subtle

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 10, 2022 License: Apache-2.0 Imports: 11 Imported by: 17

Documentation

Overview

Package subtle provides subtle implementations of the AEAD primitive.

Index

Constants

View Source
const (
	// AESGCMIVSize is the acceptable IV size defined by RFC 5116.
	AESGCMIVSize = 12
	// AESGCMTagSize is the acceptable tag size defined by RFC 5116.
	AESGCMTagSize = 16
)
View Source
const (
	// AESCTRMinIVSize is the minimum IV size that this implementation supports.
	AESCTRMinIVSize = 12
)
View Source
const (
	// AESGCMSIVNonceSize is the acceptable IV size defined by RFC 8452.
	AESGCMSIVNonceSize = 12
)
View Source
const (
	// PolyvalBlockSize is the block size (in bytes) that POLYVAL uses.
	PolyvalBlockSize = 16
)

Variables

This section is empty.

Functions

func ValidateAESKeySize

func ValidateAESKeySize(sizeInBytes uint32) error

ValidateAESKeySize checks if the given key size is a valid AES key size.

Types

type AESCTR

type AESCTR struct {
	Key    []byte
	IVSize int
}

AESCTR is an implementation of AEAD interface.

func NewAESCTR

func NewAESCTR(key []byte, ivSize int) (*AESCTR, error)

NewAESCTR returns an AESCTR instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256. ivSize specifies the size of the IV in bytes.

func (*AESCTR) Decrypt

func (a *AESCTR) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt decrypts ciphertext.

func (*AESCTR) Encrypt

func (a *AESCTR) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts plaintext using AES in CTR mode. The resulting ciphertext consists of two parts: (1) the IV used for encryption and (2) the actual ciphertext.

type AESGCM

type AESGCM struct {
	// contains filtered or unexported fields
}

AESGCM is an implementation of AEAD interface.

func NewAESGCM

func NewAESGCM(key []byte) (*AESGCM, error)

NewAESGCM returns an AESGCM instance, where key is the AES key with length 16 bytes (AES-128) or 32 bytes (AES-256).

func (*AESGCM) Decrypt

func (a *AESGCM) Decrypt(ciphertext, associatedData []byte) ([]byte, error)

Decrypt decrypts ciphertext with associatedData.

func (*AESGCM) Encrypt

func (a *AESGCM) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Encrypt encrypts plaintext with associatedData. The returned ciphertext contains both the IV used for encryption and the actual ciphertext.

Note: The crypto library's AES-GCM implementation always returns the ciphertext with an AESGCMTagSize (16-byte) tag.

func (*AESGCM) Key

func (a *AESGCM) Key() []byte

Key returns the AES key.

type AESGCMSIV added in v1.6.0

type AESGCMSIV struct {
	Key []byte
}

AESGCMSIV is an implementation of AEAD interface.

func NewAESGCMSIV added in v1.6.0

func NewAESGCMSIV(key []byte) (*AESGCMSIV, error)

NewAESGCMSIV returns an AESGCMSIV instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256.

func (*AESGCMSIV) Decrypt added in v1.6.0

func (a *AESGCMSIV) Decrypt(ciphertext, associatedData []byte) ([]byte, error)

Decrypt decrypts ciphertext with associatedData.

func (*AESGCMSIV) Encrypt added in v1.6.0

func (a *AESGCMSIV) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Encrypt encrypts plaintext with associatedData.

The resulting ciphertext consists of three parts: (1) the Nonce used for encryption (2) the actual ciphertext (3) the authentication tag.

type ChaCha20Poly1305

type ChaCha20Poly1305 struct {
	Key []byte
	// contains filtered or unexported fields
}

ChaCha20Poly1305 is an implementation of AEAD interface.

func NewChaCha20Poly1305

func NewChaCha20Poly1305(key []byte) (*ChaCha20Poly1305, error)

NewChaCha20Poly1305 returns an ChaCha20Poly1305 instance. The key argument should be a 32-bytes key.

func (*ChaCha20Poly1305) Decrypt

func (ca *ChaCha20Poly1305) Decrypt(ciphertext []byte, associatedData []byte) ([]byte, error)

Decrypt decrypts ciphertext with associatedData.

func (*ChaCha20Poly1305) Encrypt

func (ca *ChaCha20Poly1305) Encrypt(plaintext []byte, associatedData []byte) ([]byte, error)

Encrypt encrypts plaintext with associatedData. The resulting ciphertext consists of two parts: (1) the nonce used for encryption and (2) the actual ciphertext.

type EncryptThenAuthenticate

type EncryptThenAuthenticate struct {
	// contains filtered or unexported fields
}

EncryptThenAuthenticate performs an encrypt-then-MAC operation on plaintext and associated data (ad). The MAC is computed over (ad || ciphertext || size of ad). This implementation is based on http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05.

func NewEncryptThenAuthenticate

func NewEncryptThenAuthenticate(indCPACipher INDCPACipher, mac tink.MAC, tagSize int) (*EncryptThenAuthenticate, error)

NewEncryptThenAuthenticate returns a new instance of EncryptThenAuthenticate.

func (*EncryptThenAuthenticate) Decrypt

func (e *EncryptThenAuthenticate) Decrypt(ciphertext, associatedData []byte) ([]byte, error)

Decrypt decrypts ciphertext with associatedData.

func (*EncryptThenAuthenticate) Encrypt

func (e *EncryptThenAuthenticate) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Encrypt encrypts plaintext with associatedData. The resulting ciphertext allows for checking authenticity and integrity of associatedData, but does not guarantee its secrecy.

The plaintext is encrypted with an INDCPACipher, then MAC is computed over (associatedData || ciphertext || n) where n is associatedData's length in bits represented as a 64-bit bigendian unsigned integer. The final ciphertext format is (IND-CPA ciphertext || mac).

type INDCPACipher

type INDCPACipher interface {
	// Encrypt encrypts plaintext. The resulting ciphertext is indistinguishable under
	// chosen-plaintext attack. However, it does not have integrity protection.
	Encrypt(plaintext []byte) ([]byte, error)

	// Decrypt decrypts ciphertext and returns the resulting plaintext.
	Decrypt(ciphertext []byte) ([]byte, error)
}

INDCPACipher provides an interface for symmetric key ciphers that are indistinguishable against chosen-plaintext attacks. Said primitives do not provide authentication, thus should not be used directly, but only to construct safer primitives such as AEAD.

type Polyval added in v1.6.0

type Polyval interface {
	// update the accumulator in the object with the blocks from data. If data
	// is not a multiple of 16 bytes, it is automatically zero padded.
	Update(data []byte)

	// finish completes the polyval computation and returns the result.
	Finish() [PolyvalBlockSize]byte
}

Polyval (RFC 8452) is a universal hash function which operates on GF(2^128) and can be used for constructing a Message Authentication Code (MAC). See Section 3 of go/rfc/8452 for definition.

func NewPolyval added in v1.6.0

func NewPolyval(key []byte) (Polyval, error)

NewPolyval returns a Polyval instance.

type XChaCha20Poly1305

type XChaCha20Poly1305 struct {
	Key []byte
}

XChaCha20Poly1305 is an implementation of AEAD interface.

func NewXChaCha20Poly1305

func NewXChaCha20Poly1305(key []byte) (*XChaCha20Poly1305, error)

NewXChaCha20Poly1305 returns an XChaCha20Poly1305 instance. The key argument should be a 32-bytes key.

func (*XChaCha20Poly1305) Decrypt

func (x *XChaCha20Poly1305) Decrypt(ciphertext []byte, associatedData []byte) ([]byte, error)

Decrypt decrypts ciphertext with associatedData.

func (*XChaCha20Poly1305) Encrypt

func (x *XChaCha20Poly1305) Encrypt(plaintext []byte, associatedData []byte) ([]byte, error)

Encrypt encrypts plaintext with associatedData. The resulting ciphertext consists of two parts: (1) the nonce used for encryption and (2) the actual ciphertext.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL