Skip to content

Commit

Permalink
Implement v1.local (#5)
Browse files Browse the repository at this point in the history
  • Loading branch information
cristaloleg authored Apr 12, 2024
1 parent 3521250 commit 7ce1c04
Show file tree
Hide file tree
Showing 8 changed files with 550 additions and 1 deletion.
117 changes: 117 additions & 0 deletions common.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
package paseto

import (
"bytes"
"encoding/base64"
"encoding/binary"
"encoding/json"
"fmt"
"strings"
)

func pae(pieces ...[]byte) []byte {
var buf bytes.Buffer
binary.Write(&buf, binary.LittleEndian, int64(len(pieces)))

for _, p := range pieces {
binary.Write(&buf, binary.LittleEndian, int64(len(p)))
buf.Write(p)
}
return buf.Bytes()
}

func toBytes(x any) ([]byte, error) {
switch v := x.(type) {
case nil:
return nil, nil
case string:
return []byte(v), nil
case []byte:
return v, nil
default:
return json.Marshal(v)
}
}

func fromBytes(data []byte, x any) error {
switch f := x.(type) {
case *string:
*f = string(data)
case *[]byte:
*f = append(*f, data...)
default:
if err := json.Unmarshal(data, x); err != nil {
return fmt.Errorf("%v: %w", err, ErrDataUnmarshal)
}
}
return nil
}

func splitToken(token, header string) ([]byte, []byte, error) {
if !strings.HasPrefix(token, header) {
return nil, nil, ErrIncorrectTokenHeader
}

parts := bytes.Split([]byte(token[len(header):]), []byte("."))

var rawPayload, rawFooter []byte
switch len(parts) {
case 1:
rawPayload = parts[0]
case 2:
rawPayload = parts[0]
rawFooter = parts[1]
default:
return nil, nil, ErrIncorrectTokenFormat
}

payload := make([]byte, b64DecodedLen(len(rawPayload)))
if _, err := b64Decode(payload, rawPayload); err != nil {
return nil, nil, fmt.Errorf("decode payload: %w", err)
}

var footer []byte
if rawFooter != nil {
footer = make([]byte, b64DecodedLen(len(rawFooter)))
if _, err := b64Decode(footer, rawFooter); err != nil {
return nil, nil, fmt.Errorf("decode footer: %w", err)
}
}
return payload, footer, nil
}

func buildToken(header string, body, footer []byte) string {
size := len(header) + b64EncodedLen(len(body))
if len(footer) > 0 {
size += 1 + b64EncodedLen(len(footer))
}

token := make([]byte, size)
offset := 0
offset += copy(token[offset:], header)

b64Encode(token[offset:], body)
offset += b64EncodedLen(len(body))

if len(footer) > 0 {
offset += copy(token[offset:], ".")
b64Encode(token[offset:], footer)
}
return string(token)
}

func b64Decode(dst, src []byte) (n int, err error) {
return base64.RawURLEncoding.Decode(dst, src)
}

func b64DecodedLen(n int) int {
return base64.RawURLEncoding.DecodedLen(n)
}

func b64Encode(dst, src []byte) {
base64.RawURLEncoding.Encode(dst, src)
}

func b64EncodedLen(n int) int {
return base64.RawURLEncoding.EncodedLen(n)
}
10 changes: 10 additions & 0 deletions errors.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
package paseto

import "errors"

var (
ErrDataUnmarshal = errors.New("can't unmarshal token data to the given type of value")
ErrInvalidTokenAuth = errors.New("invalid token authentication")
ErrIncorrectTokenFormat = errors.New("incorrect token format")
ErrIncorrectTokenHeader = errors.New("incorrect token header")
)
4 changes: 3 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
module paseto
module github.com/cristalhq/paseto

go 1.21

require golang.org/x/crypto v0.22.0
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
86 changes: 86 additions & 0 deletions paseto_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
package paseto

import (
"encoding/hex"
"encoding/json"
"os"
"reflect"
"testing"
)

type GoldenCases struct {
Tests []GoldenCase `json:"tests"`
}

type GoldenCase struct {
Name string `json:"name"`
ExpectFail bool `json:"expect-fail"`
Nonce string `json:"nonce"`
Key string `json:"key"`
PublicKey string `json:"public-key"`
SecretKey string `json:"secret-key"`
SecretKeySeed string `json:"secret-key-seed"`
SecretKeyPem string `json:"secret-key-pem"`
PublicKeyPem string `json:"public-key-pem"`
Token string `json:"token"`
Payload string `json:"payload"`
Footer string `json:"footer"`
ImplicitAssertion string `json:"implicit-assertion"`
}

func loadGoldenFile(filename string) GoldenCases {
f, err := os.Open(filename)
if err != nil {
panic(err)
}
defer f.Close()

var tc GoldenCases
if err := json.NewDecoder(f).Decode(&tc); err != nil {
panic(err)
}
return tc
}

func must[T any](v T, err error) T {
if err != nil {
panic(err)
}
return v
}

func mustHex(raw string) []byte {
return must(hex.DecodeString(raw))
}

func mustJSON(raw string) any {
if len(raw) == 0 || string(raw) == "" {
return nil
}
var dst any
if err := json.Unmarshal([]byte(raw), &dst); err != nil {
return string(raw)
}
return dst
}

func mustOk(tb testing.TB, err error) {
tb.Helper()
if err != nil {
tb.Fatal(err)
}
}

func mustFail(tb testing.TB, err error) {
tb.Helper()
if err == nil {
tb.Fatal()
}
}

func mustEqual[T any](tb testing.TB, have, want T) {
tb.Helper()
if !reflect.DeepEqual(have, want) {
tb.Fatalf("\nhave: %+v\nwant: %+v\n", have, want)
}
}
145 changes: 145 additions & 0 deletions testdata/v1.json

Large diffs are not rendered by default.

139 changes: 139 additions & 0 deletions v1loc.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
package paseto

import (
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/rand"
"crypto/sha512"
"fmt"
"io"

"golang.org/x/crypto/hkdf"
)

const (
v1LocNonceSize = 32
v1LocNonceHalf = v1LocNonceSize / 2
v1LocMacSize = 48 // const for crypty.SHA384.Size()
v1LocHeader = "v1.local."
)

func V1Encrypt(key []byte, payload, footer any, randBytes []byte) (string, error) {
if randBytes == nil {
randBytes = make([]byte, v1LocNonceSize)
if _, err := io.ReadFull(rand.Reader, randBytes); err != nil {
return "", fmt.Errorf("read from crypto/rand.Reader: %w", err)
}
}

payloadBytes, err := toBytes(payload)
if err != nil {
return "", fmt.Errorf("encode payload: %w", err)
}

footerBytes, err := toBytes(footer)
if err != nil {
return "", fmt.Errorf("encode footer: %w", err)
}

macN := hmac.New(sha512.New384, randBytes)
if _, err := macN.Write(payloadBytes); err != nil {
return "", fmt.Errorf("hash payload: %w", err)
}
nonce := macN.Sum(nil)[:v1LocNonceSize]

encKey, authKey, err := v1locSplitKey(key, nonce[:v1LocNonceHalf])
if err != nil {
return "", fmt.Errorf("create enc and auth keys: %w", err)
}

block, err := aes.NewCipher(encKey)
if err != nil {
return "", fmt.Errorf("create aes cipher: %w", err)
}

encryptedPayload := make([]byte, len(payloadBytes))
cipher.NewCTR(block, nonce[v1LocNonceHalf:]).
XORKeyStream(encryptedPayload, payloadBytes)

h := hmac.New(sha512.New384, authKey)
if _, err := h.Write(pae([]byte(v1LocHeader), nonce, encryptedPayload, footerBytes)); err != nil {
return "", fmt.Errorf("create signature: %w", err)
}
mac := h.Sum(nil)

body := make([]byte, 0, len(nonce)+len(encryptedPayload)+len(mac))
body = append(body, nonce...)
body = append(body, encryptedPayload...)
body = append(body, mac...)

return buildToken(v1LocHeader, body, footerBytes), nil
}

func V1Decrypt(token string, key []byte, payload, footer any) error {
data, footerBytes, err := splitToken(token, v1LocHeader)
if err != nil {
return fmt.Errorf("decode token: %w", err)
}
if len(data) < v1LocNonceSize+v1LocMacSize {
return ErrIncorrectTokenFormat
}

pivot := len(data) - v1LocMacSize
nonce := data[:v1LocNonceSize]
encryptedPayload, mac := data[v1LocNonceSize:pivot], data[pivot:]

encKey, authKey, err := v1locSplitKey(key, nonce[:v1LocNonceHalf])
if err != nil {
return fmt.Errorf("create enc and auth keys: %w", err)
}

body := pae([]byte(v1LocHeader), nonce, encryptedPayload, footerBytes)
h := hmac.New(sha512.New384, authKey)
if _, err := h.Write(body); err != nil {
return fmt.Errorf("create signature: %w", err)
}

if !hmac.Equal(h.Sum(nil), mac) {
return fmt.Errorf("token signature: %w", ErrInvalidTokenAuth)
}

block, err := aes.NewCipher(encKey)
if err != nil {
return fmt.Errorf("create aes cipher: %w", err)
}

decryptedPayload := make([]byte, len(encryptedPayload))
cipher.NewCTR(block, nonce[v1LocNonceHalf:]).
XORKeyStream(decryptedPayload, encryptedPayload)

if payload != nil {
if err := fromBytes(decryptedPayload, payload); err != nil {
return fmt.Errorf("decode payload: %w", err)
}
}

if footer != nil {
if err := fromBytes(footerBytes, footer); err != nil {
return fmt.Errorf("decode footer: %w", err)
}
}
return nil
}

func v1locSplitKey(key, salt []byte) ([]byte, []byte, error) {
eReader := hkdf.New(sha512.New384, key, salt, []byte("paseto-encryption-key"))
aReader := hkdf.New(sha512.New384, key, salt, []byte("paseto-auth-key-for-aead"))

encKey := make([]byte, 32)
authKey := make([]byte, 32)

if _, err := io.ReadFull(eReader, encKey); err != nil {
return nil, nil, err
}
if _, err := io.ReadFull(aReader, authKey); err != nil {
return nil, nil, err
}
return encKey, authKey, nil
}
Loading

0 comments on commit 7ce1c04

Please sign in to comment.