Extract form sealing to a package

2025-07-13 14:38:30 +00:00 · 2017-09-15 16:40:40 -07:00 · 2017-09-15 16:40:40 -07:00 · 1c55e8fca7
commit 1c55e8fca7
parent ced892fd1a
9 changed files with 119 additions and 117 deletions
--- a/socketserver/server/naclform/seal.go
+++ b/socketserver/server/naclform/seal.go
@ -0,0 +1,96 @@
+package naclform
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"golang.org/x/crypto/nacl/box"
+)
+
+var ErrorShortNonce = errors.New("Nonce too short.")
+var ErrorInvalidSignature = errors.New("Invalid signature or contents")
+
+type ServerInfo struct {
+	SharedKey [32]byte
+	ServerID  int
+}
+
+func fillCryptoRandom(buf []byte) error {
+	remaining := len(buf)
+	for remaining > 0 {
+		count, err := rand.Read(buf)
+		if err != nil {
+			return err
+		}
+		remaining -= count
+	}
+	return nil
+}
+
+func (i *ServerInfo) Seal(form url.Values) (url.Values, error) {
+	var nonce [24]byte
+	var err error
+
+	err = fillCryptoRandom(nonce[:])
+	if err != nil {
+		return nil, err
+	}
+
+	cipherMsg := box.SealAfterPrecomputation(nil, []byte(form.Encode()), &nonce, &i.SharedKey)
+
+	bufMessage := new(bytes.Buffer)
+	enc := base64.NewEncoder(base64.URLEncoding, bufMessage)
+	enc.Write(cipherMsg)
+	enc.Close()
+	cipherString := bufMessage.String()
+
+	bufNonce := new(bytes.Buffer)
+	enc = base64.NewEncoder(base64.URLEncoding, bufNonce)
+	enc.Write(nonce[:])
+	enc.Close()
+	nonceString := bufNonce.String()
+
+	retval := url.Values{
+		"nonce": []string{nonceString},
+		"msg":   []string{cipherString},
+		"id":    []string{strconv.Itoa(i.ServerID)},
+	}
+
+	return retval, nil
+}
+
+func (i *ServerInfo) Unseal(form url.Values) (url.Values, error) {
+	var nonce [24]byte
+
+	nonceString := form.Get("nonce")
+	dec := base64.NewDecoder(base64.URLEncoding, strings.NewReader(nonceString))
+	count, err := dec.Read(nonce[:])
+	if err != nil {
+		return nil, err
+	}
+	if count != 24 {
+		return nil, ErrorShortNonce
+	}
+
+	cipherString := form.Get("msg")
+	dec = base64.NewDecoder(base64.URLEncoding, strings.NewReader(cipherString))
+	cipherBuffer := new(bytes.Buffer)
+	cipherBuffer.ReadFrom(dec)
+
+	message, ok := box.OpenAfterPrecomputation(nil, cipherBuffer.Bytes(), &nonce, &i.SharedKey)
+	if !ok {
+		return nil, ErrorInvalidSignature
+	}
+
+	retValues, err := url.ParseQuery(string(message))
+	if err != nil {
+		return nil, ErrorInvalidSignature
+	}
+
+	return retValues, nil
+}