crypto

package
v0.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2017 License: BSD-2-Clause Imports: 10 Imported by: 0

Documentation

Overview

Package crypto provides all cryptographic operations needed in restic.

Index

Constants

View Source
const (

	// Extension is the number of bytes a plaintext is enlarged by encrypting it.
	Extension = ivSize + macSize
)

Variables

DefaultKDFParams are the default parameters used for Calibrate and KDF().

View Source
var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for plaintext")

ErrInvalidCiphertext is returned when trying to encrypt into the slice that holds the plaintext.

View Source
var (
	// ErrUnauthenticated is returned when ciphertext verification has failed.
	ErrUnauthenticated = errors.New("ciphertext verification failed")
)

Functions

func NewSalt

func NewSalt() ([]byte, error)

NewSalt returns new random salt bytes to use with KDF(). If NewSalt returns an error, this is a grave situation and the program must abort and terminate.

Types

type EncryptionKey

type EncryptionKey [32]byte

EncryptionKey is key used for encryption

func (*EncryptionKey) MarshalJSON

func (k *EncryptionKey) MarshalJSON() ([]byte, error)

MarshalJSON converts the EncryptionKey to JSON.

func (*EncryptionKey) UnmarshalJSON

func (k *EncryptionKey) UnmarshalJSON(data []byte) error

UnmarshalJSON fills the key k with data from the JSON representation.

func (*EncryptionKey) Valid

func (k *EncryptionKey) Valid() bool

Valid tests whether the key k is valid (i.e. not zero).

type KDFParams

type KDFParams struct {
	N int
	R int
	P int
}

KDFParams are the default parameters used for the key derivation function KDF().

func Calibrate

func Calibrate(timeout time.Duration, memory int) (KDFParams, error)

Calibrate determines new KDF parameters for the current hardware.

type Key

type Key struct {
	MACKey        `json:"mac"`
	EncryptionKey `json:"encrypt"`
}

Key holds encryption and message authentication keys for a repository. It is stored encrypted and authenticated as a JSON data structure in the Data field of the Key structure.

func KDF

func KDF(p KDFParams, salt []byte, password string) (*Key, error)

KDF derives encryption and message authentication keys from the password using the supplied parameters N, R and P and the Salt.

func NewRandomKey

func NewRandomKey() *Key

NewRandomKey returns new encryption and message authentication keys.

func (*Key) Decrypt

func (k *Key) Decrypt(plaintext []byte, ciphertextWithMac []byte) (int, error)

Decrypt verifies and decrypts the ciphertext. Ciphertext must be in the form IV || Ciphertext || MAC. plaintext and ciphertext may point to (exactly) the same slice.

func (*Key) Encrypt

func (k *Key) Encrypt(ciphertext []byte, plaintext []byte) ([]byte, error)

Encrypt encrypts and authenticates data. Stored in ciphertext is IV || Ciphertext || MAC. Encrypt returns the new ciphertext slice, which is extended when necessary. ciphertext and plaintext may not point to (exactly) the same slice or non-intersecting slices.

func (*Key) Valid

func (k *Key) Valid() bool

Valid tests if the key is valid.

type MACKey

type MACKey struct {
	K [16]byte // for AES-128
	R [16]byte // for Poly1305
	// contains filtered or unexported fields
}

MACKey is used to sign (authenticate) data.

func (*MACKey) MarshalJSON

func (m *MACKey) MarshalJSON() ([]byte, error)

MarshalJSON converts the MACKey to JSON.

func (*MACKey) UnmarshalJSON

func (m *MACKey) UnmarshalJSON(data []byte) error

UnmarshalJSON fills the key m with data from the JSON representation.

func (*MACKey) Valid

func (m *MACKey) Valid() bool

Valid tests whether the key k is valid (i.e. not zero).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL