crypto

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2020 License: Apache-2.0 Imports: 12 Imported by: 3

Documentation

Overview

Package crypto defines the cryptographic functions used in E4

Index

Constants

View Source 
const (
	// IDLen is the length of an E4 ID
	IDLen = 16
	// KeyLen is the length of a symmetric key
	KeyLen = 32
	// TagLen is the length of the authentication tag appended to the cipher
	TagLen = 16
	// HashLen is the length of a hashed topic
	HashLen = 16
	// TimestampLen is the length of the timestamp
	TimestampLen = 8
	// MaxTopicLen is the maximum length of a topic
	MaxTopicLen = 512
	// MaxDelayDuration is the validity time of a protected message
	MaxDelayDuration = 10 * time.Minute
	// MaxDelayKeyTransition is the validity time of an old topic key once updated
	MaxDelayKeyTransition = 60 * time.Minute
	// IDLenHex is the length of a hexadecimal encoded ID
	IDLenHex = IDLen * 2
	// KeyLenHex is the length of a hexadecimal encoded key
	KeyLenHex = KeyLen * 2

	// Curve25519PubKeyLen is the length of a curve25519 public key
	Curve25519PubKeyLen = 32
	// Curve25519PrivKeyLen is the length of a curve25519 private key
	Curve25519PrivKeyLen = 32
)

List of global e4 constants

View Source 
const (
	// PasswordMinLength defines the minimum size accepted for a password
	PasswordMinLength = 16
	// NameMinLen is the minimum length of a name
	NameMinLen = 1
	// NameMaxLen is the maximum length of a name
	NameMaxLen = 255
)

Variables

View Source 
var (
	// ErrInvalidProtectedLen occurs when the protected message is  not of the expected length
	ErrInvalidProtectedLen = errors.New("invalid length of protected message")
	// ErrTooShortCiphertext occurs when trying to unprotect a ciphertext shorter than TimestampLen
	ErrTooShortCiphertext = errors.New("ciphertext too short")
	// ErrTimestampInFuture occurs when the cipher timestamp is in the future
	ErrTimestampInFuture = errors.New("timestamp received is in the future")
	// ErrTimestampTooOld occurs when the cipher timestamp is older than MaxDelayDuration from now
	ErrTimestampTooOld = errors.New("timestamp too old")
	// ErrInvalidSignature occurs when a signature verification fails
	ErrInvalidSignature = errors.New("invalid signature")
	// ErrInvalidSignerID occurs when trying to sign with an invalid ID
	ErrInvalidSignerID = errors.New("invalid signer ID")
	// ErrInvalidTimestamp occurs when trying to sign with an invalid timestamp
	ErrInvalidTimestamp = errors.New("invalid timestamp")
)

Functions

func Decrypt 

func Decrypt(key, ad, ct []byte) ([]byte, error)

Decrypt decrypts and verifies an authenticated ciphertext

func DeriveSymKey 

func DeriveSymKey(pwd string) ([]byte, error)

DeriveSymKey derives a symmetric key from a password using Argon2 (Replaces HashPwd)

func Encrypt 

func Encrypt(key, ad, pt []byte) ([]byte, error)

Encrypt creates an authenticated ciphertext

func HashIDAlias 

func HashIDAlias(idalias string) []byte

HashIDAlias creates an ID from an ID alias string

func HashTopic 

func HashTopic(topic string) []byte

HashTopic creates a topic hash from a topic string

func ProtectSymKey 

func ProtectSymKey(payload, key []byte) ([]byte, error)

ProtectSymKey attempt to encrypt payload using given symmetric key

func RandomDelta16 

func RandomDelta16() uint16

RandomDelta16 produces a random 16-bit integer to allow us to vary key sizes, plaintext sizes etc

func RandomID 

func RandomID() []byte

RandomID generates a random IDLen-byte ID

func RandomKey 

func RandomKey() []byte

RandomKey generates a random KeyLen-byte key usable by Encrypt and Decrypt

func Sha3Sum256 

func Sha3Sum256(data []byte) []byte

Sha3Sum256 returns the sha3 sum of given data

func Sign 

func Sign(signerID []byte, privateKey Ed25519PrivateKey, timestamp []byte, payload []byte) ([]byte, error)

Sign will sign the given payload using the given privateKey, producing an output composed of: timestamp + signedID + payload + signature

func UnprotectSymKey 

func UnprotectSymKey(protected, key []byte) ([]byte, error)

UnprotectSymKey attempt to decrypt protected bytes, using given symmetric key

func ValidateCurve25519PrivKey 

func ValidateCurve25519PrivKey(key []byte) error

ValidateCurve25519PrivKey checks that a key is of the expected length and not all zero

func ValidateCurve25519PubKey 

func ValidateCurve25519PubKey(key []byte) error

ValidateCurve25519PubKey checks that a key is of the expected length and not all zero

func ValidateEd25519PrivKey 

func ValidateEd25519PrivKey(key []byte) error

ValidateEd25519PrivKey checks that a key is of the expected length and not all zero

func ValidateEd25519PubKey 

func ValidateEd25519PubKey(key []byte) error

ValidateEd25519PubKey checks that a key is of the expected length and not all zero

func ValidateID 

func ValidateID(id []byte) error

ValidateID checks that an id is of the expected length

func ValidateName 

func ValidateName(name string) error

ValidateName is used to validate names match given constraints since we hash these in the protocol, those constraints are quite liberal, but for correctness we check any string is valid UTF-8

func ValidatePassword 

func ValidatePassword(password string) error

ValidatePassword checks given password is an utf8 string of at least PasswordMinLength characters

func ValidateSymKey 

func ValidateSymKey(key []byte) error

ValidateSymKey checks that a key is of the expected length and not filled with zero

func ValidateTimestamp 

func ValidateTimestamp(timestamp []byte) error

ValidateTimestamp checks that given timestamp bytes are a valid LittleEndian encoded timestamp, not in the future and not older than MaxDelayDuration

func ValidateTimestampKey 

func ValidateTimestampKey(timestamp []byte) error

ValidateTimestampKey checks that given timestamp bytes are a valid LittleEndian encoded timestamp, not in the future and not older than MaxDelayKeyTransition

func ValidateTopic 

func ValidateTopic(topic string) error

ValidateTopic checks if a topic is not too large or empty

func ValidateTopicHash 

func ValidateTopicHash(topicHash []byte) error

ValidateTopicHash checks that a topic hash is of the expected length

Types

type Curve25519PrivateKey 

type Curve25519PrivateKey = []byte

Curve25519PrivateKey defines an alias for curve 25519 private keys

func PrivateEd25519KeyToCurve25519 

func PrivateEd25519KeyToCurve25519(edPrivKey Ed25519PrivateKey) Curve25519PrivateKey

PrivateEd25519KeyToCurve25519 convert an Ed25519PrivateKey to a Curve25519PrivateKey.

type Curve25519PublicKey 

type Curve25519PublicKey = []byte

Curve25519PublicKey defines an alias for curve 25519 public keys

func PublicEd25519KeyToCurve25519 

func PublicEd25519KeyToCurve25519(edPubKey Ed25519PublicKey) Curve25519PublicKey

PublicEd25519KeyToCurve25519 convert an Ed25519PublicKey to a Curve25519PublicKey.

type Ed25519PrivateKey added in v1.0.1 

type Ed25519PrivateKey = []byte

Ed25519PrivateKey defines an alias for Ed25519 private keys

func Ed25519PrivateKeyFromPassword 

func Ed25519PrivateKeyFromPassword(password string) (Ed25519PrivateKey, error)

Ed25519PrivateKeyFromPassword creates a ed25519.PrivateKey from a password

type Ed25519PublicKey added in v1.0.1 

type Ed25519PublicKey = []byte

Ed25519PublicKey defines an alias for Ed25519 public keys

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.