github.com/devops-filetransfer/sshego@v7.0.4+incompatible/_vendor/golang.org/x/crypto/nacl/box/box.go (about)

     1  // Copyright 2012 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  /*
     6  Package box authenticates and encrypts messages using public-key cryptography.
     7  
     8  Box uses Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate
     9  messages. The length of messages is not hidden.
    10  
    11  It is the caller's responsibility to ensure the uniqueness of nonces—for
    12  example, by using nonce 1 for the first message, nonce 2 for the second
    13  message, etc. Nonces are long enough that randomly generated nonces have
    14  negligible risk of collision.
    15  
    16  This package is interoperable with NaCl: https://nacl.cr.yp.to/box.html.
    17  */
    18  package box // import "golang.org/x/crypto/nacl/box"
    19  
    20  import (
    21  	"io"
    22  
    23  	"golang.org/x/crypto/curve25519"
    24  	"golang.org/x/crypto/nacl/secretbox"
    25  	"golang.org/x/crypto/salsa20/salsa"
    26  )
    27  
    28  // Overhead is the number of bytes of overhead when boxing a message.
    29  const Overhead = secretbox.Overhead
    30  
    31  // GenerateKey generates a new public/private key pair suitable for use with
    32  // Seal and Open.
    33  func GenerateKey(rand io.Reader) (publicKey, privateKey *[32]byte, err error) {
    34  	publicKey = new([32]byte)
    35  	privateKey = new([32]byte)
    36  	_, err = io.ReadFull(rand, privateKey[:])
    37  	if err != nil {
    38  		publicKey = nil
    39  		privateKey = nil
    40  		return
    41  	}
    42  
    43  	curve25519.ScalarBaseMult(publicKey, privateKey)
    44  	return
    45  }
    46  
    47  var zeros [16]byte
    48  
    49  // Precompute calculates the shared key between peersPublicKey and privateKey
    50  // and writes it to sharedKey. The shared key can be used with
    51  // OpenAfterPrecomputation and SealAfterPrecomputation to speed up processing
    52  // when using the same pair of keys repeatedly.
    53  func Precompute(sharedKey, peersPublicKey, privateKey *[32]byte) {
    54  	curve25519.ScalarMult(sharedKey, privateKey, peersPublicKey)
    55  	salsa.HSalsa20(sharedKey, &zeros, sharedKey, &salsa.Sigma)
    56  }
    57  
    58  // Seal appends an encrypted and authenticated copy of message to out, which
    59  // will be Overhead bytes longer than the original and must not overlap. The
    60  // nonce must be unique for each distinct message for a given pair of keys.
    61  func Seal(out, message []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) []byte {
    62  	var sharedKey [32]byte
    63  	Precompute(&sharedKey, peersPublicKey, privateKey)
    64  	return secretbox.Seal(out, message, nonce, &sharedKey)
    65  }
    66  
    67  // SealAfterPrecomputation performs the same actions as Seal, but takes a
    68  // shared key as generated by Precompute.
    69  func SealAfterPrecomputation(out, message []byte, nonce *[24]byte, sharedKey *[32]byte) []byte {
    70  	return secretbox.Seal(out, message, nonce, sharedKey)
    71  }
    72  
    73  // Open authenticates and decrypts a box produced by Seal and appends the
    74  // message to out, which must not overlap box. The output will be Overhead
    75  // bytes smaller than box.
    76  func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) ([]byte, bool) {
    77  	var sharedKey [32]byte
    78  	Precompute(&sharedKey, peersPublicKey, privateKey)
    79  	return secretbox.Open(out, box, nonce, &sharedKey)
    80  }
    81  
    82  // OpenAfterPrecomputation performs the same actions as Open, but takes a
    83  // shared key as generated by Precompute.
    84  func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
    85  	return secretbox.Open(out, box, nonce, sharedKey)
    86  }