mac

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2024 License: Apache-2.0 Imports: 19 Imported by: 6

Documentation

Overview

Package mac provides implementations of the MAC primitive.

MAC computes a tag for a given message that can be used to authenticate a message. MAC protects data integrity as well as provides for authenticity of the message.

Example
package main

import (
	"bytes"
	"fmt"
	"log"

	"github.com/tink-crypto/tink-go/v2/insecurecleartextkeyset"
	"github.com/tink-crypto/tink-go/v2/keyset"
	"github.com/tink-crypto/tink-go/v2/mac"
)

func main() {
	// A keyset created with "tinkey create-keyset --key-template=HMAC_SHA256_128BITTAG".
	// Note that this keyset has the secret key information in cleartext.
	jsonKeyset := `{
			"key": [{
					"keyData": {
							"keyMaterialType":
									"SYMMETRIC",
							"typeUrl":
									"type.googleapis.com/google.crypto.tink.HmacKey",
							"value":
									"EgQIAxAQGiA0LQjovcydWhVQV3k8W9ZSRkd7Ei4Y/TRWApE8guwV4Q=="
					},
					"keyId": 1892702217,
					"outputPrefixType": "TINK",
					"status": "ENABLED"
			}],
			"primaryKeyId": 1892702217
	}`

	// Create a keyset handle from the cleartext keyset in the previous
	// step. The keyset handle provides abstract access to the underlying keyset to
	// limit the exposure of accessing the raw key material. WARNING: In practice,
	// it is unlikely you will want to use a insecurecleartextkeyset, as it implies
	// that your key material is passed in cleartext, which is a security risk.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.
	keysetHandle, err := insecurecleartextkeyset.Read(
		keyset.NewJSONReader(bytes.NewBufferString(jsonKeyset)))
	if err != nil {
		log.Fatal(err)
	}

	// Retrieve the MAC primitive we want to use from the keyset handle.
	primitive, err := mac.New(keysetHandle)
	if err != nil {
		log.Fatal(err)
	}

	// Use the primitive to create a MAC tag for some data. In this case the primary
	// key of the keyset will be used (which is also the only key in this example).
	data := []byte("data")
	tag, err := primitive.ComputeMAC(data)
	if err != nil {
		log.Fatal(err)
	}

	// Use the primitive to verify the tag. VerifyMAC finds the correct key in
	// the keyset. If no key is found or verification fails, it returns an error.
	err = primitive.VerifyMAC(tag, data)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("tag is valid")
}
Output:

tag is valid

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func AESCMACTag128KeyTemplate

func AESCMACTag128KeyTemplate() *tinkpb.KeyTemplate

AESCMACTag128KeyTemplate is a KeyTemplate that generates a AES-CMAC key with the following parameters:

  • Key size: 32 bytes
  • Tag size: 16 bytes

func HMACSHA256Tag128KeyTemplate

func HMACSHA256Tag128KeyTemplate() *tinkpb.KeyTemplate

HMACSHA256Tag128KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

  • Key size: 32 bytes
  • Tag size: 16 bytes
  • Hash function: SHA256

func HMACSHA256Tag256KeyTemplate

func HMACSHA256Tag256KeyTemplate() *tinkpb.KeyTemplate

HMACSHA256Tag256KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

  • Key size: 32 bytes
  • Tag size: 32 bytes
  • Hash function: SHA256

func HMACSHA512Tag256KeyTemplate

func HMACSHA512Tag256KeyTemplate() *tinkpb.KeyTemplate

HMACSHA512Tag256KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

  • Key size: 64 bytes
  • Tag size: 32 bytes
  • Hash function: SHA512

func HMACSHA512Tag512KeyTemplate

func HMACSHA512Tag512KeyTemplate() *tinkpb.KeyTemplate

HMACSHA512Tag512KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

  • Key size: 64 bytes
  • Tag size: 64 bytes
  • Hash function: SHA512

func New

func New(handle *keyset.Handle) (tink.MAC, error)

New creates a MAC primitive from the given keyset handle.

Types

This section is empty.

Directories

Path Synopsis
internal
mactest
Package mactest has testing utilities for the MAC primitive
Package mactest has testing utilities for the MAC primitive
Package subtle provides subtle implementations of the MAC primitive.
Package subtle provides subtle implementations of the MAC primitive.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL