crypto

package
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 30, 2024 License: Apache-2.0 Imports: 8 Imported by: 160

Documentation

Index

Constants

View Source 
const (
	UnknownSignatureAlgorithm SignatureAlgorithm = crypto.UnknownSigningAlgorithm
	// ECDSA_P256 is ECDSA on NIST P-256 curve
	ECDSA_P256 = crypto.ECDSAP256
	// ECDSA_secp256k1 is ECDSA on secp256k1 curve
	ECDSA_secp256k1 = crypto.ECDSASecp256k1
	// BLS_BLS12_381 is BLS on BLS12-381 curve
	BLS_BLS12_381 = crypto.BLSBLS12381
)
View Source 
const (
	UnknownHashAlgorithm HashAlgorithm = hash.UnknownHashingAlgorithm
	SHA2_256                           = hash.SHA2_256
	SHA2_384                           = hash.SHA2_384
	SHA3_256                           = hash.SHA3_256
	SHA3_384                           = hash.SHA3_384
	Keccak256                          = hash.Keccak_256
	KMAC128                            = hash.KMAC128
)
View Source 
const MinSeedLength = crypto.KeyGenSeedMinLen

MinSeedLength is the generic minimum seed length. It is recommended to use seeds with enough entropy, preferably from a secure RNG. The key generation process extracts and expands the entropy of the seed.

Variables

View Source 
var DecodePrivateKey = crypto.DecodePrivateKey

DecodePrivateKey decodes a raw byte encoded private key with the given signature algorithm.

View Source 
var DecodePublicKey = crypto.DecodePublicKey

DecodePublicKey decodes a raw byte encoded public key with the given signature algorithm.

Functions

func CompatibleAlgorithms 

func CompatibleAlgorithms(sigAlgo SignatureAlgorithm, hashAlgo HashAlgorithm) bool

CompatibleAlgorithms returns true if the signature and hash algorithms can be a valid pair for generating or verifying a signature, supported by the package.

If the function returns `false`, the inputs cannot be paired. If the function returns `true`, the inputs can be paired, under the condition that variable output size hashers (currently KMAC128) are set with a compatible output size.

Signature generation and verification functions would check the hash output constraints.

func NewBLSHasher added in v0.41.19 

func NewBLSHasher(tag string) hash.Hasher

NewBLSHasher returns a hasher that can be used for BLS signing and verifying. It abstracts the complexities of meeting the right conditions of a BLS hasher.

The hasher returned is the the expand-message step in the BLS hash-to-curve. It uses a xof (extendable output function) based on KMAC128. It therefore has a 128-bytes output. The `tag` parameter is a domain separation string.

Check https://pkg.go.dev/github.com/onflow/crypto#NewExpandMsgXOFKMAC128 for more info on the hasher generation underneath.

Types

type Hash 

type Hash = hash.Hash

type HashAlgorithm 

type HashAlgorithm = hash.HashingAlgorithm

HashAlgorithm is an identifier for a hash algorithm.

func StringToHashAlgorithm 

func StringToHashAlgorithm(s string) HashAlgorithm

StringToHashAlgorithm converts a string to a HashAlgorithm.

type Hasher 

type Hasher = hash.Hasher

func NewHasher 

func NewHasher(algo HashAlgorithm) (Hasher, error)

NewHasher initializes and returns a new hasher with the given hash algorithm.

This function returns an error if the hash algorithm is invalid. KMAC128 cannot be instantiated with this function. Use `NewKMAC_128` instead.

func NewKMAC_128 added in v0.41.19 

func NewKMAC_128(key []byte, customizer []byte, outputSize int) (Hasher, error)

NewKMAC_128 returns a new KMAC instance

  • `key` is the KMAC key (the key size is compared to the security level).
  • `customizer` is the customization string. It can be left empty if no customization is required.

NewKeccak_256 returns a new instance of KMAC128

func NewKeccak_256 added in v0.25.0 

func NewKeccak_256() Hasher

NewKeccak_256 returns a new instance of Keccak256 hasher.

func NewSHA2_256 

func NewSHA2_256() Hasher

NewSHA2_256 returns a new instance of SHA2-256 hasher.

func NewSHA2_384 

func NewSHA2_384() Hasher

NewSHA2_384 returns a new instance of SHA2-384 hasher.

func NewSHA3_256 

func NewSHA3_256() Hasher

NewSHA3_256 returns a new instance of SHA3-256 hasher.

func NewSHA3_384 

func NewSHA3_384() Hasher

NewSHA3_384 returns a new instance of SHA3-384 hasher.

type InMemorySigner 

type InMemorySigner struct {
	PrivateKey PrivateKey
	Hasher     Hasher
}

An InMemorySigner is a signer that generates signatures using an in-memory private key.

InMemorySigner implements simple signing that does not protect the private key against any tampering or side channel attacks. The implementation is pure software and does not include any isolation or secure-hardware protecion. InMemorySigner should not be used for sensitive keys (for instance production keys) unless extra protection measures are taken.

func NewInMemorySigner 

func NewInMemorySigner(privateKey PrivateKey, hashAlgo HashAlgorithm) (InMemorySigner, error)

NewInMemorySigner initializes and returns a new in-memory signer with the provided private key and hashing algorithm.

It returns an error if the signature and hashing algorithms are not compatible.

func (InMemorySigner) PublicKey added in v0.25.0 

func (s InMemorySigner) PublicKey() PublicKey

func (InMemorySigner) Sign 

func (s InMemorySigner) Sign(message []byte) ([]byte, error)

type NaiveSigner 

type NaiveSigner = InMemorySigner

NaiveSigner is an alias for InMemorySigner.

func NewNaiveSigner 

func NewNaiveSigner(privateKey PrivateKey, hashAlgo HashAlgorithm) (NaiveSigner, error)

NewNaiveSigner is an alias for NewInMemorySigner.

type PrivateKey 

type PrivateKey = crypto.PrivateKey

A PrivateKey is a cryptographic private key that can be used for in-memory signing.

func DecodePrivateKeyHex 

func DecodePrivateKeyHex(sigAlgo SignatureAlgorithm, s string) (PrivateKey, error)

DecodePrivateKeyHex decodes a raw hex encoded private key with the given signature algorithm.

func GeneratePrivateKey 

func GeneratePrivateKey(sigAlgo SignatureAlgorithm, seed []byte) (PrivateKey, error)

GeneratePrivateKey generates a private key with the specified signature algorithm from the given seed. Note that the output key is directly mapped from the seed. The seed is therefore equivalent to the private key. This implementation is pure software and does not include any isolation or secure-hardware protection. The function should not be used for sensitive keys (for instance production keys) unless extra protection measures are taken.

type PublicKey 

type PublicKey = crypto.PublicKey

A PublicKey is a cryptographic public key that can be used to verify signatures.

func DecodePublicKeyHex 

func DecodePublicKeyHex(sigAlgo SignatureAlgorithm, s string) (PublicKey, error)

DecodePublicKeyHex decodes a raw hex encoded public key with the given signature algorithm.

func DecodePublicKeyPEM added in v0.11.0 

func DecodePublicKeyPEM(sigAlgo SignatureAlgorithm, s string) (PublicKey, error)

DecodePublicKeyHex decodes a PEM ECDSA public key with the given curve, encoded in `sigAlgo`.

The function only supports ECDSA with P256 and secp256k1 curves.

type SignatureAlgorithm 

type SignatureAlgorithm = crypto.SigningAlgorithm

SignatureAlgorithm is an identifier for a signature algorithm (and parameters if applicable).

func StringToSignatureAlgorithm 

func StringToSignatureAlgorithm(s string) SignatureAlgorithm

StringToSignatureAlgorithm converts a string to a SignatureAlgorithm.

type Signer 

type Signer interface {
	// Sign signs the given message with this signer.
	Sign(message []byte) ([]byte, error)
	// PublicKey returns the verification public key corresponding to the signer
	PublicKey() PublicKey
}

A Signer is capable of generating cryptographic signatures.

Source Files

View all Source files

Directories

Path Synopsis
Package awskms provides a AWS Key Management Service (KMS) implementation of the crypto.Signer interface.
 Package awskms provides a AWS Key Management Service (KMS) implementation of the crypto.Signer interface.
Package cloudkms provides a Google Cloud Key Management Service (KMS) implementation of the crypto.Signer interface.
 Package cloudkms provides a Google Cloud Key Management Service (KMS) implementation of the crypto.Signer interface.
* Flow Go SDK * * Copyright Flow Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.
 * Flow Go SDK * * Copyright Flow Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.