Documentation ¶
Index ¶
- Constants
- Variables
- func DecryptBlock(encryptedBlock EncryptedBlock, tlfCryptKey TLFCryptKey, ...) ([]byte, error)
- func DecryptMerkleLeaf(privateKey TLFPrivateKey, publicKey TLFEphemeralPublicKey, ...) ([]byte, error)
- func DecryptPrivateMetadata(encryptedPrivateMetadata EncryptedPrivateMetadata, key TLFCryptKey) ([]byte, error)
- func DepadBlock(paddedBlock []byte) ([]byte, error)
- func GetRootCerts(serverAddr string, certGetter func(host string) (certsBundle []byte, ok bool)) []byte
- func MakeRandomTLFEphemeralKeys() (TLFEphemeralPublicKey, TLFEphemeralPrivateKey, error)
- func PadBlock(block []byte) ([]byte, error)
- func PrepareMerkleLeaf(encryptedMerkleLeaf EncryptedMerkleLeaf) (nonce [24]byte, err error)
- func RandRead(buf []byte) error
- func Verify(msg []byte, sigInfo SignatureInfo) error
- func VerifyTLFCryptKeyServerHalfID(serverHalfID TLFCryptKeyServerHalfID, user keybase1.UID, ...) error
- type AuthToken
- type AuthTokenRefreshHandler
- type BlockCryptKey
- func (c BlockCryptKey) Bytes() []byte
- func (c BlockCryptKey) Data() [32]byte
- func (c BlockCryptKey) MarshalBinary() (data []byte, err error)
- func (c BlockCryptKey) MarshalText() ([]byte, error)
- func (c BlockCryptKey) String() string
- func (c *BlockCryptKey) UnmarshalBinary(data []byte) error
- func (c *BlockCryptKey) UnmarshalText(data []byte) error
- type BlockCryptKeyServerHalf
- func (c BlockCryptKeyServerHalf) Bytes() []byte
- func (c BlockCryptKeyServerHalf) Data() [32]byte
- func (c BlockCryptKeyServerHalf) MarshalBinary() (data []byte, err error)
- func (c BlockCryptKeyServerHalf) MarshalText() ([]byte, error)
- func (c BlockCryptKeyServerHalf) String() string
- func (c *BlockCryptKeyServerHalf) UnmarshalBinary(data []byte) error
- func (c *BlockCryptKeyServerHalf) UnmarshalText(data []byte) error
- type BlockHashKey
- type CryptPrivateKey
- type CryptPublicKey
- func (k CryptPublicKey) KID() keybase1.KID
- func (k CryptPublicKey) MarshalBinary() (data []byte, err error)
- func (k CryptPublicKey) MarshalJSON() ([]byte, error)
- func (k CryptPublicKey) String() string
- func (k *CryptPublicKey) UnmarshalBinary(data []byte) error
- func (k *CryptPublicKey) UnmarshalJSON(s []byte) error
- type EncryptedBlock
- type EncryptedMerkleLeaf
- type EncryptedPrivateMetadata
- type EncryptedTLFCryptKeyClientHalf
- type EncryptedTLFCryptKeys
- type EncryptionVer
- type InvalidByte32DataError
- type InvalidEncryptionVer
- type InvalidKIDError
- type InvalidNonceError
- type PaddedBlockReadError
- type SigVer
- type SignatureInfo
- type Signer
- type SigningKey
- type SigningKeySigner
- type TLFCryptKey
- func DecryptTLFCryptKeys(codec kbfscodec.Codec, encryptedTLFCryptKeys EncryptedTLFCryptKeys, ...) ([]TLFCryptKey, error)
- func MakeFakeTLFCryptKeyOrBust(seed string) TLFCryptKey
- func MakeRandomTLFCryptKey() (TLFCryptKey, error)
- func MakeTLFCryptKey(data [32]byte) TLFCryptKey
- func UnmaskTLFCryptKey(serverHalf TLFCryptKeyServerHalf, clientHalf TLFCryptKeyClientHalf) TLFCryptKey
- func (c TLFCryptKey) Bytes() []byte
- func (c TLFCryptKey) Data() [32]byte
- func (c TLFCryptKey) MarshalBinary() (data []byte, err error)
- func (c TLFCryptKey) MarshalText() ([]byte, error)
- func (c TLFCryptKey) String() string
- func (c *TLFCryptKey) UnmarshalBinary(data []byte) error
- func (c *TLFCryptKey) UnmarshalText(data []byte) error
- type TLFCryptKeyClientHalf
- func (c TLFCryptKeyClientHalf) Bytes() []byte
- func (c TLFCryptKeyClientHalf) Data() [32]byte
- func (c TLFCryptKeyClientHalf) MarshalBinary() (data []byte, err error)
- func (c TLFCryptKeyClientHalf) MarshalText() ([]byte, error)
- func (c TLFCryptKeyClientHalf) String() string
- func (c *TLFCryptKeyClientHalf) UnmarshalBinary(data []byte) error
- func (c *TLFCryptKeyClientHalf) UnmarshalText(data []byte) error
- type TLFCryptKeyServerHalf
- func (c TLFCryptKeyServerHalf) Bytes() []byte
- func (c TLFCryptKeyServerHalf) Data() [32]byte
- func (c TLFCryptKeyServerHalf) MarshalBinary() (data []byte, err error)
- func (c TLFCryptKeyServerHalf) MarshalText() ([]byte, error)
- func (c TLFCryptKeyServerHalf) String() string
- func (c *TLFCryptKeyServerHalf) UnmarshalBinary(data []byte) error
- func (c *TLFCryptKeyServerHalf) UnmarshalText(data []byte) error
- type TLFCryptKeyServerHalfID
- type TLFEphemeralPrivateKey
- func (c TLFEphemeralPrivateKey) Bytes() []byte
- func (c TLFEphemeralPrivateKey) Data() [32]byte
- func (c TLFEphemeralPrivateKey) MarshalBinary() (data []byte, err error)
- func (c TLFEphemeralPrivateKey) MarshalText() ([]byte, error)
- func (c TLFEphemeralPrivateKey) String() string
- func (c *TLFEphemeralPrivateKey) UnmarshalBinary(data []byte) error
- func (c *TLFEphemeralPrivateKey) UnmarshalText(data []byte) error
- type TLFEphemeralPublicKey
- func (c TLFEphemeralPublicKey) Bytes() []byte
- func (c TLFEphemeralPublicKey) Data() [32]byte
- func (c TLFEphemeralPublicKey) MarshalBinary() (data []byte, err error)
- func (c TLFEphemeralPublicKey) MarshalText() ([]byte, error)
- func (c TLFEphemeralPublicKey) String() string
- func (c *TLFEphemeralPublicKey) UnmarshalBinary(data []byte) error
- func (c *TLFEphemeralPublicKey) UnmarshalText(data []byte) error
- type TLFEphemeralPublicKeys
- type TLFPrivateKey
- func (c TLFPrivateKey) Bytes() []byte
- func (c TLFPrivateKey) Data() [32]byte
- func (c TLFPrivateKey) MarshalBinary() (data []byte, err error)
- func (c TLFPrivateKey) MarshalText() ([]byte, error)
- func (c TLFPrivateKey) String() string
- func (c *TLFPrivateKey) UnmarshalBinary(data []byte) error
- func (c *TLFPrivateKey) UnmarshalText(data []byte) error
- type TLFPublicKey
- func (c TLFPublicKey) Bytes() []byte
- func (c TLFPublicKey) Data() [32]byte
- func (c TLFPublicKey) MarshalBinary() (data []byte, err error)
- func (c TLFPublicKey) MarshalText() ([]byte, error)
- func (TLFPublicKey) Size() int
- func (c TLFPublicKey) String() string
- func (c *TLFPublicKey) UnmarshalBinary(data []byte) error
- func (c *TLFPublicKey) UnmarshalText(data []byte) error
- type UnexpectedShortCryptoRandRead
- type UnknownEncryptionVer
- type UnknownSigVer
- type VerifyingKey
- func (k VerifyingKey) IsNil() bool
- func (k VerifyingKey) KID() keybase1.KID
- func (k VerifyingKey) MarshalBinary() (data []byte, err error)
- func (k VerifyingKey) MarshalJSON() ([]byte, error)
- func (k VerifyingKey) String() string
- func (k *VerifyingKey) UnmarshalBinary(data []byte) error
- func (k *VerifyingKey) UnmarshalJSON(s []byte) error
Constants ¶
const ( // SigED25519 is the signature type for ED25519 SigED25519 = SigVer(iota + 1) // SigED25519ForKBFS is the signature type for ED25519 with a KBFS prefix. SigED25519ForKBFS )
const AuthTokenMinRefreshSeconds = 60
AuthTokenMinRefreshSeconds is the minimum number of seconds between refreshes.
const ( // EnvTestRootCertPEM is the environment variable name for the // CA cert PEM the client uses to verify the KBFS servers when // testing. Any certificate present here overrides any // certificate inferred from a server address. EnvTestRootCertPEM = "KEYBASE_TEST_ROOT_CERT_PEM" )
const TestRootCert = `` /* 4195-byte string literal not displayed */
TestRootCert is a CA cert which can be used for testing TLS support. 127.0.0.1 is the only supported address.
const TestRootKey = `` /* 1678-byte string literal not displayed */
TestRootKey can be used with the above cert+public key to test TLS support.
Variables ¶
var PublicTLFCryptKey = MakeTLFCryptKey([32]byte{
0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
})
PublicTLFCryptKey is the TLFCryptKey used for all public TLFs. That means that anyone with just the block key for a public TLF can decrypt that block. This is not the zero TLFCryptKey so that we can distinguish it from an (erroneously?) unset TLFCryptKey.
Functions ¶
func DecryptBlock ¶
func DecryptBlock( encryptedBlock EncryptedBlock, tlfCryptKey TLFCryptKey, blockServerHalf BlockCryptKeyServerHalf) ([]byte, error)
DecryptBlock decrypts a block, but does not unpad or decode it.
func DecryptMerkleLeaf ¶
func DecryptMerkleLeaf( privateKey TLFPrivateKey, publicKey TLFEphemeralPublicKey, encryptedMerkleLeaf EncryptedMerkleLeaf) ([]byte, error)
DecryptMerkleLeaf decrypts an EncryptedMerkleLeaf using the given private TLF key and ephemeral public key.
func DecryptPrivateMetadata ¶
func DecryptPrivateMetadata( encryptedPrivateMetadata EncryptedPrivateMetadata, key TLFCryptKey) ( []byte, error)
DecryptPrivateMetadata decrypts a PrivateMetadata object, but does not decode it.
func DepadBlock ¶
DepadBlock extracts the actual block data from a padded block.
func GetRootCerts ¶
func GetRootCerts(serverAddr string, certGetter func(host string) (certsBundle []byte, ok bool)) []byte
GetRootCerts returns a byte array with the appropriate root certs for the given host:port string.
func MakeRandomTLFEphemeralKeys ¶
func MakeRandomTLFEphemeralKeys() ( TLFEphemeralPublicKey, TLFEphemeralPrivateKey, error)
MakeRandomTLFEphemeralKeys generates ephemeral keys using a CSPRNG for a TLF. These keys can then be used to key/rekey the TLF.
func PrepareMerkleLeaf ¶
func PrepareMerkleLeaf(encryptedMerkleLeaf EncryptedMerkleLeaf) ( nonce [24]byte, err error)
PrepareMerkleLeaf verifies the correctness of the given leaf, and returns its nonce.
func Verify ¶
func Verify(msg []byte, sigInfo SignatureInfo) error
Verify verifies the given message against the given SignatureInfo, and returns nil if it verifies successfully, or an error otherwise.
func VerifyTLFCryptKeyServerHalfID ¶
func VerifyTLFCryptKeyServerHalfID( serverHalfID TLFCryptKeyServerHalfID, user keybase1.UID, devicePubKey CryptPublicKey, serverHalf TLFCryptKeyServerHalf) error
VerifyTLFCryptKeyServerHalfID verifies the ID is the proper HMAC result.
Types ¶
type AuthToken ¶
type AuthToken struct {
// contains filtered or unexported fields
}
AuthToken encapsulates a timed authentication token.
func NewAuthToken ¶
func NewAuthToken(signer Signer, tokenType string, expireIn int, submoduleName, version string, rh AuthTokenRefreshHandler) *AuthToken
NewAuthToken creates a new authentication token.
func (*AuthToken) Shutdown ¶
func (a *AuthToken) Shutdown()
Shutdown is called to stop the refresh ticker.
func (*AuthToken) Sign ¶
func (a *AuthToken) Sign(ctx context.Context, currentUsername kbname.NormalizedUsername, currentUID keybase1.UID, currentVerifyingKey VerifyingKey, challengeInfo keybase1.ChallengeInfo) (string, error)
Sign is called to create a new signed authentication token, including a challenge and username/uid/kid identifiers.
func (*AuthToken) SignUserless ¶
SignUserless signs the token without a username, UID, or challenge. This is useful for server-to-server communication where identity is established using only the KID. Assume the client and server clocks are roughly synchronized.
type AuthTokenRefreshHandler ¶
AuthTokenRefreshHandler defines a callback to be called when an auth token refresh is needed.
type BlockCryptKey ¶
type BlockCryptKey struct {
// contains filtered or unexported fields
}
BlockCryptKey is used to encrypt/decrypt block data. (See § 4.1.2.)
func MakeBlockCryptKey ¶
func MakeBlockCryptKey(data [32]byte) BlockCryptKey
MakeBlockCryptKey returns a BlockCryptKey containing the given data.
Copies of BlockCryptKey objects are deep copies.
func UnmaskBlockCryptKey ¶
func UnmaskBlockCryptKey(serverHalf BlockCryptKeyServerHalf, tlfCryptKey TLFCryptKey) BlockCryptKey
UnmaskBlockCryptKey returns the block crypt key.
func (BlockCryptKey) MarshalBinary ¶
func (BlockCryptKey) MarshalText ¶
func (*BlockCryptKey) UnmarshalBinary ¶
func (*BlockCryptKey) UnmarshalText ¶
type BlockCryptKeyServerHalf ¶
type BlockCryptKeyServerHalf struct {
// contains filtered or unexported fields
}
BlockCryptKeyServerHalf is a masked version of a BlockCryptKey, which can be recovered only with the TLFCryptKey used to mask the server half.
Copies of BlockCryptKeyServerHalf objects are deep copies.
func MakeBlockCryptKeyServerHalf ¶
func MakeBlockCryptKeyServerHalf(data [32]byte) BlockCryptKeyServerHalf
MakeBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given data.
func MakeRandomBlockCryptKeyServerHalf ¶
func MakeRandomBlockCryptKeyServerHalf() ( serverHalf BlockCryptKeyServerHalf, err error)
MakeRandomBlockCryptKeyServerHalf generates the server-side of a block crypt key.
func ParseBlockCryptKeyServerHalf ¶
func ParseBlockCryptKeyServerHalf(s string) (BlockCryptKeyServerHalf, error)
ParseBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given hex-encoded data, or an error.
func (BlockCryptKeyServerHalf) MarshalBinary ¶
func (BlockCryptKeyServerHalf) MarshalText ¶
func (*BlockCryptKeyServerHalf) UnmarshalBinary ¶
func (*BlockCryptKeyServerHalf) UnmarshalText ¶
type BlockHashKey ¶
type BlockHashKey struct {
// contains filtered or unexported fields
}
BlockHashKey is used as input to encrypt/decrypt block data (v2).
func MakeBlockHashKey ¶
func MakeBlockHashKey( serverHalf BlockCryptKeyServerHalf, key TLFCryptKey) BlockHashKey
MakeBlockHashKey makes a key used for encryption and decryption for the v2 block encryption scheme.
func (BlockHashKey) MarshalText ¶
func (*BlockHashKey) UnmarshalText ¶
type CryptPrivateKey ¶
type CryptPrivateKey struct {
// contains filtered or unexported fields
}
CryptPrivateKey is a private key for encryption/decryption.
func MakeFakeCryptPrivateKeyOrBust ¶
func MakeFakeCryptPrivateKeyOrBust(seed string) CryptPrivateKey
MakeFakeCryptPrivateKeyOrBust makes a new crypt private key from fake randomness made from the given seed.
func NewCryptPrivateKey ¶
func NewCryptPrivateKey(kp libkb.NaclDHKeyPair) CryptPrivateKey
NewCryptPrivateKey returns a CryptPrivateKey using the given key pair.
func (CryptPrivateKey) Data ¶
func (k CryptPrivateKey) Data() [32]byte
Data returns the private key's data, suitable to be used with box.Open or box.Seal.
TODO: Make the CryptPrivateKey handle the Open/Seal itself.
func (CryptPrivateKey) GetPublicKey ¶
func (k CryptPrivateKey) GetPublicKey() CryptPublicKey
GetPublicKey returns the public key corresponding to this private key.
type CryptPublicKey ¶
type CryptPublicKey struct {
// contains filtered or unexported fields
}
CryptPublicKey (M_u^i) is used (with a TLFEphemeralPrivateKey) to encrypt TLFCryptKeyClientHalf objects (See §§ 4.1.1, 6.1.1, 6.3.) These are also sometimes known as subkeys.
Copies of CryptPublicKey objects are deep copies.
func MakeCryptPublicKey ¶
func MakeCryptPublicKey(kid keybase1.KID) CryptPublicKey
MakeCryptPublicKey returns a CryptPublicKey containing the given KID.
func MakeFakeCryptPublicKeyOrBust ¶
func MakeFakeCryptPublicKeyOrBust(seed string) CryptPublicKey
MakeFakeCryptPublicKeyOrBust makes the public key corresponding to the crypt private key made with the same seed.
func (CryptPublicKey) MarshalBinary ¶
func (CryptPublicKey) MarshalJSON ¶
func (*CryptPublicKey) UnmarshalBinary ¶
func (*CryptPublicKey) UnmarshalJSON ¶
type EncryptedBlock ¶
type EncryptedBlock struct {
// contains filtered or unexported fields
}
EncryptedBlock is an encrypted Block object.
func EncryptPaddedEncodedBlock ¶
func EncryptPaddedEncodedBlock( paddedEncodedBlock []byte, tlfCryptKey TLFCryptKey, blockServerHalf BlockCryptKeyServerHalf, ver EncryptionVer) ( encryptedBlock EncryptedBlock, err error)
EncryptPaddedEncodedBlock encrypts a padded, encoded block.
type EncryptedMerkleLeaf ¶
type EncryptedMerkleLeaf struct {
// contains filtered or unexported fields
}
EncryptedMerkleLeaf is an encrypted MerkleLeaf object.
func MakeEncryptedMerkleLeaf ¶
func MakeEncryptedMerkleLeaf( version EncryptionVer, data []byte, nonce *[24]byte) EncryptedMerkleLeaf
MakeEncryptedMerkleLeaf constructs an EncryptedMerkleLeaf.
type EncryptedPrivateMetadata ¶
type EncryptedPrivateMetadata struct {
// contains filtered or unexported fields
}
EncryptedPrivateMetadata is an encrypted PrivateMetadata object.
func EncryptEncodedPrivateMetadata ¶
func EncryptEncodedPrivateMetadata(encodedPrivateMetadata []byte, key TLFCryptKey) ( encryptedPrivateMetadata EncryptedPrivateMetadata, err error)
EncryptEncodedPrivateMetadata encrypts an encoded PrivateMetadata object.
type EncryptedTLFCryptKeyClientHalf ¶
type EncryptedTLFCryptKeyClientHalf struct {
// contains filtered or unexported fields
}
EncryptedTLFCryptKeyClientHalf is an encrypted TLFCryptKeyClientHalf object.
func EncryptTLFCryptKeyClientHalf ¶
func EncryptTLFCryptKeyClientHalf( privateKey TLFEphemeralPrivateKey, publicKey CryptPublicKey, clientHalf TLFCryptKeyClientHalf) ( encryptedClientHalf EncryptedTLFCryptKeyClientHalf, err error)
EncryptTLFCryptKeyClientHalf encrypts a TLFCryptKeyClientHalf using both a TLF's ephemeral private key and a device pubkey.
func MakeEncryptedTLFCryptKeyClientHalfForTest ¶
func MakeEncryptedTLFCryptKeyClientHalfForTest( version EncryptionVer, encodedClientHalf, nonce []byte) EncryptedTLFCryptKeyClientHalf
MakeEncryptedTLFCryptKeyClientHalfForTest returns an EncryptedTLFCryptKeyClientHalf with copies of the given data.
type EncryptedTLFCryptKeys ¶
type EncryptedTLFCryptKeys struct {
// contains filtered or unexported fields
}
EncryptedTLFCryptKeys is an encrypted TLFCryptKey array.
func EncryptTLFCryptKeys ¶
func EncryptTLFCryptKeys(codec kbfscodec.Codec, oldKeys []TLFCryptKey, key TLFCryptKey) ( encryptedTLFCryptKeys EncryptedTLFCryptKeys, err error)
EncryptTLFCryptKeys encrypts a TLFCryptKey array.
type EncryptionVer ¶
type EncryptionVer int
EncryptionVer denotes a version for the encryption method.
const ( // EncryptionSecretbox is the encryption version that uses // nacl/secretbox or nacl/box. EncryptionSecretbox EncryptionVer = 1 // EncryptionSecretboxWithKeyNonce is the encryption version that // uses nacl/secretbox or nacl/box, with a nonce derived from a // secret key. EncryptionSecretboxWithKeyNonce EncryptionVer = 2 )
func (EncryptionVer) String ¶
func (v EncryptionVer) String() string
func (EncryptionVer) ToHashType ¶
func (v EncryptionVer) ToHashType() kbfshash.HashType
ToHashType returns the type of the hash that should be used for the given encryption version.
type InvalidByte32DataError ¶
type InvalidByte32DataError struct {
// contains filtered or unexported fields
}
InvalidByte32DataError is returned whenever invalid data for a 32-byte type is detected.
func (InvalidByte32DataError) Error ¶
func (e InvalidByte32DataError) Error() string
type InvalidEncryptionVer ¶
type InvalidEncryptionVer struct {
Ver EncryptionVer
}
InvalidEncryptionVer indicates that we can't decrypt an encryptedData object because this data type doesn't support that encryption version.
func (InvalidEncryptionVer) Error ¶
func (e InvalidEncryptionVer) Error() string
type InvalidKIDError ¶
type InvalidKIDError struct {
// contains filtered or unexported fields
}
InvalidKIDError is returned whenever an invalid KID is detected.
func (InvalidKIDError) Error ¶
func (e InvalidKIDError) Error() string
type InvalidNonceError ¶
type InvalidNonceError struct {
Nonce []byte
}
InvalidNonceError indicates that an invalid cryptographic nonce was detected.
func (InvalidNonceError) Error ¶
func (e InvalidNonceError) Error() string
type PaddedBlockReadError ¶
PaddedBlockReadError occurs if the number of bytes read do not equal the number of bytes specified.
func (PaddedBlockReadError) Error ¶
func (e PaddedBlockReadError) Error() string
Error implements the error interface of PaddedBlockReadError.
type SignatureInfo ¶
type SignatureInfo struct { // Exported only for serialization purposes. Version SigVer `codec:"v"` Signature []byte `codec:"s"` VerifyingKey VerifyingKey `codec:"k"` }
SignatureInfo contains all the info needed to verify a signature for a message.
func (SignatureInfo) DeepCopy ¶
func (s SignatureInfo) DeepCopy() SignatureInfo
DeepCopy makes a complete copy of this SignatureInfo.
func (SignatureInfo) Equals ¶
func (s SignatureInfo) Equals(other SignatureInfo) bool
Equals returns true if this SignatureInfo matches the given one.
func (SignatureInfo) IsNil ¶
func (s SignatureInfo) IsNil() bool
IsNil returns true if this SignatureInfo is nil.
func (SignatureInfo) String ¶
func (s SignatureInfo) String() string
String implements the fmt.Stringer interface for SignatureInfo.
type Signer ¶
type Signer interface { // Sign signs msg with some internal private key. Sign(ctx context.Context, msg []byte) (sigInfo SignatureInfo, err error) // SignForKBFS signs msg with some internal private key on behalf of KBFS. SignForKBFS(ctx context.Context, msg []byte) (sigInfo SignatureInfo, err error) // SignToString signs msg with some internal private key and // outputs the full serialized NaclSigInfo. SignToString(ctx context.Context, msg []byte) (signature string, err error) }
A Signer is something that can sign using an internal private key.
type SigningKey ¶
type SigningKey struct {
// contains filtered or unexported fields
}
SigningKey is a key pair for signing.
func MakeFakeSigningKeyOrBust ¶
func MakeFakeSigningKeyOrBust(seed string) SigningKey
MakeFakeSigningKeyOrBust makes a new signing key from fake randomness made from the given seed.
func NewSigningKey ¶
func NewSigningKey(kp libkb.NaclSigningKeyPair) SigningKey
NewSigningKey returns a SigningKey using the given key pair.
func (SigningKey) GetVerifyingKey ¶
func (k SigningKey) GetVerifyingKey() VerifyingKey
GetVerifyingKey returns the public key half of this signing key.
func (SigningKey) Sign ¶
func (k SigningKey) Sign(data []byte) SignatureInfo
Sign signs the given data and returns a SignatureInfo.
func (SigningKey) SignForKBFS ¶
func (k SigningKey) SignForKBFS(data []byte) (SignatureInfo, error)
SignForKBFS signs the given data with the KBFS prefix and returns a SignatureInfo.
func (SigningKey) SignToString ¶
func (k SigningKey) SignToString(data []byte) (sig string, err error)
SignToString signs the given data and returns a string.
type SigningKeySigner ¶
type SigningKeySigner struct {
Key SigningKey
}
SigningKeySigner is a Signer wrapper around a SigningKey.
func (SigningKeySigner) Sign ¶
func (s SigningKeySigner) Sign( ctx context.Context, data []byte) (SignatureInfo, error)
Sign implements Signer for SigningKeySigner.
func (SigningKeySigner) SignForKBFS ¶
func (s SigningKeySigner) SignForKBFS( ctx context.Context, data []byte) (SignatureInfo, error)
SignForKBFS implements Signer for SigningKeySigner.
func (SigningKeySigner) SignToString ¶
SignToString implements Signer for SigningKeySigner.
type TLFCryptKey ¶
type TLFCryptKey struct {
// contains filtered or unexported fields
}
TLFCryptKey (s^{f,0}) is used to encrypt/decrypt the private portion of TLF metadata. It is also used to mask BlockCryptKeys. (See §§ 4.1.1, 4.1.2.)
Copies of TLFCryptKey objects are deep copies.
func DecryptTLFCryptKeys ¶
func DecryptTLFCryptKeys( codec kbfscodec.Codec, encryptedTLFCryptKeys EncryptedTLFCryptKeys, key TLFCryptKey) ( []TLFCryptKey, error)
DecryptTLFCryptKeys decrypts a TLFCryptKey array, but does not decode it.
func MakeFakeTLFCryptKeyOrBust ¶
func MakeFakeTLFCryptKeyOrBust(seed string) TLFCryptKey
MakeFakeTLFCryptKeyOrBust makes a TLF crypt key from the given seed.
func MakeRandomTLFCryptKey ¶
func MakeRandomTLFCryptKey() (TLFCryptKey, error)
MakeRandomTLFCryptKey returns a random top-level folder crypt key.
func MakeTLFCryptKey ¶
func MakeTLFCryptKey(data [32]byte) TLFCryptKey
MakeTLFCryptKey returns a TLFCryptKey containing the given data.
func UnmaskTLFCryptKey ¶
func UnmaskTLFCryptKey(serverHalf TLFCryptKeyServerHalf, clientHalf TLFCryptKeyClientHalf) TLFCryptKey
UnmaskTLFCryptKey returns the top-level folder crypt key.
func (TLFCryptKey) MarshalBinary ¶
func (TLFCryptKey) MarshalText ¶
func (*TLFCryptKey) UnmarshalBinary ¶
func (*TLFCryptKey) UnmarshalText ¶
type TLFCryptKeyClientHalf ¶
type TLFCryptKeyClientHalf struct {
// contains filtered or unexported fields
}
TLFCryptKeyClientHalf (t_u^{f,k,i} for a user u, a folder f, a key generation k, and a device i) is the masked, client-side half of a TLFCryptKey, which can be recovered only with both halves. (See §§ 4.1.1, 6.1.1, 6.3.)
Copies of TLFCryptKeyClientHalf objects are deep copies.
func DecryptTLFCryptKeyClientHalf ¶
func DecryptTLFCryptKeyClientHalf( privateKey CryptPrivateKey, publicKey TLFEphemeralPublicKey, encryptedClientHalf EncryptedTLFCryptKeyClientHalf) ( TLFCryptKeyClientHalf, error)
DecryptTLFCryptKeyClientHalf decrypts a TLFCryptKeyClientHalf using the given device private key and the TLF's ephemeral public key.
func MakeTLFCryptKeyClientHalf ¶
func MakeTLFCryptKeyClientHalf(data [32]byte) TLFCryptKeyClientHalf
MakeTLFCryptKeyClientHalf returns a TLFCryptKeyClientHalf containing the given data.
func MaskTLFCryptKey ¶
func MaskTLFCryptKey(serverHalf TLFCryptKeyServerHalf, key TLFCryptKey) TLFCryptKeyClientHalf
MaskTLFCryptKey returns the client side of a top-level folder crypt key.
func (TLFCryptKeyClientHalf) MarshalBinary ¶
func (TLFCryptKeyClientHalf) MarshalText ¶
func (*TLFCryptKeyClientHalf) UnmarshalBinary ¶
func (*TLFCryptKeyClientHalf) UnmarshalText ¶
type TLFCryptKeyServerHalf ¶
type TLFCryptKeyServerHalf struct {
// contains filtered or unexported fields
}
TLFCryptKeyServerHalf (s_u^{f,0,i}) is the masked, server-side half of a TLFCryptKey, which can be recovered only with both halves. (See § 4.1.1.)
Copies of TLFCryptKeyServerHalf objects are deep copies.
func MakeRandomTLFCryptKeyServerHalf ¶
func MakeRandomTLFCryptKeyServerHalf() ( serverHalf TLFCryptKeyServerHalf, err error)
MakeRandomTLFCryptKeyServerHalf generates the server-side of a top-level folder crypt key.
func MakeTLFCryptKeyServerHalf ¶
func MakeTLFCryptKeyServerHalf(data [32]byte) TLFCryptKeyServerHalf
MakeTLFCryptKeyServerHalf returns a TLFCryptKeyServerHalf containing the given data.
func (TLFCryptKeyServerHalf) MarshalBinary ¶
func (TLFCryptKeyServerHalf) MarshalText ¶
func (*TLFCryptKeyServerHalf) UnmarshalBinary ¶
func (*TLFCryptKeyServerHalf) UnmarshalText ¶
type TLFCryptKeyServerHalfID ¶
TLFCryptKeyServerHalfID is the identifier type for a server-side key half.
func MakeTLFCryptKeyServerHalfID ¶
func MakeTLFCryptKeyServerHalfID( user keybase1.UID, devicePubKey CryptPublicKey, serverHalf TLFCryptKeyServerHalf) ( TLFCryptKeyServerHalfID, error)
MakeTLFCryptKeyServerHalfID creates a unique ID for this particular TLFCryptKeyServerHalf.
func (TLFCryptKeyServerHalfID) String ¶
func (id TLFCryptKeyServerHalfID) String() string
String implements the Stringer interface for TLFCryptKeyServerHalfID.
type TLFEphemeralPrivateKey ¶
type TLFEphemeralPrivateKey struct {
// contains filtered or unexported fields
}
TLFEphemeralPrivateKey (m_e) is used (with a CryptPublicKey) to encrypt TLFCryptKeyClientHalf objects for non-public directories. (See §§ 4.1.1, 6.1.1, 6.3.) It is never stored permanently.
Copies of TLFEphemeralPrivateKey objects are deep copies.
func MakeTLFEphemeralPrivateKey ¶
func MakeTLFEphemeralPrivateKey(data [32]byte) TLFEphemeralPrivateKey
MakeTLFEphemeralPrivateKey returns a TLFEphemeralPrivateKey containing the given data.
func (TLFEphemeralPrivateKey) MarshalBinary ¶
func (TLFEphemeralPrivateKey) MarshalText ¶
func (*TLFEphemeralPrivateKey) UnmarshalBinary ¶
func (*TLFEphemeralPrivateKey) UnmarshalText ¶
type TLFEphemeralPublicKey ¶
type TLFEphemeralPublicKey struct {
// contains filtered or unexported fields
}
TLFEphemeralPublicKey (M_e) is used along with a crypt private key to decrypt TLFCryptKeyClientHalf objects for non-public directories. (See §§ 4.1.1, 6.1.1, 6.3.)
Copies of TLFEphemeralPublicKey objects are deep copies.
func MakeTLFEphemeralPublicKey ¶
func MakeTLFEphemeralPublicKey(data [32]byte) TLFEphemeralPublicKey
MakeTLFEphemeralPublicKey returns a TLFEphemeralPublicKey containing the given data.
func (TLFEphemeralPublicKey) MarshalBinary ¶
func (TLFEphemeralPublicKey) MarshalText ¶
func (*TLFEphemeralPublicKey) UnmarshalBinary ¶
func (*TLFEphemeralPublicKey) UnmarshalText ¶
type TLFEphemeralPublicKeys ¶
type TLFEphemeralPublicKeys []TLFEphemeralPublicKey
TLFEphemeralPublicKeys stores a list of TLFEphemeralPublicKey
func (TLFEphemeralPublicKeys) Size ¶
func (k TLFEphemeralPublicKeys) Size() int
Size implements the Measurable interface.
type TLFPrivateKey ¶
type TLFPrivateKey struct {
// contains filtered or unexported fields
}
A TLFPrivateKey (m_f) is the private half of the permanent keypair associated with a TLF. (See §§ 4.1.1, 5.3.)
Copies of TLFPrivateKey objects are deep copies.
func MakeTLFPrivateKey ¶
func MakeTLFPrivateKey(data [32]byte) TLFPrivateKey
MakeTLFPrivateKey returns a TLFPrivateKey containing the given data.
func (TLFPrivateKey) MarshalBinary ¶
func (TLFPrivateKey) MarshalText ¶
func (*TLFPrivateKey) UnmarshalBinary ¶
func (*TLFPrivateKey) UnmarshalText ¶
type TLFPublicKey ¶
type TLFPublicKey struct {
// contains filtered or unexported fields
}
A TLFPublicKey (M_f) is the public half of the permanent keypair associated with a TLF. It is included in the site-wide private-data Merkle tree. (See §§ 4.1.1, 5.3.)
Copies of TLFPublicKey objects are deep copies.
func MakeTLFPublicKey ¶
func MakeTLFPublicKey(data [32]byte) TLFPublicKey
MakeTLFPublicKey returns a TLFPublicKey containing the given data.
func (TLFPublicKey) MarshalBinary ¶
func (TLFPublicKey) MarshalText ¶
func (TLFPublicKey) Size ¶
func (TLFPublicKey) Size() int
Size implements the cache.Measurable interface.
func (*TLFPublicKey) UnmarshalBinary ¶
func (*TLFPublicKey) UnmarshalText ¶
type UnexpectedShortCryptoRandRead ¶
type UnexpectedShortCryptoRandRead struct { }
UnexpectedShortCryptoRandRead indicates that fewer bytes were read from crypto.rand.Read() than expected.
func (UnexpectedShortCryptoRandRead) Error ¶
func (e UnexpectedShortCryptoRandRead) Error() string
Error implements the error interface for UnexpectedShortRandRead.
type UnknownEncryptionVer ¶
type UnknownEncryptionVer struct {
Ver EncryptionVer
}
UnknownEncryptionVer indicates that we can't decrypt an encryptedData object because it has an unknown version.
func (UnknownEncryptionVer) Error ¶
func (e UnknownEncryptionVer) Error() string
type UnknownSigVer ¶
type UnknownSigVer struct {
Ver SigVer
}
UnknownSigVer indicates that we can't process a signature because it has an unknown version.
func (UnknownSigVer) Error ¶
func (e UnknownSigVer) Error() string
Error implements the error interface for UnknownSigVer
type VerifyingKey ¶
type VerifyingKey struct {
// contains filtered or unexported fields
}
A VerifyingKey is a public key that can be used to verify a signature created by the corresponding private signing key. In particular, VerifyingKeys are used to authenticate home and public TLFs. (See 4.2, 4.3.)
These are also sometimes known as sibkeys.
Copies of VerifyingKey objects are deep copies.
func MakeFakeVerifyingKeyOrBust ¶
func MakeFakeVerifyingKeyOrBust(seed string) VerifyingKey
MakeFakeVerifyingKeyOrBust makes a new key suitable for verifying signatures made from the fake signing key made with the same seed.
func MakeVerifyingKey ¶
func MakeVerifyingKey(kid keybase1.KID) VerifyingKey
MakeVerifyingKey returns a VerifyingKey containing the given KID.
func (VerifyingKey) IsNil ¶
func (k VerifyingKey) IsNil() bool
IsNil returns true if the VerifyingKey is nil.