security

package

v0.4.2 Latest Latest Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pme-sh/pmesh

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateKey(secret string, salt string, n int) []byte
func GenerateKeyRaw(secret string, salt []byte, n int) []byte
func GetClientAuthOracle(secret string) string
func GetSecretCNSuffix(secret string) string
func GetSecretHash(secret string) string
func ValidateCertWithSecret(secret string, cert *Certificate, hosts []string) error
type Certificate
type CipherCPRNG
- func NewCipherCprng(key []byte) (c *CipherCPRNG)
- func (c *CipherCPRNG) Associate(data []byte)
- func (c *CipherCPRNG) Read(out []byte) (n int, err error)
type MutualAuthenticator
- func CreateMutualAuthenticator(secret string, protocols ...string) (m MutualAuthenticator)
- func (m MutualAuthenticator) GetConfigForClient(chi *tls.ClientHelloInfo) (*tls.Config, error)
- func (m MutualAuthenticator) WrapServer(tcfg *tls.Config) *tls.Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateKey ¶

func GenerateKey(secret string, salt string, n int) []byte

func GenerateKeyRaw ¶

func GenerateKeyRaw(secret string, salt []byte, n int) []byte

func GetClientAuthOracle ¶

func GetClientAuthOracle(secret string) string

Gets the protocol name used as an oracle to verify client knowledge before allowing a connection to be established with the internal SNI.

func GetSecretCNSuffix ¶

func GetSecretCNSuffix(secret string) string

func GetSecretHash ¶

func GetSecretHash(secret string) string

func ValidateCertWithSecret ¶

func ValidateCertWithSecret(secret string, cert *Certificate, hosts []string) error

Types ¶

type Certificate ¶

type Certificate struct {
	CertPEM    []byte
	KeyPEM     []byte
	TLS        *tls.Certificate
	X509       *x509.Certificate
	PrivateKey any
}

func GenerateCertWithSecret ¶

func GenerateCertWithSecret(secret string, hosts []string) (cert *Certificate, err error)

func GetSelfSignedClientCA ¶

func GetSelfSignedClientCA(secret string) (cert *Certificate)

GetSelfSignedClientCA returns the self-signed client certificate authority.

func GetSelfSignedRootCA ¶

func GetSelfSignedRootCA(secret string) (cert *Certificate)

GetSelfSignedRootCA returns the self-signed root certificate.

func LoadCertificate ¶

func LoadCertificate(certPath, keyPath string) (cert *Certificate, err error)

Loads a certificate from the given paths.

func NewSelfSignedRootCA ¶

func NewSelfSignedRootCA(secret []byte, cn string) (cert *Certificate, err error)

Generates new root certificate given a secret and common name.

func ObtainCertificate ¶

func ObtainCertificate(secret string, hosts ...string) (cert *Certificate)

ObtainCertificate returns a certificate for the given hosts signed by the root CA.

func (*Certificate) InstallRoot ¶

func (c *Certificate) InstallRoot() error

Installs the certificate into the system root CA store.

func (*Certificate) IsSelfsigned ¶

func (c *Certificate) IsSelfsigned() (bool, error)

Returns true if the certificate is self-signed.

func (*Certificate) IssueCertificate ¶

func (parent *Certificate) IssueCertificate(cn string, hosts ...string) (cert *Certificate, err error)

Issues a certificate signed by us that is valid for the given hosts.

func (*Certificate) Save ¶

func (c *Certificate) Save(certPath, keyPath string) error

Writes the certificate and key to the given paths.

func (*Certificate) ToCertPool ¶

func (c *Certificate) ToCertPool() (pool *x509.CertPool)

Returns a cert pool with only this certificate.

func (*Certificate) Verify ¶

func (c *Certificate) Verify() error

Returns an error if the certificate is not trusted by the system.

type CipherCPRNG ¶

type CipherCPRNG struct {
	// contains filtered or unexported fields
}

func NewCipherCprng ¶

func NewCipherCprng(key []byte) (c *CipherCPRNG)

NewCipherCprng creates a new cryptographically secure random number generator

func (*CipherCPRNG) Associate ¶

func (c *CipherCPRNG) Associate(data []byte)

Associate adds data to the CPRNG's state.

func (*CipherCPRNG) Read ¶

func (c *CipherCPRNG) Read(out []byte) (n int, err error)

Read fills the given buffer with cryptographically secure random data

type MutualAuthenticator ¶

type MutualAuthenticator struct {
	Client *tls.Config
	Server *tls.Config
	Oracle string
}

func CreateMutualAuthenticator ¶

func CreateMutualAuthenticator(secret string, protocols ...string) (m MutualAuthenticator)

Creates a TLS config for a client and server that uses mutual authentication.

func (MutualAuthenticator) GetConfigForClient ¶

func (m MutualAuthenticator) GetConfigForClient(chi *tls.ClientHelloInfo) (*tls.Config, error)

func (MutualAuthenticator) WrapServer ¶

func (m MutualAuthenticator) WrapServer(tcfg *tls.Config) *tls.Config

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL