Go Platform Guide
Overview
MetaMUI Crypto for Go provides idiomatic Go implementations of cryptographic algorithms. Build from source and use as local module dependencies.
Installation
Build from source:
cd metamui-crypto-go
go build ./...
Running Tests
cd metamui-crypto-go
go test ./falcon512/ ./falcon1024/
Using in Your Project
To use the Go modules in your own project, reference them as local path dependencies. In your project’s go.mod, use a replace directive:
module myproject
go 1.20
require (
github.com/metamui/crypto v0.0.0
)
replace github.com/metamui/crypto => ../metamui-crypto-go
Usage Examples
Basic Hashing with BLAKE3
package main
import (
"encoding/hex"
"fmt"
"github.com/metamui/crypto/blake3"
)
func main() {
// Simple hashing
data := []byte("Hello, World!")
hash := blake3.Sum256(data)
fmt.Printf("BLAKE3 Hash: %s\n", hex.EncodeToString(hash[:]))
// Streaming hash
hasher := blake3.New()
hasher.Write([]byte("First part"))
hasher.Write([]byte("Second part"))
result := hasher.Sum(nil)
fmt.Printf("Streaming hash: %s\n", hex.EncodeToString(result))
// Keyed hashing (MAC)
key := make([]byte, 32)
// Fill key with random bytes
keyedHasher := blake3.NewKeyed(key)
keyedHasher.Write(data)
mac := keyedHasher.Sum(nil)
fmt.Printf("MAC: %s\n", hex.EncodeToString(mac))
}
Post-Quantum Key Exchange (ML-KEM-768)
package main
import (
"bytes"
"fmt"
"github.com/metamui/crypto/mlkem768"
)
func demonstrateKEM() {
// Generate keypair
publicKey, privateKey, err := mlkem768.GenerateKeypair()
if err != nil {
panic(err)
}
// Sender: Encapsulate shared secret
ciphertext, sharedSecretSender, err := mlkem768.Encapsulate(publicKey)
if err != nil {
panic(err)
}
// Receiver: Decapsulate shared secret
sharedSecretReceiver, err := mlkem768.Decapsulate(ciphertext, privateKey)
if err != nil {
panic(err)
}
// Verify shared secrets match
if bytes.Equal(sharedSecretSender, sharedSecretReceiver) {
fmt.Println("Shared secrets match!")
}
}
Authenticated Encryption (ChaCha20-Poly1305)
package main
import (
"crypto/rand"
"fmt"
"github.com/metamui/crypto/chacha20poly1305"
)
func secureEncryption() error {
// Generate key
key := make([]byte, chacha20poly1305.KeySize)
if _, err := rand.Read(key); err != nil {
return err
}
// Create AEAD cipher
aead, err := chacha20poly1305.New(key)
if err != nil {
return err
}
// Generate nonce
nonce := make([]byte, chacha20poly1305.NonceSize)
if _, err := rand.Read(nonce); err != nil {
return err
}
// Encrypt
plaintext := []byte("Secret message")
additionalData := []byte("metadata")
ciphertext := aead.Seal(nil, nonce, plaintext, additionalData)
// Decrypt
decrypted, err := aead.Open(nil, nonce, ciphertext, additionalData)
if err != nil {
return err
}
fmt.Printf("Decrypted: %s\n", decrypted)
return nil
}
Digital Signatures with Dilithium
package main
import (
"fmt"
"github.com/metamui/crypto/dilithium"
)
func quantumSafeSignatures() {
// Generate signing keypair
publicKey, privateKey, err := dilithium.GenerateKeypair(dilithium.Mode3)
if err != nil {
panic(err)
}
// Sign a message
message := []byte("Important document")
signature, err := dilithium.Sign(privateKey, message)
if err != nil {
panic(err)
}
// Verify signature
valid := dilithium.Verify(publicKey, message, signature)
fmt.Printf("Signature valid: %v\n", valid)
// Secure cleanup
privateKey.Clear()
}
Password Hashing with Argon2id
package main
import (
"fmt"
"github.com/metamui/crypto/argon2"
)
func passwordHashing() {
password := []byte("user_password")
// Hash password
hash, err := argon2.Hash(password, argon2.Config{
Time: 4,
Memory: 64 * 1024, // 64 MB
Threads: 2,
KeyLen: 32,
})
if err != nil {
panic(err)
}
// Store encoded hash (includes salt and parameters)
encoded := hash.Encode()
fmt.Printf("Encoded hash: %s\n", encoded)
// Verify password
valid, err := argon2.Verify(encoded, password)
if err != nil {
panic(err)
}
fmt.Printf("Password valid: %v\n", valid)
}
Concurrent Operations
package main
import (
"sync"
"github.com/metamui/crypto/blake3"
)
func concurrentHashing(files []string) map[string][]byte {
results := make(map[string][]byte)
var mu sync.Mutex
var wg sync.WaitGroup
for _, file := range files {
wg.Add(1)
go func(filename string) {
defer wg.Done()
data, _ := os.ReadFile(filename)
hash := blake3.Sum256(data)
mu.Lock()
results[filename] = hash[:]
mu.Unlock()
}(file)
}
wg.Wait()
return results
}
Secure Memory Management
package main
import (
"github.com/metamui/crypto/secure"
)
func secureOperations() {
// Allocate secure memory
secret := secure.NewBuffer(32)
defer secret.Destroy() // Automatically zeros memory
// Use the secure buffer
copy(secret.Bytes(), sensitiveData)
// Secure string
password := secure.NewString("sensitive_password")
defer password.Clear()
}
Error Handling
package main
import (
"errors"
"github.com/metamui/crypto/mlkem768"
metacrypto "github.com/metamui/crypto/errors"
)
func handleErrors() error {
pub, priv, err := mlkem768.GenerateKeypair()
if err != nil {
switch {
case errors.Is(err, metacrypto.ErrInvalidKey):
return fmt.Errorf("invalid key: %w", err)
case errors.Is(err, metacrypto.ErrNotSupported):
return fmt.Errorf("algorithm not supported: %w", err)
default:
return fmt.Errorf("unexpected error: %w", err)
}
}
return nil
}
Testing
package main
import (
"testing"
"github.com/metamui/crypto/blake3"
)
func TestBlake3(t *testing.T) {
testCases := []struct {
input []byte
expected string
}{
{[]byte(""), "af13..."},
{[]byte("abc"), "6437..."},
}
for _, tc := range testCases {
result := blake3.Sum256(tc.input)
if hex.EncodeToString(result[:]) != tc.expected {
t.Errorf("unexpected hash for %q", tc.input)
}
}
}
func BenchmarkBlake3(b *testing.B) {
data := make([]byte, 1024*1024) // 1 MB
b.SetBytes(int64(len(data)))
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = blake3.Sum256(data)
}
}
Module Structure
metamui-crypto-go/
├── falcon512/ # Falcon-512 signatures
├── falcon1024/ # Falcon-1024 signatures
├── blake3/ # BLAKE3 hashing
├── mlkem768/ # ML-KEM-768 KEM
├── chacha20poly1305/ # ChaCha20-Poly1305 AEAD
├── dilithium/ # Dilithium signatures
├── argon2/ # Argon2id password hashing
├── secure/ # Secure memory utilities
└── errors/ # Error definitions
Support Resources
- Issues: GitHub
- Commercial Support: [email protected]