diff --git a/README.md b/README.md index 7aea527..8da756d 100644 --- a/README.md +++ b/README.md @@ -81,14 +81,14 @@ import ( ) func main() { - // Creating a new private key for password - privKey, err := xipher.NewPrivateKeyForPassword([]byte("Paws0meKittyKuwan!")) + // Creating a new secret key for password + scrtKey, err := xipher.NewSecretKeyForPassword([]byte("Paws0meKittyKuwan!")) if err != nil { panic(err) } - // Deriving public key from private key - pubKey, err := privKey.PublicKey(false) + // Deriving public key from secret key + pubKey, err := scrtKey.PublicKey(false) if err != nil { panic(err) } @@ -107,8 +107,8 @@ func main() { } fmt.Println("Encrypted:", base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(cipherText)) - // Decrypting cipher text with private key - plainText, err := privKey.Decrypt(cipherText) + // Decrypting cipher text with secret key + plainText, err := scrtKey.Decrypt(cipherText) if err != nil { panic(err) } diff --git a/app/internal/commands/input.go b/app/internal/commands/input.go index 319edab..5237315 100644 --- a/app/internal/commands/input.go +++ b/app/internal/commands/input.go @@ -54,7 +54,7 @@ func getVisibleInput(prompt string) (string, error) { } func getHiddenInputFromUser(prompt string) ([]byte, error) { - fmt.Print(prompt + "(hidden)") + fmt.Print("[Hidden] " + prompt) input, err := term.ReadPassword(int(syscall.Stdin)) fmt.Println() return input, err diff --git a/app/internal/commands/keygen.go b/app/internal/commands/keygen.go index 5eb66da..5090bd5 100644 --- a/app/internal/commands/keygen.go +++ b/app/internal/commands/keygen.go @@ -30,7 +30,7 @@ func keygenCommand() *cobra.Command { } fmt.Println("Secret Key:", color.HiBlackString(secret)) } else { - password, err := getPasswordFromUser(false, ignoreFlag) + password, err := getPasswordFromUser(true, ignoreFlag) if err != nil { exitOnError(err) } diff --git a/app/internal/utils/decrypt.go b/app/internal/utils/decrypt.go index dcf81f1..4355576 100644 --- a/app/internal/utils/decrypt.go +++ b/app/internal/utils/decrypt.go @@ -9,7 +9,7 @@ func ctFromStr(ctStr string) ([]byte, error) { return decode(ctStr[len(xipherTxtPrefix):]) } -func DecryptTextWithSecretKey(secretKey *xipher.PrivateKey, ctStr string) (string, error) { +func DecryptTextWithSecretKey(secretKey *xipher.SecretKey, ctStr string) (string, error) { ct, err := ctFromStr(ctStr) if err != nil { return "", err diff --git a/app/internal/utils/keygen.go b/app/internal/utils/keygen.go index 595011d..cf896c5 100644 --- a/app/internal/utils/keygen.go +++ b/app/internal/utils/keygen.go @@ -5,7 +5,7 @@ import ( ) func NewSecretKey() (sk string, err error) { - privKey, err := xipher.NewPrivateKey() + privKey, err := xipher.NewSecretKey() if err != nil { return "", err } diff --git a/app/internal/utils/keys.go b/app/internal/utils/keys.go index 83145b1..cd05dae 100644 --- a/app/internal/utils/keys.go +++ b/app/internal/utils/keys.go @@ -14,7 +14,7 @@ func pubKeyToStr(pubKey *xipher.PublicKey) (string, error) { return xipherPublicKeyPrefix + encode(pubKeyBytes), nil } -func secretKeyToStr(secretKey *xipher.PrivateKey) (string, error) { +func secretKeyToStr(secretKey *xipher.SecretKey) (string, error) { secretKeyBytes, err := secretKey.Bytes() if err != nil { return "", err @@ -33,7 +33,7 @@ func PubKeyFromStr(pubKeyStr string) (*xipher.PublicKey, error) { return xipher.ParsePublicKey(keyBytes) } -func secretKeyFromStr(secretKeyStr string) (*xipher.PrivateKey, error) { +func secretKeyFromStr(secretKeyStr string) (*xipher.SecretKey, error) { if !regexp.MustCompile(secretKeyStrRegex).MatchString(secretKeyStr) { return nil, errInvalidXipherPrivKey } @@ -41,13 +41,13 @@ func secretKeyFromStr(secretKeyStr string) (*xipher.PrivateKey, error) { if err != nil { return nil, err } - return xipher.ParsePrivateKey(keyBytes) + return xipher.ParseSecretKey(keyBytes) } -func SecretKeyFromSecret(secret string) (*xipher.PrivateKey, error) { +func SecretKeyFromSecret(secret string) (*xipher.SecretKey, error) { secretKey, err := secretKeyFromStr(secret) if err != nil { - secretKey, err = xipher.NewPrivateKeyForPassword([]byte(secret)) + secretKey, err = xipher.NewSecretKeyForPassword([]byte(secret)) if err != nil { return nil, err } diff --git a/go.mod b/go.mod index 98b6d68..0e79345 100644 --- a/go.mod +++ b/go.mod @@ -8,8 +8,8 @@ require ( github.com/cloudflare/circl v1.3.8 github.com/fatih/color v1.17.0 github.com/spf13/cobra v1.8.0 - golang.org/x/crypto v0.23.0 - golang.org/x/term v0.20.0 + golang.org/x/crypto v0.24.0 + golang.org/x/term v0.21.0 ) require ( @@ -17,5 +17,5 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/sys v0.20.0 // indirect + golang.org/x/sys v0.21.0 // indirect ) diff --git a/go.sum b/go.sum index c8c92ac..a24cd24 100644 --- a/go.sum +++ b/go.sum @@ -15,13 +15,13 @@ github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/asx/const.go b/internal/asx/const.go index c9ae0af..81d117e 100644 --- a/internal/asx/const.go +++ b/internal/asx/const.go @@ -11,11 +11,11 @@ const ( // PrivateKeyLength is the allowed length of the private key PrivateKeyLength = kyb.PrivateKeyLength // MinPublicKeyLength is the minimum length allowed for the public key - MinPublicKeyLength = ecc.KeyLength + 1 + MinPublicKeyLength = ecc.KeyLength + 1 // +1 for the algorithm type // Algorithm Types - AlgoECC uint8 = 0 - AlgoKyber uint8 = 1 + algoECC uint8 = 0 + algoKyber uint8 = 1 ) var ( diff --git a/internal/asx/crypto.go b/internal/asx/crypto.go index da4da8a..8ebfd77 100644 --- a/internal/asx/crypto.go +++ b/internal/asx/crypto.go @@ -8,13 +8,13 @@ import ( // NewEncryptingWriter returns a new WriteCloser that encrypts data with the public key and writes to dst. func (publicKey *PublicKey) NewEncryptingWriter(dst io.Writer, compression bool) (io.WriteCloser, error) { if publicKey.ePub != nil { - if _, err := dst.Write([]byte{AlgoECC}); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write algorithm: %w", "xipher", err) + if _, err := dst.Write([]byte{algoECC}); err != nil { + return nil, fmt.Errorf("%s: encrypter failed to write algorithm", "xipher") } return publicKey.ePub.NewEncryptingWriter(dst, compression) } else if publicKey.kPub != nil { - if _, err := dst.Write([]byte{AlgoKyber}); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write algorithm: %w", "xipher", err) + if _, err := dst.Write([]byte{algoKyber}); err != nil { + return nil, fmt.Errorf("%s: encrypter failed to write algorithm", "xipher") } return publicKey.kPub.NewEncryptingWriter(dst, compression) } else { @@ -26,16 +26,16 @@ func (publicKey *PublicKey) NewEncryptingWriter(dst io.Writer, compression bool) func (privateKey *PrivateKey) NewDecryptingReader(src io.Reader) (io.ReadCloser, error) { algoBytes := make([]byte, 1) if _, err := io.ReadFull(src, algoBytes); err != nil { - return nil, fmt.Errorf("%s: decrypter failed to read algorithm: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to read algorithm", "xipher") } var algo uint8 = algoBytes[0] - if algo == AlgoECC { + if algo == algoECC { eccPrivKey, err := privateKey.getEccPrivKey() if err != nil { return nil, err } return eccPrivKey.NewDecryptingReader(src) - } else if algo == AlgoKyber { + } else if algo == algoKyber { kybPrivKey, err := privateKey.getKybPrivKey() if err != nil { return nil, err diff --git a/internal/asx/keys.go b/internal/asx/keys.go index c9153c9..705b913 100644 --- a/internal/asx/keys.go +++ b/internal/asx/keys.go @@ -33,7 +33,7 @@ func (privateKey *PrivateKey) Bytes() []byte { func NewPrivateKey() (*PrivateKey, error) { key := make([]byte, PrivateKeyLength) if _, err := rand.Read(key); err != nil { - return nil, fmt.Errorf("%s: failed to generate private key: %w", "xipher", err) + return nil, fmt.Errorf("%s: failed to generate private key", "xipher") } return ParsePrivateKey(key) } @@ -111,13 +111,13 @@ func (privateKey *PrivateKey) PublicKeyKyber() (*PublicKey, error) { // Bytes returns the public key as bytes. func (publicKey *PublicKey) Bytes() ([]byte, error) { if publicKey.ePub != nil { - return append([]byte{AlgoECC}, publicKey.ePub.Bytes()...), nil + return append([]byte{algoECC}, publicKey.ePub.Bytes()...), nil } else if publicKey.kPub != nil { kybPubKeyBytes, err := publicKey.kPub.Bytes() if err != nil { return nil, err } - return append([]byte{AlgoKyber}, kybPubKeyBytes...), nil + return append([]byte{algoKyber}, kybPubKeyBytes...), nil } else { return nil, errInvalidPublicKey } @@ -129,7 +129,7 @@ func ParsePublicKey(key []byte) (*PublicKey, error) { return nil, errInvalidPublicKeyLength } switch key[0] { - case AlgoECC: + case algoECC: eccPubKey, err := ecc.ParsePublicKey(key[1:]) if err != nil { return nil, err @@ -137,7 +137,7 @@ func ParsePublicKey(key []byte) (*PublicKey, error) { return &PublicKey{ ePub: eccPubKey, }, nil - case AlgoKyber: + case algoKyber: kybPubKey, err := kyb.ParsePublicKey(key[1:]) if err != nil { return nil, err diff --git a/internal/ecc/crypto.go b/internal/ecc/crypto.go index 4d773ac..c89fe5c 100644 --- a/internal/ecc/crypto.go +++ b/internal/ecc/crypto.go @@ -15,7 +15,7 @@ func (publicKey *PublicKey) NewEncryptingWriter(dst io.Writer, compression bool) return nil, err } if _, err = dst.Write(encrypter.ephPubKey); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write ephemeral public key: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to write ephemeral public key", "xipher") } return (*encrypter.cipher).NewEncryptingWriter(dst, compression) } @@ -24,11 +24,11 @@ func (publicKey *PublicKey) NewEncryptingWriter(dst io.Writer, compression bool) func (privateKey *PrivateKey) NewDecryptingReader(src io.Reader) (io.ReadCloser, error) { ephPubKey := make([]byte, KeyLength) if _, err := io.ReadFull(src, ephPubKey); err != nil { - return nil, fmt.Errorf("%s: decrypter failed to read ephemeral public key: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to read ephemeral public key", "xipher") } sharedKey, err := curve25519.X25519(*privateKey.key, ephPubKey) if err != nil { - return nil, fmt.Errorf("%s: decrypter failed to generate shared key: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to generate shared key", "xipher") } decrypter, err := xcp.New(sharedKey) if err != nil { diff --git a/internal/ecc/keys.go b/internal/ecc/keys.go index e211b31..09d26f9 100644 --- a/internal/ecc/keys.go +++ b/internal/ecc/keys.go @@ -39,7 +39,7 @@ func (privateKey *PrivateKey) Bytes() []byte { func NewPrivateKey() (*PrivateKey, error) { key := make([]byte, KeyLength) if _, err := rand.Read(key); err != nil { - return nil, fmt.Errorf("%s: failed to generate private key: %w", "xipher", err) + return nil, fmt.Errorf("%s: failed to generate private key", "xipher") } return ParsePrivateKey(key) } @@ -59,7 +59,7 @@ func (privateKey *PrivateKey) PublicKey() (*PublicKey, error) { if privateKey.publicKey == nil { key, err := curve25519.X25519(*privateKey.key, curve25519.Basepoint) if err != nil { - return nil, fmt.Errorf("%s: failed to generate public key: %w", "xipher", err) + return nil, fmt.Errorf("%s: failed to generate public key", "xipher") } privateKey.publicKey = &PublicKey{ key: &key, @@ -87,15 +87,15 @@ func (publicKey *PublicKey) getEncrypter() (*encrypter, error) { if publicKey.encrypter == nil { ephPrivKey := make([]byte, KeyLength) if _, err := rand.Read(ephPrivKey); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to generate ephemeral private key: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to generate ephemeral private key", "xipher") } ephPubKey, err := curve25519.X25519(ephPrivKey, curve25519.Basepoint) if err != nil { - return nil, fmt.Errorf("%s: encrypter failed to generate ephemeral public key: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to generate ephemeral public key", "xipher") } sharedKey, err := curve25519.X25519(ephPrivKey, *publicKey.key) if err != nil { - return nil, fmt.Errorf("%s: encrypter failed to generate shared key: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to generate shared key", "xipher") } cipher, err := xcp.New(sharedKey) if err != nil { diff --git a/internal/kyb/cypto.go b/internal/kyb/cypto.go index f44d9c1..d22809d 100644 --- a/internal/kyb/cypto.go +++ b/internal/kyb/cypto.go @@ -15,7 +15,7 @@ func (publicKey *PublicKey) NewEncryptingWriter(dst io.Writer, compression bool) return nil, err } if _, err = dst.Write(encrypter.keyEnc); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write encapsulated key: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to write encapsulated key", "xipher") } return (*encrypter.cipher).NewEncryptingWriter(dst, compression) } @@ -24,11 +24,11 @@ func (publicKey *PublicKey) NewEncryptingWriter(dst io.Writer, compression bool) func (privateKey *PrivateKey) NewDecryptingReader(src io.Reader) (io.ReadCloser, error) { keyEnc := make([]byte, ctLength) if _, err := io.ReadFull(src, keyEnc); err != nil { - return nil, fmt.Errorf("%s: decrypter failed to read encapsulated key: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to read encapsulated key", "xipher") } sharedKey, err := kyber1024.Scheme().Decapsulate(privateKey.sk, keyEnc) if err != nil { - return nil, fmt.Errorf("%s: decrypter failed to generate shared key: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to generate shared key", "xipher") } decrypter, err := xcp.New(sharedKey) if err != nil { diff --git a/internal/kyb/keys.go b/internal/kyb/keys.go index e899d7e..ff8bbf0 100644 --- a/internal/kyb/keys.go +++ b/internal/kyb/keys.go @@ -48,7 +48,7 @@ func (privateKey *PrivateKey) Bytes() []byte { func NewPrivateKey() (*PrivateKey, error) { key := make([]byte, PrivateKeyLength) if _, err := rand.Read(key); err != nil { - return nil, fmt.Errorf("%s: failed to generate private key: %w", "xipher", err) + return nil, fmt.Errorf("%s: failed to generate private key", "xipher") } return NewPrivateKeyForSeed(key) } @@ -102,7 +102,7 @@ func (publicKey *PublicKey) getEncrypter() (*encrypter, error) { if publicKey.encrypter == nil { keyEnc, sharedKey, err := kyber1024.Scheme().Encapsulate(publicKey.pk) if err != nil { - return nil, fmt.Errorf("%s: failed to encapsulate shared key: %w", "xipher", err) + return nil, fmt.Errorf("%s: failed to encapsulate shared key", "xipher") } cipher, err := xcp.New(sharedKey) if err != nil { diff --git a/internal/xcp/crypto.go b/internal/xcp/crypto.go index 1ddf8bd..4fd90fc 100644 --- a/internal/xcp/crypto.go +++ b/internal/xcp/crypto.go @@ -21,10 +21,10 @@ type Writer struct { func (cipher *SymmetricCipher) NewEncryptingWriter(dst io.Writer, compress bool) (io.WriteCloser, error) { nonce := make([]byte, nonceLength) if _, err := rand.Read(nonce); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to generate nonce: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to generate nonce", "xipher") } if _, err := dst.Write(nonce); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write nonce: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to write nonce", "xipher") } return cipher.newWriter(nonce, dst, compress) } @@ -38,16 +38,16 @@ func (cipher *SymmetricCipher) newWriter(nonce []byte, dst io.Writer, compress b } if compress { if _, err := dst.Write([]byte{1}); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write compress flag: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to write compress flag", "xipher") } zWriter, err := zlib.NewWriterLevel(&ciphWriter.buf, zlib.BestCompression) if err != nil { - return nil, fmt.Errorf("%s: encrypter failed to create compressed writer: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to create compressed writer", "xipher") } ciphWriter.zWriter = zWriter } else { if _, err := dst.Write([]byte{0}); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write compression flag: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to write compression flag", "xipher") } } return ciphWriter, nil @@ -60,7 +60,7 @@ func (w *Writer) Write(p []byte) (n int, err error) { n, err = w.zWriter.Write(p) } if err != nil { - return n, fmt.Errorf("%s: encrypter failed to write: %w", "xipher", err) + return n, fmt.Errorf("%s: encrypter failed to write", "xipher") } return n, w.flush(ptBlockSize) } @@ -70,7 +70,7 @@ func (w *Writer) flush(minBufSize int) error { block := w.buf.Next(ptBlockSize) ct := w.aead.Seal(nil, w.nonce, block, nil) if _, err := w.dst.Write(ct); err != nil { - return fmt.Errorf("%s: encrypter failed to write: %w", "xipher", err) + return fmt.Errorf("%s: encrypter failed to write", "xipher") } } return nil @@ -80,7 +80,7 @@ func (w *Writer) flush(minBufSize int) error { func (w *Writer) Close() error { if w.zWriter != nil { if err := w.zWriter.Close(); err != nil { - return fmt.Errorf("%s: encrypter failed to close compressed writer: %w", "xipher", err) + return fmt.Errorf("%s: encrypter failed to close compressed writer", "xipher") } } return w.flush(1) @@ -97,7 +97,7 @@ type Reader struct { func (cipher *SymmetricCipher) NewDecryptingReader(src io.Reader) (io.ReadCloser, error) { nonce := make([]byte, nonceLength) if _, err := io.ReadFull(src, nonce); err != nil { - return nil, fmt.Errorf("%s: decrypter failed to read nonce: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to read nonce", "xipher") } return cipher.newReader(nonce, src) } @@ -111,14 +111,14 @@ func (cipher *SymmetricCipher) newReader(nonce []byte, src io.Reader) (io.ReadCl } compressFlag := make([]byte, 1) if _, err := io.ReadFull(src, compressFlag); err != nil { - return nil, fmt.Errorf("%s: decrypter failed to read compress flag: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to read compress flag", "xipher") } if compressFlag[0] == 0 { return io.NopCloser(ciphReader), nil } zReader, err := zlib.NewReader(ciphReader) if err != nil { - return nil, fmt.Errorf("%s: decrypter failed to create compressed reader: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to create compressed reader", "xipher") } return zReader, nil } @@ -132,13 +132,13 @@ func (r *Reader) Read(p []byte) (int, error) { if err == nil || err == io.ErrUnexpectedEOF { pt, err := r.aead.Open(nil, r.nonce, block[:n], nil) if err != nil { - return 0, fmt.Errorf("%s: decrypter failed to decrypt: %w", "xipher", err) + return 0, fmt.Errorf("%s: decrypter failed to decrypt", "xipher") } r.buf.Write(pt) return r.buf.Read(p) } else if err == io.EOF { return r.buf.Read(p) } else { - return 0, fmt.Errorf("%s: decrypter failed to read: %w", "xipher", err) + return 0, fmt.Errorf("%s: decrypter failed to read", "xipher") } } diff --git a/internal/xcp/key.go b/internal/xcp/key.go index 2955287..c16afb7 100644 --- a/internal/xcp/key.go +++ b/internal/xcp/key.go @@ -24,7 +24,7 @@ type SymmetricCipher struct { func New(key []byte) (*SymmetricCipher, error) { aead, err := chacha20poly1305.NewX(key) if err != nil { - return nil, fmt.Errorf("%s: failed to create new symmetric cipher: %w", "xipher", err) + return nil, fmt.Errorf("%s: failed to create new symmetric cipher", "xipher") } return &SymmetricCipher{ aead: &aead, diff --git a/xipher_commons.go b/xipher_commons.go new file mode 100644 index 0000000..210a733 --- /dev/null +++ b/xipher_commons.go @@ -0,0 +1,35 @@ +package xipher + +import ( + "fmt" + "runtime" + "strings" + "time" +) + +func VersionInfo() string { + if appInfo == nil { + appInfo = new(string) + var committedAt string + if builtAtTime, err := time.Parse(time.RFC3339, commitDate); err == nil { + builtAtLocalTime := builtAtTime.Local() + committedAt = builtAtLocalTime.Format("02 Jan 2006 03:04:05 PM MST") + } + appInfoBuilder := strings.Builder{} + appInfoBuilder.WriteString(art) + appInfoBuilder.WriteString("\n") + appInfoBuilder.WriteString(description) + appInfoBuilder.WriteString("\n") + appInfoBuilder.WriteString("-------------------------------------------------") + appInfoBuilder.WriteString("\n") + appInfoBuilder.WriteString(fmt.Sprintf("SLV Version : %s\n", version)) + appInfoBuilder.WriteString(fmt.Sprintf("Built At : %s\n", committedAt)) + appInfoBuilder.WriteString(fmt.Sprintf("Release : %s\n", releaseURL)) + appInfoBuilder.WriteString(fmt.Sprintf("Git Commit : %s\n", fullCommit)) + appInfoBuilder.WriteString(fmt.Sprintf("Web : %s\n", website)) + appInfoBuilder.WriteString(fmt.Sprintf("Platform : %s\n", runtime.GOOS+"/"+runtime.GOARCH)) + appInfoBuilder.WriteString(fmt.Sprintf("Go Version : %s", runtime.Version())) + *appInfo = appInfoBuilder.String() + } + return *appInfo +} diff --git a/xipher_const.go b/xipher_const.go index e726654..5d2e5f5 100644 --- a/xipher_const.go +++ b/xipher_const.go @@ -2,20 +2,18 @@ package xipher import ( "fmt" - "runtime" - "strings" - "time" "dev.shib.me/xipher/internal/asx" ) const ( - // privateKeyRawLength is the length of a private key when being generated. - privateKeyRawLength = asx.PrivateKeyLength - // privateKeyFinalLength is the length of a private key when being exported. - privateKeyFinalLength = 2 + privateKeyRawLength + + // secretKeyBaseLength is the length of a secret key when being generated. + secretKeyBaseLength = asx.PrivateKeyLength + // secretKeyLength is the length of a private key when being exported. + secretKeyLength = secretKeyBaseLength + 2 // publicKeyMinLength is the minimum length of a public key. - publicKeyMinLength = 1 + asx.MinPublicKeyLength + publicKeyMinLength = asx.MinPublicKeyLength + 1 // +1 for the key type // Argon2 Default Spec argon2Iterations uint8 = 16 @@ -36,14 +34,14 @@ const ( ctKeySymmetric uint8 = 2 ctPwdSymmetric uint8 = 3 - xipherVersion uint8 = 0 + keyVersion uint8 = 0 ) var ( errGeneratingSalt = fmt.Errorf("%s: error generating salt", "xipher") errInvalidPassword = fmt.Errorf("%s: invalid password", "xipher") errInvalidCiphertext = fmt.Errorf("%s: invalid ciphertext", "xipher") - errPrivKeyUnavailableForPwd = fmt.Errorf("%s: can't derive private key for passwords", "xipher") + errSecretKeyUnavailableForPwd = fmt.Errorf("%s: can't derive secret key for passwords", "xipher") errInvalidPublicKey = fmt.Errorf("%s: invalid public key", "xipher") errInvalidKDFSpec = fmt.Errorf("%s: invalid kdf spec", "xipher") errDecryptionFailedPwdRequired = fmt.Errorf("%s: decryption failed, password required", "xipher") @@ -69,30 +67,3 @@ const ( /_/\_\_| .__/|_| |_|\___|_| |_| ` ) - -func VersionInfo() string { - if appInfo == nil { - appInfo = new(string) - var committedAt string - if builtAtTime, err := time.Parse(time.RFC3339, commitDate); err == nil { - builtAtLocalTime := builtAtTime.Local() - committedAt = builtAtLocalTime.Format("02 Jan 2006 03:04:05 PM MST") - } - appInfoBuilder := strings.Builder{} - appInfoBuilder.WriteString(art) - appInfoBuilder.WriteString("\n") - appInfoBuilder.WriteString(description) - appInfoBuilder.WriteString("\n") - appInfoBuilder.WriteString("-------------------------------------------------") - appInfoBuilder.WriteString("\n") - appInfoBuilder.WriteString(fmt.Sprintf("SLV Version : %s\n", version)) - appInfoBuilder.WriteString(fmt.Sprintf("Built At : %s\n", committedAt)) - appInfoBuilder.WriteString(fmt.Sprintf("Release : %s\n", releaseURL)) - appInfoBuilder.WriteString(fmt.Sprintf("Git Commit : %s\n", fullCommit)) - appInfoBuilder.WriteString(fmt.Sprintf("Web : %s\n", website)) - appInfoBuilder.WriteString(fmt.Sprintf("Platform : %s\n", runtime.GOOS+"/"+runtime.GOARCH)) - appInfoBuilder.WriteString(fmt.Sprintf("Go Version : %s", runtime.Version())) - *appInfo = appInfoBuilder.String() - } - return *appInfo -} diff --git a/xipher_crypto.go b/xipher_crypto.go index 386218c..e2a866a 100644 --- a/xipher_crypto.go +++ b/xipher_crypto.go @@ -11,37 +11,37 @@ import ( ) func newVariableKeySymmCipher(key []byte) (*xcp.SymmetricCipher, error) { - if len(key) == privateKeyRawLength { + if len(key) == secretKeyBaseLength { keySum := sha256.Sum256(key) key = keySum[:] } return xcp.New(key) } -func (privateKey *PrivateKey) NewEncryptingWriter(dst io.Writer, compression bool) (writer io.WriteCloser, err error) { - if isPwdBased(privateKey.keyType) { +func (secretKey *SecretKey) NewEncryptingWriter(dst io.Writer, compression bool) (writer io.WriteCloser, err error) { + if isPwdBased(secretKey.keyType) { if _, err := dst.Write([]byte{ctPwdSymmetric}); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write ciphertext type: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to write ciphertext type", "xipher") } - if _, err := dst.Write(privateKey.spec.bytes()); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write kdf spec: %w", "xipher", err) + if _, err := dst.Write(secretKey.spec.bytes()); err != nil { + return nil, fmt.Errorf("%s: encrypter failed to write kdf spec", "xipher") } } else { if _, err := dst.Write([]byte{ctKeySymmetric}); err != nil { - return nil, fmt.Errorf("%s: encrypter failed to write ciphertext type: %w", "xipher", err) + return nil, fmt.Errorf("%s: encrypter failed to write ciphertext type", "xipher") } } - if privateKey.symmCipher == nil { - if privateKey.symmCipher, err = newVariableKeySymmCipher(privateKey.key); err != nil { + if secretKey.symmCipher == nil { + if secretKey.symmCipher, err = newVariableKeySymmCipher(secretKey.key); err != nil { return nil, err } } - return privateKey.symmCipher.NewEncryptingWriter(dst, compression) + return secretKey.symmCipher.NewEncryptingWriter(dst, compression) } -// EncryptStream encrypts src with the private key treating it as a symmetric key and writes to dst. -func (privateKey *PrivateKey) EncryptStream(dst io.Writer, src io.Reader, compression bool) (err error) { - encryptedWriter, err := privateKey.NewEncryptingWriter(dst, compression) +// EncryptStream encrypts src with the secret key treating it as a symmetric key and writes to dst. +func (secretKey *SecretKey) EncryptStream(dst io.Writer, src io.Reader, compression bool) (err error) { + encryptedWriter, err := secretKey.NewEncryptingWriter(dst, compression) if err != nil { return err } @@ -51,10 +51,10 @@ func (privateKey *PrivateKey) EncryptStream(dst io.Writer, src io.Reader, compre return encryptedWriter.Close() } -// Encrypt encrypts data with the private key treating it as a symmetric key. -func (privateKey *PrivateKey) Encrypt(data []byte, compression bool) (ciphertext []byte, err error) { +// Encrypt encrypts data with the secret key treating it as a symmetric key. +func (secretKey *SecretKey) Encrypt(data []byte, compression bool) (ciphertext []byte, err error) { var buf bytes.Buffer - if err = privateKey.EncryptStream(&buf, bytes.NewReader(data), compression); err != nil { + if err = secretKey.EncryptStream(&buf, bytes.NewReader(data), compression); err != nil { return nil, err } return buf.Bytes(), nil @@ -97,41 +97,41 @@ func (publicKey *PublicKey) Encrypt(data []byte, compression bool) (ciphertext [ return buf.Bytes(), nil } -func (privateKey *PrivateKey) NewDecryptingReader(src io.Reader) (io.ReadCloser, error) { +func (secretKey *SecretKey) NewDecryptingReader(src io.Reader) (io.ReadCloser, error) { ctTypeBytes := make([]byte, 1) if _, err := io.ReadFull(src, ctTypeBytes); err != nil { - return nil, fmt.Errorf("%s: decrypter failed to read ciphertext type: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to read ciphertext type", "xipher") } var ctType uint8 = ctTypeBytes[0] - key := privateKey.key + key := secretKey.key switch ctType { case ctKeyAsymmetric, ctKeySymmetric: - if isPwdBased(privateKey.keyType) { + if isPwdBased(secretKey.keyType) { return nil, errDecryptionFailedKeyRequired } case ctPwdAsymmetric, ctPwdSymmetric: - if !isPwdBased(privateKey.keyType) { + if !isPwdBased(secretKey.keyType) { return nil, errDecryptionFailedPwdRequired } specBytes := make([]byte, kdfSpecLength) if _, err := io.ReadFull(src, specBytes); err != nil { - return nil, fmt.Errorf("%s: decrypter failed to read kdf spec: %w", "xipher", err) + return nil, fmt.Errorf("%s: decrypter failed to read kdf spec", "xipher") } spec, err := parseKdfSpec(specBytes) if err != nil { return nil, err } - key = privateKey.getKeyForPwdSpec(*spec) + key = secretKey.getKeyForPwdSpec(*spec) default: return nil, errInvalidCiphertext } switch ctType { case ctKeyAsymmetric, ctPwdAsymmetric: - eccPrivKey, err := asx.ParsePrivateKey(key) + asxPrivKey, err := asx.ParsePrivateKey(key) if err != nil { return nil, err } - return eccPrivKey.NewDecryptingReader(src) + return asxPrivKey.NewDecryptingReader(src) case ctKeySymmetric, ctPwdSymmetric: symmCipher, err := newVariableKeySymmCipher(key) if err != nil { @@ -143,8 +143,8 @@ func (privateKey *PrivateKey) NewDecryptingReader(src io.Reader) (io.ReadCloser, } // DecryptStream decrypts src and writes to dst. -func (privateKey *PrivateKey) DecryptStream(dst io.Writer, src io.Reader) (err error) { - decryptedReader, err := privateKey.NewDecryptingReader(src) +func (secretKey *SecretKey) DecryptStream(dst io.Writer, src io.Reader) (err error) { + decryptedReader, err := secretKey.NewDecryptingReader(src) if err != nil { return err } @@ -155,9 +155,9 @@ func (privateKey *PrivateKey) DecryptStream(dst io.Writer, src io.Reader) (err e } // Decrypt decrypts the given ciphertext and returns the decrypted data. -func (privateKey *PrivateKey) Decrypt(ciphertext []byte) (data []byte, err error) { +func (secretKey *SecretKey) Decrypt(ciphertext []byte) (data []byte, err error) { var buf bytes.Buffer - if err = privateKey.DecryptStream(&buf, bytes.NewReader(ciphertext)); err != nil { + if err = secretKey.DecryptStream(&buf, bytes.NewReader(ciphertext)); err != nil { return nil, err } return buf.Bytes(), nil diff --git a/xipher_kdf.go b/xipher_kdf.go index 0f67d8f..efba56f 100644 --- a/xipher_kdf.go +++ b/xipher_kdf.go @@ -65,7 +65,7 @@ func (s *kdfSpec) getThreads() uint32 { } func (s *kdfSpec) getCipherKey(pwd []byte) []byte { - return argon2.IDKey(pwd, s.getSalt(), s.getIterations(), s.getMemory(), uint8(s.getThreads()), privateKeyRawLength) + return argon2.IDKey(pwd, s.getSalt(), s.getIterations(), s.getMemory(), uint8(s.getThreads()), secretKeyBaseLength) } func (s *kdfSpec) bytes() []byte { diff --git a/xipher_keys.go b/xipher_keys.go index ffce23f..25fae87 100644 --- a/xipher_keys.go +++ b/xipher_keys.go @@ -8,7 +8,7 @@ import ( "dev.shib.me/xipher/internal/xcp" ) -type PrivateKey struct { +type SecretKey struct { version uint8 keyType uint8 password *[]byte @@ -18,59 +18,59 @@ type PrivateKey struct { specKeyMap map[string][]byte } -// NewPrivateKeyForPassword creates a new private key for the given password. -func NewPrivateKeyForPassword(password []byte) (*PrivateKey, error) { +// NewSecretKeyForPassword creates a new private key for the given password. +func NewSecretKeyForPassword(password []byte) (*SecretKey, error) { spec, err := newSpec() if err != nil { return nil, err } - return newPrivateKeyForPwdAndSpec(password, spec) + return newSecretKeyForPwdAndSpec(password, spec) } -// NewPrivateKeyForPasswordAndSpec creates a new private key for the given password and kdf spec. -func NewPrivateKeyForPasswordAndSpec(password []byte, iterations, memory, threads uint8) (*PrivateKey, error) { +// NewSecretKeyForPasswordAndSpec creates a new private key for the given password and kdf spec. +func NewSecretKeyForPasswordAndSpec(password []byte, iterations, memory, threads uint8) (*SecretKey, error) { spec, err := newSpec() if err != nil { return nil, err } spec.setIterations(iterations).setMemory(memory).setThreads(threads) - return newPrivateKeyForPwdAndSpec(password, spec) + return newSecretKeyForPwdAndSpec(password, spec) } -func newPrivateKeyForPwdAndSpec(password []byte, spec *kdfSpec) (privateKey *PrivateKey, err error) { +func newSecretKeyForPwdAndSpec(password []byte, spec *kdfSpec) (secretKey *SecretKey, err error) { if len(password) == 0 { return nil, errInvalidPassword } - privateKey = &PrivateKey{ - version: xipherVersion, + secretKey = &SecretKey{ + version: keyVersion, keyType: keyTypePwd, password: &password, spec: spec, specKeyMap: make(map[string][]byte), } - privateKey.key = privateKey.getKeyForPwdSpec(*spec) - return privateKey, nil + secretKey.key = secretKey.getKeyForPwdSpec(*spec) + return secretKey, nil } -// NewPrivateKey creates a new random private key. -func NewPrivateKey() (*PrivateKey, error) { - key := make([]byte, privateKeyRawLength) +// NewSecretKey creates a new random private key. +func NewSecretKey() (*SecretKey, error) { + key := make([]byte, secretKeyBaseLength) if _, err := rand.Read(key); err != nil { return nil, err } - return &PrivateKey{ - version: xipherVersion, + return &SecretKey{ + version: keyVersion, keyType: keyTypeDirect, key: key, }, nil } -// ParsePrivateKey parses the given bytes and returns a corresponding private key. the given bytes must be 33 bytes long. -func ParsePrivateKey(key []byte) (*PrivateKey, error) { - if len(key) != privateKeyFinalLength || key[1] != keyTypeDirect { - return nil, fmt.Errorf("%s: invalid private key length: expected %d, got %d", "xipher", privateKeyFinalLength, len(key)) +// ParseSecretKey parses the given bytes and returns a corresponding private key. +func ParseSecretKey(key []byte) (*SecretKey, error) { + if len(key) != secretKeyLength || key[1] != keyTypeDirect { + return nil, fmt.Errorf("%s: invalid private key length: expected %d, got %d", "xipher", secretKeyLength, len(key)) } - return &PrivateKey{ + return &SecretKey{ version: key[0], keyType: keyTypeDirect, key: key[2:], @@ -81,22 +81,22 @@ func isPwdBased(keyType uint8) bool { return keyType%2 == 1 } -func (privateKey *PrivateKey) getKeyForPwdSpec(spec kdfSpec) (key []byte) { +func (secretKey *SecretKey) getKeyForPwdSpec(spec kdfSpec) (key []byte) { specBytes := spec.bytes() - key = privateKey.specKeyMap[string(specBytes)] + key = secretKey.specKeyMap[string(specBytes)] if len(key) == 0 { - key = spec.getCipherKey(*privateKey.password) - privateKey.specKeyMap[string(specBytes)] = key + key = spec.getCipherKey(*secretKey.password) + secretKey.specKeyMap[string(specBytes)] = key } return key } // Bytes returns the private key as bytes only if it is not password based. -func (privateKey *PrivateKey) Bytes() ([]byte, error) { - if isPwdBased(privateKey.keyType) { - return nil, errPrivKeyUnavailableForPwd +func (secretKey *SecretKey) Bytes() ([]byte, error) { + if isPwdBased(secretKey.keyType) { + return nil, errSecretKeyUnavailableForPwd } - return append([]byte{privateKey.version, privateKey.keyType}, privateKey.key...), nil + return append([]byte{secretKey.version, secretKey.keyType}, secretKey.key...), nil } type PublicKey struct { @@ -107,8 +107,8 @@ type PublicKey struct { } // PublicKey returns the public key corresponding to the private key. -func (privateKey *PrivateKey) PublicKey(pq bool) (*PublicKey, error) { - asxPrivKey, err := asx.ParsePrivateKey(privateKey.key) +func (secretKey *SecretKey) PublicKey(pq bool) (*PublicKey, error) { + asxPrivKey, err := asx.ParsePrivateKey(secretKey.key) if err != nil { return nil, err } @@ -122,10 +122,10 @@ func (privateKey *PrivateKey) PublicKey(pq bool) (*PublicKey, error) { return nil, err } return &PublicKey{ - version: privateKey.version, - keyType: privateKey.keyType, + version: secretKey.version, + keyType: secretKey.keyType, publicKey: asxPubKey, - spec: privateKey.spec, + spec: secretKey.spec, }, nil } @@ -143,7 +143,7 @@ func (publicKey *PublicKey) Bytes() ([]byte, error) { } } -// ParsePublicKey parses the given bytes and returns a corresponding public key. the given bytes must be at least 33 bytes long. +// ParsePublicKey parses the given bytes and returns a corresponding public key. func ParsePublicKey(pubKeyBytes []byte) (*PublicKey, error) { if len(pubKeyBytes) < publicKeyMinLength { return nil, errInvalidPublicKey diff --git a/xipher_test.go b/xipher_test.go index 6f77940..3589d61 100644 --- a/xipher_test.go +++ b/xipher_test.go @@ -38,7 +38,7 @@ func getTestPassword() []byte { func symmetricKeyTest(t *testing.T, compress bool) { data := getTestData() - privKey, err := NewPrivateKey() + privKey, err := NewSecretKey() if err != nil { t.Error("Error generating private key", err) } @@ -50,7 +50,7 @@ func symmetricKeyTest(t *testing.T, compress bool) { if err != nil { t.Error("Error encrypting data", err) } - privKeyFromBytes, err := ParsePrivateKey(privKeyBytes) + privKeyFromBytes, err := ParseSecretKey(privKeyBytes) if err != nil { t.Error("Error parsing private key", err) } @@ -67,7 +67,7 @@ func symmetricKeyTest(t *testing.T, compress bool) { func symmetricPwdTest(t *testing.T, compress bool) { password := getTestPassword() data := getTestData() - privKey, err := NewPrivateKeyForPassword(password) + privKey, err := NewSecretKeyForPassword(password) if err != nil { t.Error("Error generating private key", err) } @@ -75,7 +75,7 @@ func symmetricPwdTest(t *testing.T, compress bool) { if err != nil { t.Error("Error encrypting data", err) } - privKeyRecreated, err := NewPrivateKeyForPassword(password) + privKeyRecreated, err := NewSecretKeyForPassword(password) if err != nil { t.Error("Error generating private key", err) } @@ -91,7 +91,7 @@ func symmetricPwdTest(t *testing.T, compress bool) { func asymmetricKeyTest(t *testing.T, compress, pq bool) { data := getTestData() - privKey, err := NewPrivateKey() + privKey, err := NewSecretKey() if err != nil { t.Error("Error generating private key", err) } @@ -107,7 +107,7 @@ func asymmetricKeyTest(t *testing.T, compress, pq bool) { if err != nil { t.Error("Error encrypting data", err) } - privKeyFromBytes, err := ParsePrivateKey(privKeyBytes) + privKeyFromBytes, err := ParseSecretKey(privKeyBytes) if err != nil { t.Error("Error parsing private key", err) } @@ -124,7 +124,7 @@ func asymmetricKeyTest(t *testing.T, compress, pq bool) { func asymmetricPwdTest(t *testing.T, compress, pq bool) { password := getTestPassword() data := getTestData() - privKey, err := NewPrivateKeyForPassword(password) + privKey, err := NewSecretKeyForPassword(password) if err != nil { t.Error("Error generating private key", err) } @@ -136,7 +136,7 @@ func asymmetricPwdTest(t *testing.T, compress, pq bool) { if err != nil { t.Error("Error encrypting data", err) } - privKeyRecreated, err := NewPrivateKeyForPassword(password) + privKeyRecreated, err := NewSecretKeyForPassword(password) if err != nil { t.Error("Error generating private key", err) }