saltpack

package
v1.0.7-0-windows Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 24, 2015 License: BSD-3-Clause, BSD-3-Clause Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const EncryptionArmorFooter = "END KEYBASE ENCRYPTED MESSAGE"

EncryptionArmorFooter is the footer that marks the end of an encrypted armored KB message.

View Source
const EncryptionArmorHeader = "BEGIN KEYBASE ENCRYPTED MESSAGE"

EncryptionArmorHeader is the header that marks the start of an encrypted armored KB message.

View Source
const EncryptionBlockSize int = 1048576

EncryptionBlockSize is by default 1MB and can't currently be tweaked.

View Source
const NoncePrefixEncryption = "encryption nonce prefix"

NoncePrefixEncryption is the prefix used to create the nonce when using the nonce for encryption.

View Source
const SaltPackFormatName = "SaltPack"

SaltPackFormatName is the publicly advertised name of the format, used in the header of the message and also in Nonce creation.

View Source
const SignatureAttachedString = "attached signature"

SignatureAttachedString is part of the data that is signed in each payload packet.

View Source
const SignatureBlockSize int = 1048576

SignatureBlockSize is by default 1MB and can't currently be tweaked.

View Source
const SignatureDetachedString = "detached signature"

SignatureDetachedString is part of the data that is signed in a detached signature.

Variables

View Source
var (
	// ErrNoDecryptionKey is an error indicating no decryption key was found for the
	// incoming message. You'll get one of these if you respond to a Keyring.LookupSecretBoxKey
	// request with a (-1,nil) return value, and no hidden keys are found.
	ErrNoDecryptionKey = errors.New("no decryption key found for message")

	// ErrNoSenderKey indicates that on decryption/verification we couldn't find a public key
	// for the sender.
	ErrNoSenderKey = errors.New("no sender key found for message")

	// ErrTrailingGarbage indicates that additional msgpack packets were found after the
	// end of the encryption stream.
	ErrTrailingGarbage = errors.New("trailing garbage found at end of message")

	// ErrPacketOverflow indicates that more than (2^64-2) packets were found in an encryption
	// stream.  This would indicate a very big message, and results in an error here.
	ErrPacketOverflow = errors.New("no more than 2^32 packets in a message are supported")

	// ErrInsufficientRandomness is generated when the encryption fails to collect
	// enough randomness to proceed.  We're using the standard crypto/rand source
	// of randomness, so this should never happen
	ErrInsufficientRandomness = errors.New("could not collect enough randomness")

	// ErrBadArmorFrame shows up when the ASCII armor frame has non-ASCII
	ErrBadArmorFrame = errors.New("bad frame found; had non-ASCII")

	// ErrBadEphemeralKey is for when an ephemeral key fails to be properly
	// imported.
	ErrBadEphemeralKey = errors.New("bad ephermal key in header")

	// ErrBadReceivers shows up when you pass a bad receivers vector
	ErrBadReceivers = errors.New("bad receivers argument")

	// ErrBadSenderKey is returned if a key with the wrong number of bytes
	// is discovered in the encryption header.
	ErrBadSenderKey = errors.New("bad sender key; must be 32 bytes")

	// ErrBadLookup is when the user-provided key lookup gives a bad value
	ErrBadLookup = errors.New("bad key lookup")

	// ErrBadSignature is returned when verification of a block fails.
	ErrBadSignature = errors.New("invalid signature")

	// ErrNoDetachedSignature is returned when there is no signature in the header.
	ErrNoDetachedSignature = errors.New("no detached signature")

	// ErrDetachedSignaturePresent is returned when there is a signature in the header and
	// there shouldn't be.
	ErrDetachedSignaturePresent = errors.New("detached signature present")
)
View Source
var Armor62Params = ArmorParams{
	BytesPerWord: 15,
	WordsPerLine: 200,
	Punctuation:  byte('.'),
	Encoding:     basex.Base62StdEncoding,
}

Armor62Params are the armoring parameters we recommend for use with a generic armorer. It specifies the spaces between words, the spacing between lines, some simple punctuation, and an encoding alphabet.

View Source
var ErrOverflow = errors.New("buffer was overflowed before we found punctuation")

ErrOverflow is returned if we were looking for punctuation but our quota was overflowed before we found the needed character.

View Source
var ErrPunctuated = errors.New("found punctuation in stream")

ErrPunctuated is produced when a punctuation character is found in the stream. It can be returned along with data, unlike usual errors.

View Source
var SaltPackCurrentVersion = Version{Major: 1, Minor: 0}

SaltPackCurrentVersion is currently the only supported packet version, 1.0.

Functions

func Armor62Open

func Armor62Open(msg string) (body []byte, header string, footer string, err error)

Armor62Open runs armor stream decoding, but on a string, and it outputs a string.

func Armor62Seal

func Armor62Seal(plaintext []byte, header string, footer string) (string, error)

Armor62Seal takes an input plaintext and returns and output armor encoding as a string, or an error if a problem was encountered. Also provide a header and a footer to frame the message. Uses Base62 encoding scheme

func ArmorOpen

func ArmorOpen(msg string, params ArmorParams) (body []byte, header string, footer string, err error)

ArmorOpen runs armor stream decoding, but on a string, and it outputs a string.

func ArmorSeal

func ArmorSeal(plaintext []byte, header string, footer string, params ArmorParams) (string, error)

ArmorSeal takes an input plaintext and returns and output armor encoding as a string, or an error if a problem was encountered. Also provide a header and a footer to frame the message.

func CheckArmor62Frame

func CheckArmor62Frame(frame Frame) error

CheckArmor62Frame checks that the frame matches our standard keybase begin/end frame

func EncryptArmor62Seal

func EncryptArmor62Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey) (string, error)

EncryptArmor62Seal is the non-streaming version of NewEncryptArmor62Stream, which inputs a plaintext (in bytes) and output a ciphertext (as a string).

func KIDEqual

func KIDEqual(k1, k2 KIDExtractor) bool

KIDEqual return true if the KIDs for two keys are equal.

func NewArmor62EncoderStream

func NewArmor62EncoderStream(encoded io.Writer, header string, footer string) (io.WriteCloser, error)

NewArmor62EncoderStream makes a new Armor 62 encoding stream, using the base62-alphabet and a 32/43 encoding rate strategy. Pass it an `encoded` stream writer to write the encoded stream to. Also pass a header, and a footer string. It will return an io.WriteCloser on success, that you can write raw (unencoded) data to. An error will be returned if there is trouble writing the header to encoded.

To make the output look pretty, a space is inserted every 15 characters of output, and a newline is inserted every 200 words.

func NewArmorEncoderStream

func NewArmorEncoderStream(encoded io.Writer, header string, footer string, params ArmorParams) (io.WriteCloser, error)

NewArmorEncoderStream makes a new Armor encoding stream, using the given encoding Pass it an `encoded` stream writer to write the encoded stream to. Also pass a header, and a footer string. It will return an io.WriteCloser on success, that you can write raw (unencoded) data to. An error will be returned if there is trouble writing the header to encoded.

To make the output look pretty, a space is inserted every 15 characters of output, and a newline is inserted every 200 words.

func NewDearmor62DecryptStream

func NewDearmor62DecryptStream(ciphertext io.Reader, kr Keyring) (*MessageKeyInfo, io.Reader, Frame, error)

NewDearmor62DecryptStream makes a new stream that dearmors and decrypts the given Reader stream. Pass it a keyring so that it can lookup private and public keys as necessary

func NewEncryptArmor62Stream

func NewEncryptArmor62Stream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey) (plaintext io.WriteCloser, err error)

NewEncryptArmor62Stream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

The ciphertext is additionally armored with the recommended armor62-style format.

Returns an io.WriteCloser that accepts plaintext data to be encrypted; and also returns an error if initialization failed.

func NewEncryptStream

func NewEncryptStream(ciphertext io.Writer, sender BoxSecretKey, receivers []BoxPublicKey) (plaintext io.WriteCloser, err error)

NewEncryptStream creates a stream that consumes plaintext data. It will write out encrypted data to the io.Writer passed in as ciphertext. The encryption is from the specified sender, and is encrypted for the given receivers.

Returns an io.WriteClose that accepts plaintext data to be encrypted; and also returns an error if initialization failed.

func NewSignStream

func NewSignStream(signedtext io.Writer, signer SigningSecretKey) (stream io.WriteCloser, err error)

NewSignStream creates a stream that consumes plaintext data. It will write out signed data to the io.Writer passed in as signedtext. NewSignStream only generates attached signatures.

func PublicKeyEqual

func PublicKeyEqual(pk1, pk2 BoxPublicKey) bool

PublicKeyEqual returns true if the two public keys are equal.

func Seal

func Seal(plaintext []byte, sender BoxSecretKey, receivers []BoxPublicKey) (out []byte, err error)

Seal a plaintext from the given sender, for the specified receiver groups. Returns a ciphertext, or an error if something bad happened.

func SecretKeyEqual

func SecretKeyEqual(sk1, sk2 BoxSecretKey) bool

SecretKeyEqual returns true if the two secret keys are equal.

func Sign

func Sign(plaintext []byte, signer SigningSecretKey) ([]byte, error)

Sign creates an attached signature message of plaintext from signer.

func SignDetached

func SignDetached(plaintext []byte, signer SigningSecretKey) ([]byte, error)

SignDetached returns a detached signature of plaintext from signer.

Types

type ArmorParams

type ArmorParams struct {
	// BytesPerWord is the number of characters in each "word" of output.
	// We'll put spaces between words.
	BytesPerWord int
	// WordsPerLine is the number of words for each line of output. We'll
	// put newlines between two subsequent lines of output.
	WordsPerLine int
	// Punctuation is the byte inserted after the three "sentences" of
	// our encoding -- the header, the body and the footer.
	Punctuation byte
	// Encoding is the basex encoding to use, including strictness parameters
	Encoding *basex.Encoding
}

ArmorParams specify armor formatting, encoding and punctuation.

type BoxPrecomputedSharedKey

type BoxPrecomputedSharedKey interface {
	Unbox(nonce *Nonce, msg []byte) ([]byte, error)
	Box(nonce *Nonce, msg []byte) ([]byte, error)
}

BoxPrecomputedSharedKey results from a Precomputation below.

type BoxPublicKey

type BoxPublicKey interface {
	KIDExtractor

	// ToRawBoxKeyPointer returns this public key as a *[32]byte,
	// for use with nacl.box.Seal
	ToRawBoxKeyPointer() *RawBoxKey

	// CreateEmphemeralKey creates an ephemeral key of the same type,
	// but totally random.
	CreateEphemeralKey() (BoxSecretKey, error)

	// HideIdentity returns true if we should hide the identity of this
	// key in our output message format.
	HideIdentity() bool
}

BoxPublicKey is an generic interface to NaCl's public key Box function.

type BoxSecretKey

type BoxSecretKey interface {

	// Box boxes up data, sent from this secret key, and to the receiver
	// specified.
	Box(receiver BoxPublicKey, nonce *Nonce, msg []byte) ([]byte, error)

	// Unobx opens up the box, using this secret key as the receiver key
	// abd the give public key as the sender key.
	Unbox(sender BoxPublicKey, nonce *Nonce, msg []byte) ([]byte, error)

	// GetPublicKey gets the public key associated with this secret key.
	GetPublicKey() BoxPublicKey

	// Precompute computes a DH with the given key
	Precompute(sender BoxPublicKey) BoxPrecomputedSharedKey
}

BoxSecretKey is the secret key corresponding to a BoxPublicKey

type EncryptionBlock

type EncryptionBlock struct {
	TagCiphertexts    [][]byte `codec:"tags"`
	PayloadCiphertext []byte   `codec:"ctext"`
	// contains filtered or unexported fields
}

EncryptionBlock contains a block of encrypted data. It contains the ciphertext, and any necessary authentication Tags.

type EncryptionHeader

type EncryptionHeader struct {
	FormatName string                    `codec:"format_name"`
	Version    Version                   `codec:"vers"`
	Type       MessageType               `codec:"type"`
	Sender     []byte                    `codec:"sender"`
	Receivers  []receiverKeysCiphertexts `codec:"rcvrs"`
	// contains filtered or unexported fields
}

EncryptionHeader is the first packet in an encrypted message. It contains the encryptions of the session keys, and various message metadata.

type ErrBadArmorFooter

type ErrBadArmorFooter struct {
	// contains filtered or unexported fields
}

ErrBadArmorFooter shows up when we get the wrong value for our header

func (ErrBadArmorFooter) Error

func (e ErrBadArmorFooter) Error() string

type ErrBadArmorHeader

type ErrBadArmorHeader struct {
	// contains filtered or unexported fields
}

ErrBadArmorHeader shows up when we get the wrong value for our header

func (ErrBadArmorHeader) Error

func (e ErrBadArmorHeader) Error() string

type ErrBadCiphertext

type ErrBadCiphertext PacketSeqno

ErrBadCiphertext is generated when decryption fails due to improper authentication. It specifies which Packet sequence number the bad packet was in.

func (ErrBadCiphertext) Error

func (e ErrBadCiphertext) Error() string

type ErrBadTag

type ErrBadTag PacketSeqno

ErrBadTag is generated when a Tag fails to Unbox properly. It specifies which Packet sequence number the bad packet was in.

func (ErrBadTag) Error

func (e ErrBadTag) Error() string

type ErrBadVersion

type ErrBadVersion struct {
	// contains filtered or unexported fields
}

ErrBadVersion is returned if a packet of an unsupported version is found. Current, only Version1 is supported.

func (ErrBadVersion) Error

func (e ErrBadVersion) Error() string

type ErrInvalidParameter

type ErrInvalidParameter struct {
	// contains filtered or unexported fields
}

ErrInvalidParameter signifies that a function was called with an invalid parameter.

func (ErrInvalidParameter) Error

func (e ErrInvalidParameter) Error() string

type ErrRepeatedKey

type ErrRepeatedKey []byte

ErrRepeatedKey is produced during encryption if a key is repeated; keys must be unique.

func (ErrRepeatedKey) Error

func (e ErrRepeatedKey) Error() string

type ErrWrongMessageType

type ErrWrongMessageType struct {
	// contains filtered or unexported fields
}

ErrWrongMessageType is produced if one packet tag was expected, but a packet of another tag was found.

func (ErrWrongMessageType) Error

func (e ErrWrongMessageType) Error() string

type Frame

type Frame interface {
	// GetHeader() returns the frame associated with this stream, or an error
	GetHeader() (string, error)
	// GetFooter() returns the frame associated with this stream, or an error
	GetFooter() (string, error)
}

Frame is a way to read the frame out of a Decoder stream.

func NewArmor62DecoderStream

func NewArmor62DecoderStream(r io.Reader) (io.Reader, Frame, error)

NewArmor62DecoderStream is used to decode input base62-armoring format. It returns a stream you can read from, and also a Frame you can query to see what the open/close frame markers were.

func NewArmorDecoderStream

func NewArmorDecoderStream(r io.Reader, params ArmorParams) (io.Reader, Frame, error)

NewArmorDecoderStream is used to decode armored encoding. It returns a stream you can read from, and also a Frame you can query to see what the open/close frame markers were.

type KIDExtractor

type KIDExtractor interface {
	// ToKID outputs the "key ID" that corresponds to this key.
	// You can do whatever you'd like here, but probably it makes sense just
	// to output the public key as is.
	ToKID() []byte
}

KIDExtractor key types can output a key ID corresponding to the key.

type Keyring

type Keyring interface {
	// LookupBoxSecretKey looks in the Keyring for the secret key corresponding
	// to one of the given Key IDs.  Returns the index and the key on success,
	// or -1 and nil on failure.
	LookupBoxSecretKey(kids [][]byte) (int, BoxSecretKey)

	// LookupBoxPublicKey returns a public key given the specified key ID.
	// For most cases, the key ID will be the key itself.
	LookupBoxPublicKey(kid []byte) BoxPublicKey

	// GetAllSecretKeys returns all keys, needed if we want to support
	// "hidden" receivers via trial and error
	GetAllSecretKeys() []BoxSecretKey

	// ImportEphemeralKey imports the ephemeral key into
	// BoxPublicKey format. This key has never been seen before, so
	// will be ephemeral.
	ImportEphemeralKey(kid []byte) BoxPublicKey
}

Keyring is an interface used with decryption; it is called to recover public or private keys during the decryption process. Calls can block on network action.

type MessageKeyInfo

type MessageKeyInfo struct {
	// These fields are cryptographically verified
	SenderKey      BoxPublicKey
	SenderIsAnon   bool
	ReceiverKey    BoxSecretKey
	ReceiverIsAnon bool

	// These fields are not cryptographically verified, and are just repeated from what
	// we saw in the incoming message.
	NamedReceivers   [][]byte
	NumAnonReceivers int
}

MessageKeyInfo conveys all of the data about the keys used in this encrypted message.

func Dearmor62DecryptOpen

func Dearmor62DecryptOpen(ciphertext string, kr Keyring) (*MessageKeyInfo, []byte, error)

Dearmor62DecryptOpen takes an armor62'ed, encrypted ciphertext and attempts to dearmor and decrypt it, using the provided keyring. Checks that the frames in the armor are as expected.

func NewDecryptStream

func NewDecryptStream(r io.Reader, keyring Keyring) (mki *MessageKeyInfo, plaintext io.Reader, err error)

NewDecryptStream starts a streaming decryption. It synchronously ingests and parses the given Reader's encryption header. It consults the passed keyring for the decryption keys needed to decrypt the message. On failure, it returns a null Reader and an error message. On success, it returns a Reader with the plaintext stream, and a nil error. In either case, it will return a `MessageKeyInfo` which tells about who the sender was, and which of the Receiver's keys was used to decrypt the message.

Note that the caller has an opportunity not to ingest the plaintext if he doesn't trust the sender revealed in the MessageKeyInfo.

func Open

func Open(ciphertext []byte, keyring Keyring) (i *MessageKeyInfo, plaintext []byte, err error)

Open simply opens a ciphertext given the set of keys in the specified keyring. It returns a plaintext on sucess, and an error on failure. It returns the header's MessageKeyInfo in either case.

type MessageType

type MessageType int

MessageType is an int used to describe what "type" of message it is.

const MessageTypeAttachedSignature MessageType = 1

MessageTypeAttachedSignature is a packet type to describe an attached signature.

const MessageTypeDetachedSignature MessageType = 2

MessageTypeDetachedSignature is a packet type to describe a detached signature.

const MessageTypeEncryption MessageType = 0

MessageTypeEncryption is a packet type to describe an encryption message.

type Nonce

type Nonce [24]byte

Nonce is a NaCl-style nonce, with 24 bytes of data, some of which can be counter values, and some of which can be random-ish values.

func NewNonceForEncryption

func NewNonceForEncryption(ephemeralPublicKey BoxPublicKey) *Nonce

NewNonceForEncryption creates a new nonce for the purposes of an encrypted message. It is a deterministic function of the ephemeral public key used for this encrypted message.

**DO NOT** pass a long-live public key here, as you might lose the guarantee that each (nonce,key) pair must be unique over the lifetime of the universe.

func (*Nonce) ForKeyBox

func (n *Nonce) ForKeyBox() *Nonce

ForKeyBox formats the nonce for use the KeyBox in a message header.

func (*Nonce) ForPayloadBox

func (n *Nonce) ForPayloadBox(i encryptionBlockNumber) *Nonce

ForPayloadBox formats this nonce for the ith block of payload.

type NonceType

type NonceType int

NonceType is different for the different type of usages of the nonce.

const (
	// NonceTypeEncryptionKeyBox is used for the header of an encrypted message
	NonceTypeEncryptionKeyBox NonceType = 0

	// NonceTypeEncryptionPayloadBox is used for the payload of an encrypted message
	NonceTypeEncryptionPayloadBox NonceType = 1
)

type PacketSeqno

type PacketSeqno uint64

PacketSeqno is a special int type used to describe which packet in the sequence we're dealing with. The header is always at seqno=0. Other packets follow. Note that there is a distinction between PacketSeqno and EncryptionBlockNumber. In general, the former is one more than the latter.

type PunctuatedReader

type PunctuatedReader struct {
	// contains filtered or unexported fields
}

PunctuatedReader is a stream reader that reads until it hits a usual error OR until it hits a punctuation character. In that latter case it returns an `ErrPunctuation` "error" so that way callers can tell the difference between a normal EOF and a "punctuated" EOF.

func NewPunctuatedReader

func NewPunctuatedReader(r io.Reader, p byte) *PunctuatedReader

NewPunctuatedReader returns a new PunctuatedReader given an underlying read stream and a punctuation byte.

func (*PunctuatedReader) Read

func (p *PunctuatedReader) Read(out []byte) (n int, err error)

Read from the PunctuatedReader, potentially returning an `ErrPunctuation` if a punctuation character was found.

func (*PunctuatedReader) ReadUntilPunctuation

func (p *PunctuatedReader) ReadUntilPunctuation(lim int) (res []byte, err error)

ReadUntilPunctuation reads from the stream until it find a desired punctuation byte. If it wasn't found before EOF, it will return io.ErrUnexpectedEOF. If it wasn't found before lim bytes are consumed, then it will return ErrOverflow.

type RawBoxKey

type RawBoxKey [32]byte

RawBoxKey is the raw byte-representation of what a box key should look like --- a static 32-byte buffer

type SigKeyring

type SigKeyring interface {
	// LookupSigningPublicKey returns a public signing key for the specified key ID.
	LookupSigningPublicKey(kid []byte) SigningPublicKey
}

SigKeyring is an interface used during verification to find the public key for the signer of a message.

type SigNonce

type SigNonce [16]byte

SigNonce is a nonce for signatures.

func NewSigNonce

func NewSigNonce() (SigNonce, error)

NewSigNonce creates a SigNonce with random bytes.

type SignatureBlock

type SignatureBlock struct {
	Signature    []byte `codec:"signature"`
	PayloadChunk []byte `codec:"payload_chunk"`
	// contains filtered or unexported fields
}

SignatureBlock contains a block of signed data.

type SignatureHeader

type SignatureHeader struct {
	FormatName   string      `codec:"format_name"`
	Version      Version     `codec:"vers"`
	Type         MessageType `codec:"type"`
	SenderPublic []byte      `codec:"sender_public"`
	Nonce        []byte      `codec:"nonce"`
	Signature    []byte      `codec:"signature,omitempty"`
	// contains filtered or unexported fields
}

SignatureHeader is the first packet in a signed message.

type SigningPublicKey

type SigningPublicKey interface {
	KIDExtractor

	// Verify verifies that signature is a valid signature of message for
	// this public key.
	Verify(message []byte, signature []byte) error
}

SigningPublicKey is a public NaCl key that can verify signatures.

func NewVerifyStream

func NewVerifyStream(r io.Reader, keyring SigKeyring) (skey SigningPublicKey, vs io.Reader, err error)

NewVerifyStream creates a stream that consumes data from reader r. It returns the signer's public key and a reader that only contains verified data. If the signer's key is not in keyring, it will return an error.

func Verify

func Verify(signedMsg []byte, keyring SigKeyring) (skey SigningPublicKey, verifiedMsg []byte, err error)

Verify checks the signature in signedMsg. It returns the signer's public key and a verified message.

func VerifyDetached

func VerifyDetached(message, signature []byte, keyring SigKeyring) (skey SigningPublicKey, err error)

VerifyDetached verifies that signature is a valid signature for message, and that the public key for the signer is in keyring. It returns the signer's public key.

type SigningSecretKey

type SigningSecretKey interface {
	// Sign signs message with this secret key.
	Sign(message []byte) ([]byte, error)

	// PublicKey gets the public key associated with this secret key.
	PublicKey() SigningPublicKey
}

SigningSecretKey is a secret NaCl key that can sign messages.

type SymmetricKey

type SymmetricKey [32]byte

SymmetricKey is a template for a symmetric key, a 32-byte static buffer. Used for both NaCl SecretBox.

type Version

type Version struct {
	Major int `codec:"major"`
	Minor int `codec:"minor"`
	// contains filtered or unexported fields
}

Version is a major.minor pair that shows the version of the whole file

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL