crypto

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const GCMNonceSize = 12

GCMNonceSize is the standard nonce size for AES-GCM as recommended by NIST SP 800-38D. This is 12 bytes (96 bits).

While GCM technically supports other nonce sizes via NewGCMWithNonceSize(), the 12-byte standard is strongly preferred because:

  • It uses the more efficient counter mode internally
  • Non-standard sizes require additional GHASH operations
  • It is the NIST-recommended size for maximum interoperability
  • Go's cipher.NewGCM() uses this size by default

This constant is used for validation of incoming nonces in the cipher API and bootstrap verification endpoints. See ADR-0032 for the design decision.

Variables

This section is empty.

Functions

func VerifyShamirReconstruction added in v0.8.0 

func VerifyShamirReconstruction(secret group.Scalar, shares []shamir.Share)

VerifyShamirReconstruction verifies that a set of secret shares can correctly reconstruct the original secret. It performs this verification by attempting to recover the secret using the minimum required number of shares and comparing the result with the original secret.

This function is intended for validating newly generated shares, not for restore operations. During a restore, the original secret is unknown, and successful reconstruction via secretsharing.Recover() is itself proof that the shards are mathematically valid.

Parameters:

  • secret group.Scalar: The original secret to verify against.
  • shares []shamir.Share: The generated secret shares to verify.

The function will:

  • Calculate the threshold (t) from the environment configuration.
  • Attempt to reconstruct the secret using exactly t+1 shares.
  • Compare the reconstructed secret with the original.
  • Zero out the reconstructed secret regardless of success or failure.

If the verification fails, the function will:

  • Log a fatal error and exit if recovery fails.
  • Log a fatal error and exit if the recovered secret does not match the original.

Security:

  • The reconstructed secret is always zeroed out to prevent memory leaks.
  • In case of fatal errors, the reconstructed secret is explicitly zeroed before logging since deferred functions will not run after log.FatalErr.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.