crypto

package
v3.0.0-rc2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 29, 2021 License: AGPL-3.0 Imports: 30 Imported by: 36

Documentation

Overview

Package crypto provides tools for data encryption and certificates management

Index

Constants

View Source
const (
	AESGCMAuthTagSize = 16
	AESGCMNonceSize   = 12
)

Variables

View Source
var SALT = []byte{224, 32, 00, 33, 78, 3, 25, 56, 54, 5, 54, 9, 79, 76, 189, 8}

Functions

func CreateRsaKey

func CreateRsaKey() (*rsa.PrivateKey, error)

CreateRsaKey generates a new private key.

func DeleteKeyringPassword

func DeleteKeyringPassword(service string, user string) error

DeleteKeyringPassword removes all key that matches "service" and "user".

func EncodePrivate

func EncodePrivate(password []byte, key crypto.PrivateKey) ([]byte, error)

func GenerateCACertificate

func GenerateCACertificate(t *Template) (*x509.Certificate, error)

GenerateCACertificate generates a certificate for a CA.

func GenerateServiceCertificate

func GenerateServiceCertificate(t *Template) (*x509.Certificate, error)

GenerateServiceCertificate generates a certificate for a service.

func GetKeyringPassword

func GetKeyringPassword(service string, user string, createIfNotExist bool) ([]byte, error)

GetKeyringPassword retrieves a password from the keyring. If no key matches "service" and "user" and if createIfNotExist flag is set, a new key is generated and returned.

func GetSignature

func GetSignature(key *ecdsa.PrivateKey, data []byte) (string, error)

func KeyFromPassword

func KeyFromPassword(password []byte, l int) []byte

func LoadCertificate

func LoadCertificate(file string) (*x509.Certificate, error)

LoadCertificate loads file contenant and decodes it into a x509.Certificate.

func LoadPrivateKey

func LoadPrivateKey(password []byte, file string) (crypto.PrivateKey, error)

LoadPrivateKey loads the encrypted private key from the passed file and decrypts it.

func Md5 added in v1.6.0

func Md5(data []byte) []byte

func NewEcdsaPrivateKey

func NewEcdsaPrivateKey(alg string) (*ecdsa.PrivateKey, error)

func NewLegacyAESGCMMaterials added in v1.6.1

func NewLegacyAESGCMMaterials(info *encryption.NodeInfo) *legacyReadMaterials

NewRangeAESGCMMaterials creates an encryption materials that use AES GCM

func Open

func Open(key []byte, nonce []byte, cipherData []byte) ([]byte, error)

func ParsePrivate

func ParsePrivate(password []byte, bytes []byte) (crypto.PrivateKey, error)

func PublicKeyFromRsaKey

func PublicKeyFromRsaKey(privateKey *rsa.PrivateKey) rsa.PublicKey

PublicKeyFromRsaKey extracts the public key.

func RandomBytes

func RandomBytes(size int) ([]byte, error)

func RsaKeyFromPEM

func RsaKeyFromPEM(pemString string) (*rsa.PrivateKey, error)

RsaKeyFromPEM parses a PEM string.

func RsaKeyFromPEMFile

func RsaKeyFromPEMFile(filename string) (*rsa.PrivateKey, error)

RsaKeyFromPEMFile loads a PEM file and parses the private key.

func RsaKeyToPEM

func RsaKeyToPEM(key *rsa.PrivateKey, filename ...string) (string, error)

RsaKeyToPEM encodes the private key in PEM format.

func RsaPublicKeyToPEM

func RsaPublicKeyToPEM(pubKey rsa.PublicKey, filename ...string) (string, error)

RsaPublicKeyToPEM encodes the public key to PEM format.

func Seal

func Seal(key []byte, data []byte) ([]byte, error)

func SealWithNonce added in v1.6.0

func SealWithNonce(key []byte, nonce []byte, data []byte) ([]byte, error)

func SetKeyringPassword

func SetKeyringPassword(service string, user string, password []byte) error

SetKeyringPassword base64-encodes password and stores it.

func StoreCertificate

func StoreCertificate(cert *x509.Certificate, file string, perm os.FileMode) error

StoreCertificate encodes certificate and stores the result in file.

func StorePrivateKey

func StorePrivateKey(key crypto.PrivateKey, password []byte, file string) error

StorePrivateKey encrypts the private key and stores it in the returned file.

func VerifySignature

func VerifySignature(data []byte, key *ecdsa.PublicKey, signature string) bool

Types

type AESGCMEncryptionMaterials added in v1.6.0

type AESGCMEncryptionMaterials struct {
	// contains filtered or unexported fields
}

AESGCMEncryptionMaterials

func NewAESGCMMaterials

func NewAESGCMMaterials(info *encryption.NodeInfo, blockHandler BlockHandler) *AESGCMEncryptionMaterials

NewRangeAESGCMMaterials creates an encryption materials that use AES GCM.

func (*AESGCMEncryptionMaterials) CalculateOutputSize added in v1.6.0

func (m *AESGCMEncryptionMaterials) CalculateOutputSize(plainSize int64, user string) int64

func (*AESGCMEncryptionMaterials) Close added in v1.6.0

func (m *AESGCMEncryptionMaterials) Close() error

func (*AESGCMEncryptionMaterials) Read added in v1.6.0

func (m *AESGCMEncryptionMaterials) Read(b []byte) (int, error)

func (*AESGCMEncryptionMaterials) SetPlainRange added in v1.6.0

func (m *AESGCMEncryptionMaterials) SetPlainRange(offset, length int64)

func (*AESGCMEncryptionMaterials) SetupDecryptMode added in v1.6.0

func (m *AESGCMEncryptionMaterials) SetupDecryptMode(workingKey []byte, stream io.Reader) error

func (*AESGCMEncryptionMaterials) SetupEncryptMode added in v1.6.0

func (m *AESGCMEncryptionMaterials) SetupEncryptMode(workingKey []byte, stream io.Reader) error

type BlockHandler added in v1.6.0

type BlockHandler interface {
	SendKey(key *encryption.NodeKey) error
	SendBlock(block *encryption.Block) error
	Close() error
}

type EncryptedBlock added in v1.6.0

type EncryptedBlock struct {
	Header     *EncryptedBlockHeader
	HeaderSize uint32
	Payload    []byte
}

EncryptedBlock

func (*EncryptedBlock) GetPayloadLength added in v1.6.0

func (b *EncryptedBlock) GetPayloadLength() uint32

func (*EncryptedBlock) Read added in v1.6.0

func (b *EncryptedBlock) Read(reader io.Reader) (int, error)

func (*EncryptedBlock) SetPayload added in v1.6.0

func (b *EncryptedBlock) SetPayload(payload []byte) error

func (*EncryptedBlock) Write added in v1.6.0

func (b *EncryptedBlock) Write(writer io.Writer) (int, error)

type EncryptedBlockHeader added in v1.6.0

type EncryptedBlockHeader struct {
	Options *Options
	Nonce   []byte
	// contains filtered or unexported fields
}

EncryptionBlockHeader

func (*EncryptedBlockHeader) GetDataLength added in v1.6.0

func (h *EncryptedBlockHeader) GetDataLength() uint32

func (*EncryptedBlockHeader) Read added in v1.6.0

func (h *EncryptedBlockHeader) Read(reader io.Reader) (int, error)

func (*EncryptedBlockHeader) String added in v1.6.0

func (h *EncryptedBlockHeader) String() string

func (*EncryptedBlockHeader) Write added in v1.6.0

func (h *EncryptedBlockHeader) Write(writer io.Writer) (int, error)

type EncryptedBlockHeaderOption added in v1.6.0

type EncryptedBlockHeaderOption struct {
	// contains filtered or unexported fields
}

EncryptedBlockHeaderOption

func (*EncryptedBlockHeaderOption) GetID added in v1.6.0

func (op *EncryptedBlockHeaderOption) GetID() uint8

func (*EncryptedBlockHeaderOption) GetValue added in v1.6.0

func (op *EncryptedBlockHeaderOption) GetValue() []byte

func (*EncryptedBlockHeaderOption) HasValue added in v1.6.0

func (op *EncryptedBlockHeaderOption) HasValue() bool

func (*EncryptedBlockHeaderOption) IsTheLast added in v1.6.0

func (op *EncryptedBlockHeaderOption) IsTheLast() bool

func (*EncryptedBlockHeaderOption) Read added in v1.6.0

func (op *EncryptedBlockHeaderOption) Read(reader io.Reader) (int, error)

func (*EncryptedBlockHeaderOption) SetId added in v1.6.0

func (op *EncryptedBlockHeaderOption) SetId(id uint8) error

func (*EncryptedBlockHeaderOption) SetIsTheLast added in v1.6.0

func (op *EncryptedBlockHeaderOption) SetIsTheLast(last bool)

func (*EncryptedBlockHeaderOption) SetValue added in v1.6.0

func (op *EncryptedBlockHeaderOption) SetValue(value []byte) error

func (*EncryptedBlockHeaderOption) Write added in v1.6.0

func (op *EncryptedBlockHeaderOption) Write(writer io.Writer) (int, error)

type Options added in v1.6.0

type Options struct {
	Position int16
	PartId   int16
	Key      []byte
	UserId   string
}

EncryptedBlockHeaderOptions

func (*Options) Read added in v1.6.0

func (opts *Options) Read(reader io.Reader) (int, error)

func (*Options) Write added in v1.6.0

func (opts *Options) Write(writer io.Writer) (int, error)

type Template

type Template struct {
	Name              string
	Domains           []string
	IPs               []net.IP
	Expiry            time.Duration
	PublicKey         crypto.PublicKey
	SignerPrivateKey  crypto.PrivateKey
	SignerCertificate *x509.Certificate
}

Template specs for generating a certificate.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL