nego

package

v0.0.0-...-0b3308b Latest Latest Go to latest Published: Jun 19, 2017 License: MPL-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dedis/crypto

Documentation ¶

Overview ¶

Package nego implements cryptographic negotiation and secret entrypoint finding.

Index ¶

func BitFill(z, x *big.Int, i, j int, b uint)
func BitScan(x *big.Int, i, j int, b uint) int
type Entry
- func (e *Entry) String() string
type Writer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BitFill ¶

func BitFill(z, x *big.Int, i, j int, b uint)

Set z to x, but with the bit-field from bit i up or down to bit j filled with bit value b.

func BitScan ¶

func BitScan(x *big.Int, i, j int, b uint) int

Scan a bit-field within x starting from bit i, either upward or downward to but not including bit j, for the first bit with value b. Returns the position of the first b-bit found, or -1 if every bit in the bit-field is set to 1-b.

Types ¶

type Entry ¶

type Entry struct {
	Suite  abstract.Suite // Ciphersuite this public key is drawn from
	PubKey abstract.Point // Public key of this entrypoint's owner
	Data   []byte         // Entrypoint data decryptable by owner
}

func (*Entry) String ¶

func (e *Entry) String() string

type Writer ¶

type Writer struct {
	// contains filtered or unexported fields
}

Writer produces a cryptographic negotiation header, which conceals a variable number of "entrypoints" within a variable-length binary blob of random-looking bits. Each entrypoint hidden in the blob is discoverable and usable only by the owner of a particular public key. Different public keys may be drawn from different ciphersuites, in any combination, without coordination between the ciphersuites.

Each entrypoint contains a short fixed-length blob of encrypted data, which the owner of the entrypoint can decrypt and use to obtain keys and pointers to the "real" content. This "real" content is typically located after the negotiation header and encrypted with a symmetric key included in the entrypoint data, which can be (but doesn't have to be) shared by many or all entrypoints.

func (*Writer) Layout ¶

func (w *Writer) Layout(suiteLevel map[abstract.Suite]int,
	entrypoints []Entry,
	rand cipher.Stream) (int, error)

Initialize a Writer to produce one or more negotiation header containing a specified set of entrypoints, whose owners' public keys are drawn from a given set of ciphersuites.

The caller must provide a map 'suiteLevel' with one key per ciphersuite, whose value is the maximum "level" in the header at which the ciphersuite's ephemeral Diffie-Hellman Point may be encoded. This maximum level must be standardized for each ciphersuite, and should be log2(maxsuites), where maxsuites is the maximum number of unique ciphersuites that are likely to exist when this suite is defined.

The Data slices in all entrypoints must have been allocated and sized according to the data the caller wants to suppy each entrypoint, but the content of these Data slices need not be filled in yet.

This function lays out the entrypoints in the negotiation header, and returns the total size of the negotiation headers that will be produced from this layout.

After this initialization and layout computation, multiple independent negotiation headers with varying entrypoint data may be produced more efficiently via Write().

XXX if multiple entrypoints are improperly passed for the same keyholder, bad things happen to security - we should harden the API against that.

func (*Writer) Payload ¶

func (w *Writer) Payload(data []byte, encrypt cipher.Stream) int

After Layout() has been called to layout the header, the client may call Payload() any number of times to reserve regions for encrypted payloads in the message. Returns the byte offset in the message where the payload was placed.

Although the client could as well encrypt the data before calling Payload(), we take a cleartext and a cipher.Stream to "make sure" it gets encrypted. (Callers who really want to do their own encryption can pass in a no-op cipher.Stream, but this isn't recommended.)

func (*Writer) SetMaxLen ¶

func (w *Writer) SetMaxLen(max int)

Set the optional maximum length for the negotiation header, affecting subsequent calls to Layout()

func (*Writer) Write ¶

func (w *Writer) Write(rand cipher.Stream) []byte

Finalize and encrypt the negotiation message. The data slices in all the entrypoints must be filled in before calling this function.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL