mac

package

v2.2.0 Latest Latest Go to latest Published: May 16, 2024 License: Apache-2.0 Imports: 19 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tink-crypto/tink-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package mac provides implementations of the MAC primitive.

MAC computes a tag for a given message that can be used to authenticate a message. MAC protects data integrity as well as provides for authenticity of the message.

Example ¶

package main

import (
	"bytes"
	"fmt"
	"log"

	"github.com/tink-crypto/tink-go/v2/insecurecleartextkeyset"
	"github.com/tink-crypto/tink-go/v2/keyset"
	"github.com/tink-crypto/tink-go/v2/mac"
)

func main() {
	// A keyset created with "tinkey create-keyset --key-template=HMAC_SHA256_128BITTAG".
	// Note that this keyset has the secret key information in cleartext.
	jsonKeyset := `{
			"key": [{
					"keyData": {
							"keyMaterialType":
									"SYMMETRIC",
							"typeUrl":
									"type.googleapis.com/google.crypto.tink.HmacKey",
							"value":
									"EgQIAxAQGiA0LQjovcydWhVQV3k8W9ZSRkd7Ei4Y/TRWApE8guwV4Q=="
					},
					"keyId": 1892702217,
					"outputPrefixType": "TINK",
					"status": "ENABLED"
			}],
			"primaryKeyId": 1892702217
	}`

	// Create a keyset handle from the cleartext keyset in the previous
	// step. The keyset handle provides abstract access to the underlying keyset to
	// limit the exposure of accessing the raw key material. WARNING: In practice,
	// it is unlikely you will want to use a insecurecleartextkeyset, as it implies
	// that your key material is passed in cleartext, which is a security risk.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.
	keysetHandle, err := insecurecleartextkeyset.Read(
		keyset.NewJSONReader(bytes.NewBufferString(jsonKeyset)))
	if err != nil {
		log.Fatal(err)
	}

	// Retrieve the MAC primitive we want to use from the keyset handle.
	primitive, err := mac.New(keysetHandle)
	if err != nil {
		log.Fatal(err)
	}

	// Use the primitive to create a MAC tag for some data. In this case the primary
	// key of the keyset will be used (which is also the only key in this example).
	data := []byte("data")
	tag, err := primitive.ComputeMAC(data)
	if err != nil {
		log.Fatal(err)
	}

	// Use the primitive to verify the tag. VerifyMAC finds the correct key in
	// the keyset. If no key is found or verification fails, it returns an error.
	err = primitive.VerifyMAC(tag, data)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("tag is valid")
}

Output:

tag is valid

Index ¶

func AESCMACTag128KeyTemplate() *tinkpb.KeyTemplate
func HMACSHA256Tag128KeyTemplate() *tinkpb.KeyTemplate
func HMACSHA256Tag256KeyTemplate() *tinkpb.KeyTemplate
func HMACSHA512Tag256KeyTemplate() *tinkpb.KeyTemplate
func HMACSHA512Tag512KeyTemplate() *tinkpb.KeyTemplate
func New(handle *keyset.Handle) (tink.MAC, error)

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AESCMACTag128KeyTemplate ¶

func AESCMACTag128KeyTemplate() *tinkpb.KeyTemplate

AESCMACTag128KeyTemplate is a KeyTemplate that generates a AES-CMAC key with the following parameters:

Key size: 32 bytes
Tag size: 16 bytes

func HMACSHA256Tag128KeyTemplate ¶

func HMACSHA256Tag128KeyTemplate() *tinkpb.KeyTemplate

HMACSHA256Tag128KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

Key size: 32 bytes
Tag size: 16 bytes
Hash function: SHA256

func HMACSHA256Tag256KeyTemplate ¶

func HMACSHA256Tag256KeyTemplate() *tinkpb.KeyTemplate

HMACSHA256Tag256KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

Key size: 32 bytes
Tag size: 32 bytes
Hash function: SHA256

func HMACSHA512Tag256KeyTemplate ¶

func HMACSHA512Tag256KeyTemplate() *tinkpb.KeyTemplate

HMACSHA512Tag256KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

Key size: 64 bytes
Tag size: 32 bytes
Hash function: SHA512

func HMACSHA512Tag512KeyTemplate ¶

func HMACSHA512Tag512KeyTemplate() *tinkpb.KeyTemplate

HMACSHA512Tag512KeyTemplate is a KeyTemplate that generates a HMAC key with the following parameters:

Key size: 64 bytes
Tag size: 64 bytes
Hash function: SHA512

func New ¶

func New(handle *keyset.Handle) (tink.MAC, error)

New creates a MAC primitive from the given keyset handle.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
mactest Package mactest has testing utilities for the MAC primitive	Package mactest has testing utilities for the MAC primitive
subtle Package subtle provides subtle implementations of the MAC primitive.	Package subtle provides subtle implementations of the MAC primitive.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL