crypto

package

v0.0.0-...-bd4e2c0 Latest Latest Go to latest Published: Sep 19, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hyperledger-labs/mirbft

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypto provides an implementation of the Crypto module. It supports RSA and ECDSA signatures.

Index ¶

Variables
func GenerateKeyPair(randomness io.Reader) (priv []byte, pub []byte, err error)
func PrivKeyFromFile(file string) ([]byte, error)
func PubKeyFromFile(fileName string) ([]byte, error)
func SerializePrivKey(privKey interface{}) (privKeyBytes []byte, err error)
func SerializePubKey(pubKey interface{}) (pubKeyBytes []byte, err error)
type Crypto
type DummyCrypto

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// DefaultPseudoSeed is an arbitrary number that the nodes can use as a seed when instantiating its Crypto module.
	// This is not secure, but helps during testing, as it obviates the exchange of public keys among nodes.
	DefaultPseudoSeed int64 = 12345
)

Functions ¶

func GenerateKeyPair ¶

func GenerateKeyPair(randomness io.Reader) (priv []byte, pub []byte, err error)

GenerateKeyPair generates a pair of ECDSA keys that can be used for signing and verifying. The randomness parameter should be backed by a high-quality source of entropy such as crypto/rand.Reader. The priv key can be used for creation of a new instance of the crypto module (New function) and the pub key can be passed to Crypto.RegisterNodeKey.

func PrivKeyFromFile ¶

func PrivKeyFromFile(file string) ([]byte, error)

PrivKeyFromFile extracts a private key from a PEM key file. Returns a serialized form of the private key. The output of this function can be passed to New when creating an instance of the Crypto module.

func PubKeyFromFile ¶

func PubKeyFromFile(fileName string) ([]byte, error)

PubKeyFromFile extracts a public key from a PEM certificate file. Returns a serialized form of the public key that can be used directly with Crypto.RegisterNodeKey or Crypto.RegisterClientKey.

func SerializePrivKey ¶

func SerializePrivKey(privKey interface{}) (privKeyBytes []byte, err error)

SerializePrivKey serializes a private key into a byte slice. The output of this function can be passed to New when creating an instance of the Crypto module. Currently, pointers to crypto/ecdsa.PrivateKey and crypto/rsa.PrivateKey are supported types of pubKey.

func SerializePubKey ¶

func SerializePubKey(pubKey interface{}) (pubKeyBytes []byte, err error)

SerializePubKey serializes a public key into a byte slice. The output of this function can be used with Crypto.RegisterClientKey and Crypto.RegisterNodeKey. Currently, pointers to crypto/ecdsa.PublicKey and crypto/rsa.PublicKey are supported types of pubKey.

Types ¶

type Crypto ¶

type Crypto struct {
	// contains filtered or unexported fields
}

Crypto represents an instance of the Crypto module that can be used at Node instantiation (when calling mirbft.NewNode)

func ClientPseudo ¶

func ClientPseudo(nodes []t.NodeID, clients []t.ClientID, ownID t.ClientID, seed int64) (*Crypto, error)

ClientPseudo behaves the same as NodePseudo, except that it returns a crypto module intended for use by the client. The returned crypto module will use the private key associated with client ownID for signing.

func New ¶

func New(privKey []byte) (*Crypto, error)

New returns a new initialized instance of the Crypto module. privKey is the serialized representation of the private key that will be used for signing. privKey must be the output of SerializePrivKey or GenerateKeyPair.

func NodePseudo ¶

func NodePseudo(nodes []t.NodeID, clients []t.ClientID, ownID t.NodeID, seed int64) (*Crypto, error)

NodePseudo returns a Crypto module to be used by a Node, generating new keys in a pseudo-random manner. It is initialized and populated deterministically, based on a given configuration and a random seed. NodePseudo is not secure. Intended for testing purposes and assuming a static membership known to all nodes, NodePseudo can be invoked by each Node independently (specifying the same seed, e.g. DefaultPseudoSeed) and generates the same set of keys for the whole system at each node, obviating the exchange of public keys.

func (*Crypto) DeleteClientKey ¶

func (c *Crypto) DeleteClientKey(clientID t.ClientID)

DeleteClientKey removes the public key associated with clientID from the state. Any subsequent call to VerifyClientSig(..., clientID) will fail.

func (*Crypto) DeleteNodeKey ¶

func (c *Crypto) DeleteNodeKey(nodeID t.NodeID)

DeleteNodeKey removes the public key associated with nodeID from the internal state. Any subsequent call to VerifyNodeSig(..., nodeID) will fail.

func (*Crypto) RegisterClientKey ¶

func (c *Crypto) RegisterClientKey(pubKey []byte, clientID t.ClientID) error

RegisterClientKey associates a public key with a numeric client ID. pubKey must be the output of SerializePubKey. Calls to VerifyClientSig will fail until RegisterClientKey is successfully called with the corresponding client ID. Returns nil on success, a non-nil error on failure.

func (*Crypto) RegisterNodeKey ¶

func (c *Crypto) RegisterNodeKey(pubKey []byte, nodeID t.NodeID) error

RegisterNodeKey associates a public key with a numeric node ID. pubKey must be the output of SerializePubKey. Calls to VerifyNodeSig will fail until RegisterNodeKey is successfully called with the corresponding node ID. Returns nil on success, a non-nil error on failure.

func (*Crypto) Sign ¶

func (c *Crypto) Sign(data [][]byte) ([]byte, error)

Sign signs the provided data and returns the resulting signature. First, Sign computes a SHA256 hash of the concatenation of all the byte slices in data. Then it signs the hash using the private key specified at creation of this Crypto object.

func (*Crypto) VerifyClientSig ¶

func (c *Crypto) VerifyClientSig(data [][]byte, signature []byte, clientID t.ClientID) error

VerifyClientSig verifies a signature produced by the client with numeric ID clientID over data. First, VerifyNodeSig computes a SHA256 hash of the concatenation of all the byte slices in data. Then it verifies the signature over this hash using the public key registered under clientID. Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise. Note that RegisterClientKey must be used to register the client's public key before calling VerifyClientSig, otherwise VerifyClientSig will fail.

func (*Crypto) VerifyNodeSig ¶

func (c *Crypto) VerifyNodeSig(data [][]byte, signature []byte, nodeID t.NodeID) error

VerifyNodeSig verifies a signature produced by the node with numeric ID nodeID over data. First, VerifyNodeSig computes a SHA256 hash of the concatenation of all the byte slices in data. Then it verifies the signature over this hash using the public key registered under nodeID. Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise. Note that RegisterNodeKey must be used to register the node's public key before calling VerifyNodeSig, otherwise VerifyNodeSig will fail.

type DummyCrypto ¶

type DummyCrypto struct {

	// The only accepted signature
	DummySig []byte
}

DummyCrypto represents a dummy Crypto module that always produces the same dummy byte slice specified at instantiation as signature. Verification of this dummy signature always succeeds. This is intended as a stub for testing purposes.

func (*DummyCrypto) DeleteClientKey ¶

func (dc *DummyCrypto) DeleteClientKey(clientID t.ClientID)

DeleteClientKey does nothing, as no public keys are used.

func (*DummyCrypto) DeleteNodeKey ¶

func (dc *DummyCrypto) DeleteNodeKey(nodeID t.NodeID)

DeleteNodeKey does nothing, as no public keys are used.

func (*DummyCrypto) RegisterClientKey ¶

func (dc *DummyCrypto) RegisterClientKey(pubKey []byte, clientID t.ClientID) error

RegisterClientKey does nothing, as no public keys are used.

func (*DummyCrypto) RegisterNodeKey ¶

func (dc *DummyCrypto) RegisterNodeKey(pubKey []byte, nodeID t.NodeID) error

RegisterNodeKey does nothing, as no public keys are used.

func (*DummyCrypto) Sign ¶

func (dc *DummyCrypto) Sign(data [][]byte) ([]byte, error)

Sign always returns the dummy signature DummySig, regardless of the data.

func (*DummyCrypto) VerifyClientSig ¶

func (dc *DummyCrypto) VerifyClientSig(data [][]byte, signature []byte, clientID t.ClientID) error

VerifyClientSig returns nil (i.e. success) only if signature equals DummySig. Both data and nodeID are ignored.

func (*DummyCrypto) VerifyNodeSig ¶

func (dc *DummyCrypto) VerifyNodeSig(data [][]byte, signature []byte, nodeID t.NodeID) error

VerifyNodeSig returns nil (i.e. success) only if signature equals DummySig. Both data and nodeID are ignored.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL