Documentation
¶
Overview ¶
Package assess is a cryptographic security-test harness for captured RF ciphertext. Given a set of encrypted frames (and optionally a known plaintext), it runs every applicable decryption / cryptanalysis method and reports how effective each one was — from 0% (the encryption held) up to 100% (complete decryption, which means the cipher *failed* the test).
The point is an informed verdict, not a single yes/no: by seeing which methods recovered what, an operator learns where a deployment is weak (a reused IV, a default key, a structured keystream) and which attack fits which situation. A method that recovers nothing is reported too — that is the evidence the encryption is doing its job.
Methods, in escalating capability:
- cipher-strength statistical: is the ciphertext itself distinguishable from random? A structured ciphertext is already a partial break.
- iv-reuse structural: do frames share an IV (keystream reuse)? Exposes plaintext⊕plaintext with no key.
- known-plaintext if a frame's plaintext is known, recover the keystream and decrypt every same-IV frame. Definitive.
- weak-key try default / supplied keys with the real cipher (ADP/DES/AES via engine/p25crypto); verify against known plaintext.
- keystream-lfsr once a keystream is recovered, is it an LFSR (low linear complexity)? If so the rest of the call is predictable.
Index ¶
Constants ¶
const ( VerdictResistant = "RESISTANT" VerdictPartial = "PARTIAL" VerdictBroken = "BROKEN" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Input ¶
type Input struct {
Frames []keystream.Frame
Protocol string // protocol whose algorithm-id namespace applies (default "p25")
KnownLabel string // label of a frame whose plaintext is known (optional)
KnownPT []byte // that frame's plaintext (optional)
ExtraKeys [][]byte // additional candidate keys to try in the weak-key method
// BruteBits enables the reduced-keyspace brute method: search the low
// BruteBits of the key against a known-plaintext oracle. 0 disables it.
BruteBits int
// BaseKey is the fixed remainder of the key for the brute (the high bits);
// nil means all-zero.
BaseKey []byte
// ExternCmd, when set, is an external cipher program (engine/extcipher)
// used to brute / decrypt an unbundled cipher (e.g. TETRA TEA1). It applies
// to frames whose AlgID == ExternAlgID. CLI-only; never set from the web.
ExternCmd string
ExternAlgID uint8
}
Input bundles the material the harness works from.
type MethodResult ¶
type MethodResult struct {
Name string `json:"name"`
// Applicable is false when the method's preconditions aren't met (e.g. no
// known plaintext, unsupported algorithm); Notes says why.
Applicable bool `json:"applicable"`
// Effectiveness is the fraction (0..1) of the traffic this method recovered
// or exposed. 1.0 from a Verified method is a complete break.
Effectiveness float64 `json:"effectiveness"`
// Verified is true when the recovery is definitive (exact keystream match
// or a structural certainty), false when it is statistical evidence only.
Verified bool `json:"verified"`
RecoveredBytes int `json:"recovered_bytes"`
TotalBytes int `json:"total_bytes"`
SampleHex string `json:"sample_hex,omitempty"`
SampleASCII string `json:"sample_ascii,omitempty"`
Notes []string `json:"notes,omitempty"`
Detail map[string]any `json:"detail,omitempty"`
}
MethodResult is one method's outcome.
type Report ¶
type Report struct {
Frames int `json:"frames"`
TotalCipherBytes int `json:"total_cipher_bytes"`
Methods []MethodResult `json:"methods"`
OverallEffectiveness float64 `json:"overall_effectiveness"`
// Verdict is RESISTANT (nothing recovered), PARTIAL (information leaked),
// or BROKEN (a method achieved verified complete decryption — a fail).
Verdict string `json:"verdict"`
}
Report is the full assessment.