ickp

package
v0.0.0-...-d83f28c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2020 License: BSD-3-Clause Imports: 30 Imported by: 0

Documentation

Overview

Package ickp implements various key type handlers and associated utility routines ickp stands for IC Key Package

Index

Constants

View Source 
const (
	KEYRSA = iota
	KEYECDSA
	KEYEC25519

	KeyRSAStr     = "ic-rsa"
	KeyECDSAStr   = "ic-ecdsa"
	KeyEC25519Str = "ic-25519"

	PEMHDR_RSA   = "RSA PRIVATE KEY"
	PEMHDR_ECDSA = "ECDSA PRIVATE KEY"
	PEMHDR_25519 = "EC25519 PRIVATE KEY"
)
View Source 
const (
	KEYSIZE_RSA = 4096
)

Variables

View Source 
var (
	S2K = map[string]int{
		KeyRSAStr:     KEYRSA,
		KeyECDSAStr:   KEYECDSA,
		KeyEC25519Str: KEYEC25519,
	}

	K2S = map[int]string{
		KEYRSA:     KeyRSAStr,
		KEYECDSA:   KeyECDSAStr,
		KEYEC25519: KeyEC25519Str,
	}
)
View Source 
var ACrun bool
View Source 
var AcHomeDir string
View Source 
var AcIdPrivFile string
View Source 
var AcIdPubFile string
View Source 
var AcSaveFile string
View Source 
var LocalUser *user.User

Functions

func AEADDecryptPEMBlock 

func AEADDecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error)

DecryptPEMBlock takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes. It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned.

func AEADEncryptPEMBlock 

func AEADEncryptPEMBlock(rand io.Reader, blockType string, data, password []byte) (*pem.Block, error)

AEADEncryptPEMBlock returns a PEM block of the specified type holding the given DER-encoded data encrypted with AES-GCM256 algorithm, key is derived using PBKDF2 on the password. Header will be :

func GenKeysECDSA 

func GenKeysECDSA(r io.Reader) (*ecdsa.PrivateKey, error)

func GenKeysRSA 

func GenKeysRSA(r io.Reader) (*rsa.PrivateKey, error)

Types

type AcCOMM 

type AcCOMM struct {
	Pk *PKMap
	Sk *SKMap
	Rd *RDMap
}

we hash our data based on server we're connected to each entry will host channel keys and public keys within that server context

func (*AcCOMM) Init 

func (ac *AcCOMM) Init()

func (*AcCOMM) String 

func (ac *AcCOMM) String() string

AcCOMM display function..

type Ed25519PrivateKey 

type Ed25519PrivateKey struct {
	Pub  ed25519.PublicKey
	Priv ed25519.PrivateKey
}

func GenKeysED25519 

func GenKeysED25519(r io.Reader) (*Ed25519PrivateKey, error)

TODO: need to implement type Signer interface 

which mean we need Public() and Sign()

func (*Ed25519PrivateKey) Public 

func (priv *Ed25519PrivateKey) Public() crypto.PublicKey

func (*Ed25519PrivateKey) Sign 

func (priv *Ed25519PrivateKey) Sign(r io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

type IdentityKey 

type IdentityKey struct {
	// contains filtered or unexported fields
}

func LoadIdentityKey 

func LoadIdentityKey(prefix string, passwd []byte) (i *IdentityKey, err error)

func NewIdentityKey 

func NewIdentityKey(keytype int) (*IdentityKey, error)

func (*IdentityKey) FromKeyFiles 

func (i *IdentityKey) FromKeyFiles(prefix string, passwd []byte) (err error)

will try to load fprefix.pub / fprefix

func (*IdentityKey) PKIXToPriv 

func (i *IdentityKey) PKIXToPriv(rd io.Reader, passwd []byte) error

func (*IdentityKey) PKIXToPub 

func (i *IdentityKey) PKIXToPub(rd io.Reader) (err error)

func (*IdentityKey) PrivToPKIX 

func (i *IdentityKey) PrivToPKIX(wr io.Writer, passwd []byte) error

func (*IdentityKey) PubToPKIX 

func (i *IdentityKey) PubToPKIX(wr io.Writer) error

func (*IdentityKey) ToKeyFiles 

func (i *IdentityKey) ToKeyFiles(prefix string, passwd []byte) error

func (*IdentityKey) Type 

func (i *IdentityKey) Type() string

func (*IdentityKey) Validate 

func (i *IdentityKey) Validate() (err error)

just validation that the key is valid and complete..

type IdentityPublicKey 

type IdentityPublicKey struct {
	KeyType int
	//	KeyOwner string
	KeyBin []byte
}

type KexKey 

type KexKey struct {
	Nickname string
	Userhost string
	Server   string
	Pubkey   string
	HasPriv  bool
	//    Pubfp string // 32 bytes hex encoded string of the hash... XXX we will see if it's problematic later..
	Timestamp int64
	PubFP     [32]byte // 32 bytes hash of the public key...
	CreaTime  time.Time
	// contains filtered or unexported fields
}

KexKey describe the internal structure stored in memory for public/private key pairs owned or received from peers

func CreateKxKeys 

func CreateKxKeys(nickname, userhost, server string) (mykeys *KexKey, err error)

CreateKxKeys create an KexKey structure using provide randomness source and compute the initial EC Ephemeral keypair XXX Make sure PRNG is strong.. may be use fortuna...

func CreateKxKeys2 

func CreateKxKeys2(nickname, userhost, server string) (*KexKey, error)

XXX TODO: to reimplement properly..

func (*KexKey) GetPrivkey 

func (pk *KexKey) GetPrivkey() (privkey *[32]byte)

GetPrivkey retrieve and return the private key (privkey) of the current AcMyKeys structure.

func (*KexKey) GetPubfp 

func (pk *KexKey) GetPubfp() (PubFP []byte)

GetPubfp retrieve and return the public key fingerprint associated with the current key.

func (*KexKey) GetPubkey 

func (pk *KexKey) GetPubkey() (pubkey *[32]byte)

GetPubkey retrieve and return the public key component from the current KexKey structure.

func (*KexKey) SetPubkey 

func (pk *KexKey) SetPubkey(pubkey []byte) error

SetPubkey writes the argument provided public key (pubkey) of the current AcMyKeys structure.

func (*KexKey) String 

func (pk *KexKey) String() string

if you Println() the struct then it call this as part of the type.

type KeyGenerator 

type KeyGenerator struct {
	// contains filtered or unexported fields
}

func (*KeyGenerator) Init 

func (skgen *KeyGenerator) Init(input []byte, channel []byte, nick []byte, serv []byte) (err error)

func (*KeyGenerator) Read 

func (skgen *KeyGenerator) Read(p []byte) (n int, err error)

XXX TODO: return err if init() or Reset() has not been called

type PKMap 

type PKMap map[string](*KexKey)

This is for the public key cache

XXX Pk map[string](*KexKey)

func (*PKMap) GetPK 

func (pkm *PKMap) GetPK(nick string) *KexKey

func (*PKMap) String 

func (pkm *PKMap) String() string

type PSKMap 

type PSKMap map[string](*AcCOMM)

this type is a map[string](*AcCOMM) it's a map defining a set of Public/Session Keys used for encrypting and KEX on a specific network based on the server name as hash key. its not perfect but it avoid basic one-client-multiple-network-same-nick-same-channels scenarios. is it too complicated? hmm we need to make it clear 

var ACmap *PSKMap

some variable to handle the maps and the run loop

func NewPSKMap 

func NewPSKMap() (p *PSKMap)

func (*PSKMap) DelPKMapEntry 

func (psk *PSKMap) DelPKMapEntry(server, nick string) bool

func (*PSKMap) File2Map 

func (psk *PSKMap) File2Map(infilestr string, passwd []byte) (bool, error)

func (*PSKMap) GetPKMap 

func (psk *PSKMap) GetPKMap(server string) (*PKMap, bool)

func (*PSKMap) GetPKMapEntry 

func (psk *PSKMap) GetPKMapEntry(server string, nick string) (*KexKey, bool)

PKMaps

func (*PSKMap) GetRDMap 

func (psk *PSKMap) GetRDMap(server string) (*RDMap, bool)

func (*PSKMap) GetRDMapEntry 

func (psk *PSKMap) GetRDMapEntry(server string, channel string) ([]byte, bool)

RDMaps

func (*PSKMap) GetSKMap 

func (psk *PSKMap) GetSKMap(server string) (*SKMap, bool)

func (*PSKMap) GetSKMapEntry 

func (psk *PSKMap) GetSKMapEntry(server string, channel string) (*SecretKey, bool)

SKMaps

func (*PSKMap) Map2File 

func (psk *PSKMap) Map2File(outfilestr string, passwd []byte) (bool, error)

func (*PSKMap) SetPKMapEntry 

func (psk *PSKMap) SetPKMapEntry(server string, nick string, pk *KexKey)

XXX not our job to do initial root data struct allocation... let's try..

func (*PSKMap) SetRDMapEntry 

func (psk *PSKMap) SetRDMapEntry(server, channel string, rnd []byte)

func (*PSKMap) SetSKMapEntry 

func (psk *PSKMap) SetSKMapEntry(server string, channel string, sk *SecretKey)

func (*PSKMap) String 

func (psk *PSKMap) String() string

type RDMap 

type RDMap map[string]([]byte)

RDMap store the random value we use for "protecting/obfuscating" secret keys in memory, it is far from perfect, but better than pure plain text.

func (*RDMap) GetRD 

func (rdm *RDMap) GetRD(channel string) []byte

type SKMap 

type SKMap map[string](*SecretKey)

This is for the CHANNEL/QUERY keys cache

func (*SKMap) GetSK 

func (skm *SKMap) GetSK(channel string) *SecretKey

func (*SKMap) String 

func (skm *SKMap) String() string

type SecretKey 

type SecretKey struct {
	Nonce    uint32    `json:"nonce"`
	Bob      []byte    `json:"bob"`
	Key      *[32]byte `json:"key"`
	CreaTime time.Time `json:"creatime"`
	Overhead int       `json:"overhead"`
}

func CreateACContext 

func CreateACContext(channel []byte, nonce uint32) (context *SecretKey, err error)

func (*SecretKey) GetBob 

func (sk *SecretKey) GetBob() []byte

func (*SecretKey) GetKey 

func (sk *SecretKey) GetKey() []byte

func (*SecretKey) GetKeyLen 

func (sk *SecretKey) GetKeyLen() int

func (*SecretKey) GetNonce 

func (sk *SecretKey) GetNonce() uint32

func (*SecretKey) GetSealKey 

func (sk *SecretKey) GetSealKey() *[32]byte

func (*SecretKey) IncNonce 

func (sk *SecretKey) IncNonce(n uint32)

func (*SecretKey) NewKey 

func (sk *SecretKey) NewKey()

func (*SecretKey) RndKey 

func (sk *SecretKey) RndKey(rnd []byte)

func (*SecretKey) SetBob 

func (sk *SecretKey) SetBob(bob []byte)

func (*SecretKey) SetKey 

func (sk *SecretKey) SetKey(keydata []byte)

func (*SecretKey) SetNonce 

func (sk *SecretKey) SetNonce(nonce uint32)

func (*SecretKey) String 

func (sk *SecretKey) String() string

if you Println() the struct then it call this as part of the type.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.