crypto

package

v0.1.0 Latest Latest Go to latest Published: Mar 27, 2015 License: GPL-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jfindley/skds

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypto handles all the cryptographical functions for SKDS. auth.go handles authentication functions. crypto.go handles general purpose encryption/decryption. encoding.go handles encoding and decoding of generic binary data. x509.go handles x509 certificates and ECDSA keys.

Index ¶

Constants
func Decrypt(payload []byte, key *Key) (out []byte, err error)
func Encrypt(payload []byte, key *Key, pubkey *Key) (out []byte, err error)
func NewMAC(key []byte, url string, msg []byte) string
func PasswordVerify(pass, hash Binary) (ok bool, err error)
func RandomInt() (int64, error)
func TLSCertKeyPair(cert *TLSCert, key *TLSKey) (tlsCert []tls.Certificate)
func VerifyMAC(key []byte, msgMac string, url string, msg []byte) (ok bool)
func Zero(in Binary)
type Binary
- func NewBinary(in []byte) *Binary
- func NewPassword() (pass Binary, err error)
- func PasswordHash(pass Binary) (hash Binary, err error)
- func (b *Binary) Compare(data Binary) bool
- func (b *Binary) Decode(data []byte) error
- func (b *Binary) DecodeString(data string) error
- func (b *Binary) Encode() ([]byte, error)
- func (b *Binary) EncodeString() (string, error)
type CertPool
- func (c *CertPool) Decode(data []byte) (err error)
- func (c *CertPool) Encode() (data []byte, err error)
- func (c *CertPool) New(certs ...*TLSCert)
type Key
- func (k *Key) Decode(data []byte) (err error)
- func (k *Key) Encode() (data []byte, err error)
- func (k *Key) Generate() (err error)
- func (k *Key) Zero()
type TLSCert
- func (t *TLSCert) Decode(data []byte) (err error)
- func (t *TLSCert) Encode() (data []byte, err error)
- func (t *TLSCert) Generate(name string, isCa bool, years int, pubKey TLSPubKey, privKey *TLSKey, ...) (err error)
type TLSKey
- func (t *TLSKey) Decode(data []byte) (err error)
- func (t *TLSKey) Encode() (data []byte, err error)
- func (t *TLSKey) Generate() (err error)
- func (t *TLSKey) Public() TLSPubKey
type TLSPubKey

Constants ¶

View Source

const (
	// MinPasswordLen is the minimum acceptable password length.
	MinPasswordLen = 8
)

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(payload []byte, key *Key) (out []byte, err error)

Decrypt is a general asymmetric decryption Uses the public key enclosed in the payload for decryption.

func Encrypt ¶

func Encrypt(payload []byte, key *Key, pubkey *Key) (out []byte, err error)

Encrypt is a general asymmetric encryption function. The public part of 'key' is enclosed in the output as a signing key, and is needed in order to decrypt the payload.

func NewMAC ¶

func NewMAC(key []byte, url string, msg []byte) string

NewMAC creates a new MAC based on the URL and post data.

func PasswordVerify ¶

func PasswordVerify(pass, hash Binary) (ok bool, err error)

PasswordVerify verifies a password against a hash.

func RandomInt ¶

func RandomInt() (int64, error)

RandomInt generates a random integer in the range 1..max int64

func TLSCertKeyPair ¶

func TLSCertKeyPair(cert *TLSCert, key *TLSKey) (tlsCert []tls.Certificate)

TLSCertKeyPair creates a TLS cert object from a cert and key.

func VerifyMAC ¶

func VerifyMAC(key []byte, msgMac string, url string, msg []byte) (ok bool)

VerifyMAC verifies a MAC.

func Zero ¶

func Zero(in Binary)

Zero wipes binary data in memory.

Types ¶

type Binary ¶

type Binary []byte

Binary is a byte slice type. Used for any []byte data that needs to be sent across the wire, or read/written to disk.

func NewBinary ¶

func NewBinary(in []byte) *Binary

NewBinary creates a new *Binary from a []byte.

func NewPassword ¶

func NewPassword() (pass Binary, err error)

NewPassword randomly generates a new password from [0-9][a-z][A-Z].

func PasswordHash ¶

func PasswordHash(pass Binary) (hash Binary, err error)

PasswordHash creates a salted scrypt hash from a password.

func (*Binary) Compare ¶

func (b *Binary) Compare(data Binary) bool

Compare compares binary data in constant time.

func (*Binary) Decode ¶

func (b *Binary) Decode(data []byte) error

Decode decodes base64 data into a binary object.

func (*Binary) DecodeString ¶

func (b *Binary) DecodeString(data string) error

DecodeString decodes binary data from a base64 string.

func (*Binary) Encode ¶

func (b *Binary) Encode() ([]byte, error)

Encode encodes binary data in base64 form.

func (*Binary) EncodeString ¶

func (b *Binary) EncodeString() (string, error)

EncodeString encodes binary data directly into a string. Useful if sending the data in headers.

type CertPool ¶

type CertPool struct {
	CA *x509.CertPool
	// contains filtered or unexported fields
}

CertPool is a Certificate pool. We have to maintain our own certs slice as well as the pool object, as there's no method to get the original certs out of a pool.

func (*CertPool) Decode ¶

func (c *CertPool) Decode(data []byte) (err error)

Decode reads an encoded cert pool.

func (*CertPool) Encode ¶

func (c *CertPool) Encode() (data []byte, err error)

Encode PEM-encodes a cert pool to be written to disk.

func (*CertPool) New ¶

func (c *CertPool) New(certs ...*TLSCert)

New creates a new certpool from 1 or more certs

type Key ¶

type Key struct {
	Pub  *[32]byte
	Priv *[32]byte
}

Key is a keypair structure.

func (*Key) Decode ¶

func (k *Key) Decode(data []byte) (err error)

Decode reads a PEM-encoded key.

func (*Key) Encode ¶

func (k *Key) Encode() (data []byte, err error)

Encode PEM-encodes a key to be written to disk.

func (*Key) Generate ¶

func (k *Key) Generate() (err error)

Generate randomly generates a new keypair.

func (*Key) Zero ¶

func (k *Key) Zero()

Zero wipes a key and dereferences the pointers.

type TLSCert ¶

type TLSCert struct {
	// contains filtered or unexported fields
}

TLSCert is a x509 certificate.

func (*TLSCert) Decode ¶

func (t *TLSCert) Decode(data []byte) (err error)

Decode reads a PEM-encoded certificate.

func (*TLSCert) Encode ¶

func (t *TLSCert) Encode() (data []byte, err error)

Encode PEM-encodes a certificate to be written to disk.

func (*TLSCert) Generate ¶

func (t *TLSCert) Generate(name string, isCa bool, years int, pubKey TLSPubKey,
	privKey *TLSKey, caCert *TLSCert) (err error)

Generate generates a new x509 certificate. For self-signed certs, leave caCert nil

type TLSKey ¶

type TLSKey struct {
	// contains filtered or unexported fields
}

TLSKey is a ECDSA private key.

func (*TLSKey) Decode ¶

func (t *TLSKey) Decode(data []byte) (err error)

Decode reads a PEM-encoded key.

func (*TLSKey) Encode ¶

func (t *TLSKey) Encode() (data []byte, err error)

Encode PEM-encodes a key to be written to disk.

func (*TLSKey) Generate ¶

func (t *TLSKey) Generate() (err error)

Generate generates a new TLSKey

func (*TLSKey) Public ¶

func (t *TLSKey) Public() TLSPubKey

Public creates a public key from a private key

type TLSPubKey ¶

type TLSPubKey struct {
	// contains filtered or unexported fields
}

TLSPubKey is a ECDSA public key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL