cryptoutil

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2026 License: GPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const TransportProtocolVersion uint32 = 1

TransportProtocolVersion is the wire-format version of the sync transport handshake. Both peers MUST use the same value; mismatches abort the connection. The version is bound into the HPKE info string and every exporter label, so a peer running a different version cannot derive a matching session key even if the underlying ciphersuite is unchanged. Bump this whenever the on-wire handshake or KEM ciphersuite changes.

Variables

View Source 
var (
	DefaultIDBits = 256
)

Functions

func FormatPairingToken added in v1.13.0 

func FormatPairingToken(keyID, secret, instanceID string) string

FormatPairingToken formats the components into a pairing token string.

func GeneratePairingSecret added in v1.13.0 

func GeneratePairingSecret() (string, error)

GeneratePairingSecret generates a cryptographically random secret for use in a pairing token.

func GeneratePrivateKey added in v1.9.0 

func GeneratePrivateKey() (*v1.PrivateKey, error)

func MustRandomID 

func MustRandomID(bits int) string

func MustRandomUint64 

func MustRandomUint64() uint64

func RandomID 

func RandomID(bits int) (string, error)

func RandomUint64 

func RandomUint64() (uint64, error)

func TruncateID 

func TruncateID(id string, bits int) string

Types

type ParsedPairingToken added in v1.13.0 

type ParsedPairingToken struct {
	KeyID      string
	Secret     string
	InstanceID string
}

ParsedPairingToken holds the parsed components of a pairing token.

func ParsePairingToken added in v1.13.0 

func ParsePairingToken(token string) (*ParsedPairingToken, error)

ParsePairingToken parses a pairing token string into its components.

type PrivateKey added in v1.9.0 

type PrivateKey struct {
	*PublicKey
	// contains filtered or unexported fields
}

func NewPrivateKey added in v1.9.0 

func NewPrivateKey(privkey *v1.PrivateKey) (*PrivateKey, error)

func (*PrivateKey) PrivateKeyProto added in v1.9.0 

func (pk *PrivateKey) PrivateKeyProto() *v1.PrivateKey

func (*PrivateKey) Sign added in v1.9.0 

func (pk *PrivateKey) Sign(message []byte) ([]byte, error)

type PublicKey added in v1.9.0 

type PublicKey struct {
	// contains filtered or unexported fields
}

func NewPublicKey added in v1.9.0 

func NewPublicKey(pubkey *v1.PublicKey) (*PublicKey, error)

func (*PublicKey) KeyID added in v1.9.0 

func (pk *PublicKey) KeyID() string

func (*PublicKey) PublicKeyProto added in v1.9.0 

func (pk *PublicKey) PublicKeyProto() *v1.PublicKey

func (*PublicKey) Verify added in v1.9.0 

func (pk *PublicKey) Verify(message, sig []byte) error

type TransportRecipient added in v1.13.0 

type TransportRecipient struct {
	// contains filtered or unexported fields
}

TransportRecipient is the initiator side of the handshake. The initiator generates an ephemeral KEM keypair, sends its public key, and receives the encapsulation from the responder before deriving the session.

func NewTransportRecipient added in v1.13.0 

func NewTransportRecipient() (*TransportRecipient, []byte, error)

NewTransportRecipient generates an ephemeral KEM keypair for the initiator side of the transport handshake. It returns the recipient state and the raw bytes of the public key that should be sent to the peer.

func (*TransportRecipient) Decapsulate added in v1.13.0 

func (r *TransportRecipient) Decapsulate(enc []byte) (*TransportSession, error)

Decapsulate consumes the encapsulation bytes received from the responder and returns the initiator's session.

type TransportSession added in v1.13.0 

type TransportSession struct {
	Send cipher.AEAD
	Recv cipher.AEAD
	// contains filtered or unexported fields
}

TransportSession is the result of a successful handshake: a pair of one-way AEADs plus a transcript hash for higher-layer identity authentication.

Send is for outbound traffic, Recv for inbound. The two AEADs hold independent keys derived from distinct HPKE exporter labels, so callers may use any nonce discipline (a counter starting at zero is recommended) without risk of cross-direction reuse.

Identity authentication is the responsibility of the caller. A higher layer that performs ed25519 (or any other) identity verification should have each peer sign Transcript() under its long-term key and exchange the signatures over the encrypted channel; verifying that signature is what defeats a MITM that completes a separate KEM with each side, since the two legs of the MITM produce different transcripts and the legitimate peer's signature only commits to its own transcript.

func EncapsulateToTransport added in v1.13.0 

func EncapsulateToTransport(peerPubBytes []byte) (enc []byte, _ *TransportSession, _ error)

EncapsulateToTransport is the responder side of the handshake. Given the initiator's serialized public key bytes, it returns the encapsulation to send back and the responder's session.

func (*TransportSession) Transcript added in v1.13.0 

func (s *TransportSession) Transcript() []byte

Transcript returns a hash that commits to the protocol version, the initiator's ephemeral KEM public key, and the encapsulation. Both peers compute the identical value. Sign this with your identity key and send the signature to the peer to authenticate the channel.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.