signencrypt

package
v5.1.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2019 License: BSD-3-Clause, BSD-3-Clause Imports: 13 Imported by: 57

Documentation

Index

Constants

View Source
const DefaultPlaintextChunkLength int64 = 1 << 20
View Source
const NonceSize = 16
View Source
const SecretboxKeySize = 32
View Source
const SecretboxNonceSize = 24

Variables

This section is empty.

Functions

func GetPlaintextSize

func GetPlaintextSize(cipherLen int64) int64

func GetSealedSize

func GetSealedSize(plaintextLen int64) int64

func NewDecodingReadSeeker

func NewDecodingReadSeeker(ctx context.Context, log logger.Logger, source io.ReadSeeker, size int64,
	encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce,
	c *lru.Cache) io.ReadSeeker

func NewDecodingReader

func NewDecodingReader(encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce, innerReader io.Reader) io.Reader

func NewEncodingReader

func NewEncodingReader(encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce, innerReader io.Reader) io.Reader

NewEncodingReader creates a new streaming encoder. The signaturePrefix argument must not contain the null container.

func NewError

func NewError(errorType ErrorType, message string, args ...interface{}) error

func OpenWhole

func OpenWhole(sealed []byte, encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) ([]byte, error)

func OpenWithAssociatedData

func OpenWithAssociatedData(sealed []byte, associatedData interface{}, encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) (ret []byte, err error)

func SealWhole

func SealWhole(plaintext []byte, encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) []byte

SealWhole seals all at once using the streaming encoding.

func SealWithAssociatedData

func SealWithAssociatedData(msg []byte, associatedData interface{}, encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) (ret []byte, err error)

SealWithAssociatedData is a wrapper around SealWhole which adds an associatedData object (see AEAD ciphers) which must be message-packable into bytes. This exact object is required to call OpenWithAssociatedData on the ciphertext.

Types

type AEADMessage

type AEADMessage struct {
	Version       int               `codec:"v" json:"v"`
	AssocDataHash [sha512.Size]byte `codec:"a" json:"a"`
	Message       []byte            `codec:"m" json:"m"`
}

type Decoder

type Decoder struct {
	// contains filtered or unexported fields
}

func NewDecoder

func NewDecoder(encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) *Decoder

func (*Decoder) ChangePlaintextChunkLenForTesting

func (d *Decoder) ChangePlaintextChunkLenForTesting(plaintextChunkLen int64)

func (*Decoder) Finish

func (d *Decoder) Finish() ([]byte, error)

Finish decodes any remaining bytes as a short (or empty) packet. This produces the final bytes of the plaintext, and implicitly checks for truncation. This should only be called once, and after that you can't use this decoder again.

func (*Decoder) Write

func (d *Decoder) Write(ciphertext []byte) ([]byte, error)

Write ciphertext bytes into the decoder. If any packets are ready to open, open them and either return their plaintext bytes as output or any error that comes up. Callers must call Finish() when they're done, to decode the final short packet and check for truncation. If Write ever returns an error, subsequent calls to Write will always return the same error.

type Encoder

type Encoder struct {
	// contains filtered or unexported fields
}

func NewEncoder

func NewEncoder(encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) *Encoder

func (*Encoder) ChangePlaintextChunkLenForTesting

func (e *Encoder) ChangePlaintextChunkLenForTesting(plaintextChunkLen int64)

func (*Encoder) Finish

func (e *Encoder) Finish() []byte

Finish writes out any remaining buffered input bytes (possibly zero bytes) as a short chunk. This should only be called once, and after that you can't use this encoder again.

func (*Encoder) Write

func (e *Encoder) Write(plaintext []byte) []byte

Write plaintext bytes into the encoder. If any output bytes are ready, return them. Callers must call Finish() when they're done, so that any remaining input bytes can be written out as a short (or empty) chunk. Otherwise you will both lose data and cause truncation errors on decoding.

type Error

type Error struct {
	Type    ErrorType
	Message string
}

func (Error) Error

func (e Error) Error() string

type ErrorType

type ErrorType int
const (
	BadSecretbox ErrorType = iota
	ShortSignature
	BadSignature
	AssociatedDataMismatch
)

type Nonce

type Nonce *[NonceSize]byte

type SecretboxKey

type SecretboxKey *[SecretboxKeySize]byte

type SecretboxNonce

type SecretboxNonce *[SecretboxNonceSize]byte

type SignKey

type SignKey *[ed25519.PrivateKeySize]byte

type VerifyKey

type VerifyKey *[ed25519.PublicKeySize]byte

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL