Documentation
¶
Index ¶
- Constants
- type Alphabet
- type Scheme
- func (self Scheme) B() int
- func (self Scheme) Curve() algos.Curve
- func (self Scheme) Hash() crypto.Hash
- func (self Scheme) KeyExchangePattern() string
- func (self Scheme) Name() string
- func (self Scheme) NewOTP(src []byte, ptime int64) ([]byte, error)
- func (self Scheme) P() int
- func (self Scheme) SyncTime(t int64, sync int) (int64, error)
- func (self Scheme) T() float64
- func (self Scheme) Time(t int64) (int64, int)
- type State
- type TestVector
Constants ¶
const ( B10Alphabet = Alphabet("0123456789") B16Alphabet = Alphabet("0123456789ABCDEF") B32Alphabet = Alphabet("0123456789ABCDEFGHJKMNPQRSTVWXYZ") NullAlphabet = Alphabet("") )
const ( Initiator = role(true) Responder = role(false) )
const ( SHA512_X25519_E1S1_T600B10P8 = uint16(0x1111) SHA512_256_X25519_E1S1_T600B10P8 = uint16(0x1121) BLAKE2S_X25519_E1S1_T600B10P8 = uint16(0x1131) BLAKE2B_X25519_E1S1_T600B10P8 = uint16(0x1143) SHA512_X25519_E1S2_T600B10P8 = uint16(0x1211) SHA512_256_X25519_E1S2_T600B10P8 = uint16(0x1221) BLAKE2S_X25519_E1S2_T600B10P8 = uint16(0x1231) BLAKE2B_X25519_E1S2_T600B10P8 = uint16(0x1241) SHA512_X25519_E2S2_T600B10P8 = uint16(0x1311) SHA512_256_X25519_E2S2_T600B10P8 = uint16(0x1321) BLAKE2S_X25519_E2S2_T600B10P8 = uint16(0x1331) BLAKE2B_X25519_E2S2_T600B10P8 = uint16(0x1341) SHA512_X25519_E1S1_T600B32P9 = uint16(0x2111) SHA512_256_X25519_E1S1_T600B32P9 = uint16(0x2121) BLAKE2S_X25519_E1S1_T600B32P9 = uint16(0x2131) BLAKE2B_X25519_E1S1_T600B32P9 = uint16(0x2141) SHA512_X25519_E1S2_T600B32P9 = uint16(0x2211) SHA512_256_X25519_E1S2_T600B32P9 = uint16(0x2221) BLAKE2S_X25519_E1S2_T600B32P9 = uint16(0x2231) BLAKE2B_X25519_E1S2_T600B32P9 = uint16(0x2241) SHA512_X25519_E2S2_T600B32P9 = uint16(0x2311) SHA512_256_X25519_E2S2_T600B32P9 = uint16(0x2321) BLAKE2S_X25519_E2S2_T600B32P9 = uint16(0x2331) BLAKE2B_X25519_E2S2_T600B32P9 = uint16(0x2341) SHA512_X25519_E1S1_T1024B256P33 = uint16(0x3111) SHA512_256_X25519_E1S1_T1024B256P33 = uint16(0x3121) BLAKE2S_X25519_E1S1_T1024B256P33 = uint16(0x3131) BLAKE2B_X25519_E1S1_T1024B256P33 = uint16(0x3141) SHA512_X25519_E1S2_T1024B256P33 = uint16(0x3211) SHA512_256_X25519_E1S2_T1024B256P33 = uint16(0x3221) BLAKE2S_X25519_E1S2_T1024B256P33 = uint16(0x3231) BLAKE2B_X25519_E1S2_T1024B256P33 = uint16(0x3241) SHA512_X25519_E2S2_T1024B256P33 = uint16(0x3311) SHA512_256_X25519_E2S2_T1024B256P33 = uint16(0x3321) BLAKE2S_X25519_E2S2_T1024B256P33 = uint16(0x3331) BLAKE2B_X25519_E2S2_T1024B256P33 = uint16(0x3341) )
const (
// All package errors are wrapping Error
Error = errorFlag("ephemsec: error")
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alphabet ¶
type Alphabet string
Alphabet defines a mapping in between unicode characters and bytes. Alphabet are used to convert OTP to text.
func (Alphabet) Decode ¶
Decode returns the digits decoded from otp Alphabet characters. It errors if less than size digits were recovered or if otp contains non valid Alphabet characters.
