uciph

README

μCiph

μCiph is crypto library created in order to:

1. Solve common problems, like stream encryption to encrypt big files
2. Allow easy cryptosystem swapping in case some turns out to be broken
3. Allows composite cipher creation(cipher/hash function created from many different hash functions) (NIY)

The goal:

Provide wrappers for commonly used cryptographic "primitives" and allow easy swapping of these when it's required.

It does not implements algoritms itself, except:

• Message padding scheme(ISO/IEC 7816-4) (is NOT constant time yet)

What it does implement right now:

Various end user utiltiies

• stream(io.Reader/io.Writer) encryption, unlike TLS suitable for file encryption
• Token management - with signing, encryption and expiration
• Password hash format - with support for versioning

Encryption(symmetric)

• ChaCha20Poly1305 cipher
• AES 128/192/256 GCM cipher
• ChaCha20 PRNG

Encryption(asymmetric)

• Key exchange to asymmetric encryption(with symmetric algorithm)

Signing

• Ed25519
• RSA

Others

• golang stdlib crypto hash functions(abstractable wrappers)
• HMAC using golang stdlib
• ISO/IEC 7816-4 Padding
• Simple hash based PoW algorithm
• Blank polyfils for most of the things
• Streamming encryption designed for files(unlike SSL, use SSL for network streams)
• RNG and PRNG utils
• Nonce counter maintaining unique nonces (not constant time, usually does not have to be)

Documentation

Index

• Variables

Variables

var ErrChunkTooBig = errors.New("uciph: This stream contains too long chunks and can't be processed")

ErrChunkTooBig is returend when chunk is too big

var ErrCiphertextInvalid = errors.New("uciph: Input ciphertext has invalid format or is corrupted")

ErrCiphertextInvalid is returned when ciphertext is corrupted

var ErrHashNotAvailable = errors.New(
	"uciph: hash.Hash availability check filed. Check out hash.Hash.Available() from golang STL for more info" +
		"Note: Try import _ \"*YOUR HASH PACKAGE LIKE crypto/sha256*\"",
)

ErrHashNotAvailable is returend when given hash function is not available but was requested.

var ErrInvalidKeySize = errors.New("uciph: Given key has invalid size")

ErrInvalidKeySize is returned when key has invalid size

var ErrInvalidOverlap = errors.New("uciph: Slices are not overlapping each other correctly")

ErrInvalidOverlap is retuned when append to overlaping rule is broken.

var ErrKeyInvalid = errors.New("uciph: Input data is not valid key")

ErrKeyInvalid is returned when input data is not valid key or key is corrupted somewhere else.

var ErrKeyTypeInvalid = errors.New("uciph: Invalid input key type")

ErrKeyTypeInvalid is returned when given type of key is not accepted in given context.

var ErrNonceInvalid = errors.New("uciph: Input ciphertext has no nonce or it's invalid")

ErrNonceInvalid is returned when nonce management code detects that there is problem with nonce.

var ErrSignInvalid = errors.New("uciph: Given sign is invalid! Sign verification filed")

ErrSignInvalid is returned by verifier when sign it's given is invalid.

var ErrStreamChunksReordered = errors.New("uciph: Chunks of this encrypted stream have been reordered")

ErrStreamChunksReordered is returned when StreamDecryptor finds out that stream has reordered chunks and thus data has been tampered with.

var ErrStreamLogicEnd = errors.New("uciph: Given stream has endend logically but more data is supplied to StreamDecryptor")

ErrStreamLogicEnd is returned when StreamDecryptor finds out that stream contains more data than it should.

var ErrStreamTruncated = errors.New("uciph: This stream logically should have more data")

ErrStreamTruncated is returned when stream logically has more data but it hasn't arrived.

var ErrTooManyChunksEncrypted = errors.New("uciph: This encryptor can't safely encrypt more chunks")

ErrTooManyChunksEncrypted is returned when nonce counter is about to overflow. Usually it's returned to prevent xoring with same keystream again and prevent panicking.