github.com/maenmax/kairep@v0.0.0-20210218001208-55bf3df36788/src/golang.org/x/crypto/nacl/box/box.go (about)

     1  // Copyright 2012 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  /*
     6  Package box authenticates and encrypts messages using public-key cryptography.
     7  
     8  Box uses Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate
     9  messages. The length of messages is not hidden.
    10  
    11  It is the caller's responsibility to ensure the uniqueness of nonces—for
    12  example, by using nonce 1 for the first message, nonce 2 for the second
    13  message, etc. Nonces are long enough that randomly generated nonces have
    14  negligible risk of collision.
    15  
    16  This package is interoperable with NaCl: http://nacl.cr.yp.to/box.html.
    17  */
    18  package box // import "golang.org/x/crypto/nacl/box"
    19  
    20  import (
    21  	"golang.org/x/crypto/curve25519"
    22  	"golang.org/x/crypto/nacl/secretbox"
    23  	"golang.org/x/crypto/salsa20/salsa"
    24  	"io"
    25  )
    26  
    27  // Overhead is the number of bytes of overhead when boxing a message.
    28  const Overhead = secretbox.Overhead
    29  
    30  // GenerateKey generates a new public/private key pair suitable for use with
    31  // Seal and Open.
    32  func GenerateKey(rand io.Reader) (publicKey, privateKey *[32]byte, err error) {
    33  	publicKey = new([32]byte)
    34  	privateKey = new([32]byte)
    35  	_, err = io.ReadFull(rand, privateKey[:])
    36  	if err != nil {
    37  		publicKey = nil
    38  		privateKey = nil
    39  		return
    40  	}
    41  
    42  	curve25519.ScalarBaseMult(publicKey, privateKey)
    43  	return
    44  }
    45  
    46  var zeros [16]byte
    47  
    48  // Precompute calculates the shared key between peersPublicKey and privateKey
    49  // and writes it to sharedKey. The shared key can be used with
    50  // OpenAfterPrecomputation and SealAfterPrecomputation to speed up processing
    51  // when using the same pair of keys repeatedly.
    52  func Precompute(sharedKey, peersPublicKey, privateKey *[32]byte) {
    53  	curve25519.ScalarMult(sharedKey, privateKey, peersPublicKey)
    54  	salsa.HSalsa20(sharedKey, &zeros, sharedKey, &salsa.Sigma)
    55  }
    56  
    57  // Seal appends an encrypted and authenticated copy of message to out, which
    58  // will be Overhead bytes longer than the original and must not overlap. The
    59  // nonce must be unique for each distinct message for a given pair of keys.
    60  func Seal(out, message []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) []byte {
    61  	var sharedKey [32]byte
    62  	Precompute(&sharedKey, peersPublicKey, privateKey)
    63  	return secretbox.Seal(out, message, nonce, &sharedKey)
    64  }
    65  
    66  // SealAfterPrecomputation performs the same actions as Seal, but takes a
    67  // shared key as generated by Precompute.
    68  func SealAfterPrecomputation(out, message []byte, nonce *[24]byte, sharedKey *[32]byte) []byte {
    69  	return secretbox.Seal(out, message, nonce, sharedKey)
    70  }
    71  
    72  // Open authenticates and decrypts a box produced by Seal and appends the
    73  // message to out, which must not overlap box. The output will be Overhead
    74  // bytes smaller than box.
    75  func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) ([]byte, bool) {
    76  	var sharedKey [32]byte
    77  	Precompute(&sharedKey, peersPublicKey, privateKey)
    78  	return secretbox.Open(out, box, nonce, &sharedKey)
    79  }
    80  
    81  // OpenAfterPrecomputation performs the same actions as Open, but takes a
    82  // shared key as generated by Precompute.
    83  func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
    84  	return secretbox.Open(out, box, nonce, sharedKey)
    85  }