Affected by GO-2024-2430 and 4 other vulnerabilities

GO-2024-2430: Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs

GO-2024-2431: Insecure random string generator used for sensitive data in github.com/cubefs/cubefs

GO-2024-2432: CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs

GO-2024-2433: CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs

GO-2024-2434: CubeFS leaks users key in logs in github.com/cubefs/cubefs

cryptoutil

package

v1.5.0 Latest Latest Go to latest Published: Jan 8, 2020 License: Apache-2.0 Imports: 18 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cubefs/cubefs

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AesDecryptCBC(key, ciphertext []byte) (plaintext []byte, err error)
func AesEncryptCBC(key, plaintext []byte) (ciphertext []byte, err error)
func AuthGenSessionKeyTS(key []byte) (sessionKey []byte)
func Base64Decode(encodedText string) (text []byte, err error)
func Base64Encode(text []byte) (encodedText string)
func CreateClientX(cert *[]byte) (client *http.Client, err error)
func DecodeMessage(message string, key []byte) (plaintext []byte, err error)
func EncodeMessage(plaintext []byte, key []byte) (message string, err error)
func GenSecretKey(key []byte, ts int64, id string) (secretKey []byte)
func GenVerifier(key []byte) (v string, ts int64, err error)
type CryptoKey
type Ticket

Constants ¶

View Source

const (
	RandomNumberOffset  = 0
	RandomNumberSize    = 8
	CheckSumOffset      = RandomNumberOffset + RandomNumberSize
	CheckSumSize        = 16
	MessageOffset       = CheckSumOffset + CheckSumSize
	MessageMetaDataSize = RandomNumberSize + CheckSumSize
)

View Source

const (
	TicketVersion = 1
	TicketAge     = 24 * 60 * 60
)

Variables ¶

This section is empty.

Functions ¶

func AesDecryptCBC ¶

func AesDecryptCBC(key, ciphertext []byte) (plaintext []byte, err error)

AesDecryptCBC defines aes decryption with CBC

func AesEncryptCBC ¶

func AesEncryptCBC(key, plaintext []byte) (ciphertext []byte, err error)

AesEncryptCBC defines aes encryption with CBC

func AuthGenSessionKeyTS ¶

func AuthGenSessionKeyTS(key []byte) (sessionKey []byte)

AuthGenSessionKeyTS authnode generates a session key according to its master key and current timestamp

func Base64Decode ¶

func Base64Decode(encodedText string) (text []byte, err error)

Base64Decode Decoding using base64

func Base64Encode ¶

func Base64Encode(text []byte) (encodedText string)

Base64Encode encoding using base64

func CreateClientX ¶

func CreateClientX(cert *[]byte) (client *http.Client, err error)

CreateClientX creates a https client

func DecodeMessage ¶

func DecodeMessage(message string, key []byte) (plaintext []byte, err error)

DecodeMessage decode a message and verify its validity

func EncodeMessage ¶

func EncodeMessage(plaintext []byte, key []byte) (message string, err error)

EncodeMessage encode a message with aes encrption, md5 signature

func GenSecretKey ¶

func GenSecretKey(key []byte, ts int64, id string) (secretKey []byte)

GenSecretKey generate a secret key according to pair {ts, id}

func GenVerifier ¶

func GenVerifier(key []byte) (v string, ts int64, err error)

GenVerifier generate a verifier for replay mitigation in http

Types ¶

type CryptoKey ¶

type CryptoKey struct {
	Ctime int64  `json:"c_time"`
	Key   []byte `json:"key"`
}

CryptoKey store the session key

type Ticket ¶

type Ticket struct {
	Version    uint8     `json:"version"`
	ServiceID  string    `json:"service_id"`
	SessionKey CryptoKey `json:"session_key"`
	Exp        int64     `json:"exp"`
	IP         string    `json:"ip"`
	Caps       []byte    `json:"caps"`
}

Ticket is a temperary struct to store permissions/caps for clients to access principle

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL