encryption

package

v0.4.0 Latest Latest Go to latest Published: Mar 21, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chainifynet/aws-encryption-sdk-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package encryption provides a way to encrypt and decrypt with AES-GCM.

Constants ¶

View Source

const (
	IVLen = 12
)

Variables ¶

View Source

var (
	ErrGcmDecrypt = errors.New("gcm decrypt error")
	ErrGcmEncrypt = errors.New("gcm encrypt error")
)

Functions ¶

This section is empty.

Types ¶

type Gcm ¶

type Gcm struct{}

func (Gcm) ConstructIV ¶

func (ge Gcm) ConstructIV(seqNum int) []byte

ConstructIV constructs IV Each 96-bit (12-byte) IV is constructed from two big-endian byte arrays concatenated in the following order:

64 bits: 0 (reserved for future use)
32 bits: Frame sequence number

For the header authentication tag, this value is all zeroes. seqNum will be 0

func (Gcm) Decrypt ¶

func (ge Gcm) Decrypt(key, iv, ciphertext, tag, aadData []byte) ([]byte, error)

Decrypt data with AES-GCM AEAD, IV is nonce

For decryption of the Header only

Specification: https://github.com/awslabs/aws-encryption-sdk-specification/blob/6124516bb8a58d21d61b4bc6dd7d33561fdf2cae/client-apis/decrypt.md#verify-the-header
key: derivedDataKey (32 bytes) per AlgorithmSuite.EncryptionSuite.DataKeyLen
iv: 64-bits (8 bytes of 0x00) value of 0 + 32-bits (4 bytes of 0x00) value of 0 = 12 bytes
ciphertext: []byte(nil) (empty slice of 0 bytes)
tag: header.HeaderAuthentication
aadData - header.SerializeBytes(), all header bytes not including header.HeaderAuthentication

For Header returns if success:

[]byte: []byte(nil)
error: not nil

func (Gcm) Encrypt ¶

func (ge Gcm) Encrypt(key, iv, plaintext, aadData []byte) ([]byte, []byte, error)

func (Gcm) GenerateHeaderAuth ¶

func (ge Gcm) GenerateHeaderAuth(derivedDataKey, headerBytes []byte) ([]byte, []byte, error)

func (Gcm) ValidateHeaderAuth ¶

func (ge Gcm) ValidateHeaderAuth(derivedDataKey, headerAuthTag, headerBytes []byte) error

ValidateHeaderAuth validates header authorization constructs IV per https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/IV-reference.html For decryption of the Header only

Specification: https://github.com/awslabs/aws-encryption-sdk-specification/blob/6124516bb8a58d21d61b4bc6dd7d33561fdf2cae/client-apis/decrypt.md#verify-the-header

derivedDataKey: derivedDataKey (32 bytes) per AlgorithmSuite.EncryptionSuite.DataKeyLen
headerAuthTag: header.HeaderAuthentication
headerBytes: header.SerializeBytes(), all header bytes not including header.HeaderAuthentication

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL