crypto

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package crypto - wrapper for encryption libraries required by service

Index

Constants

View Source 
const (
	// BFSBLS381 Field size
	BFSBLS381 = int(C.BFS_BLS381)
	// BGSBLS381 Group size
	BGSBLS381 = int(C.BGS_BLS381)
	// G2Len G2 point size
	G2Len = 4 * BFSBLS381
	// SIGLen Signature length
	SIGLen = BFSBLS381 + 1
)
View Source 
const (
	RecommendedSeedLen = 32 // 256 bits
	MinSeedBytes       = 16 // 128 bits
	MaxSeedBytes       = 64 // 512 bits

)
View Source 
const (
	EGSSECP256K1 = int(C.EGS_SECP256K1)
	EFSSECP256K1 = int(C.EFS_SECP256K1)
	EPSSECP256K1 = 2*EFSSECP256K1 + 1
)

SECP256K1 constants

View Source 
const (
	PGSBLS381 = int(C.PGS_BLS381)
	PFSBLS381 = int(C.PFS_BLS381)
	G1SBLS381 = 2*PFSBLS381 + 1
	G2SBLS381 = 4 * PFSBLS381
)

BLS381 constants

View Source 
const HashSize = 32

HashSize of array used to store hashes. See Hash.

View Source 
const MaxHashStringSize = HashSize * 2

MaxHashStringSize is the maximum length of a Hash hash string.

Variables

View Source 
var (
	// ErrInvalidPoint is binding for C.MPIN_INVALID_POINT
	ErrInvalidPoint = errors.New("Invalid point")
	// ErrInvalidPin is binding to C.MPIN_BAD_PIN
	ErrInvalidPin = errors.New("Invalid PIN")
	// ErrInvalidTime is returned when the timestamp in One pass is out of bounds
	ErrInvalidTime = errors.New("Invalid time")
	// ErrBlsFail is binding for C.BLS_FAIL
	ErrBlsFail = errors.New("Invalid BLS signature")
	// ErrInvalidG1 is binding for C.BLS_INVALID_G1
	ErrInvalidG1 = errors.New("Invalid G1 point")
	// ErrInvalidG2 is binding for C.BLS_INVALID_G2
	ErrInvalidG2 = errors.New("Invalid G2 point")
)
View Source 
var ErrHashStrSize = fmt.Errorf("max hash string length is %v bytes", MaxHashStringSize)

ErrHashStrSize describes an error that indicates the caller specified a hash string that has too many characters.

View Source 
var (
	// ErrInvalidID is returned when the ID cannot be decoded
	ErrInvalidID = errors.New("invalid ID")
)
View Source 
var (
	ErrInvalidSeedLen = fmt.Errorf("seed length must be between %d and %d bits",
		MinSeedBytes*8, MaxSeedBytes*8)
)

Functions

func BLSAddG1 

func BLSAddG1(R1 []byte, R2 []byte) (R []byte, err error)

BLSAddG1 Add two members from the group G1 

Add two members from the group G1

@param R1           member of G1
@param R2           member of G1
@param R            member of G1. r = r1+r2
@param err          Return code error

func BLSAddG2 

func BLSAddG2(R1 []byte, R2 []byte) (R []byte, err error)

BLSAddG2 Add two members from the group G2 

Add two members from the group G2

@param R1           member of G2
@param R2           member of G2
@param R            member of G2. r = r1+r2
@param err          Return code error

func BLSKeys 

func BLSKeys(rand *Rand, ski []byte) (pk []byte, sko []byte, err error)

BLSKeys Generate BLS keys

Generate public and private key pair. If the seed value is nil then generate the public key using the input secret key.

@param rand cspring PRNG. @param ski input secret key @param pk public key @param sko output secret key @param err Return code error

func BLSSign 

func BLSSign(m []byte, sk []byte) (s []byte, err error)

BLSSign Sign a message 

The message is signed using the BLS algorithm

@param m            Message to be signed
@param sk           secret key
@param S            Signature
@param err          Return code error

func BLSVerify 

func BLSVerify(m []byte, pk []byte, s []byte) error

BLSVerify Verify a signature 

Verify a signature using the BLS algorithm

@param m            Message that was signed
@param pk           public key
@param S            Signature
@param err          Return code error

func BuildMerkleTreeStore 

func BuildMerkleTreeStore(assets [][]byte) (merkles []*[]byte, err error)

Merkle tree builder takes in a byte slice array and returns (pointer) array of hashes represeting the tree nodes. The final element is the Merkle Root.

func ClientPass2 

func ClientPass2(p1r *ClientPass1Result, y []byte) (v []byte, err error)

ClientPass2 performs Pass2 on the client using ClientPass1Result and Y value from the server

func CopyProof 

func CopyProof(Proof []*[]byte) (ProofCopy [][]byte, err error)

CopyProof Returns a copy of proof for use outside the application

func Decode 

func Decode(dst *Hash, src string) error

Decode decodes the byte-reversed hexadecimal string encoding of a Hash to a destination.

func DeriveMasterSK 

func DeriveMasterSK(seed []byte) (*big.Int, error)

DeriveMasterSK creates a master private key using the supplied seed as entropy

func DoubleHashB 

func DoubleHashB(b []byte) []byte

DoubleHashB calculates hash(hash(b)) and returns the resulting bytes.

func ExtractPIN 

func ExtractPIN(id []byte, pin int, cs []byte) (token []byte, err error)

ExtractPIN extracts PIN from client secret and produces token

func GenerateBLSKeys 

func GenerateBLSKeys(seed []byte) (blsPublic, blsSecret []byte, err error)

GenerateBLSKeys - generate BLS12-381 Pub/Priv key from seed

func GenerateBLSKeysV2 

func GenerateBLSKeysV2(seed []byte) (blsPublic, blsSecret []byte, err error)

GenerateBLSKeysV2 - generate BLS12-381 Pub/Priv key from seed using the version 2 BLS KDF implementation The input bit seed length must be a minumum of

func GenerateProofFromTree 

func GenerateProofFromTree(asset *[]byte, pos int, tree []*[]byte) (proof []*[]byte, err error)

GenerateProofFromTree generates a set memebership proof for an asset if and only if that asset is a leaf element in of the Merkle Tree (tree) supplied with position (pos) Note that for this generator the asset has to match both the value and the address of the tree element with the position specified i.e. it has to be an element of the tree supplied to the generator.

func GetClientSecret 

func GetClientSecret(ms []byte, id []byte) (secret []byte, err error)

GetClientSecret generates the client secret of the identity and the master secret

func GetServerSecret 

func GetServerSecret(ms []byte) (secret []byte, err error)

GetServerSecret generates the server secret of the master secret

func HashB 

func HashB(b []byte) []byte

HashB calculates hash(b) and returns the resulting bytes.

func HashMerkleBranchesB 

func HashMerkleBranchesB(left *[]byte, right *[]byte) *[]byte

HashMerkleBranches takes two hashes, treated as the left and right tree nodes, and returns the hash of their concatenation. This is a helper function used to aid in the generation of a merkle tree.

func NewMasterSecret 

func NewMasterSecret(rand *Rand) (secret []byte, err error)

NewMasterSecret generates a new random master secret

func RecombineClientSecret 

func RecombineClientSecret(shares ...[]byte) (secret []byte, err error)

RecombineClientSecret combines the full client secret out of client secret shares

func RecombineServerSecret 

func RecombineServerSecret(shares ...[]byte) (secret []byte, err error)

RecombineServerSecret combines the full server secret out of server secret shares

func Secp256k1Decrypt 

func Secp256k1Decrypt(C, V, T, sK string) (message string, err error)

Secp256k1Decrypt decrypts an encrypoted message using ECP_SECP256K1_ECIES

func Secp256k1Encrypt 

func Secp256k1Encrypt(message, publicKey string) (C, V, T string, err error)

Secp256k1Encrypt encrypts a message using ECP_SECP256K1_ECIES

func ServerOnePass 

func ServerOnePass(client *Client1PassResult, ss []byte, msg []byte, timeBounds int64) error

ServerOnePass performs ZKP MFA One Pass on the server

func ServerPass2 

func ServerPass2(hid []byte, htid []byte, y []byte, ss []byte, u []byte, ut []byte, v []byte, pa []byte) (err error)

ServerPass2 performs Pass2 on server when using 2-pass protocol On successful authentication the err result is nil

func Verify 

func Verify(root []byte, args [][]byte) (err error)

Verify Merkle proof. Function takes in a root hash and a proof (byte array) and returns nil if the proof is valid.

Types

type Client1Option 

type Client1Option = func(*ClientPass1Result) error

func WithPredefinedX 

func WithPredefinedX(x []byte) Client1Option

WithPredefinedX is used to fix the X value for testing

type Client1PassResult 

type Client1PassResult struct {
	ID []byte
	ET int64
	U  []byte
	V  []byte
}

Client1PassResult is holds the result of One-Pass Client

func ClientOnePass 

func ClientOnePass(id []byte, pin int, rng *Rand, token []byte, msg []byte, opts ...Client1Option) (*Client1PassResult, error)

ClientOnePass performs ZKP MFA One Pass on the client

type ClientPass1Result 

type ClientPass1Result struct {
	X   []byte
	SEC []byte
	U   []byte
	UT  []byte
}

ClientPass1Result holds the result of the Client Pass1

func ClientPass1 

func ClientPass1(id []byte, pin int, rng *Rand, token []byte, opts ...Client1Option) (*ClientPass1Result, error)

ClientPass1 performs Pass1 on the client when using 2-pass protocol

type Hash 

type Hash [HashSize]byte

Hash represents the double sha256 of data.

func DoubleHashH 

func DoubleHashH(b []byte) Hash

DoubleHashH calculates hash(hash(b)) and returns the resulting bytes as a Hash.

func HashH 

func HashH(b []byte) Hash

HashH calculates hash(b) and returns the resulting bytes as a Hash.

func NewHash 

func NewHash(newHash []byte) (*Hash, error)

NewHash returns a new Hash from a byte slice. An error is returned if the number of bytes passed in is not HashSize.

func NewHashFromStr 

func NewHashFromStr(hash string) (*Hash, error)

NewHashFromStr creates a Hash from a hash string. The string should be the hexadecimal string of a byte-reversed hash, but any missing characters result in zero padding at the end of the Hash.

func (*Hash) IsEqual 

func (hash *Hash) IsEqual(target *Hash) bool

IsEqual returns true if target is the same as hash.

func (*Hash) SetBytes 

func (hash *Hash) SetBytes(newHash []byte) error

SetBytes sets the bytes which represent the hash. An error is returned if the number of bytes passed in is not HashSize.

func (Hash) String 

func (hash Hash) String() string

String returns the Hash as the hexadecimal string of the byte-reversed hash.

type ID 

type ID struct {
	Identity  string `json:"id"`
	Curve     string `json:"curve"`
	CreatedAt int64  `json:"created"`
	// contains filtered or unexported fields
}

ID is the ZKP ID struct

func IDFromBytes 

func IDFromBytes(rawID []byte) (*ID, error)

IDFromBytes decodes a hex-encodded ID

func IDFromHex 

func IDFromHex(rawIDString string) (*ID, error)

IDFromHex decodes a hex-encodded ID

func NewID 

func NewID(id string) (*ID, error)

NewID creates a new identity

func (*ID) Bytes 

func (i *ID) Bytes() []byte

Bytes returns the raw ID byteslice

func (*ID) Hash 

func (i *ID) Hash() []byte

Hash returns the hash of the raw ID

func (*ID) String 

func (i *ID) String() string

String returns hex-encoded raw ID

type Octet 

type Octet = C.octet

Octet adds functionality around C octet

func CreateOctet 

func CreateOctet(val []byte) *Octet

CreateOctet creates new Octet with a value

func NewOctet 

func NewOctet(maxSize int) *Octet

NewOctet creates an empty Octet with a given size

func (*Octet) Clear 

func (o *Octet) Clear()

Clear clears the octet memory

func (*Octet) ClearAndFree 

func (o *Octet) ClearAndFree()

func (*Octet) Free 

func (o *Octet) Free()

Free frees the allocated memory

func (*Octet) ToBytes 

func (o *Octet) ToBytes() []byte

ToBytes returns the bytes representation of the Octet

func (*Octet) ToString 

func (o *Octet) ToString() string

ToString returns the hex encoded representation of the Octet

type Rand 

type Rand C.csprng

Rand is a cryptographically secure random number generator

func NewRand 

func NewRand(seed []byte) *Rand

NewRand create new seeded Rand

func (*Rand) GetByte 

func (rand *Rand) GetByte() byte

GetByte returns one random byte

type ServerPass1Result 

type ServerPass1Result struct {
	Y    []byte
	HID  []byte
	HTID []byte
	U    []byte
	UT   []byte
}

ServerPass1Result holds the result of the Server Pass1

func ServerPass1 

func ServerPass1(id []byte, rand *Rand) (*ServerPass1Result, error)

ServerPass1 performs Pass1 on the server when using 2-pass protocol

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.