crypto

package
v0.0.0-...-bd4e2c0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 19, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package crypto provides an implementation of the Crypto module. It supports RSA and ECDSA signatures.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// DefaultPseudoSeed is an arbitrary number that the nodes can use as a seed when instantiating its Crypto module.
	// This is not secure, but helps during testing, as it obviates the exchange of public keys among nodes.
	DefaultPseudoSeed int64 = 12345
)

Functions

func GenerateKeyPair 

func GenerateKeyPair(randomness io.Reader) (priv []byte, pub []byte, err error)

GenerateKeyPair generates a pair of ECDSA keys that can be used for signing and verifying. The randomness parameter should be backed by a high-quality source of entropy such as crypto/rand.Reader. The priv key can be used for creation of a new instance of the crypto module (New function) and the pub key can be passed to Crypto.RegisterNodeKey.

func PrivKeyFromFile 

func PrivKeyFromFile(file string) ([]byte, error)

PrivKeyFromFile extracts a private key from a PEM key file. Returns a serialized form of the private key. The output of this function can be passed to New when creating an instance of the Crypto module.

func PubKeyFromFile 

func PubKeyFromFile(fileName string) ([]byte, error)

PubKeyFromFile extracts a public key from a PEM certificate file. Returns a serialized form of the public key that can be used directly with Crypto.RegisterNodeKey or Crypto.RegisterClientKey.

func SerializePrivKey 

func SerializePrivKey(privKey interface{}) (privKeyBytes []byte, err error)

SerializePrivKey serializes a private key into a byte slice. The output of this function can be passed to New when creating an instance of the Crypto module. Currently, pointers to crypto/ecdsa.PrivateKey and crypto/rsa.PrivateKey are supported types of pubKey.

func SerializePubKey 

func SerializePubKey(pubKey interface{}) (pubKeyBytes []byte, err error)

SerializePubKey serializes a public key into a byte slice. The output of this function can be used with Crypto.RegisterClientKey and Crypto.RegisterNodeKey. Currently, pointers to crypto/ecdsa.PublicKey and crypto/rsa.PublicKey are supported types of pubKey.

Types

type Crypto 

type Crypto struct {
	// contains filtered or unexported fields
}

Crypto represents an instance of the Crypto module that can be used at Node instantiation (when calling mirbft.NewNode)

func ClientPseudo 

func ClientPseudo(nodes []t.NodeID, clients []t.ClientID, ownID t.ClientID, seed int64) (*Crypto, error)

ClientPseudo behaves the same as NodePseudo, except that it returns a crypto module intended for use by the client. The returned crypto module will use the private key associated with client ownID for signing.

func New 

func New(privKey []byte) (*Crypto, error)

New returns a new initialized instance of the Crypto module. privKey is the serialized representation of the private key that will be used for signing. privKey must be the output of SerializePrivKey or GenerateKeyPair.

func NodePseudo 

func NodePseudo(nodes []t.NodeID, clients []t.ClientID, ownID t.NodeID, seed int64) (*Crypto, error)

NodePseudo returns a Crypto module to be used by a Node, generating new keys in a pseudo-random manner. It is initialized and populated deterministically, based on a given configuration and a random seed. NodePseudo is not secure. Intended for testing purposes and assuming a static membership known to all nodes, NodePseudo can be invoked by each Node independently (specifying the same seed, e.g. DefaultPseudoSeed) and generates the same set of keys for the whole system at each node, obviating the exchange of public keys.

func (*Crypto) DeleteClientKey 

func (c *Crypto) DeleteClientKey(clientID t.ClientID)

DeleteClientKey removes the public key associated with clientID from the state. Any subsequent call to VerifyClientSig(..., clientID) will fail.

func (*Crypto) DeleteNodeKey 

func (c *Crypto) DeleteNodeKey(nodeID t.NodeID)

DeleteNodeKey removes the public key associated with nodeID from the internal state. Any subsequent call to VerifyNodeSig(..., nodeID) will fail.

func (*Crypto) RegisterClientKey 

func (c *Crypto) RegisterClientKey(pubKey []byte, clientID t.ClientID) error

RegisterClientKey associates a public key with a numeric client ID. pubKey must be the output of SerializePubKey. Calls to VerifyClientSig will fail until RegisterClientKey is successfully called with the corresponding client ID. Returns nil on success, a non-nil error on failure.

func (*Crypto) RegisterNodeKey 

func (c *Crypto) RegisterNodeKey(pubKey []byte, nodeID t.NodeID) error

RegisterNodeKey associates a public key with a numeric node ID. pubKey must be the output of SerializePubKey. Calls to VerifyNodeSig will fail until RegisterNodeKey is successfully called with the corresponding node ID. Returns nil on success, a non-nil error on failure.

func (*Crypto) Sign 

func (c *Crypto) Sign(data [][]byte) ([]byte, error)

Sign signs the provided data and returns the resulting signature. First, Sign computes a SHA256 hash of the concatenation of all the byte slices in data. Then it signs the hash using the private key specified at creation of this Crypto object.

func (*Crypto) VerifyClientSig 

func (c *Crypto) VerifyClientSig(data [][]byte, signature []byte, clientID t.ClientID) error

VerifyClientSig verifies a signature produced by the client with numeric ID clientID over data. First, VerifyNodeSig computes a SHA256 hash of the concatenation of all the byte slices in data. Then it verifies the signature over this hash using the public key registered under clientID. Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise. Note that RegisterClientKey must be used to register the client's public key before calling VerifyClientSig, otherwise VerifyClientSig will fail.

func (*Crypto) VerifyNodeSig 

func (c *Crypto) VerifyNodeSig(data [][]byte, signature []byte, nodeID t.NodeID) error

VerifyNodeSig verifies a signature produced by the node with numeric ID nodeID over data. First, VerifyNodeSig computes a SHA256 hash of the concatenation of all the byte slices in data. Then it verifies the signature over this hash using the public key registered under nodeID. Returns nil on success (i.e., if the given signature is valid) and a non-nil error otherwise. Note that RegisterNodeKey must be used to register the node's public key before calling VerifyNodeSig, otherwise VerifyNodeSig will fail.

type DummyCrypto 

type DummyCrypto struct {

	// The only accepted signature
	DummySig []byte
}

DummyCrypto represents a dummy Crypto module that always produces the same dummy byte slice specified at instantiation as signature. Verification of this dummy signature always succeeds. This is intended as a stub for testing purposes.

func (*DummyCrypto) DeleteClientKey 

func (dc *DummyCrypto) DeleteClientKey(clientID t.ClientID)

DeleteClientKey does nothing, as no public keys are used.

func (*DummyCrypto) DeleteNodeKey 

func (dc *DummyCrypto) DeleteNodeKey(nodeID t.NodeID)

DeleteNodeKey does nothing, as no public keys are used.

func (*DummyCrypto) RegisterClientKey 

func (dc *DummyCrypto) RegisterClientKey(pubKey []byte, clientID t.ClientID) error

RegisterClientKey does nothing, as no public keys are used.

func (*DummyCrypto) RegisterNodeKey 

func (dc *DummyCrypto) RegisterNodeKey(pubKey []byte, nodeID t.NodeID) error

RegisterNodeKey does nothing, as no public keys are used.

func (*DummyCrypto) Sign 

func (dc *DummyCrypto) Sign(data [][]byte) ([]byte, error)

Sign always returns the dummy signature DummySig, regardless of the data.

func (*DummyCrypto) VerifyClientSig 

func (dc *DummyCrypto) VerifyClientSig(data [][]byte, signature []byte, clientID t.ClientID) error

VerifyClientSig returns nil (i.e. success) only if signature equals DummySig. Both data and nodeID are ignored.

func (*DummyCrypto) VerifyNodeSig 

func (dc *DummyCrypto) VerifyNodeSig(data [][]byte, signature []byte, nodeID t.NodeID) error

VerifyNodeSig returns nil (i.e. success) only if signature equals DummySig. Both data and nodeID are ignored.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.