crypto

package
v0.0.0-...-80327fb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 25, 2021 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

Package crypto provides tools for encrypting and decrypting data in fixed and stream formats, and for converting Ed25519 keys to X25519 keys.

Encryption for a target X25519 public key is done as follows. Generate an ephemeral X25519 keypair and compute a shared secret between the ephemeral private key and the target public key. This shared secret is passed to a SHA-512 HKDF with a random salt. From this HKDF, read a 32-byte key. The HKDF-read key is passed as the key to an XChaCha20-Poly1305 AEAD (ChaCha20 with extendend nonce and Poly1305 MACs). Finally a 24-byte nonce must be passed with the plaintext to the AEAD, which produces the ciphertext.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecryptFixed

func DecryptFixed(ciphertext, priv []byte) ([]byte, error)

DecryptFixed decrypts a ciphertext which was encrypted using EncryptFixed.

func EncryptFixed

func EncryptFixed(plaintext, publ []byte) ([]byte, error)

EncryptFixed follows the general encryption pattern given in the package description. The AEAD nonce is randomly generated.

Ciphertext size = len(plantext) + curve25519.ScalarSize + sha512.Size + chacha20poly1305.NonceSizeX + poly1305.TagSize.

func NewReader

func NewReader(r io.Reader, priv []byte, bufsiz int) (io.Reader, error)

NewReader implements decryption for an io.Reader object. Decryption is done in chunks of bufsiz plaintext. Reading is buffered, and only reading until EOF is gauranteed to result in an empty ciphertext buffer.

func NewWriter

func NewWriter(w io.Writer, publ []byte, bufsiz int) (io.WriteCloser, error)

NewWriter implements encryption for an io.Writer object. Encryption is done in chunks of bufsiz plaintext. Writing is buffered, and the object should be closed to flush remaining buffered plaintext (by encrypting a smaller last chunk). The AEAD nonce is 16 bytes randomly generated followed by an 8-byte counter (incrementing for each chunk).

Ciphertext size = len(plaintext) + curve25519.ScalarSize + sha512.Size + ((len(plaintext) - 1)/bufsiz + 1) * (chacha20poly1305.NonceSizeX + poly1305.TagSize).

func PrivEd25519ToX25519

func PrivEd25519ToX25519(priv ed25519.PrivateKey) ([]byte, error)

PrivEd25519ToX25519 converts an Ed25519 private key to a X25519 key.

The Ed25519 private key is assumed to be encoded as used in golang.org/crypto/ed25519 with the public key as a suffix to the "seed".

func PublEd25519ToX25519

func PublEd25519ToX25519(publ ed25519.PublicKey) ([]byte, error)

PublEd25519ToX25519 converts an Ed25519 public key to a X25519 key. Converts the y-coordinate of a twisted Edwards curve to the u-coordinate of a Montgomery curve.

The Ed25519 public key is assumed to be encoded according to RFC 8032, as used in golang.org/crypto/ed25519.

TODO: compare to libsodium, ensure we get the same results

TODO: libsodium does various checks on the public key prior to converting

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL