FrankerFaceZ/socketserver/server/naclform/seal.go

package naclform

import (
	"bytes"
	"crypto/rand"
	"encoding/base64"
	"errors"
	"net/url"
	"strconv"
	"strings"

	"golang.org/x/crypto/nacl/box"
)

var ErrorShortNonce = errors.New("Nonce too short.")
var ErrorInvalidSignature = errors.New("Invalid signature or contents")

type ServerInfo struct {
	SharedKey [32]byte
	ServerID  int
}

func fillCryptoRandom(buf []byte) error {
	remaining := len(buf)
	for remaining > 0 {
		count, err := rand.Read(buf)
		if err != nil {
			return err
		}
		remaining -= count
	}
	return nil
}

func (i *ServerInfo) Seal(form url.Values) (url.Values, error) {
	var nonce [24]byte
	var err error

	err = fillCryptoRandom(nonce[:])
	if err != nil {
		return nil, err
	}

	cipherMsg := box.SealAfterPrecomputation(nil, []byte(form.Encode()), &nonce, &i.SharedKey)

	bufMessage := new(bytes.Buffer)
	enc := base64.NewEncoder(base64.URLEncoding, bufMessage)
	enc.Write(cipherMsg)
	enc.Close()
	cipherString := bufMessage.String()

	bufNonce := new(bytes.Buffer)
	enc = base64.NewEncoder(base64.URLEncoding, bufNonce)
	enc.Write(nonce[:])
	enc.Close()
	nonceString := bufNonce.String()

	retval := url.Values{
		"nonce": []string{nonceString},
		"msg":   []string{cipherString},
		"id":    []string{strconv.Itoa(i.ServerID)},
	}

	return retval, nil
}

func (i *ServerInfo) Unseal(form url.Values) (url.Values, error) {
	var nonce [24]byte

	nonceString := form.Get("nonce")
	dec := base64.NewDecoder(base64.URLEncoding, strings.NewReader(nonceString))
	count, err := dec.Read(nonce[:])
	if err != nil {
		return nil, err
	}
	if count != 24 {
		return nil, ErrorShortNonce
	}

	cipherString := form.Get("msg")
	dec = base64.NewDecoder(base64.URLEncoding, strings.NewReader(cipherString))
	cipherBuffer := new(bytes.Buffer)
	cipherBuffer.ReadFrom(dec)

	message, ok := box.OpenAfterPrecomputation(nil, cipherBuffer.Bytes(), &nonce, &i.SharedKey)
	if !ok {
		return nil, ErrorInvalidSignature
	}

	retValues, err := url.ParseQuery(string(message))
	if err != nil {
		return nil, ErrorInvalidSignature
	}

	return retValues, nil
}
Extract form sealing to a package 2017-09-15 16:40:40 -07:00			`package naclform`

			`import (`
			`"bytes"`
			`"crypto/rand"`
			`"encoding/base64"`
			`"errors"`
			`"net/url"`
			`"strconv"`
			`"strings"`

			`"golang.org/x/crypto/nacl/box"`
			`)`

			`var ErrorShortNonce = errors.New("Nonce too short.")`
			`var ErrorInvalidSignature = errors.New("Invalid signature or contents")`

			`type ServerInfo struct {`
			`SharedKey [32]byte`
			`ServerID int`
			`}`

			`func fillCryptoRandom(buf []byte) error {`
			`remaining := len(buf)`
			`for remaining > 0 {`
			`count, err := rand.Read(buf)`
			`if err != nil {`
			`return err`
			`}`
			`remaining -= count`
			`}`
			`return nil`
			`}`

			`func (i *ServerInfo) Seal(form url.Values) (url.Values, error) {`
			`var nonce [24]byte`
			`var err error`

			`err = fillCryptoRandom(nonce[:])`
			`if err != nil {`
			`return nil, err`
			`}`

			`cipherMsg := box.SealAfterPrecomputation(nil, []byte(form.Encode()), &nonce, &i.SharedKey)`

			`bufMessage := new(bytes.Buffer)`
			`enc := base64.NewEncoder(base64.URLEncoding, bufMessage)`
			`enc.Write(cipherMsg)`
			`enc.Close()`
			`cipherString := bufMessage.String()`

			`bufNonce := new(bytes.Buffer)`
			`enc = base64.NewEncoder(base64.URLEncoding, bufNonce)`
			`enc.Write(nonce[:])`
			`enc.Close()`
			`nonceString := bufNonce.String()`

			`retval := url.Values{`
			`"nonce": []string{nonceString},`
			`"msg": []string{cipherString},`
			`"id": []string{strconv.Itoa(i.ServerID)},`
			`}`

			`return retval, nil`
			`}`

			`func (i *ServerInfo) Unseal(form url.Values) (url.Values, error) {`
			`var nonce [24]byte`

			`nonceString := form.Get("nonce")`
			`dec := base64.NewDecoder(base64.URLEncoding, strings.NewReader(nonceString))`
			`count, err := dec.Read(nonce[:])`
			`if err != nil {`
			`return nil, err`
			`}`
			`if count != 24 {`
			`return nil, ErrorShortNonce`
			`}`

			`cipherString := form.Get("msg")`
			`dec = base64.NewDecoder(base64.URLEncoding, strings.NewReader(cipherString))`
			`cipherBuffer := new(bytes.Buffer)`
			`cipherBuffer.ReadFrom(dec)`

			`message, ok := box.OpenAfterPrecomputation(nil, cipherBuffer.Bytes(), &nonce, &i.SharedKey)`
			`if !ok {`
			`return nil, ErrorInvalidSignature`
			`}`

			`retValues, err := url.ParseQuery(string(message))`
			`if err != nil {`
			`return nil, ErrorInvalidSignature`
			`}`

			`return retValues, nil`
			`}`