Documentation
¶
Overview ¶
Package stream implements OAE2 STREAM.
OAE stands for Online Authenticated Encryption. Here, the term "online" means plaintext and ciphertext can be encrypted and decrypted, respectively, with one left-to-right pass stream. In other words, it supports streaming.
OAE2 is a simple construction: the plaintext is broken into chunks and each chunk is encrypted separately. A counter nonce is used to ensure unique nonces and to provider ordering.
This package implements STREAM using XChaCha20-Poly1305. Each plaintext chunk_n in {0, 1, ..., N-2} is exactly 64 KiB with the final plaintext chunk_{N-1} being an arbitrary size less than or equal to 64 KiB. In other words, every chunk is the same size, except the final chunk may be a smaller.
Borrowing from Hoang and Shen [tink], this package adds a random prefix to the nonces, increasing the concrete security bound. More specifically:
prefix counter eof 152 32 8 bits
The EOF byte signals the end of the stream. Without an explicit EOF signal the stream could be susceptible to truncation attacks.
As always, it is not a good idea to act on a plaintext until the entire message has been verified.
References:
[stream]: https://eprint.iacr.org/2015/189.pdf [tink]: https://eprint.iacr.org/2020/1019.pdf [hkdf]: https://tools.ietf.org/html/rfc5869
Index ¶
Constants ¶
const (
// ChunkSize is the size of a plaintext chunk.
ChunkSize = 1 << 16
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Option ¶
type Option func(*option)
Option configures NewReader and NewWriter.
func WithAdditionalData ¶
WithAdditionalData sets additional authenticated data used in each encryption.
Additional data is typically used to bind the ciphertext to a particular contect.
By default, no additional data is used.