Documentation ¶
Index ¶
- Variables
- func AgeDecrypt(recipientPrivateKey string, ciphertext []byte) ([]byte, error)
- func AgeDecryptFromPeer(senderPublicKey []byte, senderPublicKeySig string, ciphertext []byte) ([]byte, error)
- func AgeEncrypt(recipientPublicKey string, plaintext []byte) ([]byte, error)
- func AgeEncryptToPeer(recipientPublicKey []byte, recipientPublicKeySig string, plaintext []byte) ([]byte, error)
- func AgeKeyExToServer(plaintext []byte) ([]byte, error)
- func Decrypt(key [chacha20poly1305.KeySize]byte, ciphertext []byte) ([]byte, error)
- func Encrypt(key [chacha20poly1305.KeySize]byte, plaintext []byte) ([]byte, error)
- func GetExactOTPCode(timestamp time.Time) string
- func GetOTPCode() string
- func GetServerAgePublicKey() string
- func GetServerECCPublicKey() *[32]byte
- func MinisignVerify(message []byte, signature string) bool
- func RandomKey() [chacha20poly1305.KeySize]byte
- func RootOnlyVerifyCertificate(caCertPEM string, rawCerts [][]byte, _ [][]*x509.Certificate) error
- func SetSecrets(newEccPublicKey, newEccPrivateKey, newEccPublicKeySignature, ... string)
- func ValidateTOTP(code string) (bool, error)
- type AgeKeyPair
- type CipherContext
- type PublicKey
- type Signature
Constants ¶
This section is empty.
Variables ¶
var ( // ErrReplayAttack - Replay attack ErrReplayAttack = errors.New("replay attack detected") // ErrDecryptFailed ErrDecryptFailed = errors.New("decryption failed") )
var ( // ECCPublicKey - The implant's ECC public key ECCPublicKey = "{{.Config.ECCPublicKey}}" // eccPublicKeySignature - The implant's public key minisigned'd ECCPublicKeySignature = `{{.Config.ECCPublicKeySignature}}` // ErrInvalidPeerKey - Peer to peer key exchange failed ErrInvalidPeerKey = errors.New("invalid peer key") )
var (
// TLSKeyLogger - File descriptor for logging TLS keys
TLSKeyLogger = newKeyLogger()
)
Functions ¶
func AgeDecrypt ¶
AgeDecrypt - Decrypt using Curve 25519 + ChaCha20Poly1305
func AgeDecryptFromPeer ¶
func AgeDecryptFromPeer(senderPublicKey []byte, senderPublicKeySig string, ciphertext []byte) ([]byte, error)
AgeDecryptFromPeer - Decrypt a message from a peer
func AgeEncrypt ¶
AgeEncrypt - Encrypt using Nacl Box
func AgeEncryptToPeer ¶
func AgeEncryptToPeer(recipientPublicKey []byte, recipientPublicKeySig string, plaintext []byte) ([]byte, error)
AgeEncryptToPeer - Encrypt using the peer's public key
func AgeKeyExToServer ¶
AgeKeyExToServer - Encrypt using the server's public key
func Decrypt ¶
Decrypt - Decrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
func Encrypt ¶
Encrypt - Encrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
func GetExactOTPCode ¶
GetExactOTPCode - Get the OTP code for a specific timestamp
func GetServerAgePublicKey ¶
func GetServerAgePublicKey() string
GetServerAgePublicKey - Get the decoded server public key
func GetServerECCPublicKey ¶
func GetServerECCPublicKey() *[32]byte
GetServerECCPublicKey - Get the decoded server public key
func MinisignVerify ¶
MinisignVerify - Verify a minisign signature
func RandomKey ¶
func RandomKey() [chacha20poly1305.KeySize]byte
RandomKey - Generate random ID of randomIDSize bytes
func RootOnlyVerifyCertificate ¶
func RootOnlyVerifyCertificate(caCertPEM string, rawCerts [][]byte, _ [][]*x509.Certificate) error
rootOnlyVerifyCertificate - Go doesn't provide a method for only skipping hostname validation so we have to disable all of the certificate validation and re-implement everything. https://github.com/golang/go/issues/21971
func SetSecrets ¶
func SetSecrets(newEccPublicKey, newEccPrivateKey, newEccPublicKeySignature, newEccServerPublicKey, newTotpSecret, newMinisignServerPublicKey string)
{{if .Config.Debug}} - Used for unit tests, remove from normal builds where these values are set at compile-time
func ValidateTOTP ¶
ValidateTOTP - Validate a TOTP code
Types ¶
type AgeKeyPair ¶
AgeKeyPair - Holds the public/private key pair
func GetPeerAgeKeyPair ¶
func GetPeerAgeKeyPair() *AgeKeyPair
GetPeerAgeKeyPair - Get the implant's key pair
type CipherContext ¶
type CipherContext struct { Key [chacha20poly1305.KeySize]byte // contains filtered or unexported fields }
CipherContext - Tracks a series of messages encrypted under the same key and detects/prevents replay attacks.
func NewCipherContext ¶
func NewCipherContext(key [chacha20poly1305.KeySize]byte) *CipherContext
NewCipherContext - Wrapper around creating a cipher context from a key