Documentation
¶
Overview ¶
Package crypto provides an implementation of the MirModule module. It supports RSA and ECDSA signatures.
Package crypto provides an implementation of the MirModule module. It supports RSA and ECDSA signatures.
Index ¶
- Variables
- func GenerateKeyPair(randomness io.Reader) (priv []byte, pub []byte, err error)
- func PrivKeyFromFile(file string) ([]byte, error)
- func PubKeyFromFile(fileName string) ([]byte, error)
- func SerializePrivKey(privKey interface{}) (privKeyBytes []byte, err error)
- func SerializePubKey(pubKey interface{}) (pubKeyBytes []byte, err error)
- type Crypto
- type DefaultImpl
- type DummyCrypto
- type HashImpl
- type Hasher
- type KeyPairs
- type MirModule
Constants ¶
This section is empty.
Variables ¶
var ( // DefaultPseudoSeed is an arbitrary number that the nodes can use as a seed when instantiating its MirModule module. // This is not secure, but helps during testing, as it obviates the exchange of public keys among nodes. DefaultPseudoSeed int64 = 12345 )
Functions ¶
func GenerateKeyPair ¶
GenerateKeyPair generates a pair of ECDSA keys that can be used for signing and verifying. The randomness parameter should be backed by a high-quality source of entropy such as crypto/rand.Reader. The priv key can be used for creation of a new instance of the crypto module (New function) and the pub key can be passed to DefaultImpl.RegisterNodeKey.
func PrivKeyFromFile ¶
PrivKeyFromFile extracts a private key from a PEM key file. Returns a serialized form of the private key. The output of this function can be passed to New when creating an instance of DefaultImpl.
func PubKeyFromFile ¶
PubKeyFromFile extracts a public key from a PEM certificate file. Returns a serialized form of the public key that can be used directly with DefaultImpl.RegisterNodeKey.
func SerializePrivKey ¶
SerializePrivKey serializes a private key into a byte slice. The output of this function can be passed to New when creating an instance of DefaultImpl. Currently, pointers to crypto/ecdsa.PrivateKey and crypto/rsa.PrivateKey are supported types of pubKey.
func SerializePubKey ¶
SerializePubKey serializes a public key into a byte slice. The output of this function can be used with DefaultImpl.RegisterNodeKey. Currently, pointers to crypto/ecdsa.PublicKey and crypto/rsa.PublicKey are supported types of pubKey.
Types ¶
type Crypto ¶
type Crypto interface {
// Sign signs the provided data and returns the resulting signature.
// The data to be signed is the concatenation of all the passed byte slices.
// A signature produced by Sign is verifiable using Verify.
// Note that the private key used to produce the signature cannot be set ("registered") through this interface.
// Storing and using the private key is completely implementation-dependent.
Sign(data [][]byte) ([]byte, error)
// Verify verifies a signature produced by the node with ID nodeID over data.
// Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise.
Verify(data [][]byte, signature []byte, nodeID t.NodeID) error
}
The Crypto interface represents an implementation of the cryptographic primitives inside the MirModule module. It is responsible for producing and verifying cryptographic signatures. It internally stores information about which clients and nodes are associated with which public keys. This information can be updated by the Node through appropriate events. Both clients and nodes are identified only by their IDs.
func InsecureCryptoForTestingOnly ¶ added in v0.1.1
func InsecureCryptoForTestingOnly(nodes []t.NodeID, ownID t.NodeID, keyPairs *KeyPairs) (Crypto, error)
InsecureCryptoForTestingOnly returns a CryptoImpl module to be used by a node, generating new keys in a pseudo-random manner if no local keys were generated already. Determinism is obtained by only generating the keys once and storing them in the struct to be reused by future calls, based on a given configuration and a random seed. InsecureCryptoForTestingOnly is not secure and intended for testing purposes only. It also assumes a static membership known to all nodes, InsecureCryptoForTestingOnly can be invoked by each Node independently (specifying the same seed, e.g. DefaultPseudoSeed) and generates the same set of keys for the whole system at each node, obviating the exchange of public keys.
type DefaultImpl ¶
type DefaultImpl struct {
// contains filtered or unexported fields
}
DefaultImpl represents a generic implementation of the MirModule module that can be used at Node instantiation (when calling mir.NewNode)
func NewDefaultImpl ¶
func NewDefaultImpl(privKey []byte) (*DefaultImpl, error)
NewDefaultImpl returns a new initialized instance of a MirModule implementation. privKey is the serialized representation of the private key that will be used for signing. privKey must be the output of SerializePrivKey or GenerateKeyPair.
func (*DefaultImpl) DeleteNodeKey ¶
func (c *DefaultImpl) DeleteNodeKey(nodeID t.NodeID)
DeleteNodeKey removes the public key associated with nodeID from the internal state. Any subsequent call to Verify(..., nodeID) will fail.
func (*DefaultImpl) RegisterNodeKey ¶
func (c *DefaultImpl) RegisterNodeKey(pubKey []byte, nodeID t.NodeID) error
RegisterNodeKey associates a public key with a node ID. pubKey must be the output of SerializePubKey. Calls to Verify will fail until RegisterNodeKey is successfully called with the corresponding node ID. Returns nil on success, a non-nil error on failure.
func (*DefaultImpl) Sign ¶
func (c *DefaultImpl) Sign(data [][]byte) ([]byte, error)
Sign signs the provided data and returns the resulting signature. First, Sign computes a SHA256 hash of the concatenation of all the byte slices in data. Then it signs the hash using the private key specified at creation of this MirModule object.
func (*DefaultImpl) Verify ¶
Verify verifies a signature produced by the node with ID nodeID over data. First, Verify computes a SHA256 hash of the concatenation of all the byte slices in data. Then it verifies the signature over this hash using the public key registered under nodeID. Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise. Note that RegisterNodeKey must be used to register the node's public key before calling Verify, otherwise Verify will fail.
type DummyCrypto ¶
type DummyCrypto struct {
// The only accepted signature
DummySig []byte
}
DummyCrypto represents a dummy MirModule module that always produces the same dummy byte slice specified at instantiation as signature. Verification of this dummy signature always succeeds. This is intended as a stub for testing purposes.
func (*DummyCrypto) DeleteNodeKey ¶
func (dc *DummyCrypto) DeleteNodeKey(_ t.NodeID)
DeleteNodeKey does nothing, as no public keys are used.
func (*DummyCrypto) RegisterNodeKey ¶
func (dc *DummyCrypto) RegisterNodeKey(_ []byte, _ t.NodeID) error
RegisterNodeKey does nothing, as no public keys are used.
type Hasher ¶
type Hasher struct {
// contains filtered or unexported fields
}
func (*Hasher) ApplyEvent ¶
func (*Hasher) ApplyEvents ¶
func (*Hasher) ImplementsModule ¶
func (hasher *Hasher) ImplementsModule()
The ImplementsModule method only serves the purpose of indicating that this is a Module and must not be called.
type MirModule ¶
type MirModule struct {
// contains filtered or unexported fields
}
func (*MirModule) ApplyEvent ¶
func (*MirModule) ApplyEvents ¶
func (*MirModule) ImplementsModule ¶
func (c *MirModule) ImplementsModule()
The ImplementsModule method only serves the purpose of indicating that this is a Module and must not be called.
Source Files