ecdaa

package module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2024 License: MIT Imports: 12 Imported by: 0

README

ecdaa

A library of ECDAA with TPM (Trusted Platform Module).

ECDAA is a privacy-enhancing cryptographic primitive. ECDAA prevents tracking but attests that the computer is in some group.

The central use-case of ECDAA is proving the manufacturer of computers for security reasons (e.g. prove how secret keys are stored) but the end-user is concerned about tracking.

This library mainly supports the FIDO ECDAA, but it uses TPM2_Sign instead of TPM2_Certify for extensibility.

Installation

go get github.com/akakou/ecdaa

Test

WARNING: All keys in TPM are deleted.

sudo tpm2_clear && sudo go test --run TestAll

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decode 

func Decode[T any](target T, buf []byte) error

func Encode 

func Encode[T any](data T) ([]byte, error)

func EncodeRevocationList 

func EncodeRevocationList(list RevocationList) [][]byte

func ExampleInitialize 

func ExampleInitialize(rng *core.RAND) (*Issuer, *SWSigner, error)

func ExampleTPMInitialize 

func ExampleTPMInitialize(tpm *tpm_utils.TPM, rng *core.RAND) (*Issuer, *TPMSigner, error)

func GenJoinReqWithTPM 

func GenJoinReqWithTPM(seed *JoinSeed, tpm *tpm_utils.TPM, rng *core.RAND) (*JoinRequestTPM, *KeyHandles, error)

func Verify 

func Verify(message, basename []byte, signature *Signature, ipk *IPK, rl RevocationList) error

func VerifyCred 

func VerifyCred(cred *Credential, ipk *IPK) error

func VerifyIPK 

func VerifyIPK(ipk *IPK) error

*

  • Check IPK is valid.

func VerifyJoinReq 

func VerifyJoinReq(req *JoinRequest, seed *JoinSeed, B *FP256BN.ECP) error

Types

type Credential 

type Credential struct {
	A, B, C, D *FP256BN.ECP
}

func ActivateCredential 

func ActivateCredential(
	encCred *CredentialCipher,
	B, D *FP256BN.ECP,
	ipk *IPK,
	handle *KeyHandles,
	tpm *tpm_utils.TPM) (*Credential, error)

*

  • Step4. activate credential for join with TPM2_activate_credential (by Member)

func RandomizeCred 

func RandomizeCred(cred *Credential, rng *core.RAND) *Credential

func (*Credential) Decode 

func (decoded *Credential) Decode(encoded []byte) error

func (*Credential) Encode 

func (cred *Credential) Encode() ([]byte, error)

type CredentialCipher 

type CredentialCipher struct {
	A, C []byte

	WrappedCredential []byte
	IdObject          []byte
	EncA              []byte
	EncC              []byte
	IV                []byte
}

func (*CredentialCipher) Decode 

func (decoded *CredentialCipher) Decode(buf []byte) error

func (*CredentialCipher) Encode 

func (cipher *CredentialCipher) Encode() ([]byte, error)

type IPK 

type IPK struct {
	X  *FP256BN.ECP2
	Y  *FP256BN.ECP2
	C  *FP256BN.BIG
	SX *FP256BN.BIG
	SY *FP256BN.BIG
}

*

  • IPL: Issuer's Public Key.

func RandomIPK 

func RandomIPK(isk *ISK, rng *core.RAND) IPK

*

  • Generate IPK with random and ISK.

func (*IPK) Decode 

func (decoded *IPK) Decode(encoded []byte) error

func (*IPK) Encode 

func (ipk *IPK) Encode() ([]byte, error)

type ISK 

type ISK struct {
	X *FP256BN.BIG
	Y *FP256BN.BIG
}

*

  • ISK: Issuer's Secret Key.

func RandomISK 

func RandomISK(rng *core.RAND) ISK

*

  • Generate IPK with random.

func (*ISK) Decode 

func (isk *ISK) Decode(encoded []byte) error

func (*ISK) Encode 

func (isk *ISK) Encode() ([]byte, error)

type Issuer 

type Issuer struct {
	Ipk IPK
	Isk ISK
}

func NewIssuer 

func NewIssuer(isk ISK, ipk IPK) Issuer

func RandomIssuer 

func RandomIssuer(rng *core.RAND) Issuer

func (*Issuer) MakeCred 

func (issuer *Issuer) MakeCred(req *JoinRequest, B *FP256BN.ECP, rng *core.RAND) (*Credential, error)

*

  • Step3. make credential for join (by Issuer)

func (*Issuer) MakeCredEncrypted 

func (issuer *Issuer) MakeCredEncrypted(req *JoinRequestTPM, B *FP256BN.ECP, rng *core.RAND) (*CredentialCipher, *Credential, error)

type JoinRequest 

type JoinRequest struct {
	Proof *SchnorrProof
	Q     *FP256BN.ECP
}

func GenJoinReq 

func GenJoinReq(seed *JoinSeed, rng *core.RAND) (*JoinRequest, *FP256BN.BIG, error)

