Documentation ¶
Overview ¶
Package msgcrypt implements message enryption and decryption.
Index ¶
- Constants
- Variables
- func DecryptKey(sendKey *[32]byte, nonce *[32]byte, myPrivateKey *[32]byte) (secret *[32]byte)
- func DecryptRatchetKey(sendKey *[32]byte, nonce *[32]byte, ratchetPubKey *[32]byte, ...) (secret *[32]byte, err error)
- func DecryptRealSecret(secretKey *[32]byte, encrypted []byte) (realSecret []byte, err error)
- func EncryptRealSecret(realSecret []byte, rand io.Reader) (secretKey *[32]byte, encrypted []byte, err error)
- func FromEphemeralKey(nonce *[32]byte, ephemeralKey *[32]byte, serverPublicKey *[32]byte, ...) (secret *[32]byte)
- func GenKeyPair(rand io.Reader) (pubkey, privkey *[32]byte, err error)
- func PasswordDecrypt(password, message []byte) ([]byte, error)
- func PasswordEncrypt(password, message []byte, rand io.Reader) ([]byte, error)
- func SymDecrypt(key *[32]byte, message []byte) ([]byte, error)
- func SymEncrypt(key *[32]byte, message []byte, rand io.Reader) ([]byte, error)
- func ToEphemeralKey(rand io.Reader, receiverPublicKey *[32]byte, serverPrivateKey *[32]byte) (secret *[32]byte, nonce *[32]byte, ephemeralKey *[32]byte, err error)
- func ToPublicKey(rand io.Reader, serverPubKey *[32]byte) (secret *[32]byte, sendKey *[32]byte, nonce *[32]byte, err error)
- func ToRatchetKey(rand io.Reader, ratchetPubKey *[32]byte) (secret *[32]byte, sendKey *[32]byte, nonce *[32]byte, err error)
- type Cypherlock
- func (cl *Cypherlock) CreateLock(passphrase []byte, secret []byte, validFrom, validTo uint64) (finalValidFrom, finalValidTo uint64, err error)
- func (cl *Cypherlock) ExtendLock(passphrase []byte, now, validFrom, validTo uint64) (finalValidFrom, finalValidTo uint64, err error)
- func (cl *Cypherlock) LoadLock(passphrase []byte, now uint64) (realSecret []byte, err error)
- func (cl *Cypherlock) WriteLock(passphrase []byte, secretKey *[32]byte, validFrom, validTo uint64) (finalValidFrom, finalValidTo uint64, err error)
- type EnvelopeMessage
- type OracleMessage
- func (om OracleMessage) Decrypt(passphrase, message []byte) (*OracleMessage, error)
- func (om OracleMessage) Encrypt(passphrase []byte, rand io.Reader) (encrypted []byte, filename string, err error)
- func (om OracleMessage) Marshall() []byte
- func (om *OracleMessage) ProcessResponseMessage(d []byte) (secretKey *[32]byte, err error)
- func (om *OracleMessage) Unmarshall(d []byte) (*OracleMessage, error)
- func (om *OracleMessage) Valid() bool
- type OracleMessageTemplate
- type RatchetMessage
- type ResponseMessage
- type ServerConfig
Constants ¶
const MaxSecretSize = 500
MaxSecretSize is the maximum size of a secret.
Variables ¶
var ( // ErrNoLocksFound is returned if no matching locks could be found in the keylist of the server. ErrNoLocksFound = errors.New("msgcrypt: no matching locks found") // ErrNoKeylist is returned if no keylist is available. ErrNoKeylist = errors.New("msgcrypt: no keylist available") // ErrKeylistUntrusted is returned if the keylist could not be verified. ErrKeylistUntrusted = errors.New("msgcryt: keylist is untrusteed") )
var ( // ErrSecretToLong is returned when trying to encode a real secret over 500 byte length. ErrSecretToLong = errors.New("msgcrypt: secret too long") // ErrEncryptedTooShort is returned if the encrypted message is too short. ErrEncryptedTooShort = errors.New("msgcrypt: encrypted message too short") )
var ( // ErrMessageIncomplete is returned when a message is too short. ErrMessageIncomplete = errors.New("msgcrypt: message incomplete") // ErrCannotDecrypt is returned if the decryption failed. ErrCannotDecrypt = errors.New("msgcrypt: decryption failed") )
var ( // ErrPolicyExpired is returned when the policy of a message has expired. ErrPolicyExpired = errors.New("msgcrypt: policy expired") )
Functions ¶
func DecryptKey ¶
DecryptKey returns a secret for a message.
