kbfscrypto

package
v2.3.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 9, 2018 License: BSD-3-Clause Imports: 23 Imported by: 0

README

kbfscrypto

Crypto-related types and functions for KBFS. The package is named kbfscrypto rather than crypto for two reasons:

  1. To avoid conflicting with the crypto package.
  2. Some variables are named crypto already.

All errors returned by this package are wrapped with pkg/errors, and so need errors.Cause() to unwrap them.

Documentation

Index

Constants

View Source 
const (
	// SigED25519 is the signature type for ED25519
	SigED25519 = SigVer(iota + 1)
	// SigED25519ForKBFS is the signature type for ED25519 with a KBFS prefix.
	SigED25519ForKBFS
)
View Source 
const AuthTokenMinRefreshSeconds = 60

AuthTokenMinRefreshSeconds is the minimum number of seconds between refreshes.

View Source 
const (
	// EnvTestRootCertPEM is the environment variable name for the
	// CA cert PEM the client uses to verify the KBFS servers when
	// testing. Any certificate present here overrides any
	// certificate inferred from a server address.
	EnvTestRootCertPEM = "KEYBASE_TEST_ROOT_CERT_PEM"
)
View Source 
const TestRootCert = `` /* 4195-byte string literal not displayed */

TestRootCert is a CA cert which can be used for testing TLS support. 127.0.0.1 is the only supported address.

View Source 
const TestRootKey = `` /* 1678-byte string literal not displayed */

TestRootKey can be used with the above cert+public key to test TLS support.

Variables

View Source 
var PublicTLFCryptKey = MakeTLFCryptKey([32]byte{
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
})

PublicTLFCryptKey is the TLFCryptKey used for all public TLFs. That means that anyone with just the block key for a public TLF can decrypt that block. This is not the zero TLFCryptKey so that we can distinguish it from an (erroneously?) unset TLFCryptKey.

Functions

func DecryptBlock 

func DecryptBlock(encryptedBlock EncryptedBlock, key BlockCryptKey) (
	[]byte, error)

DecryptBlock decrypts a block, but does not unpad or decode it.

func DecryptMerkleLeaf 

func DecryptMerkleLeaf(
	privateKey TLFPrivateKey, publicKey TLFEphemeralPublicKey,
	encryptedMerkleLeaf EncryptedMerkleLeaf) ([]byte, error)

DecryptMerkleLeaf decrypts an EncryptedMerkleLeaf using the given private TLF key and ephemeral public key.

func DecryptPrivateMetadata 

func DecryptPrivateMetadata(
	encryptedPrivateMetadata EncryptedPrivateMetadata, key TLFCryptKey) (
	[]byte, error)

DecryptPrivateMetadata decrypts a PrivateMetadata object, but does not decode it.

func GetRootCerts 

func GetRootCerts(serverAddr string,
	certGetter func(host string) (certsBundle []byte, ok bool)) []byte

GetRootCerts returns a byte array with the appropriate root certs for the given host:port string.

func MakeRandomTLFEphemeralKeys 

func MakeRandomTLFEphemeralKeys() (
	TLFEphemeralPublicKey, TLFEphemeralPrivateKey, error)

MakeRandomTLFEphemeralKeys generates ephemeral keys using a CSPRNG for a TLF. These keys can then be used to key/rekey the TLF.

func PrepareMerkleLeaf 

func PrepareMerkleLeaf(encryptedMerkleLeaf EncryptedMerkleLeaf) (
	nonce [24]byte, err error)

PrepareMerkleLeaf verifies the correctness of the given leaf, and returns its nonce.

func RandRead 

func RandRead(buf []byte) error

RandRead is a belt-and-suspenders wrapper around crypto.rand.Read().

func Verify 

func Verify(msg []byte, sigInfo SignatureInfo) error

Verify verifies the given message against the given SignatureInfo, and returns nil if it verifies successfully, or an error otherwise.

func VerifyTLFCryptKeyServerHalfID 

func VerifyTLFCryptKeyServerHalfID(
	serverHalfID TLFCryptKeyServerHalfID,
	user keybase1.UID, devicePubKey CryptPublicKey,
	serverHalf TLFCryptKeyServerHalf) error

VerifyTLFCryptKeyServerHalfID verifies the ID is the proper HMAC result.

Types

type AuthToken 

type AuthToken struct {
	// contains filtered or unexported fields
}

AuthToken encapsulates a timed authentication token.

func NewAuthToken 

func NewAuthToken(signer Signer, tokenType string, expireIn int,
	submoduleName, version string, rh AuthTokenRefreshHandler) *AuthToken

NewAuthToken creates a new authentication token.

func (*AuthToken) Shutdown 

func (a *AuthToken) Shutdown()

Shutdown is called to stop the refresh ticker.

func (*AuthToken) Sign 

func (a *AuthToken) Sign(ctx context.Context,
	currentUsername libkb.NormalizedUsername, currentUID keybase1.UID,
	currentVerifyingKey VerifyingKey,
	challengeInfo keybase1.ChallengeInfo) (string, error)

Sign is called to create a new signed authentication token, including a challenge and username/uid/kid identifiers.

func (*AuthToken) SignUserless 

func (a *AuthToken) SignUserless(
	ctx context.Context, key VerifyingKey) (
	string, error)

SignUserless signs the token without a username, UID, or challenge. This is useful for server-to-server communication where identity is established using only the KID. Assume the client and server clocks are roughly synchronized.

type AuthTokenRefreshHandler 

type AuthTokenRefreshHandler interface {
	RefreshAuthToken(context.Context)
}

AuthTokenRefreshHandler defines a callback to be called when an auth token refresh is needed.

type BlockCryptKey 

type BlockCryptKey struct {
	// contains filtered or unexported fields
}

BlockCryptKey is used to encrypt/decrypt block data. (See § 4.1.2.)

func MakeBlockCryptKey 

func MakeBlockCryptKey(data [32]byte) BlockCryptKey

MakeBlockCryptKey returns a BlockCryptKey containing the given data.

Copies of BlockCryptKey objects are deep copies.

func UnmaskBlockCryptKey 

func UnmaskBlockCryptKey(serverHalf BlockCryptKeyServerHalf,
	tlfCryptKey TLFCryptKey) BlockCryptKey

UnmaskBlockCryptKey returns the block crypt key.

func (BlockCryptKey) Data 

func (c BlockCryptKey) Data() [32]byte

func (BlockCryptKey) MarshalBinary 

func (c BlockCryptKey) MarshalBinary() (data []byte, err error)

func (BlockCryptKey) MarshalText 

func (c BlockCryptKey) MarshalText() ([]byte, error)

func (BlockCryptKey) String 

func (c BlockCryptKey) String() string

func (*BlockCryptKey) UnmarshalBinary 

func (c *BlockCryptKey) UnmarshalBinary(data []byte) error

func (*BlockCryptKey) UnmarshalText 

func (c *BlockCryptKey) UnmarshalText(data []byte) error

type BlockCryptKeyServerHalf 

type BlockCryptKeyServerHalf struct {
	// contains filtered or unexported fields
}

BlockCryptKeyServerHalf is a masked version of a BlockCryptKey, which can be recovered only with the TLFCryptKey used to mask the server half.

Copies of BlockCryptKeyServerHalf objects are deep copies.

func MakeBlockCryptKeyServerHalf 

func MakeBlockCryptKeyServerHalf(data [32]byte) BlockCryptKeyServerHalf

MakeBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given data.

func MakeRandomBlockCryptKeyServerHalf 

func MakeRandomBlockCryptKeyServerHalf() (
	serverHalf BlockCryptKeyServerHalf, err error)

MakeRandomBlockCryptKeyServerHalf generates the server-side of a block crypt key.

func ParseBlockCryptKeyServerHalf 

func ParseBlockCryptKeyServerHalf(s string) (BlockCryptKeyServerHalf, error)

ParseBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given hex-encoded data, or an error.

func (BlockCryptKeyServerHalf) Bytes 

func (c BlockCryptKeyServerHalf) Bytes() []byte

func (BlockCryptKeyServerHalf) Data 

func (c BlockCryptKeyServerHalf) Data() [32]byte

func (BlockCryptKeyServerHalf) MarshalBinary 

func (c BlockCryptKeyServerHalf) MarshalBinary() (data []byte, err error)

func (BlockCryptKeyServerHalf) MarshalText 

func (c BlockCryptKeyServerHalf) MarshalText() ([]byte, error)

func (BlockCryptKeyServerHalf) String 

func (c BlockCryptKeyServerHalf) String() string

func (*BlockCryptKeyServerHalf) UnmarshalBinary 

func (c *BlockCryptKeyServerHalf) UnmarshalBinary(data []byte) error

func (*BlockCryptKeyServerHalf) UnmarshalText 

func (c *BlockCryptKeyServerHalf) UnmarshalText(data []byte) error

type CryptPrivateKey 

type CryptPrivateKey struct {
	// contains filtered or unexported fields
}

CryptPrivateKey is a private key for encryption/decryption.

func MakeFakeCryptPrivateKeyOrBust 

func MakeFakeCryptPrivateKeyOrBust(seed string) CryptPrivateKey

MakeFakeCryptPrivateKeyOrBust makes a new crypt private key from fake randomness made from the given seed.

func NewCryptPrivateKey 

func NewCryptPrivateKey(kp libkb.NaclDHKeyPair) CryptPrivateKey

NewCryptPrivateKey returns a CryptPrivateKey using the given key pair.

func (CryptPrivateKey) Data 

func (k CryptPrivateKey) Data() [32]byte

Data returns the private key's data, suitable to be used with box.Open or box.Seal.

TODO: Make the CryptPrivateKey handle the Open/Seal itself.

func (CryptPrivateKey) GetPublicKey 

func (k CryptPrivateKey) GetPublicKey() CryptPublicKey

GetPublicKey returns the public key corresponding to this private key.

type CryptPublicKey 

type CryptPublicKey struct {
	// contains filtered or unexported fields
}

CryptPublicKey (M_u^i) is used (with a TLFEphemeralPrivateKey) to encrypt TLFCryptKeyClientHalf objects (See §§ 4.1.1, 6.1.1, 6.3.) These are also sometimes known as subkeys.

Copies of CryptPublicKey objects are deep copies.

func MakeCryptPublicKey 

func MakeCryptPublicKey(kid keybase1.KID) CryptPublicKey

MakeCryptPublicKey returns a CryptPublicKey containing the given KID.

func MakeFakeCryptPublicKeyOrBust 

func MakeFakeCryptPublicKeyOrBust(seed string) CryptPublicKey

MakeFakeCryptPublicKeyOrBust makes the public key corresponding to the crypt private key made with the same seed.

func (CryptPublicKey) KID 

func (k CryptPublicKey) KID() keybase1.KID

func (CryptPublicKey) MarshalBinary 

func (k CryptPublicKey) MarshalBinary() (data []byte, err error)

func (CryptPublicKey) MarshalJSON 

func (k CryptPublicKey) MarshalJSON() ([]byte, error)

func (CryptPublicKey) String 

func (k CryptPublicKey) String() string

func (*CryptPublicKey) UnmarshalBinary 

func (k *CryptPublicKey) UnmarshalBinary(data []byte) error

func (*CryptPublicKey) UnmarshalJSON 

func (k *CryptPublicKey) UnmarshalJSON(s []byte) error

type EncryptedBlock 

type EncryptedBlock struct {
	// contains filtered or unexported fields
}

EncryptedBlock is an encrypted Block object.

func EncryptPaddedEncodedBlock 

func EncryptPaddedEncodedBlock(paddedEncodedBlock []byte, key BlockCryptKey) (
	encryptedBlock EncryptedBlock, err error)

EncryptPaddedEncodedBlock encrypts a padded, encoded block.

func (EncryptedBlock) Size 

func (ed EncryptedBlock) Size() int

Size implements the cache.Measurable interface.

func (EncryptedBlock) String 

func (ed EncryptedBlock) String() string

type EncryptedMerkleLeaf 

type EncryptedMerkleLeaf struct {
	// contains filtered or unexported fields
}

EncryptedMerkleLeaf is an encrypted MerkleLeaf object.

func MakeEncryptedMerkleLeaf 

func MakeEncryptedMerkleLeaf(
	version EncryptionVer, data []byte, nonce *[24]byte) EncryptedMerkleLeaf

MakeEncryptedMerkleLeaf constructs an EncryptedMerkleLeaf.

func (EncryptedMerkleLeaf) Size 

func (ed EncryptedMerkleLeaf) Size() int

Size implements the cache.Measurable interface.

func (EncryptedMerkleLeaf) String 

func (ed EncryptedMerkleLeaf) String() string

type EncryptedPrivateMetadata 

type EncryptedPrivateMetadata struct {
	// contains filtered or unexported fields
}

EncryptedPrivateMetadata is an encrypted PrivateMetadata object.

func EncryptEncodedPrivateMetadata 

func EncryptEncodedPrivateMetadata(encodedPrivateMetadata []byte, key TLFCryptKey) (
	encryptedPrivateMetadata EncryptedPrivateMetadata, err error)

EncryptEncodedPrivateMetadata encrypts an encoded PrivateMetadata object.

func (EncryptedPrivateMetadata) Size 

func (ed EncryptedPrivateMetadata) Size() int

Size implements the cache.Measurable interface.

func (EncryptedPrivateMetadata) String 

func (ed EncryptedPrivateMetadata) String() string

type EncryptedTLFCryptKeyClientHalf 

type EncryptedTLFCryptKeyClientHalf struct {
	// contains filtered or unexported fields
}

EncryptedTLFCryptKeyClientHalf is an encrypted TLFCryptKeyClientHalf object.

func EncryptTLFCryptKeyClientHalf 

func EncryptTLFCryptKeyClientHalf(
	privateKey TLFEphemeralPrivateKey, publicKey CryptPublicKey,
	clientHalf TLFCryptKeyClientHalf) (
	encryptedClientHalf EncryptedTLFCryptKeyClientHalf, err error)

EncryptTLFCryptKeyClientHalf encrypts a TLFCryptKeyClientHalf using both a TLF's ephemeral private key and a device pubkey.

func MakeEncryptedTLFCryptKeyClientHalfForTest 

func MakeEncryptedTLFCryptKeyClientHalfForTest(
	version EncryptionVer, encodedClientHalf, nonce []byte) EncryptedTLFCryptKeyClientHalf

MakeEncryptedTLFCryptKeyClientHalfForTest returns an EncryptedTLFCryptKeyClientHalf with copies of the given data.

func (EncryptedTLFCryptKeyClientHalf) Size 

func (ed EncryptedTLFCryptKeyClientHalf) Size() int

Size implements the cache.Measurable interface.

func (EncryptedTLFCryptKeyClientHalf) String 

func (ed EncryptedTLFCryptKeyClientHalf) String() string

type EncryptedTLFCryptKeys 

type EncryptedTLFCryptKeys struct {
	// contains filtered or unexported fields
}

EncryptedTLFCryptKeys is an encrypted TLFCryptKey array.

func EncryptTLFCryptKeys 

func EncryptTLFCryptKeys(codec kbfscodec.Codec, oldKeys []TLFCryptKey, key TLFCryptKey) (
	encryptedTLFCryptKeys EncryptedTLFCryptKeys, err error)

EncryptTLFCryptKeys encrypts a TLFCryptKey array.

func (EncryptedTLFCryptKeys) Size 

func (ed EncryptedTLFCryptKeys) Size() int

Size implements the cache.Measurable interface.

func (EncryptedTLFCryptKeys) String 

func (ed EncryptedTLFCryptKeys) String() string

type EncryptionVer 

type EncryptionVer int

EncryptionVer denotes a version for the encryption method. 

const (
	// EncryptionSecretbox is the encryption version that uses
	// nacl/secretbox or nacl/box.
	EncryptionSecretbox EncryptionVer = 1
)

func (EncryptionVer) String 

func (v EncryptionVer) String() string

type InvalidByte32DataError 

type InvalidByte32DataError struct {
	// contains filtered or unexported fields
}

InvalidByte32DataError is returned whenever invalid data for a 32-byte type is detected.

func (InvalidByte32DataError) Error 

func (e InvalidByte32DataError) Error() string

type InvalidKIDError 

type InvalidKIDError struct {
	// contains filtered or unexported fields
}

InvalidKIDError is returned whenever an invalid KID is detected.

func (InvalidKIDError) Error 

func (e InvalidKIDError) Error() string

type InvalidNonceError 

type InvalidNonceError struct {
	Nonce []byte
}

InvalidNonceError indicates that an invalid cryptographic nonce was detected.

func (InvalidNonceError) Error 

func (e InvalidNonceError) Error() string

type SigVer 

type SigVer int

SigVer denotes a signature version.

func (SigVer) IsNil 

func (v SigVer) IsNil() bool

IsNil returns true if this SigVer is nil.

type SignatureInfo 

type SignatureInfo struct {
	// Exported only for serialization purposes.
	Version      SigVer       `codec:"v"`
	Signature    []byte       `codec:"s"`
	VerifyingKey VerifyingKey `codec:"k"`
}

SignatureInfo contains all the info needed to verify a signature for a message.

func (SignatureInfo) DeepCopy 

func (s SignatureInfo) DeepCopy() SignatureInfo

DeepCopy makes a complete copy of this SignatureInfo.

func (SignatureInfo) Equals 

func (s SignatureInfo) Equals(other SignatureInfo) bool

Equals returns true if this SignatureInfo matches the given one.

func (SignatureInfo) IsNil 

func (s SignatureInfo) IsNil() bool

IsNil returns true if this SignatureInfo is nil.

func (SignatureInfo) String 

func (s SignatureInfo) String() string

String implements the fmt.Stringer interface for SignatureInfo.

type Signer 

type Signer interface {
	// Sign signs msg with some internal private key.
	Sign(ctx context.Context, msg []byte) (sigInfo SignatureInfo, err error)
	// SignForKBFS signs msg with some internal private key on behalf of KBFS.
	SignForKBFS(ctx context.Context, msg []byte) (sigInfo SignatureInfo, err error)
	// SignToString signs msg with some internal private key and
	// outputs the full serialized NaclSigInfo.
	SignToString(ctx context.Context, msg []byte) (signature string, err error)
}

A Signer is something that can sign using an internal private key.

type SigningKey 

type SigningKey struct {
	// contains filtered or unexported fields
}

SigningKey is a key pair for signing.

func MakeFakeSigningKeyOrBust 

func MakeFakeSigningKeyOrBust(seed string) SigningKey

MakeFakeSigningKeyOrBust makes a new signing key from fake randomness made from the given seed.

func NewSigningKey 

func NewSigningKey(kp libkb.NaclSigningKeyPair) SigningKey

NewSigningKey returns a SigningKey using the given key pair.

func (SigningKey) GetVerifyingKey 

func (k SigningKey) GetVerifyingKey() VerifyingKey

GetVerifyingKey returns the public key half of this signing key.

func (SigningKey) Sign 

func (k SigningKey) Sign(data []byte) SignatureInfo

Sign signs the given data and returns a SignatureInfo.

func (SigningKey) SignForKBFS 

func (k SigningKey) SignForKBFS(data []byte) (SignatureInfo, error)

SignForKBFS signs the given data with the KBFS prefix and returns a SignatureInfo.

func (SigningKey) SignToString 

func (k SigningKey) SignToString(data []byte) (sig string, err error)

SignToString signs the given data and returns a string.

type SigningKeySigner 

type SigningKeySigner struct {
	Key SigningKey
}

SigningKeySigner is a Signer wrapper around a SigningKey.

func (SigningKeySigner) Sign 

func (s SigningKeySigner) Sign(
	ctx context.Context, data []byte) (SignatureInfo, error)

Sign implements Signer for SigningKeySigner.

func (SigningKeySigner) SignForKBFS 

func (s SigningKeySigner) SignForKBFS(
	ctx context.Context, data []byte) (SignatureInfo, error)

SignForKBFS implements Signer for SigningKeySigner.

func (SigningKeySigner) SignToString 

func (s SigningKeySigner) SignToString(
	ctx context.Context, data []byte) (sig string, err error)

SignToString implements Signer for SigningKeySigner.

type TLFCryptKey 

type TLFCryptKey struct {
	// contains filtered or unexported fields
}

TLFCryptKey (s^{f,0}) is used to encrypt/decrypt the private portion of TLF metadata. It is also used to mask BlockCryptKeys. (See §§ 4.1.1, 4.1.2.)

Copies of TLFCryptKey objects are deep copies.

func DecryptTLFCryptKeys 

func DecryptTLFCryptKeys(
	codec kbfscodec.Codec, encryptedTLFCryptKeys EncryptedTLFCryptKeys, key TLFCryptKey) (
	[]TLFCryptKey, error)

DecryptTLFCryptKeys decrypts a TLFCryptKey array, but does not decode it.

func MakeFakeTLFCryptKeyOrBust 

func MakeFakeTLFCryptKeyOrBust(seed string) TLFCryptKey

MakeFakeTLFCryptKeyOrBust makes a TLF crypt key from the given seed.

func MakeRandomTLFCryptKey 

func MakeRandomTLFCryptKey() (TLFCryptKey, error)

MakeRandomTLFCryptKey returns a random top-level folder crypt key.

func MakeTLFCryptKey 

func MakeTLFCryptKey(data [32]byte) TLFCryptKey

MakeTLFCryptKey returns a TLFCryptKey containing the given data.

func UnmaskTLFCryptKey 

func UnmaskTLFCryptKey(serverHalf TLFCryptKeyServerHalf,
	clientHalf TLFCryptKeyClientHalf) TLFCryptKey

UnmaskTLFCryptKey returns the top-level folder crypt key.

func (TLFCryptKey) Data 

func (c TLFCryptKey) Data() [32]byte

func (TLFCryptKey) MarshalBinary 

func (c TLFCryptKey) MarshalBinary() (data []byte, err error)

func (TLFCryptKey) MarshalText 

func (c TLFCryptKey) MarshalText() ([]byte, error)

func (TLFCryptKey) String 

func (c TLFCryptKey) String() string

func (*TLFCryptKey) UnmarshalBinary 

func (c *TLFCryptKey) UnmarshalBinary(data []byte) error

func (*TLFCryptKey) UnmarshalText 

func (c *TLFCryptKey) UnmarshalText(data []byte) error

type TLFCryptKeyClientHalf 

type TLFCryptKeyClientHalf struct {
	// contains filtered or unexported fields
}

TLFCryptKeyClientHalf (t_u^{f,k,i} for a user u, a folder f, a key generation k, and a device i) is the masked, client-side half of a TLFCryptKey, which can be recovered only with both halves. (See §§ 4.1.1, 6.1.1, 6.3.)

Copies of TLFCryptKeyClientHalf objects are deep copies.

func DecryptTLFCryptKeyClientHalf 

func DecryptTLFCryptKeyClientHalf(
	privateKey CryptPrivateKey, publicKey TLFEphemeralPublicKey,
	encryptedClientHalf EncryptedTLFCryptKeyClientHalf) (
	TLFCryptKeyClientHalf, error)

DecryptTLFCryptKeyClientHalf decrypts a TLFCryptKeyClientHalf using the given device private key and the TLF's ephemeral public key.

func MakeTLFCryptKeyClientHalf 

func MakeTLFCryptKeyClientHalf(data [32]byte) TLFCryptKeyClientHalf

MakeTLFCryptKeyClientHalf returns a TLFCryptKeyClientHalf containing the given data.

func MaskTLFCryptKey 

func MaskTLFCryptKey(serverHalf TLFCryptKeyServerHalf,
	key TLFCryptKey) TLFCryptKeyClientHalf

MaskTLFCryptKey returns the client side of a top-level folder crypt key.

func (TLFCryptKeyClientHalf) Bytes 

func (c TLFCryptKeyClientHalf) Bytes() []byte

func (TLFCryptKeyClientHalf) Data 

func (c TLFCryptKeyClientHalf) Data() [32]byte

func (TLFCryptKeyClientHalf) MarshalBinary 

func (c TLFCryptKeyClientHalf) MarshalBinary() (data []byte, err error)

func (TLFCryptKeyClientHalf) MarshalText 

func (c TLFCryptKeyClientHalf) MarshalText() ([]byte, error)

func (TLFCryptKeyClientHalf) String 

func (c TLFCryptKeyClientHalf) String() string

func (*TLFCryptKeyClientHalf) UnmarshalBinary 

func (c *TLFCryptKeyClientHalf) UnmarshalBinary(data []byte) error

func (*TLFCryptKeyClientHalf) UnmarshalText 

func (c *TLFCryptKeyClientHalf) UnmarshalText(data []byte) error

type TLFCryptKeyServerHalf 

type TLFCryptKeyServerHalf struct {
	// contains filtered or unexported fields
}

TLFCryptKeyServerHalf (s_u^{f,0,i}) is the masked, server-side half of a TLFCryptKey, which can be recovered only with both halves. (See § 4.1.1.)

Copies of TLFCryptKeyServerHalf objects are deep copies.

func MakeRandomTLFCryptKeyServerHalf 

func MakeRandomTLFCryptKeyServerHalf() (
	serverHalf TLFCryptKeyServerHalf, err error)

MakeRandomTLFCryptKeyServerHalf generates the server-side of a top-level folder crypt key.

func MakeTLFCryptKeyServerHalf 

func MakeTLFCryptKeyServerHalf(data [32]byte) TLFCryptKeyServerHalf

MakeTLFCryptKeyServerHalf returns a TLFCryptKeyServerHalf containing the given data.

func (TLFCryptKeyServerHalf) Bytes 

func (c TLFCryptKeyServerHalf) Bytes() []byte

func (TLFCryptKeyServerHalf) Data 

func (c TLFCryptKeyServerHalf) Data() [32]byte

func (TLFCryptKeyServerHalf) MarshalBinary 

func (c TLFCryptKeyServerHalf) MarshalBinary() (data []byte, err error)

func (TLFCryptKeyServerHalf) MarshalText 

func (c TLFCryptKeyServerHalf) MarshalText() ([]byte, error)

func (TLFCryptKeyServerHalf) String 

func (c TLFCryptKeyServerHalf) String() string

func (*TLFCryptKeyServerHalf) UnmarshalBinary 

func (c *TLFCryptKeyServerHalf) UnmarshalBinary(data []byte) error

func (*TLFCryptKeyServerHalf) UnmarshalText 

func (c *TLFCryptKeyServerHalf) UnmarshalText(data []byte) error

type TLFCryptKeyServerHalfID 

type TLFCryptKeyServerHalfID struct {
	ID kbfshash.HMAC // Exported for serialization.
}

TLFCryptKeyServerHalfID is the identifier type for a server-side key half.

func MakeTLFCryptKeyServerHalfID 

func MakeTLFCryptKeyServerHalfID(
	user keybase1.UID, devicePubKey CryptPublicKey,
	serverHalf TLFCryptKeyServerHalf) (
	TLFCryptKeyServerHalfID, error)

MakeTLFCryptKeyServerHalfID creates a unique ID for this particular TLFCryptKeyServerHalf.

func (TLFCryptKeyServerHalfID) String 

func (id TLFCryptKeyServerHalfID) String() string

String implements the Stringer interface for TLFCryptKeyServerHalfID.

type TLFEphemeralPrivateKey 

type TLFEphemeralPrivateKey struct {
	// contains filtered or unexported fields
}

TLFEphemeralPrivateKey (m_e) is used (with a CryptPublicKey) to encrypt TLFCryptKeyClientHalf objects for non-public directories. (See §§ 4.1.1, 6.1.1, 6.3.) It is never stored permanently.

Copies of TLFEphemeralPrivateKey objects are deep copies.

func MakeTLFEphemeralPrivateKey 

func MakeTLFEphemeralPrivateKey(data [32]byte) TLFEphemeralPrivateKey

MakeTLFEphemeralPrivateKey returns a TLFEphemeralPrivateKey containing the given data.

func (TLFEphemeralPrivateKey) Data 

func (c TLFEphemeralPrivateKey) Data() [32]byte

func (TLFEphemeralPrivateKey) MarshalBinary 

func (c TLFEphemeralPrivateKey) MarshalBinary() (data []byte, err error)

func (TLFEphemeralPrivateKey) MarshalText 

func (c TLFEphemeralPrivateKey) MarshalText() ([]byte, error)

func (TLFEphemeralPrivateKey) String 

func (c TLFEphemeralPrivateKey) String() string

func (*TLFEphemeralPrivateKey) UnmarshalBinary 

func (c *TLFEphemeralPrivateKey) UnmarshalBinary(data []byte) error

func (*TLFEphemeralPrivateKey) UnmarshalText 

func (c *TLFEphemeralPrivateKey) UnmarshalText(data []byte) error

type TLFEphemeralPublicKey 

type TLFEphemeralPublicKey struct {
	// contains filtered or unexported fields
}

TLFEphemeralPublicKey (M_e) is used along with a crypt private key to decrypt TLFCryptKeyClientHalf objects for non-public directories. (See §§ 4.1.1, 6.1.1, 6.3.)

Copies of TLFEphemeralPublicKey objects are deep copies.

func MakeTLFEphemeralPublicKey 

func MakeTLFEphemeralPublicKey(data [32]byte) TLFEphemeralPublicKey

MakeTLFEphemeralPublicKey returns a TLFEphemeralPublicKey containing the given data.

func (TLFEphemeralPublicKey) Bytes 

func (c TLFEphemeralPublicKey) Bytes() []byte

func (TLFEphemeralPublicKey) Data 

func (c TLFEphemeralPublicKey) Data() [32]byte

func (TLFEphemeralPublicKey) MarshalBinary 

func (c TLFEphemeralPublicKey) MarshalBinary() (data []byte, err error)

func (TLFEphemeralPublicKey) MarshalText 

func (c TLFEphemeralPublicKey) MarshalText() ([]byte, error)

func (TLFEphemeralPublicKey) String 

func (c TLFEphemeralPublicKey) String() string

func (*TLFEphemeralPublicKey) UnmarshalBinary 

func (c *TLFEphemeralPublicKey) UnmarshalBinary(data []byte) error

func (*TLFEphemeralPublicKey) UnmarshalText 

func (c *TLFEphemeralPublicKey) UnmarshalText(data []byte) error

type TLFEphemeralPublicKeys 

type TLFEphemeralPublicKeys []TLFEphemeralPublicKey

TLFEphemeralPublicKeys stores a list of TLFEphemeralPublicKey

func (TLFEphemeralPublicKeys) Size 

func (k TLFEphemeralPublicKeys) Size() int

Size implements the Measurable interface.

type TLFPrivateKey 

type TLFPrivateKey struct {
	// contains filtered or unexported fields
}

A TLFPrivateKey (m_f) is the private half of the permanent keypair associated with a TLF. (See §§ 4.1.1, 5.3.)

Copies of TLFPrivateKey objects are deep copies.

func MakeTLFPrivateKey 

func MakeTLFPrivateKey(data [32]byte) TLFPrivateKey

MakeTLFPrivateKey returns a TLFPrivateKey containing the given data.

func (TLFPrivateKey) Data 

func (c TLFPrivateKey) Data() [32]byte

func (TLFPrivateKey) MarshalBinary 

func (c TLFPrivateKey) MarshalBinary() (data []byte, err error)

func (TLFPrivateKey) MarshalText 

func (c TLFPrivateKey) MarshalText() ([]byte, error)

func (TLFPrivateKey) String 

func (c TLFPrivateKey) String() string

func (*TLFPrivateKey) UnmarshalBinary 

func (c *TLFPrivateKey) UnmarshalBinary(data []byte) error

func (*TLFPrivateKey) UnmarshalText 

func (c *TLFPrivateKey) UnmarshalText(data []byte) error

type TLFPublicKey 

type TLFPublicKey struct {
	// contains filtered or unexported fields
}

A TLFPublicKey (M_f) is the public half of the permanent keypair associated with a TLF. It is included in the site-wide private-data Merkle tree. (See §§ 4.1.1, 5.3.)

Copies of TLFPublicKey objects are deep copies.

func MakeTLFPublicKey 

func MakeTLFPublicKey(data [32]byte) TLFPublicKey

MakeTLFPublicKey returns a TLFPublicKey containing the given data.

func (TLFPublicKey) Bytes 

func (c TLFPublicKey) Bytes() []byte

func (TLFPublicKey) Data 

func (c TLFPublicKey) Data() [32]byte

func (TLFPublicKey) MarshalBinary 

func (c TLFPublicKey) MarshalBinary() (data []byte, err error)

func (TLFPublicKey) MarshalText 

func (c TLFPublicKey) MarshalText() ([]byte, error)

func (TLFPublicKey) Size 

func (TLFPublicKey) Size() int

Size implements the cache.Measurable interface.

func (TLFPublicKey) String 

func (c TLFPublicKey) String() string

func (*TLFPublicKey) UnmarshalBinary 

func (c *TLFPublicKey) UnmarshalBinary(data []byte) error

func (*TLFPublicKey) UnmarshalText 

func (c *TLFPublicKey) UnmarshalText(data []byte) error

type UnexpectedShortCryptoRandRead 

type UnexpectedShortCryptoRandRead struct {
}

UnexpectedShortCryptoRandRead indicates that fewer bytes were read from crypto.rand.Read() than expected.

func (UnexpectedShortCryptoRandRead) Error 

func (e UnexpectedShortCryptoRandRead) Error() string

Error implements the error interface for UnexpectedShortRandRead.

type UnknownEncryptionVer 

type UnknownEncryptionVer struct {
	Ver EncryptionVer
}

UnknownEncryptionVer indicates that we can't decrypt an encryptedData object because it has an unknown version.

func (UnknownEncryptionVer) Error 

func (e UnknownEncryptionVer) Error() string

type UnknownSigVer 

type UnknownSigVer struct {
	Ver SigVer
}

UnknownSigVer indicates that we can't process a signature because it has an unknown version.

func (UnknownSigVer) Error 

func (e UnknownSigVer) Error() string

Error implements the error interface for UnknownSigVer

type VerifyingKey 

type VerifyingKey struct {
	// contains filtered or unexported fields
}

A VerifyingKey is a public key that can be used to verify a signature created by the corresponding private signing key. In particular, VerifyingKeys are used to authenticate home and public TLFs. (See 4.2, 4.3.)

These are also sometimes known as sibkeys.

Copies of VerifyingKey objects are deep copies.

func MakeFakeVerifyingKeyOrBust 

func MakeFakeVerifyingKeyOrBust(seed string) VerifyingKey

MakeFakeVerifyingKeyOrBust makes a new key suitable for verifying signatures made from the fake signing key made with the same seed.

func MakeVerifyingKey 

func MakeVerifyingKey(kid keybase1.KID) VerifyingKey

MakeVerifyingKey returns a VerifyingKey containing the given KID.

func (VerifyingKey) IsNil 

func (k VerifyingKey) IsNil() bool

IsNil returns true if the VerifyingKey is nil.

func (VerifyingKey) KID 

func (k VerifyingKey) KID() keybase1.KID

func (VerifyingKey) MarshalBinary 

func (k VerifyingKey) MarshalBinary() (data []byte, err error)

func (VerifyingKey) MarshalJSON 

func (k VerifyingKey) MarshalJSON() ([]byte, error)

func (VerifyingKey) String 

func (k VerifyingKey) String() string

func (*VerifyingKey) UnmarshalBinary 

func (k *VerifyingKey) UnmarshalBinary(data []byte) error

func (*VerifyingKey) UnmarshalJSON 

func (k *VerifyingKey) UnmarshalJSON(s []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.