crypto

package
v2.24.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 4, 2024 License: MIT Imports: 26 Imported by: 1

Documentation

Index

Constants

View Source
const AES256KeySize = 32

AES256KeySize for AWS256 Encryption

Variables

This section is empty.

Functions

func DynamicTruncate

func DynamicTruncate(hmacResult []byte, digits int) string

DynamicTruncate as described in RFC4226

"The Truncate function performs Step 2 and Step 3, i.e., the dynamic
truncation and then the reduction modulo 10^Digit.  The purpose of
the dynamic offset truncation technique is to extract a 4-byte
dynamic binary code from a 160-bit (20-byte) HMAC-SHA-1 result.

 DT(String) // String = String[0]...String[19]
  Let OffsetBits be the low-order 4 bits of String[19]
  Offset = StToNum(OffsetBits) // 0 <= OffSet <= 15
  Let P = String[OffSet]...String[OffSet+3]
  Return the Last 31 bits of P"

func GenerateTOTPQRCodePNG

func GenerateTOTPQRCodePNG(key, issuer, user string, period time.Duration, length int) ([]byte, error)

GenerateTOTPQRCodePNG that can be served directly using content type header with 'image/png' or written to file.

func GenerateTOTPURI

func GenerateTOTPURI(key, issuer, user string, period time.Duration, length int) string

GenerateTOTPURI for use in a QR code for registration with an authenticator application

func HOTP

func HOTP(key string, counter uint64, length int) (string, error)

HOTP for the passed key and counter with the specified number of digits (min 6, max 8)

func HOTPCompare

func HOTPCompare(key string, counter uint64, length int, challenge string) (bool, error)

HOTPCompare the HOTP for the specified key and the passed challenge

func Hash

func Hash(password string, salt string) string

Hash returns the hash of a given string and salt

func HashAndSalt

func HashAndSalt(password string) (hash string, salt string)

HashAndSalt generates a Hash and a Salt for a given string

func HashMD5

func HashMD5(plaintext []byte) string

HashMD5 returns the MD5 sum of the passed bytes

func NewIncompleteDataError

func NewIncompleteDataError() errors.TracerError

NewIncompleteDataError instantiates a IncompleteDataError with a stack trace

func NewOTPKey

func NewOTPKey() (string, error)

NewOTPKey for use with HOTP or TOTP as a base32 encoded string

func NewRSAPrivateKeyNotSetError

func NewRSAPrivateKeyNotSetError() errors.TracerError

NewRSAPrivateKeyNotSetError instantiates a RSAPrivateKeyNotSetError with a stack trace

func NewRSAPublicKeyNotSetError

func NewRSAPublicKeyNotSetError() errors.TracerError

NewRSAPublicKeyNotSetError instantiates a RSAPublicKeyNotSetError with a stack trace

func TOTP

func TOTP(key string, period time.Duration, vary int, length int) (string, error)

TOTP for the passed key with the specified period (step size) and number of digits, step will be adjusted using the passed 'vary'

func TOTPCompare

func TOTPCompare(key string, period time.Duration, adjust int, length int, challenge string) (bool, error)

TOTPCompare the challenge to TOTP for a specific step dictated by period and adjust.

func TOTPCompareAndGetDrift added in v2.1.1

func TOTPCompareAndGetDrift(key string, period time.Duration, length int,
	variance uint, challenge string, drift int) (bool, int, error)

TOTPCompareAndGetDrift the expected TOTP calculation with the challenge in constant time.

func TOTPCompareAndGetDriftWithResynchronization added in v2.18.0

func TOTPCompareAndGetDriftWithResynchronization(key string, period time.Duration, length int,
	variance uint, challenge string, drift int) (bool, int, error)

TOTPCompareAndGetDriftWithResynchronization will check the 0 drift case before comparing the passed drift. Executes in constants time in non-error conditions.

func TOTPCompareWithVariance

func TOTPCompareWithVariance(key string, period time.Duration, length int,
	variance uint, challenge string) (ok bool, err error)

TOTPCompareWithVariance the expected TOTP calculation with the challenge in constant time. If variance is greater than 0, abs(variance) frames will be compared on either side of the 0 frame. Example:

Given the following values and offsets
	TOTP():	|   A   |    B   |   C   |   D   |   E   |
	offset:	|  -2   |   -1   |   0   |   1   |   2   |

The following arguments would have the specified results:

		Variance == ABS(Variance)
     Challenge	Variance 	Return
		A			0		False
		A			1		False
		A			2		True
		B			0		False
		B			1		True
		B			2		True
		C			0		True
		C			1		True
		C			2		True
		E			0		False
		E			1		False
		E			2		True

Types

type AESEncryption

type AESEncryption struct {
	// contains filtered or unexported fields
}

AESEncryption provides AES256 Encryption with GCM tampering detection.

func (*AESEncryption) Decrypt

func (a *AESEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)

Decrypt data using AES256-GCM

func (*AESEncryption) Encrypt

func (a *AESEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)

Encrypt with AES256-GCM

func (AESEncryption) GenerateKey

func (AESEncryption) GenerateKey() []byte

GenerateKey will create a new key to use with this instance of AES

func (*AESEncryption) GetKey

func (a *AESEncryption) GetKey() []byte

GetKey currently being used by this instance of AES

func (*AESEncryption) GetType

func (a *AESEncryption) GetType() CipherType

GetType returns the cipher type this instance of encryption provides.

func (*AESEncryption) RotateKey

func (a *AESEncryption) RotateKey() []byte

RotateKey generates a new AES256 key and sets for use on this instance and returns it.

func (*AESEncryption) SetKey

func (a *AESEncryption) SetKey(key []byte) error

SetKey for use on this instance of AES256.

func (*AESEncryption) Sign

func (a *AESEncryption) Sign(plaintext []byte) (signature []byte, err error)

Sign does nothing with AES

func (*AESEncryption) Verify

func (a *AESEncryption) Verify(plaintext []byte, signature []byte) (err error)

Verify does nothing with AES

type CipherType

type CipherType uint8

CipherType represents how the message body will be encrypted.

const (
	// None specifies no encryption. Suitable only for Negotiate requests.
	None CipherType = 0
	// AES symmetric encryption
	AES CipherType = 1
	// RSA asymmetric small message encryption
	RSA CipherType = 2
)

func (CipherType) String

func (ct CipherType) String() string

type Encryption

type Encryption interface {
	GetType() CipherType
	Encrypt(plaintext []byte) (ciphertext []byte, err error)
	Decrypt(ciphertext []byte) (plaintext []byte, err error)
	Sign(plaintext []byte) (signature []byte, err error)
	Verify(plaintext []byte, signature []byte) (err error)
}

Encryption interface provides the necessary methods for an encryption provider.

func NewAES

func NewAES(key []byte) (Encryption, error)

NewAES using the passed key, if nil is passed a new key will be generated.

func NewNoEncryption

func NewNoEncryption() Encryption

NewNoEncryption returns an instance of NoEncryption which can be used as a pass through.

type IncompleteDataError

type IncompleteDataError struct {
	// contains filtered or unexported fields
}

IncompleteDataError returned when an incomplete ciphertext is passed to decrypt.

func (*IncompleteDataError) Error

func (err *IncompleteDataError) Error() string

func (*IncompleteDataError) Trace

func (err *IncompleteDataError) Trace() []string

Trace returns the stack trace for the error

type NoEncryption

type NoEncryption struct{}

NoEncryption provides a passthrough for when you need an Encryption object but don't actually want encryption.

func (*NoEncryption) Decrypt

func (ne *NoEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)

Decrypt returns the ciphertext

func (*NoEncryption) Encrypt

func (ne *NoEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)

Encrypt returns the plaintext

func (*NoEncryption) GetType

func (ne *NoEncryption) GetType() CipherType

GetType of cipher on this Encryption.

func (*NoEncryption) Sign

func (ne *NoEncryption) Sign(plaintext []byte) (signature []byte, err error)

Sign the passed plaintext and return a signature that can be used to verify that the data was signed using this instance of encryptions key.

func (*NoEncryption) Verify

func (ne *NoEncryption) Verify(plaintext []byte, signature []byte) (err error)

Verify the passed signature against the key on this instance. Returns err on failure.

type RSAEncryption

type RSAEncryption struct {
	// contains filtered or unexported fields
}

RSAEncryption provides 2048 bit rsa encryption with optional PSS Signing.

func NewRSAEncryption

func NewRSAEncryption() *RSAEncryption

NewRSAEncryption instance with no keys set.

