core

package
v0.0.0-...-1aae4e9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 7, 2014 License: BSD-3-Clause Imports: 18 Imported by: 0

Documentation

Overview

Package core encompasses the essential message passing features of PassRep.

Index

Constants

View Source 
const (
	// ValidPermissions is the set of allowed permissions characters.
	ValidPermissions = "rwd"
)

Variables

View Source 
var DB gorm.DB

Functions

This section is empty.

Types

type EntryView 

type EntryView struct {
	// The Id is the database row identifier.
	Id int64
	// CreatedAt is the time when the entry was created.
	CreatedAt time.Time
	// UpdatedAt is the time when the entry was last updated.
	UpdatedAt time.Time

	// The EntryId string is the unique identifier for the password entry, and ties together the individual views into the entry of each user.
	EntryId string

	// UserId is the foreign key of the owning user's database entry.
	UserId int64

	// The Permissions field is the signed string describing the permissions that the user has for this entry.  The permissions are granted
	// by the associated authority.
	Permissions string
	// AuthorityId is the foreign key of the user granting the permissions for this entry.
	AuthorityId int64

	// The Group field is the encrypted name of the group to which the entry belongs.
	Group string
	// The Icon field is the encrypted image data or path to image file of the entry.
	Icon string
	// The Title field is the encrypted title of the entry.
	Title string

	// The Username field is the encrypted username stored in the entry.
	Username string
	// The Password field is the encrypted password stored in the entry.
	Password string
	// The Url field is the encrypted url stored in the entry.
	Url string
	// The Comment field is the encrypted comment stored in the entry.
	Comment string
	// The Expiry field is the encrypted expiry date of the password stored in the entry.
	Expiry string
	// The Extras field is extra encrypted JSON data associated with the entry.
	Extras string

	// The Userdata field is extra encrypted user-specific JSON data associated with the entry.
	Userdata string
}

EntryView instances represent one user's view of a password database entry. Most fields are kept encrypted until they need to be accessed.

func (*EntryView) ReadComment 

func (this *EntryView) ReadComment() (string, error)

ReadComment reads the comment field of the entry, provided that the user has appropriate permissions.

func (*EntryView) ReadExpiry 

func (this *EntryView) ReadExpiry() (time.Time, error)

ReadExpiry reads the expiry date field of the entry, provided that the user has appropriate permissions.

func (*EntryView) ReadExtras 

func (this *EntryView) ReadExtras(user string) (interface{}, error)

ReadExtras reads the extras field of the entry, provided that the user has appropriate permissions.

func (*EntryView) ReadGroup 

func (this *EntryView) ReadGroup() (string, error)

ReadGroup reads the group field of the entry, provided that the user has appropriate permissions. Read access to the group field is granted to users with any permissions, since this field is necessary in order to be able to display the entry properly.

func (*EntryView) ReadIcon 

func (this *EntryView) ReadIcon() (string, error)

ReadIcon reads the icon field of the entry, provided that the user has appropriate permissions. Read access to the icon field is granted to users with any permissions, since this field is necessary in order to be able to display the entry properly.

func (*EntryView) ReadPassword 

func (this *EntryView) ReadPassword() (string, error)

ReadPassword reads the password field of the entry, provided that the user has appropriate permissions.

func (*EntryView) ReadTitle 

func (this *EntryView) ReadTitle() (string, error)

ReadTitle reads the title field of the entry, provided that the user has appropriate permissions. Read access to the title field is granted to users with any permissions, since this field is necessary in order to be able to display the entry properly.

func (*EntryView) ReadUrl 

func (this *EntryView) ReadUrl() (string, error)

ReadUrl reads the password field of the entry, provided that the user has appropriate permissions.

func (*EntryView) ReadUserdata 

func (this *EntryView) ReadUserdata() (interface{}, error)

ReadUserdata reads the userdata field of the entry. No specific permissions are required since this field is only ever accessible by the user and is not propagated to others.

func (*EntryView) ReadUsername 

func (this *EntryView) ReadUsername() (string, error)

ReadUsername reads the username field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WriteComment 

func (this *EntryView) WriteComment(comment string) error

WriteComment writes the comment field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WriteExpiry 

func (this *EntryView) WriteExpiry(expiry time.Time) error

WriteExpiry writes the expiry field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WriteExtras 

func (this *EntryView) WriteExtras(extras interface{}) error

WriteExtras writes the extras field of the entry, provided that the user has appropriate permissions and a valid encryption key.

func (*EntryView) WriteGroup 

func (this *EntryView) WriteGroup(group string) error

WriteGroup writes the group field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WriteIcon 

func (this *EntryView) WriteIcon(icon string) error

WriteIcon writes the icon field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WritePassword 

func (this *EntryView) WritePassword(password string) error

WritePassword writes the password field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WriteTitle 

func (this *EntryView) WriteTitle(title string) error

WriteTitle writes the title field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WriteUrl 

func (this *EntryView) WriteUrl(url string) error

WriteUrl writes the url field of the entry, provided that the user has appropriate permissions.

func (*EntryView) WriteUserdata 

func (this *EntryView) WriteUserdata(userdata interface{}) error

WriteUserdata writes the userdata field of the entry, provided that the user a valid encryption key.

func (*EntryView) WriteUsername 

func (this *EntryView) WriteUsername(username string) error

WriteUsername writes the username field of the entry, provided that the user has appropriate permissions.

type Error 

type Error struct {
	// The File is the source file where the error originated.
	File string
	// The Line is the source line where the error originated.
	Line int
	// The User is the name of the user for whom the error was generated.
	User string
	// The Msg is the string describing the error.
	Msg string
}

The Error type is the basic PWS error type used when no other type is more appropriate.

func NewError 

func NewError(content interface{}, user ...interface{}) *Error

NewError produces a new Error instance.

func (*Error) Error 

func (this *Error) Error() string

Error produces a string describing the error from the code and message.

func (*Error) SetUser 

func (this *Error) SetUser(user interface{}) *Error

SetUser changes the user field after creation.

type Keys 

type Keys struct {
	// The CryptoKey field is the private symmetric encryption key for the user's own data.
	CryptoKey []byte
	// The SigningKey is the ECDSA private (and public) key used for signing entry and permission changes.
	SigningKey *ecdsa.PrivateKey
}

The Keys structure holds the private cryptographic and signing keys of a user.

func MakeKeys 

func MakeKeys(user *User, password string) (*Keys, error)

MakeKeys takes the password salts from the user as well as the user's password, and generates the corresponding set of private keys.

func (*Keys) PublicSigningKey 

func (this *Keys) PublicSigningKey() *ecdsa.PublicKey

PublicSigningKey provides access to the user's public ECDSA key.

func (*Keys) PublicSigningKeyNoCurve 

func (this *Keys) PublicSigningKeyNoCurve() *SigningKey

PublicSigningKey provides access to the user's public ECDSA key.

type Signature 

type Signature struct {
	R *big.Int
	S *big.Int
}

The Signature structure represents a ECDSA signature.

type SigningKey 

type SigningKey struct {
	X *big.Int
	Y *big.Int
}

The SigningKey structure represents an ECDSA key without the curve info.

type User 

type User struct {
	// The Id is the database row identifier.
	Id int64
	// CreatedAt is the time when the user was created.
	CreatedAt time.Time
	// UpdatedAt is the time when the user was last updated.
	UpdatedAt time.Time

	// The Name is the user's username.
	Name string `sql:"not null;unique"`
	// The CryptoSalt is a base64 encoded random value used when generating the user's symmetric encryption keys.
	CryptoSalt string `sql:"not null;unique"`
	// The SigningSalt is a base64 encoded random value used when generating the user's ECDSA keys.
	SigningSalt string `sql:"not null;unique"`

	// PublicKey is the user's current public key.
	PublicKey string `sql:"not null;unique"`
	// contains filtered or unexported fields
}

The User structure represents an entity capable of interacting with password entries.

func LoadUser 

func LoadUser(name string) (*User, error)

LoadUser instantiates an existing user from the database.

func NewUser 

func NewUser(name string, password string) (*User, error)

The NewUser function instantiates a new user object and adds the user to the database.

func (*User) Can 

func (this *User) Can(query string, entry *EntryView) bool

Can tests whether the user has at least one of the passed in permissions on the given entry. The special value "*" may be used for the query to determine if the user has any permissions on the entry.

func (*User) Decrypt 

func (this *User) Decrypt(encrypted string) ([]byte, error)

The Decrypt function decrypts a base64 encoded string that was encrypted with the user's private symmetric encryption key.

func (*User) DecryptShared 

func (this *User) DecryptShared(encrypted string, signed string, other *User) ([]byte, []byte, error)

The DecryptShared function base64 decodes and decrypts data using a shared secret determined between two users.

func (*User) Drop 

func (this *User) Drop()

Drop removes the user from the database, but does not delete the corresponding Go structure.

func (*User) Encrypt 

func (this *User) Encrypt(data []byte) (string, error)

The Encrypt function encrypts and base64 encodes data with the user's private symmetric encryption key.

func (*User) EncryptShared 

func (this *User) EncryptShared(data []byte, sign []byte, other *User) (string, string, error)

The EncryptShared function encrypts and base64 encodes data using a shared secret determined between two users.

func (*User) GetCryptoSalt 

func (this *User) GetCryptoSalt() ([]byte, *Error)

GetCryptoSalt decodes to a byte slice the base64 encoded CryptoSalt.

func (*User) GetSigningSalt 

func (this *User) GetSigningSalt() ([]byte, *Error)

GetSigningSalt decodes to a byte slice the base64 encoded SigningSalt.

func (*User) Sign 

func (this *User) Sign(data []byte) (string, error)

Sign encodes the provided data and adds a signature generated from the user's private signing key.

func (*User) Verify 

func (this *User) Verify(signed string) (bool, []byte, error)

Verify checks that this user signed the encoded blob of data.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.