Documentation ¶
Overview ¶
Package subtle provides subtle implementations of the AEAD primitive.
Index ¶
Constants ¶
const ( // AESGCMIVSize is the acceptable IV size defined by RFC 5116. AESGCMIVSize = 12 // AESGCMTagSize is the acceptable tag size defined by RFC 5116. AESGCMTagSize = 16 )
const (
// AESCTRMinIVSize is the minimum IV size that this implementation supports.
AESCTRMinIVSize = 12
)
const (
// AESGCMSIVNonceSize is the acceptable IV size defined by RFC 8452.
AESGCMSIVNonceSize = 12
)
const (
// PolyvalBlockSize is the block size (in bytes) that POLYVAL uses.
PolyvalBlockSize = 16
)
Variables ¶
This section is empty.
Functions ¶
func ValidateAESKeySize ¶
ValidateAESKeySize checks if the given key size is a valid AES key size.
Types ¶
type AESCTR ¶
AESCTR is an implementation of AEAD interface.
func NewAESCTR ¶
NewAESCTR returns an AESCTR instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256. ivSize specifies the size of the IV in bytes.
type AESGCM ¶
type AESGCM struct {
// contains filtered or unexported fields
}
AESGCM is an implementation of AEAD interface.
func NewAESGCM ¶
NewAESGCM returns an AESGCM instance, where key is the AES key with length 16 bytes (AES-128) or 32 bytes (AES-256).
type AESGCMSIV ¶ added in v1.6.0
type AESGCMSIV struct {
Key []byte
}
AESGCMSIV is an implementation of AEAD interface.
func NewAESGCMSIV ¶ added in v1.6.0
NewAESGCMSIV returns an AESGCMSIV instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256.
type ChaCha20Poly1305 ¶
type ChaCha20Poly1305 struct { Key []byte // contains filtered or unexported fields }
ChaCha20Poly1305 is an implementation of AEAD interface.
func NewChaCha20Poly1305 ¶
func NewChaCha20Poly1305(key []byte) (*ChaCha20Poly1305, error)
NewChaCha20Poly1305 returns an ChaCha20Poly1305 instance. The key argument should be a 32-bytes key.
type EncryptThenAuthenticate ¶
type EncryptThenAuthenticate struct {
// contains filtered or unexported fields
}
EncryptThenAuthenticate performs an encrypt-then-MAC operation on plaintext and associated data (ad). The MAC is computed over (ad || ciphertext || size of ad). This implementation is based on http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05.
func NewEncryptThenAuthenticate ¶
func NewEncryptThenAuthenticate(indCPACipher INDCPACipher, mac tink.MAC, tagSize int) (*EncryptThenAuthenticate, error)
NewEncryptThenAuthenticate returns a new instance of EncryptThenAuthenticate.
func (*EncryptThenAuthenticate) Decrypt ¶
func (e *EncryptThenAuthenticate) Decrypt(ciphertext, associatedData []byte) ([]byte, error)
Decrypt decrypts ciphertext with associatedData.
func (*EncryptThenAuthenticate) Encrypt ¶
func (e *EncryptThenAuthenticate) Encrypt(plaintext, associatedData []byte) ([]byte, error)
Encrypt encrypts plaintext with associatedData. The resulting ciphertext allows for checking authenticity and integrity of associatedData, but does not guarantee its secrecy.
The plaintext is encrypted with an INDCPACipher, then MAC is computed over (associatedData || ciphertext || n) where n is associatedData's length in bits represented as a 64-bit bigendian unsigned integer. The final ciphertext format is (IND-CPA ciphertext || mac).
type INDCPACipher ¶
type INDCPACipher interface { // Encrypt encrypts plaintext. The resulting ciphertext is indistinguishable under // chosen-plaintext attack. However, it does not have integrity protection. Encrypt(plaintext []byte) ([]byte, error) // Decrypt decrypts ciphertext and returns the resulting plaintext. Decrypt(ciphertext []byte) ([]byte, error) }
INDCPACipher provides an interface for symmetric key ciphers that are indistinguishable against chosen-plaintext attacks. Said primitives do not provide authentication, thus should not be used directly, but only to construct safer primitives such as AEAD.
type Polyval ¶ added in v1.6.0
type Polyval interface { // update the accumulator in the object with the blocks from data. If data // is not a multiple of 16 bytes, it is automatically zero padded. Update(data []byte) // finish completes the polyval computation and returns the result. Finish() [PolyvalBlockSize]byte }
Polyval (RFC 8452) is a universal hash function which operates on GF(2^128) and can be used for constructing a Message Authentication Code (MAC). See Section 3 of go/rfc/8452 for definition.
func NewPolyval ¶ added in v1.6.0
NewPolyval returns a Polyval instance.
type XChaCha20Poly1305 ¶
type XChaCha20Poly1305 struct {
Key []byte
}
XChaCha20Poly1305 is an implementation of AEAD interface.
func NewXChaCha20Poly1305 ¶
func NewXChaCha20Poly1305(key []byte) (*XChaCha20Poly1305, error)
NewXChaCha20Poly1305 returns an XChaCha20Poly1305 instance. The key argument should be a 32-bytes key.