Decoded digits are appended to the dst buffer. Decode allocates storage if dst capacity is not sufficient to hold decoded digits.
Decode ignores sep and ' ' characters present in otp string. When Decode encounters a a character not present in the Alphabet, it retries decoding it toggling its case.
func (Alphabet) Format ¶
Format transforms digits into text. It errors if digits contains values not compatible with the Alphabet size.
The group parameter allows controlling the insertion of the separator sep. sep is added after group consecutive characters. sep insertion is disabled by setting group to 0.
type Scheme ¶ added in v0.3.10
type Scheme struct {
// contains filtered or unexported fields
}
Scheme holds configuration parameters for OTP/OTK generation.
func GetScheme ¶ added in v0.3.2
GetScheme returns the EPHEMSEC scheme that corresponds to code. It errors if no scheme corresponds to code.
func NewScheme ¶
NewScheme parses the name string to extract Scheme fields values. It errors if name can not be parsed or if the constructed Scheme is invalid.
Scheme name have the following form
Kerpass_SHA512/256_X25519_E1S2_T400B32P8
1st subgroup (eg SHA512/256) is the name of the Scheme Hash function
2nd subgroup (eg X25519) is the name of the Scheme Diffie-Hellmann function
3rd subgroup (eg E1S2) details Diffie-Hellmann key exchange requirements,
E is the number of ephemeral keys and S the number of static keys
4th subgroup (eg T400) is the size of the OTP/OTK validation time window in seconds
5th subgroup (eg B32) is the OTP encoding alphabet
6th subgroup (eg P8) is the number of digits of the generated OTP/OTK
including Scheme synchronization digits
func (Scheme) KeyExchangePattern ¶ added in v0.3.10
KeyExchangePattern returns the Scheme Key Exchange pattern. Possible values are E1S1, E1S2 & E2S2.
func (Scheme) NewOTP ¶ added in v0.3.10
NewOTP interprets src as a Uint64 integer and returns an OTP which digits encode the src integer in the Scheme base eb.
func (Scheme) SyncTime ¶ added in v0.3.10
SyncTime returns the pseudo time which is the closest from Time(t) having a synchronization hint that matches sync. It errors if the sync parameter is invalid.
type State ¶
type State struct {
// Context is application defined
Context []byte
// Nonce is generated by the initiator
Nonce []byte
// Unix timestamp
// if zero, system Unix time is used
Time int64
// SynchroHint is generated by the responder
SynchroHint int
// Message is optional
// An OTP/OTK can be generated to show that the message was reviewed/accepted
Message []byte
// local ephemeral key
EphemKey *ecdh.PrivateKey
// local static key
StaticKey *ecdh.PrivateKey
// remote ephemeral key
RemoteEphemKey *ecdh.PublicKey
// remote static key
RemoteStaticKey *ecdh.PublicKey
// psk credential
Psk []byte
// contains filtered or unexported fields
}
type TestVector ¶
type TestVector struct {
SchemeName string `json:"scheme"`
Context utils.HexBinary `json:"context"`
Psk utils.HexBinary `json:"psk"`
Otp string `json:"otp"`
InitiatorNonce utils.HexBinary `json:"init_nonce"`
InitiatorTime int64 `json:"init_time"`
InitiatorStaticKey utils.HexBinary `json:"init_static_key"`
InitiatorEphemKey utils.HexBinary `json:"init_ephemeral_key"`
InitiatorRemoteStaticKey utils.HexBinary `json:"init_remote_static_key"`
InitiatorRemoteEphemKey utils.HexBinary `json:"init_remote_ephemeral_key"`
ResponderTime int64 `json:"resp_time"`
ResponderSynchroHint int `json:"resp_synchro_hint"`
ResponderStaticKey utils.HexBinary `json:"resp_static_key"`
ResponderEphemKey utils.HexBinary `json:"resp_ephemeral_key"`
ResponderRemoteStaticKey utils.HexBinary `json:"resp_remote_static_key"`
ResponderRemoteEphemKey utils.HexBinary `json:"resp_remote_ephemeral_key"`
HkdfSalt utils.HexBinary `json:"hkdf_salt"`
HkdfInfo utils.HexBinary `json:"hkdf_info"`
HkdfSecret utils.HexBinary `json:"hkdf_secret"`
}
TestVector holds KerPass EPHEMSEC test vector fields.
func LoadTestVectors ¶
func LoadTestVectors(srcpath string) ([]TestVector, error)
LoadTestVector loads test vectors from json file at srcpath.