Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Gunosy.go #2 "crypto"

Gunosy.go #2 "crypto"

Masakazu Ishibashi

June 18, 2014
Tweet

More Decks by Masakazu Ishibashi

Other Decks in Programming

Transcript

  1. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ѹ౗త αϒύοέʔδ਺
  2. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ڞ௨伴҉߸
  3. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ެ։伴҉߸
  4. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ϋογϡ
  5. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ཚ਺
  6. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix tlsͱ͔x509ͱ͔
  7. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ఆ਺ͳͲ
  8. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ڞ௨伴҉߸
  9. ڞ௨伴҉߸ func NewCipher(key []byte) (cipher.Block, error) type KeySizeError func (k

    KeySizeError) Error() string crypto/aes crypto/des func NewCipher(key []byte) (cipher.Block, error) func NewTripleDESCipher(key []byte) (cipher.Block, error) type KeySizeError func (k KeySizeError) Error() string
  10. ڞ௨伴҉߸ crypto/cipher type AEAD func NewGCM(cipher Block) (AEAD, error) type

    Block type BlockMode func NewCBCDecrypter(b Block, iv []byte) BlockMode func NewCBCEncrypter(b Block, iv []byte) BlockMode type Stream func NewCFBDecrypter(block Block, iv []byte) Stream func NewCFBEncrypter(block Block, iv []byte) Stream func NewCTR(block Block, iv []byte) Stream func NewOFB(b Block, iv []byte) Stream type StreamReader func (r StreamReader) Read(dst []byte) (n int, err error) type StreamWriter func (w StreamWriter) Close() error func (w StreamWriter) Write(src []byte) (n int, err error)
  11. ڞ௨伴҉߸ crypto/cipher type AEAD func NewGCM(cipher Block) (AEAD, error) type

    Block type BlockMode func NewCBCDecrypter(b Block, iv []byte) BlockMode func NewCBCEncrypter(b Block, iv []byte) BlockMode type Stream func NewCFBDecrypter(block Block, iv []byte) Stream func NewCFBEncrypter(block Block, iv []byte) Stream func NewCTR(block Block, iv []byte) Stream func NewOFB(b Block, iv []byte) Stream type StreamReader func (r StreamReader) Read(dst []byte) (n int, err error) type StreamWriter func (w StreamWriter) Close() error func (w StreamWriter) Write(src []byte) (n int, err error) Block Cipher Mode ผʹ࢖͍෼͚Δɻ ʢॲཧ୯Ґ͸Blockʣ http://play.golang.org/p/zjrQdSnz2M αϯϓϧ
  12. ڞ௨伴҉߸ crypto/rc4 type Cipher func NewCipher(key []byte) (*Cipher, error) func

    (c *Cipher) Reset() func (c *Cipher) XORKeyStream(dst, src []byte) type KeySizeError func (k KeySizeError) Error() string
  13. ڞ௨伴҉߸ crypto/rc4 type Cipher func NewCipher(key []byte) (*Cipher, error) func

    (c *Cipher) Reset() func (c *Cipher) XORKeyStream(dst, src []byte) type KeySizeError func (k KeySizeError) Error() string ετϦʔϜ҉߸ͷ ΠϯλʔϑΣʔε http://play.golang.org/p/7zs6j2GwK7 αϯϓϧ
  14. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ެ։伴҉߸
  15. ެ։伴҉߸ crypto/rsa func DecryptOAEP(hash hash.Hash, random io.Reader, priv *PrivateKey, ciphertext

    []byte, label []byte) (msg []byte, err error) func DecryptPKCS1v15(rand io.Reader, priv *PrivateKey, ciphertext []byte) (out []byte, err error) func DecryptPKCS1v15SessionKey(rand io.Reader, priv *PrivateKey, ciphertext []byte, key []byte) (err error) func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) (out []byte, err error) func EncryptPKCS1v15(rand io.Reader, pub *PublicKey, msg []byte) (out []byte, err error) func SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte) (s []byte, err error) func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte, opts *PSSOptions) (s []byte, err error) func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) (err error) func VerifyPSS(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte, opts *PSSOptions) error type CRTValue type PSSOptions type PrecomputedValues type PrivateKey func GenerateKey(random io.Reader, bits int) (priv *PrivateKey, err error) func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (priv *PrivateKey, err error) func (priv *PrivateKey) Precompute() func (priv *PrivateKey) Validate() error type PublicKey
  16. ެ։伴҉߸ crypto/rsa func DecryptOAEP(hash hash.Hash, random io.Reader, priv *PrivateKey, ciphertext

    []byte, label []byte) (msg []byte, err error) func DecryptPKCS1v15(rand io.Reader, priv *PrivateKey, ciphertext []byte) (out []byte, err error) func DecryptPKCS1v15SessionKey(rand io.Reader, priv *PrivateKey, ciphertext []byte, key []byte) (err error) func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) (out []byte, err error) func EncryptPKCS1v15(rand io.Reader, pub *PublicKey, msg []byte) (out []byte, err error) func SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte) (s []byte, err error) func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte, opts *PSSOptions) (s []byte, err error) func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) (err error) func VerifyPSS(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte, opts *PSSOptions) error type CRTValue type PSSOptions type PrecomputedValues type PrivateKey func GenerateKey(random io.Reader, bits int) (priv *PrivateKey, err error) func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (priv *PrivateKey, err error) func (priv *PrivateKey) Precompute() func (priv *PrivateKey) Validate() error type PublicKey ҉߸/ෳ߹ PKCSv1.5, OEAP ॺ໊/ݕূ (PKCSv1.5,PSS) ެ։伴/ൿີ伴
  17. ެ։伴҉߸ crypto/dsa func GenerateKey(priv *PrivateKey, rand io.Reader) error func GenerateParameters(params

    *Parameters, rand io.Reader, sizes ParameterSizes) (err error) func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool type ParameterSizes type Parameters type PrivateKey type PublicKey crypto/ecdsa func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool type PrivateKey func GenerateKey(c elliptic.Curve, rand io.Reader) (priv *PrivateKey, err error) type PublicKey
  18. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ϋογϡ
  19. ϋογϡ crypto/md5 func New() hash.Hash func Sum(data []byte) [Size]byte crypto/sha1

    func New() hash.Hash func Sum(data []byte) [Size]byte crypto/sha256 func New() hash.Hash func New224() hash.Hash func Sum224(data []byte) (sum224 [Size224]byte) func Sum256(data []byte) [Size]byte func New() hash.Hash func New384() hash.Hash func Sum384(data []byte) (sum384 [Size384]byte) func Sum512(data []byte) [Size]byte crypto/sha512
  20. ϋογϡ crypto/md5 func New() hash.Hash func Sum(data []byte) [Size]byte crypto/sha1

    func New() hash.Hash func Sum(data []byte) [Size]byte crypto/sha256 func New() hash.Hash func New224() hash.Hash func Sum224(data []byte) (sum224 [Size224]byte) func Sum256(data []byte) [Size]byte func New() hash.Hash func New384() hash.Hash func Sum384(data []byte) (sum384 [Size384]byte) func Sum512(data []byte) [Size]byte crypto/sha512 func hash(c string) string { h := sha256.New() fmt.Fprint(h, c) return hex.EncodeToString(h.Sum(nil)) } ͜Μͳײ͡ͷ Α͘࢖͍ͦ͏
  21. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix ཚ਺
  22. ཚ਺ੜ੒ crypto/rand func Int(rand io.Reader, max *big.Int) (n *big.Int, err

    error) func Prime(rand io.Reader, bits int) (p *big.Int, err error) func Read(b []byte) (n int, err error)
  23. ཚ਺ੜ੒ crypto/rand func Int(rand io.Reader, max *big.Int) (n *big.Int, err

    error) func Prime(rand io.Reader, bits int) (p *big.Int, err error) func Read(b []byte) (n int, err error) math/rand func ExpFloat64() float64 func Float32() float32 func Float64() float64 func Int() int func Int31() int32 func Int31n(n int32) int32 func Int63() int64 func Int63n(n int64) int64 func Intn(n int) int func NormFloat64() float64 func Perm(n int) []int func Seed(seed int64) func Uint32() uint32 go্ͷ࣮૷ /dev/urandom
  24. ߏ੒ crypto aes cipher des dsa ecdsa elliptic hmac md5

    rand rc4 rsa sha1 sha256 sha512 subtle tls x509 pkix tlsͱ͔x509ͱ͔
  25. X.509 crypto/x509 type CertPool func NewCertPool() *CertPool func (s *CertPool)

    AddCert(cert *Certificate) func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) func (s *CertPool) Subjects() (res [][]byte) type Certificate func ParseCertificate(asn1Data []byte) (*Certificate, error) func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) (err error) func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) (err error) func (c *Certificate) CheckSignatureFrom(parent *Certificate) (err error) func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) func (c *Certificate) Equal(other *Certificate) bool func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) func (c *Certificate) VerifyHostname(h string) error type ExtKeyUsage type KeyUsage type PEMCipher type PublicKeyAlgorithm type SignatureAlgorithm
  26. X.509 crypto/x509 type CertPool func NewCertPool() *CertPool func (s *CertPool)

    AddCert(cert *Certificate) func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) func (s *CertPool) Subjects() (res [][]byte) type Certificate func ParseCertificate(asn1Data []byte) (*Certificate, error) func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) (err error) func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) (err error) func (c *Certificate) CheckSignatureFrom(parent *Certificate) (err error) func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) func (c *Certificate) Equal(other *Certificate) bool func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) func (c *Certificate) VerifyHostname(h string) error type ExtKeyUsage type KeyUsage type PEMCipher type PublicKeyAlgorithm type SignatureAlgorithm ূ໌ॻ͓Αͼ ϓʔϧ ʢෳ਺ͷূ໌ॻʣ ূ໌ॻͷ߲໨
  27. X.509 crypto/x509 type CertificateInvalidError func (e CertificateInvalidError) Error() string type

    ConstraintViolationError func (ConstraintViolationError) Error() string type HostnameError func (h HostnameError) Error() string type InvalidReason type SystemRootsError func (e SystemRootsError) Error() string type UnhandledCriticalExtension func (h UnhandledCriticalExtension) Error() string type UnknownAuthorityError func (e UnknownAuthorityError) Error() string type VerifyOptions
  28. X.509 crypto/x509 func CreateCertificate(rand io.Reader, template, parent *Certificate, pub interface{},

    priv interface{}) (cert []byte, err error) func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error) func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error) func IsEncryptedPEMBlock(b *pem.Block) bool func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte func MarshalPKIXPublicKey(pub interface{}) ([]byte, error) func ParseCRL(crlBytes []byte) (certList *pkix.CertificateList, err error) func ParseCertificates(asn1Data []byte) ([]*Certificate, error) func ParseDERCRL(derBytes []byte) (certList *pkix.CertificateList, err error) func ParseECPrivateKey(der []byte) (key *ecdsa.PrivateKey, err error) func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error) func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error) ূ໌ॻ࡞੒ ಡΈॻ͖
  29. PKIX crypto/pkix type AlgorithmIdentifier type AttributeTypeAndValue type CertificateList func (certList

    *CertificateList) HasExpired(now time.Time) bool type Extension type Name func (n *Name) FillFromRDNSequence(rdns *RDNSequence) func (n Name) ToRDNSequence() (ret RDNSequence) type RDNSequence type RelativeDistinguishedNameSET type RevokedCertificate type TBSCertificateList
  30. TLS crypto/tls func Listen(network, laddr string, config *Config) (net.Listener, error)

    func NewListener(inner net.Listener, config *Config) net.Listener type Certificate func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error) func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) type ClientAuthType type Config func (c *Config) BuildNameToCertificate()
  31. TLS crypto/tls type Conn func Client(conn net.Conn, config *Config) *Conn

    func Dial(network, addr string, config *Config) (*Conn, error) func Server(conn net.Conn, config *Config) *Conn func (c *Conn) Close() error func (c *Conn) ConnectionState() ConnectionState func (c *Conn) Handshake() error func (c *Conn) LocalAddr() net.Addr func (c *Conn) OCSPResponse() []byte func (c *Conn) Read(b []byte) (n int, err error) func (c *Conn) RemoteAddr() net.Addr func (c *Conn) SetDeadline(t time.Time) error func (c *Conn) SetReadDeadline(t time.Time) error func (c *Conn) SetWriteDeadline(t time.Time) error func (c *Conn) VerifyHostname(host string) error func (c *Conn) Write(b []byte) (int, error) type ConnectionStatet
  32. exercise ca := &x509.Certificate{ Subject: pkix.Name{ Country: []string{"JP"}, Organization: []string{"Gunosy.com"},

    OrganizationalUnit: []string{"Golang TEAM"}, CommonName: "fake.gunosy.com", }, NotBefore: time.Now(), NotAfter: time.Now().AddDate(10,0,0), SerialNumber: big.NewInt(1), SubjectKeyId: []byte{1,2,3,4,5}, BasicConstraintsValid: true, IsCA: true, KeyUsage: x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, } ! priv, _ := rsa.GenerateKey(rand.Reader, 1024) pub := &priv.PublicKey ca_bytes, _ := x509.CreateCertificate(rand.Reader, ca, ca, pub, priv) ioutil.WriteFile("ca.pem", ca_bytes, 0400) ! priv_bytes := x509.MarshalPKCS1PrivateKey(priv) ioutil.WriteFile("ca.key", priv_bytes, 0400) ͪ͜ΒΛվม͠·ͨ͠ https://github.com/go-av/tls-example
  33. exercise ca := &x509.Certificate{ Subject: pkix.Name{ Country: []string{"JP"}, Organization: []string{"gunosy.com"},

    OrganizationalUnit: []string{"Golang TEAM"}, CommonName: "fake.gunosy.com", }, NotBefore: time.Now(), NotAfter: time.Now().AddDate(10,0,0), SerialNumber: big.NewInt(1), SubjectKeyId: []byte{1,2,3,4,5}, BasicConstraintsValid: true, IsCA: true, KeyUsage: x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, } ! priv, _ := rsa.GenerateKey(rand.Reader, 1024) pub := &priv.PublicKey ca_bytes, _ := x509.CreateCertificate(rand.Reader, ca, ca, pub, priv) ioutil.WriteFile("ca.pem", ca_bytes, 0400) ! priv_bytes := x509.MarshalPKCS1PrivateKey(priv) ioutil.WriteFile("ca.key", priv_bytes, 0400) ূ໌ॻͭ͘Δʂ ൿີ伴/ެ։伴ͱ ূ໌ॻͷ࡞੒ ൿີ伴ͷ ϚʔγϟϦϯά
  34. exercise ca_bytes, _ := ioutil.ReadFile("ca.pem") ca, _ := x509.ParseCertificate(ca_bytes) priv_bytes,

    _ := ioutil.ReadFile("ca.key") priv, _ := x509.ParsePKCS1PrivateKey(priv_bytes) pool := x509.NewCertPool() pool.AddCert(ca) cert := tls.Certificate{ Certificate: [][]byte{ ca_bytes }, PrivateKey: priv, } ! config := tls.Config{ ClientAuth: tls.NoClientCert, Certificates: []tls.Certificate{cert}, ClientCAs: pool, } config.Rand = rand.Reader service := "0.0.0.0:1443" listener, _ := tls.Listen("tcp", service, &config) log.Print("server: listening") ͪ͜ΒΛվม͠·ͨ͠ https://github.com/go-av/tls-example
  35. exercise ca_bytes, _ := ioutil.ReadFile("ca.pem") ca, _ := x509.ParseCertificate(ca_bytes) priv_bytes,

    _ := ioutil.ReadFile("ca.key") priv, _ := x509.ParsePKCS1PrivateKey(priv_bytes) pool := x509.NewCertPool() pool.AddCert(ca) cert := tls.Certificate{ Certificate: [][]byte{ ca_bytes }, PrivateKey: priv, } ! config := tls.Config{ ClientAuth: tls.NoClientCert, Certificates: []tls.Certificate{cert}, ClientCAs: pool, } config.Rand = rand.Reader service := "0.0.0.0:1443" listener, _ := tls.Listen("tcp", service, &config) log.Print("server: listening") PEMܗࣜͷূ໌ॻͱ 伴ΛಡΈࠐΉ TLSͷઃఆ Listenʂʂ