crypto

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 21, 2015 License: BSD-2-Clause Imports: 11 Imported by: 0

Documentation

Overview

Package crypto provides all cryptographic operations needed in restic.

Index

Constants

View Source
const (
	Extension = ivSize + macSize
)

Variables

View Source
var (
	// ErrUnauthenticated is returned when ciphertext verification has failed.
	ErrUnauthenticated = errors.New("ciphertext verification failed")

	// ErrBufferTooSmall is returned when the destination slice is too small
	// for the ciphertext.
	ErrBufferTooSmall = errors.New("destination buffer too small")
)
View Source
var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext")

ErrInvalidCiphertext is returned when trying to encrypt into the slice that holds the plaintext.

Functions

func Decrypt

func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error)

Decrypt verifies and decrypts the ciphertext. Ciphertext must be in the form IV || Ciphertext || MAC. plaintext and ciphertext may point to (exactly) the same slice.

func DecryptFrom

func DecryptFrom(ks *Key, rd io.Reader) (io.ReadCloser, error)

DecryptFrom verifies and decrypts the ciphertext read from rd with ks and makes it available on the returned Reader. Ciphertext must be in the form IV || Ciphertext || MAC. In order to correctly verify the ciphertext, rd is drained, locally buffered and made available on the returned Reader afterwards. If a MAC verification failure is observed, it is returned immediately.

func Encrypt

func Encrypt(ks *Key, ciphertext []byte, plaintext []byte) ([]byte, error)

Encrypt encrypts and authenticates data. Stored in ciphertext is IV || Ciphertext || MAC. Encrypt returns the new ciphertext slice, which is extended when necessary. ciphertext and plaintext may not point to (exactly) the same slice or non-intersecting slices.

func EncryptTo

func EncryptTo(ks *Key, wr io.Writer) io.WriteCloser

EncryptTo buffers data written to the returned io.WriteCloser. When Close() is called, the data is encrypted and written to the underlying writer.

Types

type EncryptionKey

type EncryptionKey [32]byte

func (*EncryptionKey) MarshalJSON

func (k *EncryptionKey) MarshalJSON() ([]byte, error)

func (*EncryptionKey) UnmarshalJSON

func (k *EncryptionKey) UnmarshalJSON(data []byte) error

func (*EncryptionKey) Valid

func (k *EncryptionKey) Valid() bool

Valid tests whether the key k is valid (i.e. not zero).

type Key

type Key struct {
	MAC     MACKey        `json:"mac"`
	Encrypt EncryptionKey `json:"encrypt"`
}

Key holds encryption and message authentication keys for a repository. It is stored encrypted and authenticated as a JSON data structure in the Data field of the Key structure.

func KDF

func KDF(N, R, P int, salt []byte, password string) (*Key, error)

KDF derives encryption and message authentication keys from the password using the supplied parameters N, R and P and the Salt.

func NewRandomKey

func NewRandomKey() *Key

NewRandomKey returns new encryption and message authentication keys.

func (*Key) Valid

func (k *Key) Valid() bool

Valid tests if the key is valid.

type MACKey

type MACKey struct {
	K [16]byte // for AES-128
	R [16]byte // for Poly1305
	// contains filtered or unexported fields
}

func (*MACKey) MarshalJSON

func (m *MACKey) MarshalJSON() ([]byte, error)

func (*MACKey) UnmarshalJSON

func (m *MACKey) UnmarshalJSON(data []byte) error

func (*MACKey) Valid

func (k *MACKey) Valid() bool

Valid tests whether the key k is valid (i.e. not zero).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL