cryptography

package
v1.0.12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 15, 2024 License: GPL-3.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrReplayAttack - Replay attack
	ErrReplayAttack = errors.New("replay attack detected")
	// ErrDecryptFailed
	ErrDecryptFailed = errors.New("decryption failed")
)
View Source 
var (
	// PeerAgePublicKey - The implant's age public key
	PeerAgePublicKey = "{{.Build.PeerPublicKey}}"

	// PublicKeySignature - The implant's age public key minisigned'd
	PeerAgePublicKeySignature = `{{.Build.PeerPublicKeySignature}}`

	// ErrInvalidPeerKey - Peer to peer key exchange failed
	ErrInvalidPeerKey = errors.New("invalid peer key")
)
View Source 
var (
	// EdDSA refers to the Ed25519 signature scheme.
	//
	// Minisign uses this signature scheme to sign and
	// verify (non-hashed) messages.
	EdDSA uint16 = 0x6445

	// HashEdDSA refers to a Ed25519 signature scheme
	// with pre-hashed messages.
	//
	// Minisign uses this signature scheme to sign and
	// verify message that don't fit into memory.
	HashEdDSA uint16 = 0x4445

	RawSigSize = 2 + 8 + ed25519.SignatureSize
)
View Source 
var (
	// TLSKeyLogger - File descriptor for logging TLS keys
	TLSKeyLogger = newKeyLogger()
)

Functions

func AgeDecrypt 

func AgeDecrypt(recipientPrivateKey string, ciphertext []byte) ([]byte, error)

AgeDecrypt - Decrypt using Curve 25519 + ChaCha20Poly1305

func AgeDecryptFromPeer 

func AgeDecryptFromPeer(senderPublicKey []byte, senderPublicKeySig string, ciphertext []byte) ([]byte, error)

AgeDecryptFromPeer - Decrypt a message from a peer

func AgeEncrypt 

func AgeEncrypt(recipientPublicKey string, plaintext []byte) ([]byte, error)

AgeEncrypt - Encrypt using Nacl Box

func AgeEncryptToPeer 

func AgeEncryptToPeer(recipientPublicKey []byte, recipientPublicKeySig string, plaintext []byte) ([]byte, error)

AgeEncryptToPeer - Encrypt using the peer's public key

func AgeKeyExToServer 

func AgeKeyExToServer(plaintext []byte) ([]byte, error)

AgeKeyExToServer - Encrypt using the server's public key

func Decrypt 

func Decrypt(key [chacha20poly1305.KeySize]byte, ciphertext []byte) ([]byte, error)

Decrypt - Decrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func Encrypt 

func Encrypt(key [chacha20poly1305.KeySize]byte, plaintext []byte) ([]byte, error)

Encrypt - Encrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func GetServerAgePublicKey 

func GetServerAgePublicKey() string

GetServerAgePublicKey - Get the decoded server public key

func MinisignVerify 

func MinisignVerify(message []byte, signature string) bool

MinisignVerify - Verify a minisign signature

func RandomSymmetricKey 

func RandomSymmetricKey() [chacha20poly1305.KeySize]byte

RandomSymmetricKey - Generate random ID of randomIDSize bytes

func RootOnlyVerifyCertificate 

func RootOnlyVerifyCertificate(caCertPEM string, rawCerts [][]byte, _ [][]*x509.Certificate) error

rootOnlyVerifyCertificate - Go doesn't provide a method for only skipping hostname validation so we have to disable all of the certificate validation and re-implement everything. https://github.com/golang/go/issues/21971

func SetSecrets 

func SetSecrets(peerPublicKey, peerPrivateKey, peerPublicKeySignature, serverPublicKey, minisignServerPublicKey string)

{{if .Config.Debug}} - Used for unit tests, remove from normal builds where these values are set at compile-time

Types

type AgeKeyPair 

type AgeKeyPair struct {
	Public  string
	Private string
}

AgeKeyPair - Holds the public/private key pair

func GetPeerAgeKeyPair 

func GetPeerAgeKeyPair() *AgeKeyPair

GetPeerAgeKeyPair - Get the implant's key pair

type CipherContext 

type CipherContext struct {
	Key [chacha20poly1305.KeySize]byte
	// contains filtered or unexported fields
}

CipherContext - Tracks a series of messages encrypted under the same key and detects/prevents replay attacks.

func NewCipherContext 

func NewCipherContext(key [chacha20poly1305.KeySize]byte) *CipherContext

NewCipherContext - Wrapper around creating a cipher context from a key

func (*CipherContext) Decrypt 

func (c *CipherContext) Decrypt(msg []byte) ([]byte, error)

Decrypt - Decrypt a message with the contextual key and check for replay attacks

func (*CipherContext) Encrypt 

func (c *CipherContext) Encrypt(plaintext []byte) ([]byte, error)

Encrypt - Encrypt a message with the contextual key

type PublicKey 

type PublicKey struct {
	SignatureAlgorithm [2]byte
	KeyId              [8]byte
	PublicKey          [32]byte
}

PublicKey - Represents a public key

func DecodeMinisignPublicKey 

func DecodeMinisignPublicKey(in string) (PublicKey, error)

func (PublicKey) ID 

func (p PublicKey) ID() uint64

ID returns the 64 bit key ID.

func (*PublicKey) Verify 

func (publicKey *PublicKey) Verify(bin []byte, signature Signature) (bool, error)

Verify - Verifies a signature of a buffer

type Signature 

type Signature struct {
	UntrustedComment   string
	SignatureAlgorithm [2]byte
	KeyId              [8]byte
	Signature          [64]byte
	TrustedComment     string
	GlobalSignature    [64]byte
}

Signature - Represents a minisign signature

func DecodeMinisignSignature 

func DecodeMinisignSignature(in string) (Signature, error)

DecodeMinisignSignature - Decodes a signature

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.