Initial commit

.github/dependabot.yml

@@ -0,0 +1,19 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  # Maintain dependencies for the backend
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+

.github/workflows/release.yml

@@ -0,0 +1,23 @@
+name: release
+
+# Publish new release on new tag push
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v2
+
+      - uses: actions/checkout@v2
+
+      - uses: goreleaser/goreleaser-action@v2.4.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
+        with:
+          version: latest
+          args: release --rm-dist

.github/workflows/test.yml

@@ -0,0 +1,24 @@
+name: test
+
+on: [push, pull_request]
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      # Setup Golang
+      - uses: actions/setup-go@v2
+
+      # Cache
+      - uses: actions/cache@v2
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      # Build and test
+      - run: make build test

.gitignore

@@ -0,0 +1,10 @@
+**/.DS_Store
+*.pid
+*.sublime*
+.idea/
+.vscode/
+coverage
+coverage.out
+lastupdate.tmp
+*.bin
+dist/*

.goreleaser.yml

@@ -0,0 +1,52 @@
+project_name: covert
+release:
+  github:
+    owner: covert
+    name: covert
+  name_template: 'Release {{.Tag}}'
+before:
+  hooks:
+    - go mod download
+builds:
+  - binary: covert
+    env:
+      - CGO_ENABLED=0
+      - GO111MODULE=on
+    ldflags: -s -w -X main.GitCommit={{ .ShortCommit }}  -X main.BuildDate={{ .Timestamp }}
+    goos:
+      - linux
+      - darwin
+      - windows
+    goarch:
+      - 386
+      - amd64
+      - arm
+      - arm64
+    goarm:
+      - 7
+archives:
+  - name_template: '{{.ProjectName}}-{{.Tag}}-{{.Os}}-{{.Arch}}{{if .Arm}}{{.Arm}}{{end}}'
+    replacements:
+      darwin: darwin
+      linux: linux
+      windows: windows
+      amd64: amd64
+      arm: arm
+      arm64: arm64
+    format: tar.gz
+    format_overrides:
+      - goos: windows
+        format: zip
+    files:
+      - LICENSE
+      - README.md
+checksum:
+  name_template: 'checksums.txt'
+  algorithm: sha256
+snapshot:
+  name_template: "{{ .Tag }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^tests:'

Makefile

@@ -0,0 +1,9 @@
+build:
+	go build -o dist/covert-darwin-arm  cmd/*.go
+
+test:
+	go fmt ./...
+	go test -v ./... -coverprofile=coverage.out
+
+coverage:
+	go tool cover -html=coverage.out

README.md

@@ -0,0 +1,60 @@
+# Covert
+
+Covert is a deniable encryption software.
+
+## Disclaimer
+
+Covert is an early stage **research prototype** and comes with absolutely **no warranty**.
+
+## Description
+
+"In cryptography and steganography, plausibly deniable encryption describes encryption techniques where
+the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove
+that the plaintext data exists." – [Wikipedia](https://en.wikipedia.org/wiki/Deniable_encryption)
+
+## Scenario
+
+Deniable encryption allows the sender of an encrypted message to deny sending that message. This requires a trusted
+third party. A possible scenario looks like this:
+
+Bob needs to travel to a country with a legislation that requires individuals to surrender cryptographic keys to law
+enforcement. That being the case, Bob wants to keep his private data out of their eyes, to protect his privacy. He
+creates two keys, one intended to be kept secret, the other intended to be sacrificed.
+
+Bob constructs an innocuous message M1 (intended to be revealed to the police in case of discovery) and another one,
+containing the personal data M2 he does not want anyone to know about.
+
+He constructs a cipher-text C out of both messages, M1 and M2, stores it on his device.
+
+Bob travels to the country, passes the border control and later uses his key to decrypt M2 (and possibly M1, in order
+to read the fake message, too).
+
+The police arrest Bob at the border control and finds the encrypted blob on his device, becomes suspicious and forces
+Bob to decrypt the message.
+
+Bob uses the sacrificial key and reveals the innocuous message M1 to the police. Since it is impossible for the police
+to know for sure that there might be other messages contained in C, they might assume that there are no other messages.
+
+## Goals
+
+Bear in mind this project was created with the _requirements_ below in mind, it may not suit your use case.
+
+### Requirements
+
+* Use known and proven cryptographic algorithms (AES-256, PBKDF2) and libraries.
+* The system must be mathematically indecipherable without the key.
+* The mechanism should not require secrecy, and it should not be a problem if it falls into enemy hands.
+* An adversary cannot prove concealed content exists without observing the program's execution during encryption.
+* Portable, without any system dependencies (statically linked binaries).
+* Does not require kernel or userspace filesystems.
+
+## Documentation
+
+All the documentation lives in the `docs` folder.
+
+- [usage](docs/usage.md)
+- [approach](docs/approach.md)
+
+## License
+
+GNU General Public License version 3.

cmd/cmd.go

@@ -0,0 +1,74 @@
+package main
+
+import (
+	"errors"
+	"flag"
+	"fmt"
+	"os"
+)
+
+var usage = `usage: covert [--version] [--help]
+
+encrypt - encrypt the given file(s) into a series volume, you can specifie as many -in/-key pair as you need.
+    
+    -in 	name of the file to be encrypted
+    -key	secret key to use to encrypt the data
+
+	example: encrypt -in example.txt -key my-secret-key
+
+decrypt - search for a volume matching the given key and output the data to a file if found.
+
+	example: decrypt -out example.txt -key my-secret-key
+`
+
+func main() {
+	if err := root(os.Args[1:]); err != nil {
+		fmt.Println("\nError:", err)
+		os.Exit(1)
+	}
+
+	flag.Bool("help", false, "display the usage")
+	flag.Bool("version", false, "display the version")
+	flag.Parse()
+}
+
+type Runner interface {
+	Init([]string) error
+	Name() string
+	Validate() error
+	Run() error
+}
+
+func root(args []string) error {
+	if len(args) < 1 {
+		return errors.New(usage)
+	}
+
+	fmt.Println(args)
+
+	subcommand := args[0]
+
+	cmds := []Runner{
+		NewEncryptCmd(),
+		NewDecryptCmd(),
+	}
+
+	for _, cmd := range cmds {
+		if cmd.Name() == subcommand {
+			var err error
+			err = cmd.Init(args[1:])
+			if err != nil {
+				return err
+			}
+
+			err = cmd.Validate()
+			if err != nil {
+				return err
+			}
+
+			return cmd.Run()
+		}
+	}
+
+	return fmt.Errorf("unknown subcommand: %s", subcommand)
+}