crypto

package
v0.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 20, 2017 License: BSD-2-Clause Imports: 10 Imported by: 0

Documentation

Overview

Package crypto provides all cryptographic operations needed in restic.

Index

Constants

View Source 
const (

	// Extension is the number of bytes a plaintext is enlarged by encrypting it.
	Extension = ivSize + macSize
)

Variables

View Source 
var DefaultKDFParams = KDFParams{
	N: sscrypt.DefaultParams.N,
	R: sscrypt.DefaultParams.R,
	P: sscrypt.DefaultParams.P,
}

DefaultKDFParams are the default parameters used for Calibrate and KDF().

View Source 
var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext")

ErrInvalidCiphertext is returned when trying to encrypt into the slice that holds the plaintext.

View Source 
var (
	// ErrUnauthenticated is returned when ciphertext verification has failed.
	ErrUnauthenticated = errors.New("ciphertext verification failed")
)

Functions

func NewSalt 

func NewSalt() ([]byte, error)

NewSalt returns new random salt bytes to use with KDF(). If NewSalt returns an error, this is a grave situation and the program must abort and terminate.

Types

type EncryptionKey 

type EncryptionKey [32]byte

EncryptionKey is key used for encryption

func (*EncryptionKey) MarshalJSON 

func (k *EncryptionKey) MarshalJSON() ([]byte, error)

MarshalJSON converts the EncryptionKey to JSON.

func (*EncryptionKey) UnmarshalJSON 

func (k *EncryptionKey) UnmarshalJSON(data []byte) error

UnmarshalJSON fills the key k with data from the JSON representation.

func (*EncryptionKey) Valid 

func (k *EncryptionKey) Valid() bool

Valid tests whether the key k is valid (i.e. not zero).

type KDFParams 

type KDFParams struct {
	N int
	R int
	P int
}

KDFParams are the default parameters used for the key derivation function KDF().

func Calibrate 

func Calibrate(timeout time.Duration, memory int) (KDFParams, error)

Calibrate determines new KDF parameters for the current hardware.

type Key 

type Key struct {
	MACKey        `json:"mac"`
	EncryptionKey `json:"encrypt"`
}

Key holds encryption and message authentication keys for a repository. It is stored encrypted and authenticated as a JSON data structure in the Data field of the Key structure.

func KDF 

func KDF(p KDFParams, salt []byte, password string) (*Key, error)

KDF derives encryption and message authentication keys from the password using the supplied parameters N, R and P and the Salt.

func NewRandomKey 

func NewRandomKey() *Key

NewRandomKey returns new encryption and message authentication keys.

func (*Key) Decrypt 

func (k *Key) Decrypt(plaintext []byte, ciphertextWithMac []byte) (int, error)

Decrypt verifies and decrypts the ciphertext. Ciphertext must be in the form IV || Ciphertext || MAC. plaintext and ciphertext may point to (exactly) the same slice.

func (*Key) Encrypt 

func (k *Key) Encrypt(ciphertext []byte, plaintext []byte) ([]byte, error)

Encrypt encrypts and authenticates data. Stored in ciphertext is IV || Ciphertext || MAC. Encrypt returns the new ciphertext slice, which is extended when necessary. ciphertext and plaintext may not point to (exactly) the same slice or non-intersecting slices.

func (*Key) Valid 

func (k *Key) Valid() bool

Valid tests if the key is valid.

type MACKey 

type MACKey struct {
	K [16]byte // for AES-128
	R [16]byte // for Poly1305
	// contains filtered or unexported fields
}

MACKey is used to sign (authenticate) data.

func (*MACKey) MarshalJSON 

func (m *MACKey) MarshalJSON() ([]byte, error)

MarshalJSON converts the MACKey to JSON.

func (*MACKey) UnmarshalJSON 

func (m *MACKey) UnmarshalJSON(data []byte) error

UnmarshalJSON fills the key m with data from the JSON representation.

func (*MACKey) Valid 

func (m *MACKey) Valid() bool

Valid tests whether the key k is valid (i.e. not zero).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.