ecego

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2022 License: MIT Imports: 10 Imported by: 1

README

ecego

go.dev reference codecov Go Report Card

Encrypted Content Encoding implementation in Go to operate with encrypted webpush payloads.

Implemented modes:

  • aes128gcm (RFC 8188)
  • aesgcm (draft-ietf-webpush-encryption-04)
  • aesgcm128 (draft-ietf-webpush-encryption-03)

Documentation

Index

Constants

View Source 
const (
	KeySize = aes.BlockSize
	// NonceSize is standard nonce size for GCM (unexported in cipher package)
	NonceSize = 12
	// TagSize is standard auth tag size for GCM (unexported in cipher package)
	TagSize = 16
)
View Source 
const (
	DefaultRecordSize uint32 = 4096
	DefaultKeyLabel   string = "P-256"
)

Variables

View Source 
var (
	ErrInvalidDH      = fmt.Errorf("dh sequence is invalid")
	ErrTruncated      = fmt.Errorf("content truncated")
	ErrInvalidPadding = fmt.Errorf("invalid padding")
)
View Source 
var (
	ErrKeyIDTooLong       = fmt.Errorf("keyID too long")
	ErrTooSmallRecordSize = fmt.Errorf("record size too small")
	ErrPaddingToRecord    = fmt.Errorf("unable to pad to record size")
)
View Source 
var (
	ErrInvalidKeySize  = fmt.Errorf("invalid static key length")
	ErrInvalidSaltSize = fmt.Errorf("invaild salt size")
)

Functions

func NewGCM 

func NewGCM(key []byte) (cipher.AEAD, error)

Types

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

Engine represents encryption and decryption engine

func NewEngine 

func NewEngine(keyLookupFunc KeyLookupFunc, options ...EngineOption) *Engine

NewEngine constructs an ecego engine. keyLookupFunc may be nil if only static key encryption will used.

func (*Engine) Decrypt 

func (e *Engine) Decrypt(content, target []byte, params OperationalParams) ([]byte, error)

Decrypt takes input cipher text, decrypts it using provided parameters and appends result to target

func (*Engine) Encrypt 

func (e *Engine) Encrypt(content, target []byte, params OperationalParams) ([]byte, error)

Encrypt takes input plain text, encrypts it using provided parameters and appends result to target

type EngineOption 

type EngineOption interface {
	// contains filtered or unexported methods
}

func WithAuthSecret 

func WithAuthSecret(authSecret []byte) EngineOption

WithAuthSecret specifies auth secret for shared key derivation

func WithKeyLabel 

func WithKeyLabel(keyLabel string) EngineOption

WithKeyLabel sets a key label to use

type KeyLookupFunc 

type KeyLookupFunc func(keyID []byte) *ecdsa.PrivateKey

KeyLookupFunc is a function that fetches a private key by provided keyID It must always return non-nil value even if input is nil

func SingleKey 

func SingleKey(key *ecdsa.PrivateKey) KeyLookupFunc

type OperationalParams 

type OperationalParams struct {
	Version    Version
	Salt       []byte
	DH         []byte
	StaticKey  []byte // If provided will be used instead of key derivation
	KeyID      []byte
	RecordSize uint32 // DefaultRecordSize used if not provided
	Pad        uint32
}

type Version 

type Version string

Version determines encoding mode 

const (
	// AES128GCM is a newest and recommended for usage, also used as default if not specified explicitly
	AES128GCM Version = "aes128gcm"

	// AESGCM is a widely used version (i.e. in Firebase Cloud Messaging)
	AESGCM Version = "aesgcm"

	// AESGCM128 is a legacy version but sometimes used
	AESGCM128 Version = "aesgcm128"
)

Available content-encoding versions

func (Version) PaddingSize 

func (v Version) PaddingSize() int

func (Version) String 

func (v Version) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.