subtle

package

v2.1.0 Latest Latest Go to latest Published: Dec 4, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tink-crypto/tink-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package subtle provides subtle implementations of the DeterministicAEAD primitive.

Index ¶

Constants
type AESSIV
- func NewAESSIV(key []byte) (*AESSIV, error)
- func (asc *AESSIV) DecryptDeterministically(ciphertext, associatedData []byte) ([]byte, error)
- func (asc *AESSIV) EncryptDeterministically(plaintext, associatedData []byte) ([]byte, error)

Constants ¶

View Source

const (
	// AESSIVKeySize is the key size in bytes.
	AESSIVKeySize = 64
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AESSIV ¶

type AESSIV struct {
	K1     []byte
	K2     []byte
	CmacK1 []byte
	CmacK2 []byte
	Cipher cipher.Block
}

AESSIV is an implementation of AES-SIV-CMAC as defined in https://tools.ietf.org/html/rfc5297.

AESSIV implements a deterministic encryption with associated data (i.e. the DeterministicAEAD interface). Hence the implementation below is restricted to one AD component.

Security Note:

Chatterjee, Menezes and Sarkar analyze AES-SIV in Section 5.1 of https://www.math.uwaterloo.ca/~ajmeneze/publications/tightness.pdf

Their analysis shows that AES-SIV is susceptible to an attack in a multi-user setting. Concretely, if an attacker knows the encryption of a message m encrypted and authenticated with k different keys, then it is possible to find one of the MAC keys in time 2^b / k where b is the size of the MAC key. A consequence of this attack is that 128-bit MAC keys give unsufficient security. Since 192-bit AES keys are not supported by tink for voodoo reasons and RFC 5297 only supports same size encryption and MAC keys this implies that keys must be 64 bytes (2*256 bits) long.

func NewAESSIV ¶

func NewAESSIV(key []byte) (*AESSIV, error)

NewAESSIV returns an AESSIV instance.

func (*AESSIV) DecryptDeterministically ¶

func (asc *AESSIV) DecryptDeterministically(ciphertext, associatedData []byte) ([]byte, error)

DecryptDeterministically deterministically decrypts ciphertext with associatedData.

func (*AESSIV) EncryptDeterministically ¶

func (asc *AESSIV) EncryptDeterministically(plaintext, associatedData []byte) ([]byte, error)

EncryptDeterministically deterministically encrypts plaintext with associatedData.

Source Files ¶

View all Source files

aes_siv.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL