crypto

package
v1.0.20 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 15, 2022 License: AGPL-3.0 Imports: 14 Imported by: 1

Documentation

Index

Examples

Constants

View Source 
const (
	// MinWrapSize is the smallest key byte length that may be wrapped.
	MinWrapSize = 16
	// MaxWrapSize is the largest key byte length that may be wrapped.
	MaxWrapSize = 8192
)
View Source 
const EncryptionKeyLength = 32
View Source 
const Overhead = int(tagLength + nonceLength)
View Source 
const TagLength = 32
View Source 
const TaggerKeyLength = 32
View Source 
const WrapperKeyLength = 32

Variables

View Source 
var ErrInvalidKeyLength = fmt.Errorf("invalid key length, accepted key length is %d bytes", WrapperKeyLength)

Functions

func KMACKDF 

func KMACKDF(size int, kik, label []byte, context ...[]byte) []byte

KMACKDF uses KMAC to derive a `size`-byte cryptographic key from a key initialization key (`kik`), a `label`, and a `context`. Implemented according to: * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf section 4: KMAC * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-draft.pdf section 5.4: KDF Using KMAC

func NewKMAC128 

func NewKMAC128(key []byte, tagSize int, customizationString []byte) hash.Hash

NewKMAC128 returns a new KMAC hash providing 128 bits of security using the given key, which must have 16 bytes or more, generating the given tagSize bytes output and using the given customizationString. Note that unlike other hash implementations in the standard library, the returned Hash does not implement encoding.BinaryMarshaler or encoding.BinaryUnmarshaler.

func NewKMAC256 

func NewKMAC256(key []byte, tagSize int, customizationString []byte) hash.Hash

NewKMAC256 returns a new KMAC hash providing 256 bits of security using the given key, which must have 32 bytes or more, generating the given tagSize bytes output and using the given customizationString. Note that unlike other hash implementations in the standard library, the returned Hash does not implement encoding.BinaryMarshaler or encoding.BinaryUnmarshaler.

Example 
key := []byte("this is a secret key; you should generate a strong random key that's at least 32 bytes long")
tag := make([]byte, 16)
msg := []byte("The quick brown fox jumps over the lazy dog")
// Example 1: Simple KMAC
k := NewKMAC256(key, len(tag), []byte("Partition1"))
k.Write(msg)
k.Sum(tag[:0])
fmt.Println(hex.EncodeToString(tag))
// Example 2: Different customization string produces different digest
k = NewKMAC256(key, 16, []byte("Partition2"))
k.Write(msg)
k.Sum(tag[:0])
fmt.Println(hex.EncodeToString(tag))

Output:

3814d78758add078334b8ab9e5c4f942
3762371e99e1e01ab17742b95c0360da

Types

type AEADInterface 

type AEADInterface interface {
	// Encrypt encrypts uses the key to encrypt and authenticate the plaintext and authenticated the
	// associated data. The backing array of `plaintext` is likely modified during this operation.
	Encrypt(plaintext, data, key []byte) ([]byte, error)

	// Decrypt uses the key to verify the authenticity of the ciphertext and associated data and
	// decrypt the ciphertext. The `ciphertext` array is modified during this operation.
	Decrypt(ciphertext, data, key []byte) ([]byte, error)
}

AEADInterface represents an Authenticated Encryption scheme with Associated Data.

type AES256GCM 

type AES256GCM struct {
	Random RandomInterface
}

AES256GCM implements AEADInterface.

func (*AES256GCM) Decrypt 

func (a *AES256GCM) Decrypt(ciphertext, aad, key []byte) ([]byte, error)

func (*AES256GCM) Encrypt 

func (a *AES256GCM) Encrypt(plaintext, aad, key []byte) ([]byte, error)

type Cryptor 

type Cryptor struct {
	// contains filtered or unexported fields
}

Cryptor implements the CryptorInterface.

func NewAESCryptor 

func NewAESCryptor(KEK []byte) (Cryptor, error)

NewAESCryptor creates a Cryptor which uses AES-256 in GCM mode.

func (*Cryptor) Decrypt 

func (c *Cryptor) Decrypt(plaintext, data interface{}, wrappedKey, ciphertext []byte) error

func (*Cryptor) Encrypt 

func (c *Cryptor) Encrypt(plaintext, data interface{}) ([]byte, []byte, error)

type CryptorInterface 

type CryptorInterface interface {
	// Encrypt encrypts plaintext and associated data with a random key. It returns the wrapped key
	// and the ciphertext.
	Encrypt(plaintext, data interface{}) (wrappedKey, ciphertext []byte, err error)

	// Decrypt decrypts a ciphertext using the provided wrapped key and associated data. It
	// deserializes the result into `plaintext`.
	Decrypt(plaintext, data interface{}, wrappedKey, ciphertext []byte) (err error)
}

CryptorInterface provides an API to encrypt/decrypt data and additional associated data with a (wrapped) random key.

type KWP 

type KWP struct {
	// contains filtered or unexported fields
}

KWP is an implementation of an AES-KWP key wrapping cipher.

func NewKWP 

func NewKWP(wrappingKey []byte) (*KWP, error)

NewKWP returns a KWP instance. The key argument should be the AES wrapping key, either 16 or 32 bytes to select AES-128 or AES-256.

func (*KWP) Unwrap 

func (kwp *KWP) Unwrap(data []byte) ([]byte, error)

Unwrap unwraps a wrapped key.

func (*KWP) Wrap 

func (kwp *KWP) Wrap(data []byte) ([]byte, error)

Wrap wraps the provided key material.

type KeyWrapperInterface 

type KeyWrapperInterface interface {
	// Wrap wraps the provided key material.
	Wrap(key []byte) ([]byte, error)

	// Unwrap unwraps a wrapped key.
	Unwrap(key []byte) ([]byte, error)
}

KeyWrapperInterface provides an API to wrap/unwrap key material.

type MockRandom 

type MockRandom struct {
	Bytes []byte
}

MockRandom is a mock implementation of RandomInterface for testing.

func (*MockRandom) GetBytes 

func (r *MockRandom) GetBytes(n uint) ([]byte, error)

type NativeRandom 

type NativeRandom struct {
}

NativeRandom implements RandomInterface.

func (*NativeRandom) GetBytes 

func (r *NativeRandom) GetBytes(n uint) ([]byte, error)

type PasswordHasher 

type PasswordHasher struct {
	// contains filtered or unexported fields
}

PasswordHasher implements PasswordHasherInterface using pbkdf2.

func NewPasswordHasher 

func NewPasswordHasher() *PasswordHasher

func (*PasswordHasher) Compare 

func (p *PasswordHasher) Compare(password string, saltAndHash []byte) bool

func (*PasswordHasher) GeneratePassword 

func (p *PasswordHasher) GeneratePassword() (string, []byte, error)

type PasswordHasherInterface 

type PasswordHasherInterface interface {
	// GeneratePassword returns a random password and a salted hash of that password.
	GeneratePassword() (string, []byte, error)

	// Compare checks if the password matches the given hash.
	Compare(password string, saltAndHash []byte) bool
}

PasswordHasherInterface provides an API for securely generating and checking passwords.

type RandomInterface 

type RandomInterface interface {
	// GetBytes generates the requested number of random bytes.
	GetBytes(n uint) ([]byte, error)
}

RandomInterface provides an API for getting cryptographically secure random bytes.

type Tagger 

type Tagger struct {
	Key []byte
}

Tagger implements the TaggerInterface

func NewKMAC256Tagger 

func NewKMAC256Tagger(key []byte) (Tagger, error)

NewKMAC256Tagger creates a Tagger which uses KMAC256.

func (*Tagger) Tag 

func (t *Tagger) Tag(data interface{}) ([]byte, error)

type TaggerInterface 

type TaggerInterface interface {
	// Tag creates a cryptographic tag of data.
	Tag(data interface{}) (mac []byte, err error)
}

TaggerInterface provides an API to create a cryptographic tag, i.e. a piece of information used for authenticating data.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.