README
¶
go-pact
This package implements the PACT/comPACT AEAD context commitment scheme, as described in Universal Context Commitment without Ciphertext Expansion.
Installation
go get git.sr.ht/~fantomebeignet/go-pact
Usage
// newAead combines the creation of an AES cipher and the accompanying
// GCM authenticated cipher in one function.
// This creates a GCM AEAD with the same interface as ChaCha20Poly1305.New
func newAead(k []byte) (cipher.AEAD, error) {
aes, err := aes.NewCipher(k)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(aes)
if err != nil {
return nil, err
}
return gcm, nil
}
func main() {
var key [32]byte
if _, err := rand.Read(key[:]); err != nil {
panic(err)
}
var nonce [12]byte
if _, err := rand.Read(nonce[:]); err != nil {
panic(err)
}
plaintext := []byte("example plaintext to encrypt and authenticate")
additionalData := []byte("example additional authenticated data")
pact, err := pact.NewPACT(newAead, sha256.New, aes.NewCipher, key[:])
if err != nil {
panic(err)
}
ciphertext := pact.Seal(nil, nonce[:], plaintext, additionalData)
decrypted, err := pact.Open(nil, nonce[:], ciphertext, additionalData)
if err != nil {
// Authentication failed
panic(err)
}
}
Security
This library has been audited by no one, I am not a cryptographer nor am I a cryptography engineer. That is to say, you probably should not use this library under any circumstances other than experimenting and having some cryptographic fun.
Documentation
¶
Overview ¶
Package pact implements the PACT and comPACT transforms to convert any AEAD into a context-committing one without any output length expansion.
These transforms were described in Universal Context Commitment without Ciphertext Expansion
Example ¶
// import "git.sr.ht/~fantomebeignet/go-pact"
// import "crypto/rand"
// import "fmt"
// func newAead(k []byte) (cipher.AEAD, error) {
// aes, err := aes.NewCipher(k)
// if err != nil {
// return nil, err
// }
// gcm, err := cipher.NewGCM(aes)
// if err != nil {
// return nil, err
// }
// return gcm, nil
// }
// Generate a random key and nonce
var key [32]byte
if _, err := rand.Read(key[:]); err != nil {
panic(err)
}
var nonce [12]byte
if _, err := rand.Read(nonce[:]); err != nil {
panic(err)
}
additionalData := []byte("example additionnal data")
plaintext := []byte("example plaintext")
// Create a transformed AEAD
pact, err := pact.NewPACT(newAead, sha256.New, aes.NewCipher, key[:])
if err != nil {
panic(err)
}
// Encrypt the plaintext
ciphertext := pact.Seal(nil, nonce[:], plaintext, additionalData)
// Decrypt the ciphertext
decrypted, err := pact.Open(nil, nonce[:], ciphertext, additionalData)
if err != nil {
panic(err)
}
// Ciphertext was decrypted successfully
fmt.Println(bytes.Equal(plaintext, decrypted))
Output: true
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewComPACT ¶
func NewComPACT[P cipher.AEAD, H hash.Hash, E cipher.Block]( aead func([]byte) (P, error), hash func() H, blockCipher func([]byte) (E, error), key []byte, ) (cipher.AEAD, error)
NewComPACT returns a transformed version of the provided AEAD using the comPACT transform. This transformed AEAD is context-committing without any ciphertext expansion, meaning it has the same overhead as the original AEAD. The transformed AEAD does not preserve the nonce misuse-resistance properties (MRAE) of the underlying AEAD.
Compared to the underlying AEAD, the Seal and Open function on this new AEAD involve a call to the hash function hash and a call to the block cipher blockCipher.
The key size of blockCipher should be equal to the output size of hash, and the block size of blockCipher should be equal to the tag size of aead.
func NewPACT ¶
func NewPACT[P cipher.AEAD, H hash.Hash, E cipher.Block]( aead func([]byte) (P, error), hash func() H, blockCipher func([]byte) (E, error), key []byte, ) (cipher.AEAD, error)
NewPACT returns a transformed version of the provided AEAD using the PACT transform. This transformed AEAD is context-committing without any ciphertext expansion, meaning it has the same overhead as the original AEAD. The transformed AEAD preserves the nonce misuse-resistance properties (MRAE) of the underlying AEAD.
Compared to the underlying AEAD, the Seal and Open function on this new AEAD involve a call to the hash function hash and a call to the block cipher blockCipher.
The key size of blockCipher should be equal to the output size of hash, and the block size of blockCipher should be equal to the tag size of aead.
Types ¶
This section is empty.
Source Files