103 lines
3.2 KiB
Go
103 lines
3.2 KiB
Go
// Package xpaseto provides basic abilities to sign and verify PASETO-style tokens
|
|
// using XEdDSA signatures. This allows the same keys to be used for X25519
|
|
// Diffie-Hellman exchanges, and for payload signing and verification.
|
|
// This package is based off https://github.com/o1egl/paseto and uses imports from
|
|
// this library in places.
|
|
// o1egl/paseto license: MIT - https://github.com/o1egl/paseto/blob/master/LICENSE
|
|
//
|
|
// The tokens generated by this package do NOT conform with the PASETO standard.
|
|
// See https://paseto.io/rfc/ Section 5.2
|
|
//
|
|
// Private PASETO tokens have not been implemented in this package.
|
|
package xpaseto
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"io"
|
|
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// This defines the PASETO header value to be used for XPASETO Public tokens.
|
|
var headerXV2Public = []byte("xv2.public.")
|
|
|
|
// This defines an XV2 struct which can be used to sign and verify payloads
|
|
// This is currently a redundant struct, and methods could be converted to standard functions
|
|
// However the XV2 struct could be built upon in the future to satisfy the
|
|
// 'Protocol' interface defined by "o1egl/paseto"
|
|
type XV2 struct{}
|
|
|
|
// NewXV2 returns an instance of an XV2 struct
|
|
func NewXV2() *XV2 {
|
|
return &XV2{}
|
|
}
|
|
|
|
// Sign creates a signature of a payload using a public key and encodes it
|
|
// to an XPASETO token.
|
|
// An error will be returned if the payload cannot be signed or encoded
|
|
func (x *XV2) Sign(privkey []byte,
|
|
payload, footer interface{}) (token string, err error) {
|
|
payloadBytes, err := infToByteArr(payload)
|
|
if err != nil {
|
|
return "", errors.Errorf("Failed to encode payload to byte array: %s", err.Error())
|
|
}
|
|
footerBytes, err := infToByteArr(footer)
|
|
if err != nil {
|
|
return "", errors.Errorf("Failed to encode footer to byte array: %s", err.Error())
|
|
}
|
|
|
|
msgBytes := preAuthEncode(headerXV2Public, payloadBytes, footerBytes)
|
|
var randomBytes [64]byte
|
|
if _, err := io.ReadFull(rand.Reader, randomBytes[:]); err != nil {
|
|
return "", err
|
|
}
|
|
sig, err := Sign(privkey, msgBytes, randomBytes)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
token = createToken(headerXV2Public, append(payloadBytes, sig...), footerBytes)
|
|
|
|
return token, nil
|
|
}
|
|
|
|
// Verify checks if an XPASETO token is valid
|
|
// An error will be returned if the token cannot be decoded, or if the
|
|
// signature is invalid.
|
|
// If the token is valid, this function will return 'nil'
|
|
func (x *XV2) Verify(token string, pubkey []byte,
|
|
payload, footer interface{}) error {
|
|
|
|
data, footerBytes, err := splitToken([]byte(token), headerXV2Public)
|
|
if err != nil {
|
|
return errors.Errorf("Failed to decode token: %s", err.Error())
|
|
}
|
|
|
|
if len(data) < 64 {
|
|
return errors.Errorf("Incorrect token size: %d", len(data))
|
|
}
|
|
|
|
payloadBytes := data[:len(data)-64]
|
|
sig := data[len(data)-64:]
|
|
|
|
msgBytes := preAuthEncode(headerXV2Public, payloadBytes, footerBytes)
|
|
|
|
valid := Verify(pubkey, msgBytes, sig)
|
|
if !valid {
|
|
return errors.Errorf("Invalid signature!")
|
|
}
|
|
|
|
if payload != nil {
|
|
if err := fillValue(payloadBytes, payload); err != nil {
|
|
return errors.Errorf("Failed to decode payload: %s", err.Error())
|
|
}
|
|
}
|
|
if footer != nil {
|
|
if err := fillValue(footerBytes, footer); err != nil {
|
|
return errors.Errorf("Failed to decode footer: %s", err.Error())
|
|
}
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|