podman
1// Copyright 2012 The Go Authors. All rights reserved.2// Use of this source code is governed by a BSD-style3// license that can be found in the LICENSE file.4/*6Package secretbox encrypts and authenticates small messages.7Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate messages with9secret-key cryptography. The length of messages is not hidden.10It is the caller's responsibility to ensure the uniqueness of nonces—for12example, by using nonce 1 for the first message, nonce 2 for the second13message, etc. Nonces are long enough that randomly generated nonces have14negligible risk of collision.15Messages should be small because:171. The whole message needs to be held in memory to be processed.192. Using large messages pressures implementations on small machines to decrypt21and process plaintext before authenticating it. This is very dangerous, and22this API does not allow it, but a protocol that uses excessive message sizes23might present some implementations with no other choice.243. Fixed overheads will be sufficiently amortised by messages as small as 8KB.264. Performance may be improved by working with messages that fit into data caches.28Thus large amounts of data should be chunked so that each message is small.30(Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable31chunk size.32This package is interoperable with NaCl: https://nacl.cr.yp.to/secretbox.html.34*/35package secretbox // import "golang.org/x/crypto/nacl/secretbox"36)42// Overhead is the number of bytes of overhead when boxing a message.44const Overhead = poly1305.TagSize45// setup produces a sub-key and Salsa20 counter given a nonce and key.47func setup(subKey *[32]byte, counter *[16]byte, nonce *[24]byte, key *[32]byte) {48// We use XSalsa20 for encryption so first we need to generate a49// key and nonce with HSalsa20.50var hNonce [16]byte51copy(hNonce[:], nonce[:])52salsa.HSalsa20(subKey, &hNonce, key, &salsa.Sigma)53}57// sliceForAppend takes a slice and a requested number of bytes. It returns a59// slice with the contents of the given slice followed by that many bytes and a60// second slice that aliases into it and contains only the extra bytes. If the61// original slice has sufficient capacity then no allocation is performed.62func sliceForAppend(in []byte, n int) (head, tail []byte) {63if total := len(in) + n; cap(in) >= total {64head = in[:total]65} else {66head = make([]byte, total)67copy(head, in)68}69tail = head[len(in):]70return71}72// Seal appends an encrypted and authenticated copy of message to out, which74// must not overlap message. The key and nonce pair must be unique for each75// distinct message and the output will be Overhead bytes longer than message.76func Seal(out, message []byte, nonce *[24]byte, key *[32]byte) []byte {77var subKey [32]byte78var counter [16]byte79setup(&subKey, &counter, nonce, key)80}121// Open authenticates and decrypts a box produced by Seal and appends the123// message to out, which must not overlap box. The output will be Overhead124// bytes smaller than box.125func Open(out, box []byte, nonce *[24]byte, key *[32]byte) ([]byte, bool) {126if len(box) < Overhead {127return nil, false128}129}174