crypto

package
v0.0.0-...-6618740 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2026 License: MIT Imports: 20 Imported by: 0

Documentation

Overview

Package crypto contains low-level cryptographic primitives used across the Signal protocol implementation.

Index

Constants

View Source 
const AESGCMSIVNonceSize = 12

AESGCMSIVNonceSize is the nonce size for AES-GCM-SIV.

Variables

View Source 
var ErrCiphertextTooShort = errors.New("aead: ciphertext too short")

ErrCiphertextTooShort is returned when the ciphertext is shorter than the nonce/tag requirements.

View Source 
var ErrHKDFLength = errors.New("hkdf: invalid length")

ErrHKDFLength is returned when HKDF output length is invalid.

View Source 
var ErrInvalidKey = errors.New("aead: invalid key length")

ErrInvalidKey is returned when the key length is incorrect.

View Source 
var ErrInvalidLength = errors.New("random: invalid length")

ErrInvalidLength is returned when a negative or oversized length is requested.

View Source 
var ErrInvalidPublicKey = errors.New("curve25519: invalid public key")

ErrInvalidPublicKey is returned when a provided Curve25519 public key is invalid or low-order.

Functions

func AES256CTRHMACSHA256Decrypt 

func AES256CTRHMACSHA256Decrypt(ciphertext, cipherKey, macKey []byte) ([]byte, error)

AES256CTRHMACSHA256Decrypt verifies the truncated HMAC-SHA256 and decrypts AES-256-CTR ciphertext.

func AES256CTRHMACSHA256Encrypt 

func AES256CTRHMACSHA256Encrypt(plaintext, cipherKey, macKey []byte) ([]byte, error)

AES256CTRHMACSHA256Encrypt encrypts plaintext with AES-256-CTR and appends a truncated HMAC-SHA256.

func AESCBCDecrypt 

func AESCBCDecrypt(key, iv, ciphertext []byte) ([]byte, error)

AESCBCDecrypt decrypts ciphertext with AES-CBC and PKCS#7 unpadding.

func AESCBCEncrypt 

func AESCBCEncrypt(key, iv, plaintext []byte) ([]byte, error)

AESCBCEncrypt encrypts plaintext with AES-CBC and PKCS#7 padding.

func AESGCMDecrypt 

func AESGCMDecrypt(key, ciphertext, nonce, associatedData []byte) ([]byte, error)

AESGCMDecrypt decrypts using AES-256-GCM with the provided nonce.

func AESGCMEncrypt 

func AESGCMEncrypt(key, plaintext, associatedData []byte) (ciphertext, nonce []byte, err error)

AESGCMEncrypt is a convenience wrapper returning ciphertext and nonce separately.

func AESGCMEncryptWithNonce 

func AESGCMEncryptWithNonce(key, plaintext, nonce, associatedData []byte) ([]byte, error)

AESGCMEncryptWithNonce encrypts using AES-256-GCM with a caller-provided nonce.

func AESGCMSIVDecrypt 

func AESGCMSIVDecrypt(key, nonce, ciphertext, associatedData []byte) ([]byte, error)

AESGCMSIVDecrypt decrypts ciphertext using AES-GCM-SIV with the provided nonce and associated data.

func AESGCMSIVEncrypt 

func AESGCMSIVEncrypt(key, nonce, plaintext, associatedData []byte) ([]byte, error)

AESGCMSIVEncrypt encrypts plaintext using AES-GCM-SIV with the provided nonce and associated data.

func ChaChaDecrypt 

func ChaChaDecrypt(key, ciphertext, nonce, associatedData []byte) ([]byte, error)

ChaChaDecrypt decrypts using ChaCha20-Poly1305 with the provided nonce.

func ChaChaEncrypt 

func ChaChaEncrypt(key, plaintext, associatedData []byte) (ciphertext, nonce []byte, err error)

ChaChaEncrypt is a convenience wrapper returning ciphertext and nonce separately.

func ChaChaEncryptWithNonce 

func ChaChaEncryptWithNonce(key, plaintext, nonce, associatedData []byte) ([]byte, error)

ChaChaEncryptWithNonce encrypts using ChaCha20-Poly1305 with a caller-provided nonce.

func DH 

func DH(privateKey, publicKey [32]byte) ([32]byte, error)

DH performs a Curve25519 Diffie-Hellman and rejects low-order public keys by ensuring the derived shared secret is not all zeros.

func HKDF 

func HKDF(inputKeyMaterial, salt, info []byte, length int) ([]byte, error)

HKDF performs HKDF-Extract then HKDF-Expand with SHA-256.

func HKDFExpand 

func HKDFExpand(prk, info []byte, length int) ([]byte, error)

HKDFExpand performs HKDF-Expand with SHA-256.

func HKDFExtract 

func HKDFExtract(salt, inputKeyMaterial []byte) []byte

HKDFExtract performs HKDF-Extract with SHA-256.

func HMAC256 

func HMAC256(key, data []byte) []byte

HMAC256 returns HMAC-SHA256(key, data).

func HMAC512 

func HMAC512(key, data []byte) []byte

HMAC512 returns HMAC-SHA512(key, data).

func HMACVerify 

func HMACVerify(key, data, expectedMAC []byte) bool

HMACVerify computes HMAC-SHA256 over data and compares it to expectedMAC in constant time. Returns false if lengths differ.

func IsKyber1024PublicKey 

func IsKyber1024PublicKey(data []byte) bool

IsKyber1024PublicKey returns true if the serialized public key matches Kyber1024 sizing.

func IsValidPublicKey 

func IsValidPublicKey(publicKey [32]byte) bool

IsValidPublicKey returns true if the Curve25519 public key is not low-order.

func Kyber1024Decapsulate 

func Kyber1024Decapsulate(privateKey []byte, ciphertext []byte) ([]byte, error)

Kyber1024Decapsulate decapsulates a shared secret from the serialized private key and ciphertext.

func Kyber1024Encapsulate 

func Kyber1024Encapsulate(publicKey []byte) ([]byte, []byte, error)

Kyber1024Encapsulate encapsulates a shared secret to the serialized public key.

func Kyber1024EncapsulateDeterministically 

func Kyber1024EncapsulateDeterministically(publicKey []byte, seed []byte) ([]byte, []byte, error)

Kyber1024EncapsulateDeterministically encapsulates using a fixed seed.

func RandomBytes 

func RandomBytes(length int) ([]byte, error)

RandomBytes returns securely generated random bytes of the requested length.

func RandomScalar 

func RandomScalar() ([32]byte, error)

RandomScalar returns a clamped Curve25519 private scalar.

func SetRandReader 

func SetRandReader(r io.Reader) func()

SetRandReader overrides the randomness source and returns a restore function. Intended for tests that need deterministic output.

func ValidatePublicKey 

func ValidatePublicKey(publicKey [32]byte) error

ValidatePublicKey rejects low-order Curve25519 public keys.

func XEdDSASign 

func XEdDSASign(privateKey [32]byte, messagePieces ...[]byte) ([]byte, error)

XEdDSASign returns an XEdDSA signature over the provided message pieces.

func XEdDSASigningPublicKey 

func XEdDSASigningPublicKey(privateKey [32]byte) ([32]byte, error)

XEdDSASigningPublicKey derives the Ed25519-style public key used to compute the sign bit.

func XEdDSAVerify 

func XEdDSAVerify(publicKey [32]byte, signature []byte, messagePieces ...[]byte) bool

XEdDSAVerify validates an XEdDSA signature over the provided message pieces.

func ZeroBytes 

func ZeroBytes(b []byte)

ZeroBytes overwrites b with zeros and keeps it alive until the overwrite completes.

func ZeroKey 

func ZeroKey(k *[32]byte)

ZeroKey overwrites k with zeros and keeps it alive until the overwrite completes.

Types

type AEAD 

type AEAD interface {
	Encrypt(key, plaintext, ad []byte) ([]byte, error)
	Decrypt(key, ciphertext, ad []byte) ([]byte, error)
	KeySize() int
	NonceSize() int
}

AEAD defines authenticated encryption with associated data using combined nonce+ciphertext encoding. Encrypt returns nonce||ciphertext||tag; Decrypt expects the same format and uses NonceSize to split.

type AESGCM 

type AESGCM struct {
	// contains filtered or unexported fields
}

AESGCM implements AEAD using AES-256-GCM.

func NewAESGCM 

func NewAESGCM(r io.Reader) *AESGCM

NewAESGCM returns an AES-256-GCM AEAD; if r is nil crypto/rand.Reader is used.

func (*AESGCM) Decrypt 

func (a *AESGCM) Decrypt(key, ciphertext, ad []byte) ([]byte, error)

Decrypt splits nonce||ciphertext||tag and decrypts.

func (*AESGCM) Encrypt 

func (a *AESGCM) Encrypt(key, plaintext, ad []byte) ([]byte, error)

Encrypt generates a random nonce, encrypts plaintext, and returns nonce||ciphertext||tag.

func (*AESGCM) KeySize 

func (a *AESGCM) KeySize() int

KeySize returns the expected key length in bytes.

func (*AESGCM) NonceSize 

func (a *AESGCM) NonceSize() int

NonceSize returns the nonce length in bytes.

type ChaChaAEAD 

type ChaChaAEAD struct {
	// contains filtered or unexported fields
}

ChaChaAEAD implements AEAD using ChaCha20-Poly1305.

func NewChaChaAEAD 

func NewChaChaAEAD(r io.Reader) *ChaChaAEAD

NewChaChaAEAD returns a ChaCha20-Poly1305 AEAD; if r is nil crypto/rand.Reader is used.

func (*ChaChaAEAD) Decrypt 

func (c *ChaChaAEAD) Decrypt(key, ciphertext, ad []byte) ([]byte, error)

Decrypt splits nonce||ciphertext||tag and decrypts.

func (*ChaChaAEAD) Encrypt 

func (c *ChaChaAEAD) Encrypt(key, plaintext, ad []byte) ([]byte, error)

Encrypt generates a random nonce, encrypts plaintext, and returns nonce||ciphertext||tag.

func (*ChaChaAEAD) KeySize 

func (c *ChaChaAEAD) KeySize() int

KeySize returns the expected key length in bytes.

func (*ChaChaAEAD) NonceSize 

func (c *ChaChaAEAD) NonceSize() int

NonceSize returns the nonce length in bytes.

type KeyPair 

type KeyPair struct {
	PublicKey  [32]byte
	PrivateKey [32]byte
}

KeyPair holds a Curve25519 key pair.

func GenerateKeyPair 

func GenerateKeyPair() (*KeyPair, error)

GenerateKeyPair creates a new Curve25519 key pair using crypto/rand.

func KeyPairFromPrivate 

func KeyPairFromPrivate(privateKey [32]byte) (*KeyPair, error)

KeyPairFromPrivate derives the public key for the provided private key bytes.

type KyberKeyPair 

type KyberKeyPair struct {
	PublicKey  []byte
	PrivateKey []byte
}

KyberKeyPair holds serialized Kyber1024 keys (type prefix + raw key bytes).

func GenerateKyber1024KeyPair 

func GenerateKyber1024KeyPair() (*KyberKeyPair, error)

GenerateKyber1024KeyPair creates a Kyber1024 key pair serialized with type prefixes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.