crypto

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultKeyBitSize        = 4096
	DefaultDsaParameterSize  = dsa.L2048N256
	DefaultEllipticCurveType = EllipticCurveTypeP521
)
View Source
const (
	ObjectIdEmpty = ObjectId(0)

	ObjectIdSessionId = ObjectId(1)
)

Variables

View Source
var (
	ErrIllegalSshKey               = errors.New("illegal ssh key found")
	ErrIllegalAuthorizedKeysFormat = errors.New("illegal authorized keys format")
)
View Source
var (
	DefaultDsaRestriction = DsaRestrictionNone
)
View Source
var (
	DefaultEcdsaRestriction = EcdsaRestrictionAtLeast384Bits
)
View Source
var (
	DefaultEd25519Restriction = Ed25519RestrictionAll
)
View Source
var (
	DefaultRsaRestriction = RsaRestrictionAtLeast4096Bits
)
View Source
var (
	ErrIllegalAuthorizedKeyOption = errors.New("illegal authorized key option")
)
View Source
var (
	ErrIllegalAuthorizedKeyOptionType = errors.New("illegal authorized key option type")
)
View Source
var (
	ErrIllegalObjectId = errors.Config.Newf("illegal object-id")
)
View Source
var (
	ErrIllegalPassword = errors.New("illegal password")
)
View Source
var (
	ErrIllegalPasswordFile = errors.Config.Newf("illegal password file")
)
View Source
var (
	ErrIllegalPasswordType = errors.New("illegal password type")
)

Functions

func AdjustHttpTransportWithCaCerts added in v0.3.0

func AdjustHttpTransportWithCaCerts(transport *http.Transport)

func AdjustTlsConfigWithCaCerts added in v0.3.0

func AdjustTlsConfigWithCaCerts(tlsConfig *tls.Config)

func CaCerts added in v0.3.0

func CaCerts() *x509.CertPool

func CutEngityObjectIdPrefix added in v0.4.0

func CutEngityObjectIdPrefix(in asn1.ObjectIdentifier) (rest asn1.ObjectIdentifier)

func DoWithEachAuthorizedKey

func DoWithEachAuthorizedKey[R any](requireExistence bool, callback func(ssh.PublicKey) (result R, canContinue bool, err error), files ...string) (result R, err error)

func PrefixWithEngityObjectId added in v0.4.0

func PrefixWithEngityObjectId(in asn1.ObjectIdentifier) asn1.ObjectIdentifier

func WriteSshPrivateKey

func WriteSshPrivateKey(pk PrivateKey, to io.Writer) error

Types

type AuthorizedKeyOption added in v0.2.0

type AuthorizedKeyOption struct {
	Type  AuthorizedKeyOptionType
	Value string
}

func (AuthorizedKeyOption) IsEqualTo added in v0.2.0

func (this AuthorizedKeyOption) IsEqualTo(other any) bool

func (AuthorizedKeyOption) MarshalText added in v0.2.0

func (this AuthorizedKeyOption) MarshalText() ([]byte, error)

func (*AuthorizedKeyOption) Set added in v0.2.0

func (this *AuthorizedKeyOption) Set(text string) error

func (AuthorizedKeyOption) String added in v0.2.0

func (this AuthorizedKeyOption) String() string

func (*AuthorizedKeyOption) UnmarshalText added in v0.2.0

func (this *AuthorizedKeyOption) UnmarshalText(text []byte) error

func (AuthorizedKeyOption) Validate added in v0.2.0

func (this AuthorizedKeyOption) Validate() error

type AuthorizedKeyOptionType added in v0.2.0

type AuthorizedKeyOptionType uint8
const (
	AuthorizedKeyOptionEmpty AuthorizedKeyOptionType = iota
	AuthorizedKeyAgentForwarding
	AuthorizedKeyNoAgentForwarding
	AuthorizedKeyCertAuthority
	AuthorizedKeyCommand
	AuthorizedKeyEnvironment
	AuthorizedKeyExpiryTime
	AuthorizedKeyFrom
	AuthorizedKeyPermitListen
	AuthorizedKeyPermitOpen
	AuthorizedKeyPrincipals
	AuthorizedKeyPortForwarding
	AuthorizedKeyNoPortForwarding
	AuthorizedKeyPty
	AuthorizedKeyNoPty
	AuthorizedKeyNoTouchRequired
	AuthorizedKeyVerifyRequired
	AuthorizedKeyRestrict
	AuthorizedKeyTunnel
	AuthorizedKeyUserRc
	AuthorizedKeyNoUserRc
	AuthorizedKeyX11Forwarding
	AuthorizedKeyNoX11Forwarding
)

