internal

func Copy ¶

func Copy(s cipher.Stream, dst io.Writer, src io.Reader) error

Copy copies from src to dst. If src is encrypted, then decrypted bytes are written into the dst. If src is not encrypted, then encrypted bytes are written into the dst. It uses 1 kiB internal buffer. s, dst, src must not be nil, otherwise it panics.

func MustNil ¶

func MustNil(err error)

MustNil panics if err is not nil. MustNil is a defensive assertion used primarily in security-sensitive areas. It ensures that an error, which "should never" occur, is truly absent. This acts as a safeguard against future changes in upstream APIs.

This is intended to be used with crypto/rand.Read. As noted in the documentation for crypto/rand.Read, it does not return a non-nil error. While we believe this interface will never change, we include this check just to be absolutely sure — for security reasons.

Example:

buf := make([]byte, 10)
_, err := rand.Read(buf) // Never returns a non-nil error.
internal.MustNil(err)    // But we check anyway, just in case.

func PadISO10126 ¶

func PadISO10126(blockSize int, data []byte) ([]byte, error)

PadISO10126 appends padding bytes to given data and returns resulting slice. The given blockSize must be in a range of 1-255, otherwise ErrBlockSize is returned. For example, when blockSize is 6 and the input data is {0x61, 0x61, 0x63}, then returned data will be {0x61, 0x61, 0x63, 0xAA, 0xBB, 0x03}. The last byte (0x03) represents the length of the padding, and the preceding padding bytes (0xAA, 0xBB) are random.

func PadISO7816 ¶

func PadISO7816(blockSize int, data []byte) ([]byte, error)

PadISO7816 appends padding bytes to the given data and returns the resulting slice. The given blockSize must be in the range 1–255; otherwise, ErrBlockSize is returned. For example, when blockSize is 6 and the input data is {0x61, 0x61, 0x63}, the returned data will be {0x61, 0x61, 0x63, 0x80, 0x00, 0x00}. The byte 0x80 marks the end of the actual data, and the remaining bytes (0x00) are padding.

func PadPKCS7 ¶

func PadPKCS7(blockSize int, data []byte) ([]byte, error)

PadPKCS7 appends padding bytes to the given data and returns the resulting slice. This function can also be used for PKCS#5 padding, as PKCS#5 is a subset of PKCS#7. PKCS#7 padding values range from 0x01 to 0x10 (1 to 16 in decimal), while PKCS#5 is defined specifically for a block size of 8 bytes (0x08). The given blockSize must be in the range 1–255; otherwise, ErrBlockSize is returned. For example, when blockSize is 6 and the input data is {0x61, 0x61, 0x63}, the returned data will be {0x61, 0x61, 0x63, 0x03, 0x03, 0x03}.

func UnpadISO10126 ¶

func UnpadISO10126(blockSize int, data []byte) ([]byte, error)

UnpadISO10126 removes ISO10126 padding from the given data. It may return the following errors:

• ErrBlockSize: the given blockSize is not in the range 1–255.
• ErrDataLength: the length of the input data is invalid; it must be a multiple of blockSize.
• ErrPaddingSize: the padding size embedded in the data is invalid.

func UnpadISO7816 ¶

func UnpadISO7816(blockSize int, data []byte) ([]byte, error)

UnpadISO7816 removes ISO7816 padding from the given data. It may return the following errors:

• ErrBlockSize: the given blockSize is not in the range 1–255.
• ErrDataLength: the length of the input data is invalid; it must be a multiple of blockSize.
• ErrPaddingSize: the padding size in the data is invalid.

func UnpadPKCS7 ¶

func UnpadPKCS7(blockSize int, data []byte) ([]byte, error)

UnpadPKCS7 removes PKCS7 padding from the given data. It may return the following errors:

• ErrBlockSize: the given blockSize is not in the range 1–255.
• ErrDataLength: the length of the input data is invalid; it must be a multiple of blockSize.
• ErrPaddingSize: the padding size in the data is invalid.