func DecryptRatchetKey ¶
func DecryptRatchetKey(sendKey *[32]byte, nonce *[32]byte, ratchetPubKey *[32]byte, getSecret ratchet.SecretFunc) (secret *[32]byte, err error)
DecryptRatchetKey returns a secret from a ratchet message.
func DecryptRealSecret ¶
DecryptRealSecret decrypts a real secret.
func EncryptRealSecret ¶
func EncryptRealSecret(realSecret []byte, rand io.Reader) (secretKey *[32]byte, encrypted []byte, err error)
EncryptRealSecret encrypts a real secret to a random secretKey.
func FromEphemeralKey ¶
func FromEphemeralKey(nonce *[32]byte, ephemeralKey *[32]byte, serverPublicKey *[32]byte, receiverPrivateKey *[32]byte) (secret *[32]byte)
FromEphemeralKey returns a secret from an ephemeral key.
func GenKeyPair ¶
GenKeyPair generates a new key pair.
func PasswordDecrypt ¶
PasswordDecrypt decrypts a message with a password.
func PasswordEncrypt ¶
PasswordEncrypt encrypts a message with a password.
func SymDecrypt ¶
SymDecrypt decrypts a message with a key.
func SymEncrypt ¶
SymEncrypt encrypts message with a key.
func ToEphemeralKey ¶
func ToEphemeralKey(rand io.Reader, receiverPublicKey *[32]byte, serverPrivateKey *[32]byte) (secret *[32]byte, nonce *[32]byte, ephemeralKey *[32]byte, err error)
ToEphemeralKey creates a secret to encrypt to a key with an ephemeral key.
Types ¶
type Cypherlock ¶
type Cypherlock struct { SignatureKey *[ed25519.PublicKeySize]byte // SignatureKey for verification. ServerURL string // Address of the server. Storage clientinterface.Storage // Storage interface ClientRPC clientinterface.ClientRPC // RPC interface. // contains filtered or unexported fields }
Cypherlock implements the client's github.com/JonathanLogan/cypherlock functionality.
func (*Cypherlock) CreateLock ¶
func (cl *Cypherlock) CreateLock(passphrase []byte, secret []byte, validFrom, validTo uint64) (finalValidFrom, finalValidTo uint64, err error)
CreateLock creates a lock.
func (*Cypherlock) ExtendLock ¶
func (cl *Cypherlock) ExtendLock(passphrase []byte, now, validFrom, validTo uint64) (finalValidFrom, finalValidTo uint64, err error)
ExtendLock extends a lock towards the future.
type EnvelopeMessage ¶
type EnvelopeMessage struct { ReceiverPublicKey [32]byte // ServerKey SenderPublicKey [32]byte // Ephemeral DHNonce [32]byte SymNonce [24]byte ValidFrom uint64 ValidTo uint64 RatchetMessage []byte // Must be encrypted already. // contains filtered or unexported fields }
EnvelopeMessage is the message to a server.
func NewEnvelopeMessage ¶
func NewEnvelopeMessage(receiverPublicKey *[32]byte, validFrom, validTo uint64, ratchetMessage []byte) *EnvelopeMessage
NewEnvelopeMessage cretes a new EnvelopeMessage.
func (*EnvelopeMessage) Decrypt ¶
func (em *EnvelopeMessage) Decrypt(receiverPrivateKey *[32]byte) error
Decrypt an EnvelopMessage.
func (*EnvelopeMessage) Encrypt ¶
func (em *EnvelopeMessage) Encrypt(rand io.Reader) ([]byte, error)
Encrypt an EnvelopeMessage.
func (*EnvelopeMessage) Parse ¶
func (em *EnvelopeMessage) Parse(d []byte) (*EnvelopeMessage, error)
Parse a binary EnvelopeMesssage.
type OracleMessage ¶
type OracleMessage struct { ValidFrom uint64 // From when is the message valid. ValidTo uint64 // Until when is the message valid. ResponsePrivateKey [32]byte // The private key to decrypt the server response. EncryptedSecretKey []byte // The encrypted key to decrypt the secret. ServerURL string // The URL to send the message to. ServerMessage []byte // The message to send to the server. about 352 bytes. }
OracleMessage contains an oracle message for the sender, and the secret access.
func (OracleMessage) Decrypt ¶
func (om OracleMessage) Decrypt(passphrase, message []byte) (*OracleMessage, error)
Decrypt the OracleMessage.
func (OracleMessage) Encrypt ¶
func (om OracleMessage) Encrypt(passphrase []byte, rand io.Reader) (encrypted []byte, filename string, err error)
Encrypt the OracleMessage
func (OracleMessage) Marshall ¶
func (om OracleMessage) Marshall() []byte
Marshall an OracleMessage.
func (*OracleMessage) ProcessResponseMessage ¶
func (om *OracleMessage) ProcessResponseMessage(d []byte) (secretKey *[32]byte, err error)
ProcessResponseMessage decrypts the responseMessage and secret.
func (*OracleMessage) Unmarshall ¶
func (om *OracleMessage) Unmarshall(d []byte) (*OracleMessage, error)
Unmarshall an OracleMessage.
func (*OracleMessage) Valid ¶
func (om *OracleMessage) Valid() bool
Valid returns true if the message is currently valid.
type OracleMessageTemplate ¶
type OracleMessageTemplate struct { ValidFrom uint64 // From when is the message valid. ValidTo uint64 // Until when is the message valid. ServerURL string // The URL to send the message to. ServerPublicKey [32]byte // The server's public key. RatchetPublicKey [32]byte // The public key for the ratchet. }
OracleMessageTemplate is the template from which to create an OracleMessage.
func (OracleMessageTemplate) Create ¶
func (omt OracleMessageTemplate) Create(secretKey *[32]byte, rand io.Reader) (*OracleMessage, error)
Create an OracleMessage from an OracleMessageTemplate
func (OracleMessageTemplate) CreateEncrypted ¶
func (omt OracleMessageTemplate) CreateEncrypted(passphrase []byte, secretKey *[32]byte, rand io.Reader) (enc []byte, filename string, err error)
CreateEncrypted creates an encrypted Oracle message from template.
type RatchetMessage ¶
type RatchetMessage struct { RatchetPublicKey [32]byte // Ratchet pubkey SenderPublicKey [32]byte // Ephemeral ReceiverPublicKey [32]byte // Encrypt response to this, with ServerKey DHNonce [32]byte SymNonce [24]byte Payload []byte // contains filtered or unexported fields }
RatchetMessage is a message for a ratchet.
func NewRatchetMessage ¶
func NewRatchetMessage(ratchetPubkey *[32]byte, payload []byte, rand io.Reader) (msg *RatchetMessage, receivePrivKey *[32]byte, err error)
NewRatchetMessage creates a new RatchetMessage with fields set.
func (*RatchetMessage) Decrypt ¶
func (rm *RatchetMessage) Decrypt(getSecret ratchet.SecretFunc) error
Decrypt ratchet message.
func (*RatchetMessage) Encrypt ¶
func (rm *RatchetMessage) Encrypt(rand io.Reader) ([]byte, error)
Encrypt the RatchetMessage.
func (*RatchetMessage) Parse ¶
func (rm *RatchetMessage) Parse(d []byte) (*RatchetMessage, error)
Parse a binary encrypted RatchetMessage into the struct.
type ResponseMessage ¶
type ResponseMessage struct { ReceiverPublicKey [32]byte // RatchetMessage.ReceiverPublicKey EphemeralPublicKey [32]byte // Ephemeral SenderPublicKey [32]byte // ServerKey DHNonce [32]byte SymNonce [24]byte Payload []byte // contains filtered or unexported fields }
ResponseMessage is a message containing a decrypted payload.
func NewResponseMessage ¶
func NewResponseMessage(senderPubKey, receiverPubKey *[32]byte, payload []byte) *ResponseMessage
NewResponseMessage creates a new NewResponseMessage.
func (*ResponseMessage) Decrypt ¶
func (rmsg *ResponseMessage) Decrypt(receiverPrivateKey *[32]byte) error
Decrypt a ReponseMessage.
func (*ResponseMessage) Parse ¶
func (rmsg *ResponseMessage) Parse(d []byte) (*ResponseMessage, error)
Parse a binary ResponseMessage.
type ServerConfig ¶
type ServerConfig struct {
PublicKey, PrivateKey [32]byte // Server's long term curve25519 keypari
GetSecretFunc ratchet.SecretFunc // Lookup function of fountain.
RandomSource io.Reader // Random source for key generation.
}
ServerConfig contains the static configuration for OracleMessage processing.
func (ServerConfig) ProcessOracleMessage ¶
func (sc ServerConfig) ProcessOracleMessage(d []byte) ([]byte, error)
ProcessOracleMessage is the server-side processing of OracleMessages.