Documentation
¶
Index ¶
- Variables
- func GetNonceFromCiphertext(ciphertext []byte) ([]byte, error)
- func Transmute(data []byte, sigils []Sigil) ([]byte, error)
- type Base64Sigil
- type ChaChaPolySigil
- type Enchantrix
- type GzipSigil
- type HashSigil
- type HexSigil
- type JSONSigil
- type PreObfuscator
- type ReverseSigil
- type ShuffleMaskObfuscator
- type Sigil
- type XORObfuscator
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidKey is returned when the encryption key is invalid. ErrInvalidKey = errors.New("enchantrix: invalid key size, must be 32 bytes") // ErrCiphertextTooShort is returned when the ciphertext is too short to decrypt. ErrCiphertextTooShort = errors.New("enchantrix: ciphertext too short") // ErrDecryptionFailed is returned when decryption or authentication fails. ErrDecryptionFailed = errors.New("enchantrix: decryption failed") // ErrNoKeyConfigured is returned when no encryption key has been set. ErrNoKeyConfigured = errors.New("enchantrix: no encryption key configured") )
Functions ¶
func GetNonceFromCiphertext ¶ added in v0.0.2
GetNonceFromCiphertext extracts the nonce from encrypted output. This is provided for debugging/logging purposes only. The nonce should NOT be stored separately in headers.
func Transmute ¶
Transmute is a helper function for applying a series of sigils to data.
Example ¶
package main
import (
"fmt"
"log"
"github.com/Snider/Enchantrix/pkg/enchantrix"
)
func main() {
data := []byte("Hello, World!")
sigils := []enchantrix.Sigil{
&enchantrix.ReverseSigil{},
&enchantrix.HexSigil{},
}
transformed, err := enchantrix.Transmute(data, sigils)
if err != nil {
log.Fatalf("Transmute failed: %v", err)
}
fmt.Printf("Transformed data: %s\n", transformed)
}
Output: Transformed data: 21646c726f57202c6f6c6c6548
Types ¶
type Base64Sigil ¶
type Base64Sigil struct{}
Base64Sigil is a Sigil that encodes/decodes data to/from base64. The In method encodes the data, and the Out method decodes it.
type ChaChaPolySigil ¶ added in v0.0.2
type ChaChaPolySigil struct {
Key []byte
Obfuscator PreObfuscator
// contains filtered or unexported fields
}
ChaChaPolySigil is a Sigil that encrypts/decrypts data using ChaCha20-Poly1305. It applies pre-obfuscation before encryption to ensure raw plaintext never goes directly to CPU encryption routines.
The output format is: [24-byte nonce][encrypted(obfuscated(plaintext))]
Unlike demo implementations, the nonce is ONLY embedded in the ciphertext, not exposed separately in headers.
func NewChaChaPolySigil ¶ added in v0.0.2
func NewChaChaPolySigil(key []byte) (*ChaChaPolySigil, error)
NewChaChaPolySigil creates a new encryption sigil with the given key. The key must be exactly 32 bytes.
func NewChaChaPolySigilWithObfuscator ¶ added in v0.0.2
func NewChaChaPolySigilWithObfuscator(key []byte, obfuscator PreObfuscator) (*ChaChaPolySigil, error)
NewChaChaPolySigilWithObfuscator creates a new encryption sigil with custom obfuscator.
type Enchantrix ¶
Enchantrix defines the interface for acceptance testing.
type GzipSigil ¶
type GzipSigil struct {
// contains filtered or unexported fields
}
GzipSigil is a Sigil that compresses/decompresses data using gzip. The In method compresses the data, and the Out method decompresses it.
type HashSigil ¶
HashSigil is a Sigil that hashes the data using a specified algorithm. The In method hashes the data, and the Out method is a no-op.
func NewHashSigil ¶
NewHashSigil creates a new HashSigil.
type HexSigil ¶
type HexSigil struct{}
HexSigil is a Sigil that encodes/decodes data to/from hexadecimal. The In method encodes the data, and the Out method decodes it.
type JSONSigil ¶
type JSONSigil struct{ Indent bool }
JSONSigil is a Sigil that compacts or indents JSON data. The Out method is a no-op.
type PreObfuscator ¶ added in v0.0.2
type PreObfuscator interface {
// Obfuscate transforms plaintext before encryption.
Obfuscate(data []byte, entropy []byte) []byte
// Deobfuscate reverses the transformation after decryption.
Deobfuscate(data []byte, entropy []byte) []byte
}
PreObfuscator applies a reversible transformation to data before encryption. This ensures that raw plaintext is never sent directly to CPU encryption routines.
type ReverseSigil ¶
type ReverseSigil struct{}
ReverseSigil is a Sigil that reverses the bytes of the payload. It is a symmetrical Sigil, meaning that the In and Out methods perform the same operation.
type ShuffleMaskObfuscator ¶ added in v0.0.2
type ShuffleMaskObfuscator struct{}
ShuffleMaskObfuscator applies byte-level shuffling based on entropy. This provides additional diffusion before encryption.
func (*ShuffleMaskObfuscator) Deobfuscate ¶ added in v0.0.2
func (s *ShuffleMaskObfuscator) Deobfuscate(data []byte, entropy []byte) []byte
Deobfuscate reverses the shuffle and mask operations.
type Sigil ¶
type Sigil interface {
// In transforms the data.
In(data []byte) ([]byte, error)
// Out reverses the transformation.
Out(data []byte) ([]byte, error)
}
Sigil defines the interface for a data transformer. A Sigil is a reversible or irreversible transformation of a byte slice.
func NewSigil ¶
NewSigil is a factory function that returns a Sigil based on a string name. It is the primary way to create Sigil instances.
Example ¶
package main
import (
"fmt"
"log"
"github.com/Snider/Enchantrix/pkg/enchantrix"
)
func main() {
sigil, err := enchantrix.NewSigil("base64")
if err != nil {
log.Fatalf("Failed to create sigil: %v", err)
}
data := []byte("Hello, World!")
encoded, err := sigil.In(data)
if err != nil {
log.Fatalf("Sigil In failed: %v", err)
}
fmt.Printf("Encoded data: %s\n", encoded)
decoded, err := sigil.Out(encoded)
if err != nil {
log.Fatalf("Sigil Out failed: %v", err)
}
fmt.Printf("Decoded data: %s\n", decoded)
}
Output: Encoded data: SGVsbG8sIFdvcmxkIQ== Decoded data: Hello, World!
type XORObfuscator ¶ added in v0.0.2
type XORObfuscator struct{}
XORObfuscator performs XOR-based obfuscation using entropy-derived key stream. This is a reversible transformation that ensures no cleartext patterns remain.
func (*XORObfuscator) Deobfuscate ¶ added in v0.0.2
func (x *XORObfuscator) Deobfuscate(data []byte, entropy []byte) []byte
Deobfuscate reverses the XOR transformation (XOR is symmetric).
Source Files