mirror of https://github.com/schollz/croc.git
add age encryption
This commit is contained in:
parent
b90f9329ca
commit
9db87434a7
1
go.mod
1
go.mod
|
@ -3,6 +3,7 @@ module github.com/schollz/croc/v9
|
|||
go 1.13
|
||||
|
||||
require (
|
||||
filippo.io/age v1.0.0-rc.1 // indirect
|
||||
github.com/OneOfOne/xxhash v1.2.5 // indirect
|
||||
github.com/cespare/xxhash v1.1.0
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
|
||||
|
|
3
go.sum
3
go.sum
|
@ -1,3 +1,5 @@
|
|||
filippo.io/age v1.0.0-rc.1 h1:jQ+dz16Xxx3W/WY+YS0J96nVAAidLHO3kfQe0eOmKgI=
|
||||
filippo.io/age v1.0.0-rc.1/go.mod h1:Vvd9IlwNo4Au31iqNZeZVnYtGcOf/wT4mtvZQ2ODlSk=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
||||
github.com/OneOfOne/xxhash v1.2.5 h1:zl/OfRA6nftbBK9qTohYBJ5xvw6C/oNKizR7cZGl3cI=
|
||||
|
@ -61,6 +63,7 @@ github.com/tscholl2/siec v0.0.0-20191122224205-8da93652b094/go.mod h1:KL9+ubr1JZ
|
|||
github.com/twmb/murmur3 v1.1.5 h1:i9OLS9fkuLzBXjt6dptlAEyk58fJsSTXbRg3SgVyqgk=
|
||||
github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc h1:+q90ECDSAQirdykUN6sPEiBXBsp8Csjcca8Oy7bgLTA=
|
||||
golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
|
|
|
@ -1,13 +1,16 @@
|
|||
package crypt
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
|
||||
"filippo.io/age"
|
||||
"golang.org/x/crypto/argon2"
|
||||
"golang.org/x/crypto/chacha20poly1305"
|
||||
"golang.org/x/crypto/pbkdf2"
|
||||
|
@ -73,6 +76,60 @@ func Decrypt(encrypted []byte, key []byte) (plaintext []byte, err error) {
|
|||
return
|
||||
}
|
||||
|
||||
func NewAge() (pubkey string, privkey string, err error) {
|
||||
identity, err := age.GenerateX25519Identity()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
pubkey = identity.Recipient().String()
|
||||
privkey = identity.String()
|
||||
return
|
||||
}
|
||||
|
||||
func EncryptAge(pubkey string, data []byte) (encrypted []byte, err error) {
|
||||
recipient, err := age.ParseX25519Recipient(pubkey)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
out := &bytes.Buffer{}
|
||||
w, err := age.Encrypt(out, recipient)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
_, err = w.Write(data)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
err = w.Close()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
encrypted = out.Bytes()
|
||||
return
|
||||
}
|
||||
|
||||
func DecryptAge(privkey string, encrypted []byte) (data []byte, err error) {
|
||||
identity, err := age.ParseX25519Identity(privkey)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
r, err := age.Decrypt(bytes.NewReader(encrypted), identity)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
out := &bytes.Buffer{}
|
||||
_, err = io.Copy(out, r)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
data = out.Bytes()
|
||||
return
|
||||
}
|
||||
|
||||
// NewArgon2 generates a new key based on a passphrase and salt
|
||||
// using argon2
|
||||
// https://pkg.go.dev/golang.org/x/crypto/argon2
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
log "github.com/schollz/logger"
|
||||
"github.com/schollz/pake/v3"
|
||||
|
||||
"filippo.io/age"
|
||||
"github.com/schollz/croc/v9/src/comm"
|
||||
"github.com/schollz/croc/v9/src/crypt"
|
||||
"github.com/schollz/croc/v9/src/models"
|
||||
|
@ -18,6 +19,8 @@ import (
|
|||
|
||||
type server struct {
|
||||
port string
|
||||
privateKey string
|
||||
publicKey string
|
||||
debugLevel string
|
||||
banner string
|
||||
password string
|
||||
|
@ -151,6 +154,13 @@ func (s *server) run() (err error) {
|
|||
var weakKey = []byte{1, 2, 3}
|
||||
|
||||
func (s *server) clientCommunication(port string, c *comm.Comm) (room string, err error) {
|
||||
identity, err := age.GenerateX25519Identity()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
// send public key for encryption
|
||||
c.Send([]byte(identity.Recipient().String()))
|
||||
|
||||
// establish secure password with PAKE for communication with relay
|
||||
B, err := pake.InitCurve(weakKey, 1, "siec")
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue