crypto

package
v0.0.0-...-fcad0bb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2024 License: AGPL-3.0 Imports: 20 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	// FalconSeedSize Represents the size in bytes of the random bytes used to generate Falcon keys
	FalconSeedSize = 48

	// FalconMaxSignatureSize Represents the max possible size in bytes of a falcon signature
	FalconMaxSignatureSize = cfalcon.CTSignatureSize
)
View Source 
const (
	Sha512_256Size    = sha512.Size256
	SumhashDigestSize = sumhash.Sumhash512DigestSize
	Sha256Size        = sha256.Size
)

size of each hash

View Source 
const DigestSize = sha512.Size256

DigestSize is the number of bytes in the preferred hash Digest used here.

View Source 
const MaxHashDigestSize = SumhashDigestSize

MaxHashDigestSize is used to bound the max digest size. it is important to change it if a hash with a longer output is introduced.

Variables

View Source 
var BlankSignature = Signature{}

BlankSignature is an empty signature structure, containing nothing but zeroes

View Source 
var (
	ErrBatchHasFailedSigs = errors.New("At least one signature didn't pass verification")
)

Batch verifications errors

View Source 
var SystemRNG = &systemRNG{}

SystemRNG implements the RNG interface using the system-wide randomness source (from Go's crypto/rand).

Functions

func DigestMaxSize 

func DigestMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func Ed25519PrivateKeyMaxSize 

func Ed25519PrivateKeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func Ed25519PublicKeyMaxSize 

func Ed25519PublicKeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func Ed25519SeedMaxSize 

func Ed25519SeedMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func Ed25519SignatureMaxSize 

func Ed25519SignatureMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func EphemeralSubkeyMaxSize 

func EphemeralSubkeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func FalconPrivateKeyMaxSize 

func FalconPrivateKeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func FalconPublicKeyMaxSize 

func FalconPublicKeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func FalconSeedMaxSize 

func FalconSeedMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func FalconSignatureMaxSize 

func FalconSignatureMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func FalconSignerMaxSize 

func FalconSignerMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func FalconVerifierMaxSize 

func FalconVerifierMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func GenericDigestMaxSize 

func GenericDigestMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func GenericHashObj 

func GenericHashObj[H Hashable](hsh hash.Hash, h H) []byte

GenericHashObj Makes it easier to sum using hash interface and Hashable interface

func HashFactoryMaxSize 

func HashFactoryMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func HashRep 

func HashRep[H Hashable](h H) []byte

HashRep appends the correct hashid before the message to be hashed.

func HashRepToBuff 

func HashRepToBuff(h Hashable, buffer []byte) []byte

HashRepToBuff appends the correct hashid before the message to be hashed into the provided buffer

func HashTypeMaxSize 

func HashTypeMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func HeartbeatProofMaxSize 

func HeartbeatProofMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func MasterDerivationKeyMaxSize 

func MasterDerivationKeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func MultisigAdd 

func MultisigAdd(unisig []MultisigSig, msig *MultisigSig) (err error)

MultisigAdd adds unisig to an existing msig

func MultisigBatchPrep 

func MultisigBatchPrep(msg Hashable, addr Digest, sig MultisigSig, batchVerifier BatchVerifier) error

MultisigBatchPrep performs checks on the assembled MultisigSig and adds to the batch. The caller must call batchVerifier.verify() to verify it.

func MultisigSigMaxSize 

func MultisigSigMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func MultisigSubsigMaxSize 

func MultisigSubsigMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func MultisigVerify 

func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (err error)

MultisigVerify verifies an assembled MultisigSig

func NewHash 

func NewHash() hash.Hash

NewHash returns a sha512-256 object to do the same operation as Hash()

func OneTimeSignatureMaxSize 

func OneTimeSignatureMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func OneTimeSignatureSecretsMaxSize 

func OneTimeSignatureSecretsMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func OneTimeSignatureSecretsPersistentMaxSize 

func OneTimeSignatureSecretsPersistentMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func OneTimeSignatureSubkeyBatchIDMaxSize 

func OneTimeSignatureSubkeyBatchIDMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func OneTimeSignatureSubkeyOffsetIDMaxSize 

func OneTimeSignatureSubkeyOffsetIDMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func OneTimeSignatureVerifierMaxSize 

func OneTimeSignatureVerifierMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func PrivateKeyMaxSize 

func PrivateKeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func PublicKeyMaxSize 

func PublicKeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func RandBytes 

func RandBytes(buf []byte)

RandBytes fills the provided structure with a set of random bytes

func RandUint63 

func RandUint63() uint64

RandUint63 returns a random 64-bit unsigned integer which can be stored in a 64-bit signed integer without any data loss.

func RandUint64 

func RandUint64() uint64

RandUint64 returns a random 64-bit unsigned integer

func SeedMaxSize 

func SeedMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func SignatureMaxSize 

func SignatureMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func SignatureSecretsMaxSize 

func SignatureSecretsMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func VRFSecretsMaxSize 

func VRFSecretsMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func VRFVerifierMaxSize 

func VRFVerifierMaxSize() int

VRFVerifierMaxSize forwards to base implementation since it's expected by the msgp generated MaxSize functions

func VrfKeygen 

func VrfKeygen() (pub VrfPubkey, priv VrfPrivkey)

VrfKeygen generates a random VRF keypair.

func VrfKeygenFromSeed 

func VrfKeygenFromSeed(seed [32]byte) (pub VrfPubkey, priv VrfPrivkey)

VrfKeygenFromSeed deterministically generates a VRF keypair from 32 bytes of (secret) entropy.

func VrfOutputMaxSize 

func VrfOutputMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func VrfPrivkeyMaxSize 

func VrfPrivkeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func VrfProofMaxSize 

func VrfProofMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

func VrfPubkeyMaxSize 

func VrfPubkeyMaxSize() (s int)

MaxSize returns a maximum valid message size for this message type

Types

type BatchVerifier 

type BatchVerifier interface {
	EnqueueSignature(sigVerifier SignatureVerifier, message Hashable, sig Signature)
	GetNumberOfEnqueuedSignatures() int
	Verify() error
	VerifyWithFeedback() (failed []bool, err error)
}

BatchVerifier enqueues signatures to be validated in batch.

func MakeBatchVerifier 

func MakeBatchVerifier() BatchVerifier

MakeBatchVerifier creates a BatchVerifier instance with the provided options.

func MakeBatchVerifierWithHint 

func MakeBatchVerifierWithHint(hint int) BatchVerifier

MakeBatchVerifierWithHint creates a cgoBatchVerifier instance. This function pre-allocates amount of free space to enqueue signatures without expanding

type Digest 

type Digest [DigestSize]byte

Digest represents a 32-byte value holding the 256-bit Hash digest.

func DigestFromString 

func DigestFromString(str string) (d Digest, err error)

DigestFromString converts a string to a Digest

func EncodeAndHash 

func EncodeAndHash(h Hashable) (Digest, []byte)

EncodeAndHash returns both the packed representation of the object and its hash.

func Hash 

func Hash(data []byte) Digest

Hash computes the SHASum512_256 hash of an array of bytes

func HashObj 

func HashObj[H Hashable](h H) Digest

HashObj computes a hash of a Hashable object and its type

func MultisigAddrGen 

func MultisigAddrGen(version, threshold uint8, pk []PublicKey) (addr Digest, err error)

MultisigAddrGen identifes the exact group, version, and devices (Public keys) that it requires to sign Hash("MultisigAddr" || version uint8 || threshold uint8 || PK1 || PK2 || ...)

func MultisigAddrGenWithSubsigs 

func MultisigAddrGenWithSubsigs(version uint8, threshold uint8,
	subsigs []MultisigSubsig) (addr Digest, err error)

MultisigAddrGenWithSubsigs is similar to MultisigAddrGen except the input is []Subsig rather than []PublicKey

func (*Digest) CanMarshalMsg 

func (_ *Digest) CanMarshalMsg(z interface{}) bool

func (*Digest) CanUnmarshalMsg 

func (_ *Digest) CanUnmarshalMsg(z interface{}) bool

func (Digest) IsZero 

func (d Digest) IsZero() bool

IsZero return true if the digest contains only zeros, false otherwise

func (*Digest) MarshalMsg 

func (z *Digest) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Digest) MsgIsZero 

func (z *Digest) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Digest) Msgsize 

func (z *Digest) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (Digest) String 

func (d Digest) String() string

String returns the digest in a human-readable Base32 string

func (Digest) ToSlice 

func (d Digest) ToSlice() []byte

ToSlice converts Digest to slice, is used by bookkeeping.PaysetCommit

func (Digest) TrimUint64 

func (d Digest) TrimUint64() uint64

TrimUint64 returns the top 64 bits of the digest and converts to uint64

func (*Digest) UnmarshalMsg 

func (z *Digest) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*Digest) UnmarshalMsgWithState 

func (z *Digest) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconPrivateKey 

type FalconPrivateKey [cfalcon.PrivateKeySize]byte

FalconPrivateKey is a wrapper for cfalcon.PrivateKeySize (used for packing)

func (*FalconPrivateKey) CanMarshalMsg 

func (_ *FalconPrivateKey) CanMarshalMsg(z interface{}) bool

func (*FalconPrivateKey) CanUnmarshalMsg 

func (_ *FalconPrivateKey) CanUnmarshalMsg(z interface{}) bool

func (*FalconPrivateKey) MarshalMsg 

func (z *FalconPrivateKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconPrivateKey) MsgIsZero 

func (z *FalconPrivateKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconPrivateKey) Msgsize 

func (z *FalconPrivateKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconPrivateKey) UnmarshalMsg 

func (z *FalconPrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*FalconPrivateKey) UnmarshalMsgWithState 

func (z *FalconPrivateKey) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconPublicKey 

type FalconPublicKey [cfalcon.PublicKeySize]byte

FalconPublicKey is a wrapper for cfalcon.PublicKeySizey (used for packing)

func (*FalconPublicKey) CanMarshalMsg 

func (_ *FalconPublicKey) CanMarshalMsg(z interface{}) bool

func (*FalconPublicKey) CanUnmarshalMsg 

func (_ *FalconPublicKey) CanUnmarshalMsg(z interface{}) bool

func (*FalconPublicKey) MarshalMsg 

func (z *FalconPublicKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconPublicKey) MsgIsZero 

func (z *FalconPublicKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconPublicKey) Msgsize 

func (z *FalconPublicKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconPublicKey) UnmarshalMsg 

func (z *FalconPublicKey) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*FalconPublicKey) UnmarshalMsgWithState 

func (z *FalconPublicKey) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconSeed 

type FalconSeed [FalconSeedSize]byte

FalconSeed represents the seed which is being used to generate Falcon keys

func (*FalconSeed) CanMarshalMsg 

func (_ *FalconSeed) CanMarshalMsg(z interface{}) bool

func (*FalconSeed) CanUnmarshalMsg 

func (_ *FalconSeed) CanUnmarshalMsg(z interface{}) bool

func (*FalconSeed) MarshalMsg 

func (z *FalconSeed) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconSeed) MsgIsZero 

func (z *FalconSeed) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconSeed) Msgsize 

func (z *FalconSeed) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconSeed) UnmarshalMsg 

func (z *FalconSeed) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*FalconSeed) UnmarshalMsgWithState 

func (z *FalconSeed) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconSignature 

type FalconSignature []byte

FalconSignature represents a Falcon signature in a compressed-form

func (FalconSignature) CanMarshalMsg 

func (_ FalconSignature) CanMarshalMsg(z interface{}) bool

func (*FalconSignature) CanUnmarshalMsg 

func (_ *FalconSignature) CanUnmarshalMsg(z interface{}) bool

func (FalconSignature) GetFixedLengthHashableRepresentation 

func (s FalconSignature) GetFixedLengthHashableRepresentation() ([]byte, error)

GetFixedLengthHashableRepresentation returns a serialized version of the signature

func (FalconSignature) IsSaltVersionEqual 

func (s FalconSignature) IsSaltVersionEqual(version byte) bool

IsSaltVersionEqual of the signature matches the given version

func (FalconSignature) MarshalMsg 

func (z FalconSignature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (FalconSignature) MsgIsZero 

func (z FalconSignature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (FalconSignature) Msgsize 

func (z FalconSignature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconSignature) UnmarshalMsg 

func (z *FalconSignature) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*FalconSignature) UnmarshalMsgWithState 

func (z *FalconSignature) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconSigner 

type FalconSigner struct {
	PublicKey  FalconPublicKey  `codec:"pk"`
	PrivateKey FalconPrivateKey `codec:"sk"`
	// contains filtered or unexported fields
}

FalconSigner is the implementation of Signer for the Falcon signature scheme.

func GenerateFalconSigner 

func GenerateFalconSigner(seed FalconSeed) (FalconSigner, error)

GenerateFalconSigner Generates a Falcon Signer.

func NewFalconSigner 

func NewFalconSigner() (*FalconSigner, error)

NewFalconSigner creates a falconSigner that is used to sign and verify falcon signatures

func (*FalconSigner) CanMarshalMsg 

func (_ *FalconSigner) CanMarshalMsg(z interface{}) bool

func (*FalconSigner) CanUnmarshalMsg 

func (_ *FalconSigner) CanUnmarshalMsg(z interface{}) bool

func (*FalconSigner) GetVerifyingKey 

func (d *FalconSigner) GetVerifyingKey() *FalconVerifier

GetVerifyingKey Outputs a verifying key object which is serializable.

func (*FalconSigner) MarshalMsg 

func (z *FalconSigner) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconSigner) MsgIsZero 

func (z *FalconSigner) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconSigner) Msgsize 

func (z *FalconSigner) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconSigner) Sign 

func (d *FalconSigner) Sign(message Hashable) (FalconSignature, error)

Sign receives a message and generates a signature over that message.

func (*FalconSigner) SignBytes 

func (d *FalconSigner) SignBytes(data []byte) (FalconSignature, error)

SignBytes receives bytes and signs over them.

func (*FalconSigner) UnmarshalMsg 

func (z *FalconSigner) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*FalconSigner) UnmarshalMsgWithState 

func (z *FalconSigner) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type FalconVerifier 

type FalconVerifier struct {
	PublicKey FalconPublicKey `codec:"k"`
	// contains filtered or unexported fields
}

FalconVerifier implements the type Verifier interface for the falcon signature scheme.

func (*FalconVerifier) CanMarshalMsg 

func (_ *FalconVerifier) CanMarshalMsg(z interface{}) bool

func (*FalconVerifier) CanUnmarshalMsg 

func (_ *FalconVerifier) CanUnmarshalMsg(z interface{}) bool

func (*FalconVerifier) GetFixedLengthHashableRepresentation 

func (d *FalconVerifier) GetFixedLengthHashableRepresentation() []byte

GetFixedLengthHashableRepresentation is used to fetch a plain serialized version of the public data (without the use of the msgpack).

func (*FalconVerifier) MarshalMsg 

func (z *FalconVerifier) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*FalconVerifier) MsgIsZero 

func (z *FalconVerifier) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*FalconVerifier) Msgsize 

func (z *FalconVerifier) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*FalconVerifier) UnmarshalMsg 

func (z *FalconVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*FalconVerifier) UnmarshalMsgWithState 

func (z *FalconVerifier) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (*FalconVerifier) Verify 

func (d *FalconVerifier) Verify(message Hashable, sig FalconSignature) error

Verify follows falcon algorithm to verify a signature.

func (*FalconVerifier) VerifyBytes 

func (d *FalconVerifier) VerifyBytes(data []byte, sig FalconSignature) error

VerifyBytes follows falcon algorithm to verify a signature.

type GenericDigest 

type GenericDigest []byte

GenericDigest is a digest that implements CustomSizeDigest, and can be used as hash output.

func (GenericDigest) CanMarshalMsg 

func (_ GenericDigest) CanMarshalMsg(z interface{}) bool

func (*GenericDigest) CanUnmarshalMsg 

func (_ *GenericDigest) CanUnmarshalMsg(z interface{}) bool

func (GenericDigest) IsEmpty 

func (d GenericDigest) IsEmpty() bool

IsEmpty checks wether the generic digest is an empty one or not

func (GenericDigest) IsEqual 

func (d GenericDigest) IsEqual(other GenericDigest) bool

IsEqual compare two digests

func (GenericDigest) MarshalMsg 

func (z GenericDigest) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (GenericDigest) MsgIsZero 

func (z GenericDigest) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (GenericDigest) Msgsize 

func (z GenericDigest) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (GenericDigest) ToSlice 

func (d GenericDigest) ToSlice() []byte

ToSlice is used inside the Tree itself when interacting with TreeDigest

func (*GenericDigest) UnmarshalMsg 

func (z *GenericDigest) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*GenericDigest) UnmarshalMsgWithState 

func (z *GenericDigest) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type HashFactory 

type HashFactory struct {
	HashType HashType `codec:"t"`
	// contains filtered or unexported fields
}

HashFactory is responsible for generating new hashes accordingly to the type it stores.

func (*HashFactory) CanMarshalMsg 

func (_ *HashFactory) CanMarshalMsg(z interface{}) bool

func (*HashFactory) CanUnmarshalMsg 

func (_ *HashFactory) CanUnmarshalMsg(z interface{}) bool

func (*HashFactory) MarshalMsg 

func (z *HashFactory) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*HashFactory) MsgIsZero 

func (z *HashFactory) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*HashFactory) Msgsize 

func (z *HashFactory) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (HashFactory) NewHash 

func (z HashFactory) NewHash() hash.Hash

NewHash generates a new hash.Hash to use.

func (*HashFactory) UnmarshalMsg 

func (z *HashFactory) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*HashFactory) UnmarshalMsgWithState 

func (z *HashFactory) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (*HashFactory) Validate 

func (z *HashFactory) Validate() error

Validate states whether the HashFactory is valid, and is safe to use.

type HashType 

type HashType uint16

HashType represents different hash functions 

const (
	Sha512_256 HashType = iota
	Sumhash
	Sha256
	MaxHashType
)

types of hashes

func UnmarshalHashType 

func UnmarshalHashType(s string) (HashType, error)

UnmarshalHashType decodes a string into the HashType enum

func (HashType) CanMarshalMsg 

func (_ HashType) CanMarshalMsg(z interface{}) bool

func (*HashType) CanUnmarshalMsg 

func (_ *HashType) CanUnmarshalMsg(z interface{}) bool

func (HashType) MarshalMsg 

func (z HashType) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (HashType) MsgIsZero 

func (z HashType) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (HashType) Msgsize 

func (z HashType) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (HashType) String 

func (h HashType) String() string

func (*HashType) UnmarshalMsg 

func (z *HashType) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*HashType) UnmarshalMsgWithState 

func (z *HashType) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (HashType) Validate 

func (h HashType) Validate() error

Validate verifies that the hash type is in a valid range.

type Hashable 

type Hashable interface {
	ToBeHashed() (protocol.HashID, []byte)
}

Hashable is an interface implemented by an object that can be represented with a sequence of bytes to be hashed or signed, together with a type ID to distinguish different types of objects.

type HeartbeatProof 

type HeartbeatProof struct {

	// Sig is a signature of msg under the key PK.
	Sig ed25519Signature `codec:"s"`
	PK  ed25519PublicKey `codec:"p"`

	// PK2 is used to verify a two-level ephemeral signature.
	PK2 ed25519PublicKey `codec:"p2"`
	// PK1Sig is a signature of OneTimeSignatureSubkeyOffsetID(PK, Batch, Offset) under the key PK2.
	PK1Sig ed25519Signature `codec:"p1s"`
	// PK2Sig is a signature of OneTimeSignatureSubkeyBatchID(PK2, Batch) under the master key (OneTimeSignatureVerifier).
	PK2Sig ed25519Signature `codec:"p2s"`
	// contains filtered or unexported fields
}

A HeartbeatProof is functionally equivalent to a OneTimeSignature, but it has been cleaned up for use as a transaction field in heartbeat transactions.

func (HeartbeatProof) BatchPrep 

func (hbp HeartbeatProof) BatchPrep(voteID OneTimeSignatureVerifier, id OneTimeSignatureIdentifier, msg Hashable, batchVerifier BatchVerifier)

BatchPrep enqueues the necessary checks into the batch. The caller must call batchVerifier.verify() to verify it.

func (*HeartbeatProof) CanMarshalMsg 

func (_ *HeartbeatProof) CanMarshalMsg(z interface{}) bool

func (*HeartbeatProof) CanUnmarshalMsg 

func (_ *HeartbeatProof) CanUnmarshalMsg(z interface{}) bool

func (*HeartbeatProof) MarshalMsg 

func (z *HeartbeatProof) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*HeartbeatProof) MsgIsZero 

func (z *HeartbeatProof) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*HeartbeatProof) Msgsize 

func (z *HeartbeatProof) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (HeartbeatProof) ToOneTimeSignature 

func (hbp HeartbeatProof) ToOneTimeSignature() OneTimeSignature

ToOneTimeSignature converts a HeartbeatProof to a OneTimeSignature.

func (*HeartbeatProof) UnmarshalMsg 

func (z *HeartbeatProof) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*HeartbeatProof) UnmarshalMsgWithState 

func (z *HeartbeatProof) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MasterDerivationKey 

type MasterDerivationKey [masterDerivationKeyLenBytes]byte

MasterDerivationKey is used to derive ed25519 keys for use in wallets

func (*MasterDerivationKey) CanMarshalMsg 

func (_ *MasterDerivationKey) CanMarshalMsg(z interface{}) bool

func (*MasterDerivationKey) CanUnmarshalMsg 

func (_ *MasterDerivationKey) CanUnmarshalMsg(z interface{}) bool

func (*MasterDerivationKey) MarshalMsg 

func (z *MasterDerivationKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MasterDerivationKey) MsgIsZero 

func (z *MasterDerivationKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MasterDerivationKey) Msgsize 

func (z *MasterDerivationKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MasterDerivationKey) UnmarshalMsg 

func (z *MasterDerivationKey) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*MasterDerivationKey) UnmarshalMsgWithState 

func (z *MasterDerivationKey) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSig 

type MultisigSig struct {
	Version   uint8            `codec:"v"`
	Threshold uint8            `codec:"thr"`
	Subsigs   []MultisigSubsig `codec:"subsig,allocbound=maxMultisig"`
	// contains filtered or unexported fields
}

MultisigSig is the structure that holds multiple Subsigs

func MultisigAssemble 

func MultisigAssemble(unisig []MultisigSig) (msig MultisigSig, err error)

MultisigAssemble assembles multiple MultisigSig

func MultisigMerge 

func MultisigMerge(msig1 MultisigSig, msig2 MultisigSig) (msigt MultisigSig, err error)

MultisigMerge merges two Multisigs msig1 and msig2 into msigt

func MultisigPreimageFromPKs 

func MultisigPreimageFromPKs(version, threshold uint8, pks []PublicKey) MultisigSig

MultisigPreimageFromPKs makes an empty MultisigSig for a given preimage. It should be renamed. TODO separate preimage type from sig type

func MultisigSign 

func MultisigSign(msg Hashable, addr Digest, version, threshold uint8, pk []PublicKey, sk SecretKey) (sig MultisigSig, err error)

MultisigSign is for each device individually signs the digest

func (MultisigSig) Blank 

func (msig MultisigSig) Blank() bool

Blank returns true iff the msig is empty. We need this instead of just comparing with == MultisigSig{}, because Subsigs is a slice.

func (*MultisigSig) CanMarshalMsg 

func (_ *MultisigSig) CanMarshalMsg(z interface{}) bool

func (*MultisigSig) CanUnmarshalMsg 

func (_ *MultisigSig) CanUnmarshalMsg(z interface{}) bool

func (MultisigSig) Equal 

func (msig MultisigSig) Equal(other MultisigSig) bool

Equal compares two MultisigSig structs for equality

func (*MultisigSig) MarshalMsg 

func (z *MultisigSig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSig) MsgIsZero 

func (z *MultisigSig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSig) Msgsize 

func (z *MultisigSig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (MultisigSig) Preimage 

func (msig MultisigSig) Preimage() (version, threshold uint8, pks []PublicKey)

Preimage returns the version, threshold, and list of all public keys in a (partial) multisig address

func (MultisigSig) Signatures 

func (msig MultisigSig) Signatures() int

Signatures returns the actual number of signatures included in the multisig. That is, the number of subsigs that are not blank.

func (*MultisigSig) UnmarshalMsg 

func (z *MultisigSig) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*MultisigSig) UnmarshalMsgWithState 

func (z *MultisigSig) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSubsig 

type MultisigSubsig struct {
	Key PublicKey `codec:"pk"` // all public keys that are possible signers for this address
	Sig Signature `codec:"s"`  // may be either empty or a signature
	// contains filtered or unexported fields
}

MultisigSubsig is a struct that holds a pair of public key and signatures signatures may be empty

func (*MultisigSubsig) CanMarshalMsg 

func (_ *MultisigSubsig) CanMarshalMsg(z interface{}) bool

func (*MultisigSubsig) CanUnmarshalMsg 

func (_ *MultisigSubsig) CanUnmarshalMsg(z interface{}) bool

func (*MultisigSubsig) MarshalMsg 

func (z *MultisigSubsig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSubsig) MsgIsZero 

func (z *MultisigSubsig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSubsig) Msgsize 

func (z *MultisigSubsig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MultisigSubsig) UnmarshalMsg 

func (z *MultisigSubsig) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*MultisigSubsig) UnmarshalMsgWithState 

func (z *MultisigSubsig) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignature 

type OneTimeSignature struct {

	// Sig is a signature of msg under the key PK.
	Sig ed25519Signature `codec:"s"`
	PK  ed25519PublicKey `codec:"p"`

	// Old-style signature that does not use proper domain separation.
	// PKSigOld is unused; however, unfortunately we forgot to mark it
	// `codec:omitempty` and so it appears (with zero value) in certs.
	// This means we can't delete the field without breaking catchup.
	PKSigOld ed25519Signature `codec:"ps"`

	// Used to verify a new-style two-level ephemeral signature.
	// PK1Sig is a signature of OneTimeSignatureSubkeyOffsetID(PK, Batch, Offset) under the key PK2.
	// PK2Sig is a signature of OneTimeSignatureSubkeyBatchID(PK2, Batch) under the master key (OneTimeSignatureVerifier).
	PK2    ed25519PublicKey `codec:"p2"`
	PK1Sig ed25519Signature `codec:"p1s"`
	PK2Sig ed25519Signature `codec:"p2s"`
	// contains filtered or unexported fields
}

A OneTimeSignature is a cryptographic signature that is produced a limited number of times and provides forward integrity.

Specifically, a OneTimeSignature is generated from an ephemeral secret. After some number of messages is signed under a given OneTimeSignatureIdentifier identifier, the corresponding secret is deleted. This prevents the secret-holder from signing a contradictory message in the future in the event of a secret-key compromise.

func (*OneTimeSignature) CanMarshalMsg 

func (_ *OneTimeSignature) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignature) CanUnmarshalMsg 

func (_ *OneTimeSignature) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignature) MarshalMsg 

func (z *OneTimeSignature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignature) MsgIsZero 

func (z *OneTimeSignature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignature) Msgsize 

func (z *OneTimeSignature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignature) ToHeartbeatProof 

func (ots OneTimeSignature) ToHeartbeatProof() HeartbeatProof

ToHeartbeatProof converts a OneTimeSignature to a HeartbeatProof.

func (*OneTimeSignature) UnmarshalMsg 

func (z *OneTimeSignature) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*OneTimeSignature) UnmarshalMsgWithState 

func (z *OneTimeSignature) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureIdentifier 

type OneTimeSignatureIdentifier struct {
	// Batch represents the most-significant part of the identifier.
	Batch uint64

	// Offset represents the least-significant part of the identifier.
	// When moving to a new Batch, the Offset values restart from 0.
	Offset uint64
}

A OneTimeSignatureIdentifier is an identifier under which a OneTimeSignature is produced on a given message. This identifier is represented using a two-level structure, which corresponds to two levels of our ephemeral key tree.

func (OneTimeSignatureIdentifier) BatchBytes 

func (id OneTimeSignatureIdentifier) BatchBytes() []byte

BatchBytes converts a OneTimeSignatureIdentifier into a byte slice representing the 64-bit batch number. This is used for the old-style way of signing an ephemeral subkey identifier.

type OneTimeSignatureSecrets 

type OneTimeSignatureSecrets struct {
	OneTimeSignatureSecretsPersistent
	// contains filtered or unexported fields
}

OneTimeSignatureSecrets are used to produced unforgeable signatures over a message.

When the method OneTimeSignatureSecrets.DeleteBefore(ID) is called, ephemeral secrets corresponding to OneTimeSignatureIdentifiers preceding ID are deleted. Thereafter, an entity can no longer sign different messages with old OneTimeSignatureIdentifiers, protecting the integrity of the messages signed under those identifiers.

func GenerateOneTimeSignatureSecrets 

func GenerateOneTimeSignatureSecrets(startBatch uint64, numBatches uint64) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecrets is a version of GenerateOneTimeSignatureSecretsRNG that uses the system-wide randomness source.

func GenerateOneTimeSignatureSecretsRNG 

func GenerateOneTimeSignatureSecretsRNG(startBatch uint64, numBatches uint64, rng RNG) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecretsRNG creates a limited number of secrets that sign messages under OneTimeSignatureIdentifiers in the range [startBatch, startBatch+numBatches).

This range includes startBatch and excludes startBatch+numBatches.

Randomness comes from the supplied RNG.

func (*OneTimeSignatureSecrets) CanMarshalMsg 

func (_ *OneTimeSignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) CanUnmarshalMsg 

func (_ *OneTimeSignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) DeleteBeforeFineGrained 

func (s *OneTimeSignatureSecrets) DeleteBeforeFineGrained(current OneTimeSignatureIdentifier, numKeysPerBatch uint64)

DeleteBeforeFineGrained deletes ephemeral keys before (but not including) the given id.

func (*OneTimeSignatureSecrets) MarshalMsg 

func (z *OneTimeSignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecrets) MsgIsZero 

func (z *OneTimeSignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecrets) Msgsize 

func (z *OneTimeSignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecrets) Sign 

func (s *OneTimeSignatureSecrets) Sign(id OneTimeSignatureIdentifier, message Hashable) OneTimeSignature

Sign produces a OneTimeSignature of some Hashable message under some OneTimeSignatureIdentifier.

func (*OneTimeSignatureSecrets) Snapshot 

func (s *OneTimeSignatureSecrets) Snapshot() OneTimeSignatureSecrets

Snapshot returns a copy of OneTimeSignatureSecrets consistent with respect to concurrent mutating calls (specifically, DeleteBefore*). This snapshot can be used for serializing the OneTimeSignatureSecrets to persistent storage.

func (*OneTimeSignatureSecrets) UnmarshalMsg 

func (z *OneTimeSignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*OneTimeSignatureSecrets) UnmarshalMsgWithState 

func (z *OneTimeSignatureSecrets) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSecretsPersistent 

type OneTimeSignatureSecretsPersistent struct {
	OneTimeSignatureVerifier

	// FirstBatch denotes the first batch whose subkey appears in Batches.
	// The odd `codec:` name is for backwards compatibility with previous
	// stored keys where we failed to give any explicit `codec:` name.
	FirstBatch uint64            `codec:"First"`
	Batches    []ephemeralSubkey `codec:"Sub,allocbound=-"`

	// FirstOffset denotes the first offset whose subkey appears in Offsets.
	// These subkeys correspond to batch FirstBatch-1.
	FirstOffset uint64            `codec:"firstoff"`
	Offsets     []ephemeralSubkey `codec:"offkeys,allocbound=-"` // the bound is keyDilution

	// When Offsets is non-empty, OffsetsPK2 is the intermediate-level public
	// key that can be used to verify signatures on the subkeys in Offsets, and
	// OffsetsPK2Sig is the signature from the master key (OneTimeSignatureVerifier)
	// on OneTimeSignatureSubkeyBatchID(OffsetsPK2, FirstBatch-1).
	OffsetsPK2    ed25519PublicKey `codec:"offpk2"`
	OffsetsPK2Sig ed25519Signature `codec:"offpk2sig"`
	// contains filtered or unexported fields
}

OneTimeSignatureSecretsPersistent denotes the fields of a OneTimeSignatureSecrets that get stored to persistent storage (through reflection on exported fields).

func (*OneTimeSignatureSecretsPersistent) CanMarshalMsg 

func (_ *OneTimeSignatureSecretsPersistent) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) CanUnmarshalMsg 

func (_ *OneTimeSignatureSecretsPersistent) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) MarshalMsg 

func (z *OneTimeSignatureSecretsPersistent) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecretsPersistent) MsgIsZero 

func (z *OneTimeSignatureSecretsPersistent) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecretsPersistent) Msgsize 

func (z *OneTimeSignatureSecretsPersistent) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecretsPersistent) UnmarshalMsg 

func (z *OneTimeSignatureSecretsPersistent) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*OneTimeSignatureSecretsPersistent) UnmarshalMsgWithState 

func (z *OneTimeSignatureSecretsPersistent) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyBatchID 

type OneTimeSignatureSubkeyBatchID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyBatchID identifies an ephemeralSubkey of a batch for the purposes of signing it with the top-level master key.

func (*OneTimeSignatureSubkeyBatchID) CanMarshalMsg 

func (_ *OneTimeSignatureSubkeyBatchID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg 

func (_ *OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) MarshalMsg 

func (z *OneTimeSignatureSubkeyBatchID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyBatchID) MsgIsZero 

func (z *OneTimeSignatureSubkeyBatchID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyBatchID) Msgsize 

func (z *OneTimeSignatureSubkeyBatchID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyBatchID) ToBeHashed 

func (batch OneTimeSignatureSubkeyBatchID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyBatchID. This is used to sign an intermediate subkey for a batch, in the new style (contrast with OneTimeSignatureIdentifier.BatchBytes).

func (*OneTimeSignatureSubkeyBatchID) UnmarshalMsg 

func (z *OneTimeSignatureSubkeyBatchID) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*OneTimeSignatureSubkeyBatchID) UnmarshalMsgWithState 

func (z *OneTimeSignatureSubkeyBatchID) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyOffsetID 

type OneTimeSignatureSubkeyOffsetID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	Offset   uint64           `codec:"off"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyOffsetID identifies an ephemeralSubkey of a specific offset within a batch, for the purposes of signing it with the batch subkey.

func (*OneTimeSignatureSubkeyOffsetID) CanMarshalMsg 

func (_ *OneTimeSignatureSubkeyOffsetID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg 

func (_ *OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) MarshalMsg 

func (z *OneTimeSignatureSubkeyOffsetID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyOffsetID) MsgIsZero 

func (z *OneTimeSignatureSubkeyOffsetID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyOffsetID) Msgsize 

func (z *OneTimeSignatureSubkeyOffsetID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyOffsetID) ToBeHashed 

func (off OneTimeSignatureSubkeyOffsetID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyOffsetID. This is used to sign a subkey for a specific offset in a batch.

func (*OneTimeSignatureSubkeyOffsetID) UnmarshalMsg 

func (z *OneTimeSignatureSubkeyOffsetID) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*OneTimeSignatureSubkeyOffsetID) UnmarshalMsgWithState 

func (z *OneTimeSignatureSubkeyOffsetID) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureVerifier 

type OneTimeSignatureVerifier ed25519PublicKey

A OneTimeSignatureVerifier is used to identify the holder of OneTimeSignatureSecrets and prove the authenticity of OneTimeSignatures against some OneTimeSignatureIdentifier.

func (*OneTimeSignatureVerifier) CanMarshalMsg 

func (_ *OneTimeSignatureVerifier) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureVerifier) CanUnmarshalMsg 

func (_ *OneTimeSignatureVerifier) CanUnmarshalMsg(z interface{}) bool

func (OneTimeSignatureVerifier) IsEmpty 

func (v OneTimeSignatureVerifier) IsEmpty() bool

IsEmpty returns true if the verifier is empty/zero'd.

func (*OneTimeSignatureVerifier) MarshalMsg 

func (z *OneTimeSignatureVerifier) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureVerifier) MsgIsZero 

func (z *OneTimeSignatureVerifier) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureVerifier) Msgsize 

func (z *OneTimeSignatureVerifier) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureVerifier) UnmarshalMsg 

func (z *OneTimeSignatureVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*OneTimeSignatureVerifier) UnmarshalMsgWithState 

func (z *OneTimeSignatureVerifier) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (OneTimeSignatureVerifier) Verify 

func (v OneTimeSignatureVerifier) Verify(id OneTimeSignatureIdentifier, message Hashable, sig OneTimeSignature) bool

Verify verifies that some Hashable signature was signed under some OneTimeSignatureVerifier and some OneTimeSignatureIdentifier.

It returns true if this is the case; otherwise, it returns false.

type OneTimeSigner 

type OneTimeSigner struct {
	*OneTimeSignatureSecrets
	OptionalKeyDilution uint64
}

OneTimeSigner is a wrapper for OneTimeSignatureSecrets that also includes the appropriate KeyDilution value. If zero, the value should be inherited from ConsensusParams.DefaultKeyDilution.

func (OneTimeSigner) KeyDilution 

func (ots OneTimeSigner) KeyDilution(defaultKeyDilution uint64) uint64

KeyDilution returns the appropriate key dilution value for a OneTimeSigner.

type PRNG 

type PRNG struct {
	// contains filtered or unexported fields
}

PRNG is a pseudo-random implementation of RNG, used for deterministic testing.

func MakePRNG 

func MakePRNG(seed []byte) *PRNG

MakePRNG creates a new PRNG from an initial seed. The implementation is based on HMAC_DRBG. All random bytes from the PRNG will be determined by the initial seed value. Used by test code only.

func (*PRNG) RandBytes 

func (prng *PRNG) RandBytes(buf []byte)

RandBytes implements the RNG interface for the PRNG. Used by test code only.

type PrivateKey 

type PrivateKey ed25519PrivateKey

PrivateKey is an exported ed25519PrivateKey

func (*PrivateKey) CanMarshalMsg 

func (_ *PrivateKey) CanMarshalMsg(z interface{}) bool

func (*PrivateKey) CanUnmarshalMsg 

func (_ *PrivateKey) CanUnmarshalMsg(z interface{}) bool

func (*PrivateKey) MarshalMsg 

func (z *PrivateKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PrivateKey) MsgIsZero 

func (z *PrivateKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PrivateKey) Msgsize 

func (z *PrivateKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PrivateKey) UnmarshalMsg 

func (z *PrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*PrivateKey) UnmarshalMsgWithState 

func (z *PrivateKey) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type PublicKey 

type PublicKey ed25519PublicKey

PublicKey is an exported ed25519PublicKey

func SecretKeyToPublicKey 

func SecretKeyToPublicKey(secret PrivateKey) (PublicKey, error)

SecretKeyToPublicKey derives a public key from a secret key. This is very efficient since ed25519 private keys literally contain their public key

func (*PublicKey) CanMarshalMsg 

func (_ *PublicKey) CanMarshalMsg(z interface{}) bool

func (*PublicKey) CanUnmarshalMsg 

func (_ *PublicKey) CanUnmarshalMsg(z interface{}) bool

func (*PublicKey) MarshalMsg 

func (z *PublicKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PublicKey) MsgIsZero 

func (z *PublicKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PublicKey) Msgsize 

func (z *PublicKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PublicKey) UnmarshalMsg 

func (z *PublicKey) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*PublicKey) UnmarshalMsgWithState 

func (z *PublicKey) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type RNG 

type RNG interface {
	RandBytes([]byte)
}

RNG represents a randomness source. This could be either a system-wide randomness source (like what gets exposed by crypto/rand), or a PRNG that we use for testing.

type SecretKey 

type SecretKey = SignatureSecrets

SecretKey is casted from SignatureSecrets

type Seed 

type Seed ed25519Seed

A Seed holds the entropy needed to generate cryptographic keys.

func SecretKeyToSeed 

func SecretKeyToSeed(secret PrivateKey) (Seed, error)

SecretKeyToSeed derives the seed from a secret key. This is very efficient since ed25519 private keys literally contain their seed

func (*Seed) CanMarshalMsg 

func (_ *Seed) CanMarshalMsg(z interface{}) bool

func (*Seed) CanUnmarshalMsg 

func (_ *Seed) CanUnmarshalMsg(z interface{}) bool

func (*Seed) MarshalMsg 

func (z *Seed) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Seed) MsgIsZero 

func (z *Seed) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Seed) Msgsize 

func (z *Seed) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Seed) UnmarshalMsg 

func (z *Seed) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*Seed) UnmarshalMsgWithState 

func (z *Seed) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type Signature 

type Signature ed25519Signature

A Signature is a cryptographic signature. It proves that a message was produced by a holder of a cryptographic secret.

func (*Signature) Blank 

func (s *Signature) Blank() bool

Blank tests to see if the given signature contains only zeros

func (*Signature) CanMarshalMsg 

func (_ *Signature) CanMarshalMsg(z interface{}) bool

func (*Signature) CanUnmarshalMsg 

func (_ *Signature) CanUnmarshalMsg(z interface{}) bool

func (*Signature) MarshalMsg 

func (z *Signature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Signature) MsgIsZero 

func (z *Signature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Signature) Msgsize 

func (z *Signature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Signature) UnmarshalMsg 

func (z *Signature) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*Signature) UnmarshalMsgWithState 

func (z *Signature) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureSecrets 

type SignatureSecrets struct {
	SignatureVerifier
	SK ed25519PrivateKey
	// contains filtered or unexported fields
}

SignatureSecrets are used by an entity to produce unforgeable signatures over a message.

func GenerateSignatureSecrets 

func GenerateSignatureSecrets(seed Seed) *SignatureSecrets

GenerateSignatureSecrets creates SignatureSecrets from a source of entropy.

func SecretKeyToSignatureSecrets 

func SecretKeyToSignatureSecrets(sk PrivateKey) (secrets *SignatureSecrets, err error)

SecretKeyToSignatureSecrets converts a private key into a SignatureSecrets and returns a pointer

func (*SignatureSecrets) CanMarshalMsg 

func (_ *SignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*SignatureSecrets) CanUnmarshalMsg 

func (_ *SignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*SignatureSecrets) MarshalMsg 

func (z *SignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*SignatureSecrets) MsgIsZero 

func (z *SignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*SignatureSecrets) Msgsize 

func (z *SignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*SignatureSecrets) Sign 

func (s *SignatureSecrets) Sign(message Hashable) Signature

Sign produces a cryptographic Signature of a Hashable message, given cryptographic secrets.

func (*SignatureSecrets) SignBytes 

func (s *SignatureSecrets) SignBytes(message []byte) Signature

SignBytes signs a message directly, without first hashing. Caller is responsible for domain separation.

func (*SignatureSecrets) UnmarshalMsg 

func (z *SignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*SignatureSecrets) UnmarshalMsgWithState 

func (z *SignatureSecrets) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureVerifier 

type SignatureVerifier = PublicKey

A SignatureVerifier is used to identify the holder of SignatureSecrets and verify the authenticity of Signatures.

func (SignatureVerifier) Verify 

func (v SignatureVerifier) Verify(message Hashable, sig Signature) bool

Verify verifies that some holder of a cryptographic secret authentically signed a Hashable message.

It returns true if this is the case; otherwise, it returns false.

func (SignatureVerifier) VerifyBytes 

func (v SignatureVerifier) VerifyBytes(message []byte, sig Signature) bool

VerifyBytes verifies a signature, where the message is not hashed first. Caller is responsible for domain separation. If the message is a Hashable, Verify() can be used instead.

type VRFProof 

type VRFProof = VrfProof

VRFProof is a deprecated name for VrfProof

type VRFSecrets 

type VRFSecrets struct {
	PK VrfPubkey
	SK VrfPrivkey
	// contains filtered or unexported fields
}

VRFSecrets is a wrapper for a VRF keypair. Use *VrfPrivkey instead

func GenerateVRFSecrets 

func GenerateVRFSecrets() *VRFSecrets

GenerateVRFSecrets is deprecated, use VrfKeygen or VrfKeygenFromSeed instead

func (*VRFSecrets) CanMarshalMsg 

func (_ *VRFSecrets) CanMarshalMsg(z interface{}) bool

func (*VRFSecrets) CanUnmarshalMsg 

func (_ *VRFSecrets) CanUnmarshalMsg(z interface{}) bool

func (*VRFSecrets) MarshalMsg 

func (z *VRFSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VRFSecrets) MsgIsZero 

func (z *VRFSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VRFSecrets) Msgsize 

func (z *VRFSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VRFSecrets) UnmarshalMsg 

func (z *VRFSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*VRFSecrets) UnmarshalMsgWithState 

func (z *VRFSecrets) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VRFVerifier 

type VRFVerifier = VrfPubkey

VRFVerifier is a deprecated name for VrfPubkey

type VrfOutput 

type VrfOutput [64]byte

VrfOutput is a 64-byte pseudorandom value that can be computed from a VrfProof. The VRF scheme guarantees that such output will be unique

func (*VrfOutput) CanMarshalMsg 

func (_ *VrfOutput) CanMarshalMsg(z interface{}) bool

func (*VrfOutput) CanUnmarshalMsg 

func (_ *VrfOutput) CanUnmarshalMsg(z interface{}) bool

func (*VrfOutput) MarshalMsg 

func (z *VrfOutput) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfOutput) MsgIsZero 

func (z *VrfOutput) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfOutput) Msgsize 

func (z *VrfOutput) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfOutput) UnmarshalMsg 

func (z *VrfOutput) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*VrfOutput) UnmarshalMsgWithState 

func (z *VrfOutput) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPrivkey 

type VrfPrivkey [64]byte

A VrfPrivkey is a private key used for producing VRF proofs. Specifically, we use a 64-byte ed25519 private key (the latter 32-bytes are the precomputed public key)

func (*VrfPrivkey) CanMarshalMsg 

func (_ *VrfPrivkey) CanMarshalMsg(z interface{}) bool

func (*VrfPrivkey) CanUnmarshalMsg 

func (_ *VrfPrivkey) CanUnmarshalMsg(z interface{}) bool

func (*VrfPrivkey) MarshalMsg 

func (z *VrfPrivkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPrivkey) MsgIsZero 

func (z *VrfPrivkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPrivkey) Msgsize 

func (z *VrfPrivkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (VrfPrivkey) Prove 

func (sk VrfPrivkey) Prove(message Hashable) (proof VrfProof, ok bool)

Prove constructs a VRF Proof for a given Hashable. ok will be false if the private key is malformed.

func (VrfPrivkey) Pubkey 

func (sk VrfPrivkey) Pubkey() (pk VrfPubkey)

Pubkey returns the public key that corresponds to the given private key.

func (*VrfPrivkey) UnmarshalMsg 

func (z *VrfPrivkey) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*VrfPrivkey) UnmarshalMsgWithState 

func (z *VrfPrivkey) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfProof 

type VrfProof [80]byte

A VrfProof for a message can be generated with a secret key and verified against a public key, like a signature. Proofs are malleable, however, for a given message and public key, the VRF output that can be computed from a proof is unique.

func (*VrfProof) CanMarshalMsg 

func (_ *VrfProof) CanMarshalMsg(z interface{}) bool

func (*VrfProof) CanUnmarshalMsg 

func (_ *VrfProof) CanUnmarshalMsg(z interface{}) bool

func (VrfProof) Hash 

func (proof VrfProof) Hash() (hash VrfOutput, ok bool)

Hash converts a VRF proof to a VRF output without verifying the proof. TODO: Consider removing so that we don't accidentally hash an unverified proof

func (*VrfProof) MarshalMsg 

func (z *VrfProof) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfProof) MsgIsZero 

func (z *VrfProof) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfProof) Msgsize 

func (z *VrfProof) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfProof) UnmarshalMsg 

func (z *VrfProof) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*VrfProof) UnmarshalMsgWithState 

func (z *VrfProof) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPubkey 

type VrfPubkey [32]byte

A VrfPubkey is a public key that can be used to verify VRF proofs.

func (*VrfPubkey) CanMarshalMsg 

func (_ *VrfPubkey) CanMarshalMsg(z interface{}) bool

func (*VrfPubkey) CanUnmarshalMsg 

func (_ *VrfPubkey) CanUnmarshalMsg(z interface{}) bool

func (VrfPubkey) IsEmpty 

func (pk VrfPubkey) IsEmpty() bool

IsEmpty returns true if the key is empty/zero'd.

func (*VrfPubkey) MarshalMsg 

func (z *VrfPubkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPubkey) MsgIsZero 

func (z *VrfPubkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPubkey) Msgsize 

func (z *VrfPubkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfPubkey) UnmarshalMsg 

func (z *VrfPubkey) UnmarshalMsg(bts []byte) (o []byte, err error)

func (*VrfPubkey) UnmarshalMsgWithState 

func (z *VrfPubkey) UnmarshalMsgWithState(bts []byte, st msgp.UnmarshalState) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (VrfPubkey) Verify 

func (pk VrfPubkey) Verify(p VrfProof, message Hashable) (bool, VrfOutput)

Verify checks a VRF proof of a given Hashable. If the proof is valid the pseudorandom VrfOutput will be returned. For a given public key and message, there are potentially multiple valid proofs. However, given a public key and message, all valid proofs will yield the same output. Moreover, the output is indistinguishable from random to anyone without the proof or the secret key.

Source Files

View all Source files

Directories

Path Synopsis
Package secp256k1 wraps the bitcoin secp256k1 C library.
 Package secp256k1 wraps the bitcoin secp256k1 C library.
statetrie
nibbles

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.