stream

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 21, 2021 License: BlueOak-1.0.0 Imports: 10 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt

func Decrypt(w io.Writer, r io.Reader, header []byte, key *SymmetricKey) error

Decrypt performs symmetric stream decryption, reading ciphertext from r, decrypting with key, and writing a stream of plaintext to w. The steam header is Associated Data.

func Encrypt

func Encrypt(w io.Writer, r io.Reader, header []byte, key *SymmetricKey) error

Encrypt performs symmetric stream encryption, reading plaintext from r and writing an encrypted stream to w which can only be decrypted with knowledge of key. The steam header is Associated Data.

Types

type Ciphertext

type Ciphertext = [ntrup.CiphertextSize]byte

Ciphertext is a type alias for a properly-sized byte array to represent the ciphertext of a Streamlined NTRU Prime 4591^761 encapsulated key.

type Header struct {
	Bytes  []byte
	Scheme KeyScheme

	// For StreamlinedNTRUPrime4591761Scheme
	Ciphertext *Ciphertext

	// For Argon2idScheme
	Salt    []byte
	Time    uint32
	Memory  uint32
	Threads uint8
	Tag     [16]byte
}

Header represents a parsed stream header. It records the keying scheme for the stream symmetric key, as well as parameters needed to derive the key given the specific scheme. The Bytes field records the raw bytes of the full header, which must be passed to Decrypt for authentication.

func ReadHeader

func ReadHeader(r io.Reader) (*Header, error)

ReadHeader parses the stream header from the reader.

type KeyScheme

type KeyScheme byte

KeyScheme describes the keying scheme used for message encryption. It is recorded in the stream header, and decrypters must first parse the scheme from the header before deriving or recovering the encryption key.

const (
	StreamlinedNTRUPrime4591761Scheme KeyScheme = iota + 1
	Argon2idScheme
)

Key schemes

type PublicKey

type PublicKey = [ntrup.PublicKeySize]byte

PublicKey is a type alias for a properly-sized byte array to represent a Streamlined NTRU Prime 4591^761 public key.

type SecretKey

type SecretKey = [ntrup.PrivateKeySize]byte

SecretKey is a type alias for a properly-sized byte array to represent a Streamlined NTRU Prime 4591^761 secret key.

type SymmetricKey

type SymmetricKey = [chacha20poly1305.KeySize]byte

SymmetricKey is a type alias for a properly-sized byte array for a ChaCha20-Poly1305 symmetric encryption key.

func Decapsulate

func Decapsulate(h *Header, sk *SecretKey) (*SymmetricKey, error)

Decapsulate decrypts a PKI encrypted symmetric key from the header. The scheme must be for PKI encryption.

func Encapsulate

func Encapsulate(rand io.Reader, pk *PublicKey) (header []byte, key *SymmetricKey, err error)

Encapsulate creates the header beginning a PKI encryption stream. It derives an ephemeral ChaCha20-Poly1305 symmetric key and encapsulates (encrypts) the key for the public key pk, recording the key ciphertext in the header. Cryptographically-secure randomness is read from rand.

func PassphraseHeader

func PassphraseHeader(rand io.Reader, passphrase []byte, time, memory uint32) (header []byte, key *SymmetricKey, err error)

PassphraseHeader creates the header beginning a passphrase-protected encryption stream. The time and memory parameters describe Argon2id difficulty parameters, where memory is measured in KiB. Cryptographically-secure randomness is read from rand.

func PassphraseKey

func PassphraseKey(h *Header, passphrase []byte) (*SymmetricKey, error)

PassphraseKey derives a symmetric key from a passphrase. The header scheme must be for symmetric passphrase encryption.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL