-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3521250
commit 7ce1c04
Showing
8 changed files
with
550 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
package paseto | ||
|
||
import ( | ||
"bytes" | ||
"encoding/base64" | ||
"encoding/binary" | ||
"encoding/json" | ||
"fmt" | ||
"strings" | ||
) | ||
|
||
func pae(pieces ...[]byte) []byte { | ||
var buf bytes.Buffer | ||
binary.Write(&buf, binary.LittleEndian, int64(len(pieces))) | ||
|
||
for _, p := range pieces { | ||
binary.Write(&buf, binary.LittleEndian, int64(len(p))) | ||
buf.Write(p) | ||
} | ||
return buf.Bytes() | ||
} | ||
|
||
func toBytes(x any) ([]byte, error) { | ||
switch v := x.(type) { | ||
case nil: | ||
return nil, nil | ||
case string: | ||
return []byte(v), nil | ||
case []byte: | ||
return v, nil | ||
default: | ||
return json.Marshal(v) | ||
} | ||
} | ||
|
||
func fromBytes(data []byte, x any) error { | ||
switch f := x.(type) { | ||
case *string: | ||
*f = string(data) | ||
case *[]byte: | ||
*f = append(*f, data...) | ||
default: | ||
if err := json.Unmarshal(data, x); err != nil { | ||
return fmt.Errorf("%v: %w", err, ErrDataUnmarshal) | ||
} | ||
} | ||
return nil | ||
} | ||
|
||
func splitToken(token, header string) ([]byte, []byte, error) { | ||
if !strings.HasPrefix(token, header) { | ||
return nil, nil, ErrIncorrectTokenHeader | ||
} | ||
|
||
parts := bytes.Split([]byte(token[len(header):]), []byte(".")) | ||
|
||
var rawPayload, rawFooter []byte | ||
switch len(parts) { | ||
case 1: | ||
rawPayload = parts[0] | ||
case 2: | ||
rawPayload = parts[0] | ||
rawFooter = parts[1] | ||
default: | ||
return nil, nil, ErrIncorrectTokenFormat | ||
} | ||
|
||
payload := make([]byte, b64DecodedLen(len(rawPayload))) | ||
if _, err := b64Decode(payload, rawPayload); err != nil { | ||
return nil, nil, fmt.Errorf("decode payload: %w", err) | ||
} | ||
|
||
var footer []byte | ||
if rawFooter != nil { | ||
footer = make([]byte, b64DecodedLen(len(rawFooter))) | ||
if _, err := b64Decode(footer, rawFooter); err != nil { | ||
return nil, nil, fmt.Errorf("decode footer: %w", err) | ||
} | ||
} | ||
return payload, footer, nil | ||
} | ||
|
||
func buildToken(header string, body, footer []byte) string { | ||
size := len(header) + b64EncodedLen(len(body)) | ||
if len(footer) > 0 { | ||
size += 1 + b64EncodedLen(len(footer)) | ||
} | ||
|
||
token := make([]byte, size) | ||
offset := 0 | ||
offset += copy(token[offset:], header) | ||
|
||
b64Encode(token[offset:], body) | ||
offset += b64EncodedLen(len(body)) | ||
|
||
if len(footer) > 0 { | ||
offset += copy(token[offset:], ".") | ||
b64Encode(token[offset:], footer) | ||
} | ||
return string(token) | ||
} | ||
|
||
func b64Decode(dst, src []byte) (n int, err error) { | ||
return base64.RawURLEncoding.Decode(dst, src) | ||
} | ||
|
||
func b64DecodedLen(n int) int { | ||
return base64.RawURLEncoding.DecodedLen(n) | ||
} | ||
|
||
func b64Encode(dst, src []byte) { | ||
base64.RawURLEncoding.Encode(dst, src) | ||
} | ||
|
||
func b64EncodedLen(n int) int { | ||
return base64.RawURLEncoding.EncodedLen(n) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package paseto | ||
|
||
import "errors" | ||
|
||
var ( | ||
ErrDataUnmarshal = errors.New("can't unmarshal token data to the given type of value") | ||
ErrInvalidTokenAuth = errors.New("invalid token authentication") | ||
ErrIncorrectTokenFormat = errors.New("incorrect token format") | ||
ErrIncorrectTokenHeader = errors.New("incorrect token header") | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
module paseto | ||
module github.com/cristalhq/paseto | ||
|
||
go 1.21 | ||
|
||
require golang.org/x/crypto v0.22.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= | ||
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package paseto | ||
|
||
import ( | ||
"encoding/hex" | ||
"encoding/json" | ||
"os" | ||
"reflect" | ||
"testing" | ||
) | ||
|
||
type GoldenCases struct { | ||
Tests []GoldenCase `json:"tests"` | ||
} | ||
|
||
type GoldenCase struct { | ||
Name string `json:"name"` | ||
ExpectFail bool `json:"expect-fail"` | ||
Nonce string `json:"nonce"` | ||
Key string `json:"key"` | ||
PublicKey string `json:"public-key"` | ||
SecretKey string `json:"secret-key"` | ||
SecretKeySeed string `json:"secret-key-seed"` | ||
SecretKeyPem string `json:"secret-key-pem"` | ||
PublicKeyPem string `json:"public-key-pem"` | ||
Token string `json:"token"` | ||
Payload string `json:"payload"` | ||
Footer string `json:"footer"` | ||
ImplicitAssertion string `json:"implicit-assertion"` | ||
} | ||
|
||
func loadGoldenFile(filename string) GoldenCases { | ||
f, err := os.Open(filename) | ||
if err != nil { | ||
panic(err) | ||
} | ||
defer f.Close() | ||
|
||
var tc GoldenCases | ||
if err := json.NewDecoder(f).Decode(&tc); err != nil { | ||
panic(err) | ||
} | ||
return tc | ||
} | ||
|
||
func must[T any](v T, err error) T { | ||
if err != nil { | ||
panic(err) | ||
} | ||
return v | ||
} | ||
|
||
func mustHex(raw string) []byte { | ||
return must(hex.DecodeString(raw)) | ||
} | ||
|
||
func mustJSON(raw string) any { | ||
if len(raw) == 0 || string(raw) == "" { | ||
return nil | ||
} | ||
var dst any | ||
if err := json.Unmarshal([]byte(raw), &dst); err != nil { | ||
return string(raw) | ||
} | ||
return dst | ||
} | ||
|
||
func mustOk(tb testing.TB, err error) { | ||
tb.Helper() | ||
if err != nil { | ||
tb.Fatal(err) | ||
} | ||
} | ||
|
||
func mustFail(tb testing.TB, err error) { | ||
tb.Helper() | ||
if err == nil { | ||
tb.Fatal() | ||
} | ||
} | ||
|
||
func mustEqual[T any](tb testing.TB, have, want T) { | ||
tb.Helper() | ||
if !reflect.DeepEqual(have, want) { | ||
tb.Fatalf("\nhave: %+v\nwant: %+v\n", have, want) | ||
} | ||
} |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
package paseto | ||
|
||
import ( | ||
"crypto/aes" | ||
"crypto/cipher" | ||
"crypto/hmac" | ||
"crypto/rand" | ||
"crypto/sha512" | ||
"fmt" | ||
"io" | ||
|
||
"golang.org/x/crypto/hkdf" | ||
) | ||
|
||
const ( | ||
v1LocNonceSize = 32 | ||
v1LocNonceHalf = v1LocNonceSize / 2 | ||
v1LocMacSize = 48 // const for crypty.SHA384.Size() | ||
v1LocHeader = "v1.local." | ||
) | ||
|
||
func V1Encrypt(key []byte, payload, footer any, randBytes []byte) (string, error) { | ||
if randBytes == nil { | ||
randBytes = make([]byte, v1LocNonceSize) | ||
if _, err := io.ReadFull(rand.Reader, randBytes); err != nil { | ||
return "", fmt.Errorf("read from crypto/rand.Reader: %w", err) | ||
} | ||
} | ||
|
||
payloadBytes, err := toBytes(payload) | ||
if err != nil { | ||
return "", fmt.Errorf("encode payload: %w", err) | ||
} | ||
|
||
footerBytes, err := toBytes(footer) | ||
if err != nil { | ||
return "", fmt.Errorf("encode footer: %w", err) | ||
} | ||
|
||
macN := hmac.New(sha512.New384, randBytes) | ||
if _, err := macN.Write(payloadBytes); err != nil { | ||
return "", fmt.Errorf("hash payload: %w", err) | ||
} | ||
nonce := macN.Sum(nil)[:v1LocNonceSize] | ||
|
||
encKey, authKey, err := v1locSplitKey(key, nonce[:v1LocNonceHalf]) | ||
if err != nil { | ||
return "", fmt.Errorf("create enc and auth keys: %w", err) | ||
} | ||
|
||
block, err := aes.NewCipher(encKey) | ||
if err != nil { | ||
return "", fmt.Errorf("create aes cipher: %w", err) | ||
} | ||
|
||
encryptedPayload := make([]byte, len(payloadBytes)) | ||
cipher.NewCTR(block, nonce[v1LocNonceHalf:]). | ||
XORKeyStream(encryptedPayload, payloadBytes) | ||
|
||
h := hmac.New(sha512.New384, authKey) | ||
if _, err := h.Write(pae([]byte(v1LocHeader), nonce, encryptedPayload, footerBytes)); err != nil { | ||
return "", fmt.Errorf("create signature: %w", err) | ||
} | ||
mac := h.Sum(nil) | ||
|
||
body := make([]byte, 0, len(nonce)+len(encryptedPayload)+len(mac)) | ||
body = append(body, nonce...) | ||
body = append(body, encryptedPayload...) | ||
body = append(body, mac...) | ||
|
||
return buildToken(v1LocHeader, body, footerBytes), nil | ||
} | ||
|
||
func V1Decrypt(token string, key []byte, payload, footer any) error { | ||
data, footerBytes, err := splitToken(token, v1LocHeader) | ||
if err != nil { | ||
return fmt.Errorf("decode token: %w", err) | ||
} | ||
if len(data) < v1LocNonceSize+v1LocMacSize { | ||
return ErrIncorrectTokenFormat | ||
} | ||
|
||
pivot := len(data) - v1LocMacSize | ||
nonce := data[:v1LocNonceSize] | ||
encryptedPayload, mac := data[v1LocNonceSize:pivot], data[pivot:] | ||
|
||
encKey, authKey, err := v1locSplitKey(key, nonce[:v1LocNonceHalf]) | ||
if err != nil { | ||
return fmt.Errorf("create enc and auth keys: %w", err) | ||
} | ||
|
||
body := pae([]byte(v1LocHeader), nonce, encryptedPayload, footerBytes) | ||
h := hmac.New(sha512.New384, authKey) | ||
if _, err := h.Write(body); err != nil { | ||
return fmt.Errorf("create signature: %w", err) | ||
} | ||
|
||
if !hmac.Equal(h.Sum(nil), mac) { | ||
return fmt.Errorf("token signature: %w", ErrInvalidTokenAuth) | ||
} | ||
|
||
block, err := aes.NewCipher(encKey) | ||
if err != nil { | ||
return fmt.Errorf("create aes cipher: %w", err) | ||
} | ||
|
||
decryptedPayload := make([]byte, len(encryptedPayload)) | ||
cipher.NewCTR(block, nonce[v1LocNonceHalf:]). | ||
XORKeyStream(decryptedPayload, encryptedPayload) | ||
|
||
if payload != nil { | ||
if err := fromBytes(decryptedPayload, payload); err != nil { | ||
return fmt.Errorf("decode payload: %w", err) | ||
} | ||
} | ||
|
||
if footer != nil { | ||
if err := fromBytes(footerBytes, footer); err != nil { | ||
return fmt.Errorf("decode footer: %w", err) | ||
} | ||
} | ||
return nil | ||
} | ||
|
||
func v1locSplitKey(key, salt []byte) ([]byte, []byte, error) { | ||
eReader := hkdf.New(sha512.New384, key, salt, []byte("paseto-encryption-key")) | ||
aReader := hkdf.New(sha512.New384, key, salt, []byte("paseto-auth-key-for-aead")) | ||
|
||
encKey := make([]byte, 32) | ||
authKey := make([]byte, 32) | ||
|
||
if _, err := io.ReadFull(eReader, encKey); err != nil { | ||
return nil, nil, err | ||
} | ||
if _, err := io.ReadFull(aReader, authKey); err != nil { | ||
return nil, nil, err | ||
} | ||
return encKey, authKey, nil | ||
} |
Oops, something went wrong.