Skip to content

Instantly share code, notes, and snippets.

View jedisct1's full-sized avatar

Frank Denis jedisct1

3.9k followers · 178 following
View GitHub Profile
@jedisct1
jedisct1 / sign.go
Last active February 13, 2025 09:34
SIgning a CSR in Go, for mTLS (using ECDSA keys)
// Create a key pair for the app and a CSR:
// $ openssl ecparam -genkey -name prime256v1 -out application.key
// $ openssl req -new -sha256 -key application.key -out request.csr
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
@jedisct1
jedisct1 / foo.go
Last active January 3, 2025 18:01
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"log"
"os"
@jedisct1
jedisct1 / b.rs
Last active September 17, 2024 14:48
// Cargo.toml:
// [dependencies]
// boring = { package = "superboring", version = "0.1.2" }
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Ciphertext
let ciphertext = include_bytes!("signed_message.bin");
// Unencrypted RSA private key in PEM format
let rsa_pem = include_str!("sessionprivatekey.pem");
@jedisct1
jedisct1 / a.rs
Created September 17, 2024 14:45
// Cargo.toml:
// [dependencies]
// rsa = "0.9.6"
// rand = "0.8.5"
fn main() -> Result<(), Box<dyn std::error::Error>> {
use rsa::pkcs8::DecodePrivateKey as _;
// Ciphertext
let ciphertext = include_bytes!("signed_message.bin");
@jedisct1
jedisct1 / compiling-c-to-webassembly-and-rust.md
Last active January 11, 2025 07:18
Compiling C code to WebAssembly and Rust

How to embed C/C++ code in a Rust project targeting WebAssembly

When targeting WebAssembly, C/C++ code can be compiled as a library, and then get statically linked to a Rust project.

Step 1

Install the Zig toolchain in order to compile C and C++ code to WebAssembly.

zig cc is available for many platforms including Windows, and makes it easy to switch back and forth between native and wasm targets. WebAssembly is a Tier-1 target, and it was successfully used to port libraries such as ffmpeg, zlib, openssl, boringssl and libsodium.

@jedisct1
jedisct1 / main.rs
Last active May 28, 2024 05:06
use flate2::Compression;
use std::io::prelude::*;
use benchmark_simple::*;
fn memusage() -> usize {
#[cfg(target_arch = "wasm32")]
let z = core::arch::wasm32::memory_grow(0, 0);
#[cfg(not(target_arch = "wasm32"))]
@jedisct1
jedisct1 / foo.go
Created August 24, 2023 21:49
package main
import (
"crypto/aes"
"net"
)
func EncryptIp(key []byte, ip net.IP) net.IP {
cipher, err := aes.NewCipher(key)
if err != nil {
@jedisct1
jedisct1 / changes.md
Created July 26, 2023 22:17

std.crypto changes

New features

  • Salsa20: round-reduced variants can now be used.
  • The POLYVAL universal hash function was added.
  • AEGIS: support for 256-bit tags was added.
  • A MAC API was added to AEGIS (std.crypto.auth.aegis) - AEGIS can be used as a high-performance MAC on systems with hardware AES support. Note that this is not a hash function; a secret key is absolutely required in order to authenticate untrusted messages.
  • Edwards25519: a rejectLowOrder() function was added to quickly reject low-order points.
  • HKDF: with extractInit(), a PRK can now be initialized with only a salt, the keying material being added later, possibly as multiple chunks.
@jedisct1
jedisct1 / foo.patch
Created July 14, 2023 09:13
diff --git a/lib/std/crypto/ecdsa.zig b/lib/std/crypto/ecdsa.zig
index 1a5335b07..b78cf6f6e 100644
--- a/lib/std/crypto/ecdsa.zig
+++ b/lib/std/crypto/ecdsa.zig
@@ -196,8 +196,11 @@ pub fn Ecdsa(comptime Curve: type, comptime Hash: type) type {
self.h.update(data);
}
- /// Compute a signature over the entire message.
- pub fn finalize(self: *Signer) (IdentityElementError || NonCanonicalError)!Signature {
@jedisct1
jedisct1 / main.rs
Created July 12, 2023 20:15
use aegis::aegis128l::Aegis128L;
const ENCRYPTED_MESSAGE_PREFIX: &[u8] = b"E:aegis128l:";
pub fn encrypt_message(data: &[u8], key: &[u8; 16]) -> Result<Vec<u8>, getrandom::Error> {
let mut nonce = [0; 16];
getrandom::getrandom(&mut nonce)?;
let cipher = Aegis128L::<32>::new(key, &nonce);
let (encrypted, tag) = cipher.encrypt(data, &[]);