// Copyright 2010 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // Package cipher implements standard block cipher modes that can be wrapped // around low-level block cipher implementations. // See https://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html // and NIST Special Publication 800-38A. package cipher // A Block represents an implementation of block cipher // using a given key. It provides the capability to encrypt // or decrypt individual blocks. The mode implementations // extend that capability to streams of blocks. type Block interface { // BlockSize returns the cipher's block size. BlockSize() int // Encrypt encrypts the first block in src into dst. // Dst and src must overlap entirely or not at all. Encrypt(dst, src []byte) // Decrypt decrypts the first block in src into dst. // Dst and src must overlap entirely or not at all. Decrypt(dst, src []byte) } // A Stream represents a stream cipher. type Stream interface { // XORKeyStream XORs each byte in the given slice with a byte from the // cipher's key stream. Dst and src must overlap entirely or not at all. // // If len(dst) < len(src), XORKeyStream should panic. It is acceptable // to pass a dst bigger than src, and in that case, XORKeyStream will // only update dst[:len(src)] and will not touch the rest of dst. // // Multiple calls to XORKeyStream behave as if the concatenation of // the src buffers was passed in a single run. That is, Stream // maintains state and does not reset at each XORKeyStream call. XORKeyStream(dst, src []byte) } // A BlockMode represents a block cipher running in a block-based mode (CBC, // ECB etc). type BlockMode interface { // BlockSize returns the mode's block size. BlockSize() int // CryptBlocks encrypts or decrypts a number of blocks. The length of // src must be a multiple of the block size. Dst and src must overlap // entirely or not at all. // // If len(dst) < len(src), CryptBlocks should panic. It is acceptable // to pass a dst bigger than src, and in that case, CryptBlocks will // only update dst[:len(src)] and will not touch the rest of dst. // // Multiple calls to CryptBlocks behave as if the concatenation of // the src buffers was passed in a single run. That is, BlockMode // maintains state and does not reset at each CryptBlocks call. CryptBlocks(dst, src []byte) } // AEAD is a cipher mode providing authenticated encryption with associated // data. For a description of the methodology, see // https://en.wikipedia.org/wiki/Authenticated_encryption. type AEAD interface { // NonceSize returns the size of the nonce that must be passed to Seal // and Open. NonceSize() int // Overhead returns the maximum difference between the lengths of a // plaintext and its ciphertext. Overhead() int // Seal encrypts and authenticates plaintext, authenticates the // additional data and appends the result to dst, returning the updated // slice. The nonce must be NonceSize() bytes long and unique for all // time, for a given key. // // To reuse plaintext's storage for the encrypted output, use plaintext[:0] // as dst. Otherwise, the remaining capacity of dst must not overlap plaintext. // dst and additionalData may not overlap. Seal(dst, nonce, plaintext, additionalData []byte) []byte // Open decrypts and authenticates ciphertext, authenticates the // additional data and, if successful, appends the resulting plaintext // to dst, returning the updated slice. The nonce must be NonceSize() // bytes long and both it and the additional data must match the // value passed to Seal. // // To reuse ciphertext's storage for the decrypted output, use ciphertext[:0] // as dst. Otherwise, the remaining capacity of dst must not overlap ciphertext. // dst and additionalData may not overlap. // // Even if the function fails, the contents of dst, up to its capacity, // may be overwritten. Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) }