quark

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2023 License: MIT Imports: 11 Imported by: 0

README

Quark

Quark is a post-quantum cryptography tool inspired by GnuPG with a modern cli interface.

Why?

"Imagine that it's fifteen years from now. Somebody announces that he's built a large quantum computer. RSA is dead. DSA is dead. Elliptic curves, hyperelliptic curves, class groups, whatever, dead, dead, dead. So users are going to run around screaming and say 'Oh my God, what do we do?'..." - https://pqcrypto.org

Installation

Using go
go install github.com/karalef/quark/cmd/quark@v0.2.0
Clone & build
git clone https://github.com/karalef/quark

cd quark

git checkout v0.2.0

go build -o path/to/binary ./cmd/quark

Documentation

Index

Constants

View Source 
const (
	FPSize       = md5.Size     // 16
	FPStringSize = FPSize*3 - 1 // 47

	IDSize       = FPSize / 2 // 8
	IDStringSize = IDSize * 2 // hexed id (16)
)

id and fingerprint sizes.

View Source 
const (
	MessageFlagEncrypted MessageType = 1 << iota
	MessageFlagSigned

	// rawly encoded message that is not encrypted and not signed
	MessageTypeRaw = 0x00
	// anonymous message that is only encrypted and not signed
	MessageTypeAnonymous = MessageFlagEncrypted
	// clear-signed message that is only signed and not encrypted
	MessageTypeClearSign = MessageFlagSigned
	// message that is encrypted and signed
	MessageTypeSignedEncrypted = MessageFlagEncrypted | MessageFlagSigned
)

message flags and types

View Source 
const (
	PacketTagMessage       pack.Tag = 0x01
	PacketTagPublicKeyset  pack.Tag = 0x02
	PacketTagPrivateKeyset pack.Tag = 0x03
)

packet tags.

Variables

View Source 
var (
	ErrEmpty = errors.New("empty data")
)

errors

View Source 
var ErrInvalidIdentity = errors.New("invalid identity")

ErrInvalidIdentity is returned if the identity is invalid.

View Source 
var (
	ErrInvalidScheme = errors.New("invalid scheme")
)

scheme errors.

View Source 
var ErrInvalidSeed = errors.New("invalid seed size")

ErrInvalidSeed is returned if the seed size does not match the scheme.

Functions

func Decrypt 

func Decrypt(dst, ciphertext []byte, enc *Encryption, recipient Private) ([]byte, error)

Decrypt decrypts data for the private key and appends the result to dst, returning the updated slice. dst can be ciphertext[:0] to reuse the storage of ciphertext.

func Verify 

func Verify(data []byte, signature Signature, keyset Public) (bool, error)

Verify verifies a signature.

Types

type Algorithm added in v0.2.0 

type Algorithm string

Algorithm represents algorithm as string. 

const InvalidAlgorithm Algorithm = "INVALID"

InvalidAlgorithm represents unsupported or invalid algorithm.

type Encryption added in v0.2.0 

type Encryption struct {
	// keyset id used for encapsulation
	ID ID `msgpack:"id"`

	// cipher nonce
	Nonce []byte `msgpack:"nonce"`

	// encapsulated shared secret
	Secret []byte `msgpack:"secret"`
}

Encryption contains encryption data.

func Encrypt 

func Encrypt(dst, data []byte, recipient Public) (ciphertext []byte, enc *Encryption)

Encrypt encrypts data for the public key and appends the result to dst, returning the updated slice. The result ciphertext includes encrypted data with appended auth tag.

func (*Encryption) Error added in v0.2.0 

func (e *Encryption) Error() string

func (*Encryption) IsValid added in v0.2.0 

func (e *Encryption) IsValid() bool

IsValid returns true if the encryption data is valid.

func (*Encryption) Validate added in v0.2.0 

func (e *Encryption) Validate(p Private) error

Validate compares the encryption data against the private keyset id and scheme.

type ErrPublicKeysetSignature added in v0.2.0 

type ErrPublicKeysetSignature struct {
	// contains filtered or unexported fields
}

ErrPublicKeysetSignature is returned if the public keyset signature is invalid.

func (ErrPublicKeysetSignature) Error added in v0.2.0 

func (e ErrPublicKeysetSignature) Error() string

type Fingerprint 

type Fingerprint [FPSize]byte

Fingerprint represents keyset fingerprint.

func FingerprintFromString added in v0.2.0 

func FingerprintFromString(strFP string) (fp Fingerprint, ok bool)

FingerprintFromString parses string keyset fingerprint.

func (Fingerprint) ID 

func (f Fingerprint) ID() ID

ID calculates keyset ID from fingerprint.

func (Fingerprint) IsEmpty added in v0.2.0 

func (f Fingerprint) IsEmpty() bool

IsEmpty returns true if fingerprint is empty.

func (Fingerprint) String 

func (f Fingerprint) String() string

type ID 

type ID [IDSize]byte

ID represents keyset ID.

func IDFromString 

func IDFromString(strID string) (id ID, ok bool)

IDFromString parses hexed keyset ID. It returns false if the string is not a valid keyset ID.

func IDFromUint added in v0.2.0 

func IDFromUint(uintID uint64) (id ID)

IDFromUint converts uint64 to ID.

func (ID) IsEmpty added in v0.2.0 

func (id ID) IsEmpty() bool

IsEmpty returns true if ID is empty.

func (ID) String 

func (id ID) String() string

func (ID) Uint added in v0.2.0 

func (id ID) Uint() uint64

Uint returns keyset ID as uint64 in little endian order.

type Identity 

type Identity struct {
	Name    string `msgpack:"name"`
	Email   string `msgpack:"email,omitempty"`
	Comment string `msgpack:"comment,omitempty"`
}

Identity represents the keyset's identity.

func (Identity) IsValid added in v0.1.1 

func (i Identity) IsValid() bool

IsValid returns true if the identity is valid.

type KEMAlgorithm added in v0.2.0 

type KEMAlgorithm Algorithm

KEMAlgorithm represents KEM algorithm. 

const (
	Kyber512AESGCM            KEMAlgorithm = "KYBER512-AES_GCM"
	Kyber512XChaCha20Poly1305 KEMAlgorithm = "KYBER512-XCHACHA20_POLY1305"

	Kyber768AESGCM            KEMAlgorithm = "KYBER768-AES_GCM"
	Kyber768XChaCha20Poly1305 KEMAlgorithm = "KYBER768-XCHACHA20_POLY1305"

	Kyber1024AESGCM            KEMAlgorithm = "KYBER1024-AES_GCM"
	Kyber1024XChaCha20Poly1305 KEMAlgorithm = "KYBER1024-XCHACHA20_POLY1305"

	Frodo640ShakeAESGCM KEMAlgorithm = "FRODO640SHAKE-AES_GCM"
)

available KEM algorithms.

func ListKEMAlgorithms added in v0.2.0 

func ListKEMAlgorithms() []KEMAlgorithm

ListKEMAlgorithms returns all available KEM algorithms.

func (KEMAlgorithm) Alg added in v0.2.0 

func (alg KEMAlgorithm) Alg() KEMAlgorithm

Alg returns itself.

func (KEMAlgorithm) IsValid added in v0.2.0 

func (alg KEMAlgorithm) IsValid() bool

IsValid returns true if the algorithm is valid and supported.

func (KEMAlgorithm) Scheme added in v0.2.0 

func (alg KEMAlgorithm) Scheme() KEMScheme

Scheme returns the KEM scheme. Returns nil if the algorithm is invalid or unsupported.

func (KEMAlgorithm) String added in v0.2.0 

func (alg KEMAlgorithm) String() string

type KEMScheme added in v0.2.0 

type KEMScheme interface {
	Alg() KEMAlgorithm
	kem.Scheme
	Cipher() cipher.Scheme
}

KEMScheme represents a KEM scheme.

func ListKEMSchemes added in v0.2.0 

func ListKEMSchemes() []KEMScheme

ListKEMSchemes returns all available KEM schemes.

type Keyset added in v0.1.1 

type Keyset interface {
	pack.Packable

	// Info returns the info of the keyset.
	Info() KeysetInfo

	// Identity returns the identity of the keyset.
	Identity() Identity

	// ID returns the ID of the keyset.
	ID() ID

	// Fingerprint returns the fingerprint of the keyset.
	Fingerprint() Fingerprint

	// Scheme returns the scheme of the keyset.
	Scheme() Scheme
	// contains filtered or unexported methods
}

Keyset represents a keyset.

type KeysetInfo added in v0.2.0 

type KeysetInfo struct {
	ID          ID          `msgpack:"-"`
	Fingerprint Fingerprint `msgpack:"-"`

	Identity Identity `msgpack:"identity"`
	Scheme   Scheme   `msgpack:"scheme"`
}

KeysetInfo contains the info about the keyset.

type Message 

type Message struct {
	// signature
	Signature *Signature `msgpack:"signature,omitempty"`

	// encryption
	Encryption *Encryption `msgpack:"encryption,omitempty"`

	// name of the file
	Filename string `msgpack:"filename,omitempty"`

	// time of the last file modification or message creation
	Time int64 `msgpack:"time,omitempty"`

	// data
	Data []byte `msgpack:"data"`
}

Message contains a message.

func NewMessage added in v0.2.0 

func NewMessage(plaintext []byte, recipient Public, sender Private) (Message, error)

NewMessage creates a new message. If the sender is nil, the message will be Anonymous. If the recipient is nil, the message will be Clear-Signed.

func NewMessageFile added in v0.2.0 

func NewMessageFile(data []byte, filename string, mtime int64, recipient Public, sender Private) (Message, error)

NewMessageFile creates a new message containing a file. If the filename is empty it just returns the result of NewMessage.

func (*Message) PacketTag 

func (*Message) PacketTag() pack.Tag

PacketTag implements pack.Packable interface.

func (*Message) Type 

func (m *Message) Type() (typ MessageType)

Type returns the message type.

type MessageType 

type MessageType byte

MessageType represents a message type.

func (MessageType) IsEncrypted 

func (t MessageType) IsEncrypted() bool

IsEncrypted returns true if the message is encrypted.

func (MessageType) IsSigned 

func (t MessageType) IsSigned() bool

IsSigned returns true if the message is signed.

func (MessageType) String 

func (t MessageType) String() string

type Private 

type Private interface {
	Keyset

	// Public returns the public keyset.
	Public() Public

	// ChangeIdentity changes the identity of the keyset.
	ChangeIdentity(Identity) error

	// KEM returns the KEM public key.
	KEM() kem.PrivateKey

	// Sign returns the signature public key.
	Sign() sign.PrivateKey
	// contains filtered or unexported methods
}

Private represents a private keyset.

func Generate 

func Generate(id Identity, scheme Scheme) (Private, error)

Generate generates a new keyset from scheme using crypto/rand.

func NewPrivate 

func NewPrivate(id Identity, scheme Scheme, signSeed, kemSeed []byte) (Private, error)

NewPrivate creates a new private keyset from scheme and seeds.

type Public 

type Public interface {
	Keyset

	// KEM returns the KEM public key.
	KEM() kem.PublicKey

	// Sign returns the signature public key.
	Sign() sign.PublicKey
}

Public represents a public keyset.

type Scheme 

type Scheme struct {
	Sign SignScheme
	KEM  KEMScheme
}

Scheme type.

func ParseScheme 

func ParseScheme(s string) (Scheme, error)

ParseScheme parses string with format "SIGN::KEM".

func (*Scheme) DecodeMsgpack added in v0.2.0 

func (s *Scheme) DecodeMsgpack(dec *pack.Decoder) error

DecodeMsgpack implements pack.CustomDecoder.

func (Scheme) EncodeMsgpack added in v0.2.0 

func (s Scheme) EncodeMsgpack(enc *pack.Encoder) error

EncodeMsgpack implements pack.CustomEncoder.

func (Scheme) IsValid 

func (s Scheme) IsValid() bool

IsValid returns true if scheme is valid.

func (Scheme) String 

func (s Scheme) String() string

type SignAlgorithm added in v0.2.0 

type SignAlgorithm Algorithm

SignAlgorithm represents a signature algorithm. 

const (
	// Dilithium2ED25519 hybrids Dilithium mode2 with ed25519
	Dilithium2ED25519 SignAlgorithm = "DILITHIUM2_ED25519"

	// Dilithium3ED448 hybrids Dilithium mode3 with ed448
	Dilithium3ED448 SignAlgorithm = "DILITHIUM3_ED448"

	Dilithium2    SignAlgorithm = "DILITHIUM2"
	Dilithium2AES SignAlgorithm = "DILITHIUM2_AES"
	Dilithium3    SignAlgorithm = "DILITHIUM3"
	Dilithium3AES SignAlgorithm = "DILITHIUM3_AES"
	Dilithium5    SignAlgorithm = "DILITHIUM5"
	Dilithium5AES SignAlgorithm = "DILITHIUM5_AES"

	Falcon1024 SignAlgorithm = "FALCON1024"
)

signature algorithms.

func ListSignAlgorithms added in v0.2.0 

func ListSignAlgorithms() []SignAlgorithm

ListSignAlgorithms returns all available signature algorithms.

func (SignAlgorithm) Alg added in v0.2.0 

func (alg SignAlgorithm) Alg() SignAlgorithm

Alg returns itself.

func (SignAlgorithm) IsValid added in v0.2.0 

func (alg SignAlgorithm) IsValid() bool

IsValid returns true if the algorithm is valid and supported.

func (SignAlgorithm) Scheme added in v0.2.0 

func (alg SignAlgorithm) Scheme() SignScheme

Scheme returns the signature scheme. Returns nil if the algorithm is invalid or unsupported.

func (SignAlgorithm) String added in v0.2.0 

func (alg SignAlgorithm) String() string

type SignScheme added in v0.2.0 

type SignScheme interface {
	Alg() SignAlgorithm
	sign.Scheme
}

SignScheme represents a signature scheme.

func ListSignSchemes added in v0.2.0 

func ListSignSchemes() []SignScheme

ListSignSchemes returns all available signature schemes.

type Signature added in v0.2.0 

type Signature struct {
	// keyset id used for signing
	ID ID `msgpack:"id"`

	// signature
	Signature []byte `msgpack:"sig"`

	// signature time stamp
	Time int64 `msgpack:"time"`
}

Signature represents a signature.

func Sign 

func Sign(plaintext []byte, keyset Private) (*Signature, error)

Sign creates a signature. Returns an empty signature without error if the keyset is nil.

func (*Signature) Error added in v0.2.0 

func (s *Signature) Error() string

func (*Signature) IsValid added in v0.2.0 

func (s *Signature) IsValid() bool

IsValid returns true if the signature is valid.

func (*Signature) Validate added in v0.2.0 

func (s *Signature) Validate(pub Public) error

Validate compares the signature against the public keyset id and scheme.

Source Files

View all Source files

Directories

Path Synopsis
cmd
cmdio
enc
keyring
keys
quark
storage

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.