package subtle
import "github.com/google/tink/go/streamingaead/subtle"
Package subtle provides subtle implementations of the Streaming AEAD primitive.
Index ¶
- Constants
- type AESCTRHMAC
- func NewAESCTRHMAC( mainKey []byte, hkdfAlg string, keySizeInBytes int, tagAlg string, tagSizeInBytes int, ciphertextSegmentSize int, firstSegmentOffset int, ) (*AESCTRHMAC, error)
- func (a *AESCTRHMAC) HeaderLength() int
- func (a *AESCTRHMAC) NewDecryptingReader(r io.Reader, aad []byte) (io.Reader, error)
- func (a *AESCTRHMAC) NewEncryptingWriter(w io.Writer, aad []byte) (io.WriteCloser, error)
- type AESGCMHKDF
- func NewAESGCMHKDF( mainKey []byte, hkdfAlg string, keySizeInBytes int, ciphertextSegmentSize int, firstSegmentOffset int, ) (*AESGCMHKDF, error)
- func (a *AESGCMHKDF) HeaderLength() int
- func (a *AESGCMHKDF) NewDecryptingReader(r io.Reader, aad []byte) (io.Reader, error)
- func (a *AESGCMHKDF) NewEncryptingWriter(w io.Writer, aad []byte) (io.WriteCloser, error)
Constants ¶
const ( // AESCTRHMACNonceSizeInBytes is the size of the nonces used as IVs for CTR. AESCTRHMACNonceSizeInBytes = 16 // AESCTRHMACNoncePrefixSizeInBytes is the size of the nonce prefix. AESCTRHMACNoncePrefixSizeInBytes = 7 // AESCTRHMACKeySizeInBytes is the size of the HMAC key. AESCTRHMACKeySizeInBytes = 32 )
const ( // AESGCMHKDFNonceSizeInBytes is the size of the nonces used for GCM. AESGCMHKDFNonceSizeInBytes = 12 // AESGCMHKDFNoncePrefixSizeInBytes is the size of the randomly generated // nonce prefix. AESGCMHKDFNoncePrefixSizeInBytes = 7 // AESGCMHKDFTagSizeInBytes is the size of the tags of each ciphertext // segment. AESGCMHKDFTagSizeInBytes = 16 )
Types ¶
type AESCTRHMAC ¶
type AESCTRHMAC struct { MainKey []byte // contains filtered or unexported fields }
AESCTRHMAC implements streaming AEAD encryption using AES-CTR and HMAC.
Each ciphertext uses new AES-CTR and HMAC keys. These keys are derived using HKDF and are derived from the key derivation key, a randomly chosen salt of the same size as the key and a nonce prefix.
func NewAESCTRHMAC ¶
func NewAESCTRHMAC( mainKey []byte, hkdfAlg string, keySizeInBytes int, tagAlg string, tagSizeInBytes int, ciphertextSegmentSize int, firstSegmentOffset int, ) (*AESCTRHMAC, error)
NewAESCTRHMAC initializes an AESCTRHMAC primitive with a key derivation key and encryption parameters.
mainKey is input keying material used to derive sub keys.
hkdfAlg is a MAC algorithm name, e.g., HmacSha256, used for the HKDF key derivation.
keySizeInBytes is the key size of the sub keys.
tagAlg is the MAC algorithm name, e.g. HmacSha256, used for generating per segment tags.
tagSizeInBytes is the size of the per segment tags.
ciphertextSegmentSize is the size of ciphertext segments.
firstSegmentOffset is the offset of the first ciphertext segment.
func (*AESCTRHMAC) HeaderLength ¶
func (a *AESCTRHMAC) HeaderLength() int
HeaderLength returns the length of the encryption header.
func (*AESCTRHMAC) NewDecryptingReader ¶
NewDecryptingReader returns a wrapper around underlying io.Reader, such that any read-operation via the wrapper results in AEAD-decryption of the underlying ciphertext, using aad as associated authenticated data.
func (*AESCTRHMAC) NewEncryptingWriter ¶
func (a *AESCTRHMAC) NewEncryptingWriter(w io.Writer, aad []byte) (io.WriteCloser, error)
NewEncryptingWriter returns a wrapper around underlying io.Writer, such that any write-operation via the wrapper results in AEAD-encryption of the written data, using aad as associated authenticated data. The associated data is not included in the ciphertext and has to be passed in as parameter for decryption.
type AESGCMHKDF ¶
type AESGCMHKDF struct { MainKey []byte // contains filtered or unexported fields }
AESGCMHKDF implements streaming AEAD encryption using AES-GCM.
Each ciphertext uses a new AES-GCM key. These keys are derived using HKDF and are derived from the key derivation key, a randomly chosen salt of the same size as the key and a nonce prefix.
func NewAESGCMHKDF ¶
func NewAESGCMHKDF( mainKey []byte, hkdfAlg string, keySizeInBytes int, ciphertextSegmentSize int, firstSegmentOffset int, ) (*AESGCMHKDF, error)
NewAESGCMHKDF initializes a streaming primitive with a key derivation key and encryption parameters.
mainKey is an input keying material used to derive sub keys.
hkdfAlg is a MAC algorithm name, e.g., HmacSha256, used for the HKDF key derivation.
keySizeInBytes argument is a key size of the sub keys.
ciphertextSegmentSize argument is the size of ciphertext segments.
firstSegmentOffset argument is the offset of the first ciphertext segment.
func (*AESGCMHKDF) HeaderLength ¶
func (a *AESGCMHKDF) HeaderLength() int
HeaderLength returns the length of the encryption header.
func (*AESGCMHKDF) NewDecryptingReader ¶
NewDecryptingReader returns a wrapper around underlying io.Reader, such that any read-operation via the wrapper results in AEAD-decryption of the underlying ciphertext, using aad as associated authenticated data.
func (*AESGCMHKDF) NewEncryptingWriter ¶
func (a *AESGCMHKDF) NewEncryptingWriter(w io.Writer, aad []byte) (io.WriteCloser, error)
NewEncryptingWriter returns a wrapper around underlying io.Writer, such that any write-operation via the wrapper results in AEAD-encryption of the written data, using aad as associated authenticated data. The associated data is not included in the ciphertext and has to be passed in as parameter for decryption.
Source Files ¶
aes_ctr_hmac.go aes_gcm_hkdf.go subtle.go
Directories ¶
Path | Synopsis |
---|---|
streamingaead/subtle/noncebased | Package noncebased provides a reusable streaming AEAD framework. |
- Version
- v1.7.0 (latest)
- Published
- Aug 10, 2022
- Platform
- linux/amd64
- Imports
- 10 packages
- Last checked
- 3 months ago –
Tools for package owners.