- box-after
- box-prepare
- build-box
- build-random-iv
- decompose-box
- do-load-keypair
- do-safe-nonce
- encrypt-block
- generate-symmetric-key
- get-nonce-agent-state
- get-random-bytes
- get-safe-client-nonce-suffix
- get-safe-server-nonce-suffix
- initial-nonce-agent-state
- load-nonce-key
- new-nonce-key!
- nonce-key-length
- obscure-nonce
- open-after
- open-box
- random-array
- random-bytes!
- random-key
- random-key-pair
- random-keys
- random-mod
- random-nonce
- randomize-buffer!
- reload-nonce
- reset-safe-nonce-state!
- secret-box
- secret-unbox
frereth.cp.shared.crypto
Wrap up the low-level crypto functions
Wrap up the low-level crypto functions
box-afterclj
(box-after shared-key plain-text length nonce)(box-after shared-key plain-text offset length nonce)Accept some plain text and turn it into cipher text
Accept some plain text and turn it into cipher text
box-prepareclj
(box-prepare public secret)Set up shared secret so I can avoid the if logic to see whether it's been done. At least, I think that's the point.
Set up shared secret so I can avoid the if logic to see whether it's been done. At least, I think that's the point.
build-boxclj
(build-box log-state tmplt src shared-key nonce-prefix nonce-suffix)Compose a map into bytes and encrypt it
Note that tmplt should not include the requisite 32 bytes of 0 padding
Compose a map into bytes and encrypt it Note that tmplt should *not* include the requisite 32 bytes of 0 padding
decompose-boxclj
(decompose-box log-state
template
nonce-prefix
nonce-suffix
crypto-box
shared-key)do-load-keypairclj
(do-load-keypair log-state keydir)Honestly, these should be stored with something like base64 encoding
Honestly, these should be stored with something like base64 encoding
do-safe-nonceclj
(do-safe-nonce log-state dst offset)(do-safe-nonce logger log-state dst key-dir offset long-term?)Shoves a theoretically safe 16-byte nonce suffix into dst at offset
Shoves a theoretically safe 16-byte nonce suffix into dst at offset
encrypt-blockclj
(encrypt-block secret-key clear-text)Block-encrypt a byte-array
Block-encrypt a byte-array
generate-symmetric-keyclj
(generate-symmetric-key bit-size)(generate-symmetric-key algorithm bit-size)get-safe-client-nonce-suffixclj
(get-safe-client-nonce-suffix logger log-state)Get a new byte array containing the next client nonce suffix
Get a new byte array containing the next client nonce suffix
get-safe-server-nonce-suffixclj
(get-safe-server-nonce-suffix log-state)Get a new byte array containing the next server nonce suffix
Get a new byte array containing the next server nonce suffix
load-nonce-keyclj
(load-nonce-key {:keys [:frereth.cp.shared.crypto/key-loaded?]
log-state :frereth.weald.specs/state
:as this}
logger
key-dir)new-nonce-key!clj
(new-nonce-key! key-dir)Generates a new secret nonce key and stores it under key-dir
Generates a new secret nonce key and stores it under key-dir
obscure-nonceclj
(obscure-nonce {:keys [:frereth.cp.shared.crypto/counter-low
:frereth.cp.shared.crypto/data
:frereth.cp.shared.crypto/nonce-key]
:as this}
random-portion)More side effects. Encrypt and increment the nonce counter
More side effects. Encrypt and increment the nonce counter
open-afterclj
(open-after log-state box box-offset box-length nonce shared-key)Low-level direct crypto box opening
@parameter box: crypto box byte array to open @parameter box-offset: first byte of box to start opening @parameter box-length: how many bytes of box to open @parameter nonce: Number used Once for this specific box @parameter shared-key: combination of their-public and my-private
Note that this does cope with the extra required 16 bytes of prefix padding
The parameter order is screwy to match the java API.
Which was probably modeled to match the C API.
It's annoying and subject to change at a a whim. The only reason it hasn't yet is that I'm giving this entire translation the white-glove treatment.
If nothing else, the shared-key should come first to match the instance-level API and allow me to set it up as a partial.
It would also be nice to be able to provide a reusable buffer byte array destination that could just be reused without GC.
That looks like it would get into the gory implementation details which I'm really not qualified to touch.
And it would be premature optimization
Low-level direct crypto box opening @parameter box: crypto box byte array to open @parameter box-offset: first byte of box to start opening @parameter box-length: how many bytes of box to open @parameter nonce: Number used Once for this specific box @parameter shared-key: combination of their-public and my-private Note that this does cope with the extra required 16 bytes of prefix padding The parameter order is screwy to match the java API. Which was probably modeled to match the C API. It's annoying and subject to change at a a whim. The only reason it hasn't yet is that I'm giving this entire translation the white-glove treatment. If nothing else, the shared-key should come first to match the instance-level API and allow me to set it up as a partial. It would also be nice to be able to provide a reusable buffer byte array destination that could just be reused without GC. That looks like it would get into the gory implementation details which I'm really not qualified to touch. And it would be premature optimization
open-boxclj
(open-box log-state nonce-prefix nonce-suffix crypto-box shared-key)Builds a nonce and open a crypto box
Builds a nonce and open a crypto box
random-arrayclj
(random-array n)Returns an array of n random bytes
Returns an array of n random bytes
random-bytes!clj
(random-bytes! dst)Fills dst with random bytes
Fills dst with random bytes
random-keyclj
(random-key)Returns a byte array suitable for use as a random key
Returns a byte array suitable for use as a random key
random-key-pairclj
(random-key-pair)Generates a pair of random keys
Generates a pair of random keys
random-keysclj
(random-keys which)Sticks a new random key pair into a map
Sticks a new random key pair into a map
random-modclj
(random-mod denominator)Picks a big random number and securely
Picks a big random number and securely
random-nonceclj
(random-nonce)Generates a number suitable for use as a cryptographically secure random nonce
Generates a number suitable for use as a cryptographically secure random nonce
randomize-buffer!clj
(randomize-buffer! dst)Fills the bytes of dst with crypto-random ints
Fills the bytes of dst with crypto-random ints
reload-nonceclj
(reload-nonce {:keys [:frereth.cp.shared.crypto/counter-low
:frereth.cp.shared.crypto/counter-high]
log-state :frereth.weald.specs/state
data :frereth.cp.shared.crypto/data
:as this}
logger
key-dir
long-term?)Do this inside an agent for thread safety
Do this inside an agent for thread safety
secret-boxclj
(secret-box cleartext length nonce key)Symmetric encryption
Note that this does not do anything about the initial padding.
It may be an implementation detail, but box-after above is really just a wrapper around this
Symmetric encryption Note that this does not do anything about the initial padding. It may be an implementation detail, but box-after above is really just a wrapper around this
secret-unboxclj
(secret-unbox cipher-text length nonce key)Symmetric-key decryption
Symmetric-key decryption
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close