assess

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package assess is a cryptographic security-test harness for captured RF ciphertext. Given a set of encrypted frames (and optionally a known plaintext), it runs every applicable decryption / cryptanalysis method and reports how effective each one was — from 0% (the encryption held) up to 100% (complete decryption, which means the cipher *failed* the test).

The point is an informed verdict, not a single yes/no: by seeing which methods recovered what, an operator learns where a deployment is weak (a reused IV, a default key, a structured keystream) and which attack fits which situation. A method that recovers nothing is reported too — that is the evidence the encryption is doing its job.

Methods, in escalating capability:

  • cipher-strength statistical: is the ciphertext itself distinguishable from random? A structured ciphertext is already a partial break.
  • iv-reuse structural: do frames share an IV (keystream reuse)? Exposes plaintext⊕plaintext with no key.
  • known-plaintext if a frame's plaintext is known, recover the keystream and decrypt every same-IV frame. Definitive.
  • weak-key try default / supplied keys with the real cipher (ADP/DES/AES via engine/p25crypto); verify against known plaintext.
  • keystream-lfsr once a keystream is recovered, is it an LFSR (low linear complexity)? If so the rest of the call is predictable.

Index

Constants

View Source
const (
	VerdictResistant = "RESISTANT"
	VerdictPartial   = "PARTIAL"
	VerdictBroken    = "BROKEN"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Input

type Input struct {
	Frames     []keystream.Frame
	Protocol   string   // protocol whose algorithm-id namespace applies (default "p25")
	KnownLabel string   // label of a frame whose plaintext is known (optional)
	KnownPT    []byte   // that frame's plaintext (optional)
	ExtraKeys  [][]byte // additional candidate keys to try in the weak-key method
	// BruteBits enables the reduced-keyspace brute method: search the low
	// BruteBits of the key against a known-plaintext oracle. 0 disables it.
	BruteBits int
	// BaseKey is the fixed remainder of the key for the brute (the high bits);
	// nil means all-zero.
	BaseKey []byte
	// ExternCmd, when set, is an external cipher program (engine/extcipher)
	// used to brute / decrypt an unbundled cipher (e.g. TETRA TEA1). It applies
	// to frames whose AlgID == ExternAlgID. CLI-only; never set from the web.
	ExternCmd   string
	ExternAlgID uint8
}

Input bundles the material the harness works from.

type MethodResult

type MethodResult struct {
	Name string `json:"name"`
	// Applicable is false when the method's preconditions aren't met (e.g. no
	// known plaintext, unsupported algorithm); Notes says why.
	Applicable bool `json:"applicable"`
	// Effectiveness is the fraction (0..1) of the traffic this method recovered
	// or exposed. 1.0 from a Verified method is a complete break.
	Effectiveness float64 `json:"effectiveness"`
	// Verified is true when the recovery is definitive (exact keystream match
	// or a structural certainty), false when it is statistical evidence only.
	Verified       bool           `json:"verified"`
	RecoveredBytes int            `json:"recovered_bytes"`
	TotalBytes     int            `json:"total_bytes"`
	SampleHex      string         `json:"sample_hex,omitempty"`
	SampleASCII    string         `json:"sample_ascii,omitempty"`
	Notes          []string       `json:"notes,omitempty"`
	Detail         map[string]any `json:"detail,omitempty"`
}

MethodResult is one method's outcome.

type Report

type Report struct {
	Frames               int            `json:"frames"`
	TotalCipherBytes     int            `json:"total_cipher_bytes"`
	Methods              []MethodResult `json:"methods"`
	OverallEffectiveness float64        `json:"overall_effectiveness"`
	// Verdict is RESISTANT (nothing recovered), PARTIAL (information leaked),
	// or BROKEN (a method achieved verified complete decryption — a fail).
	Verdict string `json:"verdict"`
}

Report is the full assessment.

func Run

func Run(in Input) Report

Run executes every method and assembles the report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL