Documentation
¶
Index ¶
- func CBCDecrypt(ciphertext, key []byte, opts ...Option) (plaintext []byte, err error)
- func CBCEncrypt(plaintext, key []byte, opts ...Option) (ciphertext []byte, err error)
- func CFBDecrypt(ciphertext, key []byte, opts ...Option) ([]byte, error)
- func CFBEncrypt(plaintext, key []byte, opts ...Option) ([]byte, error)
- func GCMDecrypt(ciphertext, key []byte, opts ...Option) (plaintext []byte, err error)
- func GCMEncrypt(plaintext, key []byte, opts ...Option) (ciphertext []byte, err error)
- func GCMEncryptNewKey(plaintext []byte, opts ...Option) (ciphertext, key, additional []byte, err error)
- func KeyPadding(key []byte) []byte
- func PKCS5Padding(plaintext []byte, blockSize int) []byte
- func PKCS5UnPadding(paddedText []byte) []byte
- func UnpackGCMCipherText(ciphertext []byte, opts ...Option) (text, nonce, tag []byte)
- type Option
- func AdditionalData(data []byte) Option
- func Base32(enc *base32.Encoding) Option
- func Base62(enc *base62.Encoding) Option
- func Base64(enc *base64.Encoding) Option
- func Decoder(f func([]byte) ([]byte, error)) Option
- func Encoder(f func([]byte) ([]byte, error)) Option
- func KeySize(size int) Option
- func NonceSize(size int) Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CBCDecrypt ¶
CBCDecrypt decrypts ciphertext returned by CBCEncrypt into plain text.
func CBCEncrypt ¶
CBCEncrypt encrypts plaintext with key using the CBC mode. The given plaintext will be padded following the PKCS#5 standard. The returned ciphertext contains the nonce and encrypted data.
CBC - 密码分组链接模式,明文数据需要按分组大小对齐。
func CFBDecrypt ¶
CFBDecrypt decrypts ciphertext returned by CFBEncrypt.
func CFBEncrypt ¶
CFBEncrypt encrypts plaintext with key using the CFB mode. The returned cipher text contains the nonce and encrypted data.
CFB - 密文反馈模式,明文数据不需要按分组大小对齐。
func GCMDecrypt ¶
GCMDecrypt decrypts ciphertext returned by GCMEncrypt and GCMEncryptNewKey into plain text.
func GCMEncrypt ¶
GCMEncrypt encrypts plaintext with key using the GCM mode. The returned ciphertext contains the nonce, encrypted text and the additional data authentication tag. If additional data is not provided (as an Option), random data will be generated and used.
GCM模式是CTR和GHASH的组合,GHASH操作定义为密文结果与密钥以及消息长度在GF(2^128)域上相乘。 GCM比CCM的优势是在于更高并行度及更好的性能。 TLS1.2标准使用的就是AES-GCM算法,并且Intel CPU提供了GHASH的硬件加速功能。
func GCMEncryptNewKey ¶
func GCMEncryptNewKey(plaintext []byte, opts ...Option) ( ciphertext, key, additional []byte, err error, )
GCMEncryptNewKey creates a new key and encrypts plaintext with the new key using GCM mode. The returned ciphertext contains the nonce, encrypted text and the additional data authentication tag. If additional data is not provided (as an Option), random data will be generated and used.
func KeyPadding ¶
KeyPadding ensures a key's length is either 32, 24 or 16. It key's length is greater than 32, it returns the first 32 bytes of key. If key's length is not 32, 24 or 16, it appends additional data to key using sha256.Sum(key) to make it satisfies the minimal requirement.
func PKCS5Padding ¶
PKCS5Padding appends padding data to plaintext following the PKCS#5 standard.
func PKCS5UnPadding ¶
PKCS5UnPadding removes padding data from paddedText following the PKCS#5 standard.
func UnpackGCMCipherText ¶
UnpackGCMCipherText unpacks cipher text returned by GCMEncrypt and GCMEncryptNewKey into encrypted text, nonce and authentication tag.
Types ¶
type Option ¶
type Option func(opt *options)
Option may be used to customize the encrypt and decrypt functions behavior.
func AdditionalData ¶
AdditionalData optionally specifies the additional data to use with GCM mode, it returns an Option.
func Base32 ¶
Base32 specifies the encoder and decoder to use the provided base32 encoding, it returns an Option.
If enc is nil, it uses base32.StdEncoding.
func Base62 ¶
Base62 specifies the encoder and decoder to use the provided base62 encoding, it returns an Option.
If enc is nil, it uses base62.StdEncoding.
func Base64 ¶
Base64 specifies the encoder and decoder to use the provided base64 encoding, it returns an Option.
If enc is nil, it uses base64.StdEncoding.
func Decoder ¶
Decoder optionally specifies a decoder function to decode the encrypted ciphertext, it returns an Option.
The decoder function should transform bytes returned by the corresponding encoder function to its original bytes.
func Encoder ¶
Encoder optionally specifies an encoder function to encode the encrypted ciphertext, it returns an Option.
The encoder function may transform arbitrary bytes to a new byte slice of some form.
Source Files