mirror of
https://github.com/nbd-wtf/go-nostr.git
synced 2025-10-11 05:13:47 +02:00
nip44: refactor so bizarre var declarations are eliminated.
This commit is contained in:
fiatjaf
146
nip44/nip44.go
146
nip44/nip44.go
@@ -19,7 +19,7 @@ import (
|
|||||||
|
|
||||||
const version byte = 2
|
const version byte = 2
|
||||||
|
|
||||||
var (
|
const (
|
||||||
MinPlaintextSize = 0x0001 // 1b msg => padded to 32b
|
MinPlaintextSize = 0x0001 // 1b msg => padded to 32b
|
||||||
MaxPlaintextSize = 0xffff // 65535 (64kb-1) => padded to 64kb
|
MaxPlaintextSize = 0xffff // 65535 (64kb-1) => padded to 64kb
|
||||||
)
|
)
|
||||||
@@ -59,91 +59,89 @@ func Encrypt(plaintext string, conversationKey []byte, applyOptions ...func(opts
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
enc, nonce, auth, err := messageKeys(conversationKey, salt)
|
||||||
enc []byte
|
if err != nil {
|
||||||
nonce []byte
|
return "", err
|
||||||
auth []byte
|
}
|
||||||
padded []byte
|
|
||||||
ciphertext []byte
|
|
||||||
hmac_ []byte
|
|
||||||
concat []byte
|
|
||||||
err error
|
|
||||||
)
|
|
||||||
|
|
||||||
if enc, nonce, auth, err = messageKeys(conversationKey, salt); err != nil {
|
padded, err := pad(plaintext)
|
||||||
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
if padded, err = pad(plaintext); err != nil {
|
|
||||||
|
ciphertext, err := chacha20_(enc, nonce, []byte(padded))
|
||||||
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
if ciphertext, err = chacha20_(enc, nonce, []byte(padded)); err != nil {
|
|
||||||
|
hmac_, err := sha256Hmac(auth, ciphertext, salt)
|
||||||
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
if hmac_, err = sha256Hmac(auth, ciphertext, salt); err != nil {
|
|
||||||
return "", err
|
concat := make([]byte, 1+len(salt)+len(ciphertext)+len(hmac_))
|
||||||
}
|
concat[0] = version
|
||||||
concat = append(concat, []byte{version}...)
|
copy(concat[1:], salt)
|
||||||
concat = append(concat, salt...)
|
copy(concat[1+len(salt):], ciphertext)
|
||||||
concat = append(concat, ciphertext...)
|
copy(concat[1+len(salt)+len(ciphertext):], hmac_)
|
||||||
concat = append(concat, hmac_...)
|
|
||||||
return base64.StdEncoding.EncodeToString(concat), nil
|
return base64.StdEncoding.EncodeToString(concat), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func Decrypt(ciphertext string, conversationKey []byte) (string, error) {
|
func Decrypt(ciphertext string, conversationKey []byte) (string, error) {
|
||||||
var (
|
cLen := len(ciphertext)
|
||||||
decoded []byte
|
|
||||||
cLen int
|
|
||||||
dLen int
|
|
||||||
salt []byte
|
|
||||||
ciphertext_ []byte
|
|
||||||
hmac []byte
|
|
||||||
hmac_ []byte
|
|
||||||
enc []byte
|
|
||||||
nonce []byte
|
|
||||||
auth []byte
|
|
||||||
padded []byte
|
|
||||||
unpaddedLen uint16
|
|
||||||
unpadded []byte
|
|
||||||
err error
|
|
||||||
)
|
|
||||||
cLen = len(ciphertext)
|
|
||||||
if cLen < 132 || cLen > 87472 {
|
if cLen < 132 || cLen > 87472 {
|
||||||
return "", errors.New(fmt.Sprintf("invalid payload length: %d", cLen))
|
return "", errors.New(fmt.Sprintf("invalid payload length: %d", cLen))
|
||||||
}
|
}
|
||||||
if ciphertext[0:1] == "#" {
|
if ciphertext[0:1] == "#" {
|
||||||
return "", errors.New("unknown version")
|
return "", errors.New("unknown version")
|
||||||
}
|
}
|
||||||
if decoded, err = base64.StdEncoding.DecodeString(ciphertext); err != nil {
|
|
||||||
|
decoded, err := base64.StdEncoding.DecodeString(ciphertext)
|
||||||
|
if err != nil {
|
||||||
return "", errors.New("invalid base64")
|
return "", errors.New("invalid base64")
|
||||||
}
|
}
|
||||||
|
|
||||||
if decoded[0] != version {
|
if decoded[0] != version {
|
||||||
return "", errors.New(fmt.Sprintf("unknown version %d", decoded[0]))
|
return "", errors.New(fmt.Sprintf("unknown version %d", decoded[0]))
|
||||||
}
|
}
|
||||||
dLen = len(decoded)
|
|
||||||
|
dLen := len(decoded)
|
||||||
if dLen < 99 || dLen > 65603 {
|
if dLen < 99 || dLen > 65603 {
|
||||||
return "", errors.New(fmt.Sprintf("invalid data length: %d", dLen))
|
return "", errors.New(fmt.Sprintf("invalid data length: %d", dLen))
|
||||||
}
|
}
|
||||||
salt, ciphertext_, hmac_ = decoded[1:33], decoded[33:dLen-32], decoded[dLen-32:]
|
|
||||||
if enc, nonce, auth, err = messageKeys(conversationKey, salt); err != nil {
|
salt, ciphertext_, hmac_ := decoded[1:33], decoded[33:dLen-32], decoded[dLen-32:]
|
||||||
|
enc, nonce, auth, err := messageKeys(conversationKey, salt)
|
||||||
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
if hmac, err = sha256Hmac(auth, ciphertext_, salt); err != nil {
|
|
||||||
|
hmac, err := sha256Hmac(auth, ciphertext_, salt)
|
||||||
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
if !bytes.Equal(hmac_, hmac) {
|
if !bytes.Equal(hmac_, hmac) {
|
||||||
return "", errors.New("invalid hmac")
|
return "", errors.New("invalid hmac")
|
||||||
}
|
}
|
||||||
if padded, err = chacha20_(enc, nonce, ciphertext_); err != nil {
|
|
||||||
|
padded, err := chacha20_(enc, nonce, ciphertext_)
|
||||||
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
unpaddedLen = binary.BigEndian.Uint16(padded[0:2])
|
|
||||||
if unpaddedLen < uint16(MinPlaintextSize) || unpaddedLen > uint16(MaxPlaintextSize) || len(padded) != 2+calcPadding(int(unpaddedLen)) {
|
unpaddedLen := binary.BigEndian.Uint16(padded[0:2])
|
||||||
|
if unpaddedLen < uint16(MinPlaintextSize) ||
|
||||||
|
unpaddedLen > uint16(MaxPlaintextSize) || len(padded) != 2+calcPadding(int(unpaddedLen)) {
|
||||||
return "", errors.New("invalid padding")
|
return "", errors.New("invalid padding")
|
||||||
}
|
}
|
||||||
unpadded = padded[2 : unpaddedLen+2]
|
|
||||||
|
unpadded := padded[2 : unpaddedLen+2]
|
||||||
if len(unpadded) == 0 || len(unpadded) != int(unpaddedLen) {
|
if len(unpadded) == 0 || len(unpadded) != int(unpaddedLen) {
|
||||||
return "", errors.New("invalid padding")
|
return "", errors.New("invalid padding")
|
||||||
}
|
}
|
||||||
|
|
||||||
return string(unpadded), nil
|
return string(unpadded), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -160,14 +158,12 @@ func GenerateConversationKey(pub string, sk string) ([]byte, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func chacha20_(key []byte, nonce []byte, message []byte) ([]byte, error) {
|
func chacha20_(key []byte, nonce []byte, message []byte) ([]byte, error) {
|
||||||
var (
|
cipher, err := chacha20.NewUnauthenticatedCipher(key, nonce)
|
||||||
cipher *chacha20.Cipher
|
if err != nil {
|
||||||
dst = make([]byte, len(message))
|
|
||||||
err error
|
|
||||||
)
|
|
||||||
if cipher, err = chacha20.NewUnauthenticatedCipher(key, nonce); err != nil {
|
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dst := make([]byte, len(message))
|
||||||
cipher.XORKeyStream(dst, message)
|
cipher.XORKeyStream(dst, message)
|
||||||
return dst, nil
|
return dst, nil
|
||||||
}
|
}
|
||||||
@@ -183,46 +179,40 @@ func sha256Hmac(key []byte, ciphertext []byte, aad []byte) ([]byte, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func messageKeys(conversationKey []byte, salt []byte) ([]byte, []byte, []byte, error) {
|
func messageKeys(conversationKey []byte, salt []byte) ([]byte, []byte, []byte, error) {
|
||||||
var (
|
|
||||||
r io.Reader
|
|
||||||
enc []byte = make([]byte, 32)
|
|
||||||
nonce []byte = make([]byte, 12)
|
|
||||||
auth []byte = make([]byte, 32)
|
|
||||||
err error
|
|
||||||
)
|
|
||||||
if len(conversationKey) != 32 {
|
if len(conversationKey) != 32 {
|
||||||
return nil, nil, nil, errors.New("conversation key must be 32 bytes")
|
return nil, nil, nil, errors.New("conversation key must be 32 bytes")
|
||||||
}
|
}
|
||||||
if len(salt) != 32 {
|
if len(salt) != 32 {
|
||||||
return nil, nil, nil, errors.New("salt must be 32 bytes")
|
return nil, nil, nil, errors.New("salt must be 32 bytes")
|
||||||
}
|
}
|
||||||
r = hkdf.Expand(sha256.New, conversationKey, salt)
|
|
||||||
if _, err = io.ReadFull(r, enc); err != nil {
|
r := hkdf.Expand(sha256.New, conversationKey, salt)
|
||||||
|
enc := make([]byte, 32)
|
||||||
|
if _, err := io.ReadFull(r, enc); err != nil {
|
||||||
return nil, nil, nil, err
|
return nil, nil, nil, err
|
||||||
}
|
}
|
||||||
if _, err = io.ReadFull(r, nonce); err != nil {
|
|
||||||
|
nonce := make([]byte, 12)
|
||||||
|
if _, err := io.ReadFull(r, nonce); err != nil {
|
||||||
return nil, nil, nil, err
|
return nil, nil, nil, err
|
||||||
}
|
}
|
||||||
if _, err = io.ReadFull(r, auth); err != nil {
|
|
||||||
|
auth := make([]byte, 32)
|
||||||
|
if _, err := io.ReadFull(r, auth); err != nil {
|
||||||
return nil, nil, nil, err
|
return nil, nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return enc, nonce, auth, nil
|
return enc, nonce, auth, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func pad(s string) ([]byte, error) {
|
func pad(s string) ([]byte, error) {
|
||||||
var (
|
sb := []byte(s)
|
||||||
sb []byte
|
sbLen := len(sb)
|
||||||
sbLen int
|
|
||||||
padding int
|
|
||||||
result []byte
|
|
||||||
)
|
|
||||||
sb = []byte(s)
|
|
||||||
sbLen = len(sb)
|
|
||||||
if sbLen < 1 || sbLen > MaxPlaintextSize {
|
if sbLen < 1 || sbLen > MaxPlaintextSize {
|
||||||
return nil, errors.New("plaintext should be between 1b and 64kB")
|
return nil, errors.New("plaintext should be between 1b and 64kB")
|
||||||
}
|
}
|
||||||
padding = calcPadding(sbLen)
|
padding := calcPadding(sbLen)
|
||||||
result = make([]byte, 2)
|
result := make([]byte, 2)
|
||||||
binary.BigEndian.PutUint16(result, uint16(sbLen))
|
binary.BigEndian.PutUint16(result, uint16(sbLen))
|
||||||
result = append(result, sb...)
|
result = append(result, sb...)
|
||||||
result = append(result, make([]byte, padding-sbLen)...)
|
result = append(result, make([]byte, padding-sbLen)...)
|
||||||
@@ -230,14 +220,10 @@ func pad(s string) ([]byte, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func calcPadding(sLen int) int {
|
func calcPadding(sLen int) int {
|
||||||
var (
|
|
||||||
nextPower int
|
|
||||||
chunk int
|
|
||||||
)
|
|
||||||
if sLen <= 32 {
|
if sLen <= 32 {
|
||||||
return 32
|
return 32
|
||||||
}
|
}
|
||||||
nextPower = 1 << int(math.Floor(math.Log2(float64(sLen-1)))+1)
|
nextPower := 1 << int(math.Floor(math.Log2(float64(sLen-1)))+1)
|
||||||
chunk = int(math.Max(32, float64(nextPower/8)))
|
chunk := int(math.Max(32, float64(nextPower/8)))
|
||||||
return chunk * int(math.Floor(float64((sLen-1)/chunk))+1)
|
return chunk * int(math.Floor(float64((sLen-1)/chunk))+1)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user