encdec

Documentation

Overview

Package encdec provides the declaration of the methods NewHeader, NewDecReader and NewEncWriter. Theses two methods allows to encrypt and decrypt data with AES GCM. This encryption method allow to authenticate the data for data-at-rest storage. In AES GCM, the IV hasn't to be secret and is already authenticated in the block encryption process, so no need to store it in the the addition data. There is two modes to encrypt and decrypt data:

1. One unique element -> The whole data is encrypted as one
2. By chunk -> The data is spliced in chunk of exact same size and then encrypted individually

For each data, we need to store at the beggining some information that can be passed in clear. For this, we define a header that will be present at the beggining of each encryption.

The header must store:

1. The filename

2. Size of chunk (0 = mode 1.)

3. The IV

   - The filename is a byte array of maximum 50 bytes

   - The size of chunk is configurable on 64 unsigned integer and if 0, there will be only one chunk.

   - The IV is 12 bytes long (as recommended by NIST)

   The Header :

   0 50B 58B 70B +-------------+----------------+------------+ | Filename | Chunk Size | IV | +-------------+----------------+------------+

Index

• Constants
• Variables
• func NewEncWriter(key [keySize]byte, header header, dest io.Writer) (io.WriteCloser, error)
• func NewHeader(chunkSize uint64, filename string) header
• type Reader
  • func NewDecReader(key [keySize]byte, src io.Reader) (Reader, error)

Constants

const (
	LAST_CHUNK_SEQ_NUM uint32 = 0xFFFF_FFFF
)

Variables

var (
	// ErrInvalidSeqNum error is thrown when the decrypted chunks are not in sequence
	ErrInvalidSeqNum error = errs.New("chunk in invalid sequence")
	// ErrNoFirst error is thrown when the caller asks for properties (filename, header)
	// and the header has not yet been read. The header is read on the firs call to
	// Read([]byte) method
	ErrNoFirstRead error = errs.New("not already read the header")
)

Errors declarations

var (
	// ErrTooMuchChunk error is thrown when the number of chunks to encrypt a file is too
	// high.
	ErrTooMuchChunk error = errs.New("too much chunk produced. Max = 0xFFFF_FFFF")
	// ErrNoLastChunk error is thrown where it remains nothing to write to the underlying
	// writer at the closing stage.
	ErrNoLastChunk error = errs.New("no last chunk to write when closing the writer")
	// ErrWriterClosed error is thrown when trying to write to a writer that has already been
	// closed.
	ErrWriterClosed error = errs.New("writer already closed")
)

Errors declarations

var ErrFilenameTooLong error = errs.New(fmt.Sprintf("filename too long, max %d bytes", filenameHeaderSize))

Functions

func NewEncWriter

func NewEncWriter(key [keySize]byte, header header, dest io.Writer) (io.WriteCloser, error)

newEncWriter creates the right type of writer regarding the data stored inside the header. It can create chunk writer or whole writer.

func NewHeader

func NewHeader(chunkSize uint64, filename string) header

Types

type Reader

type Reader interface {
	io.Reader
	io.WriterTo
	// Gives the filename of the current file. Must call Read first.
	Filename() (string, error)
}

Reader is a decrypting reader. It wraps an io.Reader and allow decryption during the read. It also implement io.WriterTo interface.

func NewDecReader

func NewDecReader(key [keySize]byte, src io.Reader) (Reader, error)

NewDecReader creates a new deryption reader able to decrypt an encrypted file with a encdec.EncWriter. Its purpose is to wrap an existing io.Reader containing the encrypted data.