func AESCBCPKCS7Decrypt(key, src []byte) ([]byte, error)
AESCBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding
func AESCBCPKCS7Encrypt(key, src []byte) ([]byte, error)
AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding
func AESCBCPKCS7EncryptWithIV(IV []byte, key, src []byte) ([]byte, error)
AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding, the IV used is the one passed to the function
func AESCBCPKCS7EncryptWithRand(prng io.Reader, key, src []byte) ([]byte, error)
AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding using as prng the passed to the function
func GetRandomBytes(len int) ([]byte, error)
GetRandomBytes returns len random looking bytes
func NewDefaultSecurityLevel(keyStorePath string) (bccsp.BCCSP, error)
NewDefaultSecurityLevel returns a new instance of the software-based BCCSP at security level 256, hash family SHA2 and using FolderBasedKeyStore as KeyStore.
func NewDefaultSecurityLevelWithKeystore(keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
NewDefaultSecurityLevel returns a new instance of the software-based BCCSP at security level 256, hash family SHA2 and using the passed KeyStore.
func NewDummyKeyStore() bccsp.KeyStore
NewDummyKeyStore instantiate a dummy key store that neither loads nor stores keys
func NewFileBasedKeyStore(pwd []byte, path string, readOnly bool) (bccsp.KeyStore, error)
NewFileBasedKeyStore instantiated a file-based key store at a given position. The key store can be encrypted if a non-empty password is specified. It can be also be set as read only. In this case, any store operation will be forbidden
func NewInMemoryKeyStore() bccsp.KeyStore
NewInMemoryKeyStore instantiates an ephemeral in-memory keystore
func NewWithParams(securityLevel int, hashFamily string, keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
NewWithParams returns a new instance of the software-based BCCSP set at the passed security level, hash family and KeyStore.
CSP provides a generic implementation of the BCCSP interface based on wrappers. It can be customized by providing implementations for the following algorithm-based wrappers: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher. Each wrapper is bound to a goland type representing either an option or a key.
type CSP struct {
KeyGenerators map[reflect.Type]KeyGenerator
KeyDerivers map[reflect.Type]KeyDeriver
KeyImporters map[reflect.Type]KeyImporter
Encryptors map[reflect.Type]Encryptor
Decryptors map[reflect.Type]Decryptor
Signers map[reflect.Type]Signer
Verifiers map[reflect.Type]Verifier
Hashers map[reflect.Type]Hasher
// contains filtered or unexported fields
}
func New(keyStore bccsp.KeyStore) (*CSP, error)
func (csp *CSP) AddWrapper(t reflect.Type, w interface{}) error
AddWrapper binds the passed type to the passed wrapper. Notice that that wrapper must be an instance of one of the following interfaces: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher.
func (csp *CSP) Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)
Decrypt decrypts ciphertext using key k. The opts argument should be appropriate for the primitive used.
func (csp *CSP) Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) ([]byte, error)
Encrypt encrypts plaintext using key k. The opts argument should be appropriate for the primitive used.
func (csp *CSP) GetHash(opts bccsp.HashOpts) (h hash.Hash, err error)
GetHash returns and instance of hash.Hash using options opts. If opts is nil then the default hash function is returned.
func (csp *CSP) GetKey(ski []byte) (k bccsp.Key, err error)
GetKey returns the key this CSP associates to the Subject Key Identifier ski.
func (csp *CSP) Hash(msg []byte, opts bccsp.HashOpts) (digest []byte, err error)
Hash hashes messages msg using options opts.
func (csp *CSP) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
KeyDeriv derives a key from k using opts. The opts argument should be appropriate for the primitive used.
func (csp *CSP) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
KeyGen generates a key using opts.
func (csp *CSP) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
KeyImport imports a key from its raw representation using opts. The opts argument should be appropriate for the primitive used.
func (csp *CSP) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
Sign signs digest using key k. The opts argument should be appropriate for the primitive used.
Note that when a signature of a hash of a larger message is needed, the caller is responsible for hashing the larger message and passing the hash (as digest).
func (csp *CSP) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
Verify verifies signature against key k and digest
Decryptor is a BCCSP-like interface that provides decryption algorithms
type Decryptor interface {
// Decrypt decrypts ciphertext using key k.
// The opts argument should be appropriate for the algorithm used.
Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)
}
Encryptor is a BCCSP-like interface that provides encryption algorithms
type Encryptor interface {
// Encrypt encrypts plaintext using key k.
// The opts argument should be appropriate for the algorithm used.
Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) (ciphertext []byte, err error)
}
Hasher is a BCCSP-like interface that provides hash algorithms
type Hasher interface {
// Hash hashes messages msg using options opts.
// If opts is nil, the default hash function will be used.
Hash(msg []byte, opts bccsp.HashOpts) (hash []byte, err error)
// GetHash returns and instance of hash.Hash using options opts.
// If opts is nil, the default hash function will be returned.
GetHash(opts bccsp.HashOpts) (h hash.Hash, err error)
}
KeyDeriver is a BCCSP-like interface that provides key derivation algorithms
type KeyDeriver interface {
// KeyDeriv derives a key from k using opts.
// The opts argument should be appropriate for the primitive used.
KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
}
KeyGenerator is a BCCSP-like interface that provides key generation algorithms
type KeyGenerator interface {
// KeyGen generates a key using opts.
KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
}
KeyImporter is a BCCSP-like interface that provides key import algorithms
type KeyImporter interface {
// KeyImport imports a key from its raw representation using opts.
// The opts argument should be appropriate for the primitive used.
KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
}
Signer is a BCCSP-like interface that provides signing algorithms
type Signer interface {
// Sign signs digest using key k.
// The opts argument should be appropriate for the algorithm used.
//
// Note that when a signature of a hash of a larger message is needed,
// the caller is responsible for hashing the larger message and passing
// the hash (as digest).
Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
}
Verifier is a BCCSP-like interface that provides verifying algorithms
type Verifier interface {
// Verify verifies signature against key k and digest
// The opts argument should be appropriate for the algorithm used.
Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
}