secstore

package

v0.0.0-...-2e36be1 Latest Latest Go to latest Published: Sep 17, 2022 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/forsyth/auth

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secstore interacts with a Plan 9 secstore service: authenticating a user, listing, fetching, storing and removing encrypted files.

Index ¶

Constants
Variables
func CanSecstore(network string, addr string, user string) error
func Decrypt(file []byte, key []byte) ([]byte, error)
func Encrypt(file []byte, key []byte) ([]byte, error)
func EncryptionKeys(sigma []byte, direction int) [2][]byte
func EraseKey(key []byte)
func FileKey(key []byte) []byte
func KeyHash(key []byte) []byte
func Privacy()
func Version() string
type DirEntry
type Secstore
- func Dial(network, addr string) (*Secstore, error)

Constants ¶

View Source

const MaxFileSize = 128 * 1024 // arbitrary default, same as Plan 9

View Source

const MaxMsg = ssl.MaxMsg

View Source

const Port = "5356"

Variables ¶

View Source

var (
	ErrFileTooSmall = errors.New("encrypted file size too small")
	ErrDecrypt      = errors.New("file did not decrypt correctly") // should only be wrong key
)

View Source

var (
	ErrNoAuth = errors.New("connection not suitable for authentication")
)

Functions ¶

func CanSecstore ¶

func CanSecstore(network string, addr string, user string) error

CanSecstore checks whether secstore exists at the remote, and has a given user. The remote might sensibly be configured not to reveal whether a user exists or not.

func Decrypt ¶

func Decrypt(file []byte, key []byte) ([]byte, error)

Decrypt decrypts the bytes read from a file, using the given key (the result of FileKey), returning the decoded bytes or an error.

func Encrypt ¶

func Encrypt(file []byte, key []byte) ([]byte, error)

Encrypt encrypts the bytes to be written to a file, using the given key (the result of FileKey), returning the encoded bytes or an error.

func EncryptionKeys ¶

func EncryptionKeys(sigma []byte, direction int) [2][]byte

EncryptionKeys converts a session key to a pair of encryption keys, one for each direction.

func EraseKey ¶

func EraseKey(key []byte)

EraseKey zeroes the bytes of a key, removing it from casual memory viewing.

func FileKey ¶

func FileKey(key []byte) []byte

FileKey converts a secret s into a secstore file key, hiding the text of the key.

func KeyHash ¶

func KeyHash(key []byte) []byte

KeyHash return the SHA1 hash of a password.

func Privacy ¶

func Privacy()

Privacy enables whatever memory privacy mode the OS provides.

func Version ¶

func Version() string

Version returns the secstore version and algorithm, to be sent to the peer.

Types ¶

type DirEntry ¶

type DirEntry struct {
	Name    string    // file name
	Size    uint64    // file size in bytes
	ModTime time.Time // time last stored
	Hash    []byte    // hash of contents, typically sha1 (tell by length)
}

DirEntry describes a file stored by secstore.

type Secstore ¶

type Secstore struct {
	Peer    string // name asserted by other side
	NeedPIN bool   // must obtain and send 2FA
	// contains filtered or unexported fields
}

Secstore provides a set of operations on a remote secstore.

func Dial ¶

func Dial(network, addr string) (*Secstore, error)

Dial connects to the secstore at the given network address, pushes an SSL instance (initially in clear), and returns the resulting connection, which must be authenticated before use (see the Auth method).

func (*Secstore) Auth ¶

func (sec *Secstore) Auth(user string, pwhash []byte) error

Auth authenticates the Secstore connection for the given user and password hash, engages line encryption using the negotiated session key, setting the peer name and an optional demand for further authentication (Secstore.NeedPIN), which if true requires the SendPIN method to be invoked to provide the PIN. The connection can then be used for secstore commands, typically via Files, GetFile, PutFIle etc. Connect also returns the remote server's name for itself, as exchanged using the key-exchange protocol, typically just "secstore". If the Secstore.NeedPIN is true, the caller must get the extra authentication value and provide it using SendPIN.

func (*Secstore) Close ¶

func (sec *Secstore) Close()

Close writes a closing message to attempt a graceful close, and closes the underlying connection. Errors are ignored as by now uninteresting. Close ensures the underlying connection is not closed twice, since that's "undefined" by interface Closer (an annoying property).

func (*Secstore) Files ¶

func (sec *Secstore) Files() ([]DirEntry, error)

Files returns a list of the files in the user's secstore.

func (*Secstore) GetFile ¶

func (sec *Secstore) GetFile(name string, maxsize uint64) ([]byte, error)

Getfile fetches a file "name" from the user's secstore, returning its contents, which will normally be encrypted by the user's file key and must be decrypted by Decrypt.

func (*Secstore) PutFile ¶

func (sec *Secstore) PutFile(name string, data []byte) error

PutFile adds or updates a file "name" in the user's secstore, where data provides the new contents after encryption by Encrypt.

func (*Secstore) Remove ¶

func (sec *Secstore) Remove(name string) error

Remove removes a file from the user's secstore.

func (*Secstore) SendPIN ¶

func (sec *Secstore) SendPIN(pin string) error

SendPIN sends the remote the PIN it has demanded as an extra check.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL