Make key and nonce size explicit

The key and nonce size are now given as an array pointer to make more clear
that the key and nonce size are fixed.

crypto/aead/aes256gcm/crypto_aead_aes256gcm.go

@@ -20,26 +20,23 @@ const (
 	ABytes     int = C.crypto_aead_aes256gcm_ABYTES    // Size of an authentication tag in bytes
 )
 
-// Key represents a secret key
-type Key [KeyBytes]byte
-
 // IsAvailable returns true if AES256 is available on the current CPU
 func IsAvailable() bool {
 	return C.crypto_aead_aes256gcm_is_available() != 0
 }
 
 // GenerateKey generates a secret key
-func GenerateKey() *Key {
-	k := new(Key)
+func GenerateKey() *[KeyBytes]byte {
+	k := new([KeyBytes]byte)
 	C.crypto_aead_aes256gcm_keygen((*C.uchar)(&k[0]))
 	return k
 }
 
 // Encrypt a message `m` with additional data `ad` using a nonce `npub` and a secret key `k`.
 // A ciphertext (including authentication tag) and encryption status are returned.
-func Encrypt(m, ad, nonce, k []byte) (c []byte) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func Encrypt(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c []byte) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 
 	c = make([]byte, len(m)+ABytes)
 
@@ -59,9 +56,9 @@ func Encrypt(m, ad, nonce, k []byte) (c []byte) {
 
 // Decrypt and verify a ciphertext `c` using additional data `ad`, nonce `npub` and secret key `k`.
 // Returns the decrypted message and verification status.
-func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func Decrypt(c, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 	support.CheckSizeMin(c, ABytes, "ciphertext")
 
 	m = make([]byte, len(c)-ABytes)
@@ -87,9 +84,9 @@ func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) {
 // EncryptDetached encrypts a message `m` with additional data `ad` using
 // a nonce `npub` and a secret key `k`.
 // A ciphertext, authentication tag and encryption status are returned.
-func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func EncryptDetached(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c, mac []byte) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 
 	c = make([]byte, len(m))
 	mac = make([]byte, ABytes)
@@ -112,9 +109,9 @@ func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) {
 // DecryptDetached decrypts and verifies a ciphertext `c` with authentication tag `mac`
 // using additional data `ad`, nonce `npub` and secret key `k`.
 // Returns the decrypted message and verification status.
-func DecryptDetached(c, mac, ad, nonce, k []byte) (m []byte, err error) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func DecryptDetached(c, mac, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 	support.CheckSize(mac, ABytes, "mac")
 
 	m = make([]byte, len(c))

crypto/aead/aes256gcm/crypto_aead_aes256gcm_test.go

@@ -11,7 +11,7 @@ var testCount = 100000
 type TestData struct {
 	Message []byte
 	Ad      []byte
-	Key     Key
+	Key     [KeyBytes]byte
 	Nonce   [NonceBytes]byte
 }
 
@@ -22,7 +22,7 @@ func Test(t *testing.T) {
 	}
 
 	// Test the key generation
-	if *GenerateKey() == (Key{}) {
+	if *GenerateKey() == ([KeyBytes]byte{}) {
 		t.Error("Generated key is zero")
 	}
 
@@ -44,40 +44,40 @@ func Test(t *testing.T) {
 		f.Fuzz(&test)
 
 		// Detached encryption test
-		c, mac = EncryptDetached(test.Message, test.Ad, test.Nonce[:], test.Key[:])
+		c, mac = EncryptDetached(test.Message, test.Ad, &test.Nonce, &test.Key)
 
 		// Encryption test
-		ec = Encrypt(test.Message, test.Ad, test.Nonce[:], test.Key[:])
+		ec = Encrypt(test.Message, test.Ad, &test.Nonce, &test.Key)
 		if !bytes.Equal(ec, append(c, mac...)) {
 			t.Errorf("Encryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Detached decryption test
-		m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key)
 		if err != nil || !bytes.Equal(m, test.Message) {
 			t.Errorf("Detached decryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Decryption test
-		m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key)
 		if err != nil || !bytes.Equal(m, test.Message) {
 			t.Errorf("Decryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Failed detached decryption test
 		mac = make([]byte, ABytes)
-		m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key)
 		if err == nil {
 			t.Errorf("Detached decryption unexpectedly succeeded for %+v", test)
 			t.FailNow()
 		}
 
 		// Failed decryption test
 		copy(ec[len(m):], mac)
-		m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key)
 		if err == nil {
 			t.Errorf("Decryption unexpectedly succeeded for %+v", test)
 			t.FailNow()

crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305.go

@@ -20,21 +20,18 @@ const (
 	ABytes     int = C.crypto_aead_chacha20poly1305_ABYTES    // Size of an authentication tag in bytes
 )
 
-// Key represents a secret key
-type Key [KeyBytes]byte
-
 // GenerateKey generates a secret key
-func GenerateKey() *Key {
-	k := new(Key)
+func GenerateKey() *[KeyBytes]byte {
+	k := new([KeyBytes]byte)
 	C.crypto_aead_chacha20poly1305_keygen((*C.uchar)(&k[0]))
 	return k
 }
 
 // Encrypt a message `m` with additional data `ad` using a nonce `npub` and a secret key `k`.
 // A ciphertext (including authentication tag) and encryption status are returned.
-func Encrypt(m, ad, nonce, k []byte) (c []byte) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func Encrypt(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c []byte) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 
 	c = make([]byte, len(m)+ABytes)
 
@@ -54,9 +51,9 @@ func Encrypt(m, ad, nonce, k []byte) (c []byte) {
 
 // Decrypt and verify a ciphertext `c` using additional data `ad`, nonce `npub` and secret key `k`.
 // Returns the decrypted message and verification status.
-func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func Decrypt(c, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 	support.CheckSizeMin(c, ABytes, "ciphertext")
 
 	m = make([]byte, len(c)-ABytes)
@@ -82,9 +79,9 @@ func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) {
 // EncryptDetached encrypts a message `m` with additional data `ad` using
 // a nonce `npub` and a secret key `k`.
 // A ciphertext, authentication tag and encryption status are returned.
-func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func EncryptDetached(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c, mac []byte) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 
 	c = make([]byte, len(m))
 	mac = make([]byte, ABytes)
@@ -107,9 +104,9 @@ func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) {
 // DecryptDetached decrypts and verifies a ciphertext `c` with authentication tag `mac`
 // using additional data `ad`, nonce `npub` and secret key `k`.
 // Returns the decrypted message and verification status.
-func DecryptDetached(c, mac, ad, nonce, k []byte) (m []byte, err error) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func DecryptDetached(c, mac, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 	support.CheckSize(mac, ABytes, "mac")
 
 	m = make([]byte, len(c))

crypto/aead/chacha20poly1305/crypto_aead_chacha20poly1305_test.go

@@ -11,13 +11,13 @@ var testCount = 100000
 type TestData struct {
 	Message []byte
 	Ad      []byte
-	Key     Key
+	Key     [KeyBytes]byte
 	Nonce   [NonceBytes]byte
 }
 
 func Test(t *testing.T) {
 	// Test the key generation
-	if *GenerateKey() == (Key{}) {
+	if *GenerateKey() == ([KeyBytes]byte{}) {
 		t.Error("Generated key is zero")
 	}
 
@@ -39,40 +39,40 @@ func Test(t *testing.T) {
 		f.Fuzz(&test)
 
 		// Detached encryption test
-		c, mac = EncryptDetached(test.Message, test.Ad, test.Nonce[:], test.Key[:])
+		c, mac = EncryptDetached(test.Message, test.Ad, &test.Nonce, &test.Key)
 
 		// Encryption test
-		ec = Encrypt(test.Message, test.Ad, test.Nonce[:], test.Key[:])
+		ec = Encrypt(test.Message, test.Ad, &test.Nonce, &test.Key)
 		if !bytes.Equal(ec, append(c, mac...)) {
 			t.Errorf("Encryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Detached decryption test
-		m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key)
 		if err != nil || !bytes.Equal(m, test.Message) {
 			t.Errorf("Detached decryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Decryption test
-		m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key)
 		if err != nil || !bytes.Equal(m, test.Message) {
 			t.Errorf("Decryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Failed detached decryption test
 		mac = make([]byte, ABytes)
-		m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key)
 		if err == nil {
 			t.Errorf("Detached decryption unexpectedly succeeded for %+v", test)
 			t.FailNow()
 		}
 
 		// Failed decryption test
 		copy(ec[len(m):], mac)
-		m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key)
 		if err == nil {
 			t.Errorf("Decryption unexpectedly succeeded for %+v", test)
 			t.FailNow()

crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf.go

@@ -20,21 +20,18 @@ const (
 	ABytes     int = C.crypto_aead_chacha20poly1305_ietf_ABYTES    // Size of an authentication tag in bytes
 )
 
-// Key represents a secret key
-type Key [KeyBytes]byte
-
 // GenerateKey generates a secret key
-func GenerateKey() *Key {
-	k := new(Key)
+func GenerateKey() *[KeyBytes]byte {
+	k := new([KeyBytes]byte)
 	C.crypto_aead_chacha20poly1305_ietf_keygen((*C.uchar)(&k[0]))
 	return k
 }
 
 // Encrypt a message `m` with additional data `ad` using a nonce `npub` and a secret key `k`.
 // A ciphertext (including authentication tag) and encryption status are returned.
-func Encrypt(m, ad, nonce, k []byte) (c []byte) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func Encrypt(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c []byte) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 
 	c = make([]byte, len(m)+ABytes)
 
@@ -54,9 +51,9 @@ func Encrypt(m, ad, nonce, k []byte) (c []byte) {
 
 // Decrypt and verify a ciphertext `c` using additional data `ad`, nonce `npub` and secret key `k`.
 // Returns the decrypted message and verification status.
-func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func Decrypt(c, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 	support.CheckSizeMin(c, ABytes, "ciphertext")
 
 	m = make([]byte, len(c)-ABytes)
@@ -82,9 +79,9 @@ func Decrypt(c, ad, nonce, k []byte) (m []byte, err error) {
 // EncryptDetached encrypts a message `m` with additional data `ad` using
 // a nonce `npub` and a secret key `k`.
 // A ciphertext, authentication tag and encryption status are returned.
-func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func EncryptDetached(m, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (c, mac []byte) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 
 	c = make([]byte, len(m))
 	mac = make([]byte, ABytes)
@@ -107,9 +104,9 @@ func EncryptDetached(m, ad, nonce, k []byte) (c, mac []byte) {
 // DecryptDetached decrypts and verifies a ciphertext `c` with authentication tag `mac`
 // using additional data `ad`, nonce `npub` and secret key `k`.
 // Returns the decrypted message and verification status.
-func DecryptDetached(c, mac, ad, nonce, k []byte) (m []byte, err error) {
-	support.CheckSize(k, KeyBytes, "secret key")
-	support.CheckSize(nonce, NonceBytes, "public nonce")
+func DecryptDetached(c, mac, ad []byte, nonce *[NonceBytes]byte, k *[KeyBytes]byte) (m []byte, err error) {
+	support.NilPanic(k == nil, "secret key")
+	support.NilPanic(nonce == nil, "nonce")
 	support.CheckSize(mac, ABytes, "mac")
 
 	m = make([]byte, len(c))

crypto/aead/chacha20poly1305ietf/crypto_aead_chacha20poly1305_ietf_test.go

@@ -11,13 +11,13 @@ var testCount = 100000
 type TestData struct {
 	Message []byte
 	Ad      []byte
-	Key     Key
+	Key     [KeyBytes]byte
 	Nonce   [NonceBytes]byte
 }
 
 func Test(t *testing.T) {
 	// Test the key generation
-	if *GenerateKey() == (Key{}) {
+	if *GenerateKey() == ([KeyBytes]byte{}) {
 		t.Error("Generated key is zero")
 	}
 
@@ -39,40 +39,40 @@ func Test(t *testing.T) {
 		f.Fuzz(&test)
 
 		// Detached encryption test
-		c, mac = EncryptDetached(test.Message, test.Ad, test.Nonce[:], test.Key[:])
+		c, mac = EncryptDetached(test.Message, test.Ad, &test.Nonce, &test.Key)
 
 		// Encryption test
-		ec = Encrypt(test.Message, test.Ad, test.Nonce[:], test.Key[:])
+		ec = Encrypt(test.Message, test.Ad, &test.Nonce, &test.Key)
 		if !bytes.Equal(ec, append(c, mac...)) {
 			t.Errorf("Encryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Detached decryption test
-		m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key)
 		if err != nil || !bytes.Equal(m, test.Message) {
 			t.Errorf("Detached decryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Decryption test
-		m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key)
 		if err != nil || !bytes.Equal(m, test.Message) {
 			t.Errorf("Decryption failed for %+v", test)
 			t.FailNow()
 		}
 
 		// Failed detached decryption test
 		mac = make([]byte, ABytes)
-		m, err = DecryptDetached(c, mac, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = DecryptDetached(c, mac, test.Ad, &test.Nonce, &test.Key)
 		if err == nil {
 			t.Errorf("Detached decryption unexpectedly succeeded for %+v", test)
 			t.FailNow()
 		}
 
 		// Failed decryption test
 		copy(ec[len(m):], mac)
-		m, err = Decrypt(ec, test.Ad, test.Nonce[:], test.Key[:])
+		m, err = Decrypt(ec, test.Ad, &test.Nonce, &test.Key)
 		if err == nil {
 			t.Errorf("Decryption unexpectedly succeeded for %+v", test)
 			t.FailNow()