crypto

package
v0.13.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 12, 2023 License: Apache-2.0 Imports: 28 Imported by: 1

Documentation

Overview

Package crypto contains cryptographic utilities.

Index

Constants

View Source 
const DefaultPSKLength = 32

DefaultPSKLength is the default length of a PSK.

View Source 
const WebmeshKeyType cryptopb.KeyType = 5

WebmeshKeyType is the protobuf key type for Webmesh keys.

Variables

View Source 
var ErrInvalidSignature = fmt.Errorf("invalid signature")

ErrInvalidSignature is returned when a signature is invalid.

View Source 
var ValidPSKChars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")

ValidPSKChars is the set of valid characters for a PSK.

Functions

func GenerateCA added in v0.12.1 

func GenerateCA(cfg CACertConfig) (privKey crypto.PrivateKey, cert *x509.Certificate, err error)

GenerateCA generates a self-signed CA certificate.

func GenerateECDSAKey added in v0.12.1 

func GenerateECDSAKey(size int) (*ecdsa.PrivateKey, error)

GenerateECDSAKey generates an ECDSA key using an elliptic curve of the given size.

func GenerateSelfSignedServerCert added in v0.12.1 

func GenerateSelfSignedServerCert() (privKey crypto.PrivateKey, cert *x509.Certificate, err error)

GenerateSelfSignedServerCert generates a self-signed server certificate with the built-in defaults.

func IsValidDefaultPSK 

func IsValidDefaultPSK(s string) bool

IsValidDefaultPSK returns true if the given string is a valid PSK.

func IsValidPSK 

func IsValidPSK(s string, length int) bool

IsValidPSK returns true if the given string is a valid PSK.

func IsValidPSKBytes 

func IsValidPSKBytes(b []byte, length int) bool

IsValidPSKBytes returns true if the given byte slice is a valid PSK.

func IssueCertificate added in v0.12.1 

func IssueCertificate(cfg IssueConfig, caCert *x509.Certificate, caKey crypto.PrivateKey) (privKey crypto.PrivateKey, cert *x509.Certificate, err error)

IssueCertificate issues a certificate against the given CA with the given configuration.

func Rendezvous 

func Rendezvous(keys ...PublicKey) string

Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.

func Sign 

func Sign(data []byte, psk PSK) ([]byte, error)

Sign signs the given data using the given PSK.

func Verify 

func Verify(data, signature []byte, psk PSK) error

Verify verifies the given signature against the given data using the given PSK.

func VerifyConnectionChainOnly added in v0.12.2 

func VerifyConnectionChainOnly(cs tls.ConnectionState) error

VerifyConnectionChainOnly is a function that can be used in a TLS configuration to only verify that the certificate chain is valid.

Types

type CACertConfig added in v0.12.1 

type CACertConfig struct {
	// CommonName is the common name of the certificate.
	CommonName string
	// ValidFor is the duration the certificate is valid for.
	ValidFor time.Duration
	// KeyType is the type of key to use.
	KeyType TLSKeyType
	// KeySize is the size of the key to use.
	KeySize int
}

CACertConfig is a configuration for a self-signed CA certificate.

type IssueConfig added in v0.12.1 

type IssueConfig struct {
	// CommonName is the common name of the certificate.
	CommonName string
	// ValidFor is the duration the certificate is valid for.
	ValidFor time.Duration
	// KeyType is the type of key to use.
	KeyType TLSKeyType
	// KeySize is the size of the key to use.
	KeySize int
}

IssueConfig is a configuration for issuing a certificate.

type Key 

type Key interface {
	p2pcrypto.Key

	// ID returns the peer ID of the key.
	ID() string

	// Bytes returns the raw bytes of the key. This is the same as Key.Raw
	// without needing to do an error check.
	Bytes() []byte

	// WireGuardKey returns the WireGuard key.
	WireGuardKey() wgtypes.Key

	// Encode returns the base64 encoded string representation of the marshaled key.
	Encode() (string, error)

	// Marshal returns the protobuf marshaled key.
	Marshal() ([]byte, error)

	// Rendezvous generates a rendezvous string for discovering the peers at the given
	// public wireguard keys.
	Rendezvous(keys ...PublicKey) string
}

Key is the interface that all keys satisfy.

type PSK 

type PSK []byte

PSK is a pre-shared key.

func GeneratePSK 

func GeneratePSK() (PSK, error)

GeneratePSK generates a PSK.

func GeneratePSKWithLength 

func GeneratePSKWithLength(length int) (PSK, error)

GeneratePSKWithLength generates a PSK with a given length.

func MustGeneratePSK 

func MustGeneratePSK() PSK

MustGeneratePSK generates a PSK and panics on error.

func (PSK) DeterministicSign 

func (p PSK) DeterministicSign(data []byte) ([]byte, error)

DeterministicSign creates a signature of the given data using this PSK.

func (PSK) DeterministicVerify 

func (p PSK) DeterministicVerify(data, signature []byte) error

DeterministicVerify verifies the given signature against the given data using this PSK.

func (PSK) Sign 

func (p PSK) Sign(data []byte) ([]byte, error)

Sign creates a signature of the given data using this PSK.

func (PSK) String 

func (p PSK) String() string

func (PSK) Verify 

func (p PSK) Verify(data, signature []byte) error

Verify verifies the given signature against the given data using this PSK.

type PrivateKey added in v0.6.0 

type PrivateKey interface {
	Key
	p2pcrypto.PrivKey

	// AsPrivKey returns the private key as a libp2p crypto private key.
	// This changes the type of the key to a ed25519 private key.
	AsPrivKey() p2pcrypto.PrivKey

	// PublicKey returns the PublicKey as a PublicKey interface.
	PublicKey() PublicKey
}

PrivateKey is a private key used for encryption and identity over webmesh.

func DecodePrivateKey added in v0.6.0 

func DecodePrivateKey(in string) (PrivateKey, error)

DecodePrivateKey decodes a private key from a base64 string.

func GenerateKey 

func GenerateKey() (PrivateKey, error)

GenerateKey generates a new private key.

func MustGenerateKey 

func MustGenerateKey() PrivateKey

MustGenerateKey generates a new private key or panics.

func ParsePrivateKey added in v0.6.0 

func ParsePrivateKey(data []byte) (PrivateKey, error)

ParsePrivateKey parses a private key from raw protobuf-serialized form.

func UnmarshalPrivateKey added in v0.6.0 

func UnmarshalPrivateKey(data []byte) (PrivateKey, error)

UnmarshalPrivateKey unmarshals a private key from protobuf-serialized form.

type PublicKey added in v0.6.0 

type PublicKey interface {
	Key
	p2pcrypto.PubKey
}

PublicKey is a public key used for encryption and identity over webmesh.

func DecodePublicKey added in v0.6.0 

func DecodePublicKey(in string) (PublicKey, error)

DecodePublicKey decodes a public key from a base64 encoded string.

func ParsePublicKey added in v0.6.0 

func ParsePublicKey(data []byte) (PublicKey, error)

ParsePublicKey parses a public key from raw bytes.

func PubKeyFromID added in v0.12.1 

func PubKeyFromID(id string) (PublicKey, error)

PubKeyFromID returns the public key from the given peer ID.

func UnmarshalPublicKey added in v0.6.0 

func UnmarshalPublicKey(data []byte) (PublicKey, error)

UnmarshalPublicKey unmarshals a public key from protobuf-serialized form.

type SortedKeys added in v0.6.3 

type SortedKeys []PublicKey

SortedKeys is a slice of public keys that can be sorted.

func (SortedKeys) Len added in v0.6.3 

func (s SortedKeys) Len() int

func (SortedKeys) Less added in v0.6.3 

func (s SortedKeys) Less(i, j int) bool

func (SortedKeys) Swap added in v0.6.3 

func (s SortedKeys) Swap(i, j int)

type TLSKeyType added in v0.12.1 

type TLSKeyType string

TLSKeyType is a type of TLS key. 

const (
	// TLSKeyRSA is an RSA key.
	TLSKeyRSA TLSKeyType = "rsa"
	// TLSKeyECDSA is an ECDSA key.
	TLSKeyECDSA TLSKeyType = "ecdsa"
)

type WebmeshPrivateKey added in v0.6.0 

type WebmeshPrivateKey struct {
	// contains filtered or unexported fields
}

WebmeshPrivateKey is a private key used for webmesh transport.

func (*WebmeshPrivateKey) AsPrivKey added in v0.6.0 

func (w *WebmeshPrivateKey) AsPrivKey() p2pcrypto.PrivKey

AsPrivKey returns the private key as a libp2p crypto private key. This changes the type of the key to a ed25519 private key.

func (*WebmeshPrivateKey) Bytes added in v0.6.0 

func (w *WebmeshPrivateKey) Bytes() []byte

Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.

func (*WebmeshPrivateKey) Encode added in v0.6.0 

func (w *WebmeshPrivateKey) Encode() (string, error)

Encode returns the base64 encoded string representation of the marshaled key.

func (*WebmeshPrivateKey) Equals added in v0.6.0 

func (w *WebmeshPrivateKey) Equals(inKey p2pcrypto.Key) bool

Equals returns true if the given key is equal to this key.

func (*WebmeshPrivateKey) GetPublic added in v0.6.0 

func (w *WebmeshPrivateKey) GetPublic() p2pcrypto.PubKey

Return a public key paired with this private key

func (*WebmeshPrivateKey) ID added in v0.6.0 

func (w *WebmeshPrivateKey) ID() string

ID returns the peer ID of the key.

func (*WebmeshPrivateKey) Marshal added in v0.6.0 

func (w *WebmeshPrivateKey) Marshal() ([]byte, error)

Marshal returns the protobuf marshaled key.

func (*WebmeshPrivateKey) PublicKey added in v0.6.0 

func (w *WebmeshPrivateKey) PublicKey() PublicKey

PublicKey returns the public key.

func (*WebmeshPrivateKey) Raw added in v0.6.0 

func (w *WebmeshPrivateKey) Raw() ([]byte, error)

Raw returns the raw bytes of the private key.

func (*WebmeshPrivateKey) Rendezvous added in v0.6.0 

func (k *WebmeshPrivateKey) Rendezvous(keys ...PublicKey) string

Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.

func (*WebmeshPrivateKey) Sign added in v0.6.0 

func (w *WebmeshPrivateKey) Sign(data []byte) ([]byte, error)

Sign cryptographically signs the given bytes.

func (*WebmeshPrivateKey) Type added in v0.6.0 

func (w *WebmeshPrivateKey) Type() cryptopb.KeyType

Type returns the protobuf key type.

func (*WebmeshPrivateKey) WireGuardKey added in v0.6.0 

func (w *WebmeshPrivateKey) WireGuardKey() wgtypes.Key

WireGuardKey computes the private key's wireguard key.

type WebmeshPublicKey added in v0.6.0 

type WebmeshPublicKey struct {
	// contains filtered or unexported fields
}

WebmeshPublicKey is a public key used for webmesh transport.

func (*WebmeshPublicKey) Bytes added in v0.6.0 

func (w *WebmeshPublicKey) Bytes() []byte

Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.

func (*WebmeshPublicKey) Encode added in v0.6.0 

func (w *WebmeshPublicKey) Encode() (string, error)

Encode returns the base64 encoded string representation of the marshaled key.

func (*WebmeshPublicKey) Equals added in v0.6.0 

func (w *WebmeshPublicKey) Equals(in p2pcrypto.Key) bool

func (*WebmeshPublicKey) ID added in v0.6.0 

func (w *WebmeshPublicKey) ID() string

ID returns the peer ID of the key.

func (*WebmeshPublicKey) Marshal added in v0.6.0 

func (w *WebmeshPublicKey) Marshal() ([]byte, error)

Marshal returns the protobuf marshaled key.

func (*WebmeshPublicKey) Raw added in v0.6.0 

func (w *WebmeshPublicKey) Raw() ([]byte, error)

Raw returns the raw bytes of the private key.

func (*WebmeshPublicKey) Rendezvous added in v0.6.0 

func (k *WebmeshPublicKey) Rendezvous(keys ...PublicKey) string

Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.

func (*WebmeshPublicKey) Type added in v0.6.0 

func (w *WebmeshPublicKey) Type() cryptopb.KeyType

Type returns the protobuf key type.

func (*WebmeshPublicKey) Verify added in v0.6.0 

func (w *WebmeshPublicKey) Verify(data []byte, sig []byte) (success bool, err error)

Verify compares a signature against the input data

func (*WebmeshPublicKey) WireGuardKey added in v0.6.0 

func (w *WebmeshPublicKey) WireGuardKey() wgtypes.Key

WireGuardKey computes the private key's wireguard key.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.