mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-10 04:48:50 +03:00
6fde3632ef
The vendor/ folder was created with the help of @FiloSottile's gvt and vendorcheck. Any dependencies of Caddy plugins outside this repo are not vendored. We do not remove any unused, vendored packages because vendorcheck -u only checks using the current build configuration; i.e. packages that may be imported by files toggled by build tags of other systems. CI tests have been updated to ignore the vendor/ folder. When Go 1.9 is released, a few of the go commands should be revised to again use ./... as it will ignore the vendor folder by default.
62 lines
2 KiB
Go
62 lines
2 KiB
Go
/*-
|
|
* Copyright 2014 Square Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package josecipher
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/ecdsa"
|
|
"encoding/binary"
|
|
)
|
|
|
|
// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA.
|
|
// It is an error to call this function with a private/public key that are not on the same
|
|
// curve. Callers must ensure that the keys are valid before calling this function. Output
|
|
// size may be at most 1<<16 bytes (64 KiB).
|
|
func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte {
|
|
if size > 1<<16 {
|
|
panic("ECDH-ES output size too large, must be less than 1<<16")
|
|
}
|
|
|
|
// algId, partyUInfo, partyVInfo inputs must be prefixed with the length
|
|
algID := lengthPrefixed([]byte(alg))
|
|
ptyUInfo := lengthPrefixed(apuData)
|
|
ptyVInfo := lengthPrefixed(apvData)
|
|
|
|
// suppPubInfo is the encoded length of the output size in bits
|
|
supPubInfo := make([]byte, 4)
|
|
binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8)
|
|
|
|
if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) {
|
|
panic("public key not on same curve as private key")
|
|
}
|
|
|
|
z, _ := priv.PublicKey.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes())
|
|
reader := NewConcatKDF(crypto.SHA256, z.Bytes(), algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{})
|
|
|
|
key := make([]byte, size)
|
|
|
|
// Read on the KDF will never fail
|
|
_, _ = reader.Read(key)
|
|
return key
|
|
}
|
|
|
|
func lengthPrefixed(data []byte) []byte {
|
|
out := make([]byte, len(data)+4)
|
|
binary.BigEndian.PutUint32(out, uint32(len(data)))
|
|
copy(out[4:], data)
|
|
return out
|
|
}
|