README
¶
excrypto
excrypto offers specialized versions of the Go crypto, TLS, x509, and SSH packages designed for security research.
excrypto is written in Go and is based on Google's Go crypto source code, Google's Go x/crypto library, and the ZCrypto project.
Security
- excrypto is intended to support security research and does not make any guarantees on confidentiality, integrity, or availability.
- excrypto should not be used to implement authentication or to transfer sensitive information over untrusted networks.
- excrypto may have more bugs, including security vulnerabiltiies, compared to the Go source code itself.
If you find an unintentional security issue with the excrypto software, please contact us via security[at]runzero.com.
Components
crypto/tls
The crypto/tls package is a drop-in replacement for the Go standard crypto/tls library, with noteable differences:
- This package supports TLS 1.0 through TLS 1.3 and is based on a modern (1.23+) version of Go.
- This package exposes a handshake log (via ZCrypto) that can be used to inspect the TLS communication.
- Obsolete signature methods are supported (MD5, SHA-1).
The crypto/ssl3/tls package is a drop-in replacement for the Go standard crypto/tls library, with noteable differences:
- This package supports SSL 3.0 through TLS 1.2 and is based on the main branch of ZCrypto.
- This package exposes a handshake log (via ZCrypto) that can be used to inspect the TLS communication.
crypto/tls/x509
The crypto/tls/x509 package is a mostly-compatible replacement for the Go standard crypto/tls/x509 library, with noteable differences:
- The
Verify()function is derived from ZCrypto and returns 3 sets of certificates along with an error (current, expired, never). - The certificate parser is derived from ZCrypto and returns extensive data in new Certificate struct fields.
crypto/tls/x509/ct
The crypto/tls/x509/ct package is a ZCrypto-based fork of the Google Certificate Transparency library.
encoding/asn1
The encoding/asn1 package is derived from ZCrypto and allows permissive processing of ASN.1 sequences.
x/crypto
The x/crypto package is a drop-in replacement for the Go standard x/crypto library, with noteable differences.
- This package includes new functions and structs to support SSH research.
zcrypto/ct
A fork of the Google Certificate Transparency Golang library, designed to play nice with ZCrypto.
Documentation
Documentation uses Godoc. See https://godoc.org/github.com/runZeroInc/excrypto/
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package crypto collects common cryptographic constants.
|
Package crypto collects common cryptographic constants. |
|
aes
Package aes implements AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
|
Package aes implements AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197. |
|
cipher
Package cipher implements standard block cipher modes that can be wrapped around low-level block cipher implementations.
|
Package cipher implements standard block cipher modes that can be wrapped around low-level block cipher implementations. |
|
des
Package des implements the Data Encryption Standard (DES) and the Triple Data Encryption Algorithm (TDEA) as defined in U.S. Federal Information Processing Standards Publication 46-3.
|
Package des implements the Data Encryption Standard (DES) and the Triple Data Encryption Algorithm (TDEA) as defined in U.S. Federal Information Processing Standards Publication 46-3. |
|
dsa
Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3.
|
Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3. |
|
dsa/dsa
Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3.
|
Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3. |
|
ecdh
Package ecdh implements Elliptic Curve Diffie-Hellman over NIST curves and Curve25519.
|
Package ecdh implements Elliptic Curve Diffie-Hellman over NIST curves and Curve25519. |
|
ecdsa
Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as defined in FIPS 186-4 and SEC 1, Version 2.0.
|
Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as defined in FIPS 186-4 and SEC 1, Version 2.0. |
|
ed25519
Package ed25519 implements the Ed25519 signature algorithm.
|
Package ed25519 implements the Ed25519 signature algorithm. |
|
elliptic
Package elliptic implements the standard NIST P-224, P-256, P-384, and P-521 elliptic curves over prime fields.
|
Package elliptic implements the standard NIST P-224, P-256, P-384, and P-521 elliptic curves over prime fields. |
|
hmac
Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as defined in U.S. Federal Information Processing Standards Publication 198.
|
Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as defined in U.S. Federal Information Processing Standards Publication 198. |
|
internal/alias
Package alias implements memory aliasing tests.
|
Package alias implements memory aliasing tests. |
|
internal/boring
Package boring provides access to BoringCrypto implementation functions.
|
Package boring provides access to BoringCrypto implementation functions. |
|
internal/boring/sig
Package sig holds “code signatures” that can be called and will result in certain code sequences being linked into the final binary.
|
Package sig holds “code signatures” that can be called and will result in certain code sequences being linked into the final binary. |
|
internal/edwards25519
Package edwards25519 implements group logic for the twisted Edwards curve
|
Package edwards25519 implements group logic for the twisted Edwards curve |
|
internal/edwards25519/field
Package field implements fast arithmetic modulo 2^255-19.
|
Package field implements fast arithmetic modulo 2^255-19. |
|
internal/mlkem768
Package mlkem768 implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber).
|
Package mlkem768 implements the quantum-resistant key encapsulation method ML-KEM (formerly known as Kyber). |
|
internal/nistec
Package nistec implements the NIST P elliptic curves from FIPS 186-4.
|
Package nistec implements the NIST P elliptic curves from FIPS 186-4. |
|
internal/randutil
Package randutil contains internal randomness utilities for various crypto packages.
|
Package randutil contains internal randomness utilities for various crypto packages. |
|
md5
Package md5 implements the MD5 hash algorithm as defined in RFC 1321.
|
Package md5 implements the MD5 hash algorithm as defined in RFC 1321. |
|
rc4
Package rc4 implements RC4 encryption, as defined in Bruce Schneier's Applied Cryptography.
|
Package rc4 implements RC4 encryption, as defined in Bruce Schneier's Applied Cryptography. |
|
rsa
Package rsa implements RSA encryption as specified in PKCS #1 and RFC 8017.
|
Package rsa implements RSA encryption as specified in PKCS #1 and RFC 8017. |
|
sha1
Package sha1 implements the SHA-1 hash algorithm as defined in RFC 3174.
|
Package sha1 implements the SHA-1 hash algorithm as defined in RFC 3174. |
|
sha256
Package sha256 implements the SHA224 and SHA256 hash algorithms as defined in FIPS 180-4.
|
Package sha256 implements the SHA224 and SHA256 hash algorithms as defined in FIPS 180-4. |
|
sha512
Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4.
|
Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256 hash algorithms as defined in FIPS 180-4. |
|
ssl3
ZCrypto is a research and data collection cryptography library, designed to be used for measuring and analyzing cryptographic deployments on the Internet.
|
ZCrypto is a research and data collection cryptography library, designed to be used for measuring and analyzing cryptographic deployments on the Internet. |
|
ssl3/cryptobyte
Package cryptobyte contains types that help with parsing and constructing length-prefixed, binary messages, including ASN.1 DER.
|
Package cryptobyte contains types that help with parsing and constructing length-prefixed, binary messages, including ASN.1 DER. |
|
ssl3/cryptobyte/asn1
Package asn1 contains supporting types for parsing and building ASN.1 messages with the cryptobyte package.
|
Package asn1 contains supporting types for parsing and building ASN.1 messages with the cryptobyte package. |
|
ssl3/tls
Package tls partially implements TLS 1.2, as specified in RFC 5246.
|
Package tls partially implements TLS 1.2, as specified in RFC 5246. |
|
subtle
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly.
|
Package subtle implements functions that are often useful in cryptographic code but require careful thought to use correctly. |
|
tls
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
|
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446. |
|
x509
Package x509 implements a subset of the X.509 standard.
|
Package x509 implements a subset of the X.509 standard. |
|
x509/pkix
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.
|
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP. |
|
x509/revocation/ocsp
Package ocsp parses OCSP responses as specified in RFC 2560.
|
Package ocsp parses OCSP responses as specified in RFC 2560. |
|
x509/zintermediate
command
ZIntermediate is a command line utility for verifying a set prospective intermediate certificates against a root store.
|
ZIntermediate is a command line utility for verifying a set prospective intermediate certificates against a root store. |
|
Package encoding defines interfaces shared by other packages that convert data to and from byte-level and textual representations.
|
Package encoding defines interfaces shared by other packages that convert data to and from byte-level and textual representations. |
|
asn1
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690.
|
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690. |
|
internal
|
|
|
bisect
Package bisect can be used by compilers and other programs to serve as a target for the bisect debugging tool.
|
Package bisect can be used by compilers and other programs to serve as a target for the bisect debugging tool. |
|
byteorder
Package byteorder provides functions for decoding and encoding little and big endian integer types from/to byte slices.
|
Package byteorder provides functions for decoding and encoding little and big endian integer types from/to byte slices. |
|
cfg
Package cfg holds configuration shared by the Go command and internal/testenv.
|
Package cfg holds configuration shared by the Go command and internal/testenv. |
|
cpu
Package cpu implements processor feature detection used by the Go standard library.
|
Package cpu implements processor feature detection used by the Go standard library. |
|
goarch
package goarch contains GOARCH-specific constants.
|
package goarch contains GOARCH-specific constants. |
|
godebug
Package godebug makes the settings in the $GODEBUG environment variable available to other packages.
|
Package godebug makes the settings in the $GODEBUG environment variable available to other packages. |
|
godebugs
Package godebugs provides a table of known GODEBUG settings, for use by a variety of other packages, including internal/godebug, runtime, runtime/metrics, and cmd/go/internal/load.
|
Package godebugs provides a table of known GODEBUG settings, for use by a variety of other packages, including internal/godebug, runtime, runtime/metrics, and cmd/go/internal/load. |
|
nettrace
Package nettrace contains internal hooks for tracing activity in the net package.
|
Package nettrace contains internal hooks for tracing activity in the net package. |
|
testenv
Package testenv provides information about what functionality is available in different testing environments run by the Go team.
|
Package testenv provides information about what functionality is available in different testing environments run by the Go team. |
|
x
|
|
|
crypto/argon2
Package argon2 implements the key derivation function Argon2.
|
Package argon2 implements the key derivation function Argon2. |
|
crypto/bcrypt
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
|
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm. |
|
crypto/blake2b
Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xb.
|
Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xb. |
|
crypto/blake2s
Package blake2s implements the BLAKE2s hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xs.
|
Package blake2s implements the BLAKE2s hash algorithm defined by RFC 7693 and the extendable output function (XOF) BLAKE2Xs. |
|
crypto/blowfish
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
|
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm. |
|
crypto/bn256
Package bn256 implements a particular bilinear group.
|
Package bn256 implements a particular bilinear group. |
|
crypto/cast5
Package cast5 implements CAST5, as defined in RFC 2144.
|
Package cast5 implements CAST5, as defined in RFC 2144. |
|
crypto/chacha20
Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
|
Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01. |
|
crypto/chacha20poly1305
Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
|
Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01. |
|
crypto/cryptobyte
Package cryptobyte contains types that help with parsing and constructing length-prefixed, binary messages, including ASN.1 DER.
|
Package cryptobyte contains types that help with parsing and constructing length-prefixed, binary messages, including ASN.1 DER. |
|
crypto/cryptobyte/asn1
Package asn1 contains supporting types for parsing and building ASN.1 messages with the cryptobyte package.
|
Package asn1 contains supporting types for parsing and building ASN.1 messages with the cryptobyte package. |
|
crypto/curve25519
Package curve25519 provides an implementation of the X25519 function, which performs scalar multiplication on the elliptic curve known as Curve25519.
|
Package curve25519 provides an implementation of the X25519 function, which performs scalar multiplication on the elliptic curve known as Curve25519. |
|
crypto/ed25519
Package ed25519 implements the Ed25519 signature algorithm.
|
Package ed25519 implements the Ed25519 signature algorithm. |
|
crypto/hkdf
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869.
|
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. |
|
crypto/internal/alias
Package alias implements memory aliasing tests.
|
Package alias implements memory aliasing tests. |
|
crypto/internal/poly1305
Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
|
Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf. |
|
crypto/internal/wycheproof/internal/dsa
Package dsa provides an internal version of dsa.Verify that is used for the Wycheproof tests.
|
Package dsa provides an internal version of dsa.Verify that is used for the Wycheproof tests. |
|
crypto/md4
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
|
Package md4 implements the MD4 hash algorithm as defined in RFC 1320. |
|
crypto/nacl/auth
Package auth authenticates a message using a secret key.
|
Package auth authenticates a message using a secret key. |
|
crypto/nacl/box
Package box authenticates and encrypts small messages using public-key cryptography.
|
Package box authenticates and encrypts small messages using public-key cryptography. |
|
crypto/nacl/secretbox
Package secretbox encrypts and authenticates small messages.
|
Package secretbox encrypts and authenticates small messages. |
|
crypto/nacl/sign
Package sign signs small messages using public-key cryptography.
|
Package sign signs small messages using public-key cryptography. |
|
crypto/ocsp
Package ocsp parses OCSP responses as specified in RFC 2560.
|
Package ocsp parses OCSP responses as specified in RFC 2560. |
|
crypto/openpgp
Package openpgp implements high level operations on OpenPGP messages.
|
Package openpgp implements high level operations on OpenPGP messages. |
|
crypto/openpgp/armor
Package armor implements OpenPGP ASCII Armor, see RFC 4880.
|
Package armor implements OpenPGP ASCII Armor, see RFC 4880. |
|
crypto/openpgp/clearsign
Package clearsign generates and processes OpenPGP, clear-signed data.
|
Package clearsign generates and processes OpenPGP, clear-signed data. |
|
crypto/openpgp/elgamal
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
|
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v. |
|
crypto/openpgp/errors
Package errors contains common error types for the OpenPGP packages.
|
Package errors contains common error types for the OpenPGP packages. |
|
crypto/openpgp/packet
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
|
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880. |
|
crypto/openpgp/s2k
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
|
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1. |
|
crypto/otr
Package otr implements the Off The Record protocol as specified in http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
|
Package otr implements the Off The Record protocol as specified in http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html |
|
crypto/pbkdf2
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
|
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0. |
|
crypto/pkcs12
Package pkcs12 implements some of PKCS#12.
|
Package pkcs12 implements some of PKCS#12. |
|
crypto/pkcs12/internal/rc2
Package rc2 implements the RC2 cipher
|
Package rc2 implements the RC2 cipher |
|
crypto/poly1305
Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
|
Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf. |
|
crypto/ripemd160
Package ripemd160 implements the RIPEMD-160 hash algorithm.
|
Package ripemd160 implements the RIPEMD-160 hash algorithm. |
|
crypto/salsa20
Package salsa20 implements the Salsa20 stream cipher as specified in https://cr.yp.to/snuffle/spec.pdf.
|
Package salsa20 implements the Salsa20 stream cipher as specified in https://cr.yp.to/snuffle/spec.pdf. |
|
crypto/salsa20/salsa
Package salsa provides low-level access to functions in the Salsa family.
|
Package salsa provides low-level access to functions in the Salsa family. |
|
crypto/scrypt
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf).
|
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf). |
|
crypto/sha3
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202.
|
Package sha3 implements the SHA-3 fixed-output-length hash functions and the SHAKE variable-output-length hash functions defined by FIPS-202. |
|
crypto/ssh
Package ssh implements an SSH client and server.
|
Package ssh implements an SSH client and server. |
|
crypto/ssh/agent
Package agent implements the ssh-agent protocol, and provides both a client and a server.
|
Package agent implements the ssh-agent protocol, and provides both a client and a server. |
|
crypto/ssh/internal/bcrypt_pbkdf
Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
|
Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD. |
|
crypto/ssh/knownhosts
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
|
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files. |
|
crypto/ssh/terminal
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
|
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems. |
|
crypto/ssh/test
Package test contains integration tests for the github.com/runZeroInc/excrypto/x/crypto/ssh package.
|
Package test contains integration tests for the github.com/runZeroInc/excrypto/x/crypto/ssh package. |
|
crypto/tea
Package tea implements the TEA algorithm, as defined in Needham and Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”.
|
Package tea implements the TEA algorithm, as defined in Needham and Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”. |
|
crypto/twofish
Package twofish implements Bruce Schneier's Twofish encryption algorithm.
|
Package twofish implements Bruce Schneier's Twofish encryption algorithm. |
|
crypto/x509roots/nss
Package nss provides functionality for parsing NSS certdata.txt formatted certificate lists and extracting serverAuth roots.
|
Package nss provides functionality for parsing NSS certdata.txt formatted certificate lists and extracting serverAuth roots. |
|
crypto/xtea
Package xtea implements XTEA encryption, as defined in Needham and Wheeler's 1997 technical report, "Tea extensions."
|
Package xtea implements XTEA encryption, as defined in Needham and Wheeler's 1997 technical report, "Tea extensions." |
|
crypto/xts
Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.
|
Package xts implements the XTS cipher mode as specified in IEEE P1619/D16. |
Click to show internal directories.
Click to hide internal directories.