Documentation
¶
Overview ¶
Package tinkcrypto provides the default implementation of the common pkg/common/api/crypto.Crypto interface and the SPI pkg/framework/aries.crypto interface
It uses github.com/tink/go crypto primitives
Index ¶
- Constants
- type Crypto
- func (t *Crypto) ComputeMAC(data []byte, kh interface{}) ([]byte, error)
- func (t *Crypto) Decrypt(cipher, aad, nonce []byte, kh interface{}) ([]byte, error)
- func (t *Crypto) Encrypt(msg, aad []byte, kh interface{}) ([]byte, []byte, error)
- func (t *Crypto) Sign(msg []byte, kh interface{}) ([]byte, error)
- func (t *Crypto) UnwrapKey(recWK *cryptoapi.RecipientWrappedKey, recipientKH interface{}, ...) ([]byte, error)
- func (t *Crypto) Verify(sig, msg []byte, kh interface{}) error
- func (t *Crypto) VerifyMAC(macBytes, data []byte, kh interface{}) error
- func (t *Crypto) WrapKey(cek, apu, apv []byte, recPubKey *cryptoapi.PublicKey, ...) (*cryptoapi.RecipientWrappedKey, error)
Constants ¶
const ( // ECDHESA256KWAlg is the ECDH-ES with AES-GCM 256 key wrapping algorithm. ECDHESA256KWAlg = "ECDH-ES+A256KW" // ECDH1PUA256KWAlg is the ECDH-1PU with AES-GCM 256 key wrapping algorithm. ECDH1PUA256KWAlg = "ECDH-1PU+A256KW" // ECDHESXC20PKWAlg is the ECDH-ES with XChacha20Poly1305 key wrapping algorithm. ECDHESXC20PKWAlg = "ECDH-ES+XC20PKW" // ECDH1PUXC20PKWAlg is the ECDH-1PU with XChacha20Poly1305 key wrapping algorithm. ECDH1PUXC20PKWAlg = "ECDH-1PU+XC20PKW" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Crypto ¶
type Crypto struct {
// contains filtered or unexported fields
}
Crypto is the default Crypto SPI implementation using Tink.
func (*Crypto) ComputeMAC ¶
ComputeMAC computes message authentication code (MAC) for code data using a matching MAC primitive in kh key handle.
func (*Crypto) Decrypt ¶
Decrypt will decrypt cipher using the implementation's corresponding encryption key referenced by kh of a private key.
func (*Crypto) Encrypt ¶
Encrypt will encrypt msg using the implementation's corresponding encryption key and primitive in kh of a public key.
func (*Crypto) Sign ¶
Sign will sign msg using the implementation's corresponding signing key referenced by kh of a private key.
func (*Crypto) UnwrapKey ¶
func (t *Crypto) UnwrapKey(recWK *cryptoapi.RecipientWrappedKey, recipientKH interface{}, wrapKeyOpts ...cryptoapi.WrapKeyOpts) ([]byte, error)
UnwrapKey unwraps a key in recWK using ECDH (ES or 1PU) with recipient private key kh. This function is used with the following parameters:
- Key Unwrapping: `ECDH-ES` (no options) or `ECDH-1PU` (using crypto.WithSender() option in wrapKeyOpts) over either `A256KW` alg (AES256-GCM, when recWK.alg is either ECDH-ES+A256KW or ECDH-1PU+A256KW) as per https://tools.ietf.org/html/rfc7518#appendix-A.2 or `XC20PKW` alg (XChacha20Poly1305, when recWK.alg is either ECDH-ES+XC20PKW or ECDH-1PU+XC20PKW).
- KDF (based on recWk.EPK.KeyType): `Concat KDF` as per https://tools.ietf.org/html/rfc7518#section-4.6 (for type value as EC) or `Curve25519`+`Concat KDF` as per https://tools.ietf.org/html/rfc7748#section-6.1 (for type value as OKP, ie X25519 key).
returns the resulting unwrapping key or error in case of unwrapping failure.
Notes: 1- if the crypto.WithSender() option was used in WrapKey(), then it must be set here as well for successful key
unwrapping.
2- unwrapping a key with recWK.alg value set as either `ECDH-1PU+A256KW` or `ECDH-1PU+XC20PKW` requires the use of
crypto.WithSender() option (containing the sender public key) in order to execute ECDH-1PU derivation.
3- the ephemeral key in recWK.EPK must have the same KeyType as the recipientKH and the same Curve for NIST P
curved keys. Unwrapping a key with non matching types/curves will result in unwrapping failure.
4- recipientKH must contain the private key since unwrapping is usually done on the recipient side.
func (*Crypto) Verify ¶
Verify will verify sig signature of msg using the implementation's corresponding signing key referenced by kh of a public key.
func (*Crypto) VerifyMAC ¶
VerifyMAC determines if mac is a correct authentication code (MAC) for data using a matching MAC primitive in kh key handle and returns nil if so, otherwise it returns an error.
func (*Crypto) WrapKey ¶
func (t *Crypto) WrapKey(cek, apu, apv []byte, recPubKey *cryptoapi.PublicKey, wrapKeyOpts ...cryptoapi.WrapKeyOpts) (*cryptoapi.RecipientWrappedKey, error)
WrapKey will do ECDH (ES or 1PU) key wrapping of cek using apu, apv and recipient public key 'recPubKey'. This function is used with the following parameters:
- Key Wrapping: `ECDH-ES` (no options) or `ECDH-1PU` (using crypto.WithSender() option in wrapKeyOpts) over either `A256KW` alg (AES256-GCM, default with no options) as per https://tools.ietf.org/html/rfc7518#appendix-A.2 or `XC20PKW` alg (XChacha20Poly1305, using crypto.WithXC20PKW() option in wrapKeyOpts).
- KDF (based on recPubKey.Curve): `Concat KDF` as per https://tools.ietf.org/html/rfc7518#section-4.6 (for recPubKey with NIST P curves) or `Curve25519`+`Concat KDF` as per https://tools.ietf.org/html/rfc7748#section-6.1 (for recPubKey with X25519 curve).
returns the resulting key wrapping info as *composite.RecipientWrappedKey or error in case of wrapping failure.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
primitive
|
|
|
composite/ecdh
Package ecdh provides implementations of payload encryption using ECDH-ES/1PU KW key wrapping with AEAD primitives.
|
Package ecdh provides implementations of payload encryption using ECDH-ES/1PU KW key wrapping with AEAD primitives. |