cipher

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 23, 2025 License: MIT Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAnsiX923Padding 

func NewAnsiX923Padding(src []byte, blockSize int) []byte

NewAnsiX923Padding applies ANSI X.923 padding to the source data. ANSI X.923 padding fills with zeros and adds the padding length as the last byte. If the data length is already a multiple of block size, a full block of padding is added.

func NewAnsiX923UnPadding 

func NewAnsiX923UnPadding(src []byte) []byte

NewAnsiX923UnPadding removes ANSI X.923 padding from the source data. This function validates that all padding bytes except the last are zero.

func NewBitPadding 

func NewBitPadding(src []byte, blockSize int) []byte

NewBitPadding applies bit padding to the source data. Bit padding adds a 0x80 byte followed by zero bytes to reach the block size. This is similar to ISO9797-1 method 1 but with a different name.

func NewBitUnPadding 

func NewBitUnPadding(src []byte) []byte

NewBitUnPadding removes bit padding from the source data. This function calls ISO9797-1 unpadding since they are identical.

func NewCBCDecrypter 

func NewCBCDecrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewCBCDecrypter decrypts data using Cipher Block Chaining (CBC) mode. CBC decryption reverses the encryption process by applying the block cipher and then XORing with the previous ciphertext block.

func NewCBCEncrypter 

func NewCBCEncrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewCBCEncrypter encrypts data using Cipher Block Chaining (CBC) mode. CBC mode encrypts each block of plaintext by XORing it with the previous ciphertext block before applying the block cipher algorithm.

func NewCFBDecrypter 

func NewCFBDecrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewCFBDecrypter decrypts data using Cipher Feedback (CFB) mode. In CFB mode, decryption is identical to encryption since it's a stream cipher.

func NewCFBEncrypter 

func NewCFBEncrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewCFBEncrypter encrypts data using Cipher Feedback (CFB) mode. CFB mode transforms a block cipher into a stream cipher by encrypting the previous ciphertext block and XORing the result with the plaintext.

func NewCTRDecrypter 

func NewCTRDecrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewCTRDecrypter decrypts data using Counter (CTR) mode. In CTR mode, decryption is identical to encryption since it's a stream cipher.

func NewCTREncrypter 

func NewCTREncrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewCTREncrypter encrypts data using Counter (CTR) mode. CTR mode transforms a block cipher into a stream cipher by encrypting a counter value and XORing the result with the plaintext.

func NewECBDecrypter 

func NewECBDecrypter(src []byte, block cipher.Block) (dst []byte, err error)

NewECBDecrypter decrypts data using Electronic Codebook (ECB) mode. ECB decryption decrypts each block independently.

func NewECBEncrypter 

func NewECBEncrypter(src []byte, block cipher.Block) (dst []byte, err error)

NewECBEncrypter encrypts data using Electronic Codebook (ECB) mode. ECB mode encrypts each block of plaintext independently using the same key. Note: ECB mode is generally not recommended for secure applications due to its vulnerability to pattern analysis.

func NewGCMDecrypter 

func NewGCMDecrypter(src, nonce, aad []byte, block cipher.Block) (dst []byte, err error)

NewGCMDecrypter decrypts data using Galois/Counter Mode (GCM). GCM decryption verifies the authentication tag before decrypting the data.

func NewGCMEncrypter 

func NewGCMEncrypter(src, nonce, aad []byte, block cipher.Block) (dst []byte, err error)

NewGCMEncrypter encrypts data using Galois/Counter Mode (GCM). GCM is an authenticated encryption mode that provides both confidentiality and authenticity. It combines CTR mode encryption with a Galois field multiplication for authentication.

func NewISO10126Padding 

func NewISO10126Padding(src []byte, blockSize int) []byte

NewISO10126Padding applies ISO/IEC 10126 padding to the source data. ISO10126 padding fills with random bytes and adds the padding length as the last byte. This padding scheme provides better security by using random padding bytes.

func NewISO10126UnPadding 

func NewISO10126UnPadding(src []byte) []byte

NewISO10126UnPadding removes ISO/IEC 10126 padding from the source data. This function reads the last byte to determine the padding size and removes that many bytes.

Note: The random padding bytes are not validated, only the length is used.

func NewISO78164Padding 

func NewISO78164Padding(src []byte, blockSize int) []byte

NewISO78164Padding applies ISO/IEC 7816-4 padding to the source data. ISO7816-4 padding is identical to ISO9797-1 method 1 padding. This function calls ISO9797-1 padding implementation.

func NewISO78164UnPadding 

func NewISO78164UnPadding(src []byte) []byte

NewISO78164UnPadding removes ISO/IEC 7816-4 padding from the source data. This function calls ISO9797-1 unpadding since they are identical.

func NewISO97971Padding 

func NewISO97971Padding(src []byte, blockSize int) []byte

NewISO97971Padding applies ISO/IEC 9797-1 padding method 1 to the source data. ISO9797-1 method 1 adds a 0x80 byte followed by zero bytes to reach the block size. If the data length is already a multiple of block size, a full block of padding is added.

func NewISO97971UnPadding 

func NewISO97971UnPadding(src []byte) []byte

NewISO97971UnPadding removes ISO/IEC 9797-1 padding method 1 from the source data. This function finds the last 0x80 byte and validates that all bytes after it are zero.

func NewNoPadding 

func NewNoPadding(src []byte) []byte

NewNoPadding applies no padding to the source data. This function simply returns the original data without modification.

Note: Data must already be a multiple of the block size for this to work correctly.

func NewNoUnPadding 

func NewNoUnPadding(src []byte) []byte

NewNoUnPadding removes no padding from the source data. This function simply returns the original data without modification.

func NewOFBDecrypter 

func NewOFBDecrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewOFBDecrypter decrypts data using Output Feedback (OFB) mode. In OFB mode, decryption is identical to encryption since it's a stream cipher.

func NewOFBEncrypter 

func NewOFBEncrypter(src, iv []byte, block cipher.Block) (dst []byte, err error)

NewOFBEncrypter encrypts data using Output Feedback (OFB) mode. OFB mode transforms a block cipher into a stream cipher by repeatedly encrypting the initialization vector and using the output as a keystream.

func NewPKCS5Padding 

func NewPKCS5Padding(src []byte) []byte

NewPKCS5Padding applies PKCS5 padding to the source data. PKCS5 padding is identical to PKCS7 padding but is limited to 8-byte blocks. This function calls PKCS7 padding with a fixed block size of 8.

func NewPKCS5UnPadding 

func NewPKCS5UnPadding(src []byte) []byte

NewPKCS5UnPadding removes PKCS5 padding from the source data. This function calls PKCS7 unpadding since PKCS5 and PKCS7 are identical.

func NewPKCS7Padding 

func NewPKCS7Padding(src []byte, blockSize int) []byte

NewPKCS7Padding applies PKCS7 padding to the source data. PKCS7 padding adds N bytes, each with value N, where N is the number of padding bytes needed. This is the most commonly used padding scheme in modern cryptography.

func NewPKCS7UnPadding 

func NewPKCS7UnPadding(src []byte) []byte

NewPKCS7UnPadding removes PKCS7 padding from the source data. This function reads the last byte to determine the padding size and removes that many bytes.

func NewZeroPadding 

func NewZeroPadding(src []byte, blockSize int) []byte

NewZeroPadding applies zero padding to the source data. Zero padding adds padding bytes (filled with zeros) to reach the block size. If the data length is already a multiple of block size, no padding is added. For empty data, no padding is added.

func NewZeroUnPadding 

func NewZeroUnPadding(src []byte) []byte

NewZeroUnPadding removes zero padding from the source data. This function removes trailing zero bytes from the data.

Types

type AesCipher 

type AesCipher struct {
	Key     []byte
	IV      []byte
	Nonce   []byte
	Aad     []byte
	Block   BlockMode
	Padding PaddingMode
}

func NewAesCipher 

func NewAesCipher(block BlockMode) (c *AesCipher)

func (*AesCipher) SetAAD 

func (c *AesCipher) SetAAD(aad []byte)

func (*AesCipher) SetIV 

func (c *AesCipher) SetIV(iv []byte)

func (*AesCipher) SetKey 

func (c *AesCipher) SetKey(key []byte)

func (*AesCipher) SetNonce 

func (c *AesCipher) SetNonce(nonce []byte)

func (*AesCipher) SetPadding 

func (c *AesCipher) SetPadding(padding PaddingMode)

type BlockMode 

type BlockMode string

BlockMode represents the different block cipher modes of operation 

const (
	CBC BlockMode = "CBC" // Cipher Block Chaining mode
	ECB BlockMode = "ECB" // Electronic Codebook mode
	CTR BlockMode = "CTR" // Counter mode
	GCM BlockMode = "GCM" // Galois/Counter Mode
	CFB BlockMode = "CFB" // Cipher Feedback mode
	OFB BlockMode = "OFB" // Output Feedback mode
)

Supported block cipher modes

type BlowfishCipher 

type BlowfishCipher struct {
	Key     []byte
	IV      []byte
	Nonce   []byte
	Aad     []byte
	Block   BlockMode
	Padding PaddingMode
}

func NewBlowfishCipher 

func NewBlowfishCipher(block BlockMode) (c *BlowfishCipher)

func (*BlowfishCipher) SetAAD 

func (c *BlowfishCipher) SetAAD(aad []byte)

func (*BlowfishCipher) SetIV 

func (c *BlowfishCipher) SetIV(iv []byte)

func (*BlowfishCipher) SetKey 

func (c *BlowfishCipher) SetKey(key []byte)

func (*BlowfishCipher) SetNonce 

func (c *BlowfishCipher) SetNonce(nonce []byte)

func (*BlowfishCipher) SetPadding 

func (c *BlowfishCipher) SetPadding(padding PaddingMode)

type CreateCipherError 

type CreateCipherError struct {
	// contains filtered or unexported fields
}

CreateCipherError represents an error that occurs during cipher creation. This error wraps the underlying error that prevented the cipher from being created successfully, such as invalid key length or unsupported cipher mode.

func (CreateCipherError) Error 

func (e CreateCipherError) Error() string

Error returns a formatted error message describing the cipher creation failure. The message includes the cipher mode and the underlying error details.

type DesCipher 

type DesCipher struct {
	Key     []byte
	IV      []byte
	Nonce   []byte
	Aad     []byte
	Block   BlockMode
	Padding PaddingMode
}

func NewDesCipher 

func NewDesCipher(block BlockMode) (c *DesCipher)

func (*DesCipher) SetAAD 

func (c *DesCipher) SetAAD(aad []byte)

func (*DesCipher) SetIV 

func (c *DesCipher) SetIV(iv []byte)

func (*DesCipher) SetKey 

func (c *DesCipher) SetKey(key []byte)

func (*DesCipher) SetNonce 

func (c *DesCipher) SetNonce(nonce []byte)

func (*DesCipher) SetPadding 

func (c *DesCipher) SetPadding(padding PaddingMode)

type EmptyIVError 

type EmptyIVError struct {
	// contains filtered or unexported fields
}

EmptyIVError represents an error when the initialization vector (IV) is empty for cipher modes that require an IV. This error occurs when the IV is nil or has zero length, which is not allowed for secure cipher operations.

func (EmptyIVError) Error 

func (e EmptyIVError) Error() string

Error returns a formatted error message indicating that the IV cannot be empty for the specified cipher mode.

type EmptyNonceError 

type EmptyNonceError struct {
	// contains filtered or unexported fields
}

EmptyNonceError represents an error when the nonce (number used once) is empty for cipher modes that require a nonce, such as GCM mode. This error occurs when the nonce is nil or has zero length, which is required for secure authenticated encryption.

func (EmptyNonceError) Error 

func (e EmptyNonceError) Error() string

Error returns a formatted error message indicating that the nonce cannot be empty for the specified cipher mode.

type InvalidIVError 

type InvalidIVError struct {
	// contains filtered or unexported fields
}

InvalidIVError represents an error when the initialization vector (IV) length is invalid for the specified block cipher. This error occurs when the IV length does not match the required block size for the cipher.

func (InvalidIVError) Error 

func (e InvalidIVError) Error() string

Error returns a formatted error message describing the invalid IV length. The message includes the cipher mode, actual IV length, and required block size.

type InvalidSrcError 

type InvalidSrcError struct {
	// contains filtered or unexported fields
}

InvalidSrcError represents an error when the source data length is invalid for the specified block cipher mode. This error occurs when the source data length is not a multiple of the block size, which is required for most block cipher operations.

func (InvalidSrcError) Error 

func (e InvalidSrcError) Error() string

Error returns a formatted error message describing the invalid source data length. The message includes the cipher mode, actual source length, and required block size.

type NilBlockError 

type NilBlockError struct {
	// contains filtered or unexported fields
}

NilBlockError represents an error when the cipher block is nil. This error occurs when a nil cipher block is passed to encryption or decryption functions, which is not allowed for any cipher operation.

func (NilBlockError) Error 

func (e NilBlockError) Error() string

Error returns a formatted error message indicating that the cipher block cannot be nil for the specified cipher mode.

type PaddingMode 

type PaddingMode string

PaddingMode represents the different padding schemes available for block ciphers 

const (
	No       PaddingMode = "No"        // No padding - data must be exact block size
	Zero     PaddingMode = "Zero"      // Zero padding - fills with zeros, always adds padding
	PKCS5    PaddingMode = "PKCS5"     // PKCS5 padding - RFC 2898, 8-byte blocks only
	PKCS7    PaddingMode = "PKCS7"     // PKCS7 padding - RFC 5652, variable block size
	AnsiX923 PaddingMode = "AnsiX.923" // ANSI X.923 padding - zeros + length byte
	ISO97971 PaddingMode = "ISO9797-1" // ISO/IEC 9797-1 padding method 1
	ISO10126 PaddingMode = "ISO10126"  // ISO/IEC 10126 padding - random + length byte
	ISO78164 PaddingMode = "ISO7816-4" // ISO/IEC 7816-4 padding - same as ISO9797-1
	Bit      PaddingMode = "Bit"       // Bit padding - 0x80 + zeros
)

Supported padding modes for block cipher operations

type Rc4Cipher 

type Rc4Cipher struct {
	Key []byte
}

func NewRc4Cipher 

func NewRc4Cipher() (c *Rc4Cipher)

func (*Rc4Cipher) SetKey 

func (c *Rc4Cipher) SetKey(key []byte)

type TeaCipher 

type TeaCipher struct {
	Key    []byte
	Rounds int
}

func NewTeaCipher 

func NewTeaCipher() (c *TeaCipher)

func (*TeaCipher) SetKey 

func (c *TeaCipher) SetKey(key []byte)

func (*TeaCipher) SetRounds 

func (c *TeaCipher) SetRounds(rounds int)

type TripleDesCipher 

type TripleDesCipher struct {
	Key     []byte
	IV      []byte
	Nonce   []byte
	Aad     []byte
	Block   BlockMode
	Padding PaddingMode
}

func New3DesCipher 

func New3DesCipher(block BlockMode) (c *TripleDesCipher)

func (*TripleDesCipher) SetAAD 

func (c *TripleDesCipher) SetAAD(aad []byte)

func (*TripleDesCipher) SetIV 

func (c *TripleDesCipher) SetIV(iv []byte)

func (*TripleDesCipher) SetKey 

func (c *TripleDesCipher) SetKey(key []byte)

func (*TripleDesCipher) SetNonce 

func (c *TripleDesCipher) SetNonce(nonce []byte)

func (*TripleDesCipher) SetPadding 

func (c *TripleDesCipher) SetPadding(padding PaddingMode)

Source Files

  • 3des.go
  • aes.go
  • block.go
  • blowfish.go
  • des.go
  • errors.go
  • padding.go
  • rc4.go
  • tea.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.