82 lines
2.2 KiB
Go
82 lines
2.2 KiB
Go
package encrypt
|
|
|
|
import (
|
|
"crypto/ed25519"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"errors"
|
|
"fmt"
|
|
)
|
|
|
|
type EncryptDeps struct {
|
|
PublicKey string
|
|
PrivateKey string
|
|
SignSecret string
|
|
}
|
|
|
|
type Encrypt struct {
|
|
publicKey string
|
|
privateKey string
|
|
signSecret string
|
|
}
|
|
|
|
func New(deps *EncryptDeps) *Encrypt {
|
|
return &Encrypt{
|
|
publicKey: deps.PublicKey,
|
|
privateKey: deps.PrivateKey,
|
|
signSecret: deps.SignSecret,
|
|
}
|
|
}
|
|
|
|
func (receiver *Encrypt) VerifySignature(signature []byte) (isValid bool, err error) {
|
|
defer func() {
|
|
if recovered := recover(); recovered != nil {
|
|
err = fmt.Errorf("recovered verify error on <VerifySignature> of <EncryptService>: %v", recovered)
|
|
}
|
|
}()
|
|
|
|
block, _ := pem.Decode([]byte(receiver.publicKey))
|
|
if block == nil {
|
|
return false, fmt.Errorf("public key block is nil")
|
|
}
|
|
|
|
rawPublicKey, err := x509.ParsePKIXPublicKey(block.Bytes)
|
|
if err != nil {
|
|
return false, fmt.Errorf("failed parse public key on <VerifySignature> of <EncryptService>: %w", err)
|
|
}
|
|
|
|
publicKey, ok := rawPublicKey.(ed25519.PublicKey)
|
|
if !ok {
|
|
return false, errors.New("public key is not of type ed25519.PublicKey")
|
|
}
|
|
|
|
return ed25519.Verify(publicKey, []byte(receiver.signSecret), signature), nil
|
|
}
|
|
|
|
// TODO подумать над тем чтобы подпись генерилась каждый раз разгая
|
|
func (receiver *Encrypt) SignCommonSecret() (signature []byte, err error) {
|
|
defer func() {
|
|
if recovered := recover(); recovered != nil {
|
|
fmt.Printf("recovered sign error: \n%+v\n", receiver)
|
|
err = fmt.Errorf("recovered sign error on <SignCommonSecret> of <EncryptService>: %v", recovered)
|
|
}
|
|
}()
|
|
|
|
block, _ := pem.Decode([]byte(receiver.privateKey))
|
|
if block == nil {
|
|
return []byte{}, fmt.Errorf("failed decode private key %s on <SignCommonSecret> of <EncryptService>: %w", receiver.privateKey, err)
|
|
}
|
|
|
|
rawPrivateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
|
|
if err != nil {
|
|
return []byte{}, fmt.Errorf("failed parse private key on <SignCommonSecret> of <EncryptService>: %w", err)
|
|
}
|
|
|
|
privateKey, ok := rawPrivateKey.(ed25519.PrivateKey)
|
|
if !ok {
|
|
return []byte{}, fmt.Errorf("failed convert to ed25519.PrivateKey on <SignCommonSecret> of <EncryptService>: %w", err)
|
|
}
|
|
|
|
return ed25519.Sign(privateKey, []byte(receiver.signSecret)), nil
|
|
}
|