godium

package module

v0.0.0-...-f08c318 Latest Latest Go to latest Published: Oct 14, 2020 License: MPL-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ArteMisc/libgodium

Links

Open Source Insights

README ¶

libgodium

Pure Go implementation of cryptographic APIs found in libsodium. The implementations are compatible with libsodium 1.0.15.

Import

go get go.artemisc.eu/godium

Godoc

https://godoc.org/go.artemisc.eu/godium

License

Unless otherwise specified, code present in this library is licensed under the Mozilla Public License Version v2.0.

Credits

This library is built upon existing cryptographic implementations. See the CREDITS.md file for relevant credits/licenses.

Implemented APIs

AEAD
- aes256gcm
- chacha20poly1305
- chacha20poly1305_ietf
- xchacha20poly1305_ietf
Auth
- hmacsha256
- hmacsha512
- hmacsha256256
Box
- curve25519xchacha20poly1305
- curve25519xsalsa20poly1305
Core
- hchacha20
- hsalsa20
- salsa20 (TODO: amd64 implementation)
Generic Hash
- blake2b
Hash
- sha256
- sha512
KDF (Key Derivation Function)
- blake2b
KX (Key Exchange)
- x25519blake2b
OneTimeAuth
- poly1305
Password Hash
- TODO argon2id
- TODO argon2i
- TODO scrypt
Random bytes
- sodium randombytes
Scalar Mult
- curve25519
Secret Box
- xchacha20poly1305
- xsalsa20poly1305
Secret Stream
- xchacha20poly1305
Short Hash
- siphash24
- siphashx24
Signature
- ed25519
- ed25519ph
Stream
- chacha20
- chacha20 ietf
- xchacha20
- TODO salsa208
- TODO salsa2012
- salsa20
- xsalsa20
Misc/Util
- TODO constant time hex encode/decode
- TODO constant time base64 encode/decode

Documentation ¶

Overview ¶

Package Godium provides implementations for the primitives present in the Libsodium library.

The library is fully written in Go (or go-assembly), and based on interfaces found in Go's standard library.

Constants ¶

View Source

const (
	VersionMajor = 10
	VersionMinor = 0

	Version = "1.0.15"
)

Version information, represents the latest libsodium version that this build is compatible with.

Variables ¶

View Source

var (
	// ErrForgedOrCorrupted is returned by decryption method that perform
	// message authentication whenever the authentication check fails. When such
	// a check fails, it indicates that the message is either forged, corrupted,
	// or incorrectly encrypted. These could be indicators of protocol or
	// implementation failures, but also be a sign of an active
	// man-in-the-middle attack
	ErrForgedOrCorrupted = errors.New("authentication tag is invalid, message is forged or corrupted")

	// ErrInvalidPoint is returned when a point on an elliptic curve is
	// considered illegal, unsafe, or incorrectly formatted.
	ErrInvalidPoint = errors.New("elliptic curve point not valid, rejected, or considered unsafe")

	// ErrCipherTooShort is returned when a ciphertext is shorter than a minimal
	// amount of bytes, for example when an authenticated ciphertext is not long
	// enough to at least contain the full authentication tag.
	ErrCipherTooShort = errors.New("cipher shorter than minimal size")

	// ErrBufferTooShort is returned when a buffer provided to a method is
	// shorter than a minimal amount of expected bytes, for example a header
	// that should at least contain a certain amount of bytes to hold a full
	// piece of data for an algorithm.
	ErrBufferTooShort = errors.New("buffer shorter than expected size")
)

Functions ¶

func Wipe ¶

func Wipe(p []byte)

Wipe will override the contents of the buffer p with 0's.

Types ¶

type AEAD ¶

type AEAD interface {
	cipher.AEAD
	Wiper

	SealDetached(dst, dstMac, nonce, plain, ad []byte) (cipher, mac []byte)

	OpenDetached(dst, nonce, cipher, mac, ad []byte) (plain []byte, err error)

	KeyBytes() (c int)
	NSecBytes() (c int)
	NPubBytes() (c int)
	ABytes() (c int)
}

AEAD

type Auth ¶

type Auth interface {
	Hash
	Wiper

	// Verify will check if the resulting Sum() of the Auth equals the provided
	// authentication tag.
	Verify(tag []byte) (matches bool)

	KeyBytes() (c int)
}

Auth

type Box ¶

type Box interface {
	Wiper

	SealDetached(dst, dstMac, nonce, plain []byte, remote PublicKey) (cipher, mac []byte, err error)

	Seal(dst, nonce, plain []byte, remote PublicKey) (cipher []byte, err error)

	OpenDetached(dst, nonce, cipher, mac []byte, remote PublicKey) (plain []byte, err error)

	Open(dst, nonce, cipher []byte, remote PublicKey) (plain []byte, err error)

	BeforeNM(remote PublicKey) (sb SecretBox, err error)

	PublicKeyBytes() (c int)
	SecretKeyBytes() (c int)
	MacBytes() (c int)
	NonceBytes() (c int)
	SeedBytes() (c int)
	BeforeNmBytes() (c int)
}

Box

type Codec ¶

type Codec interface {
	// Encode appends the encoded value of bin to dst.
	Encode(dst, bin []byte) (txt []byte)

	// Decode appends the decoded value of txt to dst.
	Decode(dst, txt []byte) (bin []byte)

	// EncodedLength calculates what the length of the encoded value would be
	// for this codec.
	EncodedLength(decoded int) (encoded int)

	// DecodedLength calculates what the length of the decoded value would be
	// for this codec.
	DecodedLength(encoded int) (decoded int)
}

Codec implements a constant-time encoding algorithm to convert between binary data a printable text representation.

type GenericHash ¶

type GenericHash interface {
	Hash
	Wiper

	BytesMin() (c int)
	BytesMax() (c int)
	KeyBytesMin() (c int)
	KeyBytesMax() (c int)
	KeyBytes() (c int)
}

GenericHash

type Hash ¶

type Hash interface {
	hash.Hash

	Bytes() (c int)
}

Hash

type Kdf ¶

type Kdf interface {
	Wiper

	// Derive
	Derive(dst []byte, subKeyLength, subKeyId uint64) (subKey []byte)

	BytesMin() (c int)
	BytesMax() (c int)
	ContextBytes() (c int)
	KeyBytes() (c int)
}

Kdf

type Key ¶

type Key []byte

Key

type Kx ¶

type Kx interface {
	Wiper

	// ServerSessionKeys
	ServerSessionKeys(dstRx, dstTx []byte, remote PublicKey) (rx, tx Key, err error)

	// ServerSessionKeys
	ClientSessionKeys(dstRx, dstTx []byte, remote PublicKey) (rx, tx Key, err error)

	PublicKey() (pk PublicKey)

	PublicKeyBytes() (c int)
	SecretKeyBytes() (c int)
	SeedBytes() (c int)
	SessionKeyBytes() (c int)
}

Kx

type Multipart ¶

type Multipart interface {
	// Writer implements the Write method, which can be used to update the state
	// of the Multipart
	io.Writer

	Update(p []byte) Multipart

	Final(dst []byte) (out []byte)

	FinalVerify(expect []byte) (valid bool)
}

Multipart is the generic interface used to describe a primitive that can update its state incrementally.

type OneTimeAuth ¶

type OneTimeAuth interface {
	Auth

	// ReKey re-initializes the OneTimeAuth state with the new key. OneTimeAuth
	// instances should only be used once. To use it again, it needs to be
	// re-initialized with a new one-time key.
	ReKey(key []byte)
}

OneTimeAuth

type PrivateKey ¶

type PrivateKey []byte

PrivateKey

type PublicKey ¶

type PublicKey []byte

PublicKey

type PwHash ¶

type PwHash interface {
	// PwHash implements the Wiper interface.
	Wiper

	Hash(dst, salt []byte, out, opslimit, memlimit uint64) (h []byte, err error)

	Str(dst []byte, opslimit, memlimit uint64) (h []byte, err error)

	StrVerify(h []byte) (err error)

	BytesMin() (c int)
	BytesMax() (c int)
	PasswdMin() (c int)
	PasswdMax() (c int)
	MemLimitMin() (c int)
	MemLimitMax() (c int)
	MemLimitInteractive() (c int)
	MemLimitModerate() (c int)
	MemLimitSensitive() (c int)
	OpsLimitMin() (c int)
	OpsLimitMax() (c int)
	OpsLimitInteractive() (c int)
	OpsLimitModerate() (c int)
	OpsLimitSensitive() (c int)
	SaltBytes() (c int)
	StrBytes() (c int)
	StrPrefix() (s string)
}

PwHash implements a password hashing and password based key derivation algorithm. These algorithms are meant to be hard on memory and slow to compute.

type Random ¶

type Random interface {
	UInt32() uint32
	UniformUInt32(upper uint32) uint32

	UInt64() uint64
	UniformUInt64(upper uint64) uint64

	// Buf will fill the buffer p with random bytes.
	Buf(p []byte) (err error)

	// KeyGen is a simplified call to Buf which allocates the byte slice to fit
	// the provided key size.
	KeyGen(size int) (key []byte, err error)

	// Implements the io.Reader interface, functions like Buf(p)
	io.Reader
}

Random provides an interface for CSPRNG functionality.

type SecretBox ¶

type SecretBox interface {
	Wiper

	Seal(dst, nonce, plain []byte) (cipher []byte)

	SealDetached(dst, dstMac, nonce, plain []byte) (cipher, mac []byte)

	Open(dst, nonce, cipher []byte) (plain []byte, err error)

	OpenDetached(dst, nonce, cipher, mac []byte) (plain []byte, err error)

	KeyBytes() (c int)
	MacBytes() (c int)
	NonceBytes() (c int)
}

SecretBox

type SecretStream ¶

type SecretStream interface {
	Wiper

	InitPush(dst []byte, key Key) (header []byte)
	InitPull(header []byte, key Key) (err error)
	Push(dst, plain, ad []byte, tag byte) (cipher []byte)
	Pull(dst, cipher, ad []byte) (plain []byte, tag byte, err error)
	ReKey()

	ABytes() (c int)
	HeaderBytes() (c int)
	KeyBytes() (c int)
	TAG_MESSAGE() (c byte)
	TAG_PUSH() (c byte)
	TAG_REKEY() (c byte)
	TAG_FINAL() (c byte)
}

SecretStream

type ShortHash ¶

type ShortHash interface {
	Hash

	KeyBytes() (c int)
}

ShortHash

type ShortHash128 ¶

type ShortHash128 interface {
	ShortHash
	Sum128() (s1, s2 uint64)
}

ShortHash128

type ShortHash128Func ¶

type ShortHash128Func func(key, data []byte) (sum1, sum2 uint64)

ShortHash128Func

type ShortHash64 ¶

type ShortHash64 interface {
	ShortHash
	Sum64() (sum uint64)
}

ShortHash64

type ShortHash64Func ¶

type ShortHash64Func func(key, data []byte) (sum uint64)

ShortHash64Func

type Sign ¶

type Sign interface {
	Wiper

	// Detached signs the message data in unsigned, and returns a message with
	// the signature
	Sign(dst, unsigned []byte) (signed []byte)

	// SignDetached creates a signature
	SignDetached(dst, unsigned []byte) (signature []byte)

	// io.Writer provides the Write method to the Signature interface. When
	// Write is used, the Signature implementation moves to Multipart mode,
	// which pre-hashes the message before signing.
	//
	// Note that this may produce a different signature then when full-message
	// signatures are used, as the pre-hashing generated a different value for
	// the signature key to sign.
	io.Writer

	// Final is the SignDetached method's equivalent for Multipart messages.
	// This operation will fail if Write has not been called before.
	Final(dst []byte) (signature []byte)

	// PublicKey
	PublicKey() (p PublicKey)

	PublicKeyBytes() (c int)
	SecretKeyBytes() (c int)
	Bytes() (c int)
	SeedBytes() (c int)
}

Sign

type SignVerifier ¶

type SignVerifier interface {
	// Open will verify the signature, and return the message data without the
	// signature.
	Open(dst, signed []byte) (unsigned []byte, valid bool)

	// VerifyDetached is the detached equivalent of Open, which simply verifies
	// the signature.
	VerifyDetached(signature, message []byte) (valid bool)

	// io.Writer provides the Write method to the Signature interface. When
	// Write is used, the Signature implementation moves to Multipart mode,
	// which pre-hashes the message before signing.
	//
	// Note that this may produce a different signature then when full-message
	// signatures are used, as the pre-hashing generated a different value for
	// the signature key to sign.
	io.Writer

	// FinalVerify is the Verify method's equivalent for Multipart messages.
	// This operation will fail if Write has not been called before.
	FinalVerify(signature []byte) (valid bool)

	PublicKeyBytes() (c int)
	SecretKeyBytes() (c int)
	Bytes() (c int)
	SeedBytes() (c int)
}

SignVerifier

type Stream ¶

type Stream interface {
	cipher.Stream
	Wiper

	// KeyStream generated len(dst) bytes of key from the stream
	KeyStream(dst []byte)

	// Seek sets the stream's internal counter. As this is usually followed
	// directly by a call to KeyStream or XORKeyStream, it returns a reference
	// to itself to enable chaining.
	//
	// example: stream.Seek(1).KeyStream(stream)
	Seek(counter uint64) Stream

	// ReKey will re-initialize the stream with the given key/nonce combination.
	ReKey(key, nonce []byte)

	KeyBytes() (c int)
	NonceBytes() (c int)
	BlockBytes() (c int)
}

Stream

type Wiper ¶

type Wiper interface {
	Wipe()
}

Wiper defines an interface that types implement to indicate they can wipe their internal state.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
aead
auth
box
codecs Package Codecs implements binary to text encoding with constant time implementations of a selected set of encodings.	Package Codecs implements binary to text encoding with constant time implementations of a selected set of encodings.
core Package core implements some of the core algorithms of libsodium.	Package core implements some of the core algorithms of libsodium.
generichash
hash
internal
edwards25519
kdf
kx
onetimeauth Package OneTimeAuth implements primitives for secret key based one-time authentication codes.	Package OneTimeAuth implements primitives for secret key based one-time authentication codes.
pwhash
random
scalarmult
secretbox
secretstream
shorthash
sign
stream

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL