Documentation ¶
Index ¶
- Constants
- func GetPlaintextSize(cipherLen int64) int64
- func GetSealedSize(plaintextLen int64) int64
- func NewDecodingReadSeeker(ctx context.Context, log logger.Logger, source io.ReadSeeker, size int64, ...) io.ReadSeeker
- func NewDecodingReader(encKey SecretboxKey, verifyKey VerifyKey, ...) io.Reader
- func NewEncodingReader(encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, ...) io.Reader
- func NewError(errorType ErrorType, message string, args ...interface{}) error
- func OpenWhole(sealed []byte, encKey SecretboxKey, verifyKey VerifyKey, ...) ([]byte, error)
- func OpenWithAssociatedData(sealed []byte, associatedData interface{}, encKey SecretboxKey, ...) (ret []byte, err error)
- func SealWhole(plaintext []byte, encKey SecretboxKey, signKey SignKey, ...) []byte
- func SealWithAssociatedData(msg []byte, associatedData interface{}, encKey SecretboxKey, signKey SignKey, ...) (ret []byte, err error)
- type AEADMessage
- type Decoder
- type Encoder
- type Error
- type ErrorType
- type Nonce
- type SecretboxKey
- type SecretboxNonce
- type SignKey
- type VerifyKey
Constants ¶
const DefaultPlaintextChunkLength int64 = 1 << 20
const NonceSize = 16
const SecretboxKeySize = 32
const SecretboxNonceSize = 24
Variables ¶
This section is empty.
Functions ¶
func GetPlaintextSize ¶
func GetSealedSize ¶
func NewDecodingReadSeeker ¶
func NewDecodingReadSeeker(ctx context.Context, log logger.Logger, source io.ReadSeeker, size int64, encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce, c *lru.Cache) io.ReadSeeker
func NewDecodingReader ¶
func NewDecodingReader(encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce, innerReader io.Reader) io.Reader
func NewEncodingReader ¶
func NewEncodingReader(encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce, innerReader io.Reader) io.Reader
NewEncodingReader creates a new streaming encoder. The signaturePrefix argument must not contain the null container.
func OpenWhole ¶
func OpenWhole(sealed []byte, encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) ([]byte, error)
func OpenWithAssociatedData ¶
func OpenWithAssociatedData(sealed []byte, associatedData interface{}, encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) (ret []byte, err error)
func SealWhole ¶
func SealWhole(plaintext []byte, encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) []byte
SealWhole seals all at once using the streaming encoding.
func SealWithAssociatedData ¶
func SealWithAssociatedData(msg []byte, associatedData interface{}, encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) (ret []byte, err error)
SealWithAssociatedData is a wrapper around SealWhole which adds an associatedData object (see AEAD ciphers) which must be message-packable into bytes. This exact object is required to call OpenWithAssociatedData on the ciphertext.
Types ¶
type AEADMessage ¶
type Decoder ¶
type Decoder struct {
// contains filtered or unexported fields
}
func NewDecoder ¶
func NewDecoder(encKey SecretboxKey, verifyKey VerifyKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) *Decoder
func (*Decoder) ChangePlaintextChunkLenForTesting ¶
func (*Decoder) Finish ¶
Finish decodes any remaining bytes as a short (or empty) packet. This produces the final bytes of the plaintext, and implicitly checks for truncation. This should only be called once, and after that you can't use this decoder again.
func (*Decoder) Write ¶
Write ciphertext bytes into the decoder. If any packets are ready to open, open them and either return their plaintext bytes as output or any error that comes up. Callers must call Finish() when they're done, to decode the final short packet and check for truncation. If Write ever returns an error, subsequent calls to Write will always return the same error.
type Encoder ¶
type Encoder struct {
// contains filtered or unexported fields
}
func NewEncoder ¶
func NewEncoder(encKey SecretboxKey, signKey SignKey, signaturePrefix kbcrypto.SignaturePrefix, nonce Nonce) *Encoder
func (*Encoder) ChangePlaintextChunkLenForTesting ¶
func (*Encoder) Finish ¶
Finish writes out any remaining buffered input bytes (possibly zero bytes) as a short chunk. This should only be called once, and after that you can't use this encoder again.
func (*Encoder) Write ¶
Write plaintext bytes into the encoder. If any output bytes are ready, return them. Callers must call Finish() when they're done, so that any remaining input bytes can be written out as a short (or empty) chunk. Otherwise you will both lose data and cause truncation errors on decoding.
type SecretboxKey ¶
type SecretboxKey *[SecretboxKeySize]byte
type SecretboxNonce ¶
type SecretboxNonce *[SecretboxNonceSize]byte
type SignKey ¶
type SignKey *[ed25519.PrivateKeySize]byte
type VerifyKey ¶
type VerifyKey *[ed25519.PublicKeySize]byte