func (*RSAEncryption) Decrypt

func (r *RSAEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)

Decrypt the passed ciphertext using the passed private key.

func (*RSAEncryption) DecryptAndVerify

func (r *RSAEncryption) DecryptAndVerify(ciphertext []byte, signature []byte) (
	plaintext []byte, err error)

DecryptAndVerify decrypts the passed ciphertext and verifies the signature.

func (*RSAEncryption) Encrypt

func (r *RSAEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)

Encrypt the passed plaintext using the passed public key.

func (*RSAEncryption) EncryptAndSign

func (r *RSAEncryption) EncryptAndSign(plaintext []byte) (
	signature []byte, ciphertext []byte, err error)

EncryptAndSign the passed plaintext with the passed encryption key and signing key.

func (*RSAEncryption) GenerateKey

func (r *RSAEncryption) GenerateKey() *rsa.PrivateKey

GenerateKey for 2048 bit rsa encryption.

func (*RSAEncryption) GetPrivateKey

func (r *RSAEncryption) GetPrivateKey() *rsa.PrivateKey

GetPrivateKey that is currently set on this instance of RSAEncryption

func (*RSAEncryption) GetPublicKey

func (r *RSAEncryption) GetPublicKey() *rsa.PublicKey

GetPublicKey that is currently set on this instance.

func (*RSAEncryption) GetType

func (r *RSAEncryption) GetType() CipherType

GetType returns the cipher type this encryption instance provides.

func (*RSAEncryption) MarshalPrivateKey

func (r *RSAEncryption) MarshalPrivateKey() ([]byte, error)

MarshalPrivateKey data type (PKCS1) and return as bytes.

func (*RSAEncryption) MarshalPrivatePublicKey

func (r *RSAEncryption) MarshalPrivatePublicKey() ([]byte, error)

MarshalPrivatePublicKey to data type PubASN1 PEM format and return as bytes.

func (*RSAEncryption) MarshalPublicKey

func (r *RSAEncryption) MarshalPublicKey() ([]byte, error)

MarshalPublicKey data type (PubASN1) and return as bytes.

func (*RSAEncryption) SetPrivateKey

func (r *RSAEncryption) SetPrivateKey(key *rsa.PrivateKey)

SetPrivateKey that will be used to decrypt and sign on this instance.

func (*RSAEncryption) SetPublicKey

func (r *RSAEncryption) SetPublicKey(key rsa.PublicKey)

SetPublicKey that will be used to encrypt and verify on this instance.

func (*RSAEncryption) Sign

func (r *RSAEncryption) Sign(plaintext []byte) (signed []byte, err error)

Sign with RSASSA-PSS

func (*RSAEncryption) UnmarshallPrivateKey

func (r *RSAEncryption) UnmarshallPrivateKey(bytes []byte) error

UnmarshallPrivateKey from the passed bytes created from `MarshalPrivateKey` and set it on this instance.

func (*RSAEncryption) UnmarshallPublicKey

func (r *RSAEncryption) UnmarshallPublicKey(bytes []byte) error

UnmarshallPublicKey from the passed bytes created using MarshalPublicKey and set it on this instance.

func (*RSAEncryption) Verify

func (r *RSAEncryption) Verify(plaintext []byte, signature []byte) error

Verify that the passed signature matches the signature of the plaintext encrypted using the private key corresponding to the passed public key.

type RSAPrivateKeyNotSetError

type RSAPrivateKeyNotSetError struct {
	// contains filtered or unexported fields
}

RSAPrivateKeyNotSetError is returned when the RSA private key is not set and an operation needing a private key is called.

func (*RSAPrivateKeyNotSetError) Error

func (err *RSAPrivateKeyNotSetError) Error() string

func (*RSAPrivateKeyNotSetError) Trace

func (err *RSAPrivateKeyNotSetError) Trace() []string

Trace returns the stack trace for the error

type RSAPublicKeyNotSetError

type RSAPublicKeyNotSetError struct {
	// contains filtered or unexported fields
}

RSAPublicKeyNotSetError is returned when the RSA public key is not set and an operation needing a private key is called.

func (*RSAPublicKeyNotSetError) Error

func (err *RSAPublicKeyNotSetError) Error() string

func (*RSAPublicKeyNotSetError) Trace

func (err *RSAPublicKeyNotSetError) Trace() []string

Trace returns the stack trace for the error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL