crypto

package
v0.0.0-...-76c1feb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2021 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const DigestSize = sha512.Size256

DigestSize is the number of bytes in the preferred hash Digest used here.

Variables

View Source 
var BlankSignature = Signature{}

BlankSignature is an empty signature structure, containing nothing but zeroes

View Source 
var SystemRNG = &systemRNG{}

SystemRNG implements the RNG interface using the system-wide randomness source (from Go's crypto/rand).

Functions

func MultisigAdd 

func MultisigAdd(unisig []MultisigSig, msig *MultisigSig) (err error)

MultisigAdd adds unisig to an existing msig

func MultisigVerify 

func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (verified bool, err error)

MultisigVerify verifies an assembled MultisigSig

func NewHash 

func NewHash() hash.Hash

NewHash returns a sha512-256 object to do the same operation as Hash()

func RandBytes 

func RandBytes(buf []byte)

RandBytes fills the provided structure with a set of random bytes

func RandUint63 

func RandUint63() uint64

RandUint63 returns a random 64-bit unsigned integer which can be stored in a 64-bit signed integer without any data loss.

func RandUint64 

func RandUint64() uint64

RandUint64 returns a random 64-bit unsigned integer

func VrfKeygen 

func VrfKeygen() (pub VrfPubkey, priv VrfPrivkey)

VrfKeygen generates a random VRF keypair.

func VrfKeygenFromSeed 

func VrfKeygenFromSeed(seed [32]byte) (pub VrfPubkey, priv VrfPrivkey)

VrfKeygenFromSeed deterministically generates a VRF keypair from 32 bytes of (secret) entropy.

Types

type Digest 

type Digest [DigestSize]byte

Digest represents a 32-byte value holding the 256-bit Hash digest.

func DigestFromString 

func DigestFromString(str string) (d Digest, err error)

DigestFromString converts a string to a Digest

func Hash 

func Hash(data []byte) Digest

Hash computes the SHASum512_256 hash of an array of bytes

func HashObj 

func HashObj(h Hashable) Digest

HashObj computes a hash of a Hashable object and its type

func MultisigAddrGen 

func MultisigAddrGen(version, threshold uint8, pk []PublicKey) (addr Digest, err error)

MultisigAddrGen identifes the exact group, version, and devices (Public keys) that it requires to sign Hash("MultisigAddr" || version uint8 || threshold uint8 || PK1 || PK2 || ...)

func MultisigAddrGenWithSubsigs 

func MultisigAddrGenWithSubsigs(version uint8, threshold uint8,
	subsigs []MultisigSubsig) (addr Digest, err error)

MultisigAddrGenWithSubsigs is similiar to MultisigAddrGen except the input is []Subsig rather than []PublicKey

func (*Digest) CanMarshalMsg 

func (_ *Digest) CanMarshalMsg(z interface{}) bool

func (*Digest) CanUnmarshalMsg 

func (_ *Digest) CanUnmarshalMsg(z interface{}) bool

func (Digest) IsZero 

func (d Digest) IsZero() bool

IsZero return true if the digest contains only zeros, false otherwise

func (*Digest) MarshalMsg 

func (z *Digest) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Digest) MsgIsZero 

func (z *Digest) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Digest) Msgsize 

func (z *Digest) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (Digest) String 

func (d Digest) String() string

String returns the digest in a human-readable Base32 string

func (Digest) TrimUint64 

func (d Digest) TrimUint64() uint64

TrimUint64 returns the top 64 bits of the digest and converts to uint64

func (*Digest) UnmarshalMsg 

func (z *Digest) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type Hashable 

type Hashable interface {
	ToBeHashed() (protocol.HashID, []byte)
}

Hashable is an interface implemented by an object that can be represented with a sequence of bytes to be hashed or signed, together with a type ID to distinguish different types of objects.

type MasterDerivationKey 

type MasterDerivationKey [masterDerivationKeyLenBytes]byte

MasterDerivationKey is used to derive ed25519 keys for use in wallets

func (*MasterDerivationKey) CanMarshalMsg 

func (_ *MasterDerivationKey) CanMarshalMsg(z interface{}) bool

func (*MasterDerivationKey) CanUnmarshalMsg 

func (_ *MasterDerivationKey) CanUnmarshalMsg(z interface{}) bool

func (*MasterDerivationKey) MarshalMsg 

func (z *MasterDerivationKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MasterDerivationKey) MsgIsZero 

func (z *MasterDerivationKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MasterDerivationKey) Msgsize 

func (z *MasterDerivationKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MasterDerivationKey) UnmarshalMsg 

func (z *MasterDerivationKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSig 

type MultisigSig struct {
	Version   uint8            `codec:"v"`
	Threshold uint8            `codec:"thr"`
	Subsigs   []MultisigSubsig `codec:"subsig,allocbound=maxMultisig"`
	// contains filtered or unexported fields
}

MultisigSig is the structure that holds multiple Subsigs

func MultisigAssemble 

func MultisigAssemble(unisig []MultisigSig) (msig MultisigSig, err error)

MultisigAssemble assembles multiple MultisigSig

func MultisigMerge 

func MultisigMerge(msig1 MultisigSig, msig2 MultisigSig) (msigt MultisigSig, err error)

MultisigMerge merges two Multisigs msig1 and msig2 into msigt

func MultisigPreimageFromPKs 

func MultisigPreimageFromPKs(version, threshold uint8, pks []PublicKey) MultisigSig

MultisigPreimageFromPKs makes an empty MultisigSig for a given preimage. It should be renamed. TODO separate preimage type from sig type

func MultisigSign 

func MultisigSign(msg Hashable, addr Digest, version, threshold uint8, pk []PublicKey, sk SecretKey) (sig MultisigSig, err error)

MultisigSign is for each device individually signs the digest

func (MultisigSig) Blank 

func (msig MultisigSig) Blank() bool

Blank returns true iff the msig is empty. We need this instead of just comparing with == MultisigSig{}, because Subsigs is a slice.

func (*MultisigSig) CanMarshalMsg 

func (_ *MultisigSig) CanMarshalMsg(z interface{}) bool

func (*MultisigSig) CanUnmarshalMsg 

func (_ *MultisigSig) CanUnmarshalMsg(z interface{}) bool

func (MultisigSig) Equal 

func (msig MultisigSig) Equal(other MultisigSig) bool

Equal compares two MultisigSig structs for equality

func (*MultisigSig) MarshalMsg 

func (z *MultisigSig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSig) MsgIsZero 

func (z *MultisigSig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSig) Msgsize 

func (z *MultisigSig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (MultisigSig) Preimage 

func (msig MultisigSig) Preimage() (version, threshold uint8, pks []PublicKey)

Preimage returns the version, threshold, and list of all public keys in a (partial) multisig address

func (*MultisigSig) UnmarshalMsg 

func (z *MultisigSig) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSubsig 

type MultisigSubsig struct {
	Key PublicKey `codec:"pk"` // all public keys that are possible signers for this address
	Sig Signature `codec:"s"`  // may be either empty or a signature
	// contains filtered or unexported fields
}

MultisigSubsig is a struct that holds a pair of public key and signatures signatures may be empty

func (*MultisigSubsig) CanMarshalMsg 

func (_ *MultisigSubsig) CanMarshalMsg(z interface{}) bool

func (*MultisigSubsig) CanUnmarshalMsg 

func (_ *MultisigSubsig) CanUnmarshalMsg(z interface{}) bool

func (*MultisigSubsig) MarshalMsg 

func (z *MultisigSubsig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSubsig) MsgIsZero 

func (z *MultisigSubsig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSubsig) Msgsize 

func (z *MultisigSubsig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MultisigSubsig) UnmarshalMsg 

func (z *MultisigSubsig) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignature 

type OneTimeSignature struct {

	// Sig is a signature of msg under the key PK.
	Sig ed25519Signature `codec:"s"`
	PK  ed25519PublicKey `codec:"p"`

	// Old-style signature that does not use proper domain separation.
	// PKSigOld is unused; however, unfortunately we forgot to mark it
	// `codec:omitempty` and so it appears (with zero value) in certs.
	// This means we can't delete the field without breaking catchup.
	PKSigOld ed25519Signature `codec:"ps"`

	// Used to verify a new-style two-level ephemeral signature.
	// PK1Sig is a signature of OneTimeSignatureSubkeyOffsetID(PK, Batch, Offset) under the key PK2.
	// PK2Sig is a signature of OneTimeSignatureSubkeyBatchID(PK2, Batch) under the master key (OneTimeSignatureVerifier).
	PK2    ed25519PublicKey `codec:"p2"`
	PK1Sig ed25519Signature `codec:"p1s"`
	PK2Sig ed25519Signature `codec:"p2s"`
	// contains filtered or unexported fields
}

A OneTimeSignature is a cryptographic signature that is produced a limited number of times and provides forward integrity.

Specifically, a OneTimeSignature is generated from an ephemeral secret. After some number of messages is signed under a given OneTimeSignatureIdentifier identifier, the corresponding secret is deleted. This prevents the secret-holder from signing a contradictory message in the future in the event of a secret-key compromise.

func (*OneTimeSignature) CanMarshalMsg 

func (_ *OneTimeSignature) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignature) CanUnmarshalMsg 

func (_ *OneTimeSignature) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignature) MarshalMsg 

func (z *OneTimeSignature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignature) MsgIsZero 

func (z *OneTimeSignature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignature) Msgsize 

func (z *OneTimeSignature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignature) UnmarshalMsg 

func (z *OneTimeSignature) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureIdentifier 

type OneTimeSignatureIdentifier struct {
	// Batch represents the most-significant part of the identifier.
	Batch uint64

	// Offset represents the least-significant part of the identifier.
	// When moving to a new Batch, the Offset values restart from 0.
	Offset uint64
}

A OneTimeSignatureIdentifier is an identifier under which a OneTimeSignature is produced on a given message. This identifier is represented using a two-level structure, which corresponds to two levels of our ephemeral key tree.

func (OneTimeSignatureIdentifier) BatchBytes 

func (id OneTimeSignatureIdentifier) BatchBytes() []byte

BatchBytes converts a OneTimeSignatureIdentifier into a byte slice representing the 64-bit batch number. This is used for the old-style way of signing an ephemeral subkey identifier.

type OneTimeSignatureSecrets 

type OneTimeSignatureSecrets struct {
	OneTimeSignatureSecretsPersistent
	// contains filtered or unexported fields
}

OneTimeSignatureSecrets are used to produced unforgeable signatures over a message.

When the method OneTimeSignatureSecrets.DeleteBefore(ID) is called, ephemeral secrets corresponding to OneTimeSignatureIdentifiers preceding ID are deleted. Thereafter, an entity can no longer sign different messages with old OneTimeSignatureIdentifiers, protecting the integrity of the messages signed under those identifiers.

func GenerateOneTimeSignatureSecrets 

func GenerateOneTimeSignatureSecrets(startBatch uint64, numBatches uint64) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecrets is a version of GenerateOneTimeSignatureSecretsRNG that uses the system-wide randomness source.

func GenerateOneTimeSignatureSecretsRNG 

func GenerateOneTimeSignatureSecretsRNG(startBatch uint64, numBatches uint64, rng RNG) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecretsRNG creates a limited number of secrets that sign messages under OneTimeSignatureIdentifiers in the range [startBatch, startBatch+numBatches).

This range includes startBatch and excludes startBatch+numBatches.

Randomness comes from the supplied RNG.

func (*OneTimeSignatureSecrets) CanMarshalMsg 

func (_ *OneTimeSignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) CanUnmarshalMsg 

func (_ *OneTimeSignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) DeleteBeforeFineGrained 

func (s *OneTimeSignatureSecrets) DeleteBeforeFineGrained(current OneTimeSignatureIdentifier, numKeysPerBatch uint64)

DeleteBeforeFineGrained deletes ephemeral keys before (but not including) the given id.

func (*OneTimeSignatureSecrets) MarshalMsg 

func (z *OneTimeSignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecrets) MsgIsZero 

func (z *OneTimeSignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecrets) Msgsize 

func (z *OneTimeSignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecrets) Sign 

func (s *OneTimeSignatureSecrets) Sign(id OneTimeSignatureIdentifier, message Hashable) OneTimeSignature

Sign produces a OneTimeSignature of some Hashable message under some OneTimeSignatureIdentifier.

func (*OneTimeSignatureSecrets) Snapshot 

func (s *OneTimeSignatureSecrets) Snapshot() OneTimeSignatureSecrets

Snapshot returns a copy of OneTimeSignatureSecrets consistent with respect to concurrent mutating calls (specifically, DeleteBefore*). This snapshot can be used for serializing the OneTimeSignatureSecrets to persistent storage.

func (*OneTimeSignatureSecrets) UnmarshalMsg 

func (z *OneTimeSignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSecretsPersistent 

type OneTimeSignatureSecretsPersistent struct {
	OneTimeSignatureVerifier

	// FirstBatch denotes the first batch whose subkey appears in Batches.
	// The odd `codec:` name is for backwards compatibility with previous
	// stored keys where we failed to give any explicit `codec:` name.
	FirstBatch uint64            `codec:"First"`
	Batches    []ephemeralSubkey `codec:"Sub,allocbound=-"`

	// FirstOffset denotes the first offset whose subkey appears in Offsets.
	// These subkeys correspond to batch FirstBatch-1.
	FirstOffset uint64            `codec:"firstoff"`
	Offsets     []ephemeralSubkey `codec:"offkeys,allocbound=-"`

	// When Offsets is non-empty, OffsetsPK2 is the intermediate-level public
	// key that can be used to verify signatures on the subkeys in Offsets, and
	// OffsetsPK2Sig is the signature from the master key (OneTimeSignatureVerifier)
	// on OneTimeSignatureSubkeyBatchID(OffsetsPK2, FirstBatch-1).
	OffsetsPK2    ed25519PublicKey `codec:"offpk2"`
	OffsetsPK2Sig ed25519Signature `codec:"offpk2sig"`
	// contains filtered or unexported fields
}

OneTimeSignatureSecretsPersistent denotes the fields of a OneTimeSignatureSecrets that get stored to persistent storage (through reflection on exported fields).

func (*OneTimeSignatureSecretsPersistent) CanMarshalMsg 

func (_ *OneTimeSignatureSecretsPersistent) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) CanUnmarshalMsg 

func (_ *OneTimeSignatureSecretsPersistent) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) MarshalMsg 

func (z *OneTimeSignatureSecretsPersistent) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecretsPersistent) MsgIsZero 

func (z *OneTimeSignatureSecretsPersistent) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecretsPersistent) Msgsize 

func (z *OneTimeSignatureSecretsPersistent) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecretsPersistent) UnmarshalMsg 

func (z *OneTimeSignatureSecretsPersistent) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyBatchID 

type OneTimeSignatureSubkeyBatchID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyBatchID identifies an ephemeralSubkey of a batch for the purposes of signing it with the top-level master key.

func (*OneTimeSignatureSubkeyBatchID) CanMarshalMsg 

func (_ *OneTimeSignatureSubkeyBatchID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg 

func (_ *OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) MarshalMsg 

func (z *OneTimeSignatureSubkeyBatchID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyBatchID) MsgIsZero 

func (z *OneTimeSignatureSubkeyBatchID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyBatchID) Msgsize 

func (z *OneTimeSignatureSubkeyBatchID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyBatchID) ToBeHashed 

func (batch OneTimeSignatureSubkeyBatchID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyBatchID. This is used to sign an intermediate subkey for a batch, in the new style (contrast with OneTimeSignatureIdentifier.BatchBytes).

func (*OneTimeSignatureSubkeyBatchID) UnmarshalMsg 

func (z *OneTimeSignatureSubkeyBatchID) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyOffsetID 

type OneTimeSignatureSubkeyOffsetID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	Offset   uint64           `codec:"off"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyOffsetID identifies an ephemeralSubkey of a specific offset within a batch, for the purposes of signing it with the batch subkey.

func (*OneTimeSignatureSubkeyOffsetID) CanMarshalMsg 

func (_ *OneTimeSignatureSubkeyOffsetID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg 

func (_ *OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) MarshalMsg 

func (z *OneTimeSignatureSubkeyOffsetID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyOffsetID) MsgIsZero 

func (z *OneTimeSignatureSubkeyOffsetID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyOffsetID) Msgsize 

func (z *OneTimeSignatureSubkeyOffsetID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyOffsetID) ToBeHashed 

func (off OneTimeSignatureSubkeyOffsetID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyOffsetID. This is used to sign a subkey for a specific offset in a batch.

func (*OneTimeSignatureSubkeyOffsetID) UnmarshalMsg 

func (z *OneTimeSignatureSubkeyOffsetID) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureVerifier 

type OneTimeSignatureVerifier ed25519PublicKey

A OneTimeSignatureVerifier is used to identify the holder of OneTimeSignatureSecrets and prove the authenticity of OneTimeSignatures against some OneTimeSignatureIdentifier.

func (*OneTimeSignatureVerifier) CanMarshalMsg 

func (_ *OneTimeSignatureVerifier) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureVerifier) CanUnmarshalMsg 

func (_ *OneTimeSignatureVerifier) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureVerifier) MarshalMsg 

func (z *OneTimeSignatureVerifier) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureVerifier) MsgIsZero 

func (z *OneTimeSignatureVerifier) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureVerifier) Msgsize 

func (z *OneTimeSignatureVerifier) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureVerifier) UnmarshalMsg 

func (z *OneTimeSignatureVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (OneTimeSignatureVerifier) Verify 

func (v OneTimeSignatureVerifier) Verify(id OneTimeSignatureIdentifier, message Hashable, sig OneTimeSignature) bool

Verify verifies that some Hashable signature was signed under some OneTimeSignatureVerifier and some OneTimeSignatureIdentifier.

It returns true if this is the case; otherwise, it returns false.

type OneTimeSigner 

type OneTimeSigner struct {
	*OneTimeSignatureSecrets
	OptionalKeyDilution uint64
}

OneTimeSigner is a wrapper for OneTimeSignatureSecrets that also includes the appropriate KeyDilution value. If zero, the value should be inherited from ConsensusParams.DefaultKeyDilution.

func (OneTimeSigner) KeyDilution 

func (ots OneTimeSigner) KeyDilution(params config.ConsensusParams) uint64

KeyDilution returns the appropriate key dilution value for a OneTimeSigner.

type PRNG 

type PRNG struct {
	// contains filtered or unexported fields
}

PRNG is a pseudo-random implementation of RNG, used for deterministic testing.

func MakePRNG 

func MakePRNG(seed []byte) *PRNG

MakePRNG creates a new PRNG from an initial seed. The implementation is based on HMAC_DRBG. All random bytes from the PRNG will be determined by the initial seed value. Used by test code only.

func (*PRNG) RandBytes 

func (prng *PRNG) RandBytes(buf []byte)

RandBytes implements the RNG interface for the PRNG. Used by test code only.

type PrivateKey 

type PrivateKey ed25519PrivateKey

PrivateKey is an exported ed25519PrivateKey

func (*PrivateKey) CanMarshalMsg 

func (_ *PrivateKey) CanMarshalMsg(z interface{}) bool

func (*PrivateKey) CanUnmarshalMsg 

func (_ *PrivateKey) CanUnmarshalMsg(z interface{}) bool

func (*PrivateKey) MarshalMsg 

func (z *PrivateKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PrivateKey) MsgIsZero 

func (z *PrivateKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PrivateKey) Msgsize 

func (z *PrivateKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PrivateKey) UnmarshalMsg 

func (z *PrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type PublicKey 

type PublicKey ed25519PublicKey

PublicKey is an exported ed25519PublicKey

func SecretKeyToPublicKey 

func SecretKeyToPublicKey(secret PrivateKey) (PublicKey, error)

SecretKeyToPublicKey derives a public key from a secret key. This is very efficient since ed25519 private keys literally contain their public key

func (*PublicKey) CanMarshalMsg 

func (_ *PublicKey) CanMarshalMsg(z interface{}) bool

func (*PublicKey) CanUnmarshalMsg 

func (_ *PublicKey) CanUnmarshalMsg(z interface{}) bool

func (*PublicKey) MarshalMsg 

func (z *PublicKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PublicKey) MsgIsZero 

func (z *PublicKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PublicKey) Msgsize 

func (z *PublicKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PublicKey) UnmarshalMsg 

func (z *PublicKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type RNG 

type RNG interface {
	RandBytes([]byte)
}

RNG represents a randomness source. This could be either a system-wide randomness source (like what gets exposed by crypto/rand), or a PRNG that we use for testing.

type SecretKey 

type SecretKey = SignatureSecrets

SecretKey is casted from SignatureSecrets

type Seed 

type Seed ed25519Seed

A Seed holds the entropy needed to generate cryptographic keys.

func SecretKeyToSeed 

func SecretKeyToSeed(secret PrivateKey) (Seed, error)

SecretKeyToSeed derives the seed from a secret key. This is very efficient since ed25519 private keys literally contain their seed

func (*Seed) CanMarshalMsg 

func (_ *Seed) CanMarshalMsg(z interface{}) bool

func (*Seed) CanUnmarshalMsg 

func (_ *Seed) CanUnmarshalMsg(z interface{}) bool

func (*Seed) MarshalMsg 

func (z *Seed) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Seed) MsgIsZero 

func (z *Seed) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Seed) Msgsize 

func (z *Seed) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Seed) UnmarshalMsg 

func (z *Seed) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type Signature 

type Signature ed25519Signature

A Signature is a cryptographic signature. It proves that a message was produced by a holder of a cryptographic secret.

func (*Signature) Blank 

func (s *Signature) Blank() bool

Blank tests to see if the given signature contains only zeros

func (*Signature) CanMarshalMsg 

func (_ *Signature) CanMarshalMsg(z interface{}) bool

func (*Signature) CanUnmarshalMsg 

func (_ *Signature) CanUnmarshalMsg(z interface{}) bool

func (*Signature) MarshalMsg 

func (z *Signature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Signature) MsgIsZero 

func (z *Signature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Signature) Msgsize 

func (z *Signature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Signature) UnmarshalMsg 

func (z *Signature) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureSecrets 

type SignatureSecrets struct {
	SignatureVerifier
	SK ed25519PrivateKey
	// contains filtered or unexported fields
}

SignatureSecrets are used by an entity to produce unforgeable signatures over a message.

func GenerateSignatureSecrets 

func GenerateSignatureSecrets(seed Seed) *SignatureSecrets

GenerateSignatureSecrets creates SignatureSecrets from a source of entropy.

func SecretKeyToSignatureSecrets 

func SecretKeyToSignatureSecrets(sk PrivateKey) (secrets *SignatureSecrets, err error)

SecretKeyToSignatureSecrets converts a private key into a SignatureSecrets and returns a pointer

func (*SignatureSecrets) CanMarshalMsg 

func (_ *SignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*SignatureSecrets) CanUnmarshalMsg 

func (_ *SignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*SignatureSecrets) MarshalMsg 

func (z *SignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*SignatureSecrets) MsgIsZero 

func (z *SignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*SignatureSecrets) Msgsize 

func (z *SignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*SignatureSecrets) Sign 

func (s *SignatureSecrets) Sign(message Hashable) Signature

Sign produces a cryptographic Signature of a Hashable message, given cryptographic secrets.

func (*SignatureSecrets) SignBytes 

func (s *SignatureSecrets) SignBytes(message []byte) Signature

SignBytes signs a message directly, without first hashing. Caller is responsible for domain separation.

func (*SignatureSecrets) UnmarshalMsg 

func (z *SignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureVerifier 

type SignatureVerifier = PublicKey

A SignatureVerifier is used to identify the holder of SignatureSecrets and verify the authenticity of Signatures.

func (SignatureVerifier) Verify 

func (v SignatureVerifier) Verify(message Hashable, sig Signature) bool

Verify verifies that some holder of a cryptographic secret authentically signed a Hashable message.

It returns true if this is the case; otherwise, it returns false.

func (SignatureVerifier) VerifyBytes 

func (v SignatureVerifier) VerifyBytes(message []byte, sig Signature) bool

VerifyBytes verifies a signature, where the message is not hashed first. Caller is responsible for domain separation. If the message is a Hashable, Verify() can be used instead.

type VRFProof 

type VRFProof = VrfProof

VRFProof is a deprecated name for VrfProof

type VRFSecrets 

type VRFSecrets struct {
	PK VrfPubkey
	SK VrfPrivkey
	// contains filtered or unexported fields
}

VRFSecrets is a wrapper for a VRF keypair. Use *VrfPrivkey instead

func GenerateVRFSecrets 

func GenerateVRFSecrets() *VRFSecrets

GenerateVRFSecrets is deprecated, use VrfKeygen or VrfKeygenFromSeed instead

func (*VRFSecrets) CanMarshalMsg 

func (_ *VRFSecrets) CanMarshalMsg(z interface{}) bool

func (*VRFSecrets) CanUnmarshalMsg 

func (_ *VRFSecrets) CanUnmarshalMsg(z interface{}) bool

func (*VRFSecrets) MarshalMsg 

func (z *VRFSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VRFSecrets) MsgIsZero 

func (z *VRFSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VRFSecrets) Msgsize 

func (z *VRFSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VRFSecrets) UnmarshalMsg 

func (z *VRFSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VRFVerifier 

type VRFVerifier = VrfPubkey

VRFVerifier is a deprecated name for VrfPubkey

type VrfOutput 

type VrfOutput [64]byte

VrfOutput is a 64-byte pseudorandom value that can be computed from a VrfProof. The VRF scheme guarantees that such output will be unique

func (*VrfOutput) CanMarshalMsg 

func (_ *VrfOutput) CanMarshalMsg(z interface{}) bool

func (*VrfOutput) CanUnmarshalMsg 

func (_ *VrfOutput) CanUnmarshalMsg(z interface{}) bool

func (*VrfOutput) MarshalMsg 

func (z *VrfOutput) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfOutput) MsgIsZero 

func (z *VrfOutput) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfOutput) Msgsize 

func (z *VrfOutput) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfOutput) UnmarshalMsg 

func (z *VrfOutput) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPrivkey 

type VrfPrivkey [64]byte

A VrfPrivkey is a private key used for producing VRF proofs. Specifically, we use a 64-byte ed25519 private key (the latter 32-bytes are the precomputed public key)

func (*VrfPrivkey) CanMarshalMsg 

func (_ *VrfPrivkey) CanMarshalMsg(z interface{}) bool

func (*VrfPrivkey) CanUnmarshalMsg 

func (_ *VrfPrivkey) CanUnmarshalMsg(z interface{}) bool

func (*VrfPrivkey) MarshalMsg 

func (z *VrfPrivkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPrivkey) MsgIsZero 

func (z *VrfPrivkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPrivkey) Msgsize 

func (z *VrfPrivkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (VrfPrivkey) Prove 

func (sk VrfPrivkey) Prove(message Hashable) (proof VrfProof, ok bool)

Prove constructs a VRF Proof for a given Hashable. ok will be false if the private key is malformed.

func (VrfPrivkey) Pubkey 

func (sk VrfPrivkey) Pubkey() (pk VrfPubkey)

Pubkey returns the public key that corresponds to the given private key.

func (*VrfPrivkey) UnmarshalMsg 

func (z *VrfPrivkey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfProof 

type VrfProof [80]byte

A VrfProof for a message can be generated with a secret key and verified against a public key, like a signature. Proofs are malleable, however, for a given message and public key, the VRF output that can be computed from a proof is unique.

func (*VrfProof) CanMarshalMsg 

func (_ *VrfProof) CanMarshalMsg(z interface{}) bool

func (*VrfProof) CanUnmarshalMsg 

func (_ *VrfProof) CanUnmarshalMsg(z interface{}) bool

func (VrfProof) Hash 

func (proof VrfProof) Hash() (hash VrfOutput, ok bool)

Hash converts a VRF proof to a VRF output without verifying the proof. TODO: Consider removing so that we don't accidentally hash an unverified proof

func (*VrfProof) MarshalMsg 

func (z *VrfProof) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfProof) MsgIsZero 

func (z *VrfProof) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfProof) Msgsize 

func (z *VrfProof) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfProof) UnmarshalMsg 

func (z *VrfProof) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPubkey 

type VrfPubkey [32]byte

A VrfPubkey is a public key that can be used to verify VRF proofs.

func (*VrfPubkey) CanMarshalMsg 

func (_ *VrfPubkey) CanMarshalMsg(z interface{}) bool

func (*VrfPubkey) CanUnmarshalMsg 

func (_ *VrfPubkey) CanUnmarshalMsg(z interface{}) bool

func (*VrfPubkey) MarshalMsg 

func (z *VrfPubkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPubkey) MsgIsZero 

func (z *VrfPubkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPubkey) Msgsize 

func (z *VrfPubkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfPubkey) UnmarshalMsg 

func (z *VrfPubkey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (VrfPubkey) Verify 

func (pk VrfPubkey) Verify(p VrfProof, message Hashable) (bool, VrfOutput)

Verify checks a VRF proof of a given Hashable. If the proof is valid the pseudorandom VrfOutput will be returned. For a given public key and message, there are potentially multiple valid proofs. However, given a public key and message, all valid proofs will yield the same output. Moreover, the output is indistinguishable from random to anyone without the proof or the secret key.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.