crypto

package
v1.20210104.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 4, 2021 License: MIT Imports: 12 Imported by: 7

Documentation

Overview

Package crypto includes common cryptography helpers.

They typically make using the stdlib functions more ergonomic, and do not seek to invent new methods for encrypting or decrypting data.

Index

Constants

View Source
const (
	// DefaultKeySize is the size of keys to generate for client use.
	DefaultKeySize = 32
	// KeyVersionSize is the size of the key version prefix.
	KeyVersionSize = (4 + 2 + 2 + 1) // YYYY + MM + DD + :
	// IVSize is the size of the IV prefix.
	IVSize = aes.BlockSize
	// HashSize is the size of the hash prefix.
	HashSize = 32 // reasons.
)

Important constants.

Variables

This section is empty.

Functions

func CreateKey

func CreateKey(keySize int) ([]byte, error)

CreateKey creates a key of a given size by reading that much data off the crypto/rand reader.

func CreateKeyString

func CreateKeyString(keySize int) (string, error)

CreateKeyString generates a new key and returns it as a string.

func Decrypt

func Decrypt(key, cipherText []byte) ([]byte, error)

Decrypt decrypts data with the given key.

func Encrypt

func Encrypt(key, plainText []byte) ([]byte, error)

Encrypt encrypts data with the given key.

func HMAC256

func HMAC256(key, plainText []byte) []byte

HMAC256 sha256 hashes data with the given key.

func HMAC512

func HMAC512(key, plainText []byte) []byte

HMAC512 sha512 hashes data with the given key.

func HashPassword added in v1.20210103.1

func HashPassword(password string) (string, error)

HashPassword uses bcrypt to generate a salted hash for the provided password

func MustCreateKey

func MustCreateKey(keySize int) []byte

MustCreateKey creates a key, if an error is returned, it panics.

func MustCreateKeyString

func MustCreateKeyString(keySize int) string

MustCreateKeyString generates a new key and returns it as a string.

func ParseKey

func ParseKey(key string) ([]byte, error)

ParseKey parses a key from a string.

func PasswordMatchesHash added in v1.20210103.1

func PasswordMatchesHash(password string, hash string) bool

PasswordMatchesHash checks whether the provided password matches the provided hash

Types

type LocalTransit

type LocalTransit struct {
	ContextProvider func() string
	KeyProvider     func(string) ([]byte, error)
}

LocalTransit is a local transit encrypter and decrypter.

func NewLocalTransit

func NewLocalTransit(options ...LocalTransitOption) LocalTransit

NewLocalTransit returns a new manager.

func (LocalTransit) Decrypt

func (m LocalTransit) Decrypt(dst io.Writer, src io.Reader) error

Decrypt reads a source stream and encrypts it to the destination stream.

func (LocalTransit) Encrypt

func (m LocalTransit) Encrypt(dst io.Writer, src io.Reader) error

Encrypt reads a source stream and encrypts it to the destination stream.

func (LocalTransit) GetKey

func (m LocalTransit) GetKey(context string) ([]byte, error)

GetKey returns a key of a specific version.

type LocalTransitOption

type LocalTransitOption func(*LocalTransit)

LocalTransitOption is an option for local transit types.

func OptLocalTransitContextProvider

func OptLocalTransitContextProvider(provider func() string) LocalTransitOption

OptLocalTransitContextProvider is a local transit option..

func OptLocalTransitKey

func OptLocalTransitKey(key []byte) LocalTransitOption

OptLocalTransitKey is a local transit option..

func OptLocalTransitKeyProvider

func OptLocalTransitKeyProvider(provider func(string) ([]byte, error)) LocalTransitOption

OptLocalTransitKeyProvider is a local transit option..

type StreamDecrypter

type StreamDecrypter struct {
	Source io.Reader
	Block  cipher.Block
	Stream cipher.Stream
	Mac    hash.Hash
	Meta   StreamMeta
}

StreamDecrypter is a decrypter for a stream of data with authentication

func NewStreamDecrypter

func NewStreamDecrypter(key []byte, meta StreamMeta, cipherText io.Reader) (*StreamDecrypter, error)

NewStreamDecrypter creates a new stream decrypter

func (*StreamDecrypter) Authenticate

func (s *StreamDecrypter) Authenticate() error

Authenticate verifys that the hash of the stream is correct. This should only be called after processing is finished

func (*StreamDecrypter) Read

func (s *StreamDecrypter) Read(p []byte) (int, error)

Read reads bytes from the underlying reader and then decrypts them

type StreamEncrypter

type StreamEncrypter struct {
	Source io.Reader
	Block  cipher.Block
	Stream cipher.Stream
	Mac    hash.Hash
	IV     []byte
}

StreamEncrypter is an encrypter for a stream of data with authentication

func NewStreamEncrypter

func NewStreamEncrypter(key []byte, plainText io.Reader) (*StreamEncrypter, error)

NewStreamEncrypter creates a new stream encrypter

func (*StreamEncrypter) Meta

func (s *StreamEncrypter) Meta() StreamMeta

Meta returns the encrypted stream metadata for use in decrypting. This should only be called after the stream is finished

func (*StreamEncrypter) Read

func (s *StreamEncrypter) Read(p []byte) (int, error)

Read encrypts the bytes of the inner reader and places them into p

type StreamMeta

type StreamMeta struct {
	// IV is the initial value for the crypto function
	IV []byte
	// Hash is the sha256 hmac of the stream
	Hash []byte
}

StreamMeta is metadata about an encrypted stream

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL