hpke

Imports

Imports # 

"crypto"
"crypto/aes"
"crypto/cipher"
"crypto/ecdh"
"crypto/internal/fips140/hkdf"
"crypto/rand"
"errors"
"internal/byteorder"
"math/bits"
"golang.org/x/crypto/chacha20poly1305"

Constants & Variables

AEAD_AES_128_GCM const # 

const AEAD_AES_128_GCM = 0x0001

AEAD_AES_256_GCM const # 

const AEAD_AES_256_GCM = 0x0002

AEAD_ChaCha20Poly1305 const # 

const AEAD_ChaCha20Poly1305 = 0x0003

DHKEM_X25519_HKDF_SHA256 const # 

const DHKEM_X25519_HKDF_SHA256 = 0x0020

KDF_HKDF_SHA256 const # 

const KDF_HKDF_SHA256 = 0x0001

SupportedAEADs var # 

var SupportedAEADs = map[uint16]struct{...}{...}

SupportedKDFs var # 

var SupportedKDFs = map[uint16]func() *hkdfKDF{...}

SupportedKEMs var # 

var SupportedKEMs = map[uint16]struct{...}{...}

aesGCMNew var # 

var aesGCMNew = *ast.FuncLit

testingOnlyGenerateKey var #

testingOnlyGenerateKey is only used during testing, to provide a fixed test key to use when checking the RFC 9180 vectors.

var testingOnlyGenerateKey func() (*ecdh.PrivateKey, error)

Type Aliases

AEADID type # 

type AEADID uint16

KDFID type # 

type KDFID uint16

KemID type # 

type KemID uint16

Structs

Receipient struct # 

type Receipient struct {
*context
}

Sender struct # 

type Sender struct {
*context
}

context struct # 

type context struct {
aead cipher.AEAD
sharedSecret []byte
suiteID []byte
key []byte
baseNonce []byte
exporterSecret []byte
seqNum uint128
}

dhKEM struct #

dhKEM implements the KEM specified in RFC 9180, Section 4.1.

type dhKEM struct {
dh ecdh.Curve
kdf hkdfKDF
suiteID []byte
nSecret uint16
}

hkdfKDF struct # 

type hkdfKDF struct {
hash crypto.Hash
}

uint128 struct # 

type uint128 struct {
hi uint64
lo uint64
}

Functions

Decap method # 

func (dh *dhKEM) Decap(encPubEph []byte, secRecipient *ecdh.PrivateKey) ([]byte, error)

Encap method # 

func (dh *dhKEM) Encap(pubRecipient *ecdh.PublicKey) (sharedSecret []byte, encapPub []byte, err error)

ExtractAndExpand method # 

func (dh *dhKEM) ExtractAndExpand(dhKey []byte, kemContext []byte) []byte

LabeledExpand method # 

func (kdf *hkdfKDF) LabeledExpand(suiteID []byte, randomKey []byte, label string, info []byte, length uint16) []byte

LabeledExtract method # 

func (kdf *hkdfKDF) LabeledExtract(sid []byte, salt []byte, label string, inputKey []byte) []byte

Open method # 

func (r *Receipient) Open(aad []byte, ciphertext []byte) ([]byte, error)

ParseHPKEPrivateKey function # 

func ParseHPKEPrivateKey(kemID uint16, bytes []byte) (*ecdh.PrivateKey, error)

ParseHPKEPublicKey function # 

func ParseHPKEPublicKey(kemID uint16, bytes []byte) (*ecdh.PublicKey, error)

Seal method # 

func (s *Sender) Seal(aad []byte, plaintext []byte) ([]byte, error)

SetupReceipient function # 

func SetupReceipient(kemID uint16, kdfID uint16, aeadID uint16, priv *ecdh.PrivateKey, info []byte, encPubEph []byte) (*Receipient, error)

SetupSender function # 

func SetupSender(kemID uint16, kdfID uint16, aeadID uint16, pub *ecdh.PublicKey, info []byte) ([]byte, *Sender, error)

addOne method # 

func (u uint128) addOne() uint128

bitLen method # 

func (u uint128) bitLen() int

bytes method # 

func (u uint128) bytes() []byte

incrementNonce method # 

func (ctx *context) incrementNonce()

newContext function # 

func newContext(sharedSecret []byte, kemID uint16, kdfID uint16, aeadID uint16, info []byte) (*context, error)

newDHKem function # 

func newDHKem(kemID uint16) (*dhKEM, error)

nextNonce method # 

func (ctx *context) nextNonce() []byte

suiteID function # 

func suiteID(kemID uint16, kdfID uint16, aeadID uint16) []byte

Generated with Arrow