crypto

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2026 License: MPL-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const BlockSize = uint64(2 << 16) // On linux cp works with blocks of 128KiB, we use double.
View Source 
const EncOverhead = uint64(chacha20poly1305.NonceSize + chacha20poly1305.Overhead)
View Source 
const KeySize = chacha20poly1305.KeySize
View Source 
const NonceSize = chacha20poly1305.NonceSize

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(kek, input []byte) ([]byte, error)

Decrypt decrypts [nonce | ciphertext+MAC] using KEK. Returns plainText or error if authentication fails.

func DecryptChunked 

func DecryptChunked(kek []byte, r io.Reader, w io.Writer, cipherSize uint64) error

func DecryptedSize 

func DecryptedSize(cipherSize uint64) (uint64, error)

func DeriveAES256Key 

func DeriveAES256Key(sharedSecrets ...[]byte) ([]byte, error)

DeriveAES256Key derives a 32-byte symmetric key for AES-256-GCM. Uses a different HKDF label for domain separation from ChaCha20 keys.

func DeriveChaCha20Key 

func DeriveChaCha20Key(sharedSecrets ...[]byte) ([]byte, error)

DeriveChaCha20Key derives a 32-byte symmetric key using SHA-512 over the given secrets.

func DeriveKey 

func DeriveKey(suite CipherSuite, sharedSecrets ...[]byte) ([]byte, error)

DeriveKey derives a symmetric key using the appropriate HKDF label for the cipher suite. Domain separation ensures the same input secrets produce different keys for different ciphers.

func DeriveRelayKeys 

func DeriveRelayKeys(roomPassword []byte) (lookupKey []byte, encryptionKey []byte, err error)

DeriveRelayKeys derives lookup and encryption keys from a room password. The room password should be the first 32 bytes of the shared fingerprint. Returns:

  • lookupKey: 32 bytes, used as relay index (base64 encoded as Bearer token)
  • encryptionKey: 32 bytes, used for ChaCha20-Poly1305 encryption of registration data

func Encrypt 

func Encrypt(kek, plainText []byte) ([]byte, error)

Encrypt encrypts plainText using KEK with ChaCha20-Poly1305. Returns [nonce | ciphertext+MAC], or error.

func EncryptChunked 

func EncryptChunked(kek []byte, r io.Reader, w io.Writer, plainSize uint64) error

func EncryptWithNonce 

func EncryptWithNonce(kek, plainText []byte, nonce [NonceSize]byte) ([]byte, error)

EncryptWithNonce encrypts using a provided nonce (for counter-based encryption). Returns [nonce | ciphertext+MAC], or error.

func EncryptedSize 

func EncryptedSize(plainSize uint64) uint64

func ExtractRoomPassword 

func ExtractRoomPassword(fingerprint string) ([]byte, error)

ExtractRoomPassword extracts the first 32 bytes from a base64-encoded fingerprint. This "room password" is shared out-of-band and used to derive relay encryption keys.

func Fingerprint 

func Fingerprint(pub []byte) string

func GenerateMLKEMKeypair 

func GenerateMLKEMKeypair() (*mlkem.DecapsulationKey1024, *mlkem.EncapsulationKey1024, error)

func GenerateSeed 

func GenerateSeed() []byte

func GenerateX25519Keypair 

func GenerateX25519Keypair() (*ecdh.PrivateKey, *ecdh.PublicKey, error)

func HasHardwareAES 

func HasHardwareAES() bool

HasHardwareAES returns true if the CPU has hardware AES acceleration. On x86 this is AES-NI; on ARM64 this is the ARMv8 AES extension.

func NewAEAD 

func NewAEAD(suite CipherSuite, key []byte) (cipher.AEAD, error)

NewAEAD creates an AEAD cipher for the given suite and key. Both AES-256-GCM and ChaCha20-Poly1305 use 32-byte keys, 12-byte nonces, and 16-byte auth tags — the wire format is identical.

func ProtocolFingerprintV0 

func ProtocolFingerprintV0(pubkeys map[string][]byte) (string, error)

ProtocolFingerprintV0 computes a stable fingerprint hash of ordered public keys.

func RandomBytes 

func RandomBytes(size int) ([]byte, error)

func ValidateSeed 

func ValidateSeed(s []byte) error

func X25519Decapsulate 

func X25519Decapsulate(ciphertext []byte, recipientPriv *ecdh.PrivateKey, senderPub *ecdh.PublicKey) ([]byte, error)

func X25519Encapsulate 

func X25519Encapsulate(seed []byte, senderPriv *ecdh.PrivateKey, recipientPub *ecdh.PublicKey) ([]byte, error)

Types

type CipherSuite 

type CipherSuite string

CipherSuite identifies an AEAD cipher for the encrypted connection. 

const (
	CipherChaCha20 CipherSuite = "chacha20-poly1305"
	CipherAES256   CipherSuite = "aes-256-gcm"
)

func NegotiateCipher 

func NegotiateCipher(local, remote []CipherSuite) CipherSuite

NegotiateCipher picks the best cipher both peers support. Returns the first cipher from `local` that also appears in `remote`. Falls back to ChaCha20 if no intersection (should never happen).

func SupportedCiphers 

func SupportedCiphers() []CipherSuite

SupportedCiphers returns the cipher suites this peer supports, ordered by preference (best first).

type NonceGenerator 

type NonceGenerator struct {
	// contains filtered or unexported fields
}

NonceGenerator provides deterministic counter-based nonces. Structure: [4-byte prefix][8-byte counter] = 12 bytes total. The prefix distinguishes directions (inbound vs outbound) to prevent reuse.

func NewNonceGenerator 

func NewNonceGenerator(prefix uint32) *NonceGenerator

NewNonceGenerator creates a nonce generator with the given prefix. Use different prefixes for inbound vs outbound to avoid nonce reuse.

func (*NonceGenerator) Count 

func (ng *NonceGenerator) Count() uint64

Count returns the current counter value (for monitoring/debugging).

func (*NonceGenerator) Next 

func (ng *NonceGenerator) Next() [NonceSize]byte

Next returns the next nonce and increments the counter. Thread-safe via atomic operations.

type OwnKeys 

type OwnKeys struct {
	MlKemPrivate *mlkem.DecapsulationKey1024
	MlKemPublic  *mlkem.EncapsulationKey1024

	X25519Private *ecdh.PrivateKey
	X25519Public  *ecdh.PublicKey
}

func (*OwnKeys) ExportPubKeysAsMap 

func (ok *OwnKeys) ExportPubKeysAsMap() (map[string]string, error)

func (*OwnKeys) Fingerprint 

func (ok *OwnKeys) Fingerprint() (string, error)

func (*OwnKeys) Validate 

func (ok *OwnKeys) Validate() error

type PeerKeys 

type PeerKeys struct {
	MlKemPublic  *mlkem.EncapsulationKey1024
	X25519Public *ecdh.PublicKey
}

func ParsePeerKeys 

func ParsePeerKeys(pubMap map[string][]byte) (*PeerKeys, error)

func (*PeerKeys) Fingerprint 

func (pk *PeerKeys) Fingerprint() (string, error)

func (*PeerKeys) Validate 

func (pk *PeerKeys) Validate() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.