cryptography

package
v0.0.0-...-0d0fca6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 4, 2024 License: GPL-3.0 Imports: 18 Imported by: 0

README

Cryptography

Wrappers around Go cryptographic functions, you should avoid using any cryptographic primitives that are not from this package.

Documentation

Index

Constants

View Source
const (
	// TOTPDigits - Number of digits in the TOTP
	TOTPDigits          = 8
	TOTPPeriod          = uint(30)
	TOTPSecretKey       = "server.totp"
	ServerECCKeyPairKey = "server.ecc"
)

Variables

View Source
var (
	// ErrInvalidKeyLength - Invalid key length
	ErrInvalidKeyLength = errors.New("invalid length")

	// ErrReplayAttack - Replay attack
	ErrReplayAttack = errors.New("replay attack detected")

	// ErrDecryptFailed
	ErrDecryptFailed = errors.New("decryption failed")
)

Functions

func AgeDecrypt

func AgeDecrypt(recipientPrivateKey string, ciphertext []byte) ([]byte, error)

AgeDecrypt - Decrypt using Curve 25519 + ChaCha20Poly1305

func AgeEncrypt

func AgeEncrypt(recipientPublicKey string, plaintext []byte) ([]byte, error)

AgeEncrypt - Encrypt using Nacl Box

func AgeKeyExFromImplant

func AgeKeyExFromImplant(serverPrivateKey string, implantPrivateKey string, ciphertext []byte) ([]byte, error)

AgeKeyPairFromImplant - Decrypt the session key from an implant

func Decrypt

func Decrypt(key [chacha20poly1305.KeySize]byte, ciphertext []byte) ([]byte, error)

Decrypt - Decrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func Encrypt

func Encrypt(key [chacha20poly1305.KeySize]byte, plaintext []byte) ([]byte, error)

Encrypt - Encrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func KeyFromBytes

func KeyFromBytes(data []byte) ([chacha20poly1305.KeySize]byte, error)

KeyFromBytes - Convert to fixed length buffer

func MinisignServerPrivateKey

func MinisignServerPrivateKey() *minisign.PrivateKey

MinisignServerPrivateKey - Get the server's minisign key pair

func MinisignServerPublicKey

func MinisignServerPublicKey() string

MinisignServerPublicKey - Get the server's minisign public key string

func MinisignServerSign

func MinisignServerSign(message []byte) string

MinisignServerSign - Sign a message with the server's minisign private key

func RandomKey

func RandomKey() [chacha20poly1305.KeySize]byte

RandomKey - Generate random ID of randomIDSize bytes

func TOTPOptions

func TOTPOptions() totp.ValidateOpts

TOTPOptions - Customized totp validation options

func TOTPServerSecret

func TOTPServerSecret() (string, error)

TOTPServerSecret - Get the server-wide totp secret value, the goal of the totp is for the implant to prove it was generated by this server. To that end we simply use a server-wide secret and ignore issuers/accounts. In order to bypass this check you'd have to extract the totp secret from a binary generated by the server.

func ValidateTOTP

func ValidateTOTP(code string) (bool, error)

ValidateTOTP - Validate a TOTP code

Types

type AgeKeyPair

type AgeKeyPair struct {
	Public  string `json:"public"`
	Private string `json:"private"`
}

AgeKeyPair - Holds the public/private key pair

func ECCServerKeyPair

func ECCServerKeyPair() *AgeKeyPair

ECCServerKeyPair - Get teh server's ECC key pair

func RandomAgeKeyPair

func RandomAgeKeyPair() (*AgeKeyPair, error)

RandomAgeKeyPair - Generate a random Curve 25519 key pair

func (*AgeKeyPair) PrivateKey

func (e *AgeKeyPair) PrivateKey() string

PrivateBase64 - Base64 encoded private key

func (*AgeKeyPair) PublicKey

func (e *AgeKeyPair) PublicKey() *age.X25519Recipient

PublicKey - Return the parsed public key

type CipherContext

type CipherContext struct {
	Key [chacha20poly1305.KeySize]byte
	// contains filtered or unexported fields
}

CipherContext - Tracks a series of messages encrypted under the same key and detects/prevents replay attacks.

func NewCipherContext

func NewCipherContext(key [chacha20poly1305.KeySize]byte) *CipherContext

NewCipherContext - Wrapper around creating a cipher context from a key

func (*CipherContext) Decrypt

func (c *CipherContext) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt - Decrypt a message with the contextual key and check for replay attacks

func (*CipherContext) Encrypt

func (c *CipherContext) Encrypt(plaintext []byte) ([]byte, error)

Encrypt - Encrypt a message with the contextual key

Directories

Path Synopsis
Package minisign implements the minisign signature scheme.
Package minisign implements the minisign signature scheme.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL