Expanded `examples/main.go` to fully demonstrate the functionality of the `crypt`, `enchantrix`, and `trix` packages.
- Restructured the main example file into distinct functions for each feature set (`demoTrix`, `demoHashing`, `demoChecksums`, `demoRSA`, `demoSigils`).
- Implemented a comprehensive `demoTrix` that showcases a chain of multiple sigils (`json-indent`, `gzip`, `base64`, `reverse`), checksum functionality, and the full Pack/Unpack workflow.
- Added a `demoHashing` function that iterates through all supported hashing algorithms.
- Added a `demoChecksums` function that demonstrates the Luhn and Fletcher algorithms.
- Added a `demoRSA` function that shows the complete RSA workflow from key generation to decryption.
- Added a `demoSigils` function to demonstrate sigil transformations independently.
- Fixed a bug in the Trix demo verification logic related to JSON indentation.
This commit introduces a fuzz test for the `Decode` function in the `trix` package. This test immediately uncovered a critical out-of-memory (OOM) vulnerability.
- Adds a new fuzz test, `FuzzDecode`, to `pkg/trix/fuzz_test.go` to continuously test the `Decode` function with a wide range of malformed inputs.
- Fixes a denial-of-service vulnerability where a malicious input could specify an extremely large header length, causing the application to crash due to an out-of-memory error.
- Introduces a `MaxHeaderSize` constant (16MB) and a check in the `Decode` function to ensure that the header length does not exceed this limit.
- Adds a new error, `ErrHeaderTooLarge`, to provide clear feedback when the header size limit is exceeded.
This commit introduces a streaming API to the `trix` package, making it more memory-efficient for large payloads.
- Adds `EncodeTo(io.Writer)` and `DecodeFrom(io.Reader)` functions to handle streaming data.
- Refactors the existing `Encode` and `Decode` functions to be wrappers around the new streaming API, ensuring backward compatibility.
- Adds a specific `ErrInvalidHeaderLength` error to the `Decode` function to provide better error feedback.
- Includes a comprehensive set of "Good, Bad, Ugly" tests for the new streaming functionality, including tests for failing readers and writers.
This commit introduces several improvements to the `trix` package, focusing on test coverage and robustness.
- Adds a specific `ErrInvalidHeaderLength` error to the `Decode` function, providing clearer feedback when the header length is invalid.
- Introduces a `TestPackUnpack_Ugly` test to ensure that calling `Pack` with a `nil` payload is handled gracefully.
- Simplifies the `TestChecksum_Ugly` test by manually constructing a corrupted byte slice, making the test more direct and easier to understand.
- Adds a new "Bad" test case to verify that the `Decode` function correctly handles invalid version numbers.
This commit introduces a new `enchantrix` package that provides a flexible and powerful way to transform data using a "Sigil" interface. The package includes implementations for various encoding types (hex, base64, gzip, json) and a comprehensive set of cryptographic hash functions.
The `trix` package has been refactored to use the new `enchantrix` package, and its API has been simplified to use string identifiers for Sigils, making it easier to use and decoupling it from the implementation details of the `enchantrix` package.
All new functionality is fully tested, and the existing tests have been updated to reflect the API changes.
This commit introduces a standard RSA implementation in `pkg/crypt/std/rsa`.
The new `rsa.Service` provides a clean API for RSA operations, including:
- Key pair generation
- Encryption and decryption of data
The implementation uses the standard `crypto/rsa` package and follows best practices, including OAEP padding. The main `crypt.Service` has been updated to integrate and expose this new functionality.
This work was done to validate the build environment, and the tests for this implementation pass successfully, confirming that the previous testing issues were isolated to the OpenPGP library.
This commit introduces a full OpenPGP implementation in `pkg/crypt/std/openpgp`, using the ProtonMail `go-crypto` library.
The new `openpgp.Service` provides a clean, Web3-friendly API for PGP operations, including:
- Key pair generation
- Subkey management
- Encryption and decryption of messages
- Signing and verification of messages
The implementation is based on the user's `Core` repository and uses file-based key management. The main `crypt.Service` has been updated to integrate and expose this new functionality.
This commit enhances the Trix container with two new features for improved data integrity and flexibility:
1. **Configurable Checksums:**
- The `Trix` struct now has a `ChecksumAlgo` field to specify a hash algorithm.
- If set, `Encode` computes a checksum of the payload and adds it to the header.
- `Decode` verifies this checksum, returning an error if it doesn't match, ensuring data integrity during transit.
2. **Asymmetrical Sigils:**
- The `Sigils` field has been replaced with `InSigils` and `OutSigils` to support different transformation chains for packing and unpacking.
- If `OutSigils` is not set, `Unpack` defaults to using the `InSigils` chain to maintain the previous symmetrical behavior.
These features make the `Trix` container a more robust and self-verifying format for internal data transfer.
This commit introduces a more secure sigil workflow by separating the transformation logic from the serialization logic.
- The `Trix` struct now has `Pack()` and `Unpack()` methods to apply sigil transformations directly to the payload.
- The `Encode()` and `Decode()` functions are now solely responsible for serialization, no longer handling sigil logic.
- The recommended workflow is to `Pack()` the data (obfuscating it), then encrypt it, and finally `Encode()` the container. This prevents cleartext from being sent to the CPU's encryption instructions.
This change enhances security by adding a user-defined obfuscation layer before the encryption process begins, true to the spirit of Enchantrix.
This commit introduces the concept of "sigils," which are programmable, pure-function transformers that can be applied to a Trix container's payload.
- A `Sigil` interface with `In` and `Out` methods is defined in the `trix` package.
- The `Trix` struct now includes a `Sigils` field to attach a chain of transformers.
- The `Encode` function applies the `In` transformations before encoding the payload.
- The caller is responsible for applying the `Out` transformations after decoding.
This new feature provides a flexible and extensible data pipeline for `Trix` containers.
The implementation is fully tested with the Good, Bad, and Ugly testing strategy.
This commit refactors the test suites for the `crypt` and `trix` packages to follow the Good, Bad, and Ugly testing strategy.
- `_Good` tests cover the ideal "happy path" scenarios.
- `_Bad` tests cover expected failure scenarios with well-formed but invalid inputs.
- `_Ugly` tests cover malicious or malformed inputs designed to cause crashes or panics.
This new testing structure makes the test suite more organized, comprehensive, and robust.
Additionally, this commit includes a bug fix for the `Luhn` function, which now correctly handles empty and single-digit strings.
This commit makes the magic number in the trix file format configurable.
- The `Encode` and `Decode` functions in the `trix` package now accept a `magicNumber` string as a parameter.
- The example in `examples/main.go` has been updated to demonstrate the use of the new configurable magic number.
- The tests for the `trix` package have been updated to verify the new functionality, including tests for invalid magic numbers.
This commit finalizes the project restructuring into a Core-compatible service.
- The `crypt` package is now a service with methods instead of standalone functions.
- Cryptographic implementations (`lthn`, `chachapoly`, `rsa`) are now in `pkg/crypt/std`.
- The `trix` package has been moved to `pkg/trix`.
- The `rootfs` components have been removed to decouple the library from storage.
- All import paths have been updated to reflect the new structure.
- A `Taskfile.yml` has been added for managing common tasks.
This commit restructures the `crypt` service to be more modular and decoupled from storage concerns.
- The standard cryptographic implementations (`lthn`, `chachapoly`, `rsa`) have been moved to the `pkg/crypt/std` directory.
- The `rootfs` components have been removed to decouple the library from storage.
- Import paths have been updated to reflect the new structure.
This commit introduces a new, generic `.trix` file format, which is decoupled from any specific encryption algorithm.
The format is defined in `docs/trix_format.md` and consists of a magic number, version, a flexible JSON header, and a raw data payload.
A new `trix` Go package is implemented to handle the encoding and decoding of this format. Unit tests are included to verify the implementation.
An example file, `examples/main.go`, is also added to demonstrate how to use the `.trix` container to store data encrypted with the `chachapoly` package, showcasing the intended decoupled design.
This commit introduces a new `rootfs` package that provides an encrypted passthrough storage system. The `LocalStorage` implementation uses the local file system as its backing store and encrypts all data at rest using the `chachapoly` package.
The functionality is exposed through the main `crypt` package, providing a clean and simple API for creating and interacting with encrypted file-based storage.
This commit enhances the `README.md` file with more detailed information about the project, including a usage example and a development philosophy section. It also adds a new file, `.ideas/future_improvements.md`, to log out-of-scope ideas for future development.
This commit introduces ChaCha20-Poly1305 encryption functionality. It includes the following changes:
- A new `chachapoly` package has been added.
- The `chachapoly` package contains `Encrypt` and `Decrypt` functions.
- The functionality is fully tested.
- An `.ideas` directory has been created.
