Documentation ¶
Index ¶
- Constants
- func PheErrorHandleStatus(status C.vsce_status_t) error
- type PheCipher
- func (obj *PheCipher) AuthDecrypt(cipherText []byte, additionalData []byte, accountKey []byte) ([]byte, error)
- func (obj *PheCipher) AuthEncrypt(plainText []byte, additionalData []byte, accountKey []byte) ([]byte, error)
- func (obj *PheCipher) Ctx() uintptr
- func (obj *PheCipher) Decrypt(cipherText []byte, accountKey []byte) ([]byte, error)
- func (obj *PheCipher) DecryptLen(cipherTextLen uint) uint
- func (obj *PheCipher) Delete()
- func (obj *PheCipher) Encrypt(plainText []byte, accountKey []byte) ([]byte, error)
- func (obj *PheCipher) EncryptLen(plainTextLen uint) uint
- func (obj *PheCipher) SetRandom(random foundation.Random)
- func (obj *PheCipher) SetupDefaults() error
- type PheClient
- func (obj *PheClient) CheckResponseAndDecrypt(password []byte, enrollmentRecord []byte, verifyPasswordResponse []byte) ([]byte, error)
- func (obj *PheClient) CreateVerifyPasswordRequest(password []byte, enrollmentRecord []byte) ([]byte, error)
- func (obj *PheClient) Ctx() uintptr
- func (obj *PheClient) Delete()
- func (obj *PheClient) EnrollAccount(enrollmentResponse []byte, password []byte) ([]byte, []byte, error)
- func (obj *PheClient) EnrollmentRecordLen() uint
- func (obj *PheClient) GenerateClientPrivateKey() ([]byte, error)
- func (obj *PheClient) RotateKeys(updateToken []byte) ([]byte, []byte, error)
- func (obj *PheClient) SetKeys(clientPrivateKey []byte, serverPublicKey []byte) error
- func (obj *PheClient) SetOperationRandom(operationRandom foundation.Random)
- func (obj *PheClient) SetRandom(random foundation.Random)
- func (obj *PheClient) SetupDefaults() error
- func (obj *PheClient) UpdateEnrollmentRecord(enrollmentRecord []byte, updateToken []byte) ([]byte, error)
- func (obj *PheClient) VerifyPasswordRequestLen() uint
- type PheCommon
- type PheError
- type PheImplementation
- type PheServer
- func (obj *PheServer) Ctx() uintptr
- func (obj *PheServer) Delete()
- func (obj *PheServer) EnrollmentResponseLen() uint
- func (obj *PheServer) GenerateServerKeyPair() ([]byte, []byte, error)
- func (obj *PheServer) GetEnrollment(serverPrivateKey []byte, serverPublicKey []byte) ([]byte, error)
- func (obj *PheServer) RotateKeys(serverPrivateKey []byte) ([]byte, []byte, []byte, error)
- func (obj *PheServer) SetOperationRandom(operationRandom foundation.Random)
- func (obj *PheServer) SetRandom(random foundation.Random)
- func (obj *PheServer) SetupDefaults() error
- func (obj *PheServer) UpdateTokenLen() uint
- func (obj *PheServer) VerifyPassword(serverPrivateKey []byte, serverPublicKey []byte, verifyPasswordRequest []byte) ([]byte, error)
- func (obj *PheServer) VerifyPasswordResponseLen() uint
- type UokmsClient
- func (obj *UokmsClient) Ctx() uintptr
- func (obj *UokmsClient) DecryptOneparty(wrap []byte, encryptionKeyLen uint) ([]byte, error)
- func (obj *UokmsClient) Delete()
- func (obj *UokmsClient) GenerateClientPrivateKey() ([]byte, error)
- func (obj *UokmsClient) GenerateDecryptRequest(wrap []byte) ([]byte, []byte, error)
- func (obj *UokmsClient) GenerateEncryptWrap(encryptionKeyLen uint) ([]byte, []byte, error)
- func (obj *UokmsClient) GenerateUpdateTokenOneparty() ([]byte, error)
- func (obj *UokmsClient) ProcessDecryptResponse(wrap []byte, decryptRequest []byte, decryptResponse []byte, ...) ([]byte, error)
- func (obj *UokmsClient) RotateKeys(updateToken []byte) ([]byte, []byte, error)
- func (obj *UokmsClient) RotateKeysOneparty(updateToken []byte) ([]byte, error)
- func (obj *UokmsClient) SetKeys(clientPrivateKey []byte, serverPublicKey []byte) error
- func (obj *UokmsClient) SetKeysOneparty(clientPrivateKey []byte) error
- func (obj *UokmsClient) SetOperationRandom(operationRandom foundation.Random)
- func (obj *UokmsClient) SetRandom(random foundation.Random)
- func (obj *UokmsClient) SetupDefaults() error
- type UokmsServer
- func (obj *UokmsServer) Ctx() uintptr
- func (obj *UokmsServer) DecryptResponseLen() uint
- func (obj *UokmsServer) Delete()
- func (obj *UokmsServer) GenerateServerKeyPair() ([]byte, []byte, error)
- func (obj *UokmsServer) ProcessDecryptRequest(serverPrivateKey []byte, decryptRequest []byte) ([]byte, error)
- func (obj *UokmsServer) RotateKeys(serverPrivateKey []byte) ([]byte, []byte, []byte, error)
- func (obj *UokmsServer) SetOperationRandom(operationRandom foundation.Random)
- func (obj *UokmsServer) SetRandom(random foundation.Random)
- func (obj *UokmsServer) SetupDefaults() error
- type UokmsWrapRotation
- func (obj *UokmsWrapRotation) Ctx() uintptr
- func (obj *UokmsWrapRotation) Delete()
- func (obj *UokmsWrapRotation) SetOperationRandom(operationRandom foundation.Random)
- func (obj *UokmsWrapRotation) SetUpdateToken(updateToken []byte) error
- func (obj *UokmsWrapRotation) SetupDefaults() error
- func (obj *UokmsWrapRotation) UpdateWrap(wrap []byte) ([]byte, error)
Constants ¶
const ( /* * PHE elliptic curve point binary length */ PheCommonPhePointLength uint = 65 /* * PHE max password length */ PheCommonPheMaxPasswordLength uint = 128 /* * PHE server identifier length */ PheCommonPheServerIdentifierLength uint = 32 /* * PHE client identifier length */ PheCommonPheClientIdentifierLength uint = 32 /* * PHE account key length */ PheCommonPheAccountKeyLength uint = 32 /* * PHE private key length */ PheCommonPhePrivateKeyLength uint = 32 /* * PHE public key length */ PheCommonPhePublicKeyLength uint = 65 /* * PHE hash length */ PheCommonPheHashLen uint = 32 /* * Maximum data size to encrypt */ PheCommonPheMaxEncryptLen uint = 1024*1024 - 64 /* * Maximum data size to decrypt */ PheCommonPheMaxDecryptLen uint = 1024 * 1024 /* * Maximum data to authenticate */ PheCommonPheMaxAuthLen uint = 1024 )
const ( /* * Success proof check failed. */ PheErrorErrorInvalidSuccessProof int = -1 /* * Failure proof check failed. */ PheErrorErrorInvalidFailProof int = -2 /* * RNG returned error. */ PheErrorErrorRNGFailed int = -3 /* * Protobuf decode failed. */ PheErrorErrorProtobufDecodeFailed int = -4 /* * Invalid public key. */ PheErrorErrorInvalidPublicKey int = -5 /* * Invalid private key. */ PheErrorErrorInvalidPrivateKey int = -6 /* * AES error occurred. */ PheErrorErrorAESFailed int = -7 )
Variables ¶
This section is empty.
Functions ¶
func PheErrorHandleStatus ¶
func PheErrorHandleStatus(status C.vsce_status_t) error
Check given C status, and if it's not "success" then raise correspond error.
Types ¶
type PheCipher ¶
type PheCipher struct {
// contains filtered or unexported fields
}
* Class for encryption using PHE account key * This class is thread-safe.
func NewPheCipher ¶
func NewPheCipher() *PheCipher
func (*PheCipher) AuthDecrypt ¶
func (obj *PheCipher) AuthDecrypt(cipherText []byte, additionalData []byte, accountKey []byte) ([]byte, error)
* Decrypts data (and verifies additional data) using account key
func (*PheCipher) AuthEncrypt ¶
func (obj *PheCipher) AuthEncrypt(plainText []byte, additionalData []byte, accountKey []byte) ([]byte, error)
* Encrypts data (and authenticates additional data) using account key
func (*PheCipher) DecryptLen ¶
* Returns buffer capacity needed to fit plain text
func (*PheCipher) EncryptLen ¶
* Returns buffer capacity needed to fit cipher text
func (*PheCipher) SetRandom ¶
func (obj *PheCipher) SetRandom(random foundation.Random)
* Random used for salt generation
func (*PheCipher) SetupDefaults ¶
* Setups dependencies with default values.
type PheClient ¶
type PheClient struct {
// contains filtered or unexported fields
}
* Class for client-side PHE crypto operations. * This class is thread-safe in case if VSCE_MULTI_THREADING defined.
func NewPheClient ¶
func NewPheClient() *PheClient
func (*PheClient) CheckResponseAndDecrypt ¶
func (obj *PheClient) CheckResponseAndDecrypt(password []byte, enrollmentRecord []byte, verifyPasswordResponse []byte) ([]byte, error)
* Verifies PHE server's answer * If login succeeded, extracts account key * If login failed account key will be empty
func (*PheClient) CreateVerifyPasswordRequest ¶
func (obj *PheClient) CreateVerifyPasswordRequest(password []byte, enrollmentRecord []byte) ([]byte, error)
* Creates a request for further password verification at the PHE server side.
func (*PheClient) EnrollAccount ¶
func (obj *PheClient) EnrollAccount(enrollmentResponse []byte, password []byte) ([]byte, []byte, error)
* Uses fresh EnrollmentResponse from PHE server (see get enrollment func) and user's password (or its hash) to create * a new EnrollmentRecord which is then supposed to be stored in a database for further authentication * Also generates a random seed which then can be used to generate symmetric or private key to protect user's data
func (*PheClient) EnrollmentRecordLen ¶
* Buffer size needed to fit EnrollmentRecord
func (*PheClient) GenerateClientPrivateKey ¶
* Generates client private key
func (*PheClient) RotateKeys ¶
* Updates client's private key and server's public key using server's update token * Use output values to instantiate new client instance with new keys
func (*PheClient) SetKeys ¶
* Sets client private and server public key * Call this method before any other methods except `update enrollment record` and `generate client private key` * This function should be called only once
func (*PheClient) SetOperationRandom ¶
func (obj *PheClient) SetOperationRandom(operationRandom foundation.Random)
* Random used for crypto operations to make them const-time
func (*PheClient) SetRandom ¶
func (obj *PheClient) SetRandom(random foundation.Random)
* Random used for key generation, proofs, etc.
func (*PheClient) SetupDefaults ¶
* Setups dependencies with default values.
func (*PheClient) UpdateEnrollmentRecord ¶
func (obj *PheClient) UpdateEnrollmentRecord(enrollmentRecord []byte, updateToken []byte) ([]byte, error)
* Updates EnrollmentRecord using server's update token
func (*PheClient) VerifyPasswordRequestLen ¶
* Buffer size needed to fit VerifyPasswordRequest
type PheImplementation ¶
type PheImplementation struct { }
type PheServer ¶
type PheServer struct {
// contains filtered or unexported fields
}
* Class for server-side PHE crypto operations. * This class is thread-safe in case if VSCE_MULTI_THREADING defined.
func NewPheServer ¶
func NewPheServer() *PheServer
func (*PheServer) EnrollmentResponseLen ¶
* Buffer size needed to fit EnrollmentResponse
func (*PheServer) GenerateServerKeyPair ¶
* Generates new NIST P-256 server key pair for some client
func (*PheServer) GetEnrollment ¶
func (obj *PheServer) GetEnrollment(serverPrivateKey []byte, serverPublicKey []byte) ([]byte, error)
* Generates a new random enrollment and proof for a new user
func (*PheServer) RotateKeys ¶
* Updates server's private and public keys and issues an update token for use on client's side
func (*PheServer) SetOperationRandom ¶
func (obj *PheServer) SetOperationRandom(operationRandom foundation.Random)
* Random used for crypto operations to make them const-time
func (*PheServer) SetRandom ¶
func (obj *PheServer) SetRandom(random foundation.Random)
* Random used for key generation, proofs, etc.
func (*PheServer) SetupDefaults ¶
* Setups dependencies with default values.
func (*PheServer) UpdateTokenLen ¶
* Buffer size needed to fit UpdateToken
func (*PheServer) VerifyPassword ¶
func (obj *PheServer) VerifyPassword(serverPrivateKey []byte, serverPublicKey []byte, verifyPasswordRequest []byte) ([]byte, error)
* Verifies existing user's password and generates response with proof
func (*PheServer) VerifyPasswordResponseLen ¶
* Buffer size needed to fit VerifyPasswordResponse
type UokmsClient ¶
type UokmsClient struct {
// contains filtered or unexported fields
}
* Class implements UOKMS for client-side.
func NewUokmsClient ¶
func NewUokmsClient() *UokmsClient
func (*UokmsClient) DecryptOneparty ¶ added in v6.0.2
func (obj *UokmsClient) DecryptOneparty(wrap []byte, encryptionKeyLen uint) ([]byte, error)
* Decrypt
func (*UokmsClient) GenerateClientPrivateKey ¶
func (obj *UokmsClient) GenerateClientPrivateKey() ([]byte, error)
* Generates client private key
func (*UokmsClient) GenerateDecryptRequest ¶
func (obj *UokmsClient) GenerateDecryptRequest(wrap []byte) ([]byte, []byte, error)
* Generates request to decrypt data, this request should be sent to the server. * Server response is then passed to "process decrypt response" where encryption key can be decapsulated
func (*UokmsClient) GenerateEncryptWrap ¶
func (obj *UokmsClient) GenerateEncryptWrap(encryptionKeyLen uint) ([]byte, []byte, error)
* Generates new encrypt wrap (which should be stored and then used for decryption) + encryption key * of "encryption key len" that can be used for symmetric encryption
func (*UokmsClient) GenerateUpdateTokenOneparty ¶ added in v6.0.2
func (obj *UokmsClient) GenerateUpdateTokenOneparty() ([]byte, error)
* Generates update token for one-party mode
func (*UokmsClient) ProcessDecryptResponse ¶
func (obj *UokmsClient) ProcessDecryptResponse(wrap []byte, decryptRequest []byte, decryptResponse []byte, deblindFactor []byte, encryptionKeyLen uint) ([]byte, error)
* Processed server response, checks server proof and decapsulates encryption key
func (*UokmsClient) RotateKeys ¶
func (obj *UokmsClient) RotateKeys(updateToken []byte) ([]byte, []byte, error)
* Rotates client and server keys using given update token obtained from server
func (*UokmsClient) RotateKeysOneparty ¶ added in v6.0.2
func (obj *UokmsClient) RotateKeysOneparty(updateToken []byte) ([]byte, error)
* Rotates client key using given update token obtained from server
func (*UokmsClient) SetKeys ¶
func (obj *UokmsClient) SetKeys(clientPrivateKey []byte, serverPublicKey []byte) error
* Sets client private and server public key * Call this method before any other methods * This function should be called only once
func (*UokmsClient) SetKeysOneparty ¶ added in v6.0.2
func (obj *UokmsClient) SetKeysOneparty(clientPrivateKey []byte) error
* Sets client private * Call this method before any other methods * This function should be called only once
func (*UokmsClient) SetOperationRandom ¶
func (obj *UokmsClient) SetOperationRandom(operationRandom foundation.Random)
* Random used for crypto operations to make them const-time
func (*UokmsClient) SetRandom ¶
func (obj *UokmsClient) SetRandom(random foundation.Random)
* Random used for key generation, proofs, etc.
func (*UokmsClient) SetupDefaults ¶
func (obj *UokmsClient) SetupDefaults() error
* Setups dependencies with default values.
type UokmsServer ¶
type UokmsServer struct {
// contains filtered or unexported fields
}
* Class implements UOKMS for server-side.
func NewUokmsServer ¶
func NewUokmsServer() *UokmsServer
func (*UokmsServer) DecryptResponseLen ¶
func (obj *UokmsServer) DecryptResponseLen() uint
* Buffer size needed to fit DecryptResponse
func (*UokmsServer) GenerateServerKeyPair ¶
func (obj *UokmsServer) GenerateServerKeyPair() ([]byte, []byte, error)
* Generates new NIST P-256 server key pair for some client
func (*UokmsServer) ProcessDecryptRequest ¶
func (obj *UokmsServer) ProcessDecryptRequest(serverPrivateKey []byte, decryptRequest []byte) ([]byte, error)
* Processed client's decrypt request
func (*UokmsServer) RotateKeys ¶
* Updates server's private and public keys and issues an update token for use on client's side
func (*UokmsServer) SetOperationRandom ¶
func (obj *UokmsServer) SetOperationRandom(operationRandom foundation.Random)
* Random used for crypto operations to make them const-time
func (*UokmsServer) SetRandom ¶
func (obj *UokmsServer) SetRandom(random foundation.Random)
* Random used for key generation, proofs, etc.
func (*UokmsServer) SetupDefaults ¶
func (obj *UokmsServer) SetupDefaults() error
* Setups dependencies with default values.
type UokmsWrapRotation ¶
type UokmsWrapRotation struct {
// contains filtered or unexported fields
}
* Implements wrap rotation.
func NewUokmsWrapRotation ¶
func NewUokmsWrapRotation() *UokmsWrapRotation
func (*UokmsWrapRotation) Ctx ¶
func (obj *UokmsWrapRotation) Ctx() uintptr
Handle underlying C context.
func (*UokmsWrapRotation) Delete ¶
func (obj *UokmsWrapRotation) Delete()
* Release underlying C context.
func (*UokmsWrapRotation) SetOperationRandom ¶
func (obj *UokmsWrapRotation) SetOperationRandom(operationRandom foundation.Random)
* Random used for crypto operations to make them const-time
func (*UokmsWrapRotation) SetUpdateToken ¶
func (obj *UokmsWrapRotation) SetUpdateToken(updateToken []byte) error
* Sets update token. Should be called only once and before any other function
func (*UokmsWrapRotation) SetupDefaults ¶
func (obj *UokmsWrapRotation) SetupDefaults() error
* Setups dependencies with default values.
func (*UokmsWrapRotation) UpdateWrap ¶
func (obj *UokmsWrapRotation) UpdateWrap(wrap []byte) ([]byte, error)
* Updates EnrollmentRecord using server's update token