func (AuthorizedKeyOptionType) IsEqualTo added in v0.2.0

func (this AuthorizedKeyOptionType) IsEqualTo(other any) bool

func (AuthorizedKeyOptionType) IsZero added in v0.2.0

func (this AuthorizedKeyOptionType) IsZero() bool

func (AuthorizedKeyOptionType) MarshalText added in v0.2.0

func (this AuthorizedKeyOptionType) MarshalText() ([]byte, error)

func (*AuthorizedKeyOptionType) Set added in v0.2.0

func (this *AuthorizedKeyOptionType) Set(text string) error

func (AuthorizedKeyOptionType) String added in v0.2.0

func (this AuthorizedKeyOptionType) String() string

func (*AuthorizedKeyOptionType) UnmarshalText added in v0.2.0

func (this *AuthorizedKeyOptionType) UnmarshalText(text []byte) error

func (AuthorizedKeyOptionType) Validate added in v0.2.0

func (this AuthorizedKeyOptionType) Validate() error

type AuthorizedKeyWithOptions added in v0.2.0

type AuthorizedKeyWithOptions struct {
	ssh.PublicKey
	Options []AuthorizedKeyOption
}

type AuthorizedKeys added in v0.2.0

type AuthorizedKeys string

func (AuthorizedKeys) ForEach added in v0.2.0

func (this AuthorizedKeys) ForEach(consumer func(i int, key ssh.PublicKey, comment string, opts []AuthorizedKeyOption) (canContinue bool, err error)) error

func (AuthorizedKeys) Get added in v0.2.0

func (AuthorizedKeys) IsEqualTo added in v0.2.0

func (this AuthorizedKeys) IsEqualTo(other any) bool

func (AuthorizedKeys) IsZero added in v0.2.0

func (this AuthorizedKeys) IsZero() bool

func (*AuthorizedKeys) Trim added in v0.2.0

func (this *AuthorizedKeys) Trim() error

func (AuthorizedKeys) Validate added in v0.2.0

func (this AuthorizedKeys) Validate() error

type AuthorizedKeysFile added in v0.2.0

type AuthorizedKeysFile string

func (AuthorizedKeysFile) ForEach added in v0.2.0

func (this AuthorizedKeysFile) ForEach(consumer func(i int, key ssh.PublicKey, comment string, opts []AuthorizedKeyOption) (canContinue bool, err error)) error

func (AuthorizedKeysFile) Get added in v0.2.0

func (AuthorizedKeysFile) IsEqualTo added in v0.2.0

func (this AuthorizedKeysFile) IsEqualTo(other any) bool

func (AuthorizedKeysFile) IsZero added in v0.2.0

func (this AuthorizedKeysFile) IsZero() bool

func (AuthorizedKeysFile) Validate added in v0.2.0

func (this AuthorizedKeysFile) Validate() error

type DsaRestriction

type DsaRestriction uint8
const (
	DsaRestrictionNone DsaRestriction = iota
	DsaRestrictionAll
	DsaRestrictionAtLeast1024Bits
	DsaRestrictionAtLeast2048Bits
	DsaRestrictionAtLeast3072Bits
)

func (DsaRestriction) BitsAllowed

func (this DsaRestriction) BitsAllowed(in int) bool

func (DsaRestriction) IsEqualTo

func (this DsaRestriction) IsEqualTo(other any) bool

func (DsaRestriction) IsZero

func (this DsaRestriction) IsZero() bool

func (DsaRestriction) KeyAllowed

func (this DsaRestriction) KeyAllowed(in any) (bool, error)

func (DsaRestriction) MarshalText

func (this DsaRestriction) MarshalText() (text []byte, err error)

func (*DsaRestriction) Set

func (this *DsaRestriction) Set(text string) error

func (DsaRestriction) String

func (this DsaRestriction) String() string

func (*DsaRestriction) UnmarshalText

func (this *DsaRestriction) UnmarshalText(text []byte) error

func (DsaRestriction) Validate

func (this DsaRestriction) Validate() error

type EcdsaRestriction

type EcdsaRestriction uint8
const (
	EcdsaRestrictionNone EcdsaRestriction = iota
	EcdsaRestrictionAll
	EcdsaRestrictionAtLeast256Bits
	EcdsaRestrictionAtLeast384Bits
	EcdsaRestrictionAtLeast521Bits
)

func (EcdsaRestriction) BitsAllowed

func (this EcdsaRestriction) BitsAllowed(in int) bool

func (EcdsaRestriction) IsEqualTo

func (this EcdsaRestriction) IsEqualTo(other any) bool

func (EcdsaRestriction) IsZero

func (this EcdsaRestriction) IsZero() bool

func (EcdsaRestriction) KeyAllowed

func (this EcdsaRestriction) KeyAllowed(in any) (bool, error)

func (EcdsaRestriction) MarshalText

func (this EcdsaRestriction) MarshalText() (text []byte, err error)

func (*EcdsaRestriction) Set

func (this *EcdsaRestriction) Set(text string) error

func (EcdsaRestriction) String

func (this EcdsaRestriction) String() string

func (*EcdsaRestriction) UnmarshalText

func (this *EcdsaRestriction) UnmarshalText(text []byte) error

func (EcdsaRestriction) Validate

func (this EcdsaRestriction) Validate() error

type Ed25519Restriction

type Ed25519Restriction uint8
const (
	Ed25519RestrictionNone Ed25519Restriction = iota
	Ed25519RestrictionAll
	Ed25519RestrictionAtLeast256Bits
)

func (Ed25519Restriction) BitsAllowed

func (this Ed25519Restriction) BitsAllowed(in int) bool

func (Ed25519Restriction) IsEqualTo

func (this Ed25519Restriction) IsEqualTo(other any) bool

func (Ed25519Restriction) IsZero

func (this Ed25519Restriction) IsZero() bool

func (Ed25519Restriction) KeyAllowed

func (this Ed25519Restriction) KeyAllowed(in any) (bool, error)

func (Ed25519Restriction) MarshalText

func (this Ed25519Restriction) MarshalText() (text []byte, err error)

func (*Ed25519Restriction) Set

func (this *Ed25519Restriction) Set(text string) error

func (Ed25519Restriction) String

func (this Ed25519Restriction) String() string

func (*Ed25519Restriction) UnmarshalText

func (this *Ed25519Restriction) UnmarshalText(text []byte) error

func (Ed25519Restriction) Validate

func (this Ed25519Restriction) Validate() error

type EllipticCurveType

type EllipticCurveType uint8
const (
	EllipticCurveTypeP224 EllipticCurveType = iota
	EllipticCurveTypeP256
	EllipticCurveTypeP384
	EllipticCurveTypeP521
)

func (EllipticCurveType) Curve

func (this EllipticCurveType) Curve() (elliptic.Curve, error)

func (EllipticCurveType) String

func (this EllipticCurveType) String() string

type Htpasswd added in v0.2.0

type Htpasswd struct {
	// contains filtered or unexported fields
}

func (Htpasswd) IsEqualTo added in v0.2.0

func (this Htpasswd) IsEqualTo(other any) bool

func (Htpasswd) IsZero added in v0.2.0

func (this Htpasswd) IsZero() bool

func (Htpasswd) MarshalText added in v0.2.0

func (this Htpasswd) MarshalText() (text []byte, err error)

func (Htpasswd) Match added in v0.2.0

func (this Htpasswd) Match(username, password string) bool

func (*Htpasswd) Set added in v0.2.0

func (this *Htpasswd) Set(text string) error

func (Htpasswd) String added in v0.2.0

func (this Htpasswd) String() string

func (*Htpasswd) UnmarshalText added in v0.2.0

func (this *Htpasswd) UnmarshalText(text []byte) error

func (Htpasswd) Validate added in v0.2.0

func (this Htpasswd) Validate() error

type HtpasswdFile added in v0.2.0

type HtpasswdFile struct {
	// contains filtered or unexported fields
}

func (HtpasswdFile) IsEqualTo added in v0.2.0

func (this HtpasswdFile) IsEqualTo(other any) bool

func (HtpasswdFile) IsZero added in v0.2.0

func (this HtpasswdFile) IsZero() bool

func (HtpasswdFile) MarshalText added in v0.2.0

func (this HtpasswdFile) MarshalText() (text []byte, err error)

func (HtpasswdFile) Match added in v0.2.0

func (this HtpasswdFile) Match(username, password string) bool

func (*HtpasswdFile) Set added in v0.2.0

func (this *HtpasswdFile) Set(text string) error

func (HtpasswdFile) String added in v0.2.0

func (this HtpasswdFile) String() string

func (*HtpasswdFile) UnmarshalText added in v0.2.0

func (this *HtpasswdFile) UnmarshalText(text []byte) error

func (HtpasswdFile) Validate added in v0.2.0

func (this HtpasswdFile) Validate() error

type KeyRequirement

type KeyRequirement struct {
	Type KeyType

	// BitSize is used for RSA keys. Default is DefaultKeyBitSize
	BitSize *int

	// DsaParameterSize is used for KeyTypeDsa. Default is DefaultDsaParameterSize
	DsaParameterSize *dsa.ParameterSizes

	// EllipticCurveType is used for KeyTypeEcdsa. Default is DefaultEllipticCurveType
	EllipticCurveType *EllipticCurveType
}

func (KeyRequirement) CreateFile

func (this KeyRequirement) CreateFile(rand io.Reader, fn string) (PrivateKey, error)

func (KeyRequirement) GenerateKey

func (this KeyRequirement) GenerateKey(rand io.Reader) (PrivateKey, error)

type KeyType

type KeyType uint8
const (
	KeyTypeRsa KeyType = iota
	KeyTypeDsa
	KeyTypeEcdsa
	KeyTypeEd25519
)

func (KeyType) String

func (this KeyType) String() string

type ObjectId added in v0.4.0

type ObjectId uint8

func (*ObjectId) FromNative added in v0.4.0

func (this *ObjectId) FromNative(in asn1.ObjectIdentifier) error

func (ObjectId) IsEqualTo added in v0.4.0

func (this ObjectId) IsEqualTo(other any) bool

func (ObjectId) IsZero added in v0.4.0

func (this ObjectId) IsZero() bool

func (ObjectId) MarshalText added in v0.4.0

func (this ObjectId) MarshalText() (text []byte, err error)

func (*ObjectId) Set added in v0.4.0

func (this *ObjectId) Set(plain string) error

func (ObjectId) String added in v0.4.0

func (this ObjectId) String() string

func (ObjectId) ToNative added in v0.4.0

func (this ObjectId) ToNative() (asn1.ObjectIdentifier, error)

func (ObjectId) ToNativeDirect added in v0.4.0

func (this ObjectId) ToNativeDirect() asn1.ObjectIdentifier

func (*ObjectId) UnmarshalText added in v0.4.0

func (this *ObjectId) UnmarshalText(text []byte) error

func (ObjectId) Validate added in v0.4.0

func (this ObjectId) Validate() error

type Password added in v0.2.0

type Password []byte

func (Password) Compare added in v0.2.0

func (this Password) Compare(withPassword []byte) (bool, error)

func (Password) IsEqualTo added in v0.2.0

func (this Password) IsEqualTo(other any) bool

func (Password) IsZero added in v0.2.0

func (this Password) IsZero() bool

func (Password) MarshalText added in v0.2.0

func (this Password) MarshalText() ([]byte, error)

func (*Password) Set added in v0.2.0

func (this *Password) Set(plain string) error

func (*Password) SetPassword added in v0.2.0

func (this *Password) SetPassword(t PasswordType, password []byte) error

func (Password) String added in v0.2.0

func (this Password) String() string

func (*Password) UnmarshalText added in v0.2.0

func (this *Password) UnmarshalText(b []byte) error

func (Password) Validate added in v0.2.0

func (this Password) Validate() error

type PasswordFile added in v0.4.0

type PasswordFile string

func (PasswordFile) GetPassword added in v0.4.0

func (this PasswordFile) GetPassword() (Password, error)

func (PasswordFile) IsEqualTo added in v0.4.0

func (this PasswordFile) IsEqualTo(other any) bool

func (PasswordFile) IsZero added in v0.4.0

func (this PasswordFile) IsZero() bool

func (PasswordFile) MarshalText added in v0.4.0

func (this PasswordFile) MarshalText() ([]byte, error)

