Documentation
¶
Index ¶
- Constants
- Variables
- func HashPassword(rawPassword, uniqueValue []byte) []byte
- type AEADBlockCipher
- func (c *AEADBlockCipher) BlockContext() BlockContext
- func (*AEADBlockCipher) BlockSize() int
- func (c *AEADBlockCipher) Clone() BlockCipher
- func (c *AEADBlockCipher) Decrypt(ciphertext []byte) ([]byte, error)
- func (c *AEADBlockCipher) DecryptWithNonce(ciphertext, nonce []byte) ([]byte, error)
- func (c *AEADBlockCipher) Encrypt(plaintext []byte) ([]byte, error)
- func (c *AEADBlockCipher) EncryptWithNonce(plaintext, nonce []byte) ([]byte, error)
- func (c *AEADBlockCipher) IsStateless() bool
- func (c *AEADBlockCipher) NonceSize() int
- func (c *AEADBlockCipher) Overhead() int
- func (c *AEADBlockCipher) SetBlockContext(bc BlockContext)
- func (c *AEADBlockCipher) SetImplicitNonceMode(enable bool)
- type AEADType
- type BlockCipher
- func BlockCipherFromPassword(password []byte, stateless bool) (BlockCipher, error)
- func BlockCipherListFromPassword(password []byte, stateless bool) ([]BlockCipher, error)
- func CloneBlockCiphers(blocks []BlockCipher) []BlockCipher
- func SelectDecrypt(data []byte, blocks []BlockCipher) (BlockCipher, []byte, error)
- func TryDecrypt(data, password []byte, stateless bool) (BlockCipher, []byte, error)
- type BlockContext
Constants ¶
View Source
const ( DefaultNonceSize = 24 // 24 bytes. In mieru v2, the value was 12. DefaultOverhead = 16 // 16 bytes DefaultKeyLen = 32 // 256 bits ClientDecryptionMetricGroupName = "cipher - client" ServerDecryptionMetricGroupName = "cipher - server" )
View Source
const ( // KeyIter is the number of iterations to generate a key. // This is part of mieru protocol. This value should not be changed. // // In mieru v2, the value was 4096. KeyIter = 64 // KeyRefreshInterval is the amount of time when the salt used to generate cipher block is changed. // This is part of mieru protocol. This value should not be changed. // // In mieru v2, the value was 1 * time.Minute. KeyRefreshInterval = 2 * time.Minute )
Variables ¶
View Source
var ( // Number of decryption using the cipher block associated with the connection. ClientDirectDecrypt = metrics.RegisterMetric(ClientDecryptionMetricGroupName, "DirectDecrypt", metrics.COUNTER) // Number of decryption using the stored cipher block but failed. ClientFailedDirectDecrypt = metrics.RegisterMetric(ClientDecryptionMetricGroupName, "FailedDirectDecrypt", metrics.COUNTER) // Number of decryption using the cipher block associated with the connection. ServerDirectDecrypt = metrics.RegisterMetric(ServerDecryptionMetricGroupName, "DirectDecrypt", metrics.COUNTER) // Number of decryption using the stored cipher block but failed. ServerFailedDirectDecrypt = metrics.RegisterMetric(ServerDecryptionMetricGroupName, "FailedDirectDecrypt", metrics.COUNTER) // Number of decryption that iterates all possible cipher blocks. ServerIterateDecrypt = metrics.RegisterMetric(ServerDecryptionMetricGroupName, "IterateDecrypt", metrics.COUNTER) // Number of decryption that failed after iterating all possible cipher blocks. ServerFailedIterateDecrypt = metrics.RegisterMetric(ServerDecryptionMetricGroupName, "FailedIterateDecrypt", metrics.COUNTER) )
Functions ¶
func HashPassword ¶
HashPassword generates a hashed password from the raw password and a unique value that decorates the password.
Types ¶
type AEADBlockCipher ¶
type AEADBlockCipher struct {
// contains filtered or unexported fields
}
AEADBlockCipher implements BlockCipher interface with one AEAD algorithm.
func (*AEADBlockCipher) BlockContext ¶
func (c *AEADBlockCipher) BlockContext() BlockContext
func (*AEADBlockCipher) BlockSize ¶
func (*AEADBlockCipher) BlockSize() int
BlockSize returns the block size of cipher.
func (*AEADBlockCipher) Clone ¶
func (c *AEADBlockCipher) Clone() BlockCipher
func (*AEADBlockCipher) Decrypt ¶
func (c *AEADBlockCipher) Decrypt(ciphertext []byte) ([]byte, error)
func (*AEADBlockCipher) DecryptWithNonce ¶
func (c *AEADBlockCipher) DecryptWithNonce(ciphertext, nonce []byte) ([]byte, error)
func (*AEADBlockCipher) Encrypt ¶
func (c *AEADBlockCipher) Encrypt(plaintext []byte) ([]byte, error)
func (*AEADBlockCipher) EncryptWithNonce ¶
func (c *AEADBlockCipher) EncryptWithNonce(plaintext, nonce []byte) ([]byte, error)
func (*AEADBlockCipher) IsStateless ¶
func (c *AEADBlockCipher) IsStateless() bool
func (*AEADBlockCipher) NonceSize ¶
func (c *AEADBlockCipher) NonceSize() int
NonceSize returns the number of bytes used by nonce.
func (*AEADBlockCipher) Overhead ¶
func (c *AEADBlockCipher) Overhead() int
func (*AEADBlockCipher) SetBlockContext ¶
func (c *AEADBlockCipher) SetBlockContext(bc BlockContext)
func (*AEADBlockCipher) SetImplicitNonceMode ¶
func (c *AEADBlockCipher) SetImplicitNonceMode(enable bool)
type BlockCipher ¶
type BlockCipher interface {
// Encrypt method adds the nonce in the dst, then encryptes the src.
Encrypt(plaintext []byte) ([]byte, error)
// EncryptWithNonce encrypts the src with the given nonce.
// This method is not supported by stateful BlockCipher.
EncryptWithNonce(plaintext, nonce []byte) ([]byte, error)
// Decrypt method removes the nonce in the src, then decryptes the src.
Decrypt(ciphertext []byte) ([]byte, error)
// DecryptWithNonce decrypts the src with the given nonce.
// This method is not supported by stateful BlockCipher.
DecryptWithNonce(ciphertext, nonce []byte) ([]byte, error)
// NonceSize returns the size of the nonce that must be passed to Seal
// and Open.
NonceSize() int
// Overhead returns the maximum difference between the lengths of a
// plaintext and its ciphertext.
Overhead() int
// Clone method creates a deep copy of block cipher itself.
// Panic if this operation fails.
Clone() BlockCipher
// SetImplicitNonceMode enables or disables implicit nonce mode.
// Under implicit nonce mode, the nonce is set exactly once on the first
// Encrypt() or Decrypt() call. After that, all Encrypt() or Decrypt()
// calls will not look up nonce in the data. Each Encrypt() or Decrypt()
// will cause the nonce value to be increased by 1.
//
// Implicit nonce mode is disabled by default.
//
// Disabling implicit nonce mode removes the implicit nonce (state)
// from the block cipher.
SetImplicitNonceMode(enable bool)
// IsStateless returns true if the BlockCipher can do arbitrary Encrypt()
// and Decrypt() in any sequence.
IsStateless() bool
// BlockContext returns a copy of BlockContext.
BlockContext() BlockContext
// SetBlockContext sets the BlockContext.
SetBlockContext(bc BlockContext)
}
BlockCipher is an interface of block encryption and decryption.
func BlockCipherFromPassword ¶
func BlockCipherFromPassword(password []byte, stateless bool) (BlockCipher, error)
BlockCipherFromPassword creates a BlockCipher object from the password with the default settings.
func BlockCipherListFromPassword ¶
func BlockCipherListFromPassword(password []byte, stateless bool) ([]BlockCipher, error)
BlockCipherListFromPassword creates three BlockCipher objects using different salts from the password with the default settings.
func CloneBlockCiphers ¶
func CloneBlockCiphers(blocks []BlockCipher) []BlockCipher
CloneBlockCiphers clones a slice of block ciphers.
func SelectDecrypt ¶
func SelectDecrypt(data []byte, blocks []BlockCipher) (BlockCipher, []byte, error)
SelectDecrypt returns the appropriate cipher block that can decrypt the data, as well as the decrypted result.
func TryDecrypt ¶
func TryDecrypt(data, password []byte, stateless bool) (BlockCipher, []byte, error)
TryDecrypt tries to decrypt the data with all possible keys generated from the password. If successful, returns the block cipher as well as the decrypted results.
type BlockContext ¶
type BlockContext struct {
UserName string
}
BlockContext contains optional context associated to a cipher block.
Source Files
Click to show internal directories.
Click to hide internal directories.