-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathinterfaces.go
401 lines (312 loc) · 10 KB
/
interfaces.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
// Copyright 2017, Project ArteMisc
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package godium
import (
"crypto/cipher"
"errors"
"hash"
"io"
)
var (
// ErrForgedOrCorrupted is returned by decryption method that perform
// message authentication whenever the authentication check fails. When such
// a check fails, it indicates that the message is either forged, corrupted,
// or incorrectly encrypted. These could be indicators of protocol or
// implementation failures, but also be a sign of an active
// man-in-the-middle attack
ErrForgedOrCorrupted = errors.New("authentication tag is invalid, message is forged or corrupted")
// ErrInvalidPoint is returned when a point on an elliptic curve is
// considered illegal, unsafe, or incorrectly formatted.
ErrInvalidPoint = errors.New("elliptic curve point not valid, rejected, or considered unsafe")
// ErrCipherTooShort is returned when a ciphertext is shorter than a minimal
// amount of bytes, for example when an authenticated ciphertext is not long
// enough to at least contain the full authentication tag.
ErrCipherTooShort = errors.New("cipher shorter than minimal size")
// ErrBufferTooShort is returned when a buffer provided to a method is
// shorter than a minimal amount of expected bytes, for example a header
// that should at least contain a certain amount of bytes to hold a full
// piece of data for an algorithm.
ErrBufferTooShort = errors.New("buffer shorter than expected size")
)
// Wipe will override the contents of the buffer p with 0's.
func Wipe(p []byte) {
// FIXME(eddy): this code gets optimized by the compiler, and should be
// replaced.
for i := range p {
p[i] = 0x00
}
}
// Wiper defines an interface that types implement to indicate they can wipe
// their internal state.
type Wiper interface {
Wipe()
}
// Key
type Key []byte
// PrivateKey
type PrivateKey []byte
// PublicKey
type PublicKey []byte
// AEAD
type AEAD interface {
cipher.AEAD
Wiper
SealDetached(dst, dstMac, nonce, plain, ad []byte) (cipher, mac []byte)
OpenDetached(dst, nonce, cipher, mac, ad []byte) (plain []byte, err error)
KeyBytes() (c int)
NSecBytes() (c int)
NPubBytes() (c int)
ABytes() (c int)
}
// Auth
type Auth interface {
Hash
Wiper
// Verify will check if the resulting Sum() of the Auth equals the provided
// authentication tag.
Verify(tag []byte) (matches bool)
KeyBytes() (c int)
}
// Box
type Box interface {
Wiper
SealDetached(dst, dstMac, nonce, plain []byte, remote PublicKey) (cipher, mac []byte, err error)
Seal(dst, nonce, plain []byte, remote PublicKey) (cipher []byte, err error)
OpenDetached(dst, nonce, cipher, mac []byte, remote PublicKey) (plain []byte, err error)
Open(dst, nonce, cipher []byte, remote PublicKey) (plain []byte, err error)
BeforeNM(remote PublicKey) (sb SecretBox, err error)
PublicKeyBytes() (c int)
SecretKeyBytes() (c int)
MacBytes() (c int)
NonceBytes() (c int)
SeedBytes() (c int)
BeforeNmBytes() (c int)
}
// GenericHash
type GenericHash interface {
Hash
Wiper
BytesMin() (c int)
BytesMax() (c int)
KeyBytesMin() (c int)
KeyBytesMax() (c int)
KeyBytes() (c int)
}
// Hash
type Hash interface {
hash.Hash
Bytes() (c int)
}
// Kdf
type Kdf interface {
Wiper
// Derive
Derive(dst []byte, subKeyLength, subKeyId uint64) (subKey []byte)
BytesMin() (c int)
BytesMax() (c int)
ContextBytes() (c int)
KeyBytes() (c int)
}
// Kx
type Kx interface {
Wiper
// ServerSessionKeys
ServerSessionKeys(dstRx, dstTx []byte, remote PublicKey) (rx, tx Key, err error)
// ServerSessionKeys
ClientSessionKeys(dstRx, dstTx []byte, remote PublicKey) (rx, tx Key, err error)
PublicKey() (pk PublicKey)
PublicKeyBytes() (c int)
SecretKeyBytes() (c int)
SeedBytes() (c int)
SessionKeyBytes() (c int)
}
// OneTimeAuth
type OneTimeAuth interface {
Auth
// ReKey re-initializes the OneTimeAuth state with the new key. OneTimeAuth
// instances should only be used once. To use it again, it needs to be
// re-initialized with a new one-time key.
ReKey(key []byte)
}
// PwHash implements a password hashing and password based key derivation
// algorithm. These algorithms are meant to be hard on memory and slow to
// compute.
type PwHash interface {
// PwHash implements the Wiper interface.
Wiper
Hash(dst, salt []byte, out, opslimit, memlimit uint64) (h []byte, err error)
Str(dst []byte, opslimit, memlimit uint64) (h []byte, err error)
StrVerify(h []byte) (err error)
BytesMin() (c int)
BytesMax() (c int)
PasswdMin() (c int)
PasswdMax() (c int)
MemLimitMin() (c int)
MemLimitMax() (c int)
MemLimitInteractive() (c int)
MemLimitModerate() (c int)
MemLimitSensitive() (c int)
OpsLimitMin() (c int)
OpsLimitMax() (c int)
OpsLimitInteractive() (c int)
OpsLimitModerate() (c int)
OpsLimitSensitive() (c int)
SaltBytes() (c int)
StrBytes() (c int)
StrPrefix() (s string)
}
// SecretBox
type SecretBox interface {
Wiper
Seal(dst, nonce, plain []byte) (cipher []byte)
SealDetached(dst, dstMac, nonce, plain []byte) (cipher, mac []byte)
Open(dst, nonce, cipher []byte) (plain []byte, err error)
OpenDetached(dst, nonce, cipher, mac []byte) (plain []byte, err error)
KeyBytes() (c int)
MacBytes() (c int)
NonceBytes() (c int)
}
// SecretStream
type SecretStream interface {
Wiper
InitPush(dst []byte, key Key) (header []byte)
InitPull(header []byte, key Key) (err error)
Push(dst, plain, ad []byte, tag byte) (cipher []byte)
Pull(dst, cipher, ad []byte) (plain []byte, tag byte, err error)
ReKey()
ABytes() (c int)
HeaderBytes() (c int)
KeyBytes() (c int)
TAG_MESSAGE() (c byte)
TAG_PUSH() (c byte)
TAG_REKEY() (c byte)
TAG_FINAL() (c byte)
}
// ShortHash
type ShortHash interface {
Hash
KeyBytes() (c int)
}
// ShortHash64Func
type ShortHash64Func func(key, data []byte) (sum uint64)
// ShortHash128Func
type ShortHash128Func func(key, data []byte) (sum1, sum2 uint64)
// ShortHash64
type ShortHash64 interface {
ShortHash
Sum64() (sum uint64)
}
// ShortHash128
type ShortHash128 interface {
ShortHash
Sum128() (s1, s2 uint64)
}
// Sign
type Sign interface {
Wiper
// Detached signs the message data in unsigned, and returns a message with
// the signature
Sign(dst, unsigned []byte) (signed []byte)
// SignDetached creates a signature
SignDetached(dst, unsigned []byte) (signature []byte)
// io.Writer provides the Write method to the Signature interface. When
// Write is used, the Signature implementation moves to Multipart mode,
// which pre-hashes the message before signing.
//
// Note that this may produce a different signature then when full-message
// signatures are used, as the pre-hashing generated a different value for
// the signature key to sign.
io.Writer
// Final is the SignDetached method's equivalent for Multipart messages.
// This operation will fail if Write has not been called before.
Final(dst []byte) (signature []byte)
// PublicKey
PublicKey() (p PublicKey)
PublicKeyBytes() (c int)
SecretKeyBytes() (c int)
Bytes() (c int)
SeedBytes() (c int)
}
// SignVerifier
type SignVerifier interface {
// Open will verify the signature, and return the message data without the
// signature.
Open(dst, signed []byte) (unsigned []byte, valid bool)
// VerifyDetached is the detached equivalent of Open, which simply verifies
// the signature.
VerifyDetached(signature, message []byte) (valid bool)
// io.Writer provides the Write method to the Signature interface. When
// Write is used, the Signature implementation moves to Multipart mode,
// which pre-hashes the message before signing.
//
// Note that this may produce a different signature then when full-message
// signatures are used, as the pre-hashing generated a different value for
// the signature key to sign.
io.Writer
// FinalVerify is the Verify method's equivalent for Multipart messages.
// This operation will fail if Write has not been called before.
FinalVerify(signature []byte) (valid bool)
PublicKeyBytes() (c int)
SecretKeyBytes() (c int)
Bytes() (c int)
SeedBytes() (c int)
}
// Stream
type Stream interface {
cipher.Stream
Wiper
// KeyStream generated len(dst) bytes of key from the stream
KeyStream(dst []byte)
// Seek sets the stream's internal counter. As this is usually followed
// directly by a call to KeyStream or XORKeyStream, it returns a reference
// to itself to enable chaining.
//
// example: stream.Seek(1).KeyStream(stream)
Seek(counter uint64) Stream
// ReKey will re-initialize the stream with the given key/nonce combination.
ReKey(key, nonce []byte)
KeyBytes() (c int)
NonceBytes() (c int)
BlockBytes() (c int)
}
// Codec implements a constant-time encoding algorithm to convert between binary
// data a printable text representation.
type Codec interface {
// Encode appends the encoded value of bin to dst.
Encode(dst, bin []byte) (txt []byte)
// Decode appends the decoded value of txt to dst.
Decode(dst, txt []byte) (bin []byte)
// EncodedLength calculates what the length of the encoded value would be
// for this codec.
EncodedLength(decoded int) (encoded int)
// DecodedLength calculates what the length of the decoded value would be
// for this codec.
DecodedLength(encoded int) (decoded int)
}
// Random provides an interface for CSPRNG functionality.
type Random interface {
UInt32() uint32
UniformUInt32(upper uint32) uint32
UInt64() uint64
UniformUInt64(upper uint64) uint64
// Buf will fill the buffer p with random bytes.
Buf(p []byte) (err error)
// KeyGen is a simplified call to Buf which allocates the byte slice to fit
// the provided key size.
KeyGen(size int) (key []byte, err error)
// Implements the io.Reader interface, functions like Buf(p)
io.Reader
}
// Multipart is the generic interface used to describe a primitive that can
// update its state incrementally.
type Multipart interface {
// Writer implements the Write method, which can be used to update the state
// of the Multipart
io.Writer
Update(p []byte) Multipart
Final(dst []byte) (out []byte)
FinalVerify(expect []byte) (valid bool)
}