File: csprng.go

package info (click to toggle)
gokey 0.1.2-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, sid, trixie
  • size: 208 kB
  • sloc: makefile: 11
file content (112 lines) | stat: -rw-r--r-- 2,226 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
package gokey

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"crypto/sha256"
	"io"

	"golang.org/x/crypto/hkdf"
	"golang.org/x/crypto/pbkdf2"
)

const (
	keySeedLength = 256
)

type devZero struct{}

func (dz devZero) Read(p []byte) (n int, err error) {
	for i := range p {
		p[i] = 0
	}
	return len(p), nil
}

func passKey(password, realm string) []byte {
	return pbkdf2.Key([]byte(password), []byte(realm), 4096, 32, sha256.New)
}

func NewDRNG(password, realm string) io.Reader {
	block, _ := aes.NewCipher(passKey(password, realm))
	stream := cipher.NewCTR(block, make([]byte, 16))

	return cipher.StreamReader{S: stream, R: devZero{}}
}

func NewDRNGwithSeed(password, realm string, seed []byte) (io.Reader, error) {
	uSeed, err := unwrapSeed(password, seed)
	if err != nil {
		return nil, err
	}

	// will reuse some of the public seed info
	salt := make([]byte, 12+16)
	copy(salt[:12], uSeed[:12])
	copy(salt[12:], uSeed[len(uSeed)-16:])

	hkdf := hkdf.New(sha256.New, uSeed, salt, []byte(realm))
	rngSeed := make([]byte, 32)
	_, err = io.ReadFull(hkdf, rngSeed)
	if err != nil {
		return nil, err
	}

	block, _ := aes.NewCipher(rngSeed)
	stream := cipher.NewCTR(block, make([]byte, 16))

	return cipher.StreamReader{S: stream, R: devZero{}}, nil
}

func GenerateEncryptedKeySeed(password string) ([]byte, error) {
	seed := make([]byte, keySeedLength)

	_, err := rand.Read(seed)
	if err != nil {
		return nil, err
	}

	masterkey := passKey(password, string(seed[:12]))

	aes, err := aes.NewCipher(masterkey)
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCM(aes)
	if err != nil {
		return nil, err
	}

	pt := seed[12 : len(seed)-16]

	// encrypt in place
	gcm.Seal(pt[:0], seed[:12], pt, nil)

	return seed, nil
}

func unwrapSeed(password string, seed []byte) ([]byte, error) {
	masterkey := passKey(password, string(seed[:12]))

	aes, err := aes.NewCipher(masterkey)
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCM(aes)
	if err != nil {
		return nil, err
	}

	pt := make([]byte, len(seed))
	_, err = gcm.Open(pt[12:], seed[:12], seed[12:], nil)
	if err != nil {
		return nil, err
	}

	copy(pt[:12], seed[:12])
	copy(pt[len(pt)-16:], seed[len(seed)-16:])
	return pt, nil
}