Documentation
¶
Index ¶
- Constants
- Variables
- func NewEncryptionSuite(algorithm encAlgorithm, mode cipherMode, dataKeyLen, ivLen, authLen int) encryptionSuite
- func NewKdfSuite(KDFFunc func(hash func() hash.Hash, secret, salt, info []byte) io.Reader, ...) kdfSuite
- type AlgorithmSuite
- func (as *AlgorithmSuite) AlgorithmSuiteDataLen() int
- func (as *AlgorithmSuite) GoString() string
- func (as *AlgorithmSuite) IDBytes() []byte
- func (as *AlgorithmSuite) IsCommitting() bool
- func (as *AlgorithmSuite) IsSigning() bool
- func (as *AlgorithmSuite) MessageIDLen() int
- func (as *AlgorithmSuite) Name() string
- func (as *AlgorithmSuite) String() string
- type CommitmentPolicy
- type ContentAADString
- type ContentType
- type EncryptionContext
Constants ¶
View Source
const ( MinFrameSize = int(128) MaxFrameSize = math.MaxUint32 )
Variables ¶
View Source
var ( AES_256_GCM_HKDF_SHA512_COMMIT_KEY = newAlgorithmSuite(0x0478, aes_256_GCM_IV12_TAG16, 2, hkdf_SHA512, authSuite_NONE) AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384 = newAlgorithmSuite(0x0578, aes_256_GCM_IV12_TAG16, 2, hkdf_SHA512, authSuite_SHA256_ECDSA_P384) )
View Source
var Algorithm algorithm
View Source
var ErrAlgorithmSuite = errors.New("algorithm suite error")
Functions ¶
func NewEncryptionSuite ¶
func NewEncryptionSuite(algorithm encAlgorithm, mode cipherMode, dataKeyLen, ivLen, authLen int) encryptionSuite
Types ¶
type AlgorithmSuite ¶
type AlgorithmSuite struct {
AlgorithmID uint16
EncryptionSuite encryptionSuite
MessageFormatVersion int
KDFSuite kdfSuite
Authentication authenticationSuite
}
func (*AlgorithmSuite) AlgorithmSuiteDataLen ¶
func (as *AlgorithmSuite) AlgorithmSuiteDataLen() int
func (*AlgorithmSuite) GoString ¶
func (as *AlgorithmSuite) GoString() string
func (*AlgorithmSuite) IDBytes ¶
func (as *AlgorithmSuite) IDBytes() []byte
func (*AlgorithmSuite) IsCommitting ¶
func (as *AlgorithmSuite) IsCommitting() bool
func (*AlgorithmSuite) IsSigning ¶
func (as *AlgorithmSuite) IsSigning() bool
func (*AlgorithmSuite) MessageIDLen ¶
func (as *AlgorithmSuite) MessageIDLen() int
func (*AlgorithmSuite) Name ¶
func (as *AlgorithmSuite) Name() string
func (*AlgorithmSuite) String ¶
func (as *AlgorithmSuite) String() string
type CommitmentPolicy ¶
type CommitmentPolicy int8
const ( CommitmentPolicyForbidEncryptAllowDecrypt CommitmentPolicy // 0 - FORBID_ENCRYPT_ALLOW_DECRYPT CommitmentPolicyRequireEncryptAllowDecrypt // 1 - REQUIRE_ENCRYPT_ALLOW_DECRYPT CommitmentPolicyRequireEncryptRequireDecrypt // 2 - REQUIRE_ENCRYPT_REQUIRE_DECRYPT )
func (CommitmentPolicy) GoString ¶
func (cp CommitmentPolicy) GoString() string
func (CommitmentPolicy) String ¶
func (cp CommitmentPolicy) String() string
type ContentAADString ¶
type ContentAADString string
const ( ContentAADFrame ContentAADString = "AWSKMSEncryptionClient Frame" ContentAADFinalFrame ContentAADString = "AWSKMSEncryptionClient Final Frame" )
type ContentType ¶
type ContentType uint8
const ( NonFramedContent ContentType = 0x01 FramedContent ContentType = 0x02 )
type EncryptionContext ¶
EncryptionContext represents a map of string key-value pairs that are used to store contextual information for encryption operations.
func (EncryptionContext) Serialize ¶
func (ec EncryptionContext) Serialize() []byte
Serialize transforms the EncryptionContext into a byte slice. The serialized format prepends the length of each key and value as a 2-byte big-endian integer. Keys are sorted to ensure deterministic output. The function accounts for the additional keyValueBytes for each key-value pair when estimating the buffer size to minimize reallocations.
The serialization format is as follows for each key-value pair:
[keyLength][key][valueLength][value] - keyLength: 2 bytes representing the length of the key as a big-endian integer - key: actual bytes of the key - valueLength: 2 bytes representing the length of the value as a big-endian integer - value: actual bytes of the value
Serialization ensures that keys are sorted and the output is consistent for the same EncryptionContext content.
Returns:
[]byte: A byte slice representing the serialized EncryptionContext.
Example:
ec := EncryptionContext{"user": "Alice", "purpose": "encryption"}
serialized := ec.Serialize()
The output will be a byte slice with each key-value pair preceded by their lengths.
Source Files
Click to show internal directories.
Click to hide internal directories.