kbfscrypto

package
v5.4.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 15, 2020 License: BSD-3-Clause, BSD-3-Clause, BSD-3-Clause Imports: 29 Imported by: 0

README

kbfscrypto

Crypto-related types and functions for KBFS. The package is named kbfscrypto rather than crypto for two reasons:

  1. To avoid conflicting with the crypto package.
  2. Some variables are named crypto already.

All errors returned by this package are wrapped with pkg/errors, and so need errors.Cause() to unwrap them.

Documentation

Index

Constants

View Source
const (
	// SigED25519 is the signature type for ED25519
	SigED25519 = SigVer(iota + 1)
	// SigED25519ForKBFS is the signature type for ED25519 with a KBFS prefix.
	SigED25519ForKBFS
)
View Source
const AuthTokenMinRefreshSeconds = 60

AuthTokenMinRefreshSeconds is the minimum number of seconds between refreshes.

View Source
const (
	// EnvTestRootCertPEM is the environment variable name for the
	// CA cert PEM the client uses to verify the KBFS servers when
	// testing. Any certificate present here overrides any
	// certificate inferred from a server address.
	EnvTestRootCertPEM = "KEYBASE_TEST_ROOT_CERT_PEM"
)
View Source
const TestRootCert = `` /* 4195-byte string literal not displayed */

TestRootCert is a CA cert which can be used for testing TLS support. 127.0.0.1 is the only supported address.

View Source
const TestRootKey = `` /* 1678-byte string literal not displayed */

TestRootKey can be used with the above cert+public key to test TLS support.

Variables

View Source
var PublicTLFCryptKey = MakeTLFCryptKey([32]byte{
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
	0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
})

PublicTLFCryptKey is the TLFCryptKey used for all public TLFs. That means that anyone with just the block key for a public TLF can decrypt that block. This is not the zero TLFCryptKey so that we can distinguish it from an (erroneously?) unset TLFCryptKey.

Functions

func DecryptBlock

func DecryptBlock(
	encryptedBlock EncryptedBlock, tlfCryptKey TLFCryptKey,
	blockServerHalf BlockCryptKeyServerHalf) ([]byte, error)

DecryptBlock decrypts a block, but does not unpad or decode it.

func DecryptMerkleLeaf

func DecryptMerkleLeaf(
	privateKey TLFPrivateKey, publicKey TLFEphemeralPublicKey,
	encryptedMerkleLeaf EncryptedMerkleLeaf) ([]byte, error)

DecryptMerkleLeaf decrypts an EncryptedMerkleLeaf using the given private TLF key and ephemeral public key.

func DecryptPrivateMetadata

func DecryptPrivateMetadata(
	encryptedPrivateMetadata EncryptedPrivateMetadata, key TLFCryptKey) (
	[]byte, error)

DecryptPrivateMetadata decrypts a PrivateMetadata object, but does not decode it.

func DepadBlock

func DepadBlock(paddedBlock []byte) ([]byte, error)

DepadBlock extracts the actual block data from a padded block.

func GetRootCerts

func GetRootCerts(serverAddr string,
	certGetter func(host string) (certsBundle []byte, ok bool)) []byte

GetRootCerts returns a byte array with the appropriate root certs for the given host:port string.

func MakeRandomTLFEphemeralKeys

func MakeRandomTLFEphemeralKeys() (
	TLFEphemeralPublicKey, TLFEphemeralPrivateKey, error)

MakeRandomTLFEphemeralKeys generates ephemeral keys using a CSPRNG for a TLF. These keys can then be used to key/rekey the TLF.

func PadBlock

func PadBlock(block []byte) ([]byte, error)

PadBlock adds zero padding to an encoded block.

func PrepareMerkleLeaf

func PrepareMerkleLeaf(encryptedMerkleLeaf EncryptedMerkleLeaf) (
	nonce [24]byte, err error)

PrepareMerkleLeaf verifies the correctness of the given leaf, and returns its nonce.

func RandRead

func RandRead(buf []byte) error

RandRead is a belt-and-suspenders wrapper around crypto.rand.Read().

func Verify

func Verify(msg []byte, sigInfo SignatureInfo) error

Verify verifies the given message against the given SignatureInfo, and returns nil if it verifies successfully, or an error otherwise.

func VerifyTLFCryptKeyServerHalfID

func VerifyTLFCryptKeyServerHalfID(
	serverHalfID TLFCryptKeyServerHalfID,
	user keybase1.UID, devicePubKey CryptPublicKey,
	serverHalf TLFCryptKeyServerHalf) error

VerifyTLFCryptKeyServerHalfID verifies the ID is the proper HMAC result.

Types

type AuthToken

type AuthToken struct {
	// contains filtered or unexported fields
}

AuthToken encapsulates a timed authentication token.

func NewAuthToken

func NewAuthToken(signer Signer, tokenType string, expireIn int,
	submoduleName, version string, rh AuthTokenRefreshHandler) *AuthToken

NewAuthToken creates a new authentication token.

func (*AuthToken) Shutdown

func (a *AuthToken) Shutdown()

Shutdown is called to stop the refresh ticker.

func (*AuthToken) Sign

func (a *AuthToken) Sign(ctx context.Context,
	currentUsername kbname.NormalizedUsername, currentUID keybase1.UID,
	currentVerifyingKey VerifyingKey,
	challengeInfo keybase1.ChallengeInfo) (string, error)

Sign is called to create a new signed authentication token, including a challenge and username/uid/kid identifiers.

func (*AuthToken) SignUserless

func (a *AuthToken) SignUserless(
	ctx context.Context, key VerifyingKey) (
	string, error)

SignUserless signs the token without a username, UID, or challenge. This is useful for server-to-server communication where identity is established using only the KID. Assume the client and server clocks are roughly synchronized.

type AuthTokenRefreshHandler

type AuthTokenRefreshHandler interface {
	RefreshAuthToken(context.Context)
}

AuthTokenRefreshHandler defines a callback to be called when an auth token refresh is needed.

type BlockCryptKey

type BlockCryptKey struct {
	// contains filtered or unexported fields
}

BlockCryptKey is used to encrypt/decrypt block data. (See § 4.1.2.)

func MakeBlockCryptKey

func MakeBlockCryptKey(data [32]byte) BlockCryptKey

MakeBlockCryptKey returns a BlockCryptKey containing the given data.

Copies of BlockCryptKey objects are deep copies.

func UnmaskBlockCryptKey

func UnmaskBlockCryptKey(serverHalf BlockCryptKeyServerHalf,
	tlfCryptKey TLFCryptKey) BlockCryptKey

UnmaskBlockCryptKey returns the block crypt key.

func (BlockCryptKey) Bytes

func (c BlockCryptKey) Bytes() []byte

func (BlockCryptKey) Data

func (c BlockCryptKey) Data() [32]byte

func (BlockCryptKey) MarshalBinary

func (c BlockCryptKey) MarshalBinary() (data []byte, err error)

func (BlockCryptKey) MarshalText

func (c BlockCryptKey) MarshalText() ([]byte, error)

func (BlockCryptKey) String

func (c BlockCryptKey) String() string

func (*BlockCryptKey) UnmarshalBinary

func (c *BlockCryptKey) UnmarshalBinary(data []byte) error

func (*BlockCryptKey) UnmarshalText

func (c *BlockCryptKey) UnmarshalText(data []byte) error

type BlockCryptKeyServerHalf

type BlockCryptKeyServerHalf struct {
	// contains filtered or unexported fields
}

BlockCryptKeyServerHalf is a masked version of a BlockCryptKey, which can be recovered only with the TLFCryptKey used to mask the server half.

Copies of BlockCryptKeyServerHalf objects are deep copies.

func MakeBlockCryptKeyServerHalf

func MakeBlockCryptKeyServerHalf(data [32]byte) BlockCryptKeyServerHalf

MakeBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given data.

func MakeRandomBlockCryptKeyServerHalf

func MakeRandomBlockCryptKeyServerHalf() (
	serverHalf BlockCryptKeyServerHalf, err error)

MakeRandomBlockCryptKeyServerHalf generates the server-side of a block crypt key.

func ParseBlockCryptKeyServerHalf

func ParseBlockCryptKeyServerHalf(s string) (BlockCryptKeyServerHalf, error)

ParseBlockCryptKeyServerHalf returns a BlockCryptKeyServerHalf containing the given hex-encoded data, or an error.

func (BlockCryptKeyServerHalf) Bytes

func (c BlockCryptKeyServerHalf) Bytes() []byte

func (BlockCryptKeyServerHalf) Data

func (c BlockCryptKeyServerHalf) Data() [32]byte

func (BlockCryptKeyServerHalf) MarshalBinary

func (c BlockCryptKeyServerHalf) MarshalBinary() (data []byte, err error)

func (BlockCryptKeyServerHalf) MarshalText

func (c BlockCryptKeyServerHalf) MarshalText() ([]byte, error)

func (BlockCryptKeyServerHalf) String

func (c BlockCryptKeyServerHalf) String() string

func (*BlockCryptKeyServerHalf) UnmarshalBinary

func (c *BlockCryptKeyServerHalf) UnmarshalBinary(data []byte) error

func (*BlockCryptKeyServerHalf) UnmarshalText

func (c *BlockCryptKeyServerHalf) UnmarshalText(data []byte) error

type BlockHashKey

type BlockHashKey struct {
	// contains filtered or unexported fields
}

BlockHashKey is used as input to encrypt/decrypt block data (v2).

func MakeBlockHashKey

func MakeBlockHashKey(
	serverHalf BlockCryptKeyServerHalf, key TLFCryptKey) BlockHashKey

MakeBlockHashKey makes a key used for encryption and decryption for the v2 block encryption scheme.

func (BlockHashKey) Data

func (c BlockHashKey) Data() [64]byte

func (BlockHashKey) MarshalText

func (c BlockHashKey) MarshalText() ([]byte, error)

func (BlockHashKey) String

func (c BlockHashKey) String() string

func (*BlockHashKey) UnmarshalText

func (c *BlockHashKey) UnmarshalText(data []byte) error

type CryptPrivateKey

type CryptPrivateKey struct {
	// contains filtered or unexported fields
}

CryptPrivateKey is a private key for encryption/decryption.

func MakeFakeCryptPrivateKeyOrBust

func MakeFakeCryptPrivateKeyOrBust(seed string) CryptPrivateKey

MakeFakeCryptPrivateKeyOrBust makes a new crypt private key from fake randomness made from the given seed.

func NewCryptPrivateKey

func NewCryptPrivateKey(kp libkb.NaclDHKeyPair) CryptPrivateKey

NewCryptPrivateKey returns a CryptPrivateKey using the given key pair.

func (CryptPrivateKey) Data

func (k CryptPrivateKey) Data() [32]byte

Data returns the private key's data, suitable to be used with box.Open or box.Seal.

TODO: Make the CryptPrivateKey handle the Open/Seal itself.

func (CryptPrivateKey) GetPublicKey

func (k CryptPrivateKey) GetPublicKey() CryptPublicKey

GetPublicKey returns the public key corresponding to this private key.

type CryptPublicKey

type CryptPublicKey struct {
	// contains filtered or unexported fields
}

CryptPublicKey (M_u^i) is used (with a TLFEphemeralPrivateKey) to encrypt TLFCryptKeyClientHalf objects (See §§ 4.1.1, 6.1.1, 6.3.) These are also sometimes known as subkeys.

Copies of CryptPublicKey objects are deep copies.

func MakeCryptPublicKey

func MakeCryptPublicKey(kid keybase1.KID) CryptPublicKey

MakeCryptPublicKey returns a CryptPublicKey containing the given KID.

func MakeFakeCryptPublicKeyOrBust

func MakeFakeCryptPublicKeyOrBust(seed string) CryptPublicKey

MakeFakeCryptPublicKeyOrBust makes the public key corresponding to the crypt private key made with the same seed.

func (CryptPublicKey) KID

func (k CryptPublicKey) KID() keybase1.KID

func (CryptPublicKey) MarshalBinary

func (k CryptPublicKey) MarshalBinary() (data []byte, err error)

func (CryptPublicKey) MarshalJSON

func (k CryptPublicKey) MarshalJSON() ([]byte, error)

func (CryptPublicKey) String

func (k CryptPublicKey) String() string

func (*CryptPublicKey) UnmarshalBinary

func (k *CryptPublicKey) UnmarshalBinary(data []byte) error

func (*CryptPublicKey) UnmarshalJSON

func (k *CryptPublicKey) UnmarshalJSON(s []byte) error

type EncryptedBlock

type EncryptedBlock struct {
	// contains filtered or unexported fields
}

EncryptedBlock is an encrypted Block object.

func EncryptPaddedEncodedBlock

func EncryptPaddedEncodedBlock(
	paddedEncodedBlock []byte, tlfCryptKey TLFCryptKey,
	blockServerHalf BlockCryptKeyServerHalf, ver EncryptionVer) (
	encryptedBlock EncryptedBlock, err error)

EncryptPaddedEncodedBlock encrypts a padded, encoded block.

func (EncryptedBlock) Nonce24

func (ed EncryptedBlock) Nonce24() (nonce [24]byte, err error)

func (EncryptedBlock) Size

func (ed EncryptedBlock) Size() int

Size implements the cache.Measurable interface.

func (EncryptedBlock) String

func (ed EncryptedBlock) String() string

type EncryptedMerkleLeaf

type EncryptedMerkleLeaf struct {
	// contains filtered or unexported fields
}

EncryptedMerkleLeaf is an encrypted MerkleLeaf object.

func MakeEncryptedMerkleLeaf

func MakeEncryptedMerkleLeaf(
	version EncryptionVer, data []byte, nonce *[24]byte) EncryptedMerkleLeaf

MakeEncryptedMerkleLeaf constructs an EncryptedMerkleLeaf.

func (EncryptedMerkleLeaf) Nonce24

func (ed EncryptedMerkleLeaf) Nonce24() (nonce [24]byte, err error)

func (EncryptedMerkleLeaf) Size

func (ed EncryptedMerkleLeaf) Size() int

Size implements the cache.Measurable interface.

func (EncryptedMerkleLeaf) String

func (ed EncryptedMerkleLeaf) String() string

type EncryptedPrivateMetadata

type EncryptedPrivateMetadata struct {
	// contains filtered or unexported fields
}

EncryptedPrivateMetadata is an encrypted PrivateMetadata object.

func EncryptEncodedPrivateMetadata

func EncryptEncodedPrivateMetadata(encodedPrivateMetadata []byte, key TLFCryptKey) (
	encryptedPrivateMetadata EncryptedPrivateMetadata, err error)

EncryptEncodedPrivateMetadata encrypts an encoded PrivateMetadata object.

func (EncryptedPrivateMetadata) Nonce24

func (ed EncryptedPrivateMetadata) Nonce24() (nonce [24]byte, err error)

func (EncryptedPrivateMetadata) Size

func (ed EncryptedPrivateMetadata) Size() int

Size implements the cache.Measurable interface.

func (EncryptedPrivateMetadata) String

func (ed EncryptedPrivateMetadata) String() string

type EncryptedTLFCryptKeyClientHalf

type EncryptedTLFCryptKeyClientHalf struct {
	// contains filtered or unexported fields
}

EncryptedTLFCryptKeyClientHalf is an encrypted TLFCryptKeyClientHalf object.

func EncryptTLFCryptKeyClientHalf

func EncryptTLFCryptKeyClientHalf(
	privateKey TLFEphemeralPrivateKey, publicKey CryptPublicKey,
	clientHalf TLFCryptKeyClientHalf) (
	encryptedClientHalf EncryptedTLFCryptKeyClientHalf, err error)

EncryptTLFCryptKeyClientHalf encrypts a TLFCryptKeyClientHalf using both a TLF's ephemeral private key and a device pubkey.

func MakeEncryptedTLFCryptKeyClientHalfForTest

func MakeEncryptedTLFCryptKeyClientHalfForTest(
	version EncryptionVer, encodedClientHalf, nonce []byte) EncryptedTLFCryptKeyClientHalf

MakeEncryptedTLFCryptKeyClientHalfForTest returns an EncryptedTLFCryptKeyClientHalf with copies of the given data.

func (EncryptedTLFCryptKeyClientHalf) Nonce24

func (ed EncryptedTLFCryptKeyClientHalf) Nonce24() (nonce [24]byte, err error)

func (EncryptedTLFCryptKeyClientHalf) Size

func (ed EncryptedTLFCryptKeyClientHalf) Size() int

Size implements the cache.Measurable interface.

func (EncryptedTLFCryptKeyClientHalf) String

func (ed EncryptedTLFCryptKeyClientHalf) String() string

type EncryptedTLFCryptKeys

type EncryptedTLFCryptKeys struct {
	// contains filtered or unexported fields
}

EncryptedTLFCryptKeys is an encrypted TLFCryptKey array.

func EncryptTLFCryptKeys

func EncryptTLFCryptKeys(codec kbfscodec.Codec, oldKeys []TLFCryptKey, key TLFCryptKey) (
	encryptedTLFCryptKeys EncryptedTLFCryptKeys, err error)

EncryptTLFCryptKeys encrypts a TLFCryptKey array.

func (EncryptedTLFCryptKeys) Nonce24

func (ed EncryptedTLFCryptKeys) Nonce24() (nonce [24]byte, err error)

func (EncryptedTLFCryptKeys) Size

func (ed EncryptedTLFCryptKeys) Size() int

Size implements the cache.Measurable interface.

func (EncryptedTLFCryptKeys) String

func (ed EncryptedTLFCryptKeys) String() string

type EncryptionVer

type EncryptionVer int

EncryptionVer denotes a version for the encryption method.

const (
	// EncryptionSecretbox is the encryption version that uses
	// nacl/secretbox or nacl/box.
	EncryptionSecretbox EncryptionVer = 1
	// EncryptionSecretboxWithKeyNonce is the encryption version that
	// uses nacl/secretbox or nacl/box, with a nonce derived from a
	// secret key.
	EncryptionSecretboxWithKeyNonce EncryptionVer = 2
)

func (EncryptionVer) String

func (v EncryptionVer) String() string

func (EncryptionVer) ToHashType

func (v EncryptionVer) ToHashType() kbfshash.HashType

ToHashType returns the type of the hash that should be used for the given encryption version.

type InvalidByte32DataError

type InvalidByte32DataError struct {
	// contains filtered or unexported fields
}

InvalidByte32DataError is returned whenever invalid data for a 32-byte type is detected.

func (InvalidByte32DataError) Error

func (e InvalidByte32DataError) Error() string

type InvalidEncryptionVer

type InvalidEncryptionVer struct {
	Ver EncryptionVer
}

InvalidEncryptionVer indicates that we can't decrypt an encryptedData object because this data type doesn't support that encryption version.

func (InvalidEncryptionVer) Error

func (e InvalidEncryptionVer) Error() string

type InvalidKIDError

type InvalidKIDError struct {
	// contains filtered or unexported fields
}

InvalidKIDError is returned whenever an invalid KID is detected.

func (InvalidKIDError) Error

func (e InvalidKIDError) Error() string

type InvalidNonceError

type InvalidNonceError struct {
	Nonce []byte
}

InvalidNonceError indicates that an invalid cryptographic nonce was detected.

func (InvalidNonceError) Error

func (e InvalidNonceError) Error() string

type PaddedBlockReadError

type PaddedBlockReadError struct {
	ActualLen   int
	ExpectedLen int
}

PaddedBlockReadError occurs if the number of bytes read do not equal the number of bytes specified.

func (PaddedBlockReadError) Error

func (e PaddedBlockReadError) Error() string

Error implements the error interface of PaddedBlockReadError.

type SigVer

type SigVer int

SigVer denotes a signature version.

func (SigVer) IsNil

func (v SigVer) IsNil() bool

IsNil returns true if this SigVer is nil.

type SignatureInfo

type SignatureInfo struct {
	// Exported only for serialization purposes.
	Version      SigVer       `codec:"v"`
	Signature    []byte       `codec:"s"`
	VerifyingKey VerifyingKey `codec:"k"`
}

SignatureInfo contains all the info needed to verify a signature for a message.

func (SignatureInfo) DeepCopy

func (s SignatureInfo) DeepCopy() SignatureInfo

DeepCopy makes a complete copy of this SignatureInfo.

func (SignatureInfo) Equals

func (s SignatureInfo) Equals(other SignatureInfo) bool

Equals returns true if this SignatureInfo matches the given one.

func (SignatureInfo) IsNil

func (s SignatureInfo) IsNil() bool

IsNil returns true if this SignatureInfo is nil.

func (SignatureInfo) String

func (s SignatureInfo) String() string

String implements the fmt.Stringer interface for SignatureInfo.

type Signer

type Signer interface {
	// Sign signs msg with some internal private key.
	Sign(ctx context.Context, msg []byte) (sigInfo SignatureInfo, err error)
	// SignForKBFS signs msg with some internal private key on behalf of KBFS.
	SignForKBFS(ctx context.Context, msg []byte) (sigInfo SignatureInfo, err error)
	// SignToString signs msg with some internal private key and
	// outputs the full serialized NaclSigInfo.
	SignToString(ctx context.Context, msg []byte) (signature string, err error)
}

A Signer is something that can sign using an internal private key.

type SigningKey

type SigningKey struct {
	// contains filtered or unexported fields
}

SigningKey is a key pair for signing.

func MakeFakeSigningKeyOrBust

func MakeFakeSigningKeyOrBust(seed string) SigningKey

MakeFakeSigningKeyOrBust makes a new signing key from fake randomness made from the given seed.

func NewSigningKey

func NewSigningKey(kp libkb.NaclSigningKeyPair) SigningKey

NewSigningKey returns a SigningKey using the given key pair.

func (SigningKey) GetVerifyingKey

func (k SigningKey) GetVerifyingKey() VerifyingKey

GetVerifyingKey returns the public key half of this signing key.

func (SigningKey) Sign

func (k SigningKey) Sign(data []byte) SignatureInfo

Sign signs the given data and returns a SignatureInfo.

func (SigningKey) SignForKBFS

func (k SigningKey) SignForKBFS(data []byte) (SignatureInfo, error)

SignForKBFS signs the given data with the KBFS prefix and returns a SignatureInfo.

func (SigningKey) SignToString

func (k SigningKey) SignToString(data []byte) (sig string, err error)

SignToString signs the given data and returns a string.

type SigningKeySigner

type SigningKeySigner struct {
	Key SigningKey
}

SigningKeySigner is a Signer wrapper around a SigningKey.

func (SigningKeySigner) Sign

func (s SigningKeySigner) Sign(
	ctx context.Context, data []byte) (SignatureInfo, error)

Sign implements Signer for SigningKeySigner.

func (SigningKeySigner) SignForKBFS

func (s SigningKeySigner) SignForKBFS(
	ctx context.Context, data []byte) (SignatureInfo, error)

SignForKBFS implements Signer for SigningKeySigner.

func (SigningKeySigner) SignToString

func (s SigningKeySigner) SignToString(
	ctx context.Context, data []byte) (sig string, err error)

SignToString implements Signer for SigningKeySigner.

type TLFCryptKey

type TLFCryptKey struct {
	// contains filtered or unexported fields
}

TLFCryptKey (s^{f,0}) is used to encrypt/decrypt the private portion of TLF metadata. It is also used to mask BlockCryptKeys. (See §§ 4.1.1, 4.1.2.)

Copies of TLFCryptKey objects are deep copies.

func DecryptTLFCryptKeys

func DecryptTLFCryptKeys(
	codec kbfscodec.Codec, encryptedTLFCryptKeys EncryptedTLFCryptKeys, key TLFCryptKey) (
	[]TLFCryptKey, error)

DecryptTLFCryptKeys decrypts a TLFCryptKey array, but does not decode it.

func MakeFakeTLFCryptKeyOrBust

func MakeFakeTLFCryptKeyOrBust(seed string) TLFCryptKey

MakeFakeTLFCryptKeyOrBust makes a TLF crypt key from the given seed.

func MakeRandomTLFCryptKey

func MakeRandomTLFCryptKey() (TLFCryptKey, error)

MakeRandomTLFCryptKey returns a random top-level folder crypt key.

func MakeTLFCryptKey

func MakeTLFCryptKey(data [32]byte) TLFCryptKey

MakeTLFCryptKey returns a TLFCryptKey containing the given data.

func UnmaskTLFCryptKey

func UnmaskTLFCryptKey(serverHalf TLFCryptKeyServerHalf,
	clientHalf TLFCryptKeyClientHalf) TLFCryptKey

UnmaskTLFCryptKey returns the top-level folder crypt key.

func (TLFCryptKey) Bytes

func (c TLFCryptKey) Bytes() []byte

func (TLFCryptKey) Data

func (c TLFCryptKey) Data() [32]byte

func (TLFCryptKey) DeriveSecret

func (tck TLFCryptKey) DeriveSecret(
	reason libkb.EncryptionReason) ([]byte, error)

DeriveSecret derives symmetric key data from this key, given a `reason`.

func (TLFCryptKey) MarshalBinary

func (c TLFCryptKey) MarshalBinary() (data []byte, err error)

func (TLFCryptKey) MarshalText

func (c TLFCryptKey) MarshalText() ([]byte, error)

func (TLFCryptKey) String

func (c TLFCryptKey) String() string

func (*TLFCryptKey) UnmarshalBinary

func (c *TLFCryptKey) UnmarshalBinary(data []byte) error

func (*TLFCryptKey) UnmarshalText

func (c *TLFCryptKey) UnmarshalText(data []byte) error

type TLFCryptKeyClientHalf

type TLFCryptKeyClientHalf struct {
	// contains filtered or unexported fields
}

TLFCryptKeyClientHalf (t_u^{f,k,i} for a user u, a folder f, a key generation k, and a device i) is the masked, client-side half of a TLFCryptKey, which can be recovered only with both halves. (See §§ 4.1.1, 6.1.1, 6.3.)

Copies of TLFCryptKeyClientHalf objects are deep copies.

func DecryptTLFCryptKeyClientHalf

func DecryptTLFCryptKeyClientHalf(
	privateKey CryptPrivateKey, publicKey TLFEphemeralPublicKey,
	encryptedClientHalf EncryptedTLFCryptKeyClientHalf) (
	TLFCryptKeyClientHalf, error)

DecryptTLFCryptKeyClientHalf decrypts a TLFCryptKeyClientHalf using the given device private key and the TLF's ephemeral public key.

func MakeTLFCryptKeyClientHalf

func MakeTLFCryptKeyClientHalf(data [32]byte) TLFCryptKeyClientHalf

MakeTLFCryptKeyClientHalf returns a TLFCryptKeyClientHalf containing the given data.

func MaskTLFCryptKey

func MaskTLFCryptKey(serverHalf TLFCryptKeyServerHalf,
	key TLFCryptKey) TLFCryptKeyClientHalf

MaskTLFCryptKey returns the client side of a top-level folder crypt key.

func (TLFCryptKeyClientHalf) Bytes

func (c TLFCryptKeyClientHalf) Bytes() []byte

func (TLFCryptKeyClientHalf) Data

func (c TLFCryptKeyClientHalf) Data() [32]byte

func (TLFCryptKeyClientHalf) MarshalBinary

func (c TLFCryptKeyClientHalf) MarshalBinary() (data []byte, err error)

func (TLFCryptKeyClientHalf) MarshalText

func (c TLFCryptKeyClientHalf) MarshalText() ([]byte, error)

func (TLFCryptKeyClientHalf) String

func (c TLFCryptKeyClientHalf) String() string

func (*TLFCryptKeyClientHalf) UnmarshalBinary

func (c *TLFCryptKeyClientHalf) UnmarshalBinary(data []byte) error

func (*TLFCryptKeyClientHalf) UnmarshalText

func (c *TLFCryptKeyClientHalf) UnmarshalText(data []byte) error

type TLFCryptKeyServerHalf

type TLFCryptKeyServerHalf struct {
	// contains filtered or unexported fields
}

TLFCryptKeyServerHalf (s_u^{f,0,i}) is the masked, server-side half of a TLFCryptKey, which can be recovered only with both halves. (See § 4.1.1.)

Copies of TLFCryptKeyServerHalf objects are deep copies.

func MakeRandomTLFCryptKeyServerHalf

func MakeRandomTLFCryptKeyServerHalf() (
	serverHalf TLFCryptKeyServerHalf, err error)

MakeRandomTLFCryptKeyServerHalf generates the server-side of a top-level folder crypt key.

func MakeTLFCryptKeyServerHalf

func MakeTLFCryptKeyServerHalf(data [32]byte) TLFCryptKeyServerHalf

MakeTLFCryptKeyServerHalf returns a TLFCryptKeyServerHalf containing the given data.

func (TLFCryptKeyServerHalf) Bytes

func (c TLFCryptKeyServerHalf) Bytes() []byte

func (TLFCryptKeyServerHalf) Data

func (c TLFCryptKeyServerHalf) Data() [32]byte

func (TLFCryptKeyServerHalf) MarshalBinary

func (c TLFCryptKeyServerHalf) MarshalBinary() (data []byte, err error)

func (TLFCryptKeyServerHalf) MarshalText

func (c TLFCryptKeyServerHalf) MarshalText() ([]byte, error)

func (TLFCryptKeyServerHalf) String

func (c TLFCryptKeyServerHalf) String() string

func (*TLFCryptKeyServerHalf) UnmarshalBinary

func (c *TLFCryptKeyServerHalf) UnmarshalBinary(data []byte) error

func (*TLFCryptKeyServerHalf) UnmarshalText

func (c *TLFCryptKeyServerHalf) UnmarshalText(data []byte) error

type TLFCryptKeyServerHalfID

type TLFCryptKeyServerHalfID struct {
	ID kbfshash.HMAC // Exported for serialization.
}

TLFCryptKeyServerHalfID is the identifier type for a server-side key half.

func MakeTLFCryptKeyServerHalfID

func MakeTLFCryptKeyServerHalfID(
	user keybase1.UID, devicePubKey CryptPublicKey,
	serverHalf TLFCryptKeyServerHalf) (
	TLFCryptKeyServerHalfID, error)

MakeTLFCryptKeyServerHalfID creates a unique ID for this particular TLFCryptKeyServerHalf.

func (TLFCryptKeyServerHalfID) String

func (id TLFCryptKeyServerHalfID) String() string

String implements the Stringer interface for TLFCryptKeyServerHalfID.

type TLFEphemeralPrivateKey

type TLFEphemeralPrivateKey struct {
	// contains filtered or unexported fields
}

TLFEphemeralPrivateKey (m_e) is used (with a CryptPublicKey) to encrypt TLFCryptKeyClientHalf objects for non-public directories. (See §§ 4.1.1, 6.1.1, 6.3.) It is never stored permanently.

Copies of TLFEphemeralPrivateKey objects are deep copies.

func MakeTLFEphemeralPrivateKey

func MakeTLFEphemeralPrivateKey(data [32]byte) TLFEphemeralPrivateKey

MakeTLFEphemeralPrivateKey returns a TLFEphemeralPrivateKey containing the given data.

func (TLFEphemeralPrivateKey) Bytes

func (c TLFEphemeralPrivateKey) Bytes() []byte

func (TLFEphemeralPrivateKey) Data

func (c TLFEphemeralPrivateKey) Data() [32]byte

func (TLFEphemeralPrivateKey) MarshalBinary

func (c TLFEphemeralPrivateKey) MarshalBinary() (data []byte, err error)

func (TLFEphemeralPrivateKey) MarshalText

func (c TLFEphemeralPrivateKey) MarshalText() ([]byte, error)

func (TLFEphemeralPrivateKey) String

func (c TLFEphemeralPrivateKey) String() string

func (*TLFEphemeralPrivateKey) UnmarshalBinary

func (c *TLFEphemeralPrivateKey) UnmarshalBinary(data []byte) error

func (*TLFEphemeralPrivateKey) UnmarshalText

func (c *TLFEphemeralPrivateKey) UnmarshalText(data []byte) error

type TLFEphemeralPublicKey

type TLFEphemeralPublicKey struct {
	// contains filtered or unexported fields
}

TLFEphemeralPublicKey (M_e) is used along with a crypt private key to decrypt TLFCryptKeyClientHalf objects for non-public directories. (See §§ 4.1.1, 6.1.1, 6.3.)

Copies of TLFEphemeralPublicKey objects are deep copies.

func MakeTLFEphemeralPublicKey

func MakeTLFEphemeralPublicKey(data [32]byte) TLFEphemeralPublicKey

MakeTLFEphemeralPublicKey returns a TLFEphemeralPublicKey containing the given data.

func (TLFEphemeralPublicKey) Bytes

func (c TLFEphemeralPublicKey) Bytes() []byte

func (TLFEphemeralPublicKey) Data

func (c TLFEphemeralPublicKey) Data() [32]byte

func (TLFEphemeralPublicKey) MarshalBinary

func (c TLFEphemeralPublicKey) MarshalBinary() (data []byte, err error)

func (TLFEphemeralPublicKey) MarshalText

func (c TLFEphemeralPublicKey) MarshalText() ([]byte, error)

func (TLFEphemeralPublicKey) String

func (c TLFEphemeralPublicKey) String() string

func (*TLFEphemeralPublicKey) UnmarshalBinary

func (c *TLFEphemeralPublicKey) UnmarshalBinary(data []byte) error

func (*TLFEphemeralPublicKey) UnmarshalText

func (c *TLFEphemeralPublicKey) UnmarshalText(data []byte) error

type TLFEphemeralPublicKeys

type TLFEphemeralPublicKeys []TLFEphemeralPublicKey

TLFEphemeralPublicKeys stores a list of TLFEphemeralPublicKey

func (TLFEphemeralPublicKeys) Size

func (k TLFEphemeralPublicKeys) Size() int

Size implements the Measurable interface.

type TLFPrivateKey

type TLFPrivateKey struct {
	// contains filtered or unexported fields
}

A TLFPrivateKey (m_f) is the private half of the permanent keypair associated with a TLF. (See §§ 4.1.1, 5.3.)

Copies of TLFPrivateKey objects are deep copies.

func MakeTLFPrivateKey

func MakeTLFPrivateKey(data [32]byte) TLFPrivateKey

MakeTLFPrivateKey returns a TLFPrivateKey containing the given data.

func (TLFPrivateKey) Bytes

func (c TLFPrivateKey) Bytes() []byte

func (TLFPrivateKey) Data

func (c TLFPrivateKey) Data() [32]byte

func (TLFPrivateKey) MarshalBinary

func (c TLFPrivateKey) MarshalBinary() (data []byte, err error)

func (TLFPrivateKey) MarshalText

func (c TLFPrivateKey) MarshalText() ([]byte, error)

func (TLFPrivateKey) String

func (c TLFPrivateKey) String() string

func (*TLFPrivateKey) UnmarshalBinary

func (c *TLFPrivateKey) UnmarshalBinary(data []byte) error

func (*TLFPrivateKey) UnmarshalText

func (c *TLFPrivateKey) UnmarshalText(data []byte) error

type TLFPublicKey

type TLFPublicKey struct {
	// contains filtered or unexported fields
}

A TLFPublicKey (M_f) is the public half of the permanent keypair associated with a TLF. It is included in the site-wide private-data Merkle tree. (See §§ 4.1.1, 5.3.)

Copies of TLFPublicKey objects are deep copies.

func MakeTLFPublicKey

func MakeTLFPublicKey(data [32]byte) TLFPublicKey

MakeTLFPublicKey returns a TLFPublicKey containing the given data.

func (TLFPublicKey) Bytes

func (c TLFPublicKey) Bytes() []byte

func (TLFPublicKey) Data

func (c TLFPublicKey) Data() [32]byte

func (TLFPublicKey) MarshalBinary

func (c TLFPublicKey) MarshalBinary() (data []byte, err error)

func (TLFPublicKey) MarshalText

func (c TLFPublicKey) MarshalText() ([]byte, error)

func (TLFPublicKey) Size

func (TLFPublicKey) Size() int

Size implements the cache.Measurable interface.

func (TLFPublicKey) String

func (c TLFPublicKey) String() string

func (*TLFPublicKey) UnmarshalBinary

func (c *TLFPublicKey) UnmarshalBinary(data []byte) error

func (*TLFPublicKey) UnmarshalText

func (c *TLFPublicKey) UnmarshalText(data []byte) error

type UnexpectedShortCryptoRandRead

type UnexpectedShortCryptoRandRead struct {
}

UnexpectedShortCryptoRandRead indicates that fewer bytes were read from crypto.rand.Read() than expected.

func (UnexpectedShortCryptoRandRead) Error

Error implements the error interface for UnexpectedShortRandRead.

type UnknownEncryptionVer

type UnknownEncryptionVer struct {
	Ver EncryptionVer
}

UnknownEncryptionVer indicates that we can't decrypt an encryptedData object because it has an unknown version.

func (UnknownEncryptionVer) Error

func (e UnknownEncryptionVer) Error() string

type UnknownSigVer

type UnknownSigVer struct {
	Ver SigVer
}

UnknownSigVer indicates that we can't process a signature because it has an unknown version.

func (UnknownSigVer) Error

func (e UnknownSigVer) Error() string

Error implements the error interface for UnknownSigVer

type VerifyingKey

type VerifyingKey struct {
	// contains filtered or unexported fields
}

A VerifyingKey is a public key that can be used to verify a signature created by the corresponding private signing key. In particular, VerifyingKeys are used to authenticate home and public TLFs. (See 4.2, 4.3.)

These are also sometimes known as sibkeys.

Copies of VerifyingKey objects are deep copies.

func MakeFakeVerifyingKeyOrBust

func MakeFakeVerifyingKeyOrBust(seed string) VerifyingKey

MakeFakeVerifyingKeyOrBust makes a new key suitable for verifying signatures made from the fake signing key made with the same seed.

func MakeVerifyingKey

func MakeVerifyingKey(kid keybase1.KID) VerifyingKey

MakeVerifyingKey returns a VerifyingKey containing the given KID.

func (VerifyingKey) IsNil

func (k VerifyingKey) IsNil() bool

IsNil returns true if the VerifyingKey is nil.

func (VerifyingKey) KID

func (k VerifyingKey) KID() keybase1.KID

func (VerifyingKey) MarshalBinary

func (k VerifyingKey) MarshalBinary() (data []byte, err error)

func (VerifyingKey) MarshalJSON

func (k VerifyingKey) MarshalJSON() ([]byte, error)

func (VerifyingKey) String

func (k VerifyingKey) String() string

func (*VerifyingKey) UnmarshalBinary

func (k *VerifyingKey) UnmarshalBinary(data []byte) error

func (*VerifyingKey) UnmarshalJSON

func (k *VerifyingKey) UnmarshalJSON(s []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL