extcipher

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package extcipher bridges to an external, operator-supplied cipher program so the toolkit can decrypt and brute-force ciphers it does not (and should not) bundle itself — most importantly TETRA TEA1, whose only public implementations are licence-incompatible (AGPL) with this Apache-2.0 project and which must not be re-authored unverified inside a security-test tool.

The operator points the harness at a program (e.g. MidnightBlue's TEA1 tool or sq5bpf/teatime) that implements a tiny, shell-free line protocol:

<prog> [fixed args…] keystream <key_hex> <iv_hex> <n>
    → prints <keystream_hex> (n bytes) on stdout
<prog> [fixed args…] brute <iv_hex> <known_keystream_hex> <bits> <base_key_hex>
    → prints the recovered <key_hex> (or an empty line if none) on stdout

The `brute` verb keeps the heavy 2^32-style key search in the native external cipher; the toolkit orchestrates it, verifies the result, and decrypts the corpus with `keystream`. The program is invoked with exec (no shell), and key/IV values are passed as separate argv entries, so the cipher values cannot inject a command. This capability is CLI-only by design — the web console refuses recipes that shell out (see the webserver).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {

	// KeystreamTimeout / BruteTimeout bound each call.
	KeystreamTimeout time.Duration
	BruteTimeout     time.Duration
	// contains filtered or unexported fields
}

Client runs an external cipher program.

func New

func New(spec string) (*Client, error)

New parses a command spec ("prog --flag value") into a Client. The first field is the program; the rest are fixed leading arguments. It does not run a shell, so the spec must not rely on shell features.

func (*Client) Brute

func (c *Client) Brute(iv, knownKS, baseKey []byte, bits int) ([]byte, bool, error)

Brute asks the external cipher to search the low `bits` of the key against a known keystream (knownKS), with the high bits fixed to baseKey. It returns the recovered key and whether one was found.

func (*Client) Keystream

func (c *Client) Keystream(key, iv []byte, n int) ([]byte, error)

Keystream asks the external cipher for n keystream bytes under (key, iv).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL