Documentation ¶
Overview ¶
Package crypto - wrapper for encryption libraries required by service
Index ¶
- Constants
- Variables
- func BLSAddG1(R1 []byte, R2 []byte) (R []byte, err error)
- func BLSAddG2(R1 []byte, R2 []byte) (R []byte, err error)
- func BLSKeys(rand *Rand, ski []byte) (pk []byte, sko []byte, err error)
- func BLSSign(m []byte, sk []byte) (s []byte, err error)
- func BLSVerify(m []byte, pk []byte, s []byte) error
- func BuildMerkleTreeStore(assets [][]byte) (merkles []*[]byte, err error)
- func ClientPass2(p1r *ClientPass1Result, y []byte) (v []byte, err error)
- func CopyProof(Proof []*[]byte) (ProofCopy [][]byte, err error)
- func Decode(dst *Hash, src string) error
- func DeriveMasterSK(seed []byte) (*big.Int, error)
- func DoubleHashB(b []byte) []byte
- func ExtractPIN(id []byte, pin int, cs []byte) (token []byte, err error)
- func GenerateBLSKeys(seed []byte) (blsPublic, blsSecret []byte, err error)
- func GenerateBLSKeysV2(seed []byte) (blsPublic, blsSecret []byte, err error)
- func GenerateProofFromTree(asset *[]byte, pos int, tree []*[]byte) (proof []*[]byte, err error)
- func GetClientSecret(ms []byte, id []byte) (secret []byte, err error)
- func GetServerSecret(ms []byte) (secret []byte, err error)
- func HashB(b []byte) []byte
- func HashMerkleBranchesB(left *[]byte, right *[]byte) *[]byte
- func NewMasterSecret(rand *Rand) (secret []byte, err error)
- func RecombineClientSecret(shares ...[]byte) (secret []byte, err error)
- func RecombineServerSecret(shares ...[]byte) (secret []byte, err error)
- func Secp256k1Decrypt(C, V, T, sK string) (message string, err error)
- func Secp256k1Encrypt(message, publicKey string) (C, V, T string, err error)
- func ServerOnePass(client *Client1PassResult, ss []byte, msg []byte, timeBounds int64) error
- func ServerPass2(hid []byte, htid []byte, y []byte, ss []byte, u []byte, ut []byte, v []byte, ...) (err error)
- func Verify(root []byte, args [][]byte) (err error)
- type Client1Option
- type Client1PassResult
- type ClientPass1Result
- type Hash
- type ID
- type Octet
- type Rand
- type ServerPass1Result
Constants ¶
const ( // BFSBLS381 Field size BFSBLS381 = int(C.BFS_BLS381) // BGSBLS381 Group size BGSBLS381 = int(C.BGS_BLS381) // G2Len G2 point size G2Len = 4 * BFSBLS381 // SIGLen Signature length SIGLen = BFSBLS381 + 1 )
const ( RecommendedSeedLen = 32 // 256 bits MinSeedBytes = 16 // 128 bits MaxSeedBytes = 64 // 512 bits )
const ( EGSSECP256K1 = int(C.EGS_SECP256K1) EFSSECP256K1 = int(C.EFS_SECP256K1) EPSSECP256K1 = 2*EFSSECP256K1 + 1 )
SECP256K1 constants
const ( PGSBLS381 = int(C.PGS_BLS381) PFSBLS381 = int(C.PFS_BLS381) G1SBLS381 = 2*PFSBLS381 + 1 G2SBLS381 = 4 * PFSBLS381 )
BLS381 constants
const HashSize = 32
HashSize of array used to store hashes. See Hash.
const MaxHashStringSize = HashSize * 2
MaxHashStringSize is the maximum length of a Hash hash string.
Variables ¶
var ( // ErrInvalidPoint is binding for C.MPIN_INVALID_POINT ErrInvalidPoint = errors.New("Invalid point") // ErrInvalidPin is binding to C.MPIN_BAD_PIN ErrInvalidPin = errors.New("Invalid PIN") // ErrInvalidTime is returned when the timestamp in One pass is out of bounds ErrInvalidTime = errors.New("Invalid time") // ErrBlsFail is binding for C.BLS_FAIL ErrBlsFail = errors.New("Invalid BLS signature") // ErrInvalidG1 is binding for C.BLS_INVALID_G1 ErrInvalidG1 = errors.New("Invalid G1 point") // ErrInvalidG2 is binding for C.BLS_INVALID_G2 ErrInvalidG2 = errors.New("Invalid G2 point") )
var ErrHashStrSize = fmt.Errorf("max hash string length is %v bytes", MaxHashStringSize)
ErrHashStrSize describes an error that indicates the caller specified a hash string that has too many characters.
var ( // ErrInvalidID is returned when the ID cannot be decoded ErrInvalidID = errors.New("invalid ID") )
var ( ErrInvalidSeedLen = fmt.Errorf("seed length must be between %d and %d bits", MinSeedBytes*8, MaxSeedBytes*8) )
Functions ¶
func BLSAddG1 ¶
BLSAddG1 Add two members from the group G1
Add two members from the group G1 @param R1 member of G1 @param R2 member of G1 @param R member of G1. r = r1+r2 @param err Return code error
func BLSAddG2 ¶
BLSAddG2 Add two members from the group G2
Add two members from the group G2 @param R1 member of G2 @param R2 member of G2 @param R member of G2. r = r1+r2 @param err Return code error
func BLSKeys ¶
BLSKeys Generate BLS keys
Generate public and private key pair. If the seed value is nil then generate the public key using the input secret key.
@param rand cspring PRNG. @param ski input secret key @param pk public key @param sko output secret key @param err Return code error
func BLSSign ¶
BLSSign Sign a message
The message is signed using the BLS algorithm @param m Message to be signed @param sk secret key @param S Signature @param err Return code error
func BLSVerify ¶
BLSVerify Verify a signature
Verify a signature using the BLS algorithm @param m Message that was signed @param pk public key @param S Signature @param err Return code error
func BuildMerkleTreeStore ¶
Merkle tree builder takes in a byte slice array and returns (pointer) array of hashes represeting the tree nodes. The final element is the Merkle Root.
func ClientPass2 ¶
func ClientPass2(p1r *ClientPass1Result, y []byte) (v []byte, err error)
ClientPass2 performs Pass2 on the client using ClientPass1Result and Y value from the server
func Decode ¶
Decode decodes the byte-reversed hexadecimal string encoding of a Hash to a destination.
func DeriveMasterSK ¶
DeriveMasterSK creates a master private key using the supplied seed as entropy
func DoubleHashB ¶
DoubleHashB calculates hash(hash(b)) and returns the resulting bytes.
func ExtractPIN ¶
ExtractPIN extracts PIN from client secret and produces token
func GenerateBLSKeys ¶
GenerateBLSKeys - generate BLS12-381 Pub/Priv key from seed
func GenerateBLSKeysV2 ¶
GenerateBLSKeysV2 - generate BLS12-381 Pub/Priv key from seed using the version 2 BLS KDF implementation The input bit seed length must be a minumum of
func GenerateProofFromTree ¶
GenerateProofFromTree generates a set memebership proof for an asset if and only if that asset is a leaf element in of the Merkle Tree (tree) supplied with position (pos) Note that for this generator the asset has to match both the value and the address of the tree element with the position specified i.e. it has to be an element of the tree supplied to the generator.
func GetClientSecret ¶
GetClientSecret generates the client secret of the identity and the master secret
func GetServerSecret ¶
GetServerSecret generates the server secret of the master secret
func HashMerkleBranchesB ¶
HashMerkleBranches takes two hashes, treated as the left and right tree nodes, and returns the hash of their concatenation. This is a helper function used to aid in the generation of a merkle tree.
func NewMasterSecret ¶
NewMasterSecret generates a new random master secret
func RecombineClientSecret ¶
RecombineClientSecret combines the full client secret out of client secret shares
func RecombineServerSecret ¶
RecombineServerSecret combines the full server secret out of server secret shares
func Secp256k1Decrypt ¶
Secp256k1Decrypt decrypts an encrypoted message using ECP_SECP256K1_ECIES
func Secp256k1Encrypt ¶
Secp256k1Encrypt encrypts a message using ECP_SECP256K1_ECIES
func ServerOnePass ¶
func ServerOnePass(client *Client1PassResult, ss []byte, msg []byte, timeBounds int64) error
ServerOnePass performs ZKP MFA One Pass on the server
Types ¶
type Client1Option ¶
type Client1Option = func(*ClientPass1Result) error
func WithPredefinedX ¶
func WithPredefinedX(x []byte) Client1Option
WithPredefinedX is used to fix the X value for testing
type Client1PassResult ¶
Client1PassResult is holds the result of One-Pass Client
func ClientOnePass ¶
func ClientOnePass(id []byte, pin int, rng *Rand, token []byte, msg []byte, opts ...Client1Option) (*Client1PassResult, error)
ClientOnePass performs ZKP MFA One Pass on the client
type ClientPass1Result ¶
ClientPass1Result holds the result of the Client Pass1
func ClientPass1 ¶
func ClientPass1(id []byte, pin int, rng *Rand, token []byte, opts ...Client1Option) (*ClientPass1Result, error)
ClientPass1 performs Pass1 on the client when using 2-pass protocol
type Hash ¶
Hash represents the double sha256 of data.
func DoubleHashH ¶
DoubleHashH calculates hash(hash(b)) and returns the resulting bytes as a Hash.
func NewHash ¶
NewHash returns a new Hash from a byte slice. An error is returned if the number of bytes passed in is not HashSize.
func NewHashFromStr ¶
NewHashFromStr creates a Hash from a hash string. The string should be the hexadecimal string of a byte-reversed hash, but any missing characters result in zero padding at the end of the Hash.
type ID ¶
type ID struct { Identity string `json:"id"` Curve string `json:"curve"` CreatedAt int64 `json:"created"` // contains filtered or unexported fields }
ID is the ZKP ID struct
func IDFromBytes ¶
IDFromBytes decodes a hex-encodded ID
type Octet ¶
Octet adds functionality around C octet
func (*Octet) ClearAndFree ¶
func (o *Octet) ClearAndFree()
type ServerPass1Result ¶
ServerPass1Result holds the result of the Server Pass1
func ServerPass1 ¶
func ServerPass1(id []byte, rand *Rand) (*ServerPass1Result, error)
ServerPass1 performs Pass1 on the server when using 2-pass protocol