inertia: Index | Files

package crypto

import ""

Package crypto provides functions for managing encryption, keys, etc.


Package Files

authtest.go certificate.go doc.go key_derivation.go keys.go password.go symmetric.go token.go totp.go verify.go


const (
    // KeyDerivationSaltLength is the length of the salt in bytes
    KeyDerivationSaltLength = 8
    // KeyDerivationKeyLength is the length of the key derived in bytes
    KeyDerivationKeyLength = 32
const (
    // SymmetricKeyLength is the length of the symmetric key in bytes
    SymmetricKeyLength = 32


var (
    TestPrivateKey = []byte("very_sekrit_key")

    TestMasterToken = "" /* 187 byte string literal not displayed */

    TestInertiaKeyPath = "../../../test/keys/id_rsa"
var (
    // ErrInvalidToken says that the token is invalid
    ErrInvalidToken = errors.New("token invalid")

    // ErrTokenExpired says that the token is expired
    ErrTokenExpired = errors.New("token expired")
var (
    // DaemonInertiaKeyLocation is the default path of the generated deploy key
    DaemonInertiaKeyLocation = os.Getenv("INERTIA_GH_KEY_PATH") //"/app/host/.ssh/id_rsa_inertia_deploy"

func CorrectPassword Uses

func CorrectPassword(hash string, password string) bool

CorrectPassword checks if given password maps correctly to the given hash

func Decrypt Uses

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt decrypts ciphertext using given key in AES GCM mode

func DeriveKey Uses

func DeriveKey(password string, salt []byte) []byte

DeriveKey derives an AES encryption key based on salt + user's password using PBKDF2 with HMAC-SHA256

func Encrypt Uses

func Encrypt(key, plaintext []byte) ([]byte, error)

Encrypt encrypts plaintext using given key in AES GCM mode

func GenerateBackupCodes Uses

func GenerateBackupCodes() []string

GenerateBackupCodes generates an array of backup code strings in Github format.

Example: b2e03-ffbcf cebe6-b1bdd ...

func GenerateCertificate Uses

func GenerateCertificate(certPath, keyPath, host, method string) error

GenerateCertificate creates an SSL certificate for HTTPS use

func GenerateMasterToken Uses

func GenerateMasterToken(key []byte) (string, error)

GenerateMasterToken creates a "master" JSON Web Token (JWT) for a client to use when sending HTTP requests to the daemon server.

func GenerateSalt Uses

func GenerateSalt() []byte

GenerateSalt returns a random hex encoded salt for KD algorithm

func GenerateSecretKey Uses

func GenerateSecretKey(accountName string) (*otp.Key, error)

GenerateSecretKey creates a new key which can be turned into string or image

func GetAPIPrivateKey Uses

func GetAPIPrivateKey(t *jwt.Token) (interface{}, error)

GetAPIPrivateKey returns the private RSA key to authenticate HTTP requests sent to the daemon. For now, we simply use the GitHub deploy key. Retrieves from default DaemonInertiaKeyLocation.

func GetFakeAPIKey Uses

func GetFakeAPIKey(tok *jwt.Token) (interface{}, error)

GetFakeAPIKey is a helper function that implements jwt.keyFunc and returns the test private key

func GetInertiaKey Uses

func GetInertiaKey(pemFile io.Reader) (ssh.AuthMethod, error)

GetInertiaKey returns an ssh.AuthMethod from the given io.Reader for use with the go-git library

func HashPassword Uses

func HashPassword(password string) (string, error)

HashPassword generates a bcrypt-encrypted hash from given password

func IsCredentialFormatError Uses

func IsCredentialFormatError(err error) bool

IsCredentialFormatError returns true if the given error is one related to username/password format

func IsLegalString Uses

func IsLegalString(str string) bool

IsLegalString returns true if `str` only contains characters [A-Z], [a-z], or '_' or '-'

func ValidateCredentialValues Uses

func ValidateCredentialValues(username, password string) error

ValidateCredentialValues takes a username and password and verifies if they are of sufficient length and if they only contain legal characters

func ValidatePasscode Uses

func ValidatePasscode(passcode string, secret string) bool

ValidatePasscode validates one-time passcode against original secret key

func ValidateSignature Uses

func ValidateSignature(signature string, payload, secretKey []byte) error

ValidateSignature validates the HMAC signature for the given payload. Based off of

type TokenClaims Uses

type TokenClaims struct {
    SessionID string    `json:"session_id"`
    User      string    `json:"user"`
    Admin     bool      `json:"admin"`
    Expiry    time.Time `json:"expiry"`

TokenClaims represents a JWT token's claims

func ValidateToken Uses

func ValidateToken(tokenString string, lookup jwt.Keyfunc) (*TokenClaims, error)

ValidateToken ensures token is valid and returns its metadata

func (*TokenClaims) GenerateToken Uses

func (t *TokenClaims) GenerateToken(key []byte) (string, error)

GenerateToken creates a JWT token from this claim, signed with given key

func (*TokenClaims) IsMaster Uses

func (t *TokenClaims) IsMaster() bool

IsMaster returns true if this is a master key

func (*TokenClaims) Valid Uses

func (t *TokenClaims) Valid() error

Valid checks if token is authentic

Package crypto imports 28 packages (graph) and is imported by 6 packages. Updated 2021-01-09. Refresh now. Tools for package owners.