Documentation
¶
Index ¶
- Constants
- Variables
- func HashPassword(rawPassword, uniqueValue []byte) []byte
- type AESGCMBlockCipher
- func (c *AESGCMBlockCipher) BlockContext() BlockContext
- func (*AESGCMBlockCipher) BlockSize() int
- func (c *AESGCMBlockCipher) Clone() BlockCipher
- func (c *AESGCMBlockCipher) Decrypt(ciphertext []byte) ([]byte, error)
- func (c *AESGCMBlockCipher) DecryptWithNonce(ciphertext, nonce []byte) ([]byte, error)
- func (c *AESGCMBlockCipher) Encrypt(plaintext []byte) ([]byte, error)
- func (c *AESGCMBlockCipher) EncryptWithNonce(plaintext, nonce []byte) ([]byte, error)
- func (c *AESGCMBlockCipher) IsStateless() bool
- func (c *AESGCMBlockCipher) NonceSize() int
- func (c *AESGCMBlockCipher) Overhead() int
- func (c *AESGCMBlockCipher) SetBlockContext(bc BlockContext)
- func (c *AESGCMBlockCipher) SetImplicitNonceMode(enable bool)
- type BlockCipher
- func BlockCipherFromPassword(password []byte, stateless bool) (BlockCipher, error)
- func BlockCipherListFromPassword(password []byte, stateless bool) ([]BlockCipher, error)
- func CloneBlockCiphers(blocks []BlockCipher) []BlockCipher
- func SelectDecrypt(data []byte, blocks []BlockCipher) (BlockCipher, []byte, error)
- func TryDecrypt(data, password []byte, stateless bool) (BlockCipher, []byte, error)
- type BlockContext
Constants ¶
View Source
const ( DefaultNonceSize = 12 // 12 bytes DefaultOverhead = 16 // 16 bytes DefaultKeyLen = 32 // 256 bits ClientDecryptionMetricGroupName = "cipher - client" ServerDecryptionMetricGroupName = "cipher - server" )
Variables ¶
View Source
var ( // Number of decryption using the cipher block associated with the connection. ClientDirectDecrypt = metrics.RegisterMetric(ClientDecryptionMetricGroupName, "DirectDecrypt") // Number of decryption using the stored cipher block but failed. ClientFailedDirectDecrypt = metrics.RegisterMetric(ClientDecryptionMetricGroupName, "FailedDirectDecrypt") // Number of decryption using the cipher block associated with the connection. ServerDirectDecrypt = metrics.RegisterMetric(ServerDecryptionMetricGroupName, "DirectDecrypt") // Number of decryption using the stored cipher block but failed. ServerFailedDirectDecrypt = metrics.RegisterMetric(ServerDecryptionMetricGroupName, "FailedDirectDecrypt") // Number of decryption that failed after iterating all possible cipher blocks. ServerFailedIterateDecrypt = metrics.RegisterMetric(ServerDecryptionMetricGroupName, "FailedIterateDecrypt") )
Functions ¶
func HashPassword ¶
HashPassword generates a hashed password from the raw password and a unique value that decorates the password.
Types ¶
type AESGCMBlockCipher ¶
type AESGCMBlockCipher struct {
// contains filtered or unexported fields
}
AESGCMBlockCipher implements BlockCipher interface with AES-GCM algorithm.
func (*AESGCMBlockCipher) BlockContext ¶ added in v1.9.0
func (c *AESGCMBlockCipher) BlockContext() BlockContext
func (*AESGCMBlockCipher) BlockSize ¶
func (*AESGCMBlockCipher) BlockSize() int
BlockSize returns the block size of cipher.
func (*AESGCMBlockCipher) Clone ¶ added in v1.4.0
func (c *AESGCMBlockCipher) Clone() BlockCipher
func (*AESGCMBlockCipher) Decrypt ¶
func (c *AESGCMBlockCipher) Decrypt(ciphertext []byte) ([]byte, error)
func (*AESGCMBlockCipher) DecryptWithNonce ¶ added in v1.15.0
func (c *AESGCMBlockCipher) DecryptWithNonce(ciphertext, nonce []byte) ([]byte, error)
func (*AESGCMBlockCipher) Encrypt ¶
func (c *AESGCMBlockCipher) Encrypt(plaintext []byte) ([]byte, error)
func (*AESGCMBlockCipher) EncryptWithNonce ¶ added in v1.15.0
func (c *AESGCMBlockCipher) EncryptWithNonce(plaintext, nonce []byte) ([]byte, error)
func (*AESGCMBlockCipher) IsStateless ¶ added in v1.4.0
func (c *AESGCMBlockCipher) IsStateless() bool
func (*AESGCMBlockCipher) NonceSize ¶
func (c *AESGCMBlockCipher) NonceSize() int
NonceSize returns the number of bytes used by nonce.
func (*AESGCMBlockCipher) Overhead ¶
func (c *AESGCMBlockCipher) Overhead() int
func (*AESGCMBlockCipher) SetBlockContext ¶ added in v1.9.0
func (c *AESGCMBlockCipher) SetBlockContext(bc BlockContext)
func (*AESGCMBlockCipher) SetImplicitNonceMode ¶ added in v1.4.0
func (c *AESGCMBlockCipher) SetImplicitNonceMode(enable bool)
type BlockCipher ¶
type BlockCipher interface {
// Encrypt method adds the nonce in the dst, then encryptes the src.
Encrypt(plaintext []byte) ([]byte, error)
// EncryptWithNonce encrypts the src with the given nonce.
// This method is not supported by stateful BlockCipher.
EncryptWithNonce(plaintext, nonce []byte) ([]byte, error)
// Decrypt method removes the nonce in the src, then decryptes the src.
Decrypt(ciphertext []byte) ([]byte, error)
// DecryptWithNonce decrypts the src with the given nonce.
// This method is not supported by stateful BlockCipher.
DecryptWithNonce(ciphertext, nonce []byte) ([]byte, error)
NonceSize() int
Overhead() int
// Clone method creates a deep copy of block cipher itself.
// Panic if this operation fails.
Clone() BlockCipher
// SetImplicitNonceMode enables or disables implicit nonce mode.
// Under implicit nonce mode, the nonce is set exactly once on the first
// Encrypt() or Decrypt() call. After that, all Encrypt() or Decrypt()
// calls will not look up nonce in the data. Each Encrypt() or Decrypt()
// will cause the nonce value to be increased by 1.
//
// Implicit nonce mode is disabled by default.
//
// Disabling implicit nonce mode removes the implicit nonce (state)
// from the block cipher.
SetImplicitNonceMode(enable bool)
// IsStateless returns true if the BlockCipher can do arbitrary Encrypt()
// and Decrypt() in any sequence.
IsStateless() bool
// BlockContext returns a copy of BlockContext.
BlockContext() BlockContext
// SetBlockContext sets the BlockContext.
SetBlockContext(bc BlockContext)
}
BlockCipher is an interface of block encryption and decryption.
func BlockCipherFromPassword ¶
func BlockCipherFromPassword(password []byte, stateless bool) (BlockCipher, error)
BlockCipherFromPassword creates a BlockCipher object from the password with the default settings.
func BlockCipherListFromPassword ¶
func BlockCipherListFromPassword(password []byte, stateless bool) ([]BlockCipher, error)
BlockCipherListFromPassword creates three BlockCipher objects using different salts from the password with the default settings.
func CloneBlockCiphers ¶ added in v1.4.0
func CloneBlockCiphers(blocks []BlockCipher) []BlockCipher
CloneBlockCiphers clones a slice of block ciphers.
func SelectDecrypt ¶ added in v1.4.0
func SelectDecrypt(data []byte, blocks []BlockCipher) (BlockCipher, []byte, error)
SelectDecrypt returns the appropriate cipher block that can decrypt the data, as well as the decrypted result.
func TryDecrypt ¶ added in v1.4.0
func TryDecrypt(data, password []byte, stateless bool) (BlockCipher, []byte, error)
TryDecrypt tries to decrypt the data with all possible keys generated from the password. If successful, returns the block cipher as well as the decrypted results.
type BlockContext ¶ added in v1.9.0
type BlockContext struct {
UserName string
}
BlockContext contains optional context associated to a cipher block.
Source Files
Click to show internal directories.
Click to hide internal directories.