internal

package

v1.1.34 Latest Latest Go to latest Published: Feb 12, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/a-novel-kit/jwt

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ConcatKDF(hash crypto.Hash, z []byte, keyDataLen int, ...) []byte
func Derive(z []byte, alg string, keySize int, apu, apv string) ([]byte, error)
func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error)
func KeyWrap(block cipher.Block, cek []byte) ([]byte, error)
func PKCS7Padding(ciphertext []byte, blockSize int) []byte
func PKCS7UnPadding(plaintText []byte) []byte

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrDataTooLarge = errors.New("data is too large")

Functions ¶

func ConcatKDF ¶

func ConcatKDF(
	hash crypto.Hash, z []byte, keyDataLen int, algID, pUInfo, pVInfo, supPubInfo, supPrivInfo []byte,
) []byte

ConcatKDF implementation, as defined in Section 5.8.1 of [NIST.800-56A].

Alg is the algorithm ID. In the Direct Key Agreement case, Data is set to the octets of the ASCII representation of the "enc" Header Parameter value. In the Key Agreement with Key Wrapping case, Data is set to the octets of the ASCII representation of the "alg" (algorithm) Header Parameter value.

Key size is set to the number of bits in the desired output key. For "ECDH-ES", this is length of the key used by the "enc" algorithm. For "ECDH-ES+A128KW", "ECDH-ES+A192KW", and "ECDH-ES+A256KW", this is 128, 192, and 256, respectively.

Apu is the Agreement PartyUInfo value. If an "apu" (agreement PartyUInfo) Header Parameter is present, Data is set to the result of base64url decoding the "apu" value and Datalen is set to the number of octets in Data. Otherwise, Datalen is set to 0 and Data is set to the empty octet sequence.

Apv is the Agreement PartyVInfo value. If an "apv" (agreement PartyVInfo) Header Parameter is present, Data is set to the result of base64url decoding the "apv" value and Datalen is set to the number of octets in Data. Otherwise, Datalen is set to 0 and Data is set to the empty octet sequence.

func KeyUnwrap ¶

func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error)

KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher.

func KeyWrap ¶

func KeyWrap(block cipher.Block, cek []byte) ([]byte, error)

KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher.

func PKCS7Padding ¶

func PKCS7Padding(ciphertext []byte, blockSize int) []byte

PKCS7Padding pads the given ciphertext to the nearest multiple of the block size.

func PKCS7UnPadding ¶

func PKCS7UnPadding(plaintText []byte) []byte

PKCS7UnPadding removes the padding from the given ciphertext.

Types ¶