ski

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2020 License: GPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

Package ski (Secure Key Interface) contains PLAN's crypto abstractions and pluggable interfaces

Package ski (Secure Key Interface) contains PLAN's crypto abstractions and pluggable interfaces

Index

Constants

View Source 
const (

	// ContentDecryptAccess only allows the client to decrypt data
	ContentDecryptAccess = "ContentDecryptAccess"

	// ContentAuthoringAccess allows the client to encrypt and sign data
	ContentAuthoringAccess = "ContentDecryptAccess"

	// AddKeysAccess allows keys to be imported and generated
	AddKeysAccess = "AddKeysAccess"
)
View Source 
const (

	// ErrorOnKeyNotFound - if set, the export attempt will return an error if a given key was not found.   Otherwise, the entry is skipped/dropped.
	ErrorOnKeyNotFound = 1 << iota
)
View Source 
const (

	// MinPubKeyPrefixSz prevents suspiciously small pub key prefixes from being used.
	MinPubKeyPrefixSz = 16
)

Variables

View Source 
var (
	ErrInvalidLengthSki = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowSki   = fmt.Errorf("proto: integer overflow")
)
View Source 
var CryptOp_name = map[int32]string{
	0: "SIGN",
	1: "ENCRYPT_SYM",
	2: "DECRYPT_SYM",
	3: "ENCRYPT_TO_PEER",
	4: "DECRYPT_FROM_PEER",
	5: "IMPORT_USING_PW",
	6: "EXPORT_USING_PW",
	7: "IMPORT_FROM_PEER",
	8: "EXPORT_TO_PEER",
}
View Source 
var CryptOp_value = map[string]int32{
	"SIGN":              0,
	"ENCRYPT_SYM":       1,
	"DECRYPT_SYM":       2,
	"ENCRYPT_TO_PEER":   3,
	"DECRYPT_FROM_PEER": 4,
	"IMPORT_USING_PW":   5,
	"EXPORT_USING_PW":   6,
	"IMPORT_FROM_PEER":  7,
	"EXPORT_TO_PEER":    8,
}
View Source 
var CryptoKitID_name = map[int32]string{
	0: "INVALID_CRYPTO_KIT",
	1: "NaCl",
	2: "ED25519",
}
View Source 
var CryptoKitID_value = map[string]int32{
	"INVALID_CRYPTO_KIT": 0,
	"NaCl":               1,
	"ED25519":            2,
}
View Source 
var HashKitID_name = map[int32]string{
	0: "INVALID_HASH_KIT",
	1: "LegacyKeccak_256",
	2: "LegacyKeccak_512",
	3: "SHA3_256",
	4: "SHA3_512",
	5: "Blake2b_256",
	6: "Blake2b_512",
}
View Source 
var HashKitID_value = map[string]int32{
	"INVALID_HASH_KIT": 0,
	"LegacyKeccak_256": 1,
	"LegacyKeccak_512": 2,
	"SHA3_256":         3,
	"SHA3_512":         4,
	"Blake2b_256":      5,
	"Blake2b_512":      6,
}
View Source 
var KeyType_name = map[int32]string{
	0: "Unspecified",
	1: "SymmetricKey",
	2: "AsymmetricKey",
	3: "SigningKey",
}
View Source 
var KeyType_value = map[string]int32{
	"Unspecified":   0,
	"SymmetricKey":  1,
	"AsymmetricKey": 2,
	"SigningKey":    3,
}

Functions

func BinDesc 

func BinDesc(inBinStr []byte) string

BinDesc returns a base64 encoding of a binary string, limiting it to a short number of character for debugging and logging.

func CompareKeyEntry 

func CompareKeyEntry(a, b *KeyEntry) int

CompareKeyEntry fully compares two KeyEntrys.

If 0 is returned, a and b are identical.

func CompareKeyInfo 

func CompareKeyInfo(a, b *KeyInfo) int

CompareKeyInfo fully compares two KeyInfos, sorting first by PubKey, then TimeCreated such that 

ewer keys will appear first (descending TimeCreated)

If 0 is returned, a and b are identical.

func FetchHasher 

func FetchHasher(hashKitID HashKitID) func() hash.Hash

FetchHasher returns the hash pkg for the given hash kit

func RegisterCryptoKit 

func RegisterCryptoKit(
	inPkg *CryptoKit,
) error

RegisterCryptoKit is convenience fuction that registers the given provider so it can be invoked via ski.StartSession()

func VerifySignature 

func VerifySignature(
	inSig []byte,
	inDigest []byte,
	inCryptoKitID CryptoKitID,
	inSignerPubKey []byte,
) error

VerifySignature is a convenience function that performs signature validation for any registered CryptoKit. 

Returns nil err if the signature of inDigest plus the signer's private key matches the given signature.

This function is threadsafe.

func Zero 

func Zero(buf []byte)

Zero zeros out a given slice

Types

type AccessScopes 

type AccessScopes []string

AccessScopes specifies a set of SKI ops allowed to occur in a SKI session. A clients requests this set when starting a new session, 

allowing the SKI provider to provision for the requested access (e.g. getting user permission of not already granted).

type ByKeyringName 

type ByKeyringName []*Keyring

ByKeyringName implements sort.Interface to sort a slice of Keyrings by binary name.

func (ByKeyringName) Len 

func (a ByKeyringName) Len() int

func (ByKeyringName) Less 

func (a ByKeyringName) Less(i, j int) bool

func (ByKeyringName) Swap 

func (a ByKeyringName) Swap(i, j int)

type ByNewestKey 

type ByNewestKey []*KeyEntry

ByNewestKey implements sort.Interface based on KeyEntry.TimeCreated

func (ByNewestKey) Len 

func (a ByNewestKey) Len() int

func (ByNewestKey) Less 

func (a ByNewestKey) Less(i, j int) bool

func (ByNewestKey) Swap 

func (a ByNewestKey) Swap(i, j int)

type ByNewestPubKey 

type ByNewestPubKey []*KeyEntry

ByNewestPubKey implements sort.Interface based on KeyEntry.PubKey followed by TimeCreated. See CompareEntries() to see sort order. For keys that have the same PubKey, the newer (larger TimeCreated) keys will appear first.

func (ByNewestPubKey) Len 

func (a ByNewestPubKey) Len() int

func (ByNewestPubKey) Less 

func (a ByNewestPubKey) Less(i, j int) bool

func (ByNewestPubKey) Swap 

func (a ByNewestPubKey) Swap(i, j int)

type CryptOp 

type CryptOp int32
const (
	// Generates a signature for BufIn using the referenced signing key, placing the signature into BufOut.
	CryptOp_SIGN CryptOp = 0
	// Inverse of DECRYPT_SYM
	// Encrypts BufIn using the symmetric key referenced by OpKey.
	CryptOp_ENCRYPT_SYM CryptOp = 1
	// Inverse of ENCRYPT_SYM
	// Decrypts BufIn using the symmetric key referenced by OpKey.
	CryptOp_DECRYPT_SYM CryptOp = 2
	// Encrypts BufIn for a recipient holding the private key associated with the pub key contained in PeerKey,
	//    encrypting using the referenced asymmetric key and placing the encrypted result into BufOut.
	CryptOp_ENCRYPT_TO_PEER CryptOp = 3
	// Decrypts BufIn from a sender holding the private key associated with the pub key contained in PeerKey,
	//    decrypting using the referenced asymmetric key and placing the decrypted result into BufOut.
	CryptOp_DECRYPT_FROM_PEER CryptOp = 4
	// Inverse of EXPORT_USING_PW
	// Identical to IMPORT_FROM_PEER except that BufIn is instead decrypted via CryptoKit.DecryptUsingPassword(),
	//    using CryptOp.PeerKey as a the password.  The CryptoKit invoked is determined by CryptOpArgs.DefaultCryptoKit.
	CryptOp_IMPORT_USING_PW CryptOp = 5
	// Inverse of IMPORT_USING_PW
	// Identical to EXPORT_TO_PEER except the output serialized KeyTome is encrypted via CryptoKit.EncryptUsingPassword(),
	//    using CryptOp.PeerKey as a the password.  The CryptoKit invoked is determined by CryptOpArgs.DefaultCryptoKit.
	CryptOp_EXPORT_USING_PW CryptOp = 6
	// Inverse of EXPORT_TO_PEER
	// First, performs as DECRYPT_FROM_PEER.
	// The result/output buf is then unmarshalled (assumed to be a ski.KeyTome protobuf) and is merged into the host KeyTome.
	// See ski.ImportKeys() for how the incoming KeyTome is merged into the host KeyTome.
	CryptOp_IMPORT_FROM_PEER CryptOp = 7
	// Inverse of IMPORT_FROM_PEER
	// For each entry in CryptOpArgs.TomeIn, PubKey is used to lookup a corresponding KeyEntry in the host KeyTome.
	// Each KeyEntry with a matching PubKey is copied into a new temp KeyTome, into the appropriate Keyring,
	//    creating a Keyring if it does not yet exist.
	// If a Keyring appears in CryptOpArgs.TomeIn but contains no entries, the entire Keyring will be exported.
	// If a Keyring or KeyEntry from TomeIn isn't found, an error is returned.
	// See KeyTome.ExportUsingGuide() for how TomeIn is handled.
	// On completion, the temp KeyTome is serialized, assigned to CryptOpArgs.BufIn, and ENCRYPT_TO_PEER is executed.
	CryptOp_EXPORT_TO_PEER CryptOp = 8
)

func (CryptOp) EnumDescriptor 

func (CryptOp) EnumDescriptor() ([]byte, []int)

func (CryptOp) String 

func (x CryptOp) String() string

type CryptOpArgs 

type CryptOpArgs struct {
	// Specifies which op to invoke for these given set of args
	CryptOp CryptOp `protobuf:"varint,1,opt,name=crypt_op,json=cryptOp,proto3,enum=ski.CryptOp" json:"crypt_op,omitempty"`
	// Specifies the default CryptoKit for ops when not specified.
	DefaultCryptoKit CryptoKitID `` /* 133-byte string literal not displayed */
	// The source/input buffer that is signed/encrypted/decrypted.
	BufIn []byte `protobuf:"bytes,3,opt,name=buf_in,json=bufIn,proto3" json:"buf_in,omitempty"`
	// A reference to an existing KeyEntry in the host's KeyTome used as the key for this op's encryption/decryption.
	OpKey *KeyRef `protobuf:"bytes,4,opt,name=op_key,json=opKey,proto3" json:"op_key,omitempty"`
	// For ENCRYPT_TO_PEER and EXPORT_TO_PEER, this is what the recipient will use for OpKey.PubKey.
	// For DECRYPT_FROM_PEER and IMPORT_FROM_PEER, this is what the sender used for OpKey.PubKey.
	// For IMPORT_USING_PW and EXPORT_USING_PW, this is the password.
	PeerKey []byte `protobuf:"bytes,5,opt,name=peer_key,json=peerKey,proto3" json:"peer_key,omitempty"`
	// Keyring and key info used to identify existing (or to-be-created) keys in the host's KeyTome.
	// Used for EXPORT_TO_PEER and GENERATE_KEYS.
	TomeIn               *KeyTome `protobuf:"bytes,6,opt,name=tome_in,json=tomeIn,proto3" json:"tome_in,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*CryptOpArgs) Descriptor 

func (*CryptOpArgs) Descriptor() ([]byte, []int)

func (*CryptOpArgs) GetBufIn 

func (m *CryptOpArgs) GetBufIn() []byte

func (*CryptOpArgs) GetCryptOp 

func (m *CryptOpArgs) GetCryptOp() CryptOp

func (*CryptOpArgs) GetDefaultCryptoKit 

func (m *CryptOpArgs) GetDefaultCryptoKit() CryptoKitID

func (*CryptOpArgs) GetOpKey 

func (m *CryptOpArgs) GetOpKey() *KeyRef

func (*CryptOpArgs) GetPeerKey 

func (m *CryptOpArgs) GetPeerKey() []byte

func (*CryptOpArgs) GetTomeIn 

func (m *CryptOpArgs) GetTomeIn() *KeyTome

func (*CryptOpArgs) Marshal 

func (m *CryptOpArgs) Marshal() (dAtA []byte, err error)

func (*CryptOpArgs) MarshalTo 

func (m *CryptOpArgs) MarshalTo(dAtA []byte) (int, error)

func (*CryptOpArgs) ProtoMessage 

func (*CryptOpArgs) ProtoMessage()

func (*CryptOpArgs) Reset 

func (m *CryptOpArgs) Reset()

func (*CryptOpArgs) Size 

func (m *CryptOpArgs) Size() (n int)

func (*CryptOpArgs) String 

func (m *CryptOpArgs) String() string

func (*CryptOpArgs) Unmarshal 

func (m *CryptOpArgs) Unmarshal(dAtA []byte) error

func (*CryptOpArgs) XXX_DiscardUnknown 

func (m *CryptOpArgs) XXX_DiscardUnknown()

func (*CryptOpArgs) XXX_Marshal 

func (m *CryptOpArgs) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CryptOpArgs) XXX_Merge 

func (m *CryptOpArgs) XXX_Merge(src proto.Message)

func (*CryptOpArgs) XXX_Size 

func (m *CryptOpArgs) XXX_Size() int

func (*CryptOpArgs) XXX_Unmarshal 

func (m *CryptOpArgs) XXX_Unmarshal(b []byte) error

type CryptOpOut 

type CryptOpOut struct {
	// Output buf from the given crypto op (and depends on the given CryptOp)
	BufOut []byte `protobuf:"bytes,1,opt,name=buf_out,json=bufOut,proto3" json:"buf_out,omitempty"`
	// Returns the pub key used in the op (needed when CryptOpArgs.OpKey.PubKey wasn't specified)
	OpPubKey             []byte   `protobuf:"bytes,2,opt,name=op_pub_key,json=opPubKey,proto3" json:"op_pub_key,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*CryptOpOut) Descriptor 

func (*CryptOpOut) Descriptor() ([]byte, []int)

func (*CryptOpOut) GetBufOut 

func (m *CryptOpOut) GetBufOut() []byte

func (*CryptOpOut) GetOpPubKey 

func (m *CryptOpOut) GetOpPubKey() []byte

func (*CryptOpOut) Marshal 

func (m *CryptOpOut) Marshal() (dAtA []byte, err error)

func (*CryptOpOut) MarshalTo 

func (m *CryptOpOut) MarshalTo(dAtA []byte) (int, error)

func (*CryptOpOut) ProtoMessage 

func (*CryptOpOut) ProtoMessage()

func (*CryptOpOut) Reset 

func (m *CryptOpOut) Reset()

func (*CryptOpOut) Size 

func (m *CryptOpOut) Size() (n int)

func (*CryptOpOut) String 

func (m *CryptOpOut) String() string

func (*CryptOpOut) Unmarshal 

func (m *CryptOpOut) Unmarshal(dAtA []byte) error

func (*CryptOpOut) XXX_DiscardUnknown 

func (m *CryptOpOut) XXX_DiscardUnknown()

func (*CryptOpOut) XXX_Marshal 

func (m *CryptOpOut) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CryptOpOut) XXX_Merge 

func (m *CryptOpOut) XXX_Merge(src proto.Message)

func (*CryptOpOut) XXX_Size 

func (m *CryptOpOut) XXX_Size() int

func (*CryptOpOut) XXX_Unmarshal 

func (m *CryptOpOut) XXX_Unmarshal(b []byte) error

type CryptoKit 

type CryptoKit struct {
	CryptoKitID CryptoKitID

	// Pre: ioEntry.KeyType, .KeyDomain, .CryptoKitID, and .TimeCreated is already set.
	// inRequestedKeyLen is the requested length of the private key. It is ignored
	//     if this implementation uses fixed or implicit key lengths.
	GenerateNewKey func(
		inRand io.Reader,
		inRequestedKeyLen int,
		ioEntry *KeyEntry,
	) error

	// Encrypts a buffer using any arbitrary-length password
	EncryptUsingPassword func(
		inRand io.Reader,
		inMsg []byte,
		inPwd []byte,
	) ([]byte, error)

	// Decrypt a buffer encrypted via EncryptUsingPassword()
	DecryptUsingPassword func(
		inMsg []byte,
		inPwd []byte,
	) ([]byte, error)

	Encrypt func(
		inRand io.Reader,
		inMsg []byte,
		inKey []byte,
	) ([]byte, error)

	Decrypt func(
		inMsg []byte,
		inKey []byte,
	) ([]byte, error)

	EncryptFor func(
		inRand io.Reader,
		inMsg []byte,
		inPeerPubKey []byte,
		inPrivKey []byte,
	) ([]byte, error)

	DecryptFrom func(
		inMsg []byte,
		inPeerPubKey []byte,
		inPrivKey []byte,
	) ([]byte, error)

	Sign func(
		inDigest []byte,
		inSignerPrivKey []byte,
	) ([]byte, error)

	VerifySignature func(
		inSig []byte,
		inDigest []byte,
		inSignerPubKey []byte,
	) error
}

CryptoKit is a generic pluggable interface that any crypto package can implement. It can even be partially implemented (just set nil values for funcs not implemented). All calls are assumed to be threadsafe.

func GetCryptoKit 

func GetCryptoKit(
	inCryptoKitID CryptoKitID,
) (*CryptoKit, error)

GetCryptoKit fetches a given registered crypto module for use If the associated CryptoKit has not been registered, an error is returned.

type CryptoKitID 

type CryptoKitID int32

CryptoKitID identifies an encryption suite that implements ski.CryptoKit 

const (
	CryptoKitID_INVALID_CRYPTO_KIT CryptoKitID = 0
	CryptoKitID_NaCl               CryptoKitID = 1
	CryptoKitID_ED25519            CryptoKitID = 2
)

func (CryptoKitID) EnumDescriptor 

func (CryptoKitID) EnumDescriptor() ([]byte, []int)

func (CryptoKitID) String 

func (x CryptoKitID) String() string

type ExportKeysOptions 

type ExportKeysOptions uint32

ExportKeysOptions is used with ExportWithGuide()

type HashKit 

type HashKit struct {
	HashKitID HashKitID
	Hasher    hash.Hash
	HashSz    int
}

HashKit is an abstraction for hash.Hash

func NewHashKit 

func NewHashKit(hashKitID HashKitID) (HashKit, error)

NewHashKit returns the requested HashKit.

type HashKitID 

type HashKitID int32

CryptoKitID identifies a hash algorithm that implements ski.HaskKit 

const (
	HashKitID_INVALID_HASH_KIT HashKitID = 0
	HashKitID_LegacyKeccak_256 HashKitID = 1
	HashKitID_LegacyKeccak_512 HashKitID = 2
	HashKitID_SHA3_256         HashKitID = 3
	HashKitID_SHA3_512         HashKitID = 4
	HashKitID_Blake2b_256      HashKitID = 5
	HashKitID_Blake2b_512      HashKitID = 6
)

func (HashKitID) EnumDescriptor 

func (HashKitID) EnumDescriptor() ([]byte, []int)

func (HashKitID) String 

func (x HashKitID) String() string

type KeyEntry 

type KeyEntry struct {
	// Info about this key
	KeyInfo *KeyInfo `protobuf:"bytes,1,opt,name=key_info,json=keyInfo,proto3" json:"key_info,omitempty"`
	// Private part of the key -- should be used and copied carefully.
	// When a KeyEntry is used to reference/specify an existing key, this field is not set and/or is ignored.
	PrivKey              []byte   `protobuf:"bytes,6,opt,name=priv_key,json=privKey,proto3" json:"priv_key,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KeyEntry is used in 3 ways:

  1. Storage/Export mode: used to store all fields of a fully generated key - KeyEntry.PrivKey != nil
  2. Ref/Spec mode: used to reference an existing key somewhere else - KeyEntry.PrivKey == nil - Fields used: KeyInfo.PubKey (other fields ignored)
  3. KeyGen mode: used as a guide to generate a new key - Fields used: KeyInfo.KeyType and KeyInfo.CryptoKitID (other fields ignored)

func (*KeyEntry) Descriptor 

func (*KeyEntry) Descriptor() ([]byte, []int)

func (*KeyEntry) EqualTo 

func (entry *KeyEntry) EqualTo(other *KeyEntry) bool

EqualTo compares if two key entries are identical/interchangable

func (*KeyEntry) GetKeyInfo 

func (m *KeyEntry) GetKeyInfo() *KeyInfo

func (*KeyEntry) GetPrivKey 

func (m *KeyEntry) GetPrivKey() []byte

func (*KeyEntry) Marshal 

func (m *KeyEntry) Marshal() (dAtA []byte, err error)

func (*KeyEntry) MarshalTo 

func (m *KeyEntry) MarshalTo(dAtA []byte) (int, error)

func (*KeyEntry) ProtoMessage 

func (*KeyEntry) ProtoMessage()

func (*KeyEntry) Reset 

func (m *KeyEntry) Reset()

func (*KeyEntry) Size 

func (m *KeyEntry) Size() (n int)

func (*KeyEntry) String 

func (m *KeyEntry) String() string

func (*KeyEntry) Unmarshal 

func (m *KeyEntry) Unmarshal(dAtA []byte) error

func (*KeyEntry) XXX_DiscardUnknown 

func (m *KeyEntry) XXX_DiscardUnknown()

func (*KeyEntry) XXX_Marshal 

func (m *KeyEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyEntry) XXX_Merge 

func (m *KeyEntry) XXX_Merge(src proto.Message)

func (*KeyEntry) XXX_Size 

func (m *KeyEntry) XXX_Size() int

func (*KeyEntry) XXX_Unmarshal 

func (m *KeyEntry) XXX_Unmarshal(b []byte) error

func (*KeyEntry) ZeroOut 

func (entry *KeyEntry) ZeroOut()

ZeroOut zeros out this entry's private key buffer

type KeyInfo 

type KeyInfo struct {
	// Specifies the type of key this is (optional)
	KeyType KeyType `protobuf:"varint,1,opt,name=key_type,json=keyType,proto3,enum=ski.KeyType" json:"key_type,omitempty"`
	// Specifies which crypto suite to invoke.
	CryptoKit CryptoKitID `protobuf:"varint,2,opt,name=crypto_kit,json=cryptoKit,proto3,enum=ski.CryptoKitID" json:"crypto_kit,omitempty"`
	// Unix timestamp when this key was created (or 0 if not set)
	TimeCreated int64 `protobuf:"varint,3,opt,name=time_created,json=timeCreated,proto3" json:"time_created,omitempty"`
	// Public part of the key; how this key is also referenced publicly (in base-256 form)
	PubKey               []byte   `protobuf:"bytes,4,opt,name=pub_key,json=pubKey,proto3" json:"pub_key,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

KeyInfo specifies info an existing KeyEntry or and KeyEntry this is to be created.

KeyInfo exists in two modes/uses:

  1. Generated/copied from an existing KeyEntry
  2. Key gen mode: used as a guide to generate a new key a) Fields used: KeyType and CryptoKitID (other fields ignored)

func GenerateNewKey 

func GenerateNewKey(
	inSession Session,
	inKeyringName []byte,
	inKeyInfo KeyInfo,
) (*KeyInfo, error)

GenerateNewKey creates a new key, blocking until completion

func (*KeyInfo) DescStr added in v0.0.2 

func (ki *KeyInfo) DescStr(inVerbose bool) string

DescStr returns a human readable desc string for this KeyInfo

func (*KeyInfo) Descriptor 

func (*KeyInfo) Descriptor() ([]byte, []int)

func (*KeyInfo) GetCryptoKit 

func (m *KeyInfo) GetCryptoKit() CryptoKitID

func (*KeyInfo) GetKeyType 

func (m *KeyInfo) GetKeyType() KeyType

func (*KeyInfo) GetPubKey 

func (m *KeyInfo) GetPubKey() []byte

func (*KeyInfo) GetTimeCreated 

func (m *KeyInfo) GetTimeCreated() int64

func (*KeyInfo) Marshal 

func (m *KeyInfo) Marshal() (dAtA []byte, err error)

func (*KeyInfo) MarshalTo 

func (m *KeyInfo) MarshalTo(dAtA []byte) (int, error)

func (*KeyInfo) ProtoMessage 

func (*KeyInfo) ProtoMessage()

func (*KeyInfo) Reset 

func (m *KeyInfo) Reset()

func (*KeyInfo) Size 

func (m *KeyInfo) Size() (n int)

func (*KeyInfo) String 

func (m *KeyInfo) String() string

func (*KeyInfo) Unmarshal 

func (m *KeyInfo) Unmarshal(dAtA []byte) error

func (*KeyInfo) XXX_DiscardUnknown 

func (m *KeyInfo) XXX_DiscardUnknown()

func (*KeyInfo) XXX_Marshal 

func (m *KeyInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyInfo) XXX_Merge 

func (m *KeyInfo) XXX_Merge(src proto.Message)

func (*KeyInfo) XXX_Size 

func (m *KeyInfo) XXX_Size() int

func (*KeyInfo) XXX_Unmarshal 

func (m *KeyInfo) XXX_Unmarshal(b []byte) error

type KeyRef 

type KeyRef struct {
	// Specifies the Keyring that the key resides on (required when referencing a KeyEntry in a KeyTome).
	KeyringName []byte `protobuf:"bytes,1,opt,name=keyring_name,json=keyringName,proto3" json:"keyring_name,omitempty"`
	// The pub key of the key being referenced (or len()==0 to imply the newest key in the cited keyring).
	// Note that the complete pub key isn't required, just a sufficiently long matching prefix (typically 16-64 bytes).
	PubKey               []byte   `protobuf:"bytes,2,opt,name=pub_key,json=pubKey,proto3" json:"pub_key,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*KeyRef) DescStr added in v0.0.2 

func (kr *KeyRef) DescStr() string

DescStr returns a human readable desc string for this KeyRef

func (*KeyRef) Descriptor 

func (*KeyRef) Descriptor() ([]byte, []int)

func (*KeyRef) GetKeyringName 

func (m *KeyRef) GetKeyringName() []byte

func (*KeyRef) GetPubKey 

func (m *KeyRef) GetPubKey() []byte

func (*KeyRef) Marshal 

func (m *KeyRef) Marshal() (dAtA []byte, err error)

func (*KeyRef) MarshalTo 

func (m *KeyRef) MarshalTo(dAtA []byte) (int, error)

func (*KeyRef) ProtoMessage 

func (*KeyRef) ProtoMessage()

func (*KeyRef) Reset 

func (m *KeyRef) Reset()

func (*KeyRef) Size 

func (m *KeyRef) Size() (n int)

func (*KeyRef) String 

func (m *KeyRef) String() string

func (*KeyRef) Unmarshal 

func (m *KeyRef) Unmarshal(dAtA []byte) error

func (*KeyRef) XXX_DiscardUnknown 

func (m *KeyRef) XXX_DiscardUnknown()

func (*KeyRef) XXX_Marshal 

func (m *KeyRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyRef) XXX_Merge 

func (m *KeyRef) XXX_Merge(src proto.Message)

func (*KeyRef) XXX_Size 

func (m *KeyRef) XXX_Size() int

func (*KeyRef) XXX_Unmarshal 

func (m *KeyRef) XXX_Unmarshal(b []byte) error

type KeyTome 

type KeyTome struct {
	// Incremented each time this KeyTome is altered.
	Rev int64 `protobuf:"varint,1,opt,name=rev,proto3" json:"rev,omitempty"`
	// Ordered list of Keyrings (potentially sorted by Keyring.Name)
	Keyrings []*Keyring `protobuf:"bytes,2,rep,name=keyrings,proto3" json:"keyrings,omitempty"`
	// If set, []Keyrings is sorted by Keyring.Name via bytes.Compare()
	SortedByName         bool     `protobuf:"varint,3,opt,name=sorted_by_name,json=sortedByName,proto3" json:"sorted_by_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*KeyTome) Descriptor 

func (*KeyTome) Descriptor() ([]byte, []int)

func (*KeyTome) ExportUsingGuide 

func (tome *KeyTome) ExportUsingGuide(
	inGuide *KeyTome,
	inOpts ExportKeysOptions,
) ([]byte, error)

ExportUsingGuide walks through inGuide and for each Keyring.Name + KeyEntry.PubKey match, the KeyEntry fields 

are copied to a new KeyTome.  When complete, the new KeyTome is marshalled into an output buffer and returned.

Note: Only Keyring.Name and KeyEntry.PubKey are used from ioGuide (other fields are ignored).

Warning: since the returned buffer contains private key bytes, one should zero the result buffer after using it.

func (*KeyTome) FetchKeyring 

func (tome *KeyTome) FetchKeyring(
	inKeyringName []byte,
) *Keyring

FetchKeyring returns the named Keyring (or nil if not found).

O(log n) if SortedByName is set, O(n) otherwise.

func (*KeyTome) GenerateFork 

func (tome *KeyTome) GenerateFork(
	ioRand io.Reader,
	inRequestedKeyLen int,
) (*KeyTome, error)

GenerateFork returns a new KeyTome identical to this KeyTome, but with newly generated PubKey/PrivKey pairs. For each generated key, each originating KeyEntry's fields are reset (except for PrivKey which is set to to nil)

func (*KeyTome) GetKeyrings 

func (m *KeyTome) GetKeyrings() []*Keyring

func (*KeyTome) GetRev 

func (m *KeyTome) GetRev() int64

func (*KeyTome) GetSortedByName 

func (m *KeyTome) GetSortedByName() bool

func (*KeyTome) Marshal 

func (m *KeyTome) Marshal() (dAtA []byte, err error)

func (*KeyTome) MarshalTo 

func (m *KeyTome) MarshalTo(dAtA []byte) (int, error)

func (*KeyTome) MergeTome 

func (tome *KeyTome) MergeTome(
	srcTome *KeyTome,
)

MergeTome merges the given tome into this tome, moving entries from srcTome. An incoming KeyEntry that is exact duplicate is ignored/dropped. If there is a Keyring containing one or more rejected keys (either ill-formed or a pub key collision that is NOT an exact duplicate, then the problem Keyrings will remain in srcTome and should be considered an error condition.

Post: len(srcTome.Keyrings) == 0 if all keys were merged.

func (*KeyTome) Optimize 

func (tome *KeyTome) Optimize()

Optimize resorts all the contained Keyrings using ByKeyringName()

func (*KeyTome) ProtoMessage 

func (*KeyTome) ProtoMessage()

func (*KeyTome) Reset 

func (m *KeyTome) Reset()

func (*KeyTome) Size 

func (m *KeyTome) Size() (n int)

func (*KeyTome) String 

func (m *KeyTome) String() string

func (*KeyTome) Unmarshal 

func (m *KeyTome) Unmarshal(dAtA []byte) error

func (*KeyTome) XXX_DiscardUnknown 

func (m *KeyTome) XXX_DiscardUnknown()

func (*KeyTome) XXX_Marshal 

func (m *KeyTome) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyTome) XXX_Merge 

func (m *KeyTome) XXX_Merge(src proto.Message)

func (*KeyTome) XXX_Size 

func (m *KeyTome) XXX_Size() int

func (*KeyTome) XXX_Unmarshal 

func (m *KeyTome) XXX_Unmarshal(b []byte) error

func (*KeyTome) ZeroOut 

func (tome *KeyTome) ZeroOut()

ZeroOut zeros out the private key field of each key in each key set

type KeyTomeCrypt 

type KeyTomeCrypt struct {
	// A serialized ski.KeyTome encrypted in accordance with the accompanying key params
	Tome []byte `protobuf:"bytes,1,opt,name=tome,proto3" json:"tome,omitempty"`
	// Optional -- used to identify how (or with what key) the KeyTome in KeyTomeCrypt.Tpme is encrypted.
	KeyRef               *KeyRef  `protobuf:"bytes,10,opt,name=key_ref,json=keyRef,proto3" json:"key_ref,omitempty"`
	KeyInfo              *KeyInfo `protobuf:"bytes,11,opt,name=key_info,json=keyInfo,proto3" json:"key_info,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*KeyTomeCrypt) Descriptor 

func (*KeyTomeCrypt) Descriptor() ([]byte, []int)

func (*KeyTomeCrypt) GetKeyInfo 

func (m *KeyTomeCrypt) GetKeyInfo() *KeyInfo

func (*KeyTomeCrypt) GetKeyRef 

func (m *KeyTomeCrypt) GetKeyRef() *KeyRef

func (*KeyTomeCrypt) GetTome 

func (m *KeyTomeCrypt) GetTome() []byte

func (*KeyTomeCrypt) Marshal 

func (m *KeyTomeCrypt) Marshal() (dAtA []byte, err error)

func (*KeyTomeCrypt) MarshalTo 

func (m *KeyTomeCrypt) MarshalTo(dAtA []byte) (int, error)

func (*KeyTomeCrypt) ProtoMessage 

func (*KeyTomeCrypt) ProtoMessage()

func (*KeyTomeCrypt) Reset 

func (m *KeyTomeCrypt) Reset()

func (*KeyTomeCrypt) Size 

func (m *KeyTomeCrypt) Size() (n int)

func (*KeyTomeCrypt) String 

func (m *KeyTomeCrypt) String() string

func (*KeyTomeCrypt) Unmarshal 

func (m *KeyTomeCrypt) Unmarshal(dAtA []byte) error

func (*KeyTomeCrypt) XXX_DiscardUnknown 

func (m *KeyTomeCrypt) XXX_DiscardUnknown()

func (*KeyTomeCrypt) XXX_Marshal 

func (m *KeyTomeCrypt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KeyTomeCrypt) XXX_Merge 

func (m *KeyTomeCrypt) XXX_Merge(src proto.Message)

func (*KeyTomeCrypt) XXX_Size 

func (m *KeyTomeCrypt) XXX_Size() int

func (*KeyTomeCrypt) XXX_Unmarshal 

func (m *KeyTomeCrypt) XXX_Unmarshal(b []byte) error

type KeyTomeMgr 

type KeyTomeMgr struct {
	// contains filtered or unexported fields
}

KeyTomeMgr wraps ski.KeyTome, offering threadsafe access and easy serialization.

func NewKeyTomeMgr 

func NewKeyTomeMgr() *KeyTomeMgