crypto

package

v0.0.0-...-d7ad0b4 Latest Latest Go to latest Published: May 4, 2024 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bradenhc/kolob

Links

Open Source Insights

Documentation ¶

Overview ¶

---------------------------------------------------------------------------------------------- // -- Copyright (c) 2024 Braden Hitchcock - MIT License (https://opensource.org/licenses/MIT) -- // ---------------------------------------------------------------------------------------------- //

Index ¶

Constants
func CheckDataHash(data []byte, hash DataHash) bool
func CheckPasswordHash(password Password, hash PassHash) bool
func Decrypt(key Key, ciphertext []byte) (plaintext []byte, err error)
func Encrypt(key Key, plaintext []byte) (ciphertext []byte, err error)
type Agent
- func NewAgent[V any](key Key) Agent[V]
- func (a Agent[V]) Decrypt(edata []byte) (V, error)
- func (a Agent[V]) Encrypt(v V) ([]byte, error)
type DataHash
- func HashData(data []byte) DataHash
- func (h DataHash) String() string
type Key
- func NewDerivedKey(pass Password, salt Salt) Key
- func NewRandomKey() (Key, error)
- func (k Key) String() string
type PassHash
- func HashPassword(password Password) (PassHash, error)
- func (h PassHash) String() string
type Password
- func NewPassword(val string) (Password, error)
type Salt
- func LoadSalt(val []byte) (Salt, error)
- func NewSalt() (Salt, error)
- func (s Salt) String() string

Constants ¶

View Source

const (
	// Iterations is the number of iterations used when generating a key with PBKDF2.
	Iterations = 1000000

	// KeyLength is the length of the key generated by PBKDF2 for encrypting data.
	KeyLength = 32

	// SaltLength is the length of the salt used by PBKDF2 when generating a key.
	SaltLength = 32

	// MinPasswordLength is the minimum number of characters that must be contained in a
	// user-provided password.
	MinPasswordLength = 16

	// MaxPasswordLength is the maximum number of bytes a password can contain. This restriction is
	// imposed by the Bcrypt algorithm used to hash the password.
	MaxPasswordLength = 72

	// HashCost is the cost used by the Bcrypt algorithm when hashing a password.
	HashCost = 14
)

Variables ¶

This section is empty.

Functions ¶

func CheckDataHash ¶

func CheckDataHash(data []byte, hash DataHash) bool

CheckDataHash compares a slice of byte data with a hash using SHA-256. If using this algorithm to hash the provided data would produce the provided hash, then the function returns true. Otherwise the function returns false.

func CheckPasswordHash ¶

func CheckPasswordHash(password Password, hash PassHash) bool

HashPassword compares a plain-text password against a byte hash of a password hashed using the Bcrypt algorithm. If using Bcrypt to hash the provided password would produce a string equal to the provided hash, then the function returns true. Otherwise the function returns false.

See https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf for algorithm specifics.

func Decrypt ¶

func Decrypt(key Key, ciphertext []byte) (plaintext []byte, err error)

Decrypt uses AES-256 to decrypt the provided ciphertext and produce a newly allocated byte slice of the plaintext contents.

func Encrypt ¶

func Encrypt(key Key, plaintext []byte) (ciphertext []byte, err error)

Encrypt uses AES-256 to encrypt the provided plaintext and produce a newly allocated byte slice of ciphertext. The byte slice is only valid if err is nil.

Types ¶

type Agent ¶

type Agent[V any] struct {
	// contains filtered or unexported fields
}

func NewAgent ¶

func NewAgent[V any](key Key) Agent[V]

func (Agent[V]) Decrypt ¶

func (a Agent[V]) Decrypt(edata []byte) (V, error)

func (Agent[V]) Encrypt ¶

func (a Agent[V]) Encrypt(v V) ([]byte, error)

type DataHash ¶

type DataHash [32]byte

DataHash is a hash of arbitrary data using SHA-256 represented as a 32-byte slice of bytes

func HashData ¶

func HashData(data []byte) DataHash

HashData produces a byte hash of the provided data using the SHA-256 hashing algorithm.

func (DataHash) String ¶

func (h DataHash) String() string

String returns a string containing a hexadecimal representation of the DataHash receiver.

type Key ¶

type Key []byte

Key is the slice of keylen bytes used to encrypt data with AES-256.

func NewDerivedKey ¶

func NewDerivedKey(pass Password, salt Salt) Key

NewDerivedKey uses the PBKDF2 key derivation algorithm to create a 256-bit key that can be used by the AES algorithm for encrypting and decrypting data.

func NewRandomKey ¶

func NewRandomKey() (Key, error)

NewRandomKey uses a cryptographically strong random generator to create a 256-bit key that can be used by the AES algorithm for encrypting and decrypting data.

func (Key) String ¶

func (k Key) String() string

String returns a string containing a hexadecimal representation of the Key receiver.

type PassHash ¶

type PassHash []byte

PassHash is a hash of a password performed by Bcrypt represented as a slice of bytes.

func HashPassword ¶

func HashPassword(password Password) (PassHash, error)

HashPassword produces a byte hash of the provided password using the Bcrypt algorithm.

See https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf for algorithm specifics.

func (PassHash) String ¶

func (h PassHash) String() string

String returns a string containing a hexadecimal representation of the PassHash receiver.

type Password ¶

type Password string

Password is a user-provided string that has been validated and meets all criteria for a password.

func NewPassword ¶

func NewPassword(val string) (Password, error)

NewPassword verifies the provided string value meets the criteria for a password and then wraps it in the Password type to indicate the string has been validated. If the provided string does not meet the password criteria for Kolob, then the function will return an error explaining which criteria failed.

Note that although the function only returns a single error value, the message inside that error value is dynamic depending on which criteria for the password were not met.

type Salt ¶

type Salt []byte

Salt is the slice of saltlen bytes used when generating a key from a user-provided password.

func LoadSalt ¶

func LoadSalt(val []byte) (Salt, error)

LoadSalt verifies that an existing byte slice only contains saltlen bytes. This ensures that a bytes loaded from authentication information can be used to recreate the original key used to encrypt data.

func NewSalt ¶

func NewSalt() (Salt, error)

NewSalt creates a new slice containing saltlen bytes. The resulting salt is used when generating a key from a user-provided password.

func (Salt) String ¶

func (s Salt) String() string

String returns a string containing a hexadecimal representation of the Salt receiver.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL