git.sr.ht/~pingoo/stdx@v0.0.0-20240218134121-094174641f6e/crypto/aead_xchacha20poly1305.go (about) 1 package crypto 2 3 // import ( 4 // "crypto/cipher" 5 // "errors" 6 7 // "golang.org/x/crypto/chacha20poly1305" 8 // ) 9 10 // const ( 11 // // AEADKeySize is the size of the key used by this AEAD, in bytes. 12 // AEADKeySize = chacha20poly1305.KeySize 13 14 // // AEADNonceSize is the size of the nonce used with the XChaCha20-Poly1305 15 // // variant of this AEAD, in bytes. 16 // AEADNonceSize = chacha20poly1305.NonceSizeX 17 // ) 18 19 // // NewAEADKey generates a new random secret key. 20 // func NewAEADKey() ([]byte, error) { 21 // return RandBytes(AEADKeySize) 22 // } 23 24 // // NewAEADNonce generates a new random nonce. 25 // func NewAEADNonce() ([]byte, error) { 26 // return RandBytes(AEADNonceSize) 27 // } 28 29 // // NewAEAD returns a XChaCha20-Poly1305 AEAD that uses the given 256-bit key. 30 // // 31 // // XChaCha20-Poly1305 is a ChaCha20-Poly1305 variant that takes a longer nonce, suitable to be 32 // // generated randomly without risk of collisions. It should be preferred when nonce uniqueness cannot 33 // // be trivially ensured, or whenever nonces are randomly generated. 34 // func NewAEAD(key []byte) (cipher.AEAD, error) { 35 // return chacha20poly1305.NewX(key) 36 // } 37 38 // // Encrypt is an helper function to symetrically encrypt a piece of data using XChaCha20-Poly1305 39 // // returning the nonce separatly 40 // func EncryptWithNonce(key, plaintext, additionalData []byte) (ciphertext, nonce []byte, err error) { 41 // nonce, err = NewAEADNonce() 42 // if err != nil { 43 // return 44 // } 45 // cipher, err := NewAEAD(key) 46 // if err != nil { 47 // return 48 // } 49 // ciphertext = cipher.Seal(nil, nonce, plaintext, additionalData) 50 // return 51 // } 52 53 // // DecryptWithNonce is an helper function to symetrically decrypt a piece of data using XChaCha20-Poly1305 54 // // taking the nonce as a separate piece of input 55 // func DecryptWithNonce(key, nonce, ciphertext, additionalData []byte) (plaintext []byte, err error) { 56 // cipher, err := NewAEAD(key) 57 // if err != nil { 58 // return 59 // } 60 // plaintext, err = cipher.Open(nil, nonce, ciphertext, additionalData) 61 // return 62 // } 63 64 // // Encrypt is an helper function to symetrically encrypt a piece of data using XChaCha20-Poly1305 65 // // the nonce is prepended to the ciphertext in the returned buffer 66 // func Encrypt(key, plaintext, additionalData []byte) (ciphertext []byte, err error) { 67 // nonce, err := NewAEADNonce() 68 // if err != nil { 69 // return 70 // } 71 // cipher, err := NewAEAD(key) 72 // if err != nil { 73 // return 74 // } 75 // ciphertext = cipher.Seal(nil, nonce, plaintext, additionalData) 76 // ciphertext = append(nonce, ciphertext...) 77 // return 78 // } 79 80 // // DecryptWithNonce is an helper function to symetrically decrypt a piece of data using XChaCha20-Poly1305 81 // // The nonce should be at the begining of the ciphertext 82 // func Decrypt(key, ciphertext, additionalData []byte) (plaintext []byte, err error) { 83 // cipher, err := NewAEAD(key) 84 // if err != nil { 85 // return 86 // } 87 88 // if len(ciphertext) < AEADNonceSize { 89 // err = errors.New("crypto.Decrypt: len(ciphertext) < NonceSize") 90 // return 91 // } 92 // nonce := ciphertext[:AEADNonceSize] 93 // ciphertext = ciphertext[AEADNonceSize:] 94 95 // plaintext, err = cipher.Open(nil, nonce, ciphertext, additionalData) 96 // return 97 // }