summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/goaes.go15
-rw-r--r--internal/internal.go21
2 files changed, 36 insertions, 0 deletions
diff --git a/internal/goaes.go b/internal/goaes.go
new file mode 100644
index 0000000..668ef17
--- /dev/null
+++ b/internal/goaes.go
@@ -0,0 +1,15 @@
+package internal
+
+import (
+ "crypto/rand"
+ "fmt"
+ "io"
+)
+
+func NewDEK() (DEK, error) {
+ key := make([]byte, 32) // AES-256
+ if _, err := io.ReadFull(rand.Reader, key); err != nil {
+ return nil, fmt.Errorf("random DEK gen: %w", err)
+ }
+ return DEK(key), nil
+}
diff --git a/internal/internal.go b/internal/internal.go
new file mode 100644
index 0000000..970232c
--- /dev/null
+++ b/internal/internal.go
@@ -0,0 +1,21 @@
+package internal
+
+import "errors"
+
+type (
+ KEK []byte
+ DEK []byte
+ WrappedDEK []byte
+ Ciphertext []byte
+)
+
+type EncryptedDataPayload struct {
+ DEK WrappedDEK
+ Payload Ciphertext
+}
+
+var (
+ aadWrapDEK = []byte("wrap:dek:v1")
+ aadDataMsg = []byte("data:msg:v1")
+ errBadKeyLn = errors.New("invalid key length: must be 16, 24, or 32 bytes")
+)
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-12 01:03:19 +0000