*

  • Step2. generate request for join (by Member)

func (*JoinRequest) Decode 

func (decoded *JoinRequest) Decode(encoded []byte) error

func (*JoinRequest) Encode 

func (request *JoinRequest) Encode() ([]byte, error)

type JoinRequestTPM 

type JoinRequestTPM struct {
	JoinReq *JoinRequest
	EKCert  *x509.Certificate
	SrkName []byte
}

func (*JoinRequestTPM) Decode 

func (decoded *JoinRequestTPM) Decode(encoded []byte) error

func (*JoinRequestTPM) Encode 

func (request *JoinRequestTPM) Encode() ([]byte, error)

type JoinSeed 

type JoinSeed struct {
	Basename []byte
	S2       []byte
	Y2       *FP256BN.BIG
}

func GenJoinSeed 

func GenJoinSeed(rng *core.RAND) (*JoinSeed, *FP256BN.ECP, error)

func (*JoinSeed) Decode 

func (decoded *JoinSeed) Decode(encoded []byte) error

func (*JoinSeed) Encode 

func (seeds *JoinSeed) Encode() ([]byte, error)

type KeyHandles 

type KeyHandles struct {
	EkHandle  *tpm2.AuthHandle
	SrkHandle *tpm2.NamedHandle
	Handle    *tpm2.AuthHandle
}

type Member 

type Member struct {
	Tpm        *tpm_utils.TPM
	KeyHandles *KeyHandles
}

func NewMember 

func NewMember(tpm *tpm_utils.TPM) Member

type MiddleEncodedCredCipher 

type MiddleEncodedCredCipher struct {
	WrappedCredential []byte
	IdObject          []byte
	EncA              []byte
	EncC              []byte
	IV                []byte
}

type MiddleEncodedCredential 

type MiddleEncodedCredential struct {
	A []byte
	B []byte
	C []byte
	D []byte
}

type MiddleEncodedIPK 

type MiddleEncodedIPK struct {
	X  []byte
	Y  []byte
	C  []byte
	SX []byte
	SY []byte
}

type MiddleEncodedISK 

type MiddleEncodedISK struct {
	X []byte
	Y []byte
}

type MiddleEncodedJoinRequest 

type MiddleEncodedJoinRequest struct {
	Proof []byte
	Q     []byte
}

type MiddleEncodedJoinRequestTPM 

type MiddleEncodedJoinRequestTPM struct {
	JoinReq []byte
	EKCert  []byte
	SrkName []byte
}

type MiddleEncodedJoinSeed 

type MiddleEncodedJoinSeed struct {
	Basename []byte
	S2       []byte
	Y2       []byte
}

type MiddleEncodedProof 

type MiddleEncodedProof struct {
	SmallC []byte
	SmallN []byte
	SmallS []byte
	K      []byte
}

type MiddleEncodedSignature 

type MiddleEncodedSignature struct {
	Credential []byte
	Proof      []byte
}

type RevocationList 

type RevocationList = []*FP256BN.BIG

func DecodeRevocationList 

func DecodeRevocationList(list [][]byte) RevocationList

type SWSigner 

type SWSigner struct {
	// contains filtered or unexported fields
}

func NewSWSigner 

func NewSWSigner(cred *Credential, sk *FP256BN.BIG) SWSigner

func (SWSigner) Sign 

func (signer SWSigner) Sign(
	message,
	basename []byte,
	rng *core.RAND) (*Signature, error)

type SchnorrProof 

type SchnorrProof struct {
	SmallC *FP256BN.BIG
	SmallS *FP256BN.BIG
	SmallN *FP256BN.BIG
	K      *FP256BN.ECP
}

func (*SchnorrProof) Decode 

func (decoded *SchnorrProof) Decode(encoded []byte) error

func (*SchnorrProof) Encode 

func (proof *SchnorrProof) Encode() ([]byte, error)

type SchnorrProver 

type SchnorrProver struct{}

type Signature 

type Signature struct {
	Proof          *SchnorrProof
	RandomizedCred *Credential
}

func (*Signature) Decode 

func (decoded *Signature) Decode(encoded []byte) error

func (*Signature) Encode 

func (signature *Signature) Encode() ([]byte, error)

type Signer 

type Signer interface {
	Sign(message, basename []byte, rng *core.RAND) (*Signature, error)
}

type TPMSigner 

type TPMSigner struct {
	// contains filtered or unexported fields
}

func NewTPMSigner 

func NewTPMSigner(cred *Credential, handle *KeyHandles, tpm *tpm_utils.TPM) TPMSigner

func (*TPMSigner) Sign 

func (signer *TPMSigner) Sign(message, basename []byte, rng *core.RAND) (*Signature, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.