oracle

package module
v1.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 26, 2024 License: MIT Imports: 20 Imported by: 4

README

Oracle

go oracle

Oracle is a go library that provides the following cryptographic functions:

  • generate key-pairs
  • encrypt messages
  • decrypt messages
  • sign messages
  • validate messages

Oracle is the basic object that can perform these functions. It also has the concept of a Peer, which is public key. Useful for validating and encrypting.

Keys are Curve25519.

Messages are encrypted using ChaCha20-Poly1305 AEAD. Perfect forward secrecy is assured by making use of one-time ephemeral keys.

This project is heavily inspired by age, especially with respect to cryptographic design.

However, I beleive that Oracle provides the following advantages, making it a better choice in some situations:

  • Simpler API, doing away with unesseary abstractions
  • A simple, standard format for messages (PEM)
  • Package first. Oracle is first and foremost a Go package with a sensible API
  • Do one thing and do it well. The companion binary goracle honours the Linux philosophy by accepting input from stdin and producing output to stdout, unlocking composability.

Oracle also provides a binary called goracle.

Documentation

Index

Constants

View Source
const GLOBAL_SALT = "oracle/v1"

Variables

View Source
var (
	ErrNotInitialized = errors.New("oracle has not been initialized")
	ErrInvalidConfig  = errors.New("invalid config")
)
View Source
var ErrKeysAlreadyExist = errors.New("crypto keys already exists")
View Source
var ErrNoEphemeralKey = errors.New("no ephemeral key")
View Source
var UniversalNonce []byte = make([]byte, chacha20poly1305.NonceSize)
View Source
var ZeroPrivateKey *ecdh.PrivateKey = new(ecdh.PrivateKey)
View Source
var ZeroPublicKey *ecdh.PublicKey = new(ecdh.PublicKey)

Functions

func NewPeer added in v0.1.1

func NewPeer(seed []byte) *peer

func PeerFromHex

func PeerFromHex(hexData []byte) (*peer, error)

func PublicKeyFromHex

func PublicKeyFromHex(hexData []byte) (*ecdh.PublicKey, error)

Types

type BunchOfZeros added in v1.3.0

type BunchOfZeros struct{}

This is a deterministic io.Reader for fake randomness.

func (*BunchOfZeros) Read added in v1.3.0

func (dr *BunchOfZeros) Read(p []byte) (int, error)

type CipherText

type CipherText struct {
	Type               string            `json:"type" ion:"type"`
	Headers            map[string]string `json:"headers" ion:"headers"`
	AdditionalData     []byte            `json:"aad" ion:"aad"`
	CipherTextData     []byte            `json:"ciphertext" ion:"ciphertext"`
	Signature          []byte            `json:"signature" ion:"signature"`
	Nonce              []byte            `json:"nonce" ion:"nonce"`
	EphemeralPublicKey []byte            `json:"ephpub" ion:"ephpub"`
	// contains filtered or unexported fields
}

CipherText includes payload and metadata for receiving and decrypting

func (*CipherText) Clone added in v0.1.0

func (c1 *CipherText) Clone(c2 *CipherText)

func (*CipherText) From added in v0.1.0

func (ct *CipherText) From(pt *PlainText)

create CipherText from PlainText This does _not_ peform encryption. you must handle PlainTextData and CipherTextData fields seperately.

func (*CipherText) MarshalIon added in v0.1.0

func (ct *CipherText) MarshalIon() ([]byte, error)

func (*CipherText) MarshalPEM

func (ct *CipherText) MarshalPEM() ([]byte, error)

func (*CipherText) UnmarshalIon added in v0.1.0

func (ct *CipherText) UnmarshalIon(bin []byte) error

func (*CipherText) UnmarshalPEM

func (ct *CipherText) UnmarshalPEM(data []byte) error

type Config

type Config struct {
	Self  Self                `toml:"self" json:"self"`
	Peers []map[string]string `toml:"peer" json:"peer"`
}
var ZeroConf Config

func ConfigFrom added in v0.1.2

func ConfigFrom(r io.Reader) (Config, error)

func (Config) String added in v0.1.2

func (c Config) String() string

func (Config) Valid added in v0.1.2

func (c Config) Valid() bool

type Message added in v0.1.0

type Message interface {
	Digest() ([]byte, error)
	Sign(io.Reader, ed25519.PrivateKey)
	Verify(ed25519.PublicKey) bool
	Encrypt(io.Reader, ed25519.PublicKey) (*CipherText, error)
	Decrypt(ed25519.PrivateKey) (*PlainText, error)
	PlainText() ([]byte, error)
	CipherText() ([]byte, error)
}

type Oracle

type Oracle struct {
	EncryptionPublicKey *ecdh.PublicKey

	SigningPublicKey ed25519.PublicKey

	Provenance io.ReadWriter
	// contains filtered or unexported fields
}

func From

func From(r io.ReadWriter) (*Oracle, error)

load an Oracle from a file or other io.Reader

func FromFile added in v0.1.0

func FromFile(path string) (*Oracle, error)

func New

func New(rand io.Reader) *Oracle

create a new Oracle with new key-pairs.

func (*Oracle) AddPeer

func (o *Oracle) AddPeer(p Peer) error

Make an Oracle aware of a Peer, so it can encrypt messages or validate signatures

func (*Oracle) AsMap added in v1.0.1

func (o *Oracle) AsMap() map[string]string

func (*Oracle) AsPeer

func (o *Oracle) AsPeer() *peer

Export the Oracle as a Peer, ensuring only public information is exported

func (*Oracle) Bytes added in v1.0.1

func (o *Oracle) Bytes() []byte

func (*Oracle) Compose added in v0.1.0

func (o *Oracle) Compose(subject string, body []byte) *PlainText

compose a message intended for a peer

func (*Oracle) Decrypt

func (o *Oracle) Decrypt(ct *CipherText) (*PlainText, error)

decrypt CipherText, returning PlainText

func (*Oracle) Deterministic added in v1.3.0

func (o *Oracle) Deterministic()

Deterministic sets Oracle to deterministic mode. Good for testing. Bad for privacy.

func (*Oracle) Encrypt

func (o *Oracle) Encrypt(pt *PlainText, recipient Peer) (*CipherText, error)

encrypt PlaintText, returning CipherText

func (*Oracle) Export

func (o *Oracle) Export(w io.Writer) error

write an Oracle as a Config to an io.Writer @warning: includes Private key. This should be considered secret

func (*Oracle) GenerateKeys

func (o *Oracle) GenerateKeys(rand io.Reader) error

func (*Oracle) Load

func (o *Oracle) Load(r io.Reader) error

func (*Oracle) Nickname

func (o *Oracle) Nickname() string

an easy way to uniquely identify a Peer. Nickname is derived from PublicKey collisions are technically possible

func (*Oracle) Peer

func (o *Oracle) Peer(nick string) (Peer, error)

get a Peer from its Nickname

func (*Oracle) Peers

func (o *Oracle) Peers() map[string]Peer

func (*Oracle) PrivateEncryptionKey added in v0.1.2

func (o *Oracle) PrivateEncryptionKey() *ecdh.PrivateKey

func (*Oracle) PrivateSigningKey added in v0.1.2

func (o *Oracle) PrivateSigningKey() ed25519.PrivateKey

func (*Oracle) Public

func (o *Oracle) Public() crypto.PublicKey

func (*Oracle) PublicEncryptionKey added in v0.1.2

func (o *Oracle) PublicEncryptionKey() *ecdh.PublicKey

func (*Oracle) PublicKeyAsHex

func (o *Oracle) PublicKeyAsHex() []byte

func (*Oracle) PublicSigningKey added in v0.1.2

func (o *Oracle) PublicSigningKey() ed25519.PublicKey

func (*Oracle) Randomness added in v0.1.2

func (o *Oracle) Randomness() io.Reader

func (*Oracle) Save added in v1.3.0

func (o *Oracle) Save() error

func (*Oracle) Sign

func (o *Oracle) Sign(pt *PlainText) error

func (*Oracle) Verify

func (o *Oracle) Verify(pt *PlainText, sender Peer) bool

type Peer

type Peer interface {
	crypto.PublicKey
	encoding.BinaryMarshaler
	encoding.BinaryUnmarshaler
	json.Marshaler
	json.Unmarshaler
	//toml.Marshaler
	//toml.Unmarshaler
	MarshalHex() ([]byte, error)
	UnmarshalHex(data []byte) error
	Bytes() []byte
	Public() crypto.PublicKey // returns signing key
	SigningKey() ed25519.PublicKey
	EncryptionKey() *ecdh.PublicKey
	Nickname() string
	AsMap() map[string]string
}

type PlainText

type PlainText struct {
	Type               string            `json:"type" ion:"type"`
	Headers            map[string]string `json:"headers" ion:"headers"`
	AdditionalData     []byte            `json:"aad" ion:"aad"`
	PlainTextData      []byte            `json:"plaintext" ion:"plaintext"`
	Signature          []byte            `json:"signature" ion:"signature"`
	Nonce              []byte            `json:"nonce" ion:"nonce"`
	EphemeralPublicKey []byte            `json:"ephpub" ion:"ephpub"`
	// contains filtered or unexported fields
}

PlainText includes payload and metadata for encrypting and sending

func (*PlainText) CipherText added in v0.1.0

func (pt *PlainText) CipherText() ([]byte, error)

func (*PlainText) Clone added in v0.1.0

func (pt *PlainText) Clone(p2 *PlainText)

func (*PlainText) Digest added in v0.1.0

func (pt *PlainText) Digest() ([]byte, error)

func (*PlainText) From added in v0.1.0

func (pt *PlainText) From(ct *CipherText)

func (*PlainText) MarshalIon added in v0.1.0

func (pt *PlainText) MarshalIon() ([]byte, error)

func (*PlainText) MarshalPEM added in v0.1.0

func (pt *PlainText) MarshalPEM() ([]byte, error)

func (*PlainText) PlainText added in v0.1.0

func (pt *PlainText) PlainText() ([]byte, error)

func (*PlainText) Sign added in v0.1.0

func (pt *PlainText) Sign(randy io.Reader, priv ed25519.PrivateKey) error

func (*PlainText) String

func (pt *PlainText) String() string

func (*PlainText) UnmarshalIon added in v0.1.0

func (pt *PlainText) UnmarshalIon(bin []byte) error

func (*PlainText) UnmarshalPEM added in v0.1.0

func (pt *PlainText) UnmarshalPEM(data []byte) error

func (*PlainText) Verify added in v0.1.0

func (pt *PlainText) Verify(pub ed25519.PublicKey) bool

type Self

type Self struct {
	PrivateKey string `toml:"priv" json:"priv"`
	PublicKey  string `toml:"pub" json:"pub"`
	Nickname   string `toml:"nick" json:"nick"`
}

func (Self) Valid added in v0.1.2

func (s Self) Valid() bool

Directories

Path Synopsis
cmd
goracle command
pemreader command
pemreader reads PEM files from stdin and outputs plain text to stdout
pemreader reads PEM files from stdin and outputs plain text to stdout

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL