Interfaces
AEAD
interface
#
AEAD is a cipher mode providing authenticated encryption with associated
data. For a description of the methodology, see
https://en.wikipedia.org/wiki/Authenticated_encryption.
type AEAD interface {
NonceSize() int
Overhead() int
Seal(dst []byte, nonce []byte, plaintext []byte, additionalData []byte) []byte
Open(dst []byte, nonce []byte, ciphertext []byte, additionalData []byte) ([]byte, error)
}
Block
interface
#
A Block represents an implementation of block cipher
using a given key. It provides the capability to encrypt
or decrypt individual blocks. The mode implementations
extend that capability to streams of blocks.
type Block interface {
BlockSize() int
Encrypt(dst []byte, src []byte)
Decrypt(dst []byte, src []byte)
}
BlockMode
interface
#
A BlockMode represents a block cipher running in a block-based mode (CBC,
ECB etc).
type BlockMode interface {
BlockSize() int
CryptBlocks(dst []byte, src []byte)
}
Stream
interface
#
A Stream represents a stream cipher.
type Stream interface {
XORKeyStream(dst []byte, src []byte)
}
cbcDecAble
interface
#
cbcDecAble is an interface implemented by ciphers that have a specific
optimized implementation of CBC decryption. crypto/aes doesn't use this
anymore, and we'd like to eventually remove it.
type cbcDecAble interface {
NewCBCDecrypter(iv []byte) BlockMode
}
cbcEncAble
interface
#
cbcEncAble is an interface implemented by ciphers that have a specific
optimized implementation of CBC encryption. crypto/aes doesn't use this
anymore, and we'd like to eventually remove it.
type cbcEncAble interface {
NewCBCEncrypter(iv []byte) BlockMode
}
ctrAble
interface
#
ctrAble is an interface implemented by ciphers that have a specific optimized
implementation of CTR. crypto/aes doesn't use this anymore, and we'd like to
eventually remove it.
type ctrAble interface {
NewCTR(iv []byte) Stream
}
gcmAble
interface
#
gcmAble is an interface implemented by ciphers that have a specific optimized
implementation of GCM. crypto/aes doesn't use this anymore, and we'd like to
eventually remove it.
type gcmAble interface {
NewGCM(nonceSize int, tagSize int) (AEAD, error)
}
Functions
BlockSize
method
#
func (x *cbcEncrypter) BlockSize() int
BlockSize
method
#
func (x *cbcDecrypter) BlockSize() int
Close
method
#
Close closes the underlying Writer and returns its Close return value, if the Writer
is also an io.Closer. Otherwise it returns nil.
func (w StreamWriter) Close() error
CryptBlocks
method
#
func (x *cbcDecrypter) CryptBlocks(dst []byte, src []byte)
CryptBlocks
method
#
func (x *cbcEncrypter) CryptBlocks(dst []byte, src []byte)
NewCBCDecrypter
function
#
NewCBCDecrypter returns a BlockMode which decrypts in cipher block chaining
mode, using the given Block. The length of iv must be the same as the
Block's block size and must match the iv used to encrypt the data.
func NewCBCDecrypter(b Block, iv []byte) BlockMode
NewCBCEncrypter
function
#
NewCBCEncrypter returns a BlockMode which encrypts in cipher block chaining
mode, using the given Block. The length of iv must be the same as the
Block's block size.
func NewCBCEncrypter(b Block, iv []byte) BlockMode
NewCFBDecrypter
function
#
NewCFBDecrypter returns a [Stream] which decrypts with cipher feedback mode,
using the given [Block]. The iv must be the same length as the [Block]'s block
size.
Deprecated: CFB mode is not authenticated, which generally enables active
attacks to manipulate and recover the plaintext. It is recommended that
applications use [AEAD] modes instead. The standard library implementation of
CFB is also unoptimized and not validated as part of the FIPS 140-3 module.
If an unauthenticated [Stream] mode is required, use [NewCTR] instead.
func NewCFBDecrypter(block Block, iv []byte) Stream
NewCFBEncrypter
function
#
NewCFBEncrypter returns a [Stream] which encrypts with cipher feedback mode,
using the given [Block]. The iv must be the same length as the [Block]'s block
size.
Deprecated: CFB mode is not authenticated, which generally enables active
attacks to manipulate and recover the plaintext. It is recommended that
applications use [AEAD] modes instead. The standard library implementation of
CFB is also unoptimized and not validated as part of the FIPS 140-3 module.
If an unauthenticated [Stream] mode is required, use [NewCTR] instead.
func NewCFBEncrypter(block Block, iv []byte) Stream
NewCTR
function
#
NewCTR returns a [Stream] which encrypts/decrypts using the given [Block] in
counter mode. The length of iv must be the same as the [Block]'s block size.
func NewCTR(block Block, iv []byte) Stream
NewGCM
function
#
NewGCM returns the given 128-bit, block cipher wrapped in Galois Counter Mode
with the standard nonce length.
In general, the GHASH operation performed by this implementation of GCM is not constant-time.
An exception is when the underlying [Block] was created by aes.NewCipher
on systems with hardware support for AES. See the [crypto/aes] package documentation for details.
func NewGCM(cipher Block) (AEAD, error)
NewGCMWithNonceSize
function
#
NewGCMWithNonceSize returns the given 128-bit, block cipher wrapped in Galois
Counter Mode, which accepts nonces of the given length. The length must not
be zero.
Only use this function if you require compatibility with an existing
cryptosystem that uses non-standard nonce lengths. All other users should use
[NewGCM], which is faster and more resistant to misuse.
func NewGCMWithNonceSize(cipher Block, size int) (AEAD, error)
NewGCMWithRandomNonce
function
#
NewGCMWithRandomNonce returns the given cipher wrapped in Galois Counter
Mode, with randomly-generated nonces. The cipher must have been created by
[aes.NewCipher].
It generates a random 96-bit nonce, which is prepended to the ciphertext by Seal,
and is extracted from the ciphertext by Open. The NonceSize of the AEAD is zero,
while the Overhead is 28 bytes (the combination of nonce size and tag size).
A given key MUST NOT be used to encrypt more than 2^32 messages, to limit the
risk of a random nonce collision to negligible levels.
func NewGCMWithRandomNonce(cipher Block) (AEAD, error)
NewGCMWithTagSize
function
#
NewGCMWithTagSize returns the given 128-bit, block cipher wrapped in Galois
Counter Mode, which generates tags with the given length.
Tag sizes between 12 and 16 bytes are allowed.
Only use this function if you require compatibility with an existing
cryptosystem that uses non-standard tag lengths. All other users should use
[NewGCM], which is more resistant to misuse.
func NewGCMWithTagSize(cipher Block, tagSize int) (AEAD, error)
NewOFB
function
#
NewOFB returns a [Stream] that encrypts or decrypts using the block cipher b
in output feedback mode. The initialization vector iv's length must be equal
to b's block size.
Deprecated: OFB mode is not authenticated, which generally enables active
attacks to manipulate and recover the plaintext. It is recommended that
applications use [AEAD] modes instead. The standard library implementation of
OFB is also unoptimized and not validated as part of the FIPS 140-3 module.
If an unauthenticated [Stream] mode is required, use [NewCTR] instead.
func NewOFB(b Block, iv []byte) Stream
NonceSize
method
#
func (g *gcmFallback) NonceSize() int
NonceSize
method
#
func (g gcmWithRandomNonce) NonceSize() int
Open
method
#
func (g gcmWithRandomNonce) Open(dst []byte, nonce []byte, ciphertext []byte, additionalData []byte) ([]byte, error)
Open
method
#
func (g *gcmFallback) Open(dst []byte, nonce []byte, ciphertext []byte, additionalData []byte) ([]byte, error)
Overhead
method
#
func (g gcmWithRandomNonce) Overhead() int
Overhead
method
#
func (g *gcmFallback) Overhead() int
Read
method
#
func (r StreamReader) Read(dst []byte) (n int, err error)
Seal
method
#
func (g gcmWithRandomNonce) Seal(dst []byte, nonce []byte, plaintext []byte, additionalData []byte) []byte
Seal
method
#
func (g *gcmFallback) Seal(dst []byte, nonce []byte, plaintext []byte, additionalData []byte) []byte
SetIV
method
#
func (x *cbcDecrypter) SetIV(iv []byte)
SetIV
method
#
func (x *cbcEncrypter) SetIV(iv []byte)
Write
method
#
func (w StreamWriter) Write(src []byte) (n int, err error)
XORKeyStream
method
#
func (x *ofb) XORKeyStream(dst []byte, src []byte)
XORKeyStream
method
#
func (x *ctr) XORKeyStream(dst []byte, src []byte)
XORKeyStream
method
#
func (x aesCtrWrapper) XORKeyStream(dst []byte, src []byte)
XORKeyStream
method
#
func (x *cfb) XORKeyStream(dst []byte, src []byte)
deriveCounter
function
#
func deriveCounter(H *[gcmBlockSize]byte, counter *[gcmBlockSize]byte, nonce []byte)
gcmAuth
function
#
func gcmAuth(out []byte, H *[gcmBlockSize]byte, tagMask *[gcmBlockSize]byte, ciphertext []byte, additionalData []byte)
gcmCounterCryptGeneric
function
#
func gcmCounterCryptGeneric(b Block, out []byte, src []byte, counter *[gcmBlockSize]byte)
gcmInc32
function
#
func gcmInc32(counterBlock *[gcmBlockSize]byte)
newCBC
function
#
func newCBC(b Block, iv []byte) *cbc
newCBCGenericDecrypter
function
#
newCBCGenericDecrypter returns a BlockMode which encrypts in cipher block chaining
mode, using the given Block. The length of iv must be the same as the
Block's block size. This always returns the generic non-asm decrypter for use in
fuzz testing.
func newCBCGenericDecrypter(b Block, iv []byte) BlockMode
newCBCGenericEncrypter
function
#
newCBCGenericEncrypter returns a BlockMode which encrypts in cipher block chaining
mode, using the given Block. The length of iv must be the same as the
Block's block size. This always returns the generic non-asm encrypter for use
in fuzz testing.
func newCBCGenericEncrypter(b Block, iv []byte) BlockMode
newCFB
function
#
func newCFB(block Block, iv []byte, decrypt bool) Stream
newGCM
function
#
func newGCM(cipher Block, nonceSize int, tagSize int) (AEAD, error)
newGCMFallback
function
#
func newGCMFallback(cipher Block, nonceSize int, tagSize int) (AEAD, error)
refill
method
#
func (x *ofb) refill()
refill
method
#
func (x *ctr) refill()
sliceForAppend
function
#
sliceForAppend takes a slice and a requested number of bytes. It returns a
slice with the contents of the given slice followed by that many bytes and a
second slice that aliases into it and contains only the extra bytes. If the
original slice has sufficient capacity then no allocation is performed.
func sliceForAppend(in []byte, n int) (head []byte, tail []byte)