Documentation ¶
Index ¶
- func AESCBCPKCS7Decrypt(key, src []byte) ([]byte, error)
- func AESCBCPKCS7Encrypt(key, src []byte) ([]byte, error)
- func AESCBCPKCS7EncryptWithIV(IV []byte, key, src []byte) ([]byte, error)
- func AESCBCPKCS7EncryptWithRand(prng io.Reader, key, src []byte) ([]byte, error)
- func GetRandomBytes(len int) ([]byte, error)
- func NewDefaultSecurityLevel(keyStorePath string) (csp.CSP, error)
- func NewDefaultSecurityLevelWithKeystore(keyStore csp.KeyStore) (csp.CSP, error)
- func NewDummyKeyStore() csp.KeyStore
- func NewFileBasedKeyStore(pwd []byte, path string, readOnly bool) (csp.KeyStore, error)
- func NewInMemoryKeyStore() csp.KeyStore
- func NewWithParams(securityLevel int, hashFamily string, keyStore csp.KeyStore) (csp.CSP, error)
- type CSP
- func (csp *CSP) AddWrapper(t reflect.Type, w interface{}) error
- func (csp *CSP) Decrypt(k csp.Key, ciphertext []byte, opts csp.DecrypterOpts) (plaintext []byte, err error)
- func (csp *CSP) Encrypt(k csp.Key, plaintext []byte, opts csp.EncrypterOpts) ([]byte, error)
- func (csp *CSP) GetHash(opts csp.HashOpts) (h hash.Hash, err error)
- func (csp *CSP) GetKey(ski []byte) (k csp.Key, err error)
- func (csp *CSP) Hash(msg []byte, opts csp.HashOpts) (digest []byte, err error)
- func (csp *CSP) KeyDeriv(k csp.Key, opts csp.KeyDerivOpts) (dk csp.Key, err error)
- func (csp *CSP) KeyGen(opts csp.KeyGenOpts) (k csp.Key, err error)
- func (csp *CSP) KeyImport(raw interface{}, opts csp.KeyImportOpts) (k csp.Key, err error)
- func (csp *CSP) Sign(k csp.Key, digest []byte, opts csp.SignerOpts) (signature []byte, err error)
- func (csp *CSP) Verify(k csp.Key, signature, digest []byte, opts csp.SignerOpts) (valid bool, err error)
- type Decryptor
- type Encryptor
- type Hasher
- type KeyDeriver
- type KeyGenerator
- type KeyImporter
- type Signer
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AESCBCPKCS7Decrypt ¶
AESCBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding
func AESCBCPKCS7Encrypt ¶
AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding
func AESCBCPKCS7EncryptWithIV ¶
AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding, the IV used is the one passed to the function
func AESCBCPKCS7EncryptWithRand ¶
AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding using as prng the passed to the function
func GetRandomBytes ¶
GetRandomBytes returns len random looking bytes
func NewDefaultSecurityLevel ¶
NewDefaultSecurityLevel returns a new instance of the software-based CSP at security level 256, hash family SHA2 and using FolderBasedKeyStore as KeyStore.
func NewDefaultSecurityLevelWithKeystore ¶
NewDefaultSecurityLevel returns a new instance of the software-based CSP at security level 256, hash family SHA2 and using the passed KeyStore.
func NewDummyKeyStore ¶
NewDummyKeyStore instantiate a dummy key store that neither loads nor stores keys
func NewFileBasedKeyStore ¶
NewFileBasedKeyStore instantiated a file-based key store at a given position. The key store can be encrypted if a non-empty password is specified. It can be also be set as read only. In this case, any store operation will be forbidden
func NewInMemoryKeyStore ¶
NewInMemoryKeyStore instantiates an ephemeral in-memory keystore
Types ¶
type CSP ¶
type CSP struct { KeyGenerators map[reflect.Type]KeyGenerator KeyDerivers map[reflect.Type]KeyDeriver KeyImporters map[reflect.Type]KeyImporter Encryptors map[reflect.Type]Encryptor Decryptors map[reflect.Type]Decryptor Signers map[reflect.Type]Signer Verifiers map[reflect.Type]Verifier Hashers map[reflect.Type]Hasher // contains filtered or unexported fields }
CSP provides a generic implementation of the CSP interface based on wrappers. It can be customized by providing implementations for the following algorithm-based wrappers: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher. Each wrapper is bound to a goland type representing either an option or a key.
func (*CSP) AddWrapper ¶
AddWrapper binds the passed type to the passed wrapper. Notice that that wrapper must be an instance of one of the following interfaces: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher.
func (*CSP) Decrypt ¶
func (csp *CSP) Decrypt(k csp.Key, ciphertext []byte, opts csp.DecrypterOpts) (plaintext []byte, err error)
Decrypt decrypts ciphertext using key k. The opts argument should be appropriate for the primitive used.
func (*CSP) Encrypt ¶
Encrypt encrypts plaintext using key k. The opts argument should be appropriate for the primitive used.
func (*CSP) GetHash ¶
GetHash returns and instance of hash.Hash using options opts. If opts is nil then the default hash function is returned.
func (*CSP) KeyDeriv ¶
KeyDeriv derives a key from k using opts. The opts argument should be appropriate for the primitive used.
func (*CSP) KeyImport ¶
KeyImport imports a key from its raw representation using opts. The opts argument should be appropriate for the primitive used.
type Decryptor ¶
type Decryptor interface { // Decrypt decrypts ciphertext using key k. // The opts argument should be appropriate for the algorithm used. Decrypt(k csp.Key, ciphertext []byte, opts csp.DecrypterOpts) (plaintext []byte, err error) }
Decryptor is a CSP-like interface that provides decryption algorithms
type Encryptor ¶
type Encryptor interface { // Encrypt encrypts plaintext using key k. // The opts argument should be appropriate for the algorithm used. Encrypt(k csp.Key, plaintext []byte, opts csp.EncrypterOpts) (ciphertext []byte, err error) }
Encryptor is a CSP-like interface that provides encryption algorithms
type Hasher ¶
type Hasher interface { // Hash hashes messages msg using options opts. // If opts is nil, the default hash function will be used. Hash(msg []byte, opts csp.HashOpts) (hash []byte, err error) // GetHash returns and instance of hash.Hash using options opts. // If opts is nil, the default hash function will be returned. GetHash(opts csp.HashOpts) (h hash.Hash, err error) }
Hasher is a CSP-like interface that provides hash algorithms
type KeyDeriver ¶
type KeyDeriver interface { // KeyDeriv derives a key from k using opts. // The opts argument should be appropriate for the primitive used. KeyDeriv(k csp.Key, opts csp.KeyDerivOpts) (dk csp.Key, err error) }
KeyDeriver is a CSP-like interface that provides key derivation algorithms
type KeyGenerator ¶
type KeyGenerator interface { // KeyGen generates a key using opts. KeyGen(opts csp.KeyGenOpts) (k csp.Key, err error) }
KeyGenerator is a CSP-like interface that provides key generation algorithms
type KeyImporter ¶
type KeyImporter interface { // KeyImport imports a key from its raw representation using opts. // The opts argument should be appropriate for the primitive used. KeyImport(raw interface{}, opts csp.KeyImportOpts) (k csp.Key, err error) }
KeyImporter is a CSP-like interface that provides key import algorithms
type Signer ¶
type Signer interface { // Sign signs digest using key k. // The opts argument should be appropriate for the algorithm used. // // Note that when a signature of a hash of a larger message is needed, // the caller is responsible for hashing the larger message and passing // the hash (as digest). Sign(k csp.Key, digest []byte, opts csp.SignerOpts) (signature []byte, err error) }
Signer is a CSP-like interface that provides signing algorithms
type Verifier ¶
type Verifier interface { // Verify verifies signature against key k and digest // The opts argument should be appropriate for the algorithm used. Verify(k csp.Key, signature, digest []byte, opts csp.SignerOpts) (valid bool, err error) }
Verifier is a CSP-like interface that provides verifying algorithms