himbocrypt/pkg/engine/engine.go

package engine

import (
"crypto/ecdh"
"crypto/rand"
"crypto/sha256"
"encoding/hex"
"errors"
"fmt"
"io"

"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/hkdf"
)

type KeyPair struct {
	PrivateKey *ecdh.PrivateKey
	PublicKey  *ecdh.PublicKey
}

type Engine struct{}

func NewEngine() *Engine {
	return &Engine{}
}

func (e *Engine) GenerateKeyPair() (*KeyPair, error) {
	curve := ecdh.X25519()
	priv, err := curve.GenerateKey(rand.Reader)
	if err != nil {
		return nil, fmt.Errorf("failed to generate private key: %w", err)
	}
	return &KeyPair{
		PrivateKey: priv,
		PublicKey:  priv.PublicKey(),
	}, nil
}

func (kp *KeyPair) EncodePublicKey() string {
	return hex.EncodeToString(kp.PublicKey.Bytes())
}

func (kp *KeyPair) EncodePrivateKey() string {
	return hex.EncodeToString(kp.PrivateKey.Bytes())
}

func (e *Engine) DecodePrivateKey(hexKey string) (*ecdh.PrivateKey, error) {
	bytes, err := hex.DecodeString(hexKey)
	if err != nil {
		return nil, err
	}
	return ecdh.X25519().NewPrivateKey(bytes)
}

func (e *Engine) DecodePublicKey(hexKey string) (*ecdh.PublicKey, error) {
	bytes, err := hex.DecodeString(hexKey)
	if err != nil {
		return nil, err
	}
	return ecdh.X25519().NewPublicKey(bytes)
}

// Encrypt uses a hybrid scheme:
// 1. Ephemeral-Static ECDH (Forward Secrecy)
// 2. Static-Static ECDH (Auth)
// 3. XChaCha20-Poly1305 (AEAD)
// Output: [EphemeralPub] [Nonce] [Ciphertext]
func (e *Engine) Encrypt(senderPriv *ecdh.PrivateKey, recipientPub *ecdh.PublicKey, plaintext []byte) ([]byte, error) {
	// Generate ephemeral keys for forward secrecy
	ephemeralPriv, err := ecdh.X25519().GenerateKey(rand.Reader)
	if err != nil {
		return nil, fmt.Errorf("failed to generate ephemeral key: %w", err)
	}
	ephemeralPub := ephemeralPriv.PublicKey()

	// Calculate shared secrets
	ss1, err := ephemeralPriv.ECDH(recipientPub)
	if err != nil {
		return nil, fmt.Errorf("ecdh ss1 failed: %w", err)
	}

	ss2, err := senderPriv.ECDH(recipientPub)
	if err != nil {
		return nil, fmt.Errorf("ecdh ss2 failed: %w", err)
	}

	// Create nonce
	nonce := make([]byte, chacha20poly1305.NonceSizeX)
	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
		return nil, fmt.Errorf("failed to generate nonce: %w", err)
	}

	// Derive key from both secrets
	ikm := append(ss1, ss2...)
	kdf := hkdf.New(sha256.New, ikm, nonce, []byte("HIMBOCRYPT_V1"))
	symmetricKey := make([]byte, chacha20poly1305.KeySize)
	if _, err := io.ReadFull(kdf, symmetricKey); err != nil {
		return nil, fmt.Errorf("key derivation failed: %w", err)
	}

	aead, err := chacha20poly1305.NewX(symmetricKey)
	if err != nil {
		return nil, fmt.Errorf("failed to create aead: %w", err)
	}

	// Pack it all up
	dst := make([]byte, 0, len(ephemeralPub.Bytes())+len(nonce)+len(plaintext)+aead.Overhead())
	dst = append(dst, ephemeralPub.Bytes()...)
	dst = append(dst, nonce...)
	return aead.Seal(dst, nonce, plaintext, nil), nil
}

func (e *Engine) Decrypt(recipientPriv *ecdh.PrivateKey, senderPub *ecdh.PublicKey, encryptedMsg []byte) ([]byte, error) {
	const pubKeySize = 32
	const nonceSize = 24

	if len(encryptedMsg) < pubKeySize+nonceSize {
		return nil, errors.New("message too short")
	}

	// Unpack
	ephemeralPubBytes := encryptedMsg[:pubKeySize]
	nonce := encryptedMsg[pubKeySize : pubKeySize+nonceSize]
	ciphertext := encryptedMsg[pubKeySize+nonceSize:]

	ephemeralPub, err := ecdh.X25519().NewPublicKey(ephemeralPubBytes)
	if err != nil {
		return nil, fmt.Errorf("invalid ephemeral public key: %w", err)
	}

	// Reconstruct secrets
	ss1, err := recipientPriv.ECDH(ephemeralPub)
	if err != nil {
		return nil, fmt.Errorf("ecdh ss1 failed: %w", err)
	}

	ss2, err := recipientPriv.ECDH(senderPub)
	if err != nil {
		return nil, fmt.Errorf("ecdh ss2 failed: %w", err)
	}

	// Derive key
	ikm := append(ss1, ss2...)
	kdf := hkdf.New(sha256.New, ikm, nonce, []byte("HIMBOCRYPT_V1"))
	symmetricKey := make([]byte, chacha20poly1305.KeySize)
	if _, err := io.ReadFull(kdf, symmetricKey); err != nil {
		return nil, fmt.Errorf("key derivation failed: %w", err)
	}

	aead, err := chacha20poly1305.NewX(symmetricKey)
	if err != nil {
		return nil, fmt.Errorf("failed to create aead: %w", err)
	}

	return aead.Open(nil, nonce, ciphertext, nil)
}