Documentation ¶
Index ¶
- Constants
- Variables
- func Decrypt(dst, ciphertext []byte, enc *Encryption, recipient Private) ([]byte, error)
- func Verify(data []byte, signature Signature, keyset Public) (bool, error)
- type Algorithm
- type Encryption
- type ErrPublicKeysetSignature
- type Fingerprint
- type ID
- type Identity
- type KEMAlgorithm
- type KEMScheme
- type Keyset
- type KeysetInfo
- type Message
- type MessageType
- type Private
- type Public
- type Scheme
- type SignAlgorithm
- type SignScheme
- type Signature
Constants ¶
const ( FPSize = md5.Size // 16 FPStringSize = FPSize*3 - 1 // 47 IDSize = FPSize / 2 // 8 IDStringSize = IDSize * 2 // hexed id (16) )
id and fingerprint sizes.
const ( MessageFlagEncrypted MessageType = 1 << iota MessageFlagSigned // rawly encoded message that is not encrypted and not signed MessageTypeRaw = 0x00 // anonymous message that is only encrypted and not signed MessageTypeAnonymous = MessageFlagEncrypted // clear-signed message that is only signed and not encrypted MessageTypeClearSign = MessageFlagSigned // message that is encrypted and signed MessageTypeSignedEncrypted = MessageFlagEncrypted | MessageFlagSigned )
message flags and types
const ( PacketTagMessage pack.Tag = 0x01 PacketTagPublicKeyset pack.Tag = 0x02 PacketTagPrivateKeyset pack.Tag = 0x03 )
packet tags.
Variables ¶
var (
ErrEmpty = errors.New("empty data")
)
errors
var ErrInvalidIdentity = errors.New("invalid identity")
ErrInvalidIdentity is returned if the identity is invalid.
var (
ErrInvalidScheme = errors.New("invalid scheme")
)
scheme errors.
var ErrInvalidSeed = errors.New("invalid seed size")
ErrInvalidSeed is returned if the seed size does not match the scheme.
Functions ¶
Types ¶
type Algorithm ¶ added in v0.2.0
type Algorithm string
Algorithm represents algorithm as string.
const InvalidAlgorithm Algorithm = "INVALID"
InvalidAlgorithm represents unsupported or invalid algorithm.
type Encryption ¶ added in v0.2.0
type Encryption struct { // keyset id used for encapsulation ID ID `msgpack:"id"` // cipher nonce Nonce []byte `msgpack:"nonce"` // encapsulated shared secret Secret []byte `msgpack:"secret"` }
Encryption contains encryption data.
func Encrypt ¶
func Encrypt(dst, data []byte, recipient Public) (ciphertext []byte, enc *Encryption)
Encrypt encrypts data for the public key and appends the result to dst, returning the updated slice. The result ciphertext includes encrypted data with appended auth tag.
func (*Encryption) Error ¶ added in v0.2.0
func (e *Encryption) Error() string
func (*Encryption) IsValid ¶ added in v0.2.0
func (e *Encryption) IsValid() bool
IsValid returns true if the encryption data is valid.
func (*Encryption) Validate ¶ added in v0.2.0
func (e *Encryption) Validate(p Private) error
Validate compares the encryption data against the private keyset id and scheme.
type ErrPublicKeysetSignature ¶ added in v0.2.0
type ErrPublicKeysetSignature struct {
// contains filtered or unexported fields
}
ErrPublicKeysetSignature is returned if the public keyset signature is invalid.
func (ErrPublicKeysetSignature) Error ¶ added in v0.2.0
func (e ErrPublicKeysetSignature) Error() string
type Fingerprint ¶
Fingerprint represents keyset fingerprint.
func FingerprintFromString ¶ added in v0.2.0
func FingerprintFromString(strFP string) (fp Fingerprint, ok bool)
FingerprintFromString parses string keyset fingerprint.
func (Fingerprint) IsEmpty ¶ added in v0.2.0
func (f Fingerprint) IsEmpty() bool
IsEmpty returns true if fingerprint is empty.
func (Fingerprint) String ¶
func (f Fingerprint) String() string
type ID ¶
ID represents keyset ID.
func IDFromString ¶
IDFromString parses hexed keyset ID. It returns false if the string is not a valid keyset ID.
func IDFromUint ¶ added in v0.2.0
IDFromUint converts uint64 to ID.
type Identity ¶
type Identity struct { Name string `msgpack:"name"` Email string `msgpack:"email,omitempty"` Comment string `msgpack:"comment,omitempty"` }
Identity represents the keyset's identity.
type KEMAlgorithm ¶ added in v0.2.0
type KEMAlgorithm Algorithm
KEMAlgorithm represents KEM algorithm.
const ( Kyber512AESGCM KEMAlgorithm = "KYBER512-AES_GCM" Kyber512XChaCha20Poly1305 KEMAlgorithm = "KYBER512-XCHACHA20_POLY1305" Kyber768AESGCM KEMAlgorithm = "KYBER768-AES_GCM" Kyber768XChaCha20Poly1305 KEMAlgorithm = "KYBER768-XCHACHA20_POLY1305" Kyber1024AESGCM KEMAlgorithm = "KYBER1024-AES_GCM" Kyber1024XChaCha20Poly1305 KEMAlgorithm = "KYBER1024-XCHACHA20_POLY1305" Frodo640ShakeAESGCM KEMAlgorithm = "FRODO640SHAKE-AES_GCM" )
available KEM algorithms.
func ListKEMAlgorithms ¶ added in v0.2.0
func ListKEMAlgorithms() []KEMAlgorithm
ListKEMAlgorithms returns all available KEM algorithms.
func (KEMAlgorithm) Alg ¶ added in v0.2.0
func (alg KEMAlgorithm) Alg() KEMAlgorithm
Alg returns itself.
func (KEMAlgorithm) IsValid ¶ added in v0.2.0
func (alg KEMAlgorithm) IsValid() bool
IsValid returns true if the algorithm is valid and supported.
func (KEMAlgorithm) Scheme ¶ added in v0.2.0
func (alg KEMAlgorithm) Scheme() KEMScheme
Scheme returns the KEM scheme. Returns nil if the algorithm is invalid or unsupported.
func (KEMAlgorithm) String ¶ added in v0.2.0
func (alg KEMAlgorithm) String() string
type KEMScheme ¶ added in v0.2.0
type KEMScheme interface { Alg() KEMAlgorithm kem.Scheme Cipher() cipher.Scheme }
KEMScheme represents a KEM scheme.
func ListKEMSchemes ¶ added in v0.2.0
func ListKEMSchemes() []KEMScheme
ListKEMSchemes returns all available KEM schemes.
type Keyset ¶ added in v0.1.1
type Keyset interface { pack.Packable // Info returns the info of the keyset. Info() KeysetInfo // Identity returns the identity of the keyset. Identity() Identity // ID returns the ID of the keyset. ID() ID // Fingerprint returns the fingerprint of the keyset. Fingerprint() Fingerprint // Scheme returns the scheme of the keyset. Scheme() Scheme // contains filtered or unexported methods }
Keyset represents a keyset.
type KeysetInfo ¶ added in v0.2.0
type KeysetInfo struct { ID ID `msgpack:"-"` Fingerprint Fingerprint `msgpack:"-"` Identity Identity `msgpack:"identity"` Scheme Scheme `msgpack:"scheme"` }
KeysetInfo contains the info about the keyset.
type Message ¶
type Message struct { // signature Signature *Signature `msgpack:"signature,omitempty"` // encryption Encryption *Encryption `msgpack:"encryption,omitempty"` // name of the file Filename string `msgpack:"filename,omitempty"` // time of the last file modification or message creation Time int64 `msgpack:"time,omitempty"` // data Data []byte `msgpack:"data"` }
Message contains a message.
func NewMessage ¶ added in v0.2.0
NewMessage creates a new message. If the sender is nil, the message will be Anonymous. If the recipient is nil, the message will be Clear-Signed.
func NewMessageFile ¶ added in v0.2.0
func NewMessageFile(data []byte, filename string, mtime int64, recipient Public, sender Private) (Message, error)
NewMessageFile creates a new message containing a file. If the filename is empty it just returns the result of NewMessage.
type MessageType ¶
type MessageType byte
MessageType represents a message type.
func (MessageType) IsEncrypted ¶
func (t MessageType) IsEncrypted() bool
IsEncrypted returns true if the message is encrypted.
func (MessageType) IsSigned ¶
func (t MessageType) IsSigned() bool
IsSigned returns true if the message is signed.
func (MessageType) String ¶
func (t MessageType) String() string
type Private ¶
type Private interface { Keyset // Public returns the public keyset. Public() Public // ChangeIdentity changes the identity of the keyset. ChangeIdentity(Identity) error // KEM returns the KEM public key. KEM() kem.PrivateKey // Sign returns the signature public key. Sign() sign.PrivateKey // contains filtered or unexported methods }
Private represents a private keyset.
type Public ¶
type Public interface { Keyset // KEM returns the KEM public key. KEM() kem.PublicKey // Sign returns the signature public key. Sign() sign.PublicKey }
Public represents a public keyset.
type Scheme ¶
type Scheme struct { Sign SignScheme KEM KEMScheme }
Scheme type.
func ParseScheme ¶
ParseScheme parses string with format "SIGN::KEM".
func (*Scheme) DecodeMsgpack ¶ added in v0.2.0
DecodeMsgpack implements pack.CustomDecoder.
func (Scheme) EncodeMsgpack ¶ added in v0.2.0
EncodeMsgpack implements pack.CustomEncoder.
type SignAlgorithm ¶ added in v0.2.0
type SignAlgorithm Algorithm
SignAlgorithm represents a signature algorithm.
const ( // Dilithium2ED25519 hybrids Dilithium mode2 with ed25519 Dilithium2ED25519 SignAlgorithm = "DILITHIUM2_ED25519" // Dilithium3ED448 hybrids Dilithium mode3 with ed448 Dilithium3ED448 SignAlgorithm = "DILITHIUM3_ED448" Dilithium2 SignAlgorithm = "DILITHIUM2" Dilithium2AES SignAlgorithm = "DILITHIUM2_AES" Dilithium3 SignAlgorithm = "DILITHIUM3" Dilithium3AES SignAlgorithm = "DILITHIUM3_AES" Dilithium5 SignAlgorithm = "DILITHIUM5" Dilithium5AES SignAlgorithm = "DILITHIUM5_AES" Falcon1024 SignAlgorithm = "FALCON1024" )
signature algorithms.
func ListSignAlgorithms ¶ added in v0.2.0
func ListSignAlgorithms() []SignAlgorithm
ListSignAlgorithms returns all available signature algorithms.
func (SignAlgorithm) Alg ¶ added in v0.2.0
func (alg SignAlgorithm) Alg() SignAlgorithm
Alg returns itself.
func (SignAlgorithm) IsValid ¶ added in v0.2.0
func (alg SignAlgorithm) IsValid() bool
IsValid returns true if the algorithm is valid and supported.
func (SignAlgorithm) Scheme ¶ added in v0.2.0
func (alg SignAlgorithm) Scheme() SignScheme
Scheme returns the signature scheme. Returns nil if the algorithm is invalid or unsupported.
func (SignAlgorithm) String ¶ added in v0.2.0
func (alg SignAlgorithm) String() string
type SignScheme ¶ added in v0.2.0
type SignScheme interface { Alg() SignAlgorithm sign.Scheme }
SignScheme represents a signature scheme.
func ListSignSchemes ¶ added in v0.2.0
func ListSignSchemes() []SignScheme
ListSignSchemes returns all available signature schemes.
type Signature ¶ added in v0.2.0
type Signature struct { // keyset id used for signing ID ID `msgpack:"id"` // signature Signature []byte `msgpack:"sig"` // signature time stamp Time int64 `msgpack:"time"` }
Signature represents a signature.
func Sign ¶
Sign creates a signature. Returns an empty signature without error if the keyset is nil.