Switch to using Go stdlib for ECDH crypto

2023-02-03 09:50:42 +05:30 · 2023-02-03 09:50:42 +05:30 · 8ce80d8962
commit 8ce80d8962
parent 27ae9104ac
3 changed files with 18 additions and 9 deletions
--- a/go.mod
+++ b/go.mod
@ -9,7 +9,6 @@ require (
 	github.com/google/uuid v1.3.0
 	github.com/jamesruan/go-rfc1924 v0.0.0-20170108144916-2767ca7c638f
 	github.com/seancfoley/ipaddress-go v1.5.3
-	golang.org/x/crypto v0.5.0
 	golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b
 	golang.org/x/image v0.3.0
 	golang.org/x/sys v0.4.0
--- a/go.sum
+++ b/go.sum
@ -15,8 +15,6 @@ github.com/seancfoley/ipaddress-go v1.5.3/go.mod h1:fpvVPC+Jso+YEhNcNiww8HQmBgKP
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
-golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b h1:EqBVA+nNsObCwQoBEHy4wLU0pi7i8a4AL3pbItPdPkE=
 golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
--- a/tools/crypto/crypto.go
+++ b/tools/crypto/crypto.go
@ -6,27 +6,39 @@ package crypto
 import (
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/ecdh"
 	"crypto/rand"
 	"crypto/sha256"
 	"encoding/json"
 	"fmt"
 	"github.com/jamesruan/go-rfc1924/base85"
-	"golang.org/x/crypto/curve25519"
 	"kitty/tools/utils"
 	"time"
 )

 func curve25519_key_pair() (private_key []byte, public_key []byte, err error) {
-	private_key = make([]byte, 32)
-	_, err = rand.Read(private_key)
+	curve := ecdh.X25519()
+	privkey, err := curve.GenerateKey(rand.Reader)
 	if err == nil {
-		public_key, err = curve25519.X25519(private_key[:], curve25519.Basepoint)
+		pubkey := privkey.PublicKey()
+		return privkey.Bytes(), pubkey.Bytes(), nil
 	}
-	return
+	return nil, nil, err
 }

 func curve25519_derive_shared_secret(private_key []byte, public_key []byte) (secret []byte, err error) {
-	secret, err = curve25519.X25519(private_key[:], public_key[:])
+	prkey, err := ecdh.X25519().NewPrivateKey(private_key)
+	if err != nil {
+		return nil, fmt.Errorf("Invalid X25519 private key: %w", err)
+	}
+	pubkey, err := ecdh.X25519().NewPublicKey(public_key)
+	if err != nil {
+		return nil, fmt.Errorf("Invalid X25519 public key: %w", err)
+	}
+	secret, err = prkey.ECDH(pubkey)
+	if err != nil {
+		err = fmt.Errorf("Failed to perform ECDH shared secret derivation: %w", err)
+	}
 	return
 }