crypto

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 22, 2020 License: MIT Imports: 28 Imported by: 6

Documentation

Overview

Package crypto provides functions for managing encryption, keys, etc.

Index

Constants

View Source
const (
	// KeyDerivationSaltLength is the length of the salt in bytes
	KeyDerivationSaltLength = 8
	// KeyDerivationKeyLength is the length of the key derived in bytes
	KeyDerivationKeyLength = 32
)
View Source
const (
	// TokenInvalidErrorMsg says that the token is invalid
	TokenInvalidErrorMsg = "token invalid"

	// TokenExpiredErrorMsg says that the token is expired
	TokenExpiredErrorMsg = "token expired"
)
View Source
const (
	// SymmetricKeyLength is the length of the symmetric key in bytes
	SymmetricKeyLength = 32
)

Variables

View Source
var (
	// TestPrivateKey is an example key for testing purposes
	TestPrivateKey = []byte("very_sekrit_key")

	// TestMasterToken is an example token for testing purposes. This is
	// generated by TestGenerateMasterToken, and is a master token.
	TestMasterToken = "" /* 185-byte string literal not displayed */

	// TestInertiaKeyPath the path to Inertia's test RSA key
	TestInertiaKeyPath = "../../../test/keys/id_rsa"
)
View Source
var (
	// DaemonGithubKeyLocation is the default path of the generated deploy key
	DaemonGithubKeyLocation = os.Getenv("INERTIA_GH_KEY_PATH") //"/app/host/.ssh/id_rsa_inertia_deploy"
)

Functions

func CorrectPassword

func CorrectPassword(hash string, password string) bool

CorrectPassword checks if given password maps correctly to the given hash

func Decrypt added in v0.5.0

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt decrypts ciphertext using given key in AES GCM mode

func DeriveKey added in v0.5.0

func DeriveKey(password string, salt []byte) []byte

DeriveKey derives an AES encryption key based on salt + user's password using PBKDF2 with HMAC-SHA256

func Encrypt added in v0.5.0

func Encrypt(key, plaintext []byte) ([]byte, error)

Encrypt encrypts plaintext using given key in AES GCM mode

func GenerateBackupCodes added in v0.5.0

func GenerateBackupCodes() []string

GenerateBackupCodes generates an array of backup code strings in Github format.

Example: b2e03-ffbcf cebe6-b1bdd ...

func GenerateCertificate

func GenerateCertificate(certPath, keyPath, host, method string) error

GenerateCertificate creates an SSL certificate for HTTPS use

func GenerateMasterToken

func GenerateMasterToken(key []byte) (string, error)

GenerateMasterToken creates a "master" JSON Web Token (JWT) for a client to use when sending HTTP requests to the daemon server.

func GenerateSalt added in v0.5.0

func GenerateSalt() []byte

GenerateSalt returns a random hex encoded salt for KD algorithm

func GenerateSecretKey added in v0.5.0

func GenerateSecretKey(accountName string) (*otp.Key, error)

GenerateSecretKey creates a new key which can be turned into string or image

func GetAPIPrivateKey

func GetAPIPrivateKey(t *jwt.Token) (interface{}, error)

GetAPIPrivateKey returns the private RSA key to authenticate HTTP requests sent to the daemon. For now, we simply use the GitHub deploy key. Retrieves from default DaemonGithubKeyLocation.

func GetFakeAPIKey

func GetFakeAPIKey(tok *jwt.Token) (interface{}, error)

GetFakeAPIKey is a helper function that implements jwt.keyFunc and returns the test private key

func GetGithubKey

func GetGithubKey(pemFile io.Reader) (ssh.AuthMethod, error)

GetGithubKey returns an ssh.AuthMethod from the given io.Reader for use with the go-git library

func HashPassword

func HashPassword(password string) (string, error)

HashPassword generates a bcrypt-encrypted hash from given password

func IsCredentialFormatError added in v0.5.0

func IsCredentialFormatError(err error) bool

IsCredentialFormatError returns true if the given error is one related to username/password format

func IsLegalString

func IsLegalString(str string) bool

IsLegalString returns true if `str` only contains characters [A-Z], [a-z], or '_' or '-'

func ValidateCredentialValues

func ValidateCredentialValues(username, password string) error

ValidateCredentialValues takes a username and password and verifies if they are of sufficient length and if they only contain legal characters

func ValidatePasscode added in v0.5.0

func ValidatePasscode(passcode string, secret string) bool

ValidatePasscode validates one-time passcode against original secret key

func ValidateSignature added in v0.5.0

func ValidateSignature(signature string, payload, secretKey []byte) error

ValidateSignature validates the HMAC signature for the given payload. Based off of https://github.com/google/go-github

Types

type TokenClaims

type TokenClaims struct {
	SessionID string    `json:"session_id"`
	User      string    `json:"user"`
	Admin     bool      `json:"admin"`
	Expiry    time.Time `json:"expiry"`
}

TokenClaims represents a JWT token's claims

func ValidateToken

func ValidateToken(tokenString string, lookup jwt.Keyfunc) (*TokenClaims, error)

ValidateToken ensures token is valid and returns its metadata

func (*TokenClaims) GenerateToken

func (t *TokenClaims) GenerateToken(key []byte) (string, error)

GenerateToken creates a JWT token from this claim, signed with given key

func (*TokenClaims) IsMaster

func (t *TokenClaims) IsMaster() bool

IsMaster returns true if this is a master key

func (*TokenClaims) Valid

func (t *TokenClaims) Valid() error

Valid checks if token is authentic

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL