hpke

package module
v0.0.0-...-04a2aa8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2019 License: BSD-3-Clause Imports: 15 Imported by: 0

README

Go Doc Reference Build Status Go Report Card

HPKE: Hybrid Public Key Encryption

This project implements the CFRG's draft-barnes-cfrg-hpke-01, Hybrid Public Key Encryption (HPKE). This branch differs from the original draft in the nonce generation for AEAD. Rather than stateful deriving of the nonce, this branch randomly generates the nonce and appends in the beggining of the ciphertext . For the original stateful implementation, look for branch draft-01.

Authentication modes

Referenced from section 6:

  • BASE Encryption to a Public Key: the most basic function of an HPKE scheme is to enable encryption for the holder of a given KEM private key.
  • PSK Authentication using a Pre-Shared Key: This variant extends the base mechansism by allowing the recipient to authenticate that the sender possessed a given pre-shared key (PSK). We assume that both parties have been provisioned with both the PSK value "psk" and another octet string "pskID" that is used to identify which PSK should be used.
  • AUTH Authentication using an Asymmetric Key: This variant extends the base mechansism by allowing the recipient to authenticate that the sender possessed a given KEM private key. In other words, only two people could have produced this secret, so if the recipient is one, then the sender must be the other.

Ciphersuite configuration

Configuration Name DH Group KDF AEAD
<mode>_X25519_SHA256_AES_GCM_128 Curve25519 HKDF-SHA256 AES-GCM-128
<mode>_X25519_SHA256_ChaCha20Poly1305 Curve25519 HKDF-SHA256 ChaCha20Poly1305
<mode>_X25519_SHA256_XChaCha20Blake2bSIV Curve25519 HKDF-SHA256 XChaCha20Blake2b
<mode>_P256_SHA256_AES_GCM_128 P-256 HKDF-SHA256 AES-GCM-128
<mode>_P256_SHA256_ChaCha20Poly1305 P-256 HKDF-SHA256 ChaCha20Poly1305
<mode>_P256_SHA256_XChaCha20Blake2bSIV P-256 HKDF-SHA256 XChaCha20Blake2b
<mode>_P521_SHA512_AES_GCM_256 P-521 HKDF-SHA512 AES-GCM-256
<mode>_P521_SHA512_ChaCha20Poly1305 P-521 HKDF-SHA512 ChaCha20Poly1305
<mode>_P521_SHA256_XChaCha20Blake2bSIV P-521 HKDF-SHA512 XChaCha20Blake2b

See section 6 for reference.

On top of the AEAD primitives from the draft, implements one more (experimental) AEAD construction with XChaCha20Blake2b in the synthetic IV construction (i.e. no nonce)

Examples: BASE_X25519_SHA256_AES_GCM_128, PSK_P256_SHA256_ChaCha20Poly1305, AUTH_P521_SHA512_ChaCha20Poly1305

Install
  • Run go get -u https://github.com/danielhavir/go-hpke

Example

package main

import (
    "bytes"
    "crypto/rand"
    "fmt"

    hpke "github.com/danielhavir/go-hpke"
)

func main() {
    params, _ := hpke.GetParams(hpke.BASE_X25519_SHA256_XChaCha20Blake2bSIV)

    random := rand.Reader
    prv, pub, err := hpke.GenerateKeyPair(params, random)
    if err != nil {
        panic(fmt.Sprintf("failed to generate key pair: %s\n", err))
    }

    msg := []byte("Oh so very secret!")

    ciphertext, ephemeral, err := hpke.EncryptBase(params, random, pub, msg, nil)
    if err != nil {
        panic(fmt.Sprintf("failed to encrypt message: %s\n", err))
    }

    plaintext, err := hpke.DecryptBase(params, prv, ephemeral, ciphertext, nil)
    if err != nil {
        panic(fmt.Sprintf("failed to decrypt ciphertext: %s\n", err))
    }

    if !bytes.Equal(msg, plaintext) {
        panic("authentication failed")
    } else {
        fmt.Println("all good")
    }
}

References

Documentation

Index

Constants

View Source 
const (
	BASE_P256_SHA256_AES_GCM_128 byte = iota
	BASE_P256_SHA256_ChaCha20Poly1305
	PSK_P256_SHA256_AES_GCM_128
	PSK_P256_SHA256_ChaCha20Poly1305
	AUTH_P256_SHA256_AES_GCM_128
	AUTH_P256_SHA256_ChaCha20Poly1305
	BASE_X25519_SHA256_AES_GCM_128
	BASE_X25519_SHA256_ChaCha20Poly1305
	PSK_X25519_SHA256_AES_GCM_128
	PSK_X25519_SHA256_ChaCha20Poly1305
	AUTH_X25519_SHA256_AES_GCM_128
	AUTH_X25519_SHA256_ChaCha20Poly1305
	BASE_P521_SHA512_AES_GCM_256
	BASE_P521_SHA512_ChaCha20Poly1305
	PSK_P521_SHA512_AES_GCM_256
	PSK_P521_SHA512_ChaCha20Poly1305
	AUTH_P521_SHA512_AES_GCM_256
	AUTH_P521_SHA512_ChaCha20Poly1305

	BASE_P256_SHA256_XChaCha20Blake2bSIV
	PSK_P256_SHA256_XChaCha20Blake2bSIV
	AUTH_P256_SHA256_XChaCha20Blake2bSIV
	BASE_X25519_SHA256_XChaCha20Blake2bSIV
	PSK_X25519_SHA256_XChaCha20Blake2bSIV
	AUTH_X25519_SHA256_XChaCha20Blake2bSIV
	BASE_P521_SHA256_XChaCha20Blake2bSIV
	PSK_P521_SHA256_XChaCha20Blake2bSIV
	AUTH_P521_SHA256_XChaCha20Blake2bSIV
)

Variables

This section is empty.

Functions

func DecryptAuth 

func DecryptAuth(params *Params, skR crypto.PrivateKey, pkI crypto.PublicKey, enc, ct, aad []byte) (pt []byte, err error)

DecryptAuth is a function for decryption in the asymmetric key mode

func DecryptBase 

func DecryptBase(params *Params, skR crypto.PrivateKey, enc, ct, aad []byte) (pt []byte, err error)

DecryptBase is a function for decryption in the base mode

func DecryptPSK 

func DecryptPSK(params *Params, skR crypto.PrivateKey, enc, ct, aad, psk, pskID []byte) (pt []byte, err error)

DecryptPSK is a function for decryption in the pre-shared key mode

func EncryptAuth 

func EncryptAuth(params *Params, random io.Reader, pkR crypto.PublicKey, skI crypto.PrivateKey, pt, aad []byte) (ct, enc []byte, err error)

EncryptAuth is a function for encryption in the asymmetric key mode Optional arguments: 

`random` is optional. If `nil` crypto/rand.Reader is used
`aad` and `info` are optional.

func EncryptBase 

func EncryptBase(params *Params, random io.Reader, pkR crypto.PublicKey, pt, aad []byte) (ct, enc []byte, err error)

EncryptBase is a function for encryption in the base mode Optional arguments: 

`random` is optional. If `nil` crypto/rand.Reader is used
`aad` and `info` are optional.

func EncryptPSK 

func EncryptPSK(params *Params, random io.Reader, pkR crypto.PublicKey, pt, aad, psk, pskID []byte) (ct, enc []byte, err error)

EncryptPSK is a function for encryption in the pre-shared key mode Optional arguments: 

`random` is optional. If `nil` crypto/rand.Reader is used
`aad` and `info` are optional.

func GenerateKeyPair 

func GenerateKeyPair(params *Params, random io.Reader) (private crypto.PrivateKey, public crypto.PublicKey, err error)

GenerateKeyPair generates a key pair for a given parameter set. Argument `random` is optional. If `nil` crypto/rand.Reader is used

func Marshall 

func Marshall(params *Params, key interface{}) (keyBytes []byte, err error)

Marshall produces a fixed-length octet string encoding the public key "pk" checks whether a generic interface matches the right type of a HPKE public key performs casting from crypto.PublicKey to ecdh.Point (when using public key of generic curves) or byte array Reference 1: https://github.com/aead/ecdh/blob/master/generic.go#L99-L121 Reference 2: https://github.com/aead/ecdh/blob/master/curve25519.go#L88-L108

func MarshallPrivate 

func MarshallPrivate(params *Params, key interface{}) (keyBytes []byte, err error)

MarshallPrivate a fixed-length octet string encoding the private key

func Unmarshall 

func Unmarshall(params *Params, keyBytes []byte) (pub crypto.PublicKey, err error)

Unmarshall parses a fixed-length octet string to recover a public key restores the public key from byte array after marshall

func UnmarshallPrivate 

func UnmarshallPrivate(params *Params, keyBytes []byte) (prv crypto.PrivateKey, err error)

UnmarshallPrivate parses a fixed-length octet string to recover a private key restores the private key from byte array after marshall

Types

type Params 

type Params struct {
	PubKeySize int
	PrvKeySize int
	// contains filtered or unexported fields
}

Params is a struct for parameters

func GetParams 

func GetParams(mode byte) (*Params, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.