Documentation ¶
Index ¶
- Constants
- Variables
- func Derive(httpMethod string, uri string, salt []byte, date time.Time, payload string, ...) string
- func GetPublicKeyFromResponse(response []byte) ([]byte, error)
- func GetSigningPublicKeyFromResponse(response []byte) ([]byte, error)
- func GetVersion(response []byte) (int, error)
- func IsSignatureValid(response string, signature []byte, publicKey []byte) (bool, error)
- func Zero(data sodium.Bytes) bool
- type Authorization
- func (a *Authorization) GetDate() time.Time
- func (a *Authorization) GetDateString() string
- func (a *Authorization) GetEncodedHMAC() string
- func (a *Authorization) GetEncodedSalt() string
- func (a *Authorization) GetHMAC() []byte
- func (a *Authorization) GetHeader() string
- func (a *Authorization) GetSignatureString() string
- func (a *Authorization) Verify(hmac []byte, auth Authorization, driftAllowance int) bool
- type Keypair
- type Request
- func (r *Request) Encrypt(data string, publicKey []byte) ([]byte, error)
- func (r *Request) EncryptWithNonce(data string, publicKey []byte, version int, nonce []byte) ([]byte, error)
- func (r *Request) EncryptWithVersion(data string, publicKey []byte, version int) ([]byte, error)
- func (r *Request) GetNonce() []byte
- func (r *Request) Sign(data string) ([]byte, error)
- type Response
- type Token
Constants ¶
const AuthInfo = "HMAC|AuthenticationKey"
AuthInfo INFO parameter for HMAC
Variables ¶
var ( // ErrKeypairSecretKeySize an error thrown when the secret key size is invalid ErrKeypairSecretKeySize = errors.New("ncryptf: Secret key should be a multiple of 16 bytes") // ErrKeypairPublicKeySize an error thrown when the public key size is invalid ErrKeypairPublicKeySize = errors.New("ncryptf: Public key should be a multiple of 4 bytes") )
var ( // ErrRequestSign an error for when signing fails ErrRequestSign = errors.New("Unable to sign request") // ErrRequestSecretKeyLength an error for when the secret key length is not correct ErrRequestSecretKeyLength = fmt.Errorf("Secret key should be %d bytes", C.crypto_box_SECRETKEYBYTES) // ErrRequestSignatureKeyLength an error for when the signature key length is not correct ErrRequestSignatureKeyLength = fmt.Errorf("Signature key should be %d bytes", C.crypto_sign_SECRETKEYBYTES) // ErrRequestPublicKeyLength an error for when the public key length is not correct ErrRequestPublicKeyLength = fmt.Errorf("Public key should be %d bytes", C.crypto_box_PUBLICKEYBYTES) // ErrRequestNonceLength an error when the nonce isn't the correct length ErrRequestNonceLength = fmt.Errorf("Nonce should be %d bytes", C.crypto_box_NONCEBYTES) // ErrRequestEncyptionFailed an error when encryption fails ErrRequestEncyptionFailed = errors.New("An error occured when encrypting the data") )
var ( // ErrResponseSecretKeyLength an error for when the secret key length is invalid ErrResponseSecretKeyLength = fmt.Errorf("Secret key should be %d bytes", C.crypto_box_SECRETKEYBYTES) // ErrResponseMACLength an error when the message length is invalid ErrResponseMACLength = fmt.Errorf("Message should be longer than %d bytes", C.crypto_box_MACBYTES) // ErrResponseNotSuitableForPublicKeyExtraction an error for when the public key cannot be extracted from the response ErrResponseNotSuitableForPublicKeyExtraction = errors.New("The response provided is not suitable for public key extraction") // ErrResponseMessageLength an error when the response message length is invalid ErrResponseMessageLength = errors.New("The response message is too short") // ErrRresponseSignatureLength an error when the signature length is invalid ErrRresponseSignatureLength = fmt.Errorf("Signature should be %d bytes", 64) // ErrResponsePublicKeyLength an error when the public key length is invalid ErrResponsePublicKeyLength = fmt.Errorf("Public key should be %d bytes", C.crypto_sign_PUBLICKEYBYTES) // ErrResponseSignatureVerification an error when signature verification fails ErrResponseSignatureVerification = errors.New("Signature verification failed") // ErrResponseNonceLength an error when the nonce length is invalid ErrResponseNonceLength = fmt.Errorf("Nonce should be %d bytes", C.crypto_box_NONCEBYTES) // ErrResponseDecryptionFailed an error when decryption failed ErrResponseDecryptionFailed = errors.New("Unable to decrypt message") // ErrResponseInvalidChecksum an error when the checksum associated with a message is invalid ErrResponseInvalidChecksum = errors.New("The checksum associated with the message is not valid") )