func (*PasswordFile) Set added in v0.4.0

func (this *PasswordFile) Set(plain string) error

func (PasswordFile) SetPassword added in v0.4.0

func (this PasswordFile) SetPassword(v Password) error

func (PasswordFile) String added in v0.4.0

func (this PasswordFile) String() string

func (*PasswordFile) UnmarshalText added in v0.4.0

func (this *PasswordFile) UnmarshalText(b []byte) error

func (PasswordFile) Validate added in v0.4.0

func (this PasswordFile) Validate() error

type PasswordType added in v0.2.0

type PasswordType uint8
const (
	PasswordTypePlain PasswordType = iota
	PasswordTypeBcrypt
)

func (PasswordType) Compare added in v0.2.0

func (this PasswordType) Compare(encoded, password []byte) (bool, error)

func (PasswordType) Encode added in v0.2.0

func (this PasswordType) Encode(password []byte) ([]byte, error)

func (PasswordType) Generate added in v0.4.0

func (this PasswordType) Generate(rand io.Reader) (decoded []byte, encoded Password, _ error)

func (PasswordType) IsEqualTo added in v0.2.0

func (this PasswordType) IsEqualTo(other any) bool

func (PasswordType) MarshalText added in v0.2.0

func (this PasswordType) MarshalText() ([]byte, error)

func (*PasswordType) Set added in v0.2.0

func (this *PasswordType) Set(plain string) error

func (PasswordType) String added in v0.2.0

func (this PasswordType) String() string

func (*PasswordType) UnmarshalText added in v0.2.0

func (this *PasswordType) UnmarshalText(b []byte) error

func (PasswordType) Validate added in v0.2.0

func (this PasswordType) Validate() error

type PrivateKey added in v0.4.0

type PrivateKey interface {
	Type() string
	PublicKey() PublicKey
	ToSsh() ssh.Signer
	ToSdk() gocrypto.Signer
	MarshalPemBlock() (*pem.Block, error)
}

func EnsureKeyFile

func EnsureKeyFile(fn string, reqOnAbsence *KeyRequirement, rand io.Reader) (PrivateKey, error)

func PrivateKeyFromSdk added in v0.4.0

func PrivateKeyFromSdk(sdk gocrypto.Signer) (PrivateKey, error)

type PublicKey added in v0.4.0

type PublicKey interface {
	Type() string
	Marshal() []byte
	ToSsh() ssh.PublicKey
	ToSdk() gocrypto.PublicKey
	IsEqualTo(PublicKey) bool
}

func ParsePublicKeyBytes added in v0.4.0

func ParsePublicKeyBytes(in []byte) (PublicKey, error)

func PublicKeyFromSdk added in v0.4.0

func PublicKeyFromSdk(in gocrypto.PublicKey) (PublicKey, error)

func PublicKeyFromSsh added in v0.4.0

func PublicKeyFromSsh(in ssh.PublicKey) (PublicKey, error)

type Restriction

type Restriction interface {
	KeyAllowed(gocrypto.Signer) (bool, error)
}

type RsaRestriction

type RsaRestriction uint8
const (
	RsaRestrictionNone RsaRestriction = iota
	RsaRestrictionAll
	RsaRestrictionAtLeast1024Bits
	RsaRestrictionAtLeast2048Bits
	RsaRestrictionAtLeast3072Bits
	RsaRestrictionAtLeast4096Bits
)

func (RsaRestriction) BitsAllowed

func (this RsaRestriction) BitsAllowed(in int) bool

func (RsaRestriction) IsEqualTo

func (this RsaRestriction) IsEqualTo(other any) bool

func (RsaRestriction) IsZero

func (this RsaRestriction) IsZero() bool

func (RsaRestriction) KeyAllowed

func (this RsaRestriction) KeyAllowed(in any) (bool, error)

func (RsaRestriction) MarshalText

func (this RsaRestriction) MarshalText() (text []byte, err error)

func (*RsaRestriction) Set

func (this *RsaRestriction) Set(text string) error

func (RsaRestriction) String

func (this RsaRestriction) String() string

func (*RsaRestriction) UnmarshalText

func (this *RsaRestriction) UnmarshalText(text []byte) error

func (RsaRestriction) Validate

func (this RsaRestriction) Validate() error

Directories

Path Synopsis
unix

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL