Documentation
¶
Overview ¶
Package subtle provides subtle implementations of the AEAD primitive.
Index ¶
Constants ¶
const ( // AESGCMIVSize is the only IV size that this implementation supports. AESGCMIVSize = 12 // AESGCMTagSize is the only tag size that this implementation supports. AESGCMTagSize = 16 )
const (
// AESCTRMinIVSize is the minimum IV size that this implementation supports.
AESCTRMinIVSize = 12
)
const (
// AESGCMSIVNonceSize is the acceptable IV size defined by RFC 8452.
AESGCMSIVNonceSize = 12
)
const (
// PolyvalBlockSize is the block size (in bytes) that POLYVAL uses.
PolyvalBlockSize = 16
)
Variables ¶
var AESGCMSIVKeySizes = [...]uint32{16, 32}
AESGCMSIVKeySizes is an array of byte lengths of keys acceptable by the AES-GCM-SIV algorithm.
Functions ¶
func ValidateAESKeySize ¶
ValidateAESKeySize checks if the given key size is a valid AES key size.
Types ¶
type AESCTR ¶
AESCTR is an implementation of AEAD interface.
func NewAESCTR ¶
NewAESCTR returns an AESCTR instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256. ivSize specifies the size of the IV in bytes.
type AESGCM ¶
type AESGCM struct {
Key []byte
}
AESGCM is an implementation of AEAD interface.
func NewAESGCM ¶
NewAESGCM returns an AESGCM instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256.
type AESGCMSIV ¶ added in v1.6.0
type AESGCMSIV struct {
Key []byte
}
AESGCMSIV is an implementation of AEAD interface.
func NewAESGCMSIV ¶ added in v1.6.0
NewAESGCMSIV returns an AESGCMSIV instance. The key argument should be the AES key, either 16 or 32 bytes to select AES-128 or AES-256.
func (*AESGCMSIV) Decrypt ¶ added in v1.6.0
Decrypt decrypts ct with aad as the additional-authenticated-data.
type ChaCha20Poly1305 ¶
type ChaCha20Poly1305 struct {
Key []byte
}
ChaCha20Poly1305 is an implementation of AEAD interface.
func NewChaCha20Poly1305 ¶
func NewChaCha20Poly1305(key []byte) (*ChaCha20Poly1305, error)
NewChaCha20Poly1305 returns an ChaCha20Poly1305 instance. The key argument should be a 32-bytes key.
func (*ChaCha20Poly1305) Decrypt ¶
func (ca *ChaCha20Poly1305) Decrypt(ct []byte, aad []byte) ([]byte, error)
Decrypt decrypts {@code ct} with {@code aad} as the additionalauthenticated data.
func (*ChaCha20Poly1305) Encrypt ¶
func (ca *ChaCha20Poly1305) Encrypt(pt []byte, aad []byte) ([]byte, error)
Encrypt encrypts {@code pt} with {@code aad} as additional authenticated data. The resulting ciphertext consists of two parts: (1) the nonce used for encryption and (2) the actual ciphertext.
type EncryptThenAuthenticate ¶
type EncryptThenAuthenticate struct {
// contains filtered or unexported fields
}
EncryptThenAuthenticate performs an encrypt-then-MAC operation on plaintext and additional authenticated data (aad). The MAC is computed over (aad || ciphertext || size of aad). This implementation is based on http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05.
func NewEncryptThenAuthenticate ¶
func NewEncryptThenAuthenticate(indCPACipher INDCPACipher, mac tink.MAC, tagSize int) (*EncryptThenAuthenticate, error)
NewEncryptThenAuthenticate returns a new instance of EncryptThenAuthenticate.
func (*EncryptThenAuthenticate) Decrypt ¶
func (e *EncryptThenAuthenticate) Decrypt(ciphertext, additionalData []byte) ([]byte, error)
Decrypt decrypts ciphertext with additionalData as additional authenticated data.
func (*EncryptThenAuthenticate) Encrypt ¶
func (e *EncryptThenAuthenticate) Encrypt(plaintext, additionalData []byte) ([]byte, error)
Encrypt encrypts plaintext with additionalData as additional authenticated data. The resulting ciphertext allows for checking authenticity and integrity of additional data, but does not guarantee its secrecy.
The plaintext is encrypted with an INDCPACipher, then MAC is computed over (additionalData || ciphertext || n) where n is additionalData's length in bits represented as a 64-bit bigendian unsigned integer. The final ciphertext format is (IND-CPA ciphertext || mac).
type INDCPACipher ¶
type INDCPACipher interface {
// Encrypt encrypts plaintext. The resulting ciphertext is indistinguishable under
// chosen-plaintext attack. However, it does not have integrity protection.
Encrypt(plaintext []byte) ([]byte, error)
// Decrypt decrypts ciphertext and returns the resulting plaintext.
Decrypt(ciphertext []byte) ([]byte, error)
}
INDCPACipher provides an interface for symmetric key ciphers that are indistinguishable against chosen-plaintext attacks. Said primitives do not provide authentication, thus should not be used directly, but only to construct safer primitives such as AEAD.
type Polyval ¶ added in v1.6.0
type Polyval interface {
// update the accumulator in the object with the blocks from data. If data
// is not a multiple of 16 bytes, it is automatically zero padded.
Update(data []byte)
// finish completes the polyval computation and returns the result.
Finish() [PolyvalBlockSize]byte
}
Polyval (RFC 8452) is a universal hash function which operates on GF(2^128) and can be used for constructing a Message Authentication Code (MAC). See Section 3 of go/rfc/8452 for definition.
func NewPolyval ¶ added in v1.6.0
NewPolyval returns a Polyval instance.
type XChaCha20Poly1305 ¶
type XChaCha20Poly1305 struct {
Key []byte
}
XChaCha20Poly1305 is an implementation of AEAD interface.
func NewXChaCha20Poly1305 ¶
func NewXChaCha20Poly1305(key []byte) (*XChaCha20Poly1305, error)
NewXChaCha20Poly1305 returns an XChaCha20Poly1305 instance. The key argument should be a 32-bytes key.
func (*XChaCha20Poly1305) Decrypt ¶
func (x *XChaCha20Poly1305) Decrypt(ct []byte, aad []byte) ([]byte, error)
Decrypt decrypts {@code ct} with {@code aad} as the additionalauthenticated data.
func (*XChaCha20Poly1305) Encrypt ¶
func (x *XChaCha20Poly1305) Encrypt(pt []byte, aad []byte) ([]byte, error)
Encrypt encrypts {@code pt} with {@code aad} as additional authenticated data. The resulting ciphertext consists of two parts: (1) the nonce used for encryption and (2) the actual ciphertext.
Source Files