Documentation
¶
Index ¶
- Variables
- func AEAD(key []byte) cipher.AEAD
- func CTCompare(a []byte, b []byte) int
- func ECDHSecret(ourPriv ECDHPrivate, theirPubl ECDHPublic) []byte
- func HexDecode(str string) ([]byte, error)
- func HexEncode(bts []byte) string
- func PasswordHash(pwd []byte, opslimit int, memlimit int) string
- func PasswordVerify(pwd []byte, hash string) bool
- func RandBytes(b []byte)
- func RandUint32() uint32
- func RandUint32LT(lim uint32) uint32
- func SecureHash(message []byte, key []byte) []byte
- func SecureHasher(key []byte) hash.Hash
- func Stream(key []byte, nonce []byte) cipher.Stream
- func StretchKey(pwd []byte, salt []byte, opslimit int, memlimit int) []byte
- func TripleECDH(ourAuth ECDHPrivate, theirAuth ECDHPublic, ourEph ECDHPrivate, ...) []byte
- type ECDHPrivate
- type ECDHPublic
- type EdDSAPrivate
- type EdDSAPublic
Constants ¶
This section is empty.
Variables ¶
var ECDHKeyLength = C.crypto_scalarmult_BYTES
ECDHKeyLength represents the length of an ECDH public or private key.
var EdDSAPrivateLength = C.crypto_sign_SECRETKEYBYTES
EdDSAPrivateLength is the length of an EdDSA private key.
var EdDSAPublicLength = C.crypto_sign_PUBLICKEYBYTES
EdDSAPublicLength is the length of an EdDSA public key.
var EdDSASignatureLength = C.crypto_sign_BYTES
EdDSASignatureLength is the length of an EdDSA signature.
var PasswordSaltLen int
PasswordSaltLen gives the length of the salt parameter to StretchKey
Functions ¶
func AEAD ¶
AEAD creates an object implementing the standard Go AEAD (Authenticated Encryption with Associated Data) interface. Keys must be 32 bytes long, and the underlying algorithm uses the ChaCha20 stream cipher with the Poly1305 authentication function.
func CTCompare ¶
CTCompare returns 0 if the two byte strings are identical, -1 if a is less than b (little-endian), and 1 if a is larger than b. It runs in constant time given a particular length of a and b.
func ECDHSecret ¶
func ECDHSecret(ourPriv ECDHPrivate, theirPubl ECDHPublic) []byte
ECDHSecret computes the Diffie-Hellman shared-secret given our private key and their public key.
func PasswordHash ¶
PasswordHash uses the Argon2 algorithm to create an ASCII string which includes opslimit, memlimit, a random salt, and a memory-hard hash. It's designed to be stored in databases and directly used with PasswordVerify.
func PasswordVerify ¶
PasswordVerify verifies that the given password corresponds to the given salted hash string (of the format returned by PasswordHash).
func RandUint32LT ¶
RandUint32LT returns a random uint32 from 0 to lim, uniformly.
func SecureHash ¶
SecureHash uses the Blake2b algorithm to generate a 256-bit (32-byte) hash of a message with an optional key. The key parameter can be nil if normal hashing, instead of authenticated hashing, is wanted.
func SecureHasher ¶ added in v1.1.0
SecureHasher creates a Blake2b stream hasher.
func StretchKey ¶
StretchKey uses the Argon2 algorithm to create a 256-bit key based upon a password and a salt. This function is deterministic given a certain opslimit and memlimit.
func TripleECDH ¶
func TripleECDH(ourAuth ECDHPrivate, theirAuth ECDHPublic, ourEph ECDHPrivate, theirEph ECDHPublic) []byte
TripleECDH is a convenience function does a triple Diffie-Hellman authenticated key exchange; it derives a shared secret from both long term keys and ephemeral keys to provide both deniable and forward-secure session-key derivation.
Types ¶
type ECDHPrivate ¶
type ECDHPrivate []byte
ECDHPrivate represents a X25519 private key.
func ECDHGenerateKey ¶
func ECDHGenerateKey() ECDHPrivate
ECDHGenerateKey generates an ECDH private key.
func (ECDHPrivate) PublicKey ¶
func (priv ECDHPrivate) PublicKey() ECDHPublic
PublicKey derives the public key corresponding to the ECDH private key.
type EdDSAPrivate ¶
type EdDSAPrivate []byte
EdDSAPrivate represents an Ed25519 private key.
func EdDSADeriveKey ¶
func EdDSADeriveKey(seed []byte) EdDSAPrivate
EdDSADeriveKey derives an EdDSA private key from an arbitrary seed.
func EdDSAGenerateKey ¶
func EdDSAGenerateKey() EdDSAPrivate
EdDSAGenerateKey generates an EdDSA private key. The public key can be derived from the private key, so there is no issue. Keys are represented by byte slices, and can be cast to and from them.
func (EdDSAPrivate) PublicKey ¶
func (k EdDSAPrivate) PublicKey() EdDSAPublic
PublicKey obtains the public component of an EdDSA private key.
func (EdDSAPrivate) Sign ¶
func (k EdDSAPrivate) Sign(message []byte) []byte
Sign signs a message using the given EdDSA private key, returning the signature.
func (EdDSAPrivate) String ¶
func (k EdDSAPrivate) String() string
func (EdDSAPrivate) ToECDH ¶
func (k EdDSAPrivate) ToECDH() ECDHPrivate
ToECDH converts an EdDSA private key deterministically to a ECDH private key.
type EdDSAPublic ¶
type EdDSAPublic []byte
EdDSAPublic represents an Ed25519 public key.
func (EdDSAPublic) MarshalJSON ¶
func (k EdDSAPublic) MarshalJSON() ([]byte, error)
MarshalJSON implements the MarshalJSON interface.
func (EdDSAPublic) String ¶
func (k EdDSAPublic) String() string
func (EdDSAPublic) ToECDH ¶
func (k EdDSAPublic) ToECDH() ECDHPublic
ToECDH converts an EdDSA public key deterministically to a ECDH public key
Source Files