Documentation
¶
Overview ¶
Package crypto provides AES-256-GCM encryption with HKDF-derived per-session keys for the Zaparoo API WebSocket transport.
Index ¶
- Constants
- Variables
- func DecodePakeMessage(wire []byte) ([]byte, error)
- func Decrypt(gcm cipher.AEAD, nonceBase []byte, counter uint64, ciphertext, aad []byte) ([]byte, error)
- func EncodePakeMessage(internal []byte) ([]byte, error)
- func Encrypt(gcm cipher.AEAD, nonceBase []byte, counter uint64, plaintext, aad []byte) ([]byte, error)
- func NewAEAD(key []byte) (cipher.AEAD, error)
- type PakeMessage
- type SessionKeys
Constants ¶
const AESKeySize = 32
AESKeySize is the size in bytes of an AES-256 key.
const NonceSize = 12
NonceSize is the size in bytes of an AES-GCM nonce.
const PairingKeySize = 32
PairingKeySize is the size in bytes of the long-term pairing key derived from the PAKE exchange and stored in the clients table.
const SessionSaltSize = 16
SessionSaltSize is the required size in bytes of the per-connection session salt sent by the client on the first WebSocket frame.
Variables ¶
var ErrCounterExhausted = errors.New("counter exhausted: rotate session keys")
ErrCounterExhausted prevents silent nonce reuse on counter overflow (unreachable in practice).
var ErrInvalidPairingKey = errors.New("pairing key must be 32 bytes")
ErrInvalidPairingKey is returned when the pairing key is not exactly PairingKeySize bytes.
var ErrInvalidPakeMessage = errors.New("invalid PAKE message")
ErrInvalidPakeMessage is returned when a PAKE message cannot be decoded.
var ErrInvalidSessionSalt = errors.New("session salt must be 16 bytes")
ErrInvalidSessionSalt is returned when the session salt is not exactly SessionSaltSize bytes.
Functions ¶
func DecodePakeMessage ¶
DecodePakeMessage converts the wire-format JSON (ASCII field names, string-quoted coordinates) back into the pake library's internal format so it can be passed to pake.Update().
func Decrypt ¶
func Decrypt(gcm cipher.AEAD, nonceBase []byte, counter uint64, ciphertext, aad []byte) ([]byte, error)
Decrypt decrypts ciphertext using AES-256-GCM with a counter-derived nonce.
func EncodePakeMessage ¶
EncodePakeMessage converts the pake library's internal JSON (from pake.Bytes()) into the clean wire format with ASCII field names and string-quoted coordinates.
Types ¶
type PakeMessage ¶
type PakeMessage struct {
UX string `json:"ux"`
UY string `json:"uy"`
VX string `json:"vx"`
VY string `json:"vy"`
XX string `json:"xx"`
XY string `json:"xy"`
YX string `json:"yx"`
YY string `json:"yy"`
Role int `json:"role"`
}
PakeMessage is the wire format for PAKE exchange messages. All elliptic curve coordinates are decimal strings to avoid precision loss in non-Go JSON parsers (IEEE 754 doubles only hold 53 bits).
type SessionKeys ¶
SessionKeys holds the four derived values for a single WebSocket session: directional AES-256 keys and directional 12-byte nonce bases.
func DeriveSessionKeys ¶
func DeriveSessionKeys(pairingKey, sessionSalt []byte) (*SessionKeys, error)
DeriveSessionKeys derives directional session keys from a pairing key and per-connection salt. Separate directional keys prevent reflection attacks.
Source Files