
|
extra25519.RepresentativeToPublicKey(&pk, &ur)
|
||||||
|
return pk[:]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PublicKey is the type of Curve25519 public keys.
|
||||||
|
type PublicKey []byte
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ var (
|
|||||||
sharedSecret = "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
|
sharedSecret = "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestGenerateKey(t *testing.T) {
|
func TestStardardKey(t *testing.T) {
|
||||||
askhex, err := hex.DecodeString(aliceSK)
|
askhex, err := hex.DecodeString(aliceSK)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@@ -38,33 +38,40 @@ func TestGenerateKey(t *testing.T) {
|
|||||||
t.Fatal("public key failed")
|
t.Fatal("public key failed")
|
||||||
}
|
}
|
||||||
|
|
||||||
s1 := new([32]byte)
|
s1 := ask.Shared(bpk)
|
||||||
s2 := new([32]byte)
|
s2 := bsk.Shared(apk)
|
||||||
ask.Shared(s1, bpk)
|
if !bytes.Equal(s1, s2) {
|
||||||
bsk.Shared(s2, apk)
|
|
||||||
if !bytes.Equal(s1[:], s2[:]) {
|
|
||||||
t.Fatal("shared secret failed")
|
t.Fatal("shared secret failed")
|
||||||
}
|
}
|
||||||
if hex.EncodeToString(s1[:]) != sharedSecret {
|
if hex.EncodeToString(s1) != sharedSecret {
|
||||||
t.Fatal("shared secret failed")
|
t.Fatal("shared secret failed")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGenerateKey2(t *testing.T) {
|
func TestGenerateKey(t *testing.T) {
|
||||||
ourSK, _ := GenerateKey(nil)
|
for i := 0; i < 100; i++ {
|
||||||
theirSK, _ := GenerateKey(nil)
|
ourSK, _ := GenerateKey(nil)
|
||||||
|
theirSK, _ := GenerateKey(nil)
|
||||||
t.Logf("our secret = %0x", ourSK)
|
s1 := ourSK.Shared(theirSK.Public())
|
||||||
t.Logf("our public = %0x", ourSK.Public())
|
s2 := theirSK.Shared(ourSK.Public())
|
||||||
t.Logf("their secret = %0x", theirSK)
|
if !bytes.Equal(s1, s2) {
|
||||||
t.Logf("their public = %0x", theirSK.Public())
|
t.Fatal("computed shared secrets differs")
|
||||||
|
}
|
||||||
s1 := new([32]byte)
|
}
|
||||||
s2 := new([32]byte)
|
}
|
||||||
ourSK.Shared(s1, theirSK.Public())
|
|
||||||
theirSK.Shared(s2, ourSK.Public())
|
func TestUniformRepresentative(t *testing.T) {
|
||||||
if !bytes.Equal(s1[:], s2[:]) {
|
|
||||||
t.Fatal("computed shared secrets differs")
|
for i := 0; i < 1; i++ {
|
||||||
|
k, _ := GenerateKey(nil)
|
||||||
|
sk, _ := GenerateKeyUniform(nil)
|
||||||
|
pk := sk.Public()
|
||||||
|
ur := sk.PublicUniform()
|
||||||
|
if !bytes.Equal(ur.Public(), pk) {
|
||||||
|
t.Fatal("public key and its uniform representative do not match")
|
||||||
|
}
|
||||||
|
if !bytes.Equal(k.Shared(sk.Public()), k.SharedUniform(sk.PublicUniform())) {
|
||||||
|
t.Fatalf("shared secrets do not match")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
t.Logf("shared secret = %0x", s1)
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user