subtle

package

v1.7.0 Latest Latest Go to latest Published: Aug 10, 2022 License: Apache-2.0 Imports: 10 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/tink

Links

Open Source Insights

Documentation ¶

Overview ¶

Package subtle provides subtle implementations of the Streaming AEAD primitive.

Index ¶

Constants
type AESCTRHMAC
- func NewAESCTRHMAC(mainKey []byte, hkdfAlg string, keySizeInBytes int, tagAlg string, ...) (*AESCTRHMAC, error)
type AESGCMHKDF
- func NewAESGCMHKDF(mainKey []byte, hkdfAlg string, keySizeInBytes int, ciphertextSegmentSize int, ...) (*AESGCMHKDF, error)

Constants ¶

View Source

const (
	// AESCTRHMACNonceSizeInBytes is the size of the nonces used as IVs for CTR.
	AESCTRHMACNonceSizeInBytes = 16

	// AESCTRHMACNoncePrefixSizeInBytes is the size of the nonce prefix.
	AESCTRHMACNoncePrefixSizeInBytes = 7

	// AESCTRHMACKeySizeInBytes is the size of the HMAC key.
	AESCTRHMACKeySizeInBytes = 32
)

View Source

const (
	// AESGCMHKDFNonceSizeInBytes is the size of the nonces used for GCM.
	AESGCMHKDFNonceSizeInBytes = 12

	// AESGCMHKDFNoncePrefixSizeInBytes is the size of the randomly generated
	// nonce prefix.
	AESGCMHKDFNoncePrefixSizeInBytes = 7

	// AESGCMHKDFTagSizeInBytes is the size of the tags of each ciphertext
	// segment.
	AESGCMHKDFTagSizeInBytes = 16
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AESCTRHMAC ¶ added in v1.5.0

type AESCTRHMAC struct {
	MainKey []byte
	// contains filtered or unexported fields
}

AESCTRHMAC implements streaming AEAD encryption using AES-CTR and HMAC.

Each ciphertext uses new AES-CTR and HMAC keys. These keys are derived using HKDF and are derived from the key derivation key, a randomly chosen salt of the same size as the key and a nonce prefix.

func NewAESCTRHMAC ¶ added in v1.5.0

func NewAESCTRHMAC(
	mainKey []byte,
	hkdfAlg string,
	keySizeInBytes int,
	tagAlg string,
	tagSizeInBytes int,
	ciphertextSegmentSize int,
	firstSegmentOffset int,
) (*AESCTRHMAC, error)

NewAESCTRHMAC initializes an AESCTRHMAC primitive with a key derivation key and encryption parameters.

mainKey is input keying material used to derive sub keys.

hkdfAlg is a MAC algorithm name, e.g., HmacSha256, used for the HKDF key derivation.

keySizeInBytes is the key size of the sub keys.

tagAlg is the MAC algorithm name, e.g. HmacSha256, used for generating per segment tags.

tagSizeInBytes is the size of the per segment tags.

ciphertextSegmentSize is the size of ciphertext segments.

firstSegmentOffset is the offset of the first ciphertext segment.

func (*AESCTRHMAC) HeaderLength ¶ added in v1.5.0

func (a *AESCTRHMAC) HeaderLength() int

HeaderLength returns the length of the encryption header.

func (*AESCTRHMAC) NewDecryptingReader ¶ added in v1.5.0

func (a *AESCTRHMAC) NewDecryptingReader(r io.Reader, aad []byte) (io.Reader, error)

NewDecryptingReader returns a wrapper around underlying io.Reader, such that any read-operation via the wrapper results in AEAD-decryption of the underlying ciphertext, using aad as associated authenticated data.

func (*AESCTRHMAC) NewEncryptingWriter ¶ added in v1.5.0

func (a *AESCTRHMAC) NewEncryptingWriter(w io.Writer, aad []byte) (io.WriteCloser, error)

NewEncryptingWriter returns a wrapper around underlying io.Writer, such that any write-operation via the wrapper results in AEAD-encryption of the written data, using aad as associated authenticated data. The associated data is not included in the ciphertext and has to be passed in as parameter for decryption.

type AESGCMHKDF ¶

type AESGCMHKDF struct {
	MainKey []byte
	// contains filtered or unexported fields
}

AESGCMHKDF implements streaming AEAD encryption using AES-GCM.

Each ciphertext uses a new AES-GCM key. These keys are derived using HKDF and are derived from the key derivation key, a randomly chosen salt of the same size as the key and a nonce prefix.

func NewAESGCMHKDF ¶

func NewAESGCMHKDF(
	mainKey []byte,
	hkdfAlg string,
	keySizeInBytes int,
	ciphertextSegmentSize int,
	firstSegmentOffset int,
) (*AESGCMHKDF, error)

NewAESGCMHKDF initializes a streaming primitive with a key derivation key and encryption parameters.

mainKey is an input keying material used to derive sub keys.

hkdfAlg is a MAC algorithm name, e.g., HmacSha256, used for the HKDF key derivation.

keySizeInBytes argument is a key size of the sub keys.

ciphertextSegmentSize argument is the size of ciphertext segments.

firstSegmentOffset argument is the offset of the first ciphertext segment.

func (*AESGCMHKDF) HeaderLength ¶

func (a *AESGCMHKDF) HeaderLength() int

HeaderLength returns the length of the encryption header.

func (*AESGCMHKDF) NewDecryptingReader ¶

func (a *AESGCMHKDF) NewDecryptingReader(r io.Reader, aad []byte) (io.Reader, error)

NewDecryptingReader returns a wrapper around underlying io.Reader, such that any read-operation via the wrapper results in AEAD-decryption of the underlying ciphertext, using aad as associated authenticated data.

func (*AESGCMHKDF) NewEncryptingWriter ¶

func (a *AESGCMHKDF) NewEncryptingWriter(w io.Writer, aad []byte) (io.WriteCloser, error)

NewEncryptingWriter returns a wrapper around underlying io.Writer, such that any write-operation via the wrapper results in AEAD-encryption of the written data, using aad as associated authenticated data. The associated data is not included in the ciphertext and has to be passed in as parameter for decryption.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
noncebased Package noncebased provides a reusable streaming AEAD framework.	Package noncebased provides a reusable streaming AEAD framework.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL