Back to godoc.org
maze.io/x/crypto / afis

package afis

v0.0.0 (9b94c9a)
Latest Go to latest
Published: Jan 31, 2019 | License: MIT | Module: maze.io/x/crypto

Overview

Package afis implements Anti-Forensic Information Splitting

The splitter supports secure data destruction crucial for secure on-disk key management. The key idea is to bloat information and therefor improving the chance of destroying a single bit of it. The information is bloated in such a way, that a single missing bit causes the original information become unrecoverable. The theory behind AFsplitter is presented in TKS1.

The interface is simple. It consists of two functions:

Split(data, stripes)
Merge(data, stripes)

Split operates on data and returns information splitted data. Merge does just the opposite: uses the information stored in data to recover the original splitted data.

References

AFsplitter reference implementation at http://clemens.endorphin.org/AFsplitter

TKS1 paper at http://clemens.endorphin.org/TKS1-draft.pdf

Index

Examples

Variables

var (
	ErrMinStripe = errors.New("afis: at least one stripe is required")
	ErrDataLen   = errors.New("afis: data length is not multiple of stripes")
)

Errors.

var DefaultHash = sha1.New

DefaultHash is our default hashing function.

func Merge

func Merge(data []byte, stripes int) ([]byte, error)

Merge data splitted previously with Split using the default SHA-1 hash.

Example

Code:

package afis

import (
	"bytes"
	"crypto/rand"
	"io"
	"testing"
)

var testVectors = []struct {
	data    []byte
	stripes int
}{
	{[]byte(""), 1},
	{[]byte(""), 2},
	{[]byte("Look, it's Gophers everywhere!"), 1},
	{[]byte("Look, it's Gophers everywhere!"), 2},
	{[]byte("Look, it's Gophers everywhere!"), 4},
	{[]byte("Look, it's Gophers everywhere!"), 8},
}

func TestAFIS(t *testing.T) {
	for _, vector := range testVectors {
		t.Run("", func(t *testing.T) {
			splitted, err := Split(vector.data, vector.stripes)
			if err != nil {
				t.Fatal(err)
			}

			merged, err := Merge(splitted, vector.stripes)
			if err != nil {
				t.Fatal(err)
			}

			if !bytes.Equal(merged, vector.data) {
				t.Fatalf("expected %q, got %q", vector.data, merged)
			}
		})
	}
}

func ExampleMerge() {
	secretKey := make([]byte, 16)
	if _, err := io.ReadFull(rand.Reader, secretKey); err != nil {
		panic(err)
	}

	// Split the original data using 4 stripes.
	scrambled, err := Split(secretKey, 4)
	if err != nil {
		panic(err)
	}

	// Merge back
	key, err := Merge(scrambled, 4)
	if err != nil {
		panic(err)
	}

	if !bytes.Equal(key, secretKey) {
		panic("merge failed")
	}
}

func MergeHash

func MergeHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

MergeHash merges data splitted previously with the selected hash function.

func Split

func Split(data []byte, stripes int) ([]byte, error)

Split data using the default SHA-1 hash.

func SplitHash

func SplitHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

SplitHash splits data using the selected hash function.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier