encrypt.go (view raw)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
//
// Copyright (c) 2024 Ted Unangst <tedu@tedunangst.com>
//
// Permission to use, copy, modify, and distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
package main
import (
"bytes"
"crypto/rand"
"encoding/base64"
"fmt"
"io"
"strings"
"time"
"golang.org/x/crypto/nacl/box"
"humungus.tedunangst.com/r/webs/gencache"
)
type boxSecKey struct {
key *[32]byte
}
type boxPubKey struct {
key *[32]byte
}
func encryptString(plain string, seckey boxSecKey, pubkey boxPubKey) (string, error) {
var nonce [24]byte
rand.Read(nonce[:])
out := box.Seal(nil, []byte(plain), &nonce, pubkey.key, seckey.key)
var sb strings.Builder
b64 := base64.NewEncoder(base64.StdEncoding, &sb)
b64.Write(nonce[:])
b64.Write(out)
b64.Close()
return sb.String(), nil
}
func decryptString(encmsg string, seckey boxSecKey, pubkey boxPubKey) (string, error) {
var buf bytes.Buffer
b64 := base64.NewDecoder(base64.StdEncoding, strings.NewReader(encmsg))
io.Copy(&buf, b64)
data := buf.Bytes()
if len(data) < 24 {
return "", fmt.Errorf("not enough data")
}
var nonce [24]byte
copy(nonce[:], data)
data = data[24:]
out, ok := box.Open(nil, data, &nonce, pubkey.key, seckey.key)
if !ok {
return "", fmt.Errorf("error decrypting chonk")
}
return string(out), nil
}
func b64tokey(s string) (*[32]byte, error) {
var buf bytes.Buffer
b64 := base64.NewDecoder(base64.StdEncoding, strings.NewReader(s))
n, _ := io.Copy(&buf, b64)
if n != 32 {
return nil, fmt.Errorf("bad key size")
}
var key [32]byte
copy(key[:], buf.Bytes())
return &key, nil
}
func tob64(data []byte) string {
var sb strings.Builder
b64 := base64.NewEncoder(base64.StdEncoding, &sb)
b64.Write(data)
b64.Close()
return sb.String()
}
func newChatKeys() (boxPubKey, boxSecKey) {
pub, sec, _ := box.GenerateKey(rand.Reader)
return boxPubKey{pub}, boxSecKey{sec}
}
var chatkeys = gencache.New(gencache.Options[string, boxPubKey]{Fill: func(xonker string) (boxPubKey, bool) {
data := getxonker(xonker, chatKeyProp)
if data == "" {
dlog.Printf("hitting the webs for missing chatkey: %s", xonker)
j, err := GetJunk(readyLuserOne, xonker)
if err != nil {
ilog.Printf("error getting %s: %s", xonker, err)
when := time.Now().UTC().Format(dbtimeformat)
stmtSaveXonker.Exec(xonker, "failed", chatKeyProp, when)
return boxPubKey{}, true
}
allinjest(originate(xonker), j)
data = getxonker(xonker, chatKeyProp)
if data == "" {
ilog.Printf("key not found after ingesting")
when := time.Now().UTC().Format(dbtimeformat)
stmtSaveXonker.Exec(xonker, "failed", chatKeyProp, when)
return boxPubKey{}, true
}
}
if data == "failed" {
ilog.Printf("lookup previously failed chatkey %s", xonker)
return boxPubKey{}, true
}
var pubkey boxPubKey
var err error
pubkey.key, err = b64tokey(data)
if err != nil {
ilog.Printf("error decoding %s pubkey: %s", xonker, err)
}
return pubkey, true
}, Limit: 512})
func getchatkey(xonker string) (boxPubKey, bool) {
pubkey, _ := chatkeys.Get(xonker)
return pubkey, pubkey.key != nil
}
|