var ( // ErrTokenIKMSize an error when the IKM size not 32 bytes ErrTokenIKMSize = errors.New("Initial key material should be 32 bytes") // ErrTokenSignatureSize an error when the signature secret key is not 64 bytes ErrTokenSignatureSize = errors.New("Signature secret key should be 64 bytes") )
var ( // ErrAuthorizationKeySize an error when the key cannot be extracted ErrAuthorizationKeySize = errors.New("Unable to extract key material") )
Functions ¶
func Derive ¶
func Derive(httpMethod string, uri string, salt []byte, date time.Time, payload string, version int) string
Derive derives the signature for a given version
func GetPublicKeyFromResponse ¶
GetPublicKeyFromResponse Returns the public key from a v2 response
func GetSigningPublicKeyFromResponse ¶
GetSigningPublicKeyFromResponse Extracts the siging public key from a v3 response
func GetVersion ¶
GetVersion returns the version associated with a given message
func IsSignatureValid ¶
IsSignatureValid returns true if the detached signature associated to the message is valid or not
Types ¶
type Authorization ¶
type Authorization struct {
// contains filtered or unexported fields
}
Authorization struct
func NewAuthorization ¶
func NewAuthorization(httpMethod string, uri string, token Token, date time.Time, payload string, version int, salt []byte) (*Authorization, error)
NewAuthorization generates a new Authorization struct from the provided data
func (*Authorization) GetDate ¶
func (a *Authorization) GetDate() time.Time
GetDate returns the authorization date
func (*Authorization) GetDateString ¶
func (a *Authorization) GetDateString() string
GetDateString returns the formatted date string
func (*Authorization) GetEncodedHMAC ¶
func (a *Authorization) GetEncodedHMAC() string
GetEncodedHMAC returns the base64 encoded HMAC
func (*Authorization) GetEncodedSalt ¶
func (a *Authorization) GetEncodedSalt() string
GetEncodedSalt returns the base64 encoded salt
func (*Authorization) GetHMAC ¶
func (a *Authorization) GetHMAC() []byte
GetHMAC returns the HMAC byte array
func (*Authorization) GetHeader ¶
func (a *Authorization) GetHeader() string
GetHeader returns the formatted header
func (*Authorization) GetSignatureString ¶
func (a *Authorization) GetSignatureString() string
GetSignatureString returns the generated signature string
func (*Authorization) Verify ¶
func (a *Authorization) Verify(hmac []byte, auth Authorization, driftAllowance int) bool
Verify returns true if the provided hmac, authorixzation, and drift allowance is acceptable
type Keypair ¶
type Keypair struct {
// contains filtered or unexported fields
}
Keypair structure
func GenerateKeypair ¶
func GenerateKeypair() *Keypair
GenerateKeypair generates a crypto box keypair (32 byte secret, 32 byte public)
func GenerateSigningKeypair ¶
func GenerateSigningKeypair() *Keypair
GenerateSigningKeypair generates a crypto sign keypair (64 byte secret, 32 byte public)
func NewKeypair ¶
NewKeypair function to create a new Keypair
func (*Keypair) GetPublicKey ¶
GetPublicKey returns the public component of the keypair
func (*Keypair) GetSecretKey ¶
GetSecretKey returns the secret component of the keypair
type Request ¶
type Request struct {
// contains filtered or unexported fields
}
Request struct
func NewRequest ¶
NewRequest returns a new request instance
func (*Request) Encrypt ¶
Encrypt a data string with a given public key using v2 and a generated nonce
func (*Request) EncryptWithNonce ¶
func (r *Request) EncryptWithNonce(data string, publicKey []byte, version int, nonce []byte) ([]byte, error)
EncryptWithNonce encrypts a data string with a given public key, and a specified nonce and version
func (*Request) EncryptWithVersion ¶
EncryptWithVersion encrypts a data string with a given public key, a generated nonce, and a specified version
type Response ¶
type Response struct {
// contains filtered or unexported fields
}
Response structure for response instance
func NewResponse ¶
NewResponse returns a new response object or error
func (*Response) DecryptWithPublicKey ¶
DecryptWithPublicKey decrypts a response with a given public key. Used for v1 signatures
type Token ¶
type Token struct { AccessToken string RefreshToken string IKM []byte Signature []byte ExpiresAt int64 }
Token structure
func NewToken ¶
func NewToken(accessToken string, refreshToken string, ikm []byte, signature []byte, expiresAt int64) (*Token, error)
NewToken creates a token struct
func (*Token) GetSignaturePublicKey ¶
GetSignaturePublicKey retrieves the signature public key from the private componentz