crypto

package
v0.0.0-...-edc748c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2023 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EncryptedPayloadKey = 1
	EncryptedSessionKey = 2
)

Encrypted TLV8 Definition Keys

View Source 
const (
	PacketKey    = 1
	SignatureKey = 2
	NonceKey     = 3
)

Encrypted Payload TLV8 Definition Keys

Variables

This section is empty.

Functions

func AES256CBCEncrypt 

func AES256CBCEncrypt(plaintext []byte) (ciphertext, iv, key []byte, err error)

func CipherSuiteIDToString 

func CipherSuiteIDToString(c CipherSuiteID) (string, error)

func MustCipherSuiteIDToString 

func MustCipherSuiteIDToString(c CipherSuiteID) string

func PaddingPKCS7 

func PaddingPKCS7(data []byte, blockSize int) ([]byte, error)

func PaddingPKCS7Remove 

func PaddingPKCS7Remove(data []byte, blockSize int) ([]byte, error)

func RSADecodePrivateKey 

func RSADecodePrivateKey(key string) (*rsa.PrivateKey, error)

func RSADecodePublicKey 

func RSADecodePublicKey(key string) (*rsa.PublicKey, error)

func RSAEncodePrivateKey 

func RSAEncodePrivateKey(key *rsa.PrivateKey) (string, error)

func RSAEncodePublicKey 

func RSAEncodePublicKey(key *rsa.PublicKey) (string, error)

func RSAKeypair 

func RSAKeypair(bitSize int) (*rsa.PrivateKey, *rsa.PublicKey, error)

Types

type AES256CBCDecrypter 

type AES256CBCDecrypter struct {
	// contains filtered or unexported fields
}

func NewAES256CBCDecrypter 

func NewAES256CBCDecrypter(iv, key []byte) *AES256CBCDecrypter

func (AES256CBCDecrypter) Decrypt 

func (a AES256CBCDecrypter) Decrypt(ciphertext []byte) (plaintext []byte, err error)

type AES256CBCEncrypter 

type AES256CBCEncrypter struct {
	// contains filtered or unexported fields
}

func NewAES256CBCEncrypter 

func NewAES256CBCEncrypter(iv, key []byte) *AES256CBCEncrypter

func (AES256CBCEncrypter) Encrypt 

func (a AES256CBCEncrypter) Encrypt(plaintext []byte) (ciphertext []byte, err error)

type CipherSuite 

type CipherSuite interface {
	CipherSuiteID() CipherSuiteID

	// Secure performs Encryption (body) and SignatureSignor (header+body) and returns an Encrypted TLV container.
	// The meta parameter is additional information that is available for security, it is not actually sent to the
	// recipient.
	Secure(header []byte, packet, meta tlv.Container) (tlv.Container, error)

	// Unlock performs Decryption and SignatureSignor verification and returns the Packet TLV container that was secured
	Unlock(header []byte, ec tlv.Container) (tlv.Container, error)
}

type CipherSuiteID 

type CipherSuiteID uint8
const (
	CipherUnknown                 CipherSuiteID = 0   // only to be used for development
	CipherNoSecurity              CipherSuiteID = 255 // only to be used for development
	CipherRSA_SHA256_AES256CBC_ID CipherSuiteID = 1
)

func CipherSuiteStringToID 

func CipherSuiteStringToID(s string) CipherSuiteID

type CipherSuiteMock 

type CipherSuiteMock struct {
	mock.Mock
}

func NewCipherSuiteMock 

func NewCipherSuiteMock() *CipherSuiteMock

func (*CipherSuiteMock) CipherSuiteID 

func (c *CipherSuiteMock) CipherSuiteID() CipherSuiteID

func (*CipherSuiteMock) Decrypt 

func (c *CipherSuiteMock) Decrypt(ciphertext []byte) (plaintext []byte, err error)

func (*CipherSuiteMock) Encrypt 

func (c *CipherSuiteMock) Encrypt(plaintext []byte) (ciphertext []byte, err error)

func (*CipherSuiteMock) Secure 

func (c *CipherSuiteMock) Secure(header []byte, body, meta tlv.Container) (tlv.Container, error)

func (*CipherSuiteMock) Sign 

func (c *CipherSuiteMock) Sign(data []byte) (signature []byte, err error)

func (*CipherSuiteMock) Unlock 

func (c *CipherSuiteMock) Unlock(header []byte, ec tlv.Container) (tlv.Container, error)

func (*CipherSuiteMock) Verify 

func (c *CipherSuiteMock) Verify(text, signature []byte) (valid bool, err error)

type CipherSuiteStub 

type CipherSuiteStub struct{}

func NewCipherSuiteStub 

func NewCipherSuiteStub() *CipherSuiteStub

func (*CipherSuiteStub) CipherSuiteID 

func (c *CipherSuiteStub) CipherSuiteID() CipherSuiteID

func (*CipherSuiteStub) Secure 

func (c *CipherSuiteStub) Secure(header []byte, body, meta tlv.Container) (tlv.Container, error)

func (*CipherSuiteStub) Unlock 

func (c *CipherSuiteStub) Unlock(header []byte, ec tlv.Container) (tlv.Container, error)

type CipherSuite_RSA_SHA256_AES256CBC 

type CipherSuite_RSA_SHA256_AES256CBC struct {
	// contains filtered or unexported fields
}

func NewCipherSuite_RSA_SHA256_AES256CBC 

func NewCipherSuite_RSA_SHA256_AES256CBC(privKey *rsa.PrivateKey, rs PublicKeyResolver) *CipherSuite_RSA_SHA256_AES256CBC

func (*CipherSuite_RSA_SHA256_AES256CBC) CipherSuiteID 

func (r *CipherSuite_RSA_SHA256_AES256CBC) CipherSuiteID() CipherSuiteID

func (*CipherSuite_RSA_SHA256_AES256CBC) Secure 

func (r *CipherSuite_RSA_SHA256_AES256CBC) Secure(header []byte, packet, meta tlv.Container) (tlv.Container, error)

Secure

  1. Uses sender's RSA private key + SHA-256 to sign the header+packet contents
  2. Generates a session key
  3. Uses session key to AES-256-CBC encrypt the packet and signature contents
  4. Encrypts the session key using the receiver's RSA public key

Returns a Container according to the Encrypted TLV definition

func (*CipherSuite_RSA_SHA256_AES256CBC) Unlock 

func (r *CipherSuite_RSA_SHA256_AES256CBC) Unlock(header []byte, ec tlv.Container) (tlv.Container, error)

type Decrypter 

type Decrypter interface {
	Decrypt(ciphertext []byte) (plaintext []byte, err error)
}

type Encrypter 

type Encrypter interface {
	Encrypt(plaintext []byte) (ciphertext []byte, err error)
}

type Encryption 

type Encryption interface {
	Encrypter
	Decrypter
}

type PublicKeyLookupMock 

type PublicKeyLookupMock struct {
	mock.Mock
}

func NewPublicKeyLookupMock 

func NewPublicKeyLookupMock() *PublicKeyLookupMock

func (*PublicKeyLookupMock) LookupPublicKey 

func (p *PublicKeyLookupMock) LookupPublicKey(clientUUID string) (crypto.PublicKey, error)

type PublicKeyLookuper 

type PublicKeyLookuper interface {
	LookupPublicKey(clientUUID string) (crypto.PublicKey, error)
}

PublicKeyLookuper is used when we need to get the client's public key based on their clientUUID. The client's public key will be used to encrypt OpenSPA responses and verify signatures from OpenSPA requests. If the client is not authorized, this function should still return their key, since the authentication step is performed separately.

type PublicKeyResolver 

type PublicKeyResolver interface {
	PublicKey(packet, meta tlv.Container) (crypto.PublicKey, error)
}

type PublicKeyResolverMock 

type PublicKeyResolverMock struct {
	mock.Mock
}

func NewPublicKeyResolverMock 

func NewPublicKeyResolverMock() *PublicKeyResolverMock

func (*PublicKeyResolverMock) PublicKey 

func (p *PublicKeyResolverMock) PublicKey(packet, meta tlv.Container) (crypto.PublicKey, error)

type RSADecrypter 

type RSADecrypter struct {
	// contains filtered or unexported fields
}

func NewRSADecrypter 

func NewRSADecrypter(privkey *rsa.PrivateKey) *RSADecrypter

func (*RSADecrypter) Decrypt 

func (r *RSADecrypter) Decrypt(ciphertext []byte) (plaintext []byte, err error)

type RSAEncrypter 

type RSAEncrypter struct {
	// contains filtered or unexported fields
}

func NewRSAEncrypter 

func NewRSAEncrypter(pubkey *rsa.PublicKey) *RSAEncrypter

func (*RSAEncrypter) Encrypt 

func (r *RSAEncrypter) Encrypt(plaintext []byte) (ciphertext []byte, err error)

type RSA_SHA256SignatureVerifier 

type RSA_SHA256SignatureVerifier struct {
	// contains filtered or unexported fields
}

func NewRSA_SHA256SignatureVerifier 

func NewRSA_SHA256SignatureVerifier(pubkey *rsa.PublicKey) *RSA_SHA256SignatureVerifier

func (*RSA_SHA256SignatureVerifier) Verify 

func (r *RSA_SHA256SignatureVerifier) Verify(text, signature []byte) (valid bool, err error)

type RSA_SHA256Signer 

type RSA_SHA256Signer struct {
	// contains filtered or unexported fields
}

func NewRSA_SHA256Signer 

func NewRSA_SHA256Signer(privkey *rsa.PrivateKey) *RSA_SHA256Signer

func (*RSA_SHA256Signer) Sign 

func (r *RSA_SHA256Signer) Sign(data []byte) (signature []byte, err error)

type Signature 

type Signature interface {
	SignatureSignor
	SignatureVerifier
}

type SignatureSignor 

type SignatureSignor interface {
	Sign(data []byte) (signature []byte, err error)
}

type SignatureVerifier 

type SignatureVerifier interface {
	Verify(text, signature []byte) (valid bool, err error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.