crypto

package
v0.0.0-...-76c1feb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 1, 2021 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const DigestSize = sha512.Size256

DigestSize is the number of bytes in the preferred hash Digest used here.

Variables

View Source
var BlankSignature = Signature{}

BlankSignature is an empty signature structure, containing nothing but zeroes

View Source
var SystemRNG = &systemRNG{}

SystemRNG implements the RNG interface using the system-wide randomness source (from Go's crypto/rand).

Functions

func MultisigAdd

func MultisigAdd(unisig []MultisigSig, msig *MultisigSig) (err error)

MultisigAdd adds unisig to an existing msig

func MultisigVerify

func MultisigVerify(msg Hashable, addr Digest, sig MultisigSig) (verified bool, err error)

MultisigVerify verifies an assembled MultisigSig

func NewHash

func NewHash() hash.Hash

NewHash returns a sha512-256 object to do the same operation as Hash()

func RandBytes

func RandBytes(buf []byte)

RandBytes fills the provided structure with a set of random bytes

func RandUint63

func RandUint63() uint64

RandUint63 returns a random 64-bit unsigned integer which can be stored in a 64-bit signed integer without any data loss.

func RandUint64

func RandUint64() uint64

RandUint64 returns a random 64-bit unsigned integer

func VrfKeygen

func VrfKeygen() (pub VrfPubkey, priv VrfPrivkey)

VrfKeygen generates a random VRF keypair.

func VrfKeygenFromSeed

func VrfKeygenFromSeed(seed [32]byte) (pub VrfPubkey, priv VrfPrivkey)

VrfKeygenFromSeed deterministically generates a VRF keypair from 32 bytes of (secret) entropy.

Types

type Digest

type Digest [DigestSize]byte

Digest represents a 32-byte value holding the 256-bit Hash digest.

func DigestFromString

func DigestFromString(str string) (d Digest, err error)

DigestFromString converts a string to a Digest

func Hash

func Hash(data []byte) Digest

Hash computes the SHASum512_256 hash of an array of bytes

func HashObj

func HashObj(h Hashable) Digest

HashObj computes a hash of a Hashable object and its type

func MultisigAddrGen

func MultisigAddrGen(version, threshold uint8, pk []PublicKey) (addr Digest, err error)

MultisigAddrGen identifes the exact group, version, and devices (Public keys) that it requires to sign Hash("MultisigAddr" || version uint8 || threshold uint8 || PK1 || PK2 || ...)

func MultisigAddrGenWithSubsigs

func MultisigAddrGenWithSubsigs(version uint8, threshold uint8,
	subsigs []MultisigSubsig) (addr Digest, err error)

MultisigAddrGenWithSubsigs is similiar to MultisigAddrGen except the input is []Subsig rather than []PublicKey

func (*Digest) CanMarshalMsg

func (_ *Digest) CanMarshalMsg(z interface{}) bool

func (*Digest) CanUnmarshalMsg

func (_ *Digest) CanUnmarshalMsg(z interface{}) bool

func (Digest) IsZero

func (d Digest) IsZero() bool

IsZero return true if the digest contains only zeros, false otherwise

func (*Digest) MarshalMsg

func (z *Digest) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Digest) MsgIsZero

func (z *Digest) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Digest) Msgsize

func (z *Digest) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (Digest) String

func (d Digest) String() string

String returns the digest in a human-readable Base32 string

func (Digest) TrimUint64

func (d Digest) TrimUint64() uint64

TrimUint64 returns the top 64 bits of the digest and converts to uint64

func (*Digest) UnmarshalMsg

func (z *Digest) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type Hashable

type Hashable interface {
	ToBeHashed() (protocol.HashID, []byte)
}

Hashable is an interface implemented by an object that can be represented with a sequence of bytes to be hashed or signed, together with a type ID to distinguish different types of objects.

type MasterDerivationKey

type MasterDerivationKey [masterDerivationKeyLenBytes]byte

MasterDerivationKey is used to derive ed25519 keys for use in wallets

func (*MasterDerivationKey) CanMarshalMsg

func (_ *MasterDerivationKey) CanMarshalMsg(z interface{}) bool

func (*MasterDerivationKey) CanUnmarshalMsg

func (_ *MasterDerivationKey) CanUnmarshalMsg(z interface{}) bool

func (*MasterDerivationKey) MarshalMsg

func (z *MasterDerivationKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MasterDerivationKey) MsgIsZero

func (z *MasterDerivationKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MasterDerivationKey) Msgsize

func (z *MasterDerivationKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MasterDerivationKey) UnmarshalMsg

func (z *MasterDerivationKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSig

type MultisigSig struct {
	Version   uint8            `codec:"v"`
	Threshold uint8            `codec:"thr"`
	Subsigs   []MultisigSubsig `codec:"subsig,allocbound=maxMultisig"`
	// contains filtered or unexported fields
}

