2018-10-04 12:10:19 +02:00
|
|
|
package lightwallet
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/sha256"
|
|
|
|
"encoding/base64"
|
|
|
|
"fmt"
|
|
|
|
"math/big"
|
|
|
|
|
|
|
|
"golang.org/x/crypto/pbkdf2"
|
|
|
|
"golang.org/x/text/unicode/norm"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
pairingTokenSalt = "Status Hardware Wallet Lite"
|
|
|
|
maxPukNumber = int64(999999999999)
|
2018-10-22 19:33:53 +02:00
|
|
|
maxPinNumber = int64(999999)
|
2018-10-04 12:10:19 +02:00
|
|
|
)
|
|
|
|
|
2018-10-05 16:40:32 +02:00
|
|
|
// Secrets contains the secret data needed to pair a client with a card.
|
2018-10-04 12:10:19 +02:00
|
|
|
type Secrets struct {
|
2018-10-22 19:33:53 +02:00
|
|
|
pin string
|
2018-10-04 12:10:19 +02:00
|
|
|
puk string
|
|
|
|
pairingPass string
|
|
|
|
pairingToken []byte
|
|
|
|
}
|
|
|
|
|
2018-10-05 16:40:32 +02:00
|
|
|
// NewSecrets generate a new Secrets with random puk and pairing password.
|
2018-10-04 12:10:19 +02:00
|
|
|
func NewSecrets() (*Secrets, error) {
|
|
|
|
pairingPass, err := generatePairingPass()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
puk, err := rand.Int(rand.Reader, big.NewInt(maxPukNumber))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-10-22 19:33:53 +02:00
|
|
|
pin, err := rand.Int(rand.Reader, big.NewInt(maxPinNumber))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-10-04 12:10:19 +02:00
|
|
|
return &Secrets{
|
2018-10-22 19:33:53 +02:00
|
|
|
pin: fmt.Sprintf("%06d", pin.Int64()),
|
2018-10-04 12:10:19 +02:00
|
|
|
puk: fmt.Sprintf("%012d", puk.Int64()),
|
|
|
|
pairingPass: pairingPass,
|
|
|
|
pairingToken: generatePairingToken(pairingPass),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2018-10-22 19:33:53 +02:00
|
|
|
// Pin returns the pin string.
|
|
|
|
func (s *Secrets) Pin() string {
|
|
|
|
return s.pin
|
|
|
|
}
|
|
|
|
|
2018-10-05 16:40:32 +02:00
|
|
|
// Puk returns the puk string.
|
2018-10-04 12:10:19 +02:00
|
|
|
func (s *Secrets) Puk() string {
|
|
|
|
return s.puk
|
|
|
|
}
|
|
|
|
|
2018-10-05 16:40:32 +02:00
|
|
|
// PairingPass returns the pairing password string.
|
2018-10-04 12:10:19 +02:00
|
|
|
func (s *Secrets) PairingPass() string {
|
|
|
|
return s.pairingPass
|
|
|
|
}
|
|
|
|
|
2018-10-05 16:40:32 +02:00
|
|
|
// PairingToken returns the pairing token generated from the random pairing password.
|
2018-10-04 12:10:19 +02:00
|
|
|
func (s *Secrets) PairingToken() []byte {
|
|
|
|
return s.pairingToken
|
|
|
|
}
|
|
|
|
|
|
|
|
func generatePairingPass() (string, error) {
|
|
|
|
r := make([]byte, 12)
|
|
|
|
_, err := rand.Read(r)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
return base64.URLEncoding.EncodeToString(r), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func generatePairingToken(pass string) []byte {
|
|
|
|
return pbkdf2.Key(norm.NFKD.Bytes([]byte(pass)), norm.NFKD.Bytes([]byte(pairingTokenSalt)), 50000, 32, sha256.New)
|
|
|
|
}
|