authenticator

package
v0.0.0-...-2a45ea8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateTestnetKeys 

func GenerateTestnetKeys(w io.Writer, opts *TestnetKeyOpts) error

GenerateTestnetKeys creates a keystore configuration corresponding to simpleKeyStoreFile struct. YAML representation of keystore configuration will be written to the supplied Writer interface

Types

type AuthenticationScheme 

type AuthenticationScheme interface {
	GenerateAuthenticationTag(m []byte, privKey interface{}) ([]byte, error)
	VerifyAuthenticationTag(m []byte, sig []byte, pubKey interface{}) error
}

AuthenticationScheme defines an interface to create/verify authentication tags of any arbitrary messages

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator defines the basic properties of an authenticator

func New 

func New(roles []api.AuthenticationRole, id uint32, keystoreFileReader io.Reader) (*Authenticator, error)

New returns initialized authenticator

func NewWithSGXUSIG 

func NewWithSGXUSIG(roles []api.AuthenticationRole, id uint32, keystoreFileReader io.Reader, enclaveFile string) (*Authenticator, error)

NewWithSGXUSIG initialized replica authenticator with support of USIGAuthen role by using an instance of SGX USIG

func NewWithUSIG 

func NewWithUSIG(roles []api.AuthenticationRole, id uint32, ks BftKeyStorer, usig usig.USIG) (*Authenticator, error)

NewWithUSIG initializes authenticator with support of USIGAuthen role

func (*Authenticator) GenerateMessageAuthenTag 

func (a *Authenticator) GenerateMessageAuthenTag(role api.AuthenticationRole, msg []byte) ([]byte, error)

GenerateMessageAuthenTag generates message authentication tag to be verified by other nodes with VerifyAuthenticationTag

func (*Authenticator) VerifyMessageAuthenTag 

func (a *Authenticator) VerifyMessageAuthenTag(role api.AuthenticationRole, id uint32, msg []byte, authenTag []byte) error

VerifyMessageAuthenTag verifies a message authentication tag produced with GenerateMessageAuthenTag on the specified replica/client node

type BftKeyStorer 

type BftKeyStorer interface {
	KeySpec(role api.AuthenticationRole) string
	PrivateKey(role api.AuthenticationRole) interface{}
	PublicKey(role api.AuthenticationRole) interface{}

	NodePublicKey(role api.AuthenticationRole, id uint32) (interface{}, error)
	NodeRoles() []api.AuthenticationRole
	NodeKeySpec(role api.AuthenticationRole) string
}

BftKeyStorer manages the keys for node communication

type EcdsaNIST256pSigCipher 

type EcdsaNIST256pSigCipher struct{}

EcdsaNIST256pSigCipher implements the SignatureCipher interface with signature scheme EcdsaNIST256p

type EcdsaSigCipher 

type EcdsaSigCipher EcdsaNIST256pSigCipher

EcdsaSigCipher is alias to EcdsaNIST256pSigCipher

func (*EcdsaSigCipher) Sign 

func (c *EcdsaSigCipher) Sign(md []byte, privKey interface{}) ([]byte, error)

Sign returns an ECDSA signature that is encoded as ASN.1 der format

func (*EcdsaSigCipher) Verify 

func (c *EcdsaSigCipher) Verify(md, sig []byte, pubKey interface{}) bool

Verify verifies a ECDSA signature that is encoded as ASN.1 der format

type PublicAuthenScheme 

type PublicAuthenScheme struct {
	HashScheme crypto.Hash
	SigCipher  SignatureCipher
}

PublicAuthenScheme specifies the adopted public authentication scheme. It defines a hash scheme and a signature scheme to create/verify authentication tags of any arbitrary messages

func (*PublicAuthenScheme) GenerateAuthenticationTag 

func (a *PublicAuthenScheme) GenerateAuthenticationTag(m []byte, privKey interface{}) ([]byte, error)

GenerateAuthenticationTag returns the signature on the message as the authentication tag. The digest of the message is first computed with specified hash scheme before signing

func (*PublicAuthenScheme) VerifyAuthenticationTag 

func (a *PublicAuthenScheme) VerifyAuthenticationTag(m []byte, sig []byte, pubKey interface{}) error

VerifyAuthenticationTag returns true if the verification is successful on the signature of the message.

type SGXUSIGAuthenticationScheme 

type SGXUSIGAuthenticationScheme struct {
	// contains filtered or unexported fields
}

SGXUSIGAuthenticationScheme impelements AuthenticationScheme interface by utilizing SGX USIG to create/verify authentication tags.

func NewSGXUSIGAuthenticationScheme 

func NewSGXUSIGAuthenticationScheme(usig *sgxusig.USIG) *SGXUSIGAuthenticationScheme

NewSGXUSIGAuthenticationScheme creates a new instance of SGX USIG authentication scheme.

func (*SGXUSIGAuthenticationScheme) GenerateAuthenticationTag 

func (au *SGXUSIGAuthenticationScheme) GenerateAuthenticationTag(m []byte, privKey interface{}) ([]byte, error)

GenerateAuthenticationTag creates a new authentication for the message. Marshaled USIG UI represents an authentication tag. Supplied private key is ignored.

func (*SGXUSIGAuthenticationScheme) VerifyAuthenticationTag 

func (au *SGXUSIGAuthenticationScheme) VerifyAuthenticationTag(m []byte, sig []byte, pubKey interface{}) error

VerifyAuthenticationTag verifies the supplied authentication tag. Marshaled USIG UI represents an authentication tag.

type SignatureCipher 

type SignatureCipher interface {
	// Sign creates signature over the message digest
	Sign(md []byte, privKey interface{}) ([]byte, error)
	// Verify verifies the signature over the message digest
	Verify(md, sig []byte, pubKey interface{}) bool
}

SignatureCipher defines the interface of signature operations used by public cryptographic ciphers

type SimpleKeyStore 

type SimpleKeyStore struct {
	// contains filtered or unexported fields
}

SimpleKeyStore implements BftKeyStorer with simple maps

func LoadSimpleKeyStore 

func LoadSimpleKeyStore(keystoreFileReader io.Reader, roles []api.AuthenticationRole, id uint32) (*SimpleKeyStore, error)

LoadSimpleKeyStore parses the key file and load the keyStore. It locates its filtering the config according to the role (replica/client) and the node id.

func (*SimpleKeyStore) KeySpec 

func (ks *SimpleKeyStore) KeySpec(role api.AuthenticationRole) string

KeySpec returns the keyspec of the owner

func (*SimpleKeyStore) NodeKeySpec 

func (ks *SimpleKeyStore) NodeKeySpec(role api.AuthenticationRole) string

NodeKeySpec return the keyspec the specified role

func (*SimpleKeyStore) NodePublicKey 

func (ks *SimpleKeyStore) NodePublicKey(role api.AuthenticationRole, id uint32) (interface{}, error)

NodePublicKey returns the public key of a node given his role and id

func (*SimpleKeyStore) NodeRoles 

func (ks *SimpleKeyStore) NodeRoles() []api.AuthenticationRole

NodeRoles returns a slice of all node roles present in the key store

func (*SimpleKeyStore) PrivateKey 

func (ks *SimpleKeyStore) PrivateKey(role api.AuthenticationRole) interface{}

PrivateKey returns the private key of the node

func (*SimpleKeyStore) PublicKey 

func (ks *SimpleKeyStore) PublicKey(role api.AuthenticationRole) interface{}

PublicKey returns the public key of the node

type TestnetKeyOpts 

type TestnetKeyOpts struct {
	NumberReplicas  int
	ReplicaKeySpec  string
	ReplicaSecParam int

	NumberClients  int
	ClientKeySpec  string
	ClientSecParam int

	UsigEnclaveFile string
}

TestnetKeyOpts options to supply to GenerateTestnetKeys()

Source Files

View all Source files

Directories

Path Synopsis
cmd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.