Documentation ¶
Overview ¶
Copyright (C) 2020, ISARA Corporation
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
<a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a>
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Package iqrcrypto privides Quantum-Safe algorithms and certificates using ISARA's Quantum Resistant Toolkit.
Index ¶
- Constants
- Variables
- func CheckAltReqSignature(c *x509.CertificateRequest) error
- func CheckAltSignature(c *x509.Certificate, signed, signature []byte) error
- func CheckAltSignatureFrom(c *x509.Certificate, parent *x509.Certificate) error
- func CheckQSSignatureFrom(c *x509.Certificate, parent *x509.Certificate) error
- func CreateHybridCertificateRequest(rand io.Reader, template *x509.CertificateRequest, priv interface{}, ...) (csr []byte, err error)
- func CreateQSCertificateRequest(rand io.Reader, template *x509.CertificateRequest, priv interface{}) (csr []byte, err error)
- func ExtendCertificateReqAlt(csrDER []byte, classicPriv interface{}, qsPriv QSPrivateKey) (csrqs []byte, err error)
- func IqrCreateContext(ctx **IqrContext) error
- func IqrDestroyContext(ctx **IqrContext) error
- func IqrDilithiumCreateKeyPair(params *IqrDilithiumParams, rng *IqrRNG, pub **IqrDilithiumPublicKey, ...) error
- func IqrDilithiumCreateParams(ctx *IqrContext, variant *IqrDilithiumVariant, params **IqrDilithiumParams) error
- func IqrDilithiumDestroyParams(params **IqrDilithiumParams) error
- func IqrDilithiumDestroyPrivateKey(privateKey **IqrDilithiumPrivateKey) error
- func IqrDilithiumDestroyPublicKey(publicKey **IqrDilithiumPublicKey) error
- func IqrDilithiumExportPrivateKey(privKey *IqrDilithiumPrivateKey, buf []byte, size int64) error
- func IqrDilithiumExportPrivateKeyPKCS8(key *DilithiumPrivateKey) (der []byte, err error)
- func IqrDilithiumExportPublicKey(pubKey *IqrDilithiumPublicKey, buf []byte, size int64) error
- func IqrDilithiumGetPrivateKeySize(params *IqrDilithiumParams, privateKeySize *int64) error
- func IqrDilithiumGetPublicKeySize(params *IqrDilithiumParams, publicKeySize *int64) error
- func IqrDilithiumGetSignatureSize(params *IqrDilithiumParams, sigSize *int64) error
- func IqrDilithiumImportPrivateKey(params *IqrDilithiumParams, buf []byte, size int64, ...) error
- func IqrDilithiumImportPrivateKeyFromPKCS8(ctx *IqrContext, der []byte, size int64, privateKey **IqrDilithiumPrivateKey, ...) error
- func IqrDilithiumImportPublicKey(params *IqrDilithiumParams, buf []byte, size int64, ...) error
- func IqrDilithiumImportPublicKeyFromASN1(ctx *IqrContext, der []byte, size int64, publicKey **IqrDilithiumPublicKey, ...) error
- func IqrDilithiumSign(privKey *IqrDilithiumPrivateKey, message []byte, messageSize int64, sig []byte, ...) error
- func IqrDilithiumVerify(pubKey *IqrDilithiumPublicKey, message []byte, messageSize int64, sig []byte, ...) error
- func IqrError(ret IqrRetval) error
- func IqrHSSCreateParamsFromSignature(ctx *IqrContext, sig []byte, sigSize int64, params **IqrHSSParams) error
- func IqrHSSDestroyParams(params **IqrHSSParams) error
- func IqrHSSDestroyPublicKey(publicKey **IqrHSSPublicKey) error
- func IqrHSSExportPublicKey(pubKey *IqrHSSPublicKey, buf []byte, size int64) error
- func IqrHSSGetPublicKeySize(params *IqrHSSParams, publicKeySize *int64) error
- func IqrHSSImportPublicKey(params *IqrHSSParams, buf []byte, size int64, publicKey **IqrHSSPublicKey) error
- func IqrHSSImportPublicKeyFromASN1(ctx *IqrContext, der []byte, size int64, publicKey **IqrHSSPublicKey, ...) error
- func IqrHSSVerify(pubKey *IqrHSSPublicKey, message []byte, messageSize int64, sig []byte, ...) error
- func IqrHashRegisterCallbacks(ctx *IqrContext, hashAlgoType int, cb C.iqr_HashCallbacks) error
- func IqrInitRNG(ctx **IqrContext, rng **IqrRNG, rand io.Reader) error
- func IqrRNGCreateHMACDRBG(ctx *IqrContext, hashAlgoType int, rng **IqrRNG) error
- func IqrRNGDestroy(rng **IqrRNG) error
- func IqrRNGInitialize(rng **IqrRNG, seed []byte) error
- func IqrStrError(ret IqrRetval) string
- func IqrToolkitLinked() bool
- type DilithiumPrivateKey
- type IqrContext
- type IqrDilithiumParams
- type IqrDilithiumPrivateKey
- type IqrDilithiumPublicKey
- type IqrDilithiumVariant
- type IqrHSSParams
- type IqrHSSPublicKey
- type IqrRNG
- type IqrRetval
- type QSPrivateKey
- type SignatureAlgorithmQS
Constants ¶
const IQR_OK = C.IQR_OK
IQR_OK function completed successfully.
Variables ¶
var ( OidDilithium_III_SHAKE_r2 = asn1.RawValue{ Class: 0, Tag: 6, IsCompound: false, Bytes: []byte{4, 0, 127, 0, 15, 6, 9, 1}, FullBytes: []byte{6, 8, 4, 0, 127, 0, 15, 6, 9, 1}, } OidDilithium_IV_SHAKE_r2 = asn1.RawValue{ Class: 0, Tag: 6, IsCompound: false, Bytes: []byte{4, 0, 127, 0, 15, 6, 9, 2}, FullBytes: []byte{6, 8, 4, 0, 127, 0, 15, 6, 9, 2}, } )
var IQR_HASHALGO_SHA2_256 = 2
IQR_HASHALGO_SHA2_256 SHA2-256 algorithm type identifier.
var IQR_HASHALGO_SHA2_384 = 3
IQR_HASHALGO_SHA2_384 SHA2-384 algorithm type identifier.
var IQR_HASHALGO_SHA2_512 = 4
IQR_HASHALGO_SHA2_512 SHA2-512 algorithm type identifier.
var IQR_HASHALGO_SHA3_256 = 5
IQR_HASHALGO_SHA3_256 SHA3-256 algorithm type identifier.
var IQR_HASHALGO_SHA3_512 = 6
IQR_HASHALGO_SHA3_512 SHA3-512 algorithm type identifier.
var IQR_HASH_DEFAULT_SHA2_256 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA2_256
IQR_HASH_DEFAULT_SHA2_256 Internal SHA2-256 implementation.
var IQR_HASH_DEFAULT_SHA2_384 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA2_384
IQR_HASH_DEFAULT_SHA2_384 Internal SHA2-384 implementation.
var IQR_HASH_DEFAULT_SHA2_512 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA2_512
IQR_HASH_DEFAULT_SHA2_512 Internal SHA2-512 implementation.
var IQR_HASH_DEFAULT_SHA3_256 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA3_256
IQR_HASH_DEFAULT_SHA3_256 Internal SHA3-256 implementation.
var IQR_HASH_DEFAULT_SHA3_512 C.iqr_HashCallbacks = C.IQR_HASH_DEFAULT_SHA3_512
IQR_HASH_DEFAULT_SHA3_512 Internal SHA3-512 implementation.
var IqrDILITHIUM128 = &C.IQR_DILITHIUM_128
IqrDILITHIUM128 128 bit quantum security (138 bit classical security) variant.
var IqrDILITHIUM160 = &C.IQR_DILITHIUM_160
IqrDILITHIUM160 160 bit quantum security (176 bit classical security) variant.
var ( // OidDilithiumSignatureScheme Dilithium-Signature-Scheme OidDilithiumSignatureScheme = asn1.ObjectIdentifier{0, 4, 0, 127, 0, 15, 1, 1, 9, 0} )
var ( // OidHSSSignatureScheme Hierarchical-Signature-Scheme OidHSSSignatureScheme = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 3, 17} )
Functions ¶
func CheckAltReqSignature ¶
func CheckAltReqSignature(c *x509.CertificateRequest) error
CheckAltReqSignature check that hybrid CSR has a valid alternative signature. Currently only support Dilithium key
func CheckAltSignature ¶
func CheckAltSignature(c *x509.Certificate, signed, signature []byte) error
CheckAltSignature verifies that the alternative signature is a valid signature over signed from c's alternative public key. It is assumed that the certificate has been verified by x509.Certificate.CheckSignature.
func CheckAltSignatureFrom ¶
func CheckAltSignatureFrom(c *x509.Certificate, parent *x509.Certificate) error
CheckAltSignatureFrom verifies that the alternative signature of the given certificate is valid from parent. It is assumed that the certificate has been verified by the conventional signature.
func CheckQSSignatureFrom ¶
func CheckQSSignatureFrom(c *x509.Certificate, parent *x509.Certificate) error
CheckQSSignatureFrom verifies that the Quantum-Safe (Dilithium or HSS) signature of the given certificate is valid from parent.
func CreateHybridCertificateRequest ¶
func CreateHybridCertificateRequest(rand io.Reader, template *x509.CertificateRequest, priv interface{}, qspriv QSPrivateKey) (csr []byte, err error)
CreateHybridCertificateRequest creates a new hybrid certificate request based on a classic one.
The returned slice is a hybrid certificate request in ASN.1 encoding.
func CreateQSCertificateRequest ¶
func CreateQSCertificateRequest(rand io.Reader, template *x509.CertificateRequest, priv interface{}) (csr []byte, err error)
CreateQSCertificateRequest creates a new certificate request based on a template. It is similar to x509.CreateCertificateRequest except it also support Dilithium key. It does not create classic and quantum-safe hybird certificate request. To do that, use the CreateHybridCertificateRequest function.
The returned slice is the certificate request in ASN.1 encoding.
func ExtendCertificateReqAlt ¶
func ExtendCertificateReqAlt(csrDER []byte, classicPriv interface{}, qsPriv QSPrivateKey) (csrqs []byte, err error)
ExtendCertificateReqAlt Extend a CSR to add a Quantum-Safe algorithm to the Alt extensions.
func IqrCreateContext ¶
func IqrCreateContext(ctx **IqrContext) error
IqrCreateContext creates and initializes a Context object.
func IqrDestroyContext ¶
func IqrDestroyContext(ctx **IqrContext) error
IqrDestroyContext destroys a context object.
func IqrDilithiumCreateKeyPair ¶
func IqrDilithiumCreateKeyPair(params *IqrDilithiumParams, rng *IqrRNG, pub **IqrDilithiumPublicKey, priv **IqrDilithiumPrivateKey) error
IqrDilithiumCreateKeyPair Golang wrapper for iqr_DilithiumCreateKeyPair
func IqrDilithiumCreateParams ¶
func IqrDilithiumCreateParams(ctx *IqrContext, variant *IqrDilithiumVariant, params **IqrDilithiumParams) error
IqrDilithiumCreateParams creates Dilithium's domain parameters.
func IqrDilithiumDestroyParams ¶
func IqrDilithiumDestroyParams(params **IqrDilithiumParams) error
IqrDilithiumDestroyParams destroys Dilithium's domain parameters.
func IqrDilithiumDestroyPrivateKey ¶
func IqrDilithiumDestroyPrivateKey(privateKey **IqrDilithiumPrivateKey) error
IqrDilithiumDestroyPrivateKey destroys a Dilithium private key.
func IqrDilithiumDestroyPublicKey ¶
func IqrDilithiumDestroyPublicKey(publicKey **IqrDilithiumPublicKey) error
IqrDilithiumDestroyPublicKey destroys a Dilithium public key.
func IqrDilithiumExportPrivateKey ¶
func IqrDilithiumExportPrivateKey(privKey *IqrDilithiumPrivateKey, buf []byte, size int64) error
IqrDilithiumExportPrivateKey exports a Dilithium private key.
func IqrDilithiumExportPrivateKeyPKCS8 ¶
func IqrDilithiumExportPrivateKeyPKCS8(key *DilithiumPrivateKey) (der []byte, err error)
IqrDilithiumExportPrivateKeyPKCS8 exports a Dilithium private key into PKCS8 format.
func IqrDilithiumExportPublicKey ¶
func IqrDilithiumExportPublicKey(pubKey *IqrDilithiumPublicKey, buf []byte, size int64) error
IqrDilithiumExportPublicKey exports the Dilithium private key's data into a buffer.
func IqrDilithiumGetPrivateKeySize ¶
func IqrDilithiumGetPrivateKeySize(params *IqrDilithiumParams, privateKeySize *int64) error
IqrDilithiumGetPrivateKeySize Golang wrapper for iqr_DilithiumGetPrivateKeySize
func IqrDilithiumGetPublicKeySize ¶
func IqrDilithiumGetPublicKeySize(params *IqrDilithiumParams, publicKeySize *int64) error
IqrDilithiumGetPublicKeySize gets the Dilithium public key size.
func IqrDilithiumGetSignatureSize ¶
func IqrDilithiumGetSignatureSize(params *IqrDilithiumParams, sigSize *int64) error
IqrDilithiumGetSignatureSize gets the Dilithium signature size.
func IqrDilithiumImportPrivateKey ¶
func IqrDilithiumImportPrivateKey(params *IqrDilithiumParams, buf []byte, size int64, privateKey **IqrDilithiumPrivateKey) error
IqrDilithiumImportPrivateKey imports a Dilithium private key object from a buffer. This function only accepts data that has been generated by IqrDilithiumExportPrivateKey(). There is currently no standard for saving Dilithium private keys.
func IqrDilithiumImportPrivateKeyFromPKCS8 ¶
func IqrDilithiumImportPrivateKeyFromPKCS8(ctx *IqrContext, der []byte, size int64, privateKey **IqrDilithiumPrivateKey, variant **IqrDilithiumVariant, params **IqrDilithiumParams) error
IqrDilithiumImportPrivateKeyFromPKCS8
func IqrDilithiumImportPublicKey ¶
func IqrDilithiumImportPublicKey(params *IqrDilithiumParams, buf []byte, size int64, publicKey **IqrDilithiumPublicKey) error
IqrDilithiumImportPublicKey imports a Dilithium private key object from a buffer. This function only accepts data that has been generated by iqr_DilithiumExportPrivateKey(). There is currently no standard for saving Dilithium private keys.
func IqrDilithiumImportPublicKeyFromASN1 ¶
func IqrDilithiumImportPublicKeyFromASN1(ctx *IqrContext, der []byte, size int64, publicKey **IqrDilithiumPublicKey, variant **IqrDilithiumVariant, params **IqrDilithiumParams) error
IqrDilithiumImportPublicKeyFromASN1 imports public key from a asn.1 encoded public key buffer.
func IqrDilithiumSign ¶
func IqrDilithiumSign(privKey *IqrDilithiumPrivateKey, message []byte, messageSize int64, sig []byte, sigSize int64) error
IqrDilithiumSign signs a message using a Dilithium private key. sigSize must be exact the same value returned by iqrDilithiumGetSingatureSize
func IqrDilithiumVerify ¶
func IqrDilithiumVerify(pubKey *IqrDilithiumPublicKey, message []byte, messageSize int64, sig []byte, sigSize int64) error
IqrDilithiumVerify verifies the signature of a message using a Dilithium public key. sigSize must be exact the same value returned by iqrDilithiumGetSingatureSize
func IqrHSSCreateParamsFromSignature ¶
func IqrHSSCreateParamsFromSignature(ctx *IqrContext, sig []byte, sigSize int64, params **IqrHSSParams) error
IqrHSSCreateParamsFromSignature Create an HSS Parameters object using a signature.
func IqrHSSDestroyParams ¶
func IqrHSSDestroyParams(params **IqrHSSParams) error
IqrHSSDestroyParams destroys HSS parameters and release it from memory.
func IqrHSSDestroyPublicKey ¶
func IqrHSSDestroyPublicKey(publicKey **IqrHSSPublicKey) error
IqrHSSDestroyPublicKey destroys the HSS public key and releases it from memory.
func IqrHSSExportPublicKey ¶
func IqrHSSExportPublicKey(pubKey *IqrHSSPublicKey, buf []byte, size int64) error
IqrHSSExportPublicKey exports HSS public key.
func IqrHSSGetPublicKeySize ¶
func IqrHSSGetPublicKeySize(params *IqrHSSParams, publicKeySize *int64) error
IqrHSSGetPublicKeySize gets HSS public key size.
func IqrHSSImportPublicKey ¶
func IqrHSSImportPublicKey(params *IqrHSSParams, buf []byte, size int64, publicKey **IqrHSSPublicKey) error
IqrHSSImportPublicKey imports HSS public key.
func IqrHSSImportPublicKeyFromASN1 ¶
func IqrHSSImportPublicKeyFromASN1(ctx *IqrContext, der []byte, size int64, publicKey **IqrHSSPublicKey, params *IqrHSSParams) error
IqrHSSImportPublicKeyFromASN1 imports public key from asn.1 encode public key.
func IqrHSSVerify ¶
func IqrHSSVerify(pubKey *IqrHSSPublicKey, message []byte, messageSize int64, sig []byte, sigSize int64) error
IqrHSSVerify verifies HSS signature. sigSize must be exact the same value returned by IqrHSSGetSingatureSize
func IqrHashRegisterCallbacks ¶
func IqrHashRegisterCallbacks(ctx *IqrContext, hashAlgoType int, cb C.iqr_HashCallbacks) error
IqrHashRegisterCallbacks registers a hashing implementation.
func IqrInitRNG ¶
func IqrInitRNG(ctx **IqrContext, rng **IqrRNG, rand io.Reader) error
IqrInitRNG Convenient function to create a RNG. The returned RNG must be destroyed using the IqrRNGDestroy function.
func IqrRNGCreateHMACDRBG ¶
func IqrRNGCreateHMACDRBG(ctx *IqrContext, hashAlgoType int, rng **IqrRNG) error
IqrRNGCreateHMACDRBG creates an HMAC-DRBG Random Number Generator.
func IqrRNGDestroy ¶
IqrRNGDestroy destroys a Random Number Generator.
func IqrRNGInitialize ¶
IqrRNGInitialize creates and initializes a Random Number Generator.
func IqrStrError ¶
IqrStrError converts Iqr return value to readable string.
func IqrToolkitLinked ¶
func IqrToolkitLinked() bool
Types ¶
type DilithiumPrivateKey ¶
type DilithiumPrivateKey struct { Variant *IqrDilithiumVariant Params *IqrDilithiumParams PubKey *IqrDilithiumPublicKey PrivKey *IqrDilithiumPrivateKey }
A DilithiumPrivateKey represents a Dilithium key It also implements the crypto.Signer interface.
func GenerateDilithiumPrivateKey ¶
func GenerateDilithiumPrivateKey(variant *IqrDilithiumVariant, rand io.Reader) (*DilithiumPrivateKey, error)
GenerateDilithiumPrivateKey generates a new dilithium private key using the vaiant specified Call IqrDilithiumDestroyPrivateKey if the returned private key no longer used. variant: one of IqrDILITHIUM128 and IqrDILITHIUM160
func (*DilithiumPrivateKey) Destroy ¶
func (priv *DilithiumPrivateKey) Destroy() error
Destroy destroy the private and its public key and release the memory
func (*DilithiumPrivateKey) Public ¶
func (priv *DilithiumPrivateKey) Public() crypto.PublicKey
Public returns the public key corresponding to priv.
func (*DilithiumPrivateKey) QSKeyType ¶
func (priv *DilithiumPrivateKey) QSKeyType() string
QSKeyType returns wether is the key is Quantum-Safe.
func (*DilithiumPrivateKey) Sign ¶
func (priv *DilithiumPrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign signs digest with priv, reading randomness from rand.
type IqrDilithiumParams ¶
type IqrDilithiumParams = C.iqr_DilithiumParams
IqrDilithiumParams the Dilithium domain parameter.
type IqrDilithiumPrivateKey ¶
type IqrDilithiumPrivateKey = C.iqr_DilithiumPrivateKey
IqrDilithiumPrivateKey the Dilithium private key.
type IqrDilithiumPublicKey ¶
type IqrDilithiumPublicKey = C.iqr_DilithiumPublicKey
IqrDilithiumPublicKey the Dilithium public key.
type IqrDilithiumVariant ¶
type IqrDilithiumVariant = C.iqr_DilithiumVariant
IqrDilithiumVariant the Dilithium variant, one of IqrDILITHIUM128 and IqrDILITHIUM160
type IqrHSSParams ¶
type IqrHSSParams = C.iqr_HSSParams
IqrHSSParams the HSS algorithm's domain parameters.
type IqrHSSPublicKey ¶
type IqrHSSPublicKey = C.iqr_HSSPublicKey
IqrHSSPublicKey handle to HSS public key.
type QSPrivateKey ¶
QSPrivateKey is an interface for an opaque QS private key that can be used for signing operations.
type SignatureAlgorithmQS ¶
type SignatureAlgorithmQS int
SignatureAlgorithmQS Quantum-Safe algorithms.
const ( UnknownSignatureAlgorithm SignatureAlgorithmQS = iota DILITHIUM HSS )
List of supported Quantum-Safe algorithms