avcipher

Documentation

Overview

The cipher package provide functions that can be used to encrypt or decrypt data that complies to Ansible Vault 1.1 specification.

Index

• Constants
• func AESBlockPad(data []byte) []byte
• func AESBlockUnpad(data []byte) ([]byte, error)
• func CipherData(action Action, data []byte, key *CipherKey) ([]byte, error)
• func IsCheckSumValid(checkSum, data, hmacKey []byte) bool
• func SaltGen(n int) ([]byte, error)
• type Action
• type CipherKey
  • func KeyGen(password string, salt []byte) *CipherKey

Constants

const (
	// Ansible Vault 1.1 spec: key length
	CipherKeyLength = 32

	// Ansible Vault 1.1 spec: HMAC key length
	HMACKeyLength = 32

	// Ansible Vault 1.1 spec: Salt string length
	SaltLength = 32

	// Ansible Vault 1.1 spec: initialization vector length
	IVLength = 16

	// Ansible Vault 1.1 spec: iteration rounds
	Iteration = 10000
)

Functions

func AESBlockPad

func AESBlockPad(data []byte) []byte

Pad data to fit AES block size

func AESBlockUnpad

func AESBlockUnpad(data []byte) ([]byte, error)

Unpad data for AES block

func CipherData

func CipherData(action Action, data []byte, key *CipherKey) ([]byte, error)

Encrypt or decrypt the given data and key. Use ENCRYPT and DECRYPT for cipher action to determine the cipher direction.

func IsCheckSumValid

func IsCheckSumValid(checkSum, data, hmacKey []byte) bool

Validate HMAC checksum

func SaltGen

func SaltGen(n int) ([]byte, error)

Generate given length of random salt bytes

Types

type Action

type Action string

Action type

const (
	// Encrypt action
	ENCRYPT Action = "encrypt"

	// Decrypt action
	DECRYPT Action = "decrypt"
)

type CipherKey

type CipherKey struct {
	// Cipher Key
	Key []byte

	// Hmac key
	HMACKey []byte

	// Initialization vetor
	IV []byte
}

Key used to cipher

func KeyGen

func KeyGen(password string, salt []byte) *CipherKey

Generate cipher key for given password and salt