security

package

v0.4.2 Latest Latest Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pme-sh/pmesh

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateKey(secret string, salt string, n int) []byte
func GenerateKeyRaw(secret string, salt []byte, n int) []byte
func GetClientAuthOracle(secret string) string
func GetSecretCNSuffix(secret string) string
func GetSecretHash(secret string) string
func ValidateCertWithSecret(secret string, cert *Certificate, hosts []string) error
type Certificate
type CipherCPRNG
- func NewCipherCprng(key []byte) (c *CipherCPRNG)
- func (c *CipherCPRNG) Associate(data []byte)
- func (c *CipherCPRNG) Read(out []byte) (n int, err error)
type MutualAuthenticator
- func CreateMutualAuthenticator(secret string, protocols ...string) (m MutualAuthenticator)
- func (m MutualAuthenticator) GetConfigForClient(chi *tls.ClientHelloInfo) (*tls.Config, error)
- func (m MutualAuthenticator) WrapServer(tcfg *tls.Config) *tls.Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateKey ¶

func GenerateKey(secret string, salt string, n int) []byte

func GenerateKeyRaw ¶

func GenerateKeyRaw(secret string, salt []byte, n int) []byte

func GetClientAuthOracle ¶

func GetClientAuthOracle(secret string) string

Gets the protocol name used as an oracle to verify client knowledge before allowing a connection to be established with the internal SNI.

func GetSecretCNSuffix ¶

func GetSecretCNSuffix(secret string) string

func GetSecretHash ¶

func GetSecretHash(secret string) string

func ValidateCertWithSecret ¶

func ValidateCertWithSecret(secret string, cert *Certificate, hosts []string) error

Types ¶

type Certificate ¶

type Certificate struct {
	CertPEM    []byte
	KeyPEM     []byte
	TLS        *tls.Certificate
	X509       *x509.Certificate
	PrivateKey any
}

func GenerateCertWithSecret ¶

func GenerateCertWithSecret(secret string, hosts []string) (cert *Certificate, err error)

func GetSelfSignedClientCA ¶

func GetSelfSignedClientCA(secret string) (cert *Certificate)

GetSelfSignedClientCA returns the self-signed client certificate authority.

func GetSelfSignedRootCA ¶

func GetSelfSignedRootCA(secret string) (cert *Certificate)

GetSelfSignedRootCA returns the self-signed root certificate.

func LoadCertificate ¶

func LoadCertificate(certPath, keyPath string) (cert *Certificate, err error)

Loads a certificate from the given paths.

func NewSelfSignedRootCA ¶

func NewSelfSignedRootCA(secret []byte, cn string) (cert *Certificate, err error)

Generates new root certificate given a secret and common name.

func ObtainCertificate ¶

func ObtainCertificate(secret string, hosts ...string) (cert *Certificate)

ObtainCertificate returns a certificate for the given hosts signed by the root CA.

func (*Certificate) InstallRoot ¶

func (c *Certificate) InstallRoot() error

Installs the certificate into the system root CA store.

func (*Certificate) IsSelfsigned ¶

func (c *Certificate) IsSelfsigned() (bool, error)

Returns true if the certificate is self-signed.

func (*Certificate) IssueCertificate ¶

func (parent *Certificate) IssueCertificate(cn string, hosts ...string) (cert *Certificate, err error)

Issues a certificate signed by us that is valid for the given hosts.

func (*Certificate) Save ¶

func (c *Certificate) Save(certPath, keyPath string) error

Writes the certificate and key to the given paths.

func (*Certificate) ToCertPool ¶

func (c *Certificate) ToCertPool() (pool *x509.CertPool)

Returns a cert pool with only this certificate.

func (*Certificate) Verify ¶

func (c *Certificate) Verify() error

Returns an error if the certificate is not trusted by the system.

type CipherCPRNG ¶

type CipherCPRNG struct {
	// contains filtered or unexported fields
}

func NewCipherCprng ¶

func NewCipherCprng(key []byte) (c *CipherCPRNG)

NewCipherCprng creates a new cryptographically secure random number generator

func (*CipherCPRNG) Associate ¶

func (c *CipherCPRNG) Associate(data []byte)

Associate adds data to the CPRNG's state.

func (*CipherCPRNG) Read ¶

func (c *CipherCPRNG) Read(out []byte) (n int, err error)

Read fills the given buffer with cryptographically secure random data

type MutualAuthenticator ¶

type MutualAuthenticator struct {
	Client *tls.Config
	Server *tls.Config
	Oracle string
}

func CreateMutualAuthenticator ¶

func CreateMutualAuthenticator(secret string, protocols ...string) (m MutualAuthenticator)

Creates a TLS config for a client and server that uses mutual authentication.

func (MutualAuthenticator) GetConfigForClient ¶

func (m MutualAuthenticator) GetConfigForClient(chi *tls.ClientHelloInfo) (*tls.Config, error)

func (MutualAuthenticator) WrapServer ¶

func (m MutualAuthenticator) WrapServer(tcfg *tls.Config) *tls.Config

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL