10
"golang.org/x/crypto/nacl/secretbox"
13
func keyedHash(key *[hashLen]byte, text []byte) *[hashLen]byte {
21
func keyedHasher(key *[hashLen]byte) hash.Hash {
22
return hmac.New(sha256.New, key[:])
25
var keyGen = []byte("macaroons-key-generator")
27
// makeKey derives a fixed length key from a variable
28
// length key. The keyGen constant is the same
29
// as that used in libmacaroons.
30
func makeKey(variableKey []byte) *[keyLen]byte {
31
h := hmac.New(sha256.New, keyGen)
38
// hashSum calls h.Sum to put the sum into
39
// the given destination. It also sanity
40
// checks that the result really is the expected
42
func hashSum(h hash.Hash, dest *[hashLen]byte) {
44
if len(r) != len(dest) {
45
panic("hash size inconsistency")
55
func newNonce(r io.Reader) (*[nonceLen]byte, error) {
56
var nonce [nonceLen]byte
57
_, err := r.Read(nonce[:])
59
return nil, fmt.Errorf("cannot generate random bytes: %v", err)
64
func encrypt(key *[keyLen]byte, text *[hashLen]byte, r io.Reader) ([]byte, error) {
65
nonce, err := newNonce(r)
69
out := make([]byte, 0, len(nonce)+secretbox.Overhead+len(text))
70
out = append(out, nonce[:]...)
71
return secretbox.Seal(out, text[:], nonce, key), nil
74
func decrypt(key *[keyLen]byte, ciphertext []byte) (*[hashLen]byte, error) {
75
if len(ciphertext) < nonceLen+secretbox.Overhead {
76
return nil, fmt.Errorf("message too short")
78
var nonce [nonceLen]byte
79
copy(nonce[:], ciphertext)
80
ciphertext = ciphertext[nonceLen:]
81
text, ok := secretbox.Open(nil, ciphertext, &nonce, key)
83
return nil, fmt.Errorf("decryption failure")
85
if len(text) != hashLen {
86
return nil, fmt.Errorf("decrypted text is wrong length")
88
var rtext [hashLen]byte