crypto

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 26, 2026 License: BSD-3-Clause Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DEFAULT_PKCS11_LIB_PATH = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
)

Variables

View Source
var (
	// Table for ASCII alphanumeric runes
	TableAlphanumASCII = unicode.RangeTable{
		R16: []unicode.Range16{
			{Lo: '0', Hi: '9', Stride: 1},
			{Lo: 'a', Hi: 'z', Stride: 1},
			{Lo: 'A', Hi: 'Z', Stride: 1},
		},
	}
	// Table for ASCII alphanumeric and symbols runes
	TableAlphanumSymASCII = unicode.RangeTable{
		R16: append([]unicode.Range16{
			{Lo: '!', Hi: '/', Stride: 1},
		}, TableAlphanumASCII.R16...),
	}

	ErrBadLength        = errors.New("bad password length")
	ErrBadCharsetLength = errors.New("bad charset size")
)
View Source
var (
	ErrPKCS11BadLib         = errors.New("failed to load pkcs11 library")
	ErrPKCS11InitFailed     = errors.New("could not initialize pkcs11")
	ErrPKCS11NoSlot         = errors.New("no pkcs11 slot w/ present tokens found")
	ErrPKCS11SessionFailed  = errors.New("could not establish a session with token")
	ErrPKCS11LoginFailed    = errors.New("could not login into the token")
	ErrPKCS11NoMatchingAttr = errors.New("no matching attribute found")
)
View Source
var (
	ErrBadRecipient = errors.New("could not parse raw recipient")
)

Functions

func Encrypt

func Encrypt(recipients []string, dst io.WriteCloser) (e io.WriteCloser, err error)

Encrypts the plain text for all given recipients.

func EncryptForAll

func EncryptForAll(store string, dst io.WriteCloser) (e io.WriteCloser, err error)

Encrypts for all recipients in store.

func EstimateEntropy

func EstimateEntropy(length int, charset []rune) (entropy int)

Optimistically estimates the entropy of a password from given charset and with the given length.

func GenPass

func GenPass(length int, charset []rune) (pass io.Reader, err error)

Generates a password of given length from runes in the charset.

func SecretToIdentity

func SecretToIdentity(secret []byte) (age.Identity, error)

Creates an age.Identity from an HMAC secret.

func SpanTable

func SpanTable(table *unicode.RangeTable) (res []rune)

Creates a slice of runes described by the given table.

Types

type P256TagIdentity

type P256TagIdentity struct {
	// contains filtered or unexported fields
}

An age.Identity for hardware P256 keys over PKCS#11.

func NewP256TagIdentity

func NewP256TagIdentity(p *PKCS11) *P256TagIdentity

Creates a new PKCS#11 p256 identity.

func (*P256TagIdentity) Unwrap

func (id *P256TagIdentity) Unwrap(stanzas []*age.Stanza) (fileKey []byte, err error)

Unwraps the file key.

type PKCS11

type PKCS11 struct {
	Library string
	// contains filtered or unexported fields
}

Convenient wrapper struct for pkcs11

func NewPKS11

func NewPKS11(lib, pin string) (p *PKCS11, err error)

Initiates pkcs11, creates a session and logs into the token at first slot.

func (*PKCS11) Close

func (p *PKCS11) Close() error

Closes the active session

func (*PKCS11) GetFirstECKeyPair

func (p *PKCS11) GetFirstECKeyPair() (cert *x509.Certificate, pubKey *ecdsa.PublicKey, privHandle *pkcs11.ObjectHandle, err error)

Return certificate and handle to the private key of the first found EC key pair.

func (*PKCS11) PKCS11FindECKeypairID

func (p *PKCS11) PKCS11FindECKeypairID() (id []byte, err error)

Finds the ID (CKA_ID) of the first EC key pair found on the token.

Note: if using a PIV smart card, ID does not correspond to PIV slots. Check your card specifications for more information (e.g., see Yubikey mapping)

type PKCS11KeyExchanger

type PKCS11KeyExchanger struct {
	// contains filtered or unexported fields
}

func NewPKCS11KeyExchanger

func NewPKCS11KeyExchanger(p *PKCS11) (ke *PKCS11KeyExchanger, err error)

Creates a new KeyExchanger backed by the provided PKCS11 instance. The instances must be initialized and logged in.

See also ecdh.KeyExchanger.

func (*PKCS11KeyExchanger) Curve

func (ke *PKCS11KeyExchanger) Curve() ecdh.Curve

func (*PKCS11KeyExchanger) ECDH

func (ke *PKCS11KeyExchanger) ECDH(pk *ecdh.PublicKey) ([]byte, error)

func (*PKCS11KeyExchanger) PublicKey

func (ke *PKCS11KeyExchanger) PublicKey() *ecdh.PublicKey

func (*PKCS11KeyExchanger) Tag

func (ke *PKCS11KeyExchanger) Tag(enc []byte) ([]byte, error)

Calculates tag for the given enc and pubkey.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL