crypto

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2023 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Package crypto provides an implementation of the MirModule module. It supports RSA and ECDSA signatures.

Package crypto provides an implementation of the MirModule module. It supports RSA and ECDSA signatures.

Index

Constants

This section is empty.

Variables

View Source
var (
	// DefaultPseudoSeed is an arbitrary number that the nodes can use as a seed when instantiating its MirModule module.
	// This is not secure, but helps during testing, as it obviates the exchange of public keys among nodes.
	DefaultPseudoSeed int64 = 12345
)

Functions

func GenerateKeyPair

func GenerateKeyPair(randomness io.Reader) (priv []byte, pub []byte, err error)

GenerateKeyPair generates a pair of ECDSA keys that can be used for signing and verifying. The randomness parameter should be backed by a high-quality source of entropy such as crypto/rand.Reader. The priv key can be used for creation of a new instance of the crypto module (New function) and the pub key can be passed to DefaultImpl.RegisterNodeKey.

func PrivKeyFromFile

func PrivKeyFromFile(file string) ([]byte, error)

PrivKeyFromFile extracts a private key from a PEM key file. Returns a serialized form of the private key. The output of this function can be passed to New when creating an instance of DefaultImpl.

func PubKeyFromFile

func PubKeyFromFile(fileName string) ([]byte, error)

PubKeyFromFile extracts a public key from a PEM certificate file. Returns a serialized form of the public key that can be used directly with DefaultImpl.RegisterNodeKey.

func SerializePrivKey

func SerializePrivKey(privKey interface{}) (privKeyBytes []byte, err error)

SerializePrivKey serializes a private key into a byte slice. The output of this function can be passed to New when creating an instance of DefaultImpl. Currently, pointers to crypto/ecdsa.PrivateKey and crypto/rsa.PrivateKey are supported types of pubKey.

func SerializePubKey

func SerializePubKey(pubKey interface{}) (pubKeyBytes []byte, err error)

SerializePubKey serializes a public key into a byte slice. The output of this function can be used with DefaultImpl.RegisterNodeKey. Currently, pointers to crypto/ecdsa.PublicKey and crypto/rsa.PublicKey are supported types of pubKey.

Types

type Crypto

type Crypto interface {

	// Sign signs the provided data and returns the resulting signature.
	// The data to be signed is the concatenation of all the passed byte slices.
	// A signature produced by Sign is verifiable using Verify.
	// Note that the private key used to produce the signature cannot be set ("registered") through this interface.
	// Storing and using the private key is completely implementation-dependent.
	Sign(data [][]byte) ([]byte, error)

	// Verify verifies a signature produced by the node with ID nodeID over data.
	// Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise.
	Verify(data [][]byte, signature []byte, nodeID t.NodeID) error
}

The Crypto interface represents an implementation of the cryptographic primitives inside the MirModule module. It is responsible for producing and verifying cryptographic signatures. It internally stores information about which clients and nodes are associated with which public keys. This information can be updated by the Node through appropriate events. Both clients and nodes are identified only by their IDs.

func InsecureCryptoForTestingOnly added in v0.1.1

func InsecureCryptoForTestingOnly(nodes []t.NodeID, ownID t.NodeID, seed int64) (Crypto, error)

InsecureCryptoForTestingOnly returns a CryptoImpl module to be used by a node, generating new keys in a pseudo-random manner. It is initialized and populated deterministically, based on a given configuration and a random seed. InsecureCryptoForTestingOnly is not secure and intended for testing purposes only. It also assumes a static membership known to all nodes, InsecureCryptoForTestingOnly can be invoked by each Node independently (specifying the same seed, e.g. DefaultPseudoSeed) and generates the same set of keys for the whole system at each node, obviating the exchange of public keys.

type DefaultImpl

type DefaultImpl struct {
	// contains filtered or unexported fields
}

DefaultImpl represents a generic implementation of the MirModule module that can be used at Node instantiation (when calling mir.NewNode)

func NewDefaultImpl

func NewDefaultImpl(privKey []byte) (*DefaultImpl, error)

NewDefaultImpl returns a new initialized instance of a MirModule implementation. privKey is the serialized representation of the private key that will be used for signing. privKey must be the output of SerializePrivKey or GenerateKeyPair.

func (*DefaultImpl) DeleteNodeKey

func (c *DefaultImpl) DeleteNodeKey(nodeID t.NodeID)

DeleteNodeKey removes the public key associated with nodeID from the internal state. Any subsequent call to Verify(..., nodeID) will fail.

func (*DefaultImpl) RegisterNodeKey

func (c *DefaultImpl) RegisterNodeKey(pubKey []byte, nodeID t.NodeID) error

RegisterNodeKey associates a public key with a node ID. pubKey must be the output of SerializePubKey. Calls to Verify will fail until RegisterNodeKey is successfully called with the corresponding node ID. Returns nil on success, a non-nil error on failure.

func (*DefaultImpl) Sign

func (c *DefaultImpl) Sign(data [][]byte) ([]byte, error)

Sign signs the provided data and returns the resulting signature. First, Sign computes a SHA256 hash of the concatenation of all the byte slices in data. Then it signs the hash using the private key specified at creation of this MirModule object.

func (*DefaultImpl) Verify

func (c *DefaultImpl) Verify(data [][]byte, signature []byte, nodeID t.NodeID) error

Verify verifies a signature produced by the node with ID nodeID over data. First, Verify computes a SHA256 hash of the concatenation of all the byte slices in data. Then it verifies the signature over this hash using the public key registered under nodeID. Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise. Note that RegisterNodeKey must be used to register the node's public key before calling Verify, otherwise Verify will fail.

type DummyCrypto

type DummyCrypto struct {

	// The only accepted signature
	DummySig []byte
}

DummyCrypto represents a dummy MirModule module that always produces the same dummy byte slice specified at instantiation as signature. Verification of this dummy signature always succeeds. This is intended as a stub for testing purposes.

func (*DummyCrypto) DeleteNodeKey

func (dc *DummyCrypto) DeleteNodeKey(_ t.NodeID)

DeleteNodeKey does nothing, as no public keys are used.

func (*DummyCrypto) RegisterNodeKey

func (dc *DummyCrypto) RegisterNodeKey(_ []byte, _ t.NodeID) error

RegisterNodeKey does nothing, as no public keys are used.

func (*DummyCrypto) Sign

func (dc *DummyCrypto) Sign(_ [][]byte) ([]byte, error)

Sign always returns the dummy signature DummySig, regardless of the data.

func (*DummyCrypto) Verify

func (dc *DummyCrypto) Verify(_ [][]byte, signature []byte, _ t.NodeID) error

Verify returns nil (i.e. success) only if signature equals DummySig. Both data and nodeID are ignored.

type HashImpl

type HashImpl interface {
	New() hash.Hash
}

type Hasher

type Hasher struct {
	// contains filtered or unexported fields
}

func NewHasher

func NewHasher(hashImpl HashImpl) *Hasher

func (*Hasher) ApplyEvent

func (hasher *Hasher) ApplyEvent(event *eventpb.Event) (*events.EventList, error)

func (*Hasher) ApplyEvents

func (hasher *Hasher) ApplyEvents(eventsIn *events.EventList) (*events.EventList, error)

func (*Hasher) ImplementsModule

func (hasher *Hasher) ImplementsModule()

The ImplementsModule method only serves the purpose of indicating that this is a Module and must not be called.

type MirModule

type MirModule struct {
	// contains filtered or unexported fields
}

func New

func New(crypto Crypto) *MirModule

func (*MirModule) ApplyEvent

func (c *MirModule) ApplyEvent(event *eventpb.Event) (*events.EventList, error)

func (*MirModule) ApplyEvents

func (c *MirModule) ApplyEvents(eventsIn *events.EventList) (*events.EventList, error)

func (*MirModule) ImplementsModule

func (c *MirModule) ImplementsModule()

The ImplementsModule method only serves the purpose of indicating that this is a Module and must not be called.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL