Documentation
¶
Overview ¶
Package crypto provides tools for encrypting and decrypting data in fixed and stream formats, and for converting Ed25519 keys to X25519 keys.
Encryption for a target X25519 public key is done as follows. Generate an ephemeral X25519 keypair and compute a shared secret between the ephemeral private key and the target public key. This shared secret is passed to a SHA-512 HKDF with a random salt. From this HKDF, read a 32-byte key. The HKDF-read key is passed as the key to an XChaCha20-Poly1305 AEAD (ChaCha20 with extendend nonce and Poly1305 MACs). Finally a 24-byte nonce must be passed with the plaintext to the AEAD, which produces the ciphertext.
Index ¶
- func DecryptFixed(ciphertext, priv []byte) ([]byte, error)
- func EncryptFixed(plaintext, publ []byte) ([]byte, error)
- func NewReader(r io.Reader, priv []byte, bufsiz int) (io.Reader, error)
- func NewWriter(w io.Writer, publ []byte, bufsiz int) (io.WriteCloser, error)
- func PrivEd25519ToX25519(priv ed25519.PrivateKey) ([]byte, error)
- func PublEd25519ToX25519(publ ed25519.PublicKey) ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecryptFixed ¶
DecryptFixed decrypts a ciphertext which was encrypted using EncryptFixed.
func EncryptFixed ¶
EncryptFixed follows the general encryption pattern given in the package description. The AEAD nonce is randomly generated.
Ciphertext size = len(plantext) + curve25519.ScalarSize + sha512.Size + chacha20poly1305.NonceSizeX + poly1305.TagSize.
func NewReader ¶
NewReader implements decryption for an io.Reader object. Decryption is done in chunks of bufsiz plaintext. Reading is buffered, and only reading until EOF is gauranteed to result in an empty ciphertext buffer.
func NewWriter ¶
NewWriter implements encryption for an io.Writer object. Encryption is done in chunks of bufsiz plaintext. Writing is buffered, and the object should be closed to flush remaining buffered plaintext (by encrypting a smaller last chunk). The AEAD nonce is 16 bytes randomly generated followed by an 8-byte counter (incrementing for each chunk).
Ciphertext size = len(plaintext) + curve25519.ScalarSize + sha512.Size + ((len(plaintext) - 1)/bufsiz + 1) * (chacha20poly1305.NonceSizeX + poly1305.TagSize).
func PrivEd25519ToX25519 ¶
func PrivEd25519ToX25519(priv ed25519.PrivateKey) ([]byte, error)
PrivEd25519ToX25519 converts an Ed25519 private key to a X25519 key.
The Ed25519 private key is assumed to be encoded as used in golang.org/crypto/ed25519 with the public key as a suffix to the "seed".
func PublEd25519ToX25519 ¶
PublEd25519ToX25519 converts an Ed25519 public key to a X25519 key. Converts the y-coordinate of a twisted Edwards curve to the u-coordinate of a Montgomery curve.
The Ed25519 public key is assumed to be encoded according to RFC 8032, as used in golang.org/crypto/ed25519.
TODO: compare to libsodium, ensure we get the same results
TODO: libsodium does various checks on the public key prior to converting
Types ¶
This section is empty.
Source Files