Extract form sealing to a package

2025-08-07 06:40:54 +00:00 · 2017-09-15 16:40:40 -07:00 · 2017-09-15 16:40:40 -07:00 · 1c55e8fca7
commit 1c55e8fca7
parent ced892fd1a
9 changed files with 119 additions and 117 deletions
--- a/socketserver/server/utils.go
+++ b/socketserver/server/utils.go
@ -1,103 +1,9 @@
 package server

-import (
-	"bytes"
-	"crypto/rand"
-	"encoding/base64"
-	"errors"
-	"net/url"
-	"strconv"
-	"strings"
-
-	"golang.org/x/crypto/nacl/box"
-)
-
-func FillCryptoRandom(buf []byte) error {
-	remaining := len(buf)
-	for remaining > 0 {
-		count, err := rand.Read(buf)
-		if err != nil {
-			return err
-		}
-		remaining -= count
-	}
-	return nil
-}
-
 func copyString(s string) string {
 	return string([]byte(s))
 }

-func (backend *backendInfo) SealRequest(form url.Values) (url.Values, error) {
-	var nonce [24]byte
-	var err error
-
-	err = FillCryptoRandom(nonce[:])
-	if err != nil {
-		return nil, err
-	}
-
-	cipherMsg := box.SealAfterPrecomputation(nil, []byte(form.Encode()), &nonce, &backend.sharedKey)
-
-	bufMessage := new(bytes.Buffer)
-	enc := base64.NewEncoder(base64.URLEncoding, bufMessage)
-	enc.Write(cipherMsg)
-	enc.Close()
-	cipherString := bufMessage.String()
-
-	bufNonce := new(bytes.Buffer)
-	enc = base64.NewEncoder(base64.URLEncoding, bufNonce)
-	enc.Write(nonce[:])
-	enc.Close()
-	nonceString := bufNonce.String()
-
-	retval := url.Values{
-		"nonce": []string{nonceString},
-		"msg":   []string{cipherString},
-		"id":    []string{strconv.Itoa(Backend.serverID)},
-	}
-
-	return retval, nil
-}
-
-var ErrorShortNonce = errors.New("Nonce too short.")
-var ErrorInvalidSignature = errors.New("Invalid signature or contents")
-
-func (backend *backendInfo) UnsealRequest(form url.Values) (url.Values, error) {
-	var nonce [24]byte
-
-	nonceString := form.Get("nonce")
-	dec := base64.NewDecoder(base64.URLEncoding, strings.NewReader(nonceString))
-	count, err := dec.Read(nonce[:])
-	if err != nil {
-		Statistics.BackendVerifyFails++
-		return nil, err
-	}
-	if count != 24 {
-		Statistics.BackendVerifyFails++
-		return nil, ErrorShortNonce
-	}
-
-	cipherString := form.Get("msg")
-	dec = base64.NewDecoder(base64.URLEncoding, strings.NewReader(cipherString))
-	cipherBuffer := new(bytes.Buffer)
-	cipherBuffer.ReadFrom(dec)
-
-	message, ok := box.OpenAfterPrecomputation(nil, cipherBuffer.Bytes(), &nonce, &backend.sharedKey)
-	if !ok {
-		Statistics.BackendVerifyFails++
-		return nil, ErrorInvalidSignature
-	}
-
-	retValues, err := url.ParseQuery(string(message))
-	if err != nil {
-		Statistics.BackendVerifyFails++
-		return nil, ErrorInvalidSignature
-	}
-
-	return retValues, nil
-}
-
 func AddToSliceS(ary *[]string, val string) bool {
 	slice := *ary
 	for _, v := range slice {