crypto

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2020 License: Apache-2.0 Imports: 0 Imported by: 84

Documentation

Index

Constants

View Source 
const DefKeySize = 32

DefKeySize is the default key size for crypto primitives.

Variables

This section is empty.

Functions

func NewOpt added in v0.1.5 

func NewOpt() *wrapKeyOpts

NewOpt creates a new empty wrap key option. Not to be used directly. It's intended for implementations of Crypto interface Use WithSender() option function below instead.

Types

type Crypto 

type Crypto interface {
	// Encrypt will encrypt msg and aad using a matching AEAD primitive in kh key handle of a public key
	// returns:
	// 		cipherText in []byte
	//		nonce in []byte
	//		error in case of errors during encryption
	Encrypt(msg, aad []byte, kh interface{}) ([]byte, []byte, error)
	// Decrypt will decrypt cipher with aad and given nonce using a matching AEAD primitive in kh key handle of a
	// private key
	// returns:
	//		plainText in []byte
	//		error in case of errors
	Decrypt(cipher, aad, nonce []byte, kh interface{}) ([]byte, error)
	// Sign will sign msg using a matching signature primitive in kh key handle of a private key
	// returns:
	// 		signature in []byte
	//		error in case of errors
	Sign(msg []byte, kh interface{}) ([]byte, error)
	// Verify will verify a signature for the given msg using a matching signature primitive in kh key handle of
	// a public key
	// returns:
	// 		error in case of errors or nil if signature verification was successful
	Verify(signature, msg []byte, kh interface{}) error
	// ComputeMAC computes message authentication code (MAC) for code data
	// using a matching MAC primitive in kh key handle
	ComputeMAC(data []byte, kh interface{}) ([]byte, error)
	// VerifyMAC determines if mac is a correct authentication code (MAC) for data
	// using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.
	VerifyMAC(mac, data []byte, kh interface{}) error

	// WrapKey will execute key wrapping of cek using apu, apv and recipient public key 'recPubKey'.
	// 'opts' allows setting the option sender key handle using WithSender() option. It allows ECDH-1PU key wrapping
	// (aka Authcrypt). The absence of this option uses ECDH-ES key wrapping (aka Anoncrypt).
	// returns:
	// 		RecipientWrappedKey containing the wrapped cek value
	// 		error in case of errors
	WrapKey(cek, apu, apv []byte, recPubKey *PublicKey,
		opts ...WrapKeyOpts) (*RecipientWrappedKey, error)

	// UnwrapKey unwraps a key in recWK using recipient private key kh.
	// 'opts' allows setting the option sender key handle using WithSender() option. It allows ECDH-1PU key unwrapping
	// (aka Authcrypt). The absence of this option uses ECDH-ES key unwrapping (aka Anoncrypt).
	// returns:
	// 		unwrapped key in raw bytes
	// 		error in case of errors
	UnwrapKey(recWK *RecipientWrappedKey, kh interface{}, opts ...WrapKeyOpts) ([]byte, error)
}

Crypto interface provides all crypto operations needed in the Aries framework.

type PublicKey added in v0.1.5 

type PublicKey struct {
	KID   string `json:"kid,omitempty"`
	X     []byte `json:"x,omitempty"`
	Y     []byte `json:"y,omitempty"`
	Curve string `json:"curve,omitempty"`
	Type  string `json:"type,omitempty"`
}

PublicKey mainly to exchange EPK in RecipientWrappedKey.

type RecipientWrappedKey added in v0.1.5 

type RecipientWrappedKey struct {
	KID          string    `json:"kid,omitempty"`
	EncryptedCEK []byte    `json:"encryptedcek,omitempty"`
	EPK          PublicKey `json:"epk,omitempty"`
	Alg          string    `json:"alg,omitempty"`
	APU          []byte    `json:"apu,omitempty"`
	APV          []byte    `json:"apv,omitempty"`
}

RecipientWrappedKey contains recipient key material required to unwrap CEK.

type WrapKeyOpts added in v0.1.5 

type WrapKeyOpts func(opts *wrapKeyOpts)

WrapKeyOpts are the crypto.Wrap key options.

func WithSender added in v0.1.5 

func WithSender(senderKey interface{}) WrapKeyOpts

WithSender option is for setting a sender key with crypto wrapping (eg: AuthCrypt). For Anoncrypt, this option must not be set. Sender is a key used for ECDH-1PU key agreement for authenticating the sender. senderkey can be of the following there types:

  • *keyset.Handle (requires private key handle for crypto.WrapKey())
  • *crypto.PublicKey (available for UnwrapKey() only)
  • *ecdsa.PublicKey (available for UnwrapKey() only)

Source Files

View all Source files

Directories

Path Synopsis
Package tinkcrypto provides the default implementation of the common pkg/common/api/crypto.Crypto interface and the SPI pkg/framework/aries.crypto interface It uses github.com/tink/go crypto primitives
 Package tinkcrypto provides the default implementation of the common pkg/common/api/crypto.Crypto interface and the SPI pkg/framework/aries.crypto interface It uses github.com/tink/go crypto primitives
primitive/composite
primitive/composite/api
primitive/composite/ecdh
Package ecdh provides implementations of payload encryption using ECDH-ES/1PU KW key wrapping with AEAD primitives.
 Package ecdh provides implementations of payload encryption using ECDH-ES/1PU KW key wrapping with AEAD primitives.
primitive/composite/ecdh/subtle
primitive/composite/keyio
primitive/proto/ecdh_aead_go_proto

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.