crypto

package
v1.3.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2022 License: MIT Imports: 26 Imported by: 1

Documentation

Index

Constants

View Source 
const AES256KeySize = 32

AES256KeySize for AWS256 Encryption

Variables

This section is empty.

Functions

func DynamicTruncate added in v1.1.9 

func DynamicTruncate(hmacResult []byte, digits int) string

DynamicTruncate as described in RFC4226 

"The Truncate function performs Step 2 and Step 3, i.e., the dynamic
truncation and then the reduction modulo 10^Digit.  The purpose of
the dynamic offset truncation technique is to extract a 4-byte
dynamic binary code from a 160-bit (20-byte) HMAC-SHA-1 result.

 DT(String) // String = String[0]...String[19]
  Let OffsetBits be the low-order 4 bits of String[19]
  Offset = StToNum(OffsetBits) // 0 <= OffSet <= 15
  Let P = String[OffSet]...String[OffSet+3]
  Return the Last 31 bits of P"

func GenerateTOTPQRCodePNG added in v1.1.9 

func GenerateTOTPQRCodePNG(key, issuer, user string, period time.Duration, length int) ([]byte, error)

GenerateTOTPQRCodePNG that can be served directly using content type header with 'image/png' or written to file.

func GenerateTOTPURI added in v1.1.9 

func GenerateTOTPURI(key, issuer, user string, period time.Duration, length int) string

GenerateTOTPURI for use in a QR code for registration with an authenticator application

func HOTP added in v1.1.9 

func HOTP(key string, counter uint64, length int) (string, error)

HOTP for the passed key and counter with the specified number of digits (min 6, max 8)

func HOTPCompare added in v1.1.9 

func HOTPCompare(key string, counter uint64, length int, challenge string) (bool, error)

HOTPCompare the HOTP for the specified key and the passed challenge

func Hash 

func Hash(password string, salt string) string

Hash returns the hash of a given string and salt

func HashAndSalt 

func HashAndSalt(password string) (hash string, salt string)

HashAndSalt generates a Hash and a Salt for a given string

func HashMD5 

func HashMD5(plaintext []byte) string

HashMD5 returns the MD5 sum of the passed bytes

func NewIncompleteDataError 

func NewIncompleteDataError() errors.TracerError

NewIncompleteDataError instantiates a IncompleteDataError with a stack trace

func NewOTPKey added in v1.1.9 

func NewOTPKey() (string, error)

NewOTPKey for use with HOTP or TOTP as a base32 encoded string

func NewRSAPrivateKeyNotSetError 

func NewRSAPrivateKeyNotSetError() errors.TracerError

NewRSAPrivateKeyNotSetError instantiates a RSAPrivateKeyNotSetError with a stack trace

func NewRSAPublicKeyNotSetError 

func NewRSAPublicKeyNotSetError() errors.TracerError

NewRSAPublicKeyNotSetError instantiates a RSAPublicKeyNotSetError with a stack trace

func TOTP added in v1.1.9 

func TOTP(key string, period time.Duration, vary int, length int) (string, error)

TOTP for the passed key with the specified period (step size) and number of digits, step will be adjusted using the passed 'vary'

func TOTPCompare added in v1.1.9 

func TOTPCompare(key string, period time.Duration, adjust int, length int, challenge string) (bool, error)

TOTPCompare the challenge to TOTP for a specific step dictated by period and adjust.

func TOTPCompareWithVariance added in v1.1.9 

func TOTPCompareWithVariance(key string, period time.Duration, length int, variance uint, challenge string) (bool, error)

TOTPCompareWithVariance the expected TOTP calculation with the challenge in constant time. If variance is > 0 constant time execution is not guaranteed, allows for totp to fall with the variance range of steps + or -

Types

type AESEncryption 

type AESEncryption struct {
	// contains filtered or unexported fields
}

AESEncryption provides AES256 Encryption with GCM tampering detection.

func (*AESEncryption) Decrypt 

func (a *AESEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)

Decrypt data using AES256-GCM

func (*AESEncryption) Encrypt 

func (a *AESEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)

