cryptoutil

package
v0.85.0-pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2026 License: BSD-3-Clause Imports: 11 Imported by: 0

Documentation

Overview

Package cryptoutil provides utility functions for cryptographic operations. It is the consumer's responsibility to ensure that inputs are reasonably sized so as to avoid memory exhaustion attacks.

Index

Constants

View Source 
const KeySize = 32

Variables

View Source 
var (
	ErrSecretKeyIsNil     = errors.New("secret key is nil")
	ErrCipherTextTooShort = errors.New("ciphertext too short")
	ErrHMACInvalid        = errors.New("HMAC is invalid")
)

Functions

func DecryptSymmetricAESGCM 

func DecryptSymmetricAESGCM(encryptedMsg []byte, secretKey Key32) ([]byte, error)

DecryptSymmetricAESGCM decrypts a message using AES-256-GCM.

func DecryptSymmetricGeneric 

func DecryptSymmetricGeneric(
	toAEADFunc ToAEADFunc,
	ciphertext []byte,
	secretKey Key32,
) ([]byte, error)

DecryptSymmetricGeneric decrypts a message using a generic AEAD function.

func DecryptSymmetricXChaCha20Poly1305 

func DecryptSymmetricXChaCha20Poly1305(encryptedMsg []byte, secretKey Key32) ([]byte, error)

DecryptSymmetricXChaCha20Poly1305 decrypts a message using XChaCha20-Poly1305.

func EncryptSymmetricAESGCM 

func EncryptSymmetricAESGCM(msg []byte, secretKey Key32) ([]byte, error)

EncryptSymmetricAESGCM encrypts a message using AES-256-GCM.

func EncryptSymmetricGeneric 

func EncryptSymmetricGeneric(
	toAEADFunc ToAEADFunc,
	msg []byte,
	secretKey Key32,
) ([]byte, error)

EncryptSymmetricGeneric encrypts a message using a generic AEAD function.

func EncryptSymmetricXChaCha20Poly1305 

func EncryptSymmetricXChaCha20Poly1305(msg []byte, secretKey Key32) ([]byte, error)

EncryptSymmetricXChaCha20Poly1305 encrypts a message using XChaCha20-Poly1305.

func FromKey32 

func FromKey32(key Key32) ([]byte, error)

func HmacSha256 

func HmacSha256(msg []byte, key []byte) ([]byte, error)

HmacSha256 computes the HMAC-SHA-256 of a message using secret key. As a security precaution, returns an error if the key is nil or empty. If this isn't what you want, use the standard library directly.

func RandomBytes 

func RandomBytes(byteLen int) ([]byte, error)

Random returns a slice of cryptographically random bytes of length byteLen.

func Sha256Hash 

func Sha256Hash(msg []byte) []byte

Sha256Hash returns the SHA-256 hash of a message as a byte slice.

func SignSymmetric 

func SignSymmetric(msg []byte, secretKey Key32) ([]byte, error)

SignSymmetric signs a message using a symmetric key. It is a convenience wrapper around the nacl/auth package, which uses HMAC-SHA-512-256.

func ValidateHmacSha256 

func ValidateHmacSha256(attemptedMsg, attemptedKey, knownGoodMAC []byte) (bool, error)

ValidateHmacSha256 constant-time compares the HMAC-SHA-256 of an attempted message and attempted key against a known good MAC. Returns true if the resulting MAC is valid and false if it is not. Does NOT necessarily return an error if the MAC is invalid, so callers must rely on the boolean return value to determine validity.

func VerifyAndReadAsymmetric 

func VerifyAndReadAsymmetric(signedMsg []byte, publicKey Key32) ([]byte, error)

VerifyAndReadAsymmetric verifies a signed message using an Ed25519 public key and returns the original message.

func VerifyAndReadAsymmetricBase64 

func VerifyAndReadAsymmetricBase64(signedMsg, publicKey Base64) ([]byte, error)

VerifyAndReadAsymmetricBase64 verifies a signed message using a base64 encoded Ed25519 public key and returns the original message.

func VerifyAndReadSymmetric 

func VerifyAndReadSymmetric(signedMsg []byte, secretKey Key32) ([]byte, error)

VerifyAndReadSymmetric verifies a signed message using a symmetric key and returns the original message. It is a convenience wrapper around the nacl/auth package, which uses HMAC-SHA-512-256.

Types

type Base64 

type Base64 = string

type Key32 

type Key32 = *[KeySize]byte

Alias for a pointer to a size 32 byte array.

func HkdfSha256 

func HkdfSha256(secretKey Key32, salt []byte, info string) (Key32, error)

HkdfSha256 derives a new cryptographic key from a 32-byte secret key using HKDF. It uses SHA-256 as the hash function and returns a 32-byte key. Salt and/or info can be nil.

func ToKey32 

func ToKey32(b []byte) (Key32, error)

type ToAEADFunc 

type ToAEADFunc func(secretKey Key32) (cipher.AEAD, error)
var ToAEADFuncAESGCM ToAEADFunc = func(secretKey Key32) (cipher.AEAD, error) {
	block, err := aes.NewCipher(secretKey[:])
	if err != nil {
		return nil, err
	}

	return cipher.NewGCM(block)
}

ToAEADFuncAESGCM returns an AEAD function for AES-256-GCM. 

var ToAEADFuncXChaCha20Poly1305 ToAEADFunc = func(secretKey Key32) (cipher.AEAD, error) {
	return chacha20poly1305.NewX(secretKey[:])
}

ToAEADFuncXChaCha20Poly1305 returns an AEAD function for XChaCha20-Poly1305.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.