handlers

package
v1.4.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 2, 2021 License: Apache-2.0 Imports: 9 Imported by: 633

Documentation

Overview

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewIssuerPublicKey

func NewIssuerPublicKey(pk IssuerPublicKey) *issuerPublicKey

func NewIssuerSecretKey

func NewIssuerSecretKey(sk IssuerSecretKey, exportable bool) *issuerSecretKey

func NewNymPublicKey

func NewNymPublicKey(pk Ecp) *nymPublicKey

func NewNymSecretKey

func NewNymSecretKey(sk Big, pk Ecp, exportable bool) (*nymSecretKey, error)

func NewRevocationPublicKey

func NewRevocationPublicKey(pubKey *ecdsa.PublicKey) *revocationPublicKey

func NewRevocationSecretKey

func NewRevocationSecretKey(sk *ecdsa.PrivateKey, exportable bool) *revocationSecretKey

func NewUserSecretKey

func NewUserSecretKey(sk Big, exportable bool) *userSecretKey

Types

type Big

type Big interface {
	// Bytes returns the byte representation of this key
	Bytes() ([]byte, error)
}

Big represent a big integer

type CredRequest

type CredRequest interface {
	// Sign creates a new Credential Request, the first message of the interactive credential issuance protocol
	// (from user to issuer)
	Sign(sk Big, ipk IssuerPublicKey, nonce []byte) ([]byte, error)

	// Verify verifies the credential request
	Verify(credRequest []byte, ipk IssuerPublicKey, nonce []byte) error
}

CredRequest is a local interface to decouple from the idemix implementation of the issuance of credential requests.

type Credential

type Credential interface {

	// Sign issues a new credential, which is the last step of the interactive issuance protocol
	// All attribute values are added by the issuer at this step and then signed together with a commitment to
	// the user's secret key from a credential request
	Sign(key IssuerSecretKey, credentialRequest []byte, attributes []bccsp.IdemixAttribute) ([]byte, error)

	// Verify cryptographically verifies the credential by verifying the signature
	// on the attribute values and user's secret key
	Verify(sk Big, ipk IssuerPublicKey, credential []byte, attributes []bccsp.IdemixAttribute) error
}

CredRequest is a local interface to decouple from the idemix implementation of the issuance of credentials.

type CredentialRequestSigner

type CredentialRequestSigner struct {
	// CredRequest implements the underlying cryptographic algorithms
	CredRequest CredRequest
}

CredentialRequestSigner produces credential requests

func (*CredentialRequestSigner) Sign

func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)

type CredentialRequestVerifier

type CredentialRequestVerifier struct {
	// CredRequest implements the underlying cryptographic algorithms
	CredRequest CredRequest
}

CredentialRequestVerifier verifies credential requests

func (*CredentialRequestVerifier) Verify

func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)

type CredentialSigner

type CredentialSigner struct {
	Credential Credential
}

func (*CredentialSigner) Sign

func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)

type CredentialVerifier

type CredentialVerifier struct {
	Credential Credential
}

func (*CredentialVerifier) Verify

func (v *CredentialVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)

type CriSigner

type CriSigner struct {
	Revocation Revocation
}

func (*CriSigner) Sign

func (s *CriSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)

type CriVerifier

type CriVerifier struct {
	Revocation Revocation
}

func (*CriVerifier) Verify

func (v *CriVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)

type Ecp

type Ecp interface {
	// Bytes returns the byte representation of this key
	Bytes() ([]byte, error)
}

Ecp represents an elliptic curve point

type Issuer

type Issuer interface {
	// NewKey generates a new idemix issuer key w.r.t the passed attribute names.
	NewKey(AttributeNames []string) (IssuerSecretKey, error)

	// NewPublicKeyFromBytes converts the passed bytes to an Issuer public key
	// It makes sure that the so obtained public key has the passed attributes, if specified
	NewPublicKeyFromBytes(raw []byte, attributes []string) (IssuerPublicKey, error)
}

Issuer is a local interface to decouple from the idemix implementation

type IssuerKeyGen

type IssuerKeyGen struct {
	// exportable is a flag to allow an issuer secret key to be marked as exportable.
	// If a secret key is marked as exportable, its Bytes method will return the key's byte representation.
	Exportable bool
	// Issuer implements the underlying cryptographic algorithms
	Issuer Issuer
}

IssuerKeyGen generates issuer secret keys.

func (*IssuerKeyGen) KeyGen

func (g *IssuerKeyGen) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)

type IssuerPublicKey

type IssuerPublicKey interface {

	// Bytes returns the byte representation of this key
	Bytes() ([]byte, error)

	// Hash returns the hash representation of this key.
	// The output is supposed to be collision-resistant
	Hash() []byte
}

IssuerPublicKey is the issuer public key

type IssuerPublicKeyImporter

type IssuerPublicKeyImporter struct {
	// Issuer implements the underlying cryptographic algorithms
	Issuer Issuer
}

IssuerPublicKeyImporter imports issuer public keys

func (*IssuerPublicKeyImporter) KeyImport

func (i *IssuerPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)

type IssuerSecretKey

type IssuerSecretKey interface {

	// Bytes returns the byte representation of this key
	Bytes() ([]byte, error)

	// Public returns the corresponding public key
	Public() IssuerPublicKey
}

IssuerPublicKey is the issuer secret key

type NymKeyDerivation

type NymKeyDerivation struct {
	// Exportable is a flag to allow an issuer secret key to be marked as Exportable.
	// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
	Exportable bool
	// User implements the underlying cryptographic algorithms
	User User
}

NymKeyDerivation derives nyms

func (*NymKeyDerivation) KeyDeriv

func (kd *NymKeyDerivation) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)

type NymPublicKeyImporter

type NymPublicKeyImporter struct {
	// User implements the underlying cryptographic algorithms
	User User
}

NymPublicKeyImporter imports nym public keys

func (*NymPublicKeyImporter) KeyImport

func (i *NymPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)

type NymSignatureScheme

type NymSignatureScheme interface {
	// Sign creates a new idemix pseudonym signature
	Sign(sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, digest []byte) ([]byte, error)

	// Verify verifies an idemix NymSignature
	Verify(pk IssuerPublicKey, Nym Ecp, signature, digest []byte) error
}

NymSignatureScheme is a local interface to decouple from the idemix implementation the nym sign-related operations

type NymSigner

type NymSigner struct {
	NymSignatureScheme NymSignatureScheme
}

func (*NymSigner) Sign

func (s *NymSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)

type NymVerifier

type NymVerifier struct {
	NymSignatureScheme NymSignatureScheme
}

func (*NymVerifier) Verify

func (v *NymVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)

type Revocation

type Revocation interface {

	// NewKey generates a long term signing key that will be used for revocation
	NewKey() (*ecdsa.PrivateKey, error)

	// Sign creates the Credential Revocation Information for a certain time period (epoch).
	// Users can use the CRI to prove that they are not revoked.
	// Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used,
	// and the resulting CRI can be used by any signer.
	Sign(key *ecdsa.PrivateKey, unrevokedHandles [][]byte, epoch int, alg bccsp.RevocationAlgorithm) ([]byte, error)

	// Verify verifies that the revocation PK for a certain epoch is valid,
	// by checking that it was signed with the long term revocation key.
	// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need
	// to verify the signature to make sure the issuer indeed signed that no revocation
	// is used in this epoch.
	Verify(pk *ecdsa.PublicKey, cri []byte, epoch int, alg bccsp.RevocationAlgorithm) error
}

Revocation is a local interface to decouple from the idemix implementation the revocation-related operations

type RevocationKeyGen

type RevocationKeyGen struct {
	// exportable is a flag to allow an revocation secret key to be marked as exportable.
	// If a secret key is marked as exportable, its Bytes method will return the key's byte representation.
	Exportable bool
	// Revocation implements the underlying cryptographic algorithms
	Revocation Revocation
}

RevocationKeyGen generates revocation secret keys.

func (*RevocationKeyGen) KeyGen

func (g *RevocationKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)

type RevocationPublicKeyImporter

type RevocationPublicKeyImporter struct {
}

RevocationPublicKeyImporter imports revocation public keys

func (*RevocationPublicKeyImporter) KeyImport

func (i *RevocationPublicKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)

type SignatureScheme

type SignatureScheme interface {
	// Sign creates a new idemix signature (Schnorr-type signature).
	// The attributes slice steers which attributes are disclosed:
	// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise it is disclosed.
	// We require the revocation handle to remain undisclosed (i.e., attributes[rhIndex] == bccsp.IdemixHiddenAttribute).
	// Parameters are to be understood as follow:
	// cred: the serialized version of an idemix credential;
	// sk: the user secret key;
	// (Nym, RNym): Nym key-pair;
	// ipk: issuer public key;
	// attributes: as described above;
	// msg: the message to be signed;
	// rhIndex: revocation handle index relative to attributes;
	// cri: the serialized version of the Credential Revocation Information (it contains the epoch this signature
	// is created in reference to).
	Sign(cred []byte, sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, attributes []bccsp.IdemixAttribute,
		msg []byte, rhIndex int, cri []byte) ([]byte, error)

	// Verify verifies an idemix signature.
	// The attribute slice steers which attributes it expects to be disclosed
	// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise
	// attributes[i].Value is expected to contain the disclosed attribute value.
	// In other words, this function will check that if attribute i is disclosed, the i-th attribute equals attributes[i].Value.
	// Parameters are to be understood as follow:
	// ipk: issuer public key;
	// signature: signature to verify;
	// msg: message signed;
	// attributes: as described above;
	// rhIndex: revocation handle index relative to attributes;
	// revocationPublicKey: revocation public key;
	// epoch: revocation epoch.
	Verify(ipk IssuerPublicKey, signature, msg []byte, attributes []bccsp.IdemixAttribute, rhIndex int, revocationPublicKey *ecdsa.PublicKey, epoch int) error
}

SignatureScheme is a local interface to decouple from the idemix implementation the sign-related operations

type Signer

type Signer struct {
	SignatureScheme SignatureScheme
}

func (*Signer) Sign

func (s *Signer) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error)

type User

type User interface {
	// NewKey generates a new User secret key
	NewKey() (Big, error)

	// NewKeyFromBytes converts the passed bytes to a User secret key
	NewKeyFromBytes(raw []byte) (Big, error)

	// MakeNym creates a new unlinkable pseudonym
	MakeNym(sk Big, key IssuerPublicKey) (Ecp, Big, error)

	// NewPublicNymFromBytes converts the passed bytes to a public nym
	NewPublicNymFromBytes(raw []byte) (Ecp, error)
}

User is a local interface to decouple from the idemix implementation

type UserKeyGen

type UserKeyGen struct {
	// Exportable is a flag to allow an issuer secret key to be marked as Exportable.
	// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
	Exportable bool
	// User implements the underlying cryptographic algorithms
	User User
}

func (*UserKeyGen) KeyGen

func (g *UserKeyGen) KeyGen(opts bccsp.KeyGenOpts) (bccsp.Key, error)

type UserKeyImporter

type UserKeyImporter struct {
	// Exportable is a flag to allow a secret key to be marked as Exportable.
	// If a secret key is marked as Exportable, its Bytes method will return the key's byte representation.
	Exportable bool
	// User implements the underlying cryptographic algorithms
	User User
}

UserKeyImporter import user keys

func (*UserKeyImporter) KeyImport

func (i *UserKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)

type Verifier

type Verifier struct {
	SignatureScheme SignatureScheme
}

func (*Verifier) Verify

func (v *Verifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error)

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL