crypto

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 20, 2020 License: MIT Imports: 28 Imported by: 6

Documentation

Overview

Package crypto provides functions for managing encryption, keys, etc.

Index

Constants

View Source 
const (
	// KeyDerivationSaltLength is the length of the salt in bytes
	KeyDerivationSaltLength = 8
	// KeyDerivationKeyLength is the length of the key derived in bytes
	KeyDerivationKeyLength = 32
)
View Source 
const (
	// SymmetricKeyLength is the length of the symmetric key in bytes
	SymmetricKeyLength = 32
)

Variables

View Source 
var (
	// TestPrivateKey is an example key for testing purposes
	TestPrivateKey = []byte("very_sekrit_key")

	// TestMasterToken is an example token for testing purposes. This is
	// generated by TestGenerateMasterToken, and is a master token.
	TestMasterToken = "" /* 185-byte string literal not displayed */

	// TestInertiaKeyPath the path to Inertia's test RSA key
	TestInertiaKeyPath = "../../../test/keys/id_rsa"
)
View Source 
var (
	// ErrInvalidToken says that the token is invalid
	ErrInvalidToken = errors.New("token invalid")

	// ErrTokenExpired says that the token is expired
	ErrTokenExpired = errors.New("token expired")
)
View Source 
var (
	// DaemonInertiaKeyLocation is the default path of the generated deploy key
	DaemonInertiaKeyLocation = os.Getenv("INERTIA_GH_KEY_PATH") //"/app/host/.ssh/id_rsa_inertia_deploy"
)

Functions

func CorrectPassword 

func CorrectPassword(hash string, password string) bool

CorrectPassword checks if given password maps correctly to the given hash

func Decrypt added in v0.5.0 

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt decrypts ciphertext using given key in AES GCM mode

func DeriveKey added in v0.5.0 

func DeriveKey(password string, salt []byte) []byte

DeriveKey derives an AES encryption key based on salt + user's password using PBKDF2 with HMAC-SHA256

func Encrypt added in v0.5.0 

func Encrypt(key, plaintext []byte) ([]byte, error)

Encrypt encrypts plaintext using given key in AES GCM mode

func GenerateBackupCodes added in v0.5.0 

func GenerateBackupCodes() []string

GenerateBackupCodes generates an array of backup code strings in Github format.

Example: b2e03-ffbcf cebe6-b1bdd ...

func GenerateCertificate 

func GenerateCertificate(certPath, keyPath, host, method string) error

GenerateCertificate creates an SSL certificate for HTTPS use

func GenerateMasterToken 

func GenerateMasterToken(key []byte) (string, error)

GenerateMasterToken creates a "master" JSON Web Token (JWT) for a client to use when sending HTTP requests to the daemon server.

func GenerateSalt added in v0.5.0 

func GenerateSalt() []byte

GenerateSalt returns a random hex encoded salt for KD algorithm

func GenerateSecretKey added in v0.5.0 

func GenerateSecretKey(accountName string) (*otp.Key, error)

GenerateSecretKey creates a new key which can be turned into string or image

func GetAPIPrivateKey 

func GetAPIPrivateKey(t *jwt.Token) (interface{}, error)

GetAPIPrivateKey returns the private RSA key to authenticate HTTP requests sent to the daemon. For now, we simply use the GitHub deploy key. Retrieves from default DaemonInertiaKeyLocation.

func GetFakeAPIKey 

func GetFakeAPIKey(tok *jwt.Token) (interface{}, error)

GetFakeAPIKey is a helper function that implements jwt.keyFunc and returns the test private key

func GetInertiaKey added in v0.7.0 

func GetInertiaKey(pemFile io.Reader) (ssh.AuthMethod, error)

GetInertiaKey returns an ssh.AuthMethod from the given io.Reader for use with the go-git library

func HashPassword 

func HashPassword(password string) (string, error)

HashPassword generates a bcrypt-encrypted hash from given password

func IsCredentialFormatError added in v0.5.0 

func IsCredentialFormatError(err error) bool

IsCredentialFormatError returns true if the given error is one related to username/password format

func IsLegalString 

func IsLegalString(str string) bool

IsLegalString returns true if `str` only contains characters [A-Z], [a-z], or '_' or '-'

func ValidateCredentialValues 

func ValidateCredentialValues(username, password string) error

ValidateCredentialValues takes a username and password and verifies if they are of sufficient length and if they only contain legal characters

func ValidatePasscode added in v0.5.0 

func ValidatePasscode(passcode string, secret string) bool

ValidatePasscode validates one-time passcode against original secret key

func ValidateSignature added in v0.5.0 

func ValidateSignature(signature string, payload, secretKey []byte) error

ValidateSignature validates the HMAC signature for the given payload. Based off of https://github.com/google/go-github

Types

type TokenClaims 

type TokenClaims struct {
	SessionID string    `json:"session_id"`
	User      string    `json:"user"`
	Admin     bool      `json:"admin"`
	Expiry    time.Time `json:"expiry"`
}

TokenClaims represents a JWT token's claims

func ValidateToken 

func ValidateToken(tokenString string, lookup jwt.Keyfunc) (*TokenClaims, error)

ValidateToken ensures token is valid and returns its metadata

func (*TokenClaims) GenerateToken 

func (t *TokenClaims) GenerateToken(key []byte) (string, error)

GenerateToken creates a JWT token from this claim, signed with given key

func (*TokenClaims) IsMaster 

func (t *TokenClaims) IsMaster() bool

IsMaster returns true if this is a master key

func (*TokenClaims) Valid 

func (t *TokenClaims) Valid() error

Valid checks if token is authentic

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.