crypto

package
v0.15.13 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 4, 2023 License: Apache-2.0 Imports: 32 Imported by: 1

Documentation

Overview

Package crypto contains cryptographic utilities.

Index

Constants

View Source
const DefaultPSKLength = 32

DefaultPSKLength is the default length of a PSK.

View Source
const WebmeshKeyType cryptopb.KeyType = 5

WebmeshKeyType is the protobuf key type for Webmesh keys.

Variables

View Source
var (
	// ErrInvalidKeyType is returned when an invalid key type is used.
	ErrInvalidKeyType = fmt.Errorf("invalid key type")
	// ErrInvalidKeySize is returned when an invalid key size is used.
	ErrInvalidKeySize = fmt.Errorf("invalid key size")
)
View Source
var ErrInvalidPeerCertificate = fmt.Errorf("invalid peer certificate")

ErrInvalidPeerCertificate is returned when a TLS connection has invalid peer certificate.

View Source
var ErrInvalidSignature = fmt.Errorf("invalid signature")

ErrInvalidSignature is returned when a signature is invalid.

View Source
var ValidPSKChars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")

ValidPSKChars is the set of valid characters for a PSK.

Functions

func DecodeTLSCertificate added in v0.15.0

func DecodeTLSCertificate(i io.Reader) (*x509.Certificate, error)

DecodeTLSCertificate is a helper function to decode a certificate from PEM.

func DecodeTLSCertificateFromFile added in v0.15.0

func DecodeTLSCertificateFromFile(path string) (*x509.Certificate, error)

DecodeTLSCertificateFromFile is a helper function to read a PEM encoded certificate from a file.

func DecodeTLSPrivateKey added in v0.15.0

func DecodeTLSPrivateKey(i io.Reader) (crypto.PrivateKey, error)

DecodeTLSPrivateKey is a helper function to decode a private key from PEM.

func DecodeTLSPrivateKeyFromFile added in v0.15.0

func DecodeTLSPrivateKeyFromFile(path string) (crypto.PrivateKey, error)

DecodeTLSPrivateKeyFromFile is a helper function to read a PEM encoded private key from a file.

func EncodeTLSCertificate added in v0.15.0

func EncodeTLSCertificate(o io.Writer, cert *x509.Certificate) error

EncodeTLSCertificate is a helper function to encode a certificate to PEM.

func EncodeTLSCertificateToFile added in v0.15.0

func EncodeTLSCertificateToFile(path string, cert *x509.Certificate) error

EncodeTLSCertificateToFile is a helper function to write a PEM encoded certificate to a file.

func EncodeTLSPrivateKey added in v0.15.0

func EncodeTLSPrivateKey(o io.Writer, key crypto.PrivateKey) error

EncodeTLSPrivateKey is a helper function to encode the given key to PEM.

func EncodeTLSPrivateKeyToFile added in v0.15.0

func EncodeTLSPrivateKeyToFile(path string, key crypto.PrivateKey) error

EncodeTLSPrivateKeyToFile is a helper function to write a PEM encoded private key to a file.

func GenerateCA added in v0.12.1

func GenerateCA(cfg CACertConfig) (privkey crypto.PrivateKey, cert *x509.Certificate, err error)

GenerateCA generates a self-signed CA certificate.

func GenerateECDSAKey added in v0.12.1

func GenerateECDSAKey(size int) (*ecdsa.PrivateKey, error)

GenerateECDSAKey generates an ECDSA key using an elliptic curve of the given size.

func GenerateSelfSignedServerCert added in v0.12.1

func GenerateSelfSignedServerCert() (privKey crypto.PrivateKey, cert *x509.Certificate, err error)

GenerateSelfSignedServerCert generates a self-signed server certificate with the built-in defaults.

func IsValidDefaultPSK

func IsValidDefaultPSK(s string) bool

IsValidDefaultPSK returns true if the given string is a valid PSK.

func IsValidPSK

func IsValidPSK(s string, length int) bool

IsValidPSK returns true if the given string is a valid PSK.

func IsValidPSKBytes

func IsValidPSKBytes(b []byte, length int) bool

IsValidPSKBytes returns true if the given byte slice is a valid PSK.

func IssueCertificate added in v0.12.1

func IssueCertificate(cfg IssueConfig) (privkey crypto.PrivateKey, cert *x509.Certificate, err error)

IssueCertificate issues a certificate against the given CA with the given configuration. Key usages are assumed to be for client and server authentication.

func NewRandomID added in v0.15.0

func NewRandomID() (string, error)

NewRandomID returns a new random ID.

func NewTLSKey added in v0.15.0

func NewTLSKey(keyType TLSKeyType, size int) (privkey crypto.PrivateKey, pubkey crypto.PublicKey, err error)

NewTLSKey creates a new TLS key with the given keytype and size. Size is ignored for Webmesh keys.

func Rendezvous

func Rendezvous(keys ...PublicKey) string

Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.

func Sign

func Sign(data []byte, psk PSK) ([]byte, error)

Sign signs the given data using the given PSK.

func Verify

func Verify(data, signature []byte, psk PSK) error

Verify verifies the given signature against the given data using the given PSK.

Types

type CACertConfig added in v0.12.1

type CACertConfig struct {
	// CommonName is the common name of the certificate.
	CommonName string
	// ValidFor is the duration the certificate is valid for.
	ValidFor time.Duration
	// KeyType is the type of key to use.
	KeyType TLSKeyType
	// KeySize is the size of the key to use.
	KeySize int
	// Key is a pre-existing key to use.
	Key PrivateKey
}

CACertConfig is a configuration for a self-signed CA certificate.

func (*CACertConfig) Default added in v0.15.0

func (c *CACertConfig) Default()

Default sets the default values for the configuration.

type IssueConfig added in v0.12.1

type IssueConfig struct {
	// CommonName is the common name of the certificate.
	CommonName string
	// ValidFor is the duration the certificate is valid for.
	ValidFor time.Duration
	// KeyType is the type of key to use.
	KeyType TLSKeyType
	// KeySize is the size of the key to use.
	KeySize int
	// Key is a pre-existing key to use.
	Key PrivateKey
	// CACert is the CA certificate to use.
	CACert *x509.Certificate
	// CAKey is the CA key to use.
	CAKey crypto.PrivateKey
}

IssueConfig is a configuration for issuing a certificate.

func (*IssueConfig) Default added in v0.15.0

func (c *IssueConfig) Default()

Default sets the default values for the configuration.

type Key

type Key interface {
	// ID returns the peer ID of the key as an encoded string.
	// This will always be the ID of the public key.
	ID() string

	// Bytes returns the raw bytes of the key. This is the same as Key.Raw
	// without needing to do an error check.
	Bytes() []byte

	// WireGuardKey returns the WireGuard key.
	WireGuardKey() wgtypes.Key

	// Encode returns the base64 encoded string representation of the marshaled key.
	Encode() (string, error)

	// Marshal returns the protobuf marshaled key.
	Marshal() ([]byte, error)

	// Rendezvous generates a rendezvous string for discovering the peers at the given
	// public wireguard keys.
	Rendezvous(keys ...PublicKey) string

	// Equals returns true if the given key is equal to this key.
	Equals(Key) bool
}

Key is the interface that all keys satisfy.

type PSK

type PSK []byte

PSK is a pre-shared key.

func GeneratePSK

func GeneratePSK() (PSK, error)

GeneratePSK generates a PSK.

func GeneratePSKWithLength

func GeneratePSKWithLength(length int) (PSK, error)

GeneratePSKWithLength generates a PSK with a given length.

func MustGeneratePSK

func MustGeneratePSK() PSK

MustGeneratePSK generates a PSK and panics on error.

func (PSK) DeterministicSign

func (p PSK) DeterministicSign(data []byte) ([]byte, error)

DeterministicSign creates a signature of the given data using this PSK.

func (PSK) DeterministicVerify

func (p PSK) DeterministicVerify(data, signature []byte) error

DeterministicVerify verifies the given signature against the given data using this PSK.

func (PSK) Sign

func (p PSK) Sign(data []byte) ([]byte, error)

Sign creates a signature of the given data using this PSK.

func (PSK) String

func (p PSK) String() string

func (PSK) Verify

func (p PSK) Verify(data, signature []byte) error

Verify verifies the given signature against the given data using this PSK.

type PrivateKey added in v0.6.0

type PrivateKey interface {
	Key

	// AsIdentity returns the private key as a libp2p crypto private key.
	// This changes the type of the key to a ed25519 private key.
	AsIdentity() p2pcrypto.PrivKey

	// AsNative returns the private key as a native crypto private key.
	AsNative() ed25519.PrivateKey

	// PublicKey returns the PublicKey as a PublicKey interface.
	PublicKey() PublicKey
}

PrivateKey is a private key used for encryption and identity over webmesh.

func DecodePrivateKey added in v0.6.0

func DecodePrivateKey(in string) (PrivateKey, error)

DecodePrivateKey decodes a private key from a base64 string.

func DecodePrivateKeyFromFile added in v0.15.0

func DecodePrivateKeyFromFile(path string) (PrivateKey, error)

DecodePrivateKeyFromFile decodes a private key from a file.

func GenerateKey

func GenerateKey() (PrivateKey, error)

GenerateKey generates a new private key.

func MustGenerateKey

func MustGenerateKey() PrivateKey

MustGenerateKey generates a new private key or panics.

func MustPrivateKeyFromNative added in v0.15.0

func MustPrivateKeyFromNative(in crypto.PublicKey) PrivateKey

MustPrivateKeyFromNative returns a private key from a native crypto private key or panics.

func ParsePrivateKey added in v0.6.0

func ParsePrivateKey(data []byte) (PrivateKey, error)

ParsePrivateKey parses a private key from raw protobuf-serialized form.

func PrivateKeyFromIdentity added in v0.15.0

func PrivateKeyFromIdentity(inkey p2pcrypto.PrivKey) (PrivateKey, error)

PrivateKeyFromIdentity returns a private key from a libp2p crypto private key.

func PrivateKeyFromNative added in v0.15.0

func PrivateKeyFromNative(inkey crypto.PrivateKey) (PrivateKey, error)

PrivateKeyFromNative returns a private key from a native crypto private key.

func UnmarshalPrivateKey added in v0.6.0

func UnmarshalPrivateKey(data []byte) (PrivateKey, error)

UnmarshalPrivateKey unmarshals a private key from protobuf-serialized form.

type PublicKey added in v0.6.0

type PublicKey interface {
	Key

	// AsIdentity returns the public key as a libp2p crypto public key.
	// This changes the type of the key to a ed25519 public key.
	AsIdentity() p2pcrypto.PubKey

	// AsNative returns the public key as a native crypto public key.
	AsNative() ed25519.PublicKey
}

PublicKey is a public key used for encryption and identity over webmesh.

func DecodePublicKey added in v0.6.0

func DecodePublicKey(in string) (PublicKey, error)

DecodePublicKey decodes a public key from a base64 encoded string.

func MustPublicKeyFromNative added in v0.15.0

func MustPublicKeyFromNative(in crypto.PublicKey) PublicKey

MustPublicKeyFromNative returns a public key from a native crypto public key or panics.

func ParsePublicKey added in v0.6.0

func ParsePublicKey(data []byte) (PublicKey, error)

ParsePublicKey parses a public key from raw bytes.

func PubKeyFromID added in v0.12.1

func PubKeyFromID(id string) (PublicKey, error)

PubKeyFromID returns the public key from the given peer ID.

func PublicKeyFromIdentity added in v0.15.0

func PublicKeyFromIdentity(inkey p2pcrypto.PubKey) (PublicKey, error)

PublicKeyFromIdentity returns a public key from a libp2p crypto public key.

func PublicKeyFromNative added in v0.15.0

func PublicKeyFromNative(inkey crypto.PublicKey) (PublicKey, error)

PublicKeyFromNative returns a public key from a native crypto public key.

func UnmarshalPublicKey added in v0.6.0

func UnmarshalPublicKey(data []byte) (PublicKey, error)

UnmarshalPublicKey unmarshals a public key from protobuf-serialized form.

type SortedKeys added in v0.6.3

type SortedKeys []PublicKey

SortedKeys is a slice of public keys that can be sorted.

func (SortedKeys) Len added in v0.6.3

func (s SortedKeys) Len() int

func (SortedKeys) Less added in v0.6.3

func (s SortedKeys) Less(i, j int) bool

func (SortedKeys) Swap added in v0.6.3

func (s SortedKeys) Swap(i, j int)

type StdPrivateKey added in v0.15.0

type StdPrivateKey = crypto.PrivateKey

StdPrivateKey is a type alias to the std crypto private key. It's provided for convenience.

type TLSCertificate added in v0.15.0

type TLSCertificate = x509.Certificate

TLSCertificate is a type alias to x509.Certificate. It's provided for convenience.

type TLSKeyType added in v0.12.1

type TLSKeyType string

TLSKeyType is a type of TLS key.

const (
	// TLSKeyRSA is an RSA key.
	TLSKeyRSA TLSKeyType = "rsa"
	// TLSKeyECDSA is an ECDSA key.
	TLSKeyECDSA TLSKeyType = "ecdsa"
	// TLSKeyWebmesh is a Webmesh key. These are ed25519 keys.
	TLSKeyWebmesh TLSKeyType = "webmesh"

	// DefaultTLSKeyType is the default key type.
	DefaultTLSKeyType TLSKeyType = TLSKeyECDSA

	// DefaultCAName is the default name of the CA.
	DefaultCAName = "webmesh-ca"
	// DefaultCertName is the default name of the certificate.
	DefaultCertName = "webmesh-cert"
)

func (TLSKeyType) IsValid added in v0.15.0

func (t TLSKeyType) IsValid() bool

func (TLSKeyType) String added in v0.15.0

func (t TLSKeyType) String() string

type VerifyPeerCertificateFunc added in v0.15.0

type VerifyPeerCertificateFunc func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

VerifyPeerCertificateFunc is a function that can be used in a TLS configuration to verify the peer certificate.

func VerifyCertificateChainFromFile added in v0.15.0

func VerifyCertificateChainFromFile(filename string) (VerifyPeerCertificateFunc, error)

VerifyCertificateChainFromFile returns a function that can be used in a TLS configuration to verify that the certificate chain is valid according to the PEM-encoded data in the given file.

func VerifyCertificateChainOnly added in v0.15.0

func VerifyCertificateChainOnly(rootcerts []*x509.Certificate) VerifyPeerCertificateFunc

VerifyCertificateChainOnly returns a function that can be used in a TLS configuration to only verify that the certificate chain is valid.

type WebmeshPrivateKey added in v0.6.0

type WebmeshPrivateKey struct {
	// contains filtered or unexported fields
}

WebmeshPrivateKey is a private key used for webmesh transport.

func (*WebmeshPrivateKey) AsIdentity added in v0.15.0

func (w *WebmeshPrivateKey) AsIdentity() p2pcrypto.PrivKey

AsIdentity returns the private key as a libp2p crypto private key. This changes the type of the key to a ed25519 private key.

func (*WebmeshPrivateKey) AsNative added in v0.14.11

func (w *WebmeshPrivateKey) AsNative() ed25519.PrivateKey

AsNative returns the private key as a native crypto private key.

func (*WebmeshPrivateKey) Bytes added in v0.6.0

func (w *WebmeshPrivateKey) Bytes() []byte

Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.

func (*WebmeshPrivateKey) Encode added in v0.6.0

func (w *WebmeshPrivateKey) Encode() (string, error)

Encode returns the base64 encoded string representation of the marshaled key.

func (*WebmeshPrivateKey) Equals added in v0.6.0

func (w *WebmeshPrivateKey) Equals(inKey Key) bool

Equals returns true if the given key is equal to this key.

func (*WebmeshPrivateKey) ID added in v0.6.0

func (w *WebmeshPrivateKey) ID() string

ID returns the peer ID of the key.

func (*WebmeshPrivateKey) Marshal added in v0.6.0

func (w *WebmeshPrivateKey) Marshal() ([]byte, error)

Marshal returns the protobuf marshaled key.

func (*WebmeshPrivateKey) PublicKey added in v0.6.0

func (w *WebmeshPrivateKey) PublicKey() PublicKey

PublicKey returns the public key.

func (*WebmeshPrivateKey) Rendezvous added in v0.6.0

func (k *WebmeshPrivateKey) Rendezvous(keys ...PublicKey) string

Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.

func (*WebmeshPrivateKey) Sign added in v0.6.0

func (w *WebmeshPrivateKey) Sign(data []byte) ([]byte, error)

Sign cryptographically signs the given bytes.

func (*WebmeshPrivateKey) Type added in v0.6.0

Type returns the protobuf key type.

func (*WebmeshPrivateKey) WireGuardKey added in v0.6.0

func (w *WebmeshPrivateKey) WireGuardKey() wgtypes.Key

WireGuardKey computes the private key's wireguard key.

type WebmeshPublicKey added in v0.6.0

type WebmeshPublicKey struct {
	// contains filtered or unexported fields
}

WebmeshPublicKey is a public key used for webmesh transport.

func (*WebmeshPublicKey) AsIdentity added in v0.15.0

func (w *WebmeshPublicKey) AsIdentity() p2pcrypto.PubKey

AsIdentity returns the public key as a libp2p crypto public key. This changes the type of the key to a ed25519 public key.

func (*WebmeshPublicKey) AsNative added in v0.14.11

func (w *WebmeshPublicKey) AsNative() ed25519.PublicKey

AsNative returns the public key as a native crypto public key.

func (*WebmeshPublicKey) Bytes added in v0.6.0

func (w *WebmeshPublicKey) Bytes() []byte

Bytes returns the raw bytes of the key. This is the same as Key.Raw without needing to do an error check.

func (*WebmeshPublicKey) Encode added in v0.6.0

func (w *WebmeshPublicKey) Encode() (string, error)

Encode returns the base64 encoded string representation of the marshaled key.

func (*WebmeshPublicKey) Equals added in v0.6.0

func (w *WebmeshPublicKey) Equals(in Key) bool

Equals returns true if the given key is equal to this key.

func (*WebmeshPublicKey) ID added in v0.6.0

func (w *WebmeshPublicKey) ID() string

ID returns the peer ID of the key.

func (*WebmeshPublicKey) Marshal added in v0.6.0

func (w *WebmeshPublicKey) Marshal() ([]byte, error)

Marshal returns the protobuf marshaled key.

func (*WebmeshPublicKey) Rendezvous added in v0.6.0

func (k *WebmeshPublicKey) Rendezvous(keys ...PublicKey) string

Rendezvous generates a rendezvous string for discovering the peers at the given public wireguard keys.

func (*WebmeshPublicKey) Type added in v0.6.0

func (w *WebmeshPublicKey) Type() cryptopb.KeyType

Type returns the protobuf key type.

func (*WebmeshPublicKey) Verify added in v0.6.0

func (w *WebmeshPublicKey) Verify(data []byte, sig []byte) (success bool, err error)

Verify compares a signature against the input data

func (*WebmeshPublicKey) WireGuardKey added in v0.6.0

func (w *WebmeshPublicKey) WireGuardKey() wgtypes.Key

WireGuardKey computes the private key's wireguard key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL