cryptography

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2024 License: GPL-3.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrReplayAttack - Replay attack
	ErrReplayAttack = errors.New("replay attack detected")
	// ErrDecryptFailed
	ErrDecryptFailed = errors.New("decryption failed")
)
View Source
var (
	// PeerAgePublicKey - The implant's age public key
	PeerAgePublicKey = "{{.Build.PeerPublicKey}}"

	// PublicKeySignature - The implant's age public key minisigned'd
	PeerAgePublicKeySignature = `{{.Build.PeerPublicKeySignature}}`

	// ErrInvalidPeerKey - Peer to peer key exchange failed
	ErrInvalidPeerKey = errors.New("invalid peer key")
)
View Source
var (
	// EdDSA refers to the Ed25519 signature scheme.
	//
	// Minisign uses this signature scheme to sign and
	// verify (non-hashed) messages.
	EdDSA uint16 = 0x6445

	// HashEdDSA refers to a Ed25519 signature scheme
	// with pre-hashed messages.
	//
	// Minisign uses this signature scheme to sign and
	// verify message that don't fit into memory.
	HashEdDSA uint16 = 0x4445

	RawSigSize = 2 + 8 + ed25519.SignatureSize
)
View Source
var (
	// TLSKeyLogger - File descriptor for logging TLS keys
	TLSKeyLogger = newKeyLogger()
)

Functions

func AgeDecrypt

func AgeDecrypt(recipientPrivateKey string, ciphertext []byte) ([]byte, error)

AgeDecrypt - Decrypt using Curve 25519 + ChaCha20Poly1305

func AgeDecryptFromPeer

func AgeDecryptFromPeer(senderPublicKey []byte, senderPublicKeySig string, ciphertext []byte) ([]byte, error)

AgeDecryptFromPeer - Decrypt a message from a peer

func AgeEncrypt

func AgeEncrypt(recipientPublicKey string, plaintext []byte) ([]byte, error)

AgeEncrypt - Encrypt using Nacl Box

func AgeEncryptToPeer

func AgeEncryptToPeer(recipientPublicKey []byte, recipientPublicKeySig string, plaintext []byte) ([]byte, error)

AgeEncryptToPeer - Encrypt using the peer's public key

func AgeKeyExToServer

func AgeKeyExToServer(plaintext []byte) ([]byte, error)

AgeKeyExToServer - Encrypt using the server's public key

func Decrypt

func Decrypt(key [chacha20poly1305.KeySize]byte, ciphertext []byte) ([]byte, error)

Decrypt - Decrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func Encrypt

func Encrypt(key [chacha20poly1305.KeySize]byte, plaintext []byte) ([]byte, error)

Encrypt - Encrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func GetServerAgePublicKey

func GetServerAgePublicKey() string

GetServerAgePublicKey - Get the decoded server public key

func MinisignVerify

func MinisignVerify(message []byte, signature string) bool

MinisignVerify - Verify a minisign signature

func RandomSymmetricKey

func RandomSymmetricKey() [chacha20poly1305.KeySize]byte

RandomSymmetricKey - Generate random ID of randomIDSize bytes

func RootOnlyVerifyCertificate

func RootOnlyVerifyCertificate(caCertPEM string, rawCerts [][]byte, _ [][]*x509.Certificate) error

rootOnlyVerifyCertificate - Go doesn't provide a method for only skipping hostname validation so we have to disable all of the certificate validation and re-implement everything. https://github.com/golang/go/issues/21971

func SetSecrets

func SetSecrets(peerPublicKey, peerPrivateKey, peerPublicKeySignature, serverPublicKey, minisignServerPublicKey string)

{{if .Config.Debug}} - Used for unit tests, remove from normal builds where these values are set at compile-time

Types

type AgeKeyPair

type AgeKeyPair struct {
	Public  string
	Private string
}

AgeKeyPair - Holds the public/private key pair

func GetPeerAgeKeyPair

func GetPeerAgeKeyPair() *AgeKeyPair

GetPeerAgeKeyPair - Get the implant's key pair

type CipherContext

type CipherContext struct {
	Key [chacha20poly1305.KeySize]byte
	// contains filtered or unexported fields
}

CipherContext - Tracks a series of messages encrypted under the same key and detects/prevents replay attacks.

func NewCipherContext

func NewCipherContext(key [chacha20poly1305.KeySize]byte) *CipherContext

NewCipherContext - Wrapper around creating a cipher context from a key

func (*CipherContext) Decrypt

func (c *CipherContext) Decrypt(msg []byte) ([]byte, error)

Decrypt - Decrypt a message with the contextual key and check for replay attacks

func (*CipherContext) Encrypt

func (c *CipherContext) Encrypt(plaintext []byte) ([]byte, error)

Encrypt - Encrypt a message with the contextual key

type PublicKey

type PublicKey struct {
	SignatureAlgorithm [2]byte
	KeyId              [8]byte
	PublicKey          [32]byte
}

PublicKey - Represents a public key

func DecodeMinisignPublicKey

func DecodeMinisignPublicKey(in string) (PublicKey, error)

func (PublicKey) ID

func (p PublicKey) ID() uint64

ID returns the 64 bit key ID.

func (*PublicKey) Verify

func (publicKey *PublicKey) Verify(bin []byte, signature Signature) (bool, error)

Verify - Verifies a signature of a buffer

type Signature

type Signature struct {
	UntrustedComment   string
	SignatureAlgorithm [2]byte
	KeyId              [8]byte
	Signature          [64]byte
	TrustedComment     string
	GlobalSignature    [64]byte
}

Signature - Represents a minisign signature

func DecodeMinisignSignature

func DecodeMinisignSignature(in string) (Signature, error)

DecodeMinisignSignature - Decodes a signature

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL