cryptography

package
v1.5.34 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2023 License: GPL-3.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (

	// ErrReplayAttack - Replay attack
	ErrReplayAttack = errors.New("replay attack detected")
	// ErrDecryptFailed
	ErrDecryptFailed = errors.New("decryption failed")
)
View Source 
var (
	// ECCPublicKey - The implant's ECC public key
	ECCPublicKey = "{{.Config.ECCPublicKey}}"

	// eccPublicKeySignature - The implant's public key minisigned'd
	ECCPublicKeySignature = `{{.Config.ECCPublicKeySignature}}`

	// ErrInvalidPeerKey - Peer to peer key exchange failed
	ErrInvalidPeerKey = errors.New("invalid peer key")
)
View Source 
var (
	// TLSKeyLogger - File descriptor for logging TLS keys
	TLSKeyLogger = newKeyLogger()
)

Functions

func Decrypt 

func Decrypt(key [chacha20poly1305.KeySize]byte, ciphertext []byte) ([]byte, error)

Decrypt - Decrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func ECCDecrypt 

func ECCDecrypt(senderPublicKey *[32]byte, recipientPrivateKey *[32]byte, ciphertext []byte) ([]byte, error)

ECCDecrypt - Decrypt using Curve 25519 + ChaCha20Poly1305

func ECCDecryptFromPeer 

func ECCDecryptFromPeer(senderPublicKey []byte, senderPublicKeySig string, ciphertext []byte) ([]byte, error)

ECCDecryptFromPeer - Decrypt a message from a peer

func ECCEncrypt 

func ECCEncrypt(recipientPublicKey *[32]byte, senderPrivateKey *[32]byte, plaintext []byte) ([]byte, error)

ECCEncrypt - Encrypt using Nacl Box

func ECCEncryptToPeer 

func ECCEncryptToPeer(recipientPublicKey []byte, recipientPublicKeySig string, plaintext []byte) ([]byte, error)

ECCEncryptToPeer - Encrypt using the peer's public key

func ECCEncryptToServer 

func ECCEncryptToServer(plaintext []byte) ([]byte, error)

ECCEncryptToServer - Encrypt using the server's public key

func Encrypt 

func Encrypt(key [chacha20poly1305.KeySize]byte, plaintext []byte) ([]byte, error)

Encrypt - Encrypt using chacha20poly1305 https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305

func GetExactOTPCode 

func GetExactOTPCode(timestamp time.Time) string

GetExactOTPCode - Get the OTP code for a specific timestamp

func GetOTPCode 

func GetOTPCode() string

GetOTPCode - Get the current OTP code

func GetServerECCPublicKey 

func GetServerECCPublicKey() *[32]byte

GetServerECCPublicKey - Get the decoded server public key

func MinisignVerify 

func MinisignVerify(message []byte, signature string) bool

MinisignVerify - Verify a minisign signature

func RandomKey 

func RandomKey() [chacha20poly1305.KeySize]byte

RandomKey - Generate random ID of randomIDSize bytes

func RootOnlyVerifyCertificate 

func RootOnlyVerifyCertificate(caCertPEM string, rawCerts [][]byte, _ [][]*x509.Certificate) error

rootOnlyVerifyCertificate - Go doesn't provide a method for only skipping hostname validation so we have to disable all of the certificate validation and re-implement everything. https://github.com/golang/go/issues/21971

func SetSecrets 

func SetSecrets(newEccPublicKey, newEccPrivateKey, newEccPublicKeySignature, newEccServerPublicKey, newTotpSecret, newMinisignServerPublicKey string)

{{if .Config.Debug}} - Used for unit tests, remove from normal builds where these values are set at compile-time

func ValidateTOTP 

func ValidateTOTP(code string) (bool, error)

ValidateTOTP - Validate a TOTP code

Types

type CipherContext 

type CipherContext struct {
	Key [chacha20poly1305.KeySize]byte
	// contains filtered or unexported fields
}

CipherContext - Tracks a series of messages encrypted under the same key and detects/prevents replay attacks.

func NewCipherContext 

func NewCipherContext(key [chacha20poly1305.KeySize]byte) *CipherContext

NewCipherContext - Wrapper around creating a cipher context from a key

func (*CipherContext) Decrypt 

func (c *CipherContext) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt - Decrypt a message with the contextual key and check for replay attacks

func (*CipherContext) Encrypt 

func (c *CipherContext) Encrypt(plaintext []byte) ([]byte, error)

Encrypt - Encrypt a message with the contextual key

type ECCKeyPair 

type ECCKeyPair struct {
	Public  *[32]byte
	Private *[32]byte
}

ECCKeyPair - Holds the public/private key pair

func GetECCKeyPair 

func GetECCKeyPair() *ECCKeyPair

GetECCKeyPair - Get the implant's key pair

type PublicKey 

type PublicKey struct {
	SignatureAlgorithm [2]byte
	KeyId              [8]byte
	PublicKey          [32]byte
}

PublicKey - Represents a public key

func DecodeMinisignPublicKey 

func DecodeMinisignPublicKey(in string) (PublicKey, error)

func (*PublicKey) Verify 

func (publicKey *PublicKey) Verify(bin []byte, signature Signature) (bool, error)

Verify - Verifies a signature of a buffer

type Signature 

type Signature struct {
	UntrustedComment   string
	SignatureAlgorithm [2]byte
	KeyId              [8]byte
	Signature          [64]byte
	TrustedComment     string
	GlobalSignature    [64]byte
}

Signature - Represents a minisign signature

func DecodeMinisignSignature 

func DecodeMinisignSignature(in string) (Signature, error)

DecodeMinisignSignature - Decodes a signature

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.