Documentation ¶
Overview ¶
Package aead provides subtle implementations of the AEAD primitive.
Index ¶
Constants ¶
const ( // AESGCMIVSize is the only IV size that this implementation supports. AESGCMIVSize = 12 // AESGCMTagSize is the only tag size that this implementation supports. AESGCMTagSize = 16 )
const (
// AESCTRMinIVSize is the minimum IV size that this implementation supports.
AESCTRMinIVSize = 12
)
Variables ¶
This section is empty.
Functions ¶
func ValidateAESKeySize ¶ added in v1.3.0
ValidateAESKeySize checks if the given key size is a valid AES key size.
Types ¶
type AESCTR ¶ added in v1.3.0
AESCTR is an implementation of AEAD interface.
func NewAESCTR ¶ added in v1.3.0
NewAESCTR returns an AESCTR instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256. ivSize specifies the size of the IV in bytes.
type AESGCM ¶ added in v1.3.0
type AESGCM struct {
Key []byte
}
AESGCM is an implementation of AEAD interface.
func NewAESGCM ¶ added in v1.3.0
NewAESGCM returns an AESGCM instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256.
func (*AESGCM) Decrypt ¶ added in v1.3.0
Decrypt decrypts ct with aad as the additionalauthenticated data.
func (*AESGCM) Encrypt ¶ added in v1.3.0
Encrypt encrypts pt with aad as additional authenticated data. The resulting ciphertext consists of two parts: (1) the IV used for encryption and (2) the actual ciphertext.
Note: AES-GCM implementation of crypto library always returns ciphertext with 128-bit tag.
type ChaCha20Poly1305 ¶ added in v1.3.0
type ChaCha20Poly1305 struct {
Key []byte
}
ChaCha20Poly1305 is an implementation of AEAD interface.
func NewChaCha20Poly1305 ¶ added in v1.3.0
func NewChaCha20Poly1305(key []byte) (*ChaCha20Poly1305, error)
NewChaCha20Poly1305 returns an ChaCha20Poly1305 instance. The key argument should be a 32-bytes key.
func (*ChaCha20Poly1305) Decrypt ¶ added in v1.3.0
func (ca *ChaCha20Poly1305) Decrypt(ct []byte, aad []byte) ([]byte, error)
Decrypt decrypts {@code ct} with {@code aad} as the additionalauthenticated data.
func (*ChaCha20Poly1305) Encrypt ¶ added in v1.3.0
func (ca *ChaCha20Poly1305) Encrypt(pt []byte, aad []byte) ([]byte, error)
Encrypt encrypts {@code pt} with {@code aad} as additional authenticated data. The resulting ciphertext consists of two parts: (1) the nonce used for encryption and (2) the actual ciphertext.
type EncryptThenAuthenticate ¶ added in v1.3.0
type EncryptThenAuthenticate struct {
// contains filtered or unexported fields
}
EncryptThenAuthenticate performs an encrypt-then-MAC operation on plaintext and additional authenticated data (aad). The MAC is computed over (aad || ciphertext || size of aad). This implementation is based on http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05.
func NewEncryptThenAuthenticate ¶ added in v1.3.0
func NewEncryptThenAuthenticate(indCPACipher INDCPACipher, mac tink.MAC, tagSize int) (*EncryptThenAuthenticate, error)
NewEncryptThenAuthenticate returns a new instance of EncryptThenAuthenticate.
func (*EncryptThenAuthenticate) Decrypt ¶ added in v1.3.0
func (e *EncryptThenAuthenticate) Decrypt(ciphertext, additionalData []byte) ([]byte, error)
Decrypt decrypts ciphertext with additionalData as additional authenticated data.
func (*EncryptThenAuthenticate) Encrypt ¶ added in v1.3.0
func (e *EncryptThenAuthenticate) Encrypt(plaintext, additionalData []byte) ([]byte, error)
Encrypt encrypts plaintext with additionalData as additional authenticated data. The resulting ciphertext allows for checking authenticity and integrity of additional data, but does not guarantee its secrecy.
The plaintext is encrypted with an INDCPACipher, then MAC is computed over (additionalData || ciphertext || n) where n is additionalData's length in bits represented as a 64-bit bigendian unsigned integer. The final ciphertext format is (IND-CPA ciphertext || mac).
type INDCPACipher ¶ added in v1.3.0
type INDCPACipher interface { // Encrypt encrypts plaintext. The resulting ciphertext is indistinguishable under // chosen-plaintext attack. However, it does not have integrity protection. Encrypt(plaintext []byte) ([]byte, error) // Decrypt decrypts ciphertext and returns the resulting plaintext. Decrypt(ciphertext []byte) ([]byte, error) }
INDCPACipher provides an interface for symmetric key ciphers that are indistinguishable against chosen-plaintext attacks. Said primitives do not provide authentication, thus should not be used directly, but only to construct safer primitives such as AEAD.
type XChaCha20Poly1305 ¶ added in v1.3.0
type XChaCha20Poly1305 struct {
Key []byte
}
XChaCha20Poly1305 is an implementation of AEAD interface.
func NewXChaCha20Poly1305 ¶ added in v1.3.0
func NewXChaCha20Poly1305(key []byte) (*XChaCha20Poly1305, error)
NewXChaCha20Poly1305 returns an XChaCha20Poly1305 instance. The key argument should be a 32-bytes key.
func (*XChaCha20Poly1305) Decrypt ¶ added in v1.3.0
func (x *XChaCha20Poly1305) Decrypt(ct []byte, aad []byte) ([]byte, error)
Decrypt decrypts {@code ct} with {@code aad} as the additionalauthenticated data.
func (*XChaCha20Poly1305) Encrypt ¶ added in v1.3.0
func (x *XChaCha20Poly1305) Encrypt(pt []byte, aad []byte) ([]byte, error)
Encrypt encrypts {@code pt} with {@code aad} as additional authenticated data. The resulting ciphertext consists of two parts: (1) the nonce used for encryption and (2) the actual ciphertext.