Documentation ¶
Overview ¶
Package crypto contains cryptographic utilities.
Index ¶
- Constants
- Variables
- func DecodeTLSCertificate(i io.Reader) (*x509.Certificate, error)
- func DecodeTLSCertificateFromFile(path string) (*x509.Certificate, error)
- func DecodeTLSPrivateKey(i io.Reader) (crypto.PrivateKey, error)
- func DecodeTLSPrivateKeyFromFile(path string) (crypto.PrivateKey, error)
- func EncodeKeyToFile(key Key, file string) error
- func EncodeTLSCertificate(o io.Writer, cert *x509.Certificate) error
- func EncodeTLSCertificateToFile(path string, cert *x509.Certificate) error
- func EncodeTLSPrivateKey(o io.Writer, key crypto.PrivateKey) error
- func EncodeTLSPrivateKeyToFile(path string, key crypto.PrivateKey) error
- func GenerateCA(cfg CACertConfig) (privkey crypto.PrivateKey, cert *x509.Certificate, err error)
- func GenerateECDSAKey(size int) (*ecdsa.PrivateKey, error)
- func GenerateSelfSignedServerCert() (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
- func IsValidDefaultPSK(s string) bool
- func IsValidPSK(s string, length int) bool
- func IsValidPSKBytes(b []byte, length int) bool
- func IssueCertificate(cfg IssueConfig) (privkey crypto.PrivateKey, cert *x509.Certificate, err error)
- func NewRandomID() (string, error)
- func NewTLSKey(keyType TLSKeyType, size int) (privkey crypto.PrivateKey, pubkey crypto.PublicKey, err error)
- func Rendezvous(keys ...PublicKey) string
- func Sign(data []byte, psk PSK) ([]byte, error)
- func Verify(data, signature []byte, psk PSK) error
- type CACertConfig
- type IssueConfig
- type Key
- type PSK
- type PrivateKey
- func DecodePrivateKey(in string) (PrivateKey, error)
- func DecodePrivateKeyFromFile(path string) (PrivateKey, error)
- func GenerateKey() (PrivateKey, error)
- func MustGenerateKey() PrivateKey
- func MustPrivateKeyFromNative(in crypto.PublicKey) PrivateKey
- func ParsePrivateKey(data []byte) (PrivateKey, error)
- func PrivateKeyFromIdentity(inkey p2pcrypto.PrivKey) (PrivateKey, error)
- func PrivateKeyFromNative(inkey crypto.PrivateKey) (PrivateKey, error)
- func UnmarshalPrivateKey(data []byte) (PrivateKey, error)
- type PublicKey
- func DecodePublicKey(in string) (PublicKey, error)
- func MustPublicKeyFromNative(in crypto.PublicKey) PublicKey
- func ParsePublicKey(data []byte) (PublicKey, error)
- func PubKeyFromID(id string) (PublicKey, error)
- func PublicKeyFromIdentity(inkey p2pcrypto.PubKey) (PublicKey, error)
- func PublicKeyFromNative(inkey crypto.PublicKey) (PublicKey, error)
- func UnmarshalPublicKey(data []byte) (PublicKey, error)
- type SortedKeys
- type StdPrivateKey
- type TLSCertificate
- type TLSKeyType
- type VerifyPeerCertificateFunc
- type WebmeshPrivateKey
- func (w *WebmeshPrivateKey) AsIdentity() p2pcrypto.PrivKey
- func (w *WebmeshPrivateKey) AsNative() ed25519.PrivateKey
- func (w *WebmeshPrivateKey) Bytes() []byte
- func (w *WebmeshPrivateKey) Encode() (string, error)
- func (w *WebmeshPrivateKey) Equals(inKey Key) bool
- func (w *WebmeshPrivateKey) ID() string
- func (w *WebmeshPrivateKey) Marshal() ([]byte, error)
- func (w *WebmeshPrivateKey) PublicKey() PublicKey
- func (k *WebmeshPrivateKey) Rendezvous(keys ...PublicKey) string
- func (w *WebmeshPrivateKey) Sign(data []byte) ([]byte, error)
- func (w *WebmeshPrivateKey) Type() cryptopb.KeyType
- func (w *WebmeshPrivateKey) WireGuardKey() wgtypes.Key
- type WebmeshPublicKey
- func (w *WebmeshPublicKey) AsIdentity() p2pcrypto.PubKey
- func (w *WebmeshPublicKey) AsNative() ed25519.PublicKey
- func (w *WebmeshPublicKey) Bytes() []byte
- func (w *WebmeshPublicKey) Encode() (string, error)
- func (w *WebmeshPublicKey) Equals(in Key) bool
- func (w *WebmeshPublicKey) ID() string
- func (w *WebmeshPublicKey) Marshal() ([]byte, error)
- func (k *WebmeshPublicKey) Rendezvous(keys ...PublicKey) string
- func (w *WebmeshPublicKey) Type() cryptopb.KeyType
- func (w *WebmeshPublicKey) Verify(data []byte, sig []byte) (success bool, err error)
- func (w *WebmeshPublicKey) WireGuardKey() wgtypes.Key
Constants ¶
const DefaultPSKLength = 32
DefaultPSKLength is the default length of a PSK.
const WebmeshKeyType cryptopb.KeyType = 5
WebmeshKeyType is the protobuf key type for Webmesh keys.
Variables ¶
var ( // ErrInvalidKeyType is returned when an invalid key type is used. ErrInvalidKeyType = fmt.Errorf("invalid key type") // ErrInvalidKeySize is returned when an invalid key size is used. ErrInvalidKeySize = fmt.Errorf("invalid key size") )
var ErrInvalidPeerCertificate = fmt.Errorf("invalid peer certificate")
ErrInvalidPeerCertificate is returned when a TLS connection has invalid peer certificate.
var ErrInvalidSignature = fmt.Errorf("invalid signature")
ErrInvalidSignature is returned when a signature is invalid.
var ValidPSKChars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
ValidPSKChars is the set of valid characters for a PSK.
Functions ¶
func DecodeTLSCertificate ¶ added in v0.15.0
func DecodeTLSCertificate(i io.Reader) (*x509.Certificate, error)
DecodeTLSCertificate is a helper function to decode a certificate from PEM.
func DecodeTLSCertificateFromFile ¶ added in v0.15.0
func DecodeTLSCertificateFromFile(path string) (*x509.Certificate, error)
DecodeTLSCertificateFromFile is a helper function to read a PEM encoded certificate from a file.
func DecodeTLSPrivateKey ¶ added in v0.15.0
func DecodeTLSPrivateKey(i io.Reader) (crypto.PrivateKey, error)
DecodeTLSPrivateKey is a helper function to decode a private key from PEM.
func DecodeTLSPrivateKeyFromFile ¶ added in v0.15.0
func DecodeTLSPrivateKeyFromFile(path string) (crypto.PrivateKey, error)
DecodeTLSPrivateKeyFromFile is a helper function to read a PEM encoded private key from a file.
func EncodeKeyToFile ¶ added in v0.16.0
EncodeKeyToFile encodes a key to a file.
func EncodeTLSCertificate ¶ added in v0.15.0
func EncodeTLSCertificate(o io.Writer, cert *x509.Certificate) error
EncodeTLSCertificate is a helper function to encode a certificate to PEM.
func EncodeTLSCertificateToFile ¶ added in v0.15.0
func EncodeTLSCertificateToFile(path string, cert *x509.Certificate) error
EncodeTLSCertificateToFile is a helper function to write a PEM encoded certificate to a file.
func EncodeTLSPrivateKey ¶ added in v0.15.0
func EncodeTLSPrivateKey(o io.Writer, key crypto.PrivateKey) error
EncodeTLSPrivateKey is a helper function to encode the given key to PEM.
func EncodeTLSPrivateKeyToFile ¶ added in v0.15.0
func EncodeTLSPrivateKeyToFile(path string, key crypto.PrivateKey) error
EncodeTLSPrivateKeyToFile is a helper function to write a PEM encoded private key to a file.
func GenerateCA ¶ added in v0.12.1
func GenerateCA(cfg CACertConfig) (privkey crypto.PrivateKey, cert *x509.Certificate, err error)
GenerateCA generates a self-signed CA certificate.
func GenerateECDSAKey ¶ added in v0.12.1
func GenerateECDSAKey(size int) (*ecdsa.PrivateKey, error)
GenerateECDSAKey generates an ECDSA key using an elliptic curve of the given size.
func GenerateSelfSignedServerCert ¶ added in v0.12.1
func GenerateSelfSignedServerCert() (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
GenerateSelfSignedServerCert generates a self-signed server certificate with the built-in defaults.
func IsValidDefaultPSK ¶
IsValidDefaultPSK returns true if the given string is a valid PSK.
func IsValidPSK ¶
IsValidPSK returns true if the given string is a valid PSK.
func IsValidPSKBytes ¶
IsValidPSKBytes returns true if the given byte slice is a valid PSK.
func IssueCertificate ¶ added in v0.12.1
func IssueCertificate(cfg IssueConfig) (privkey crypto.PrivateKey, cert *x509.Certificate, err error)
IssueCertificate issues a certificate against the given CA with the given configuration. Key usages are assumed to be for client and server authentication.
func NewRandomID ¶ added in v0.15.0
NewRandomID returns a new random ID.
func NewTLSKey ¶ added in v0.15.0
func NewTLSKey(keyType TLSKeyType, size int) (privkey crypto.PrivateKey, pubkey crypto.PublicKey, err error)
NewTLSKey creates a new TLS key with the given keytype and size. Size is ignored for Webmesh keys.
func Rendezvous ¶
Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.
Types ¶
type CACertConfig ¶ added in v0.12.1
type CACertConfig struct { // CommonName is the common name of the certificate. CommonName string // ValidFor is the duration the certificate is valid for. ValidFor time.Duration // KeyType is the type of key to use. KeyType TLSKeyType // KeySize is the size of the key to use. KeySize int // Key is a pre-existing key to use. Key PrivateKey }
CACertConfig is a configuration for a self-signed CA certificate.
func (*CACertConfig) Default ¶ added in v0.15.0
func (c *CACertConfig) Default()
Default sets the default values for the configuration.
type IssueConfig ¶ added in v0.12.1
type IssueConfig struct { // CommonName is the common name of the certificate. CommonName string // ValidFor is the duration the certificate is valid for. ValidFor time.Duration // KeyType is the type of key to use. KeyType TLSKeyType // KeySize is the size of the key to use. KeySize int // Key is a pre-existing key to use. Key PrivateKey // CACert is the CA certificate to use. CACert *x509.Certificate // CAKey is the CA key to use. CAKey crypto.PrivateKey }
IssueConfig is a configuration for issuing a certificate.
func (*IssueConfig) Default ¶ added in v0.15.0
func (c *IssueConfig) Default()
Default sets the default values for the configuration.
type Key ¶
type Key interface { // ID returns the peer ID of the key as an encoded string. // This will always be the ID of the public key. ID() string // Bytes returns the raw bytes of the key. This is the same as Key.Raw // without needing to do an error check. Bytes() []byte // WireGuardKey returns the WireGuard key. WireGuardKey() wgtypes.Key // Encode returns the base64 encoded string representation of the marshaled key. Encode() (string, error) // Marshal returns the protobuf marshaled key. Marshal() ([]byte, error) // Rendezvous generates a rendezvous string for discovering the peers at the given // public wireguard keys. Rendezvous(keys ...PublicKey) string // Equals returns true if the given key is equal to this key. Equals(Key) bool }
Key is the interface that all keys satisfy.
type PSK ¶
type PSK []byte
PSK is a pre-shared key.
func GeneratePSKWithLength ¶
GeneratePSKWithLength generates a PSK with a given length.
func MustGeneratePSK ¶
func MustGeneratePSK() PSK
MustGeneratePSK generates a PSK and panics on error.
func (PSK) DeterministicSign ¶
DeterministicSign creates a signature of the given data using this PSK.
func (PSK) DeterministicVerify ¶
DeterministicVerify verifies the given signature against the given data using this PSK.
type PrivateKey ¶ added in v0.6.0
type PrivateKey interface { Key // AsIdentity returns the private key as a libp2p crypto private key. // This changes the type of the key to a ed25519 private key. AsIdentity() p2pcrypto.PrivKey // AsNative returns the private key as a native crypto private key. AsNative() ed25519.PrivateKey // PublicKey returns the PublicKey as a PublicKey interface. PublicKey() PublicKey }
PrivateKey is a private key used for encryption and identity over webmesh.
func DecodePrivateKey ¶ added in v0.6.0
func DecodePrivateKey(in string) (PrivateKey, error)
DecodePrivateKey decodes a private key from a base64 string.
func DecodePrivateKeyFromFile ¶ added in v0.15.0
func DecodePrivateKeyFromFile(path string) (PrivateKey, error)
DecodePrivateKeyFromFile decodes a private key from a file.
func MustGenerateKey ¶
func MustGenerateKey() PrivateKey
MustGenerateKey generates a new private key or panics.
func MustPrivateKeyFromNative ¶ added in v0.15.0
func MustPrivateKeyFromNative(in crypto.PublicKey) PrivateKey
MustPrivateKeyFromNative returns a private key from a native crypto private key or panics.
func ParsePrivateKey ¶ added in v0.6.0
func ParsePrivateKey(data []byte) (PrivateKey, error)
ParsePrivateKey parses a private key from raw protobuf-serialized form.
func PrivateKeyFromIdentity ¶ added in v0.15.0
func PrivateKeyFromIdentity(inkey p2pcrypto.PrivKey) (PrivateKey, error)
PrivateKeyFromIdentity returns a private key from a libp2p crypto private key.
func PrivateKeyFromNative ¶ added in v0.15.0
func PrivateKeyFromNative(inkey crypto.PrivateKey) (PrivateKey, error)
PrivateKeyFromNative returns a private key from a native crypto private key.
func UnmarshalPrivateKey ¶ added in v0.6.0
func UnmarshalPrivateKey(data []byte) (PrivateKey, error)
UnmarshalPrivateKey unmarshals a private key from protobuf-serialized form.
type PublicKey ¶ added in v0.6.0
type PublicKey interface { Key // AsIdentity returns the public key as a libp2p crypto public key. // This changes the type of the key to a ed25519 public key. AsIdentity() p2pcrypto.PubKey // AsNative returns the public key as a native crypto public key. AsNative() ed25519.PublicKey }
PublicKey is a public key used for encryption and identity over webmesh.
func DecodePublicKey ¶ added in v0.6.0
DecodePublicKey decodes a public key from a base64 encoded string.
func MustPublicKeyFromNative ¶ added in v0.15.0
MustPublicKeyFromNative returns a public key from a native crypto public key or panics.
func ParsePublicKey ¶ added in v0.6.0
ParsePublicKey parses a public key from raw bytes.
func PubKeyFromID ¶ added in v0.12.1
PubKeyFromID returns the public key from the given peer ID.
func PublicKeyFromIdentity ¶ added in v0.15.0
PublicKeyFromIdentity returns a public key from a libp2p crypto public key.
func PublicKeyFromNative ¶ added in v0.15.0
PublicKeyFromNative returns a public key from a native crypto public key.
func UnmarshalPublicKey ¶ added in v0.6.0
UnmarshalPublicKey unmarshals a public key from protobuf-serialized form.
type SortedKeys ¶ added in v0.6.3
type SortedKeys []PublicKey
SortedKeys is a slice of public keys that can be sorted.
func (SortedKeys) Len ¶ added in v0.6.3
func (s SortedKeys) Len() int
func (SortedKeys) Less ¶ added in v0.6.3
func (s SortedKeys) Less(i, j int) bool
func (SortedKeys) Swap ¶ added in v0.6.3
func (s SortedKeys) Swap(i, j int)
type StdPrivateKey ¶ added in v0.15.0
type StdPrivateKey = crypto.PrivateKey
StdPrivateKey is a type alias to the std crypto private key. It's provided for convenience.
type TLSCertificate ¶ added in v0.15.0
type TLSCertificate = x509.Certificate
TLSCertificate is a type alias to x509.Certificate. It's provided for convenience.
type TLSKeyType ¶ added in v0.12.1
type TLSKeyType string
TLSKeyType is a type of TLS key.
const ( // TLSKeyRSA is an RSA key. TLSKeyRSA TLSKeyType = "rsa" // TLSKeyECDSA is an ECDSA key. TLSKeyECDSA TLSKeyType = "ecdsa" // TLSKeyWebmesh is a Webmesh key. These are ed25519 keys. TLSKeyWebmesh TLSKeyType = "webmesh" // DefaultTLSKeyType is the default key type. DefaultTLSKeyType TLSKeyType = TLSKeyECDSA // DefaultCAName is the default name of the CA. DefaultCAName = "webmesh-ca" // DefaultCertName is the default name of the certificate. DefaultCertName = "webmesh-cert" )
func (TLSKeyType) IsValid ¶ added in v0.15.0
func (t TLSKeyType) IsValid() bool
func (TLSKeyType) String ¶ added in v0.15.0
func (t TLSKeyType) String() string
type VerifyPeerCertificateFunc ¶ added in v0.15.0
type VerifyPeerCertificateFunc func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
VerifyPeerCertificateFunc is a function that can be used in a TLS configuration to verify the peer certificate.
func VerifyCertificateChainFromFile ¶ added in v0.15.0
func VerifyCertificateChainFromFile(filename string) (VerifyPeerCertificateFunc, error)
VerifyCertificateChainFromFile returns a function that can be used in a TLS configuration to verify that the certificate chain is valid according to the PEM-encoded data in the given file.
func VerifyCertificateChainOnly ¶ added in v0.15.0
func VerifyCertificateChainOnly(rootcerts []*x509.Certificate) VerifyPeerCertificateFunc
VerifyCertificateChainOnly returns a function that can be used in a TLS configuration to only verify that the certificate chain is valid.
type WebmeshPrivateKey ¶ added in v0.6.0
type WebmeshPrivateKey struct {
// contains filtered or unexported fields
}
WebmeshPrivateKey is a private key used for webmesh transport.
func (*WebmeshPrivateKey) AsIdentity ¶ added in v0.15.0
func (w *WebmeshPrivateKey) AsIdentity() p2pcrypto.PrivKey
AsIdentity returns the private key as a libp2p crypto private key. This changes the type of the key to a ed25519 private key.
func (*WebmeshPrivateKey) AsNative ¶ added in v0.14.11
func (w *WebmeshPrivateKey) AsNative() ed25519.PrivateKey
AsNative returns the private key as a native crypto private key.
func (*WebmeshPrivateKey) Bytes ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Bytes() []byte
Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.
func (*WebmeshPrivateKey) Encode ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Encode() (string, error)
Encode returns the base64 encoded string representation of the marshaled key.
func (*WebmeshPrivateKey) Equals ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Equals(inKey Key) bool
Equals returns true if the given key is equal to this key.
func (*WebmeshPrivateKey) ID ¶ added in v0.6.0
func (w *WebmeshPrivateKey) ID() string
ID returns the peer ID of the key.
func (*WebmeshPrivateKey) Marshal ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Marshal() ([]byte, error)
Marshal returns the protobuf marshaled key.
func (*WebmeshPrivateKey) PublicKey ¶ added in v0.6.0
func (w *WebmeshPrivateKey) PublicKey() PublicKey
PublicKey returns the public key.
func (*WebmeshPrivateKey) Rendezvous ¶ added in v0.6.0
func (k *WebmeshPrivateKey) Rendezvous(keys ...PublicKey) string
Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.
func (*WebmeshPrivateKey) Sign ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Sign(data []byte) ([]byte, error)
Sign cryptographically signs the given bytes.
func (*WebmeshPrivateKey) Type ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Type() cryptopb.KeyType
Type returns the protobuf key type.
func (*WebmeshPrivateKey) WireGuardKey ¶ added in v0.6.0
func (w *WebmeshPrivateKey) WireGuardKey() wgtypes.Key
WireGuardKey computes the private key's wireguard key.
type WebmeshPublicKey ¶ added in v0.6.0
type WebmeshPublicKey struct {
// contains filtered or unexported fields
}
WebmeshPublicKey is a public key used for webmesh transport.
func (*WebmeshPublicKey) AsIdentity ¶ added in v0.15.0
func (w *WebmeshPublicKey) AsIdentity() p2pcrypto.PubKey
AsIdentity returns the public key as a libp2p crypto public key. This changes the type of the key to a ed25519 public key.
func (*WebmeshPublicKey) AsNative ¶ added in v0.14.11
func (w *WebmeshPublicKey) AsNative() ed25519.PublicKey
AsNative returns the public key as a native crypto public key.
func (*WebmeshPublicKey) Bytes ¶ added in v0.6.0
func (w *WebmeshPublicKey) Bytes() []byte
Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.
func (*WebmeshPublicKey) Encode ¶ added in v0.6.0
func (w *WebmeshPublicKey) Encode() (string, error)
Encode returns the base64 encoded string representation of the marshaled key.
func (*WebmeshPublicKey) Equals ¶ added in v0.6.0
func (w *WebmeshPublicKey) Equals(in Key) bool
Equals returns true if the given key is equal to this key.
func (*WebmeshPublicKey) ID ¶ added in v0.6.0
func (w *WebmeshPublicKey) ID() string
ID returns the peer ID of the key.
func (*WebmeshPublicKey) Marshal ¶ added in v0.6.0
func (w *WebmeshPublicKey) Marshal() ([]byte, error)
Marshal returns the protobuf marshaled key.
func (*WebmeshPublicKey) Rendezvous ¶ added in v0.6.0
func (k *WebmeshPublicKey) Rendezvous(keys ...PublicKey) string
Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.
func (*WebmeshPublicKey) Type ¶ added in v0.6.0
func (w *WebmeshPublicKey) Type() cryptopb.KeyType
Type returns the protobuf key type.
func (*WebmeshPublicKey) Verify ¶ added in v0.6.0
func (w *WebmeshPublicKey) Verify(data []byte, sig []byte) (success bool, err error)
Verify compares a signature against the input data
func (*WebmeshPublicKey) WireGuardKey ¶ added in v0.6.0
func (w *WebmeshPublicKey) WireGuardKey() wgtypes.Key
WireGuardKey computes the private key's wireguard key.