Encrypt with AES256-GCM

func (AESEncryption) GenerateKey 

func (AESEncryption) GenerateKey() []byte

GenerateKey will create a new key to use with this instance of AES

func (*AESEncryption) GetKey 

func (a *AESEncryption) GetKey() []byte

GetKey currently being used by this instance of AES

func (*AESEncryption) GetType 

func (a *AESEncryption) GetType() CipherType

GetType returns the cipher type this instance of encryption provides.

func (*AESEncryption) RotateKey 

func (a *AESEncryption) RotateKey() []byte

RotateKey generates a new AES256 key and sets for use on this instance and returns it.

func (*AESEncryption) SetKey 

func (a *AESEncryption) SetKey(key []byte) error

SetKey for use on this instance of AES256.

func (*AESEncryption) Sign 

func (a *AESEncryption) Sign(plaintext []byte) (signature []byte, err error)

Sign does nothing with AES

func (*AESEncryption) Verify 

func (a *AESEncryption) Verify(plaintext []byte, signature []byte) (err error)

Verify does nothing with AES

type CipherType 

type CipherType uint8

CipherType represents how the message body will be encrypted. 

const (
	// None specifies no encryption. Suitable only for Negotiate requests.
	None CipherType = 0
	// AES symmetric encryption
	AES CipherType = 1
	// RSA asymmetric small message encryption
	RSA CipherType = 2
)

func (CipherType) String 

func (ct CipherType) String() string

type Encryption 

type Encryption interface {
	GetType() CipherType
	Encrypt(plaintext []byte) (ciphertext []byte, err error)
	Decrypt(ciphertext []byte) (plaintext []byte, err error)
	Sign(plaintext []byte) (signature []byte, err error)
	Verify(plaintext []byte, signature []byte) (err error)
}

Encryption interface provides the necessary methods for an encryption provider.

func NewAES 

func NewAES(key []byte) (Encryption, error)

NewAES using the passed key, if nil is passed a new key will be generated.

func NewNoEncryption 

func NewNoEncryption() Encryption

NewNoEncryption returns an instance of NoEncryption which can be used as a pass through.

type IncompleteDataError 

type IncompleteDataError struct {
	// contains filtered or unexported fields
}

IncompleteDataError returned when an incomplete ciphertext is passed to decrypt.

func (*IncompleteDataError) Error 

func (err *IncompleteDataError) Error() string

func (*IncompleteDataError) Trace 

func (err *IncompleteDataError) Trace() []string

Trace returns the stack trace for the error

type NoEncryption 

type NoEncryption struct{}

NoEncryption provides a passthrough for when you need an Encryption object but don't actually want encryption.

func (*NoEncryption) Decrypt 

func (ne *NoEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)

Decrypt returns the ciphertext

func (*NoEncryption) Encrypt 

func (ne *NoEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)

Encrypt returns the plaintext

func (*NoEncryption) GetType 

func (ne *NoEncryption) GetType() CipherType

GetType of cipher on this Encryption.

func (*NoEncryption) Sign 

func (ne *NoEncryption) Sign(plaintext []byte) (signature []byte, err error)

Sign the passed plaintext and return a signature that can be used to verify that the data was signed using this instance of encryptions key.

func (*NoEncryption) Verify 

func (ne *NoEncryption) Verify(plaintext []byte, signature []byte) (err error)

Verify the passed signature against the key on this instance. Returns err on failure.

type RSAEncryption 

type RSAEncryption struct {
	// contains filtered or unexported fields
}

RSAEncryption provides 2048 bit rsa encryption with optional PSS Signing.

func NewRSAEncryption 

func NewRSAEncryption() *RSAEncryption

NewRSAEncryption instance with no keys set.

func (*RSAEncryption) Decrypt 

func (r *RSAEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)

Decrypt the passed ciphertext using the passed private key.

func (*RSAEncryption) DecryptAndVerify 

func (r *RSAEncryption) DecryptAndVerify(ciphertext []byte, signature []byte) (
	plaintext []byte, err error)

DecryptAndVerify decrypts the passed ciphertext and verifies the signature.

func (*RSAEncryption) Encrypt 

func (r *RSAEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)

Encrypt the passed plaintext using the passed public key.

func (*RSAEncryption) EncryptAndSign 

func (r *RSAEncryption) EncryptAndSign(plaintext []byte) (
	signature []byte, ciphertext []byte, err error)

EncryptAndSign the passed plaintext with the passed encryption key and signing key.

func (*RSAEncryption) GenerateKey 

func (r *RSAEncryption) GenerateKey() *rsa.PrivateKey

GenerateKey for 2048 bit rsa encryption.

func (*RSAEncryption) GetPrivateKey 

func (r *RSAEncryption) GetPrivateKey() *rsa.PrivateKey

GetPrivateKey that is currently set on this instance of RSAEncryption

func (*RSAEncryption) GetPublicKey 

func (r *RSAEncryption) GetPublicKey() *rsa.PublicKey

GetPublicKey that is currently set on this instance.

func (*RSAEncryption) GetType 

func (r *RSAEncryption) GetType() CipherType

GetType returns the cipher type this encryption instance provides.

func (*RSAEncryption) MarshalPrivateKey 

func (r *RSAEncryption) MarshalPrivateKey() ([]byte, error)

MarshalPrivateKey data type (PKCS1) and return as bytes.

func (*RSAEncryption) MarshalPrivatePublicKey 

func (r *RSAEncryption) MarshalPrivatePublicKey() ([]byte, error)

MarshalPrivatePublicKey to data type PubASN1 PEM format and return as bytes.

func (*RSAEncryption) MarshalPublicKey 

func (r *RSAEncryption) MarshalPublicKey() ([]byte, error)

MarshalPublicKey data type (PubASN1) and return as bytes.

func (*RSAEncryption) SetPrivateKey 

func (r *RSAEncryption) SetPrivateKey(key *rsa.PrivateKey)

SetPrivateKey that will be used to decrypt and sign on this instance.

func (*RSAEncryption) SetPublicKey 

func (r *RSAEncryption) SetPublicKey(key rsa.PublicKey)

SetPublicKey that will be used to encrypt and verify on this instance.

func (*RSAEncryption) Sign 

func (r *RSAEncryption) Sign(plaintext []byte) (signed []byte, err error)

Sign with RSASSA-PSS

func (*RSAEncryption) UnmarshallPrivateKey 

func (r *RSAEncryption) UnmarshallPrivateKey(bytes []byte) error

UnmarshallPrivateKey from the passed bytes created from `MarshalPrivateKey` and set it on this instance.

func (*RSAEncryption) UnmarshallPublicKey 

func (r *RSAEncryption) UnmarshallPublicKey(bytes []byte) error

UnmarshallPublicKey from the passed bytes created using MarshalPublicKey and set it on this instance.

func (*RSAEncryption) Verify 

func (r *RSAEncryption) Verify(plaintext []byte, signature []byte) error

Verify that the passed signature matches the signature of the plaintext encrypted using the private key corresponding to the passed public key.

type RSAPrivateKeyNotSetError 

type RSAPrivateKeyNotSetError struct {
	// contains filtered or unexported fields
}

RSAPrivateKeyNotSetError is returned when the RSA private key is not set and an operation needing a private key is called.

func (*RSAPrivateKeyNotSetError) Error 

func (err *RSAPrivateKeyNotSetError) Error() string

func (*RSAPrivateKeyNotSetError) Trace 

func (err *RSAPrivateKeyNotSetError) Trace() []string

Trace returns the stack trace for the error

type RSAPublicKeyNotSetError 

type RSAPublicKeyNotSetError struct {
	// contains filtered or unexported fields
}

RSAPublicKeyNotSetError is returned when the RSA public key is not set and an operation needing a private key is called.

func (*RSAPublicKeyNotSetError) Error 

func (err *RSAPublicKeyNotSetError) Error() string

func (*RSAPublicKeyNotSetError) Trace 

func (err *RSAPublicKeyNotSetError) Trace() []string

Trace returns the stack trace for the error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.