Documentation ¶
Index ¶
- Constants
- Variables
- func CalculateLeaves(fileSize uint64) uint64
- func GenerateKeyPair() (sk SecretKey, pk PublicKey, err error)
- func GenerateKeyPairDeterministic(entropy [EntropySize]byte) (SecretKey, PublicKey)
- func NewHash() hash.Hash
- func Perm(n int) ([]int, error)
- func RandBytes(n int) ([]byte, error)
- func RandIntn(n int) (int, error)
- func ReadSignedObject(r io.Reader, obj interface{}, maxLen uint64, pk PublicKey) error
- func SecureWipe(data []byte)
- func SignObject(obj interface{}, sk SecretKey) []byte
- func VerifyHash(data Hash, pk PublicKey, sig Signature) error
- func VerifyObject(data []byte, obj interface{}, pk PublicKey) error
- func VerifySegment(base []byte, hashSet []Hash, numSegments, proofIndex uint64, root Hash) bool
- func WriteSignedObject(w io.Writer, obj interface{}, sk SecretKey) error
- type Ciphertext
- type Hash
- func BuildReaderProof(r io.Reader, proofIndex uint64) (base []byte, hashSet []Hash, err error)
- func HashAll(objs ...interface{}) Hash
- func HashBytes(data []byte) Hash
- func HashObject(obj interface{}) Hash
- func MerkleRoot(leaves [][]byte) (h Hash)
- func ReaderMerkleRoot(r io.Reader) (h Hash, err error)
- type HashSlice
- type MerkleTree
- type PublicKey
- type SecretKey
- type Signature
- type TwofishKey
Constants ¶
const ( // EntropySize defines the amount of entropy necessary to do secure // cryptographic operations, in bytes. EntropySize = ed25519.EntropySize // PublicKeySize defines the size of public keys in bytes. PublicKeySize = ed25519.PublicKeySize // SecretKeySize defines the size of secret keys in bytes. SecretKeySize = ed25519.SecretKeySize // SignatureSize defines the size of signatures in bytes. SignatureSize = ed25519.SignatureSize )
const (
HashSize = 32
)
const (
SegmentSize = 64 // number of bytes that are hashed to form each base leaf of the Merkle tree
)
const (
TwofishOverhead = 28 // number of bytes added by EncryptBytes
)
Variables ¶
var (
ErrHashWrongLen = errors.New("encoded value has the wrong length to be a hash")
)
var (
ErrInsufficientLen = errors.New("supplied ciphertext is not long enough to contain a nonce")
)
Functions ¶
func CalculateLeaves ¶ added in v0.3.3
Calculates the number of leaves in the file when building a Merkle tree.
func GenerateKeyPair ¶ added in v1.0.0
GenerateKeyPair creates a public-secret keypair that can be used to sign and verify messages.
func GenerateKeyPairDeterministic ¶ added in v1.0.0
func GenerateKeyPairDeterministic(entropy [EntropySize]byte) (SecretKey, PublicKey)
GenerateKeyPairDeterministic generates keys deterministically using the input entropy. The input entropy must be 32 bytes in length.
func Perm ¶ added in v1.0.0
Perm returns, as a slice of n ints, a random permutation of the integers [0,n).
func RandIntn ¶ added in v1.0.0
RandIntn returns a non-negative random integer in the range [0,n). It panics if n <= 0.
func ReadSignedObject ¶ added in v1.0.0
ReadSignedObject reads a length-prefixed object followed by its signature, and verifies the signature.
func SecureWipe ¶ added in v1.0.0
func SecureWipe(data []byte)
SecureWipe destroys the data contained within a byte slice. There are no strong guarantees that all copies of the memory have been eliminated. If the OS was doing context switching or using swap space the keys may still be elsewhere in memory.
func SignObject ¶
SignObject encodes an object and its signature.
func VerifyHash ¶ added in v0.3.0
VerifyHash uses a public key and input data to verify a signature.
func VerifyObject ¶
VerifyObject decodes an object and verifies its signature.
func VerifySegment ¶ added in v0.3.0
VerifySegment will verify that a segment, given the proof, is a part of a merkle root.
Types ¶
type Ciphertext ¶ added in v0.3.1
type Ciphertext []byte
func (Ciphertext) MarshalJSON ¶ added in v1.0.0
func (c Ciphertext) MarshalJSON() ([]byte, error)
func (*Ciphertext) UnmarshalJSON ¶ added in v1.0.0
func (c *Ciphertext) UnmarshalJSON(b []byte) error
type Hash ¶ added in v0.3.0
func BuildReaderProof ¶ added in v0.3.0
BuildReaderProof will build a storage proof when given a reader.
func HashAll ¶ added in v0.3.0
func HashAll(objs ...interface{}) Hash
HashAll takes a set of objects as input, encodes them all using the encoding package, and then hashes the result.
func HashObject ¶ added in v0.3.0
func HashObject(obj interface{}) Hash
HashObject takes an object as input, encodes it using the encoding package, and then hashes the result.
func MerkleRoot ¶ added in v0.3.0
MerkleRoot calculates the "root hash" formed by repeatedly concatenating and hashing a binary tree of hashes. If the number of leaves is not a power of 2, the orphan hash(es) are not rehashed. Examples:
┌───┴──┐ ┌────┴───┐ ┌─────┴─────┐ ┌──┴──┐ │ ┌──┴──┐ │ ┌──┴──┐ ┌──┴──┐ ┌─┴─┐ ┌─┴─┐ │ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ │ (5-leaf) (6-leaf) (7-leaf)
func ReaderMerkleRoot ¶ added in v0.3.0
ReaderMerkleRoot returns the merkle root of a reader.
func (Hash) MarshalJSON ¶ added in v1.0.0
MarshalJSON marshales a hash as a hex string.
func (*Hash) UnmarshalJSON ¶ added in v1.0.0
UnmarshalJSON decodes the json hex string of the hash.
type HashSlice ¶ added in v0.3.0
type HashSlice []Hash
HashSlice is used for sorting
type MerkleTree ¶ added in v1.0.0
type MerkleTree struct {
*merkletree.Tree
}
func NewTree ¶ added in v0.3.0
func NewTree() MerkleTree
NewTree returns a tree object that can be used to get the merkle root of a dataset.
func (MerkleTree) PushObject ¶ added in v1.0.0
func (t MerkleTree) PushObject(obj interface{})
PushObject encodes and adds the hash of the encoded object to the tree as a leaf.
func (MerkleTree) ReadSegments ¶
func (t MerkleTree) ReadSegments(r io.Reader) error
ReadSegments reads segments from r into the tree. If EOF is encountered mid-segment, the leaf is resized to the number of bytes read and then added to the tree. No error is returned unless err != io.EOF && err != io.errUnexpectedEOF
func (MerkleTree) Root ¶ added in v1.0.0
func (t MerkleTree) Root() (h Hash)
Root returns the Merkle root of all the objects pushed to the tree.
type PublicKey ¶
type PublicKey [PublicKeySize]byte
PublicKey is an object that can be used to verify signatures.
type SecretKey ¶
type SecretKey [SecretKeySize]byte
SecretKey can be used to sign data for the corresponding public key.
type Signature ¶
type Signature [SignatureSize]byte
Signature proves that data was signed by the owner of a particular public key's corresponding secret key.
type TwofishKey ¶ added in v0.3.0
type TwofishKey [EntropySize]byte
func GenerateTwofishKey ¶ added in v0.3.0
func GenerateTwofishKey() (key TwofishKey, err error)
GenerateEncryptionKey produces a key that can be used for encrypting and decrypting files.
func (TwofishKey) DecryptBytes ¶ added in v0.3.0
func (key TwofishKey) DecryptBytes(ct Ciphertext) ([]byte, error)
DecryptBytes decrypts the ciphertext created by EncryptBytes. The nonce is expected to be the first 12 bytes of the ciphertext.
func (TwofishKey) EncryptBytes ¶ added in v0.3.0
func (key TwofishKey) EncryptBytes(plaintext []byte) (Ciphertext, error)
EncryptBytes encrypts a []byte using the key. EncryptBytes uses GCM and prepends the nonce (12 bytes) to the ciphertext.
func (TwofishKey) NewCipher ¶ added in v0.3.2
func (key TwofishKey) NewCipher() cipher.Block
NewCipher creates a new Twofish cipher from the key.