ztdo

package
v0.0.0-...-b491790 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2026 License: Apache-2.0 Imports: 16 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	MagicNumberSize      = 4
	ObjectIDSize         = 16
	VersionSize          = 2
	NhpServerLenSize     = 1
	NhpServerMaxSize     = 255
	CipherConfigSize     = 1
	MetadataLenSize      = 2
	MetadataChunkMaxSize = 32767
	PayloadLengthSize    = 3
	IVSize               = 12
	SIGNATURELenSize     = 32
	LENGTHFOR            = "lengthFor"
	LENGTHCONTINUE       = "lengthContinue"
	SUBTRACTFROM         = "subtractFrom"
	DATACHUNKSIZE        = 16777187 // this is calculated by 2 ** 24 - 1 - IVSize (12 bytes) - MaxTagSize (16 bytes)
)
View Source 
const (
	InitialDHPKeyWrappingString = "DHP Data Private Key Wrapping"
)

Variables

View Source 
var DataPrivateKeyWrappingPatterns = [][]MessagePattern{
	{MessagePatternDHSS, MessagePatternS, MessagePatternDHSE},
	{MessagePatternDHSS, MessagePatternRS, MessagePatternDHES},
}

Message patterns that are used for agreeing symmetric key to be used for data private key encryption and decryption.

Functions

This section is empty.

Types

type DataKeyPairECCMode 

type DataKeyPairECCMode uint8

DataKeyPairECCMode is a adapter for ECC key pair generation 

const (
	CURVE25519 DataKeyPairECCMode = iota
	SM2
	UNKNOWN
)

func NewDataKeyPairECCMode 

func NewDataKeyPairECCMode(eccMode core.EccTypeEnum) (DataKeyPairECCMode, error)

func NewDataKeyPairECCModeWithName 

func NewDataKeyPairECCModeWithName(mode string) (DataKeyPairECCMode, error)

func (DataKeyPairECCMode) ECDHFromKey 

func (d DataKeyPairECCMode) ECDHFromKey(prk []byte) core.Ecdh

func (DataKeyPairECCMode) PublicKeyFromKey 

func (d DataKeyPairECCMode) PublicKeyFromKey(prk []byte) []byte

func (DataKeyPairECCMode) String 

func (d DataKeyPairECCMode) String() string

func (DataKeyPairECCMode) ToEccType 

func (d DataKeyPairECCMode) ToEccType() core.EccTypeEnum

func (DataKeyPairECCMode) ToHashType 

func (d DataKeyPairECCMode) ToHashType() core.HashTypeEnum

type DataKeyPairGenerator 

type DataKeyPairGenerator interface {
	Generate(mode DataKeyPairECCMode) (privateKey []byte)
}

Data Key Pair generation interface - Support locally stored key generation by DB - Support KMS (Key Management Service) integration for secure key generation and management - Add TPM (Trusted Platform Module) based key derivation for hardware-backed security These extensions can be implemented by creating new types that satisfy the DataKeyPairGenerator interface.

type DataPrivateKeyWrapping 

type DataPrivateKeyWrapping struct {
	ProviderPublicKeyBase64 string `json:"providerPublicKeyBase64"`
	IvBase64                string `json:"ivBase64"`
	PrkWrapping             string `json:"prkWrapping"`
}

func NewDataPrivateKeyWrapping 

func NewDataPrivateKeyWrapping(providerPublicKeyBase64 string, dataPrivateKeyBase64 string, key, ad []byte) *DataPrivateKeyWrapping

func (*DataPrivateKeyWrapping) Unwrap 

func (d *DataPrivateKeyWrapping) Unwrap(key, ad []byte) (dataPrivateKeyBase64 string, err error)

type Endianness 

type Endianness struct {
	// contains filtered or unexported fields
}

Endianness hides the endianness handling to make it easier to change the endianness of ztdo

func (*Endianness) PutUint32 

func (e *Endianness) PutUint32(b []byte, v uint32)

func (*Endianness) Uint32 

func (e *Endianness) Uint32(b []byte) uint32

type MessagePattern 

type MessagePattern int

MessagePattern defines a set of tokens which are used during symmetric key agreement 

const (
	MessagePatternS MessagePattern = iota
	MessagePatternE
	MessagePatternRS
	MessagePatternRE
	MessagePatternDHEE
	MessagePatternDHES
	MessagePatternDHSE
	MessagePatternDHSS
)

type SymmetricAgreement 

type SymmetricAgreement struct {
	// contains filtered or unexported fields
}

func NewSymmetricAgreement 

func NewSymmetricAgreement(eccMode DataKeyPairECCMode, provider bool) *SymmetricAgreement

func (*SymmetricAgreement) AgreeSymmetricKey 

func (sa *SymmetricAgreement) AgreeSymmetricKey() (gcmKey [core.SymmetricKeySize]byte, ad []byte)

func (*SymmetricAgreement) SetEphemeralKeyPair 

func (sa *SymmetricAgreement) SetEphemeralKeyPair(e core.Ecdh)

func (*SymmetricAgreement) SetMessagePatterns 

func (sa *SymmetricAgreement) SetMessagePatterns(msgPatterns [][]MessagePattern)

func (*SymmetricAgreement) SetPsk 

func (sa *SymmetricAgreement) SetPsk(psk []byte)

func (*SymmetricAgreement) SetRemoteEphemeralPublicKey 

func (sa *SymmetricAgreement) SetRemoteEphemeralPublicKey(re []byte)

func (*SymmetricAgreement) SetRemoteStaticPublicKey 

func (sa *SymmetricAgreement) SetRemoteStaticPublicKey(rs []byte)

func (*SymmetricAgreement) SetStaticKeyPair 

func (sa *SymmetricAgreement) SetStaticKeyPair(s core.Ecdh)

type SymmetricCipherMode 

type SymmetricCipherMode uint8

Symmetric cipher mode provides symmetric encryption and decryption and supports Chinese standards and International standards. 

const (
	AES256GCM64Tag  SymmetricCipherMode = iota // 0x00
	AES256GCM96Tag                             // 0x01
	AES256GCM104Tag                            // 0x02
	AES256GCM112Tag                            // 0x03
	AES256GCM120Tag                            // 0x04
	AES256GCM128Tag                            // 0x05
	SM4GCM64Tag                                // 0x06
	SM4GCM128Tag                               // 0x07
)

func NewSymmetricCipherMode 

func NewSymmetricCipherMode(mode string) (SymmetricCipherMode, error)

func (SymmetricCipherMode) Decrypt 

func (mode SymmetricCipherMode) Decrypt(key, nonce, ciphertext, ad []byte) ([]byte, error)

func (SymmetricCipherMode) Encrypt 

func (mode SymmetricCipherMode) Encrypt(key, nonce, plaintext, ad []byte) ([]byte, error)

func (SymmetricCipherMode) String 

func (m SymmetricCipherMode) String() string

func (SymmetricCipherMode) TagSize 

func (m SymmetricCipherMode) TagSize() int

type Ztdo 

type Ztdo struct {
	// contains filtered or unexported fields
}

func NewZtdo 

func NewZtdo() *Ztdo

func (*Ztdo) DecryptZtdoFile 

func (ztdo *Ztdo) DecryptZtdoFile(ciphertextPath, plaintextPath string, gcmKey []byte, ad []byte) error

func (*Ztdo) EncryptZtdoFile 

func (ztdo *Ztdo) EncryptZtdoFile(plaintextPath, ciphertextPath string, gcmKey []byte, ad []byte) error

func (*Ztdo) Generate 

func (ztdo *Ztdo) Generate(mode DataKeyPairECCMode) (privateKey []byte)

func (*Ztdo) GetCipherMode 

func (ztdo *Ztdo) GetCipherMode() SymmetricCipherMode

func (*Ztdo) GetECCMode 

func (ztdo *Ztdo) GetECCMode() DataKeyPairECCMode

func (*Ztdo) GetObjectID 

func (ztdo *Ztdo) GetObjectID() string

func (*Ztdo) ParseHeader 

func (ztdo *Ztdo) ParseHeader(ciphertextPath string) error

func (*Ztdo) SetCipherConfig 

func (ztdo *Ztdo) SetCipherConfig(hasSignature bool, mode SymmetricCipherMode, eccMode DataKeyPairECCMode)

func (*Ztdo) SetMetadata 

func (ztdo *Ztdo) SetMetadata(metadata string) error

func (*Ztdo) SetNhpServer 

func (ztdo *Ztdo) SetNhpServer(nhpServer string) error

type ZtdoContent 

type ZtdoContent struct {
	Iv         [IVSize]byte `subtractFrom:"CipherText"`
	CipherText []byte
}

type ZtdoHeader 

type ZtdoHeader struct {
	MagicNumber  [MagicNumberSize]byte
	ObjectID     [ObjectIDSize]byte
	Version      [VersionSize]byte
	NhpServerLen [NhpServerLenSize]byte `lengthFor:"NhpServer"`
	// NhpServer with variable length from 0 to 255 bytes
	NhpServer    []byte
	CipherConfig [CipherConfigSize]byte
	Metadata     []ZtdoMetadata
}

func NewZtdoHeader 

func NewZtdoHeader() *ZtdoHeader

func (*ZtdoHeader) GetCipherMode 

func (header *ZtdoHeader) GetCipherMode() SymmetricCipherMode

func (*ZtdoHeader) GetECCMode 

func (header *ZtdoHeader) GetECCMode() DataKeyPairECCMode

func (*ZtdoHeader) GetMetadata 

func (header *ZtdoHeader) GetMetadata() []byte

func (*ZtdoHeader) GetObjectID 

func (header *ZtdoHeader) GetObjectID() string

func (*ZtdoHeader) HasSignature 

func (header *ZtdoHeader) HasSignature() bool

func (*ZtdoHeader) SetCipherConfig 

func (header *ZtdoHeader) SetCipherConfig(hasSignature bool, mode SymmetricCipherMode, eccMode DataKeyPairECCMode)

func (*ZtdoHeader) SetMetadata 

func (header *ZtdoHeader) SetMetadata(metadata string) error

SetMetadata supports variable length of metadata

func (*ZtdoHeader) SetNhpServer 

func (header *ZtdoHeader) SetNhpServer(nhpServer string) error

func (*ZtdoHeader) SetObjectID 

func (header *ZtdoHeader) SetObjectID()

func (*ZtdoHeader) SetVersion 

func (header *ZtdoHeader) SetVersion()

type ZtdoMetadata 

type ZtdoMetadata struct {
	MetadataLen [MetadataLenSize]byte `lengthFor:"Metadata" lengthContinue:"true"`
	// Metadata with variable length from 2 to 65508 bytes
	Metadata []byte
}

type ZtdoPayload 

type ZtdoPayload struct {
	Length  [PayloadLengthSize]byte `lengthFor:"CipherText"`
	Content ZtdoContent
}

func NewZtdoPayload 

func NewZtdoPayload() *ZtdoPayload

func (*ZtdoPayload) GetLength 

func (payload *ZtdoPayload) GetLength() uint32

func (*ZtdoPayload) GetPlainText 

func (payload *ZtdoPayload) GetPlainText(mode SymmetricCipherMode, key []byte, ad []byte) ([]byte, error)

func (*ZtdoPayload) SetCipherText 

func (payload *ZtdoPayload) SetCipherText(mode SymmetricCipherMode, key, plaintext []byte, ad []byte) error

func (*ZtdoPayload) SetIV 

func (payload *ZtdoPayload) SetIV()

func (*ZtdoPayload) SetLength 

func (payload *ZtdoPayload) SetLength()

type ZtdoSignature 

type ZtdoSignature struct {
	Signature [SIGNATURELenSize]byte
}

func NewZtdoSignature 

func NewZtdoSignature() *ZtdoSignature

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.