certificate_test.go

@@ -29,7 +29,6 @@ func TestCertificateCreation(t *testing.T) {
 	cert_opts := CertificateOptions{
 		// KeyUsage:  x509.KeyUsageEncipherOnly | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
 		SerialNumber: big.NewInt(1),
-		CALength:     -1,
 	}
 
 	cert, err := csr.ToCertificate(pk, cert_opts, nil)
@@ -43,9 +42,6 @@ func TestCertificateCreation(t *testing.T) {
 }
 
 func fieldsAreSame(data CertificateData, cert *Certificate) bool {
-	if cert == nil {
-		return false
-	}
 	if data.Subject.CommonName != cert.Subject.CommonName {
 		return false
 	}

ed25519.go

@@ -3,12 +3,12 @@ package pki
 import (
 	"bytes"
 	"crypto"
-	"crypto/ed25519"
 	"crypto/rand"
 	"encoding/pem"
 	"errors"
-	"fmt"
 	"io"
+
+	"github.com/agl/ed25519"
 )
 
 const (
@@ -17,11 +17,11 @@ const (
 
 type (
 	Ed25519PrivateKey struct {
-		private_key ed25519.PrivateKey
+		private_key [ed25519.PrivateKeySize]byte
 	}
 
 	Ed25519PublicKey struct {
-		public_key ed25519.PublicKey
+		public_key [ed25519.PublicKeySize]byte
 	}
 )
 
@@ -31,16 +31,16 @@ func NewPrivateKeyEd25519() (*Ed25519PrivateKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &Ed25519PrivateKey{pr_raw}, nil
+	return &Ed25519PrivateKey{*pr_raw}, nil
 }
 
 // Restore an ed25519 private key from a raw byte stream.
 // TODO does this have to be asn1? all other functions expect asn1
 func LoadPrivateKeyEd25519(raw []byte) (*Ed25519PrivateKey, error) {
-	pr_loaded := make([]byte, ed25519.PrivateKeySize)
-	length := copy(pr_loaded, raw)
+	var pr_loaded [ed25519.PrivateKeySize]byte
+	length := copy(pr_loaded[:], raw)
 	if length != ed25519.PrivateKeySize {
-		return nil, fmt.Errorf("private key length incorrect - got: %d - expected: %d", length, ed25519.PrivateKeySize)
+		return nil, errors.New("private key length incorrect")
 	}
 	return &Ed25519PrivateKey{pr_loaded}, nil
 }
@@ -57,14 +57,14 @@ func (pr *Ed25519PrivateKey) Public() PublicKey {
 	if err != nil {
 		return nil
 	}
-	return &Ed25519PublicKey{pu_raw}
+	return &Ed25519PublicKey{*pu_raw}
 }
 
 // Hash the message given the hash algorythm and sign the hash using the private key.
 func (pr *Ed25519PrivateKey) Sign(message []byte, hash crypto.Hash) ([]byte, error) {
 	hashed_message := hash.New()
 	hashed_message.Write(message)
-	result := ed25519.Sign(pr.private_key, hashed_message.Sum(nil))[:]
+	result := ed25519.Sign(&pr.private_key, hashed_message.Sum(nil))[:]
 	return result, nil
 }
 
@@ -84,8 +84,8 @@ func (pr Ed25519PrivateKey) ToPem() (pem.Block, error) {
 // Load the public key from a raw byte stream.
 // TODO should this be read from ASN.1? All other functions do that.
 func LoadPublicKeyEd25519(raw []byte) (*Ed25519PublicKey, error) {
-	pu_loaded := make([]byte, ed25519.PublicKeySize)
-	length := copy(pu_loaded, raw)
+	var pu_loaded [ed25519.PublicKeySize]byte
+	length := copy(pu_loaded[:], raw)
 	if length != ed25519.PublicKeySize {
 		return nil, errors.New("public key length incorrect")
 	}
@@ -108,12 +108,12 @@ func (pu Ed25519PublicKey) MarshalPem() (io.WriterTo, error) {
 
 // Hash the message with the hash algorythm and check the signature against the result.
 func (pu Ed25519PublicKey) Verify(message []byte, signature []byte, hash crypto.Hash) (bool, error) {
-	sig := make([]byte, ed25519.SignatureSize)
+	var sig [ed25519.SignatureSize]byte
 	length := copy(sig[:], signature)
 	if length != ed25519.SignatureSize {
 		return false, errors.New("signature does not fit length")
 	}
 	hashed_message := hash.New()
 	hashed_message.Write(message)
-	return ed25519.Verify(pu.public_key, hashed_message.Sum(nil), sig), nil
+	return ed25519.Verify(&pu.public_key, hashed_message.Sum(nil), &sig), nil
 }