rfc8009

package
v8.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package rfc8009 provides encryption and checksum methods as specified in RFC 8009

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecryptData

func DecryptData(key, data []byte, e etype.EType) ([]byte, error)

DecryptData decrypts the data provided using the methods specific to the etype provided as defined in RFC 8009.

func DecryptMessage

func DecryptMessage(key, ciphertext []byte, usage uint32, e etype.EType) ([]byte, error)

DecryptMessage decrypts the message provided using the methods specific to the etype provided as defined in RFC 8009. The integrity of the message is also verified.

func DeriveKey

func DeriveKey(protocolKey, label []byte, e etype.EType) []byte

DeriveKey derives a key from the protocol key based on the usage and the etype's specific methods.

https://tools.ietf.org/html/rfc8009#section-5

If the enctype is aes128-cts-hmac-sha256-128: Kc = KDF-HMAC-SHA2(base-key, usage | 0x99, 128) Ke = KDF-HMAC-SHA2(base-key, usage | 0xAA, 128) Ki = KDF-HMAC-SHA2(base-key, usage | 0x55, 128)

If the enctype is aes256-cts-hmac-sha384-192: Kc = KDF-HMAC-SHA2(base-key, usage | 0x99, 192) Ke = KDF-HMAC-SHA2(base-key, usage | 0xAA, 256) Ki = KDF-HMAC-SHA2(base-key, usage | 0x55, 192)

func DeriveRandom

func DeriveRandom(protocolKey, usage []byte, e etype.EType) ([]byte, error)

DeriveRandom for key derivation as defined in RFC 8009

func EncryptData

func EncryptData(key, data []byte, e etype.EType) ([]byte, []byte, error)

EncryptData encrypts the data provided using methods specific to the etype provided as defined in RFC 8009.

func EncryptMessage

func EncryptMessage(key, message []byte, usage uint32, e etype.EType) ([]byte, []byte, error)

EncryptMessage encrypts the message provided using the methods specific to the etype provided as defined in RFC 8009. The encrypted data is concatenated with its integrity hash to create an encrypted message.

func GetIntegityHash

func GetIntegityHash(iv, c, key []byte, usage uint32, e etype.EType) ([]byte, error)

GetIntegityHash returns a keyed integrity hash of the bytes provided as defined in RFC 8009

func GetSaltP

func GetSaltP(salt, ename string) string

GetSaltP returns the salt value based on the etype name: https://tools.ietf.org/html/rfc8009#section-4

func KDF_HMAC_SHA2

func KDF_HMAC_SHA2(protocolKey, label, context []byte, kl int, e etype.EType) []byte

KDF_HMAC_SHA2 key derivation: https://tools.ietf.org/html/rfc8009#section-3

func RandomToKey

func RandomToKey(b []byte) []byte

RandomToKey returns a key from the bytes provided according to the definition in RFC 8009.

func S2KparamsToItertions

func S2KparamsToItertions(s2kparams string) (int, error)

S2KparamsToItertions converts the string representation of iterations to an integer for RFC 8009.

func StringToKey

func StringToKey(secret, salt, s2kparams string, e etype.EType) ([]byte, error)

StringToKey returns a key derived from the string provided according to the definition in RFC 8009.

func StringToKeyIter

func StringToKeyIter(secret, salt string, iterations int, e etype.EType) ([]byte, error)

StringToKeyIter returns a key derived from the string provided according to the definition in RFC 8009.

func StringToPBKDF2

func StringToPBKDF2(secret, salt string, iterations int, e etype.EType) []byte

StringToPBKDF2 generates an encryption key from a pass phrase and salt string using the PBKDF2 function from PKCS #5 v2.0

func VerifyIntegrity

func VerifyIntegrity(key, ct []byte, usage uint32, etype etype.EType) bool

VerifyIntegrity verifies the integrity of cipertext bytes ct.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL