Documentation ¶
Overview ¶
Package crypto contains cryptographic utilities.
Index ¶
- Constants
- Variables
- func GenerateCA(cfg CACertConfig) (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
- func GenerateECDSAKey(size int) (*ecdsa.PrivateKey, error)
- func GenerateSelfSignedServerCert() (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
- func IsValidDefaultPSK(s string) bool
- func IsValidPSK(s string, length int) bool
- func IsValidPSKBytes(b []byte, length int) bool
- func IssueCertificate(cfg IssueConfig, caCert *x509.Certificate, caKey crypto.PrivateKey) (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
- func Rendezvous(keys ...PublicKey) string
- func Sign(data []byte, psk PSK) ([]byte, error)
- func Verify(data, signature []byte, psk PSK) error
- func VerifyConnectionChainOnly(cs tls.ConnectionState) error
- type CACertConfig
- type IssueConfig
- type Key
- type PSK
- type PrivateKey
- type PublicKey
- type SortedKeys
- type TLSKeyType
- type WebmeshPrivateKey
- func (w *WebmeshPrivateKey) AsPrivKey() p2pcrypto.PrivKey
- func (w *WebmeshPrivateKey) Bytes() []byte
- func (w *WebmeshPrivateKey) Encode() (string, error)
- func (w *WebmeshPrivateKey) Equals(inKey p2pcrypto.Key) bool
- func (w *WebmeshPrivateKey) GetPublic() p2pcrypto.PubKey
- func (w *WebmeshPrivateKey) ID() string
- func (w *WebmeshPrivateKey) Marshal() ([]byte, error)
- func (w *WebmeshPrivateKey) PublicKey() PublicKey
- func (w *WebmeshPrivateKey) Raw() ([]byte, error)
- func (k *WebmeshPrivateKey) Rendezvous(keys ...PublicKey) string
- func (w *WebmeshPrivateKey) Sign(data []byte) ([]byte, error)
- func (w *WebmeshPrivateKey) Type() cryptopb.KeyType
- func (w *WebmeshPrivateKey) WireGuardKey() wgtypes.Key
- type WebmeshPublicKey
- func (w *WebmeshPublicKey) Bytes() []byte
- func (w *WebmeshPublicKey) Encode() (string, error)
- func (w *WebmeshPublicKey) Equals(in p2pcrypto.Key) bool
- func (w *WebmeshPublicKey) ID() string
- func (w *WebmeshPublicKey) Marshal() ([]byte, error)
- func (w *WebmeshPublicKey) Raw() ([]byte, error)
- func (k *WebmeshPublicKey) Rendezvous(keys ...PublicKey) string
- func (w *WebmeshPublicKey) Type() cryptopb.KeyType
- func (w *WebmeshPublicKey) Verify(data []byte, sig []byte) (success bool, err error)
- func (w *WebmeshPublicKey) WireGuardKey() wgtypes.Key
Constants ¶
const DefaultPSKLength = 32
DefaultPSKLength is the default length of a PSK.
const WebmeshKeyType cryptopb.KeyType = 5
WebmeshKeyType is the protobuf key type for Webmesh keys.
Variables ¶
var ErrInvalidSignature = fmt.Errorf("invalid signature")
ErrInvalidSignature is returned when a signature is invalid.
var ValidPSKChars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
ValidPSKChars is the set of valid characters for a PSK.
Functions ¶
func GenerateCA ¶ added in v0.12.1
func GenerateCA(cfg CACertConfig) (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
GenerateCA generates a self-signed CA certificate.
func GenerateECDSAKey ¶ added in v0.12.1
func GenerateECDSAKey(size int) (*ecdsa.PrivateKey, error)
GenerateECDSAKey generates an ECDSA key using an elliptic curve of the given size.
func GenerateSelfSignedServerCert ¶ added in v0.12.1
func GenerateSelfSignedServerCert() (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
GenerateSelfSignedServerCert generates a self-signed server certificate with the built-in defaults.
func IsValidDefaultPSK ¶
IsValidDefaultPSK returns true if the given string is a valid PSK.
func IsValidPSK ¶
IsValidPSK returns true if the given string is a valid PSK.
func IsValidPSKBytes ¶
IsValidPSKBytes returns true if the given byte slice is a valid PSK.
func IssueCertificate ¶ added in v0.12.1
func IssueCertificate(cfg IssueConfig, caCert *x509.Certificate, caKey crypto.PrivateKey) (privKey crypto.PrivateKey, cert *x509.Certificate, err error)
IssueCertificate issues a certificate against the given CA with the given configuration.
func Rendezvous ¶
Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.
func VerifyConnectionChainOnly ¶ added in v0.12.2
func VerifyConnectionChainOnly(cs tls.ConnectionState) error
VerifyConnectionChainOnly is a function that can be used in a TLS configuration to only verify that the certificate chain is valid.
Types ¶
type CACertConfig ¶ added in v0.12.1
type CACertConfig struct { // CommonName is the common name of the certificate. CommonName string // ValidFor is the duration the certificate is valid for. ValidFor time.Duration // KeyType is the type of key to use. KeyType TLSKeyType // KeySize is the size of the key to use. KeySize int }
CACertConfig is a configuration for a self-signed CA certificate.
type IssueConfig ¶ added in v0.12.1
type IssueConfig struct { // CommonName is the common name of the certificate. CommonName string // ValidFor is the duration the certificate is valid for. ValidFor time.Duration // KeyType is the type of key to use. KeyType TLSKeyType // KeySize is the size of the key to use. KeySize int }
IssueConfig is a configuration for issuing a certificate.
type Key ¶
type Key interface { p2pcrypto.Key // ID returns the peer ID of the key. ID() string // Bytes returns the raw bytes of the key. This is the same as Key.Raw // without needing to do an error check. Bytes() []byte // WireGuardKey returns the WireGuard key. WireGuardKey() wgtypes.Key // Encode returns the base64 encoded string representation of the marshaled key. Encode() (string, error) // Marshal returns the protobuf marshaled key. Marshal() ([]byte, error) // Rendezvous generates a rendezvous string for discovering the peers at the given // public wireguard keys. Rendezvous(keys ...PublicKey) string }
Key is the interface that all keys satisfy.
type PSK ¶
type PSK []byte
PSK is a pre-shared key.
func GeneratePSKWithLength ¶
GeneratePSKWithLength generates a PSK with a given length.
func MustGeneratePSK ¶
func MustGeneratePSK() PSK
MustGeneratePSK generates a PSK and panics on error.
func (PSK) DeterministicSign ¶
DeterministicSign creates a signature of the given data using this PSK.
func (PSK) DeterministicVerify ¶
DeterministicVerify verifies the given signature against the given data using this PSK.
type PrivateKey ¶ added in v0.6.0
type PrivateKey interface { Key p2pcrypto.PrivKey // AsPrivKey returns the private key as a libp2p crypto private key. // This changes the type of the key to a ed25519 private key. AsPrivKey() p2pcrypto.PrivKey // PublicKey returns the PublicKey as a PublicKey interface. PublicKey() PublicKey }
PrivateKey is a private key used for encryption and identity over webmesh.
func DecodePrivateKey ¶ added in v0.6.0
func DecodePrivateKey(in string) (PrivateKey, error)
DecodePrivateKey decodes a private key from a base64 string.
func MustGenerateKey ¶
func MustGenerateKey() PrivateKey
MustGenerateKey generates a new private key or panics.
func ParsePrivateKey ¶ added in v0.6.0
func ParsePrivateKey(data []byte) (PrivateKey, error)
ParsePrivateKey parses a private key from raw protobuf-serialized form.
func UnmarshalPrivateKey ¶ added in v0.6.0
func UnmarshalPrivateKey(data []byte) (PrivateKey, error)
UnmarshalPrivateKey unmarshals a private key from protobuf-serialized form.
type PublicKey ¶ added in v0.6.0
PublicKey is a public key used for encryption and identity over webmesh.
func DecodePublicKey ¶ added in v0.6.0
DecodePublicKey decodes a public key from a base64 encoded string.
func ParsePublicKey ¶ added in v0.6.0
ParsePublicKey parses a public key from raw bytes.
func PubKeyFromID ¶ added in v0.12.1
PubKeyFromID returns the public key from the given peer ID.
func UnmarshalPublicKey ¶ added in v0.6.0
UnmarshalPublicKey unmarshals a public key from protobuf-serialized form.
type SortedKeys ¶ added in v0.6.3
type SortedKeys []PublicKey
SortedKeys is a slice of public keys that can be sorted.
func (SortedKeys) Len ¶ added in v0.6.3
func (s SortedKeys) Len() int
func (SortedKeys) Less ¶ added in v0.6.3
func (s SortedKeys) Less(i, j int) bool
func (SortedKeys) Swap ¶ added in v0.6.3
func (s SortedKeys) Swap(i, j int)
type TLSKeyType ¶ added in v0.12.1
type TLSKeyType string
TLSKeyType is a type of TLS key.
const ( // TLSKeyRSA is an RSA key. TLSKeyRSA TLSKeyType = "rsa" // TLSKeyECDSA is an ECDSA key. TLSKeyECDSA TLSKeyType = "ecdsa" )
type WebmeshPrivateKey ¶ added in v0.6.0
type WebmeshPrivateKey struct {
// contains filtered or unexported fields
}
WebmeshPrivateKey is a private key used for webmesh transport.
func (*WebmeshPrivateKey) AsPrivKey ¶ added in v0.6.0
func (w *WebmeshPrivateKey) AsPrivKey() p2pcrypto.PrivKey
AsPrivKey returns the private key as a libp2p crypto private key. This changes the type of the key to a ed25519 private key.
func (*WebmeshPrivateKey) Bytes ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Bytes() []byte
Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.
func (*WebmeshPrivateKey) Encode ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Encode() (string, error)
Encode returns the base64 encoded string representation of the marshaled key.
func (*WebmeshPrivateKey) Equals ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Equals(inKey p2pcrypto.Key) bool
Equals returns true if the given key is equal to this key.
func (*WebmeshPrivateKey) GetPublic ¶ added in v0.6.0
func (w *WebmeshPrivateKey) GetPublic() p2pcrypto.PubKey
Return a public key paired with this private key
func (*WebmeshPrivateKey) ID ¶ added in v0.6.0
func (w *WebmeshPrivateKey) ID() string
ID returns the peer ID of the key.
func (*WebmeshPrivateKey) Marshal ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Marshal() ([]byte, error)
Marshal returns the protobuf marshaled key.
func (*WebmeshPrivateKey) PublicKey ¶ added in v0.6.0
func (w *WebmeshPrivateKey) PublicKey() PublicKey
PublicKey returns the public key.
func (*WebmeshPrivateKey) Raw ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Raw() ([]byte, error)
Raw returns the raw bytes of the private key.
func (*WebmeshPrivateKey) Rendezvous ¶ added in v0.6.0
func (k *WebmeshPrivateKey) Rendezvous(keys ...PublicKey) string
Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.
func (*WebmeshPrivateKey) Sign ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Sign(data []byte) ([]byte, error)
Sign cryptographically signs the given bytes.
func (*WebmeshPrivateKey) Type ¶ added in v0.6.0
func (w *WebmeshPrivateKey) Type() cryptopb.KeyType
Type returns the protobuf key type.
func (*WebmeshPrivateKey) WireGuardKey ¶ added in v0.6.0
func (w *WebmeshPrivateKey) WireGuardKey() wgtypes.Key
WireGuardKey computes the private key's wireguard key.
type WebmeshPublicKey ¶ added in v0.6.0
type WebmeshPublicKey struct {
// contains filtered or unexported fields
}
WebmeshPublicKey is a public key used for webmesh transport.
func (*WebmeshPublicKey) Bytes ¶ added in v0.6.0
func (w *WebmeshPublicKey) Bytes() []byte
Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.
func (*WebmeshPublicKey) Encode ¶ added in v0.6.0
func (w *WebmeshPublicKey) Encode() (string, error)
Encode returns the base64 encoded string representation of the marshaled key.
func (*WebmeshPublicKey) Equals ¶ added in v0.6.0
func (w *WebmeshPublicKey) Equals(in p2pcrypto.Key) bool
func (*WebmeshPublicKey) ID ¶ added in v0.6.0
func (w *WebmeshPublicKey) ID() string
ID returns the peer ID of the key.
func (*WebmeshPublicKey) Marshal ¶ added in v0.6.0
func (w *WebmeshPublicKey) Marshal() ([]byte, error)
Marshal returns the protobuf marshaled key.
func (*WebmeshPublicKey) Raw ¶ added in v0.6.0
func (w *WebmeshPublicKey) Raw() ([]byte, error)
Raw returns the raw bytes of the private key.
func (*WebmeshPublicKey) Rendezvous ¶ added in v0.6.0
func (k *WebmeshPublicKey) Rendezvous(keys ...PublicKey) string
Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.
func (*WebmeshPublicKey) Type ¶ added in v0.6.0
func (w *WebmeshPublicKey) Type() cryptopb.KeyType
Type returns the protobuf key type.
func (*WebmeshPublicKey) Verify ¶ added in v0.6.0
func (w *WebmeshPublicKey) Verify(data []byte, sig []byte) (success bool, err error)
Verify compares a signature against the input data
func (*WebmeshPublicKey) WireGuardKey ¶ added in v0.6.0
func (w *WebmeshPublicKey) WireGuardKey() wgtypes.Key
WireGuardKey computes the private key's wireguard key.