MultisigSig is the structure that holds multiple Subsigs

func MultisigAssemble

func MultisigAssemble(unisig []MultisigSig) (msig MultisigSig, err error)

MultisigAssemble assembles multiple MultisigSig

func MultisigMerge

func MultisigMerge(msig1 MultisigSig, msig2 MultisigSig) (msigt MultisigSig, err error)

MultisigMerge merges two Multisigs msig1 and msig2 into msigt

func MultisigPreimageFromPKs

func MultisigPreimageFromPKs(version, threshold uint8, pks []PublicKey) MultisigSig

MultisigPreimageFromPKs makes an empty MultisigSig for a given preimage. It should be renamed. TODO separate preimage type from sig type

func MultisigSign

func MultisigSign(msg Hashable, addr Digest, version, threshold uint8, pk []PublicKey, sk SecretKey) (sig MultisigSig, err error)

MultisigSign is for each device individually signs the digest

func (MultisigSig) Blank

func (msig MultisigSig) Blank() bool

Blank returns true iff the msig is empty. We need this instead of just comparing with == MultisigSig{}, because Subsigs is a slice.

func (*MultisigSig) CanMarshalMsg

func (_ *MultisigSig) CanMarshalMsg(z interface{}) bool

func (*MultisigSig) CanUnmarshalMsg

func (_ *MultisigSig) CanUnmarshalMsg(z interface{}) bool

func (MultisigSig) Equal

func (msig MultisigSig) Equal(other MultisigSig) bool

Equal compares two MultisigSig structs for equality

func (*MultisigSig) MarshalMsg

func (z *MultisigSig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSig) MsgIsZero

func (z *MultisigSig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSig) Msgsize

func (z *MultisigSig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (MultisigSig) Preimage

func (msig MultisigSig) Preimage() (version, threshold uint8, pks []PublicKey)

Preimage returns the version, threshold, and list of all public keys in a (partial) multisig address

func (*MultisigSig) UnmarshalMsg

func (z *MultisigSig) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type MultisigSubsig

type MultisigSubsig struct {
	Key PublicKey `codec:"pk"` // all public keys that are possible signers for this address
	Sig Signature `codec:"s"`  // may be either empty or a signature
	// contains filtered or unexported fields
}

MultisigSubsig is a struct that holds a pair of public key and signatures signatures may be empty

func (*MultisigSubsig) CanMarshalMsg

func (_ *MultisigSubsig) CanMarshalMsg(z interface{}) bool

func (*MultisigSubsig) CanUnmarshalMsg

func (_ *MultisigSubsig) CanUnmarshalMsg(z interface{}) bool

func (*MultisigSubsig) MarshalMsg

func (z *MultisigSubsig) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*MultisigSubsig) MsgIsZero

func (z *MultisigSubsig) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*MultisigSubsig) Msgsize

func (z *MultisigSubsig) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*MultisigSubsig) UnmarshalMsg

func (z *MultisigSubsig) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignature

type OneTimeSignature struct {

	// Sig is a signature of msg under the key PK.
	Sig ed25519Signature `codec:"s"`
	PK  ed25519PublicKey `codec:"p"`

	// Old-style signature that does not use proper domain separation.
	// PKSigOld is unused; however, unfortunately we forgot to mark it
	// `codec:omitempty` and so it appears (with zero value) in certs.
	// This means we can't delete the field without breaking catchup.
	PKSigOld ed25519Signature `codec:"ps"`

	// Used to verify a new-style two-level ephemeral signature.
	// PK1Sig is a signature of OneTimeSignatureSubkeyOffsetID(PK, Batch, Offset) under the key PK2.
	// PK2Sig is a signature of OneTimeSignatureSubkeyBatchID(PK2, Batch) under the master key (OneTimeSignatureVerifier).
	PK2    ed25519PublicKey `codec:"p2"`
	PK1Sig ed25519Signature `codec:"p1s"`
	PK2Sig ed25519Signature `codec:"p2s"`
	// contains filtered or unexported fields
}

A OneTimeSignature is a cryptographic signature that is produced a limited number of times and provides forward integrity.

Specifically, a OneTimeSignature is generated from an ephemeral secret. After some number of messages is signed under a given OneTimeSignatureIdentifier identifier, the corresponding secret is deleted. This prevents the secret-holder from signing a contradictory message in the future in the event of a secret-key compromise.

func (*OneTimeSignature) CanMarshalMsg

func (_ *OneTimeSignature) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignature) CanUnmarshalMsg

func (_ *OneTimeSignature) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignature) MarshalMsg

func (z *OneTimeSignature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignature) MsgIsZero

func (z *OneTimeSignature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignature) Msgsize

func (z *OneTimeSignature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignature) UnmarshalMsg

func (z *OneTimeSignature) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureIdentifier

type OneTimeSignatureIdentifier struct {
	// Batch represents the most-significant part of the identifier.
	Batch uint64

	// Offset represents the least-significant part of the identifier.
	// When moving to a new Batch, the Offset values restart from 0.
	Offset uint64
}

A OneTimeSignatureIdentifier is an identifier under which a OneTimeSignature is produced on a given message. This identifier is represented using a two-level structure, which corresponds to two levels of our ephemeral key tree.

func (OneTimeSignatureIdentifier) BatchBytes

func (id OneTimeSignatureIdentifier) BatchBytes() []byte

BatchBytes converts a OneTimeSignatureIdentifier into a byte slice representing the 64-bit batch number. This is used for the old-style way of signing an ephemeral subkey identifier.

type OneTimeSignatureSecrets

type OneTimeSignatureSecrets struct {
	OneTimeSignatureSecretsPersistent
	// contains filtered or unexported fields
}

OneTimeSignatureSecrets are used to produced unforgeable signatures over a message.

When the method OneTimeSignatureSecrets.DeleteBefore(ID) is called, ephemeral secrets corresponding to OneTimeSignatureIdentifiers preceding ID are deleted. Thereafter, an entity can no longer sign different messages with old OneTimeSignatureIdentifiers, protecting the integrity of the messages signed under those identifiers.

func GenerateOneTimeSignatureSecrets

func GenerateOneTimeSignatureSecrets(startBatch uint64, numBatches uint64) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecrets is a version of GenerateOneTimeSignatureSecretsRNG that uses the system-wide randomness source.

func GenerateOneTimeSignatureSecretsRNG

func GenerateOneTimeSignatureSecretsRNG(startBatch uint64, numBatches uint64, rng RNG) *OneTimeSignatureSecrets

GenerateOneTimeSignatureSecretsRNG creates a limited number of secrets that sign messages under OneTimeSignatureIdentifiers in the range [startBatch, startBatch+numBatches).

This range includes startBatch and excludes startBatch+numBatches.

Randomness comes from the supplied RNG.

func (*OneTimeSignatureSecrets) CanMarshalMsg

func (_ *OneTimeSignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) CanUnmarshalMsg

func (_ *OneTimeSignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecrets) DeleteBeforeFineGrained

func (s *OneTimeSignatureSecrets) DeleteBeforeFineGrained(current OneTimeSignatureIdentifier, numKeysPerBatch uint64)

DeleteBeforeFineGrained deletes ephemeral keys before (but not including) the given id.

func (*OneTimeSignatureSecrets) MarshalMsg

func (z *OneTimeSignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecrets) MsgIsZero

func (z *OneTimeSignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecrets) Msgsize

func (z *OneTimeSignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecrets) Sign

Sign produces a OneTimeSignature of some Hashable message under some OneTimeSignatureIdentifier.

func (*OneTimeSignatureSecrets) Snapshot

Snapshot returns a copy of OneTimeSignatureSecrets consistent with respect to concurrent mutating calls (specifically, DeleteBefore*). This snapshot can be used for serializing the OneTimeSignatureSecrets to persistent storage.

func (*OneTimeSignatureSecrets) UnmarshalMsg

func (z *OneTimeSignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSecretsPersistent

type OneTimeSignatureSecretsPersistent struct {
	OneTimeSignatureVerifier

	// FirstBatch denotes the first batch whose subkey appears in Batches.
	// The odd `codec:` name is for backwards compatibility with previous
	// stored keys where we failed to give any explicit `codec:` name.
	FirstBatch uint64            `codec:"First"`
	Batches    []ephemeralSubkey `codec:"Sub,allocbound=-"`

	// FirstOffset denotes the first offset whose subkey appears in Offsets.
	// These subkeys correspond to batch FirstBatch-1.
	FirstOffset uint64            `codec:"firstoff"`
	Offsets     []ephemeralSubkey `codec:"offkeys,allocbound=-"`

	// When Offsets is non-empty, OffsetsPK2 is the intermediate-level public
	// key that can be used to verify signatures on the subkeys in Offsets, and
	// OffsetsPK2Sig is the signature from the master key (OneTimeSignatureVerifier)
	// on OneTimeSignatureSubkeyBatchID(OffsetsPK2, FirstBatch-1).
	OffsetsPK2    ed25519PublicKey `codec:"offpk2"`
	OffsetsPK2Sig ed25519Signature `codec:"offpk2sig"`
	// contains filtered or unexported fields
}

OneTimeSignatureSecretsPersistent denotes the fields of a OneTimeSignatureSecrets that get stored to persistent storage (through reflection on exported fields).

func (*OneTimeSignatureSecretsPersistent) CanMarshalMsg

func (_ *OneTimeSignatureSecretsPersistent) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) CanUnmarshalMsg

func (_ *OneTimeSignatureSecretsPersistent) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSecretsPersistent) MarshalMsg

func (z *OneTimeSignatureSecretsPersistent) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSecretsPersistent) MsgIsZero

func (z *OneTimeSignatureSecretsPersistent) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSecretsPersistent) Msgsize

func (z *OneTimeSignatureSecretsPersistent) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureSecretsPersistent) UnmarshalMsg

func (z *OneTimeSignatureSecretsPersistent) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyBatchID

type OneTimeSignatureSubkeyBatchID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyBatchID identifies an ephemeralSubkey of a batch for the purposes of signing it with the top-level master key.

func (*OneTimeSignatureSubkeyBatchID) CanMarshalMsg

func (_ *OneTimeSignatureSubkeyBatchID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg

func (_ *OneTimeSignatureSubkeyBatchID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyBatchID) MarshalMsg

func (z *OneTimeSignatureSubkeyBatchID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyBatchID) MsgIsZero

func (z *OneTimeSignatureSubkeyBatchID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyBatchID) Msgsize

func (z *OneTimeSignatureSubkeyBatchID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyBatchID) ToBeHashed

func (batch OneTimeSignatureSubkeyBatchID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyBatchID. This is used to sign an intermediate subkey for a batch, in the new style (contrast with OneTimeSignatureIdentifier.BatchBytes).

func (*OneTimeSignatureSubkeyBatchID) UnmarshalMsg

func (z *OneTimeSignatureSubkeyBatchID) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureSubkeyOffsetID

type OneTimeSignatureSubkeyOffsetID struct {
	SubKeyPK ed25519PublicKey `codec:"pk"`
	Batch    uint64           `codec:"batch"`
	Offset   uint64           `codec:"off"`
	// contains filtered or unexported fields
}

A OneTimeSignatureSubkeyOffsetID identifies an ephemeralSubkey of a specific offset within a batch, for the purposes of signing it with the batch subkey.

func (*OneTimeSignatureSubkeyOffsetID) CanMarshalMsg

func (_ *OneTimeSignatureSubkeyOffsetID) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg

func (_ *OneTimeSignatureSubkeyOffsetID) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureSubkeyOffsetID) MarshalMsg

func (z *OneTimeSignatureSubkeyOffsetID) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureSubkeyOffsetID) MsgIsZero

func (z *OneTimeSignatureSubkeyOffsetID) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureSubkeyOffsetID) Msgsize

func (z *OneTimeSignatureSubkeyOffsetID) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (OneTimeSignatureSubkeyOffsetID) ToBeHashed

func (off OneTimeSignatureSubkeyOffsetID) ToBeHashed() (protocol.HashID, []byte)

ToBeHashed implements the Hashable interface for a OneTimeSignatureSubkeyOffsetID. This is used to sign a subkey for a specific offset in a batch.

func (*OneTimeSignatureSubkeyOffsetID) UnmarshalMsg

func (z *OneTimeSignatureSubkeyOffsetID) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type OneTimeSignatureVerifier

type OneTimeSignatureVerifier ed25519PublicKey

A OneTimeSignatureVerifier is used to identify the holder of OneTimeSignatureSecrets and prove the authenticity of OneTimeSignatures against some OneTimeSignatureIdentifier.

func (*OneTimeSignatureVerifier) CanMarshalMsg

func (_ *OneTimeSignatureVerifier) CanMarshalMsg(z interface{}) bool

func (*OneTimeSignatureVerifier) CanUnmarshalMsg

func (_ *OneTimeSignatureVerifier) CanUnmarshalMsg(z interface{}) bool

func (*OneTimeSignatureVerifier) MarshalMsg

func (z *OneTimeSignatureVerifier) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*OneTimeSignatureVerifier) MsgIsZero

func (z *OneTimeSignatureVerifier) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*OneTimeSignatureVerifier) Msgsize

func (z *OneTimeSignatureVerifier) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*OneTimeSignatureVerifier) UnmarshalMsg

func (z *OneTimeSignatureVerifier) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (OneTimeSignatureVerifier) Verify

Verify verifies that some Hashable signature was signed under some OneTimeSignatureVerifier and some OneTimeSignatureIdentifier.

It returns true if this is the case; otherwise, it returns false.

type OneTimeSigner

type OneTimeSigner struct {
	*OneTimeSignatureSecrets
	OptionalKeyDilution uint64
}

OneTimeSigner is a wrapper for OneTimeSignatureSecrets that also includes the appropriate KeyDilution value. If zero, the value should be inherited from ConsensusParams.DefaultKeyDilution.

func (OneTimeSigner) KeyDilution

func (ots OneTimeSigner) KeyDilution(params config.ConsensusParams) uint64

KeyDilution returns the appropriate key dilution value for a OneTimeSigner.

type PRNG

type PRNG struct {
	// contains filtered or unexported fields
}

PRNG is a pseudo-random implementation of RNG, used for deterministic testing.

func MakePRNG

func MakePRNG(seed []byte) *PRNG

MakePRNG creates a new PRNG from an initial seed. The implementation is based on HMAC_DRBG. All random bytes from the PRNG will be determined by the initial seed value. Used by test code only.

func (*PRNG) RandBytes

func (prng *PRNG) RandBytes(buf []byte)

RandBytes implements the RNG interface for the PRNG. Used by test code only.

type PrivateKey

type PrivateKey ed25519PrivateKey

PrivateKey is an exported ed25519PrivateKey

func (*PrivateKey) CanMarshalMsg

func (_ *PrivateKey) CanMarshalMsg(z interface{}) bool

func (*PrivateKey) CanUnmarshalMsg

func (_ *PrivateKey) CanUnmarshalMsg(z interface{}) bool

func (*PrivateKey) MarshalMsg

func (z *PrivateKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PrivateKey) MsgIsZero

func (z *PrivateKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PrivateKey) Msgsize

func (z *PrivateKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PrivateKey) UnmarshalMsg

func (z *PrivateKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type PublicKey

type PublicKey ed25519PublicKey

PublicKey is an exported ed25519PublicKey

func SecretKeyToPublicKey

func SecretKeyToPublicKey(secret PrivateKey) (PublicKey, error)

SecretKeyToPublicKey derives a public key from a secret key. This is very efficient since ed25519 private keys literally contain their public key

func (*PublicKey) CanMarshalMsg

func (_ *PublicKey) CanMarshalMsg(z interface{}) bool

func (*PublicKey) CanUnmarshalMsg

func (_ *PublicKey) CanUnmarshalMsg(z interface{}) bool

func (*PublicKey) MarshalMsg

func (z *PublicKey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*PublicKey) MsgIsZero

func (z *PublicKey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*PublicKey) Msgsize

func (z *PublicKey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*PublicKey) UnmarshalMsg

func (z *PublicKey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type RNG

type RNG interface {
	RandBytes([]byte)
}

RNG represents a randomness source. This could be either a system-wide randomness source (like what gets exposed by crypto/rand), or a PRNG that we use for testing.

type SecretKey

type SecretKey = SignatureSecrets

SecretKey is casted from SignatureSecrets

type Seed

type Seed ed25519Seed

A Seed holds the entropy needed to generate cryptographic keys.

func SecretKeyToSeed

func SecretKeyToSeed(secret PrivateKey) (Seed, error)

SecretKeyToSeed derives the seed from a secret key. This is very efficient since ed25519 private keys literally contain their seed

func (*Seed) CanMarshalMsg

func (_ *Seed) CanMarshalMsg(z interface{}) bool

func (*Seed) CanUnmarshalMsg

func (_ *Seed) CanUnmarshalMsg(z interface{}) bool

func (*Seed) MarshalMsg

func (z *Seed) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Seed) MsgIsZero

func (z *Seed) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Seed) Msgsize

func (z *Seed) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Seed) UnmarshalMsg

func (z *Seed) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type Signature

type Signature ed25519Signature

A Signature is a cryptographic signature. It proves that a message was produced by a holder of a cryptographic secret.

func (*Signature) Blank

func (s *Signature) Blank() bool

Blank tests to see if the given signature contains only zeros

func (*Signature) CanMarshalMsg

func (_ *Signature) CanMarshalMsg(z interface{}) bool

func (*Signature) CanUnmarshalMsg

func (_ *Signature) CanUnmarshalMsg(z interface{}) bool

func (*Signature) MarshalMsg

func (z *Signature) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*Signature) MsgIsZero

func (z *Signature) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*Signature) Msgsize

func (z *Signature) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*Signature) UnmarshalMsg

func (z *Signature) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureSecrets

type SignatureSecrets struct {
	SignatureVerifier
	SK ed25519PrivateKey
	// contains filtered or unexported fields
}

SignatureSecrets are used by an entity to produce unforgeable signatures over a message.

func GenerateSignatureSecrets

func GenerateSignatureSecrets(seed Seed) *SignatureSecrets

GenerateSignatureSecrets creates SignatureSecrets from a source of entropy.

func SecretKeyToSignatureSecrets

func SecretKeyToSignatureSecrets(sk PrivateKey) (secrets *SignatureSecrets, err error)

SecretKeyToSignatureSecrets converts a private key into a SignatureSecrets and returns a pointer

func (*SignatureSecrets) CanMarshalMsg

func (_ *SignatureSecrets) CanMarshalMsg(z interface{}) bool

func (*SignatureSecrets) CanUnmarshalMsg

func (_ *SignatureSecrets) CanUnmarshalMsg(z interface{}) bool

func (*SignatureSecrets) MarshalMsg

func (z *SignatureSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*SignatureSecrets) MsgIsZero

func (z *SignatureSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*SignatureSecrets) Msgsize

func (z *SignatureSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*SignatureSecrets) Sign

func (s *SignatureSecrets) Sign(message Hashable) Signature

Sign produces a cryptographic Signature of a Hashable message, given cryptographic secrets.

func (*SignatureSecrets) SignBytes

func (s *SignatureSecrets) SignBytes(message []byte) Signature

SignBytes signs a message directly, without first hashing. Caller is responsible for domain separation.

func (*SignatureSecrets) UnmarshalMsg

func (z *SignatureSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type SignatureVerifier

type SignatureVerifier = PublicKey

A SignatureVerifier is used to identify the holder of SignatureSecrets and verify the authenticity of Signatures.

func (SignatureVerifier) Verify

func (v SignatureVerifier) Verify(message Hashable, sig Signature) bool

Verify verifies that some holder of a cryptographic secret authentically signed a Hashable message.

It returns true if this is the case; otherwise, it returns false.

func (SignatureVerifier) VerifyBytes

func (v SignatureVerifier) VerifyBytes(message []byte, sig Signature) bool

VerifyBytes verifies a signature, where the message is not hashed first. Caller is responsible for domain separation. If the message is a Hashable, Verify() can be used instead.

type VRFProof

type VRFProof = VrfProof

VRFProof is a deprecated name for VrfProof

type VRFSecrets

type VRFSecrets struct {
	PK VrfPubkey
	SK VrfPrivkey
	// contains filtered or unexported fields
}

VRFSecrets is a wrapper for a VRF keypair. Use *VrfPrivkey instead

func GenerateVRFSecrets

func GenerateVRFSecrets() *VRFSecrets

GenerateVRFSecrets is deprecated, use VrfKeygen or VrfKeygenFromSeed instead

func (*VRFSecrets) CanMarshalMsg

func (_ *VRFSecrets) CanMarshalMsg(z interface{}) bool

func (*VRFSecrets) CanUnmarshalMsg

func (_ *VRFSecrets) CanUnmarshalMsg(z interface{}) bool

func (*VRFSecrets) MarshalMsg

func (z *VRFSecrets) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VRFSecrets) MsgIsZero

func (z *VRFSecrets) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VRFSecrets) Msgsize

func (z *VRFSecrets) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VRFSecrets) UnmarshalMsg

func (z *VRFSecrets) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VRFVerifier

type VRFVerifier = VrfPubkey

VRFVerifier is a deprecated name for VrfPubkey

type VrfOutput

type VrfOutput [64]byte

VrfOutput is a 64-byte pseudorandom value that can be computed from a VrfProof. The VRF scheme guarantees that such output will be unique

func (*VrfOutput) CanMarshalMsg

func (_ *VrfOutput) CanMarshalMsg(z interface{}) bool

func (*VrfOutput) CanUnmarshalMsg

func (_ *VrfOutput) CanUnmarshalMsg(z interface{}) bool

func (*VrfOutput) MarshalMsg

func (z *VrfOutput) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfOutput) MsgIsZero

func (z *VrfOutput) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfOutput) Msgsize

func (z *VrfOutput) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfOutput) UnmarshalMsg

func (z *VrfOutput) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPrivkey

type VrfPrivkey [64]byte

A VrfPrivkey is a private key used for producing VRF proofs. Specifically, we use a 64-byte ed25519 private key (the latter 32-bytes are the precomputed public key)

func (*VrfPrivkey) CanMarshalMsg

func (_ *VrfPrivkey) CanMarshalMsg(z interface{}) bool

func (*VrfPrivkey) CanUnmarshalMsg

func (_ *VrfPrivkey) CanUnmarshalMsg(z interface{}) bool

func (*VrfPrivkey) MarshalMsg

func (z *VrfPrivkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPrivkey) MsgIsZero

func (z *VrfPrivkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPrivkey) Msgsize

func (z *VrfPrivkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (VrfPrivkey) Prove

func (sk VrfPrivkey) Prove(message Hashable) (proof VrfProof, ok bool)

Prove constructs a VRF Proof for a given Hashable. ok will be false if the private key is malformed.

func (VrfPrivkey) Pubkey

func (sk VrfPrivkey) Pubkey() (pk VrfPubkey)

Pubkey returns the public key that corresponds to the given private key.

func (*VrfPrivkey) UnmarshalMsg

func (z *VrfPrivkey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfProof

type VrfProof [80]byte

A VrfProof for a message can be generated with a secret key and verified against a public key, like a signature. Proofs are malleable, however, for a given message and public key, the VRF output that can be computed from a proof is unique.

func (*VrfProof) CanMarshalMsg

func (_ *VrfProof) CanMarshalMsg(z interface{}) bool

func (*VrfProof) CanUnmarshalMsg

func (_ *VrfProof) CanUnmarshalMsg(z interface{}) bool

func (VrfProof) Hash

func (proof VrfProof) Hash() (hash VrfOutput, ok bool)

Hash converts a VRF proof to a VRF output without verifying the proof. TODO: Consider removing so that we don't accidentally hash an unverified proof

func (*VrfProof) MarshalMsg

func (z *VrfProof) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfProof) MsgIsZero

func (z *VrfProof) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfProof) Msgsize

func (z *VrfProof) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfProof) UnmarshalMsg

func (z *VrfProof) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type VrfPubkey

type VrfPubkey [32]byte

A VrfPubkey is a public key that can be used to verify VRF proofs.

func (*VrfPubkey) CanMarshalMsg

func (_ *VrfPubkey) CanMarshalMsg(z interface{}) bool

func (*VrfPubkey) CanUnmarshalMsg

func (_ *VrfPubkey) CanUnmarshalMsg(z interface{}) bool

func (*VrfPubkey) MarshalMsg

func (z *VrfPubkey) MarshalMsg(b []byte) (o []byte)

MarshalMsg implements msgp.Marshaler

func (*VrfPubkey) MsgIsZero

func (z *VrfPubkey) MsgIsZero() bool

MsgIsZero returns whether this is a zero value

func (*VrfPubkey) Msgsize

func (z *VrfPubkey) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*VrfPubkey) UnmarshalMsg

func (z *VrfPubkey) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

func (VrfPubkey) Verify

func (pk VrfPubkey) Verify(p VrfProof, message Hashable) (bool, VrfOutput)

Verify checks a VRF proof of a given Hashable. If the proof is valid the pseudorandom VrfOutput will be returned. For a given public key and message, there are potentially multiple valid proofs. However, given a public key and message, all valid proofs will yield the same output. Moreover, the output is indistinguishable from random to anyone without the proof or the secret key.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL