siv

package
v1.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2020 License: AGPL-3.0, Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package siv implements the SIV (Synthetic Initialization Vector) mode of AES, as defined by RFC 5297.

This mode offers the choice of deterministic authenticated encryption or nonce-based, misuse-resistant authenticated encryption.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt

func Decrypt(key, ciphertext []byte, associated [][]byte) ([]byte, error)

Given ciphertext previously generated by Encrypt and the key and associated data that were used when generating the ciphertext, return the original plaintext given to Encrypt. If the input is well-formed but the key is incorrect, return an instance of WrongKeyError.

func Encrypt

func Encrypt(dst, key, plaintext []byte, associated [][]byte) ([]byte, error)

Given a key and plaintext, encrypt the plaintext using the SIV mode of AES, as defined by RFC 5297, append the result (including both the synthetic initialization vector and the ciphertext) to dst, and return the updated slice. The output can later be fed to Decrypt to recover the plaintext.

In addition to confidentiality, this function also offers authenticity. That is, without the secret key an attacker is unable to construct a byte string that Decrypt will accept.

The supplied key must be 32, 48, or 64 bytes long.

The supplied associated data, up to 126 strings, is also authenticated, though it is not included in the ciphertext. The user must supply the same associated data to Decrypt in order for the Decrypt call to succeed. If no associated data is desired, pass an empty slice.

If the same key, plaintext, and associated data are supplied to this function multiple times, the output is guaranteed to be identical. As per RFC 5297 section 3, you may use this function for nonce-based authenticated encryption by passing a nonce as the last associated data element.

Types

type NotAuthenticError

type NotAuthenticError struct {
	// contains filtered or unexported fields
}

*NotAuthenticError is returned by Decrypt if the input is otherwise well-formed but the ciphertext doesn't check out as authentic. This could be due to an incorrect key, corrupted ciphertext, or incorrect/corrupted associated data.

func (*NotAuthenticError) Error

func (e *NotAuthenticError) Error() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL