nestedaes

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2025 License: BSD-3-Clause Imports: 7 Imported by: 0

README

nestedaes

Go module that implements updatable re-encryption using nested AES based on the ASIACRYPT '20 paper "Improving Speed and Security in Updatable Encryption Schemes" by Boneh et al. This module specifically implements the scheme from section 4.1 of that ("A Simple Nested Construction"), which requires only a nested application of a symmetric, authenticated encryption cipher. This module uses AES-GCM for its implementation.

Building

Although the module is intended as library, it includes a command-line utility called nestedaes that demonstrates the major algorithms. To build the command-line utility, enter:

make

Invoking nestedaes with the -h or --help option provides a detailed usage statement.

Unit Testing

To run all unit tests, enter:

make test

Benchmarking

To run the benchmarks, enter:

make benchmarking

The benchmarks measure the time to nested-decrypt a file, varying the size of the file and the number of layers of encryption.

Documentation

Overview

Index

Constants

View Source 
const KeySize = aes256.KeySize

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(blob, kek []byte, additionalData []byte) ([]byte, error)

Decrypt performed the nexted decryption of blob. The function returns the plaintext on success; otherwise, it returns an error. The additionalData represents any additionalData passed as part of the original call to Encrypt which is included in the GCM tag.

Note that this function modifies the blob input parameter.

func Encrypt 

func Encrypt(plaintext, kek, iv, additionalData []byte) ([]byte, error)

Encrypt encrypts the plaintext and returns the encrypted blob. The function encrypts the plaintext with a randomly generated Data Encryption Key (KEK), and uses the input Key Encryption Key (KEK) to encrypt the DEK in the blob's header. The IV is the BaseIV. The caller should randomly generate it; each subsequent layer of encryption uses a different IV derived from the BaseIV. The same IV must never be passed to this function more than once.

Note that this function overwriets the plaintext slice to hold the new ciphertext. On success, the functoin outputs the new blob; otherwise, it returns an error.

func Reencrypt 

func Reencrypt(blob, kek []byte) ([]byte, []byte, error)

Reencrypt reencrypts the blob by generating a new random KEK and DEK. On success, the function returns th new blobl and KEK; otherwise, it returns an error.

NOte taht this function modifies the input blob slice.

func ReencryptWithKeys 

func ReencryptWithKeys(blob, kek, newKEK, newDEK []byte) ([]byte, error)

ReencryptWithKeys is the same as [Rencrypt], but it allows the caller to specify the new KEK and DEK, rather than having them be randomly generated.

func SplitHeaderPayload 

func SplitHeaderPayload(blob []byte) ([]byte, []byte, error)

SplitHeaderPayload takes a nestedaes encrypted slice of bytes and returns it's two components: the header bytes and the payload bytes. If the slice is too small to contain a valid heaeder, Split HeaderPayload returns an error.

Types

type EncryptedHeader 

type EncryptedHeader struct {
	// DataTag is the GCM TAG from AES-GCM encrypting the original plaintext.
	// The size of the tag is [aes256.TagSize].
	DataTag []byte
	// DEKs is the list of DEKs for encrypting each layer.  The first DEK is
	// is for the first layer of encryption.  The size of each DEK is
	// [aes256.KeySize].
	DEKs [][]byte
}

EncryptedHeader is the encrypted portion of the header 

type Header struct {
	PlainHeader
	EncryptedHeader
}

Header is the ciphertext header. When marshaled to disk, the header also includes an AES GCM Header Tag for the EncryptedHeader)

func NewHeader 

func NewHeader(iv, dataTag, dek []byte) (*Header, error)

NewHeader creates a new Header and initializes the BaseIV, DataTag, and first DEK entry.

func UnmarshalHeader 

func UnmarshalHeader(kek, data []byte) (*Header, error)

Unmarshal takes a marshalled version of the header and the current Key Encryption Key (KEK) and deserializes and decrypts the header.

func (*Header) AddDEK 

func (h *Header) AddDEK(dek []byte)

AddDEK adds a new data key entry to the header.

func (*Header) Marshal 

func (h *Header) Marshal(kek []byte) ([]byte, error)

Marshal marshals the header to a []byte. As part of marshaling, this method takes care of encrypting the "encrypted" portion of the header.

func (*Header) String 

func (h *Header) String() string

String satisfies the fmt.Stringer interface.

type PlainHeader 

type PlainHeader struct {
	// The size of the entire blob (including the header)
	Size uint32
	// The BaseIV (size is [aes256.IVSize])
	BaseIV []byte
}

PlainHeader is the unencrypted part of the ciphertext header.

Source Files

View all Source files

Directories

Path Synopsis
cmd
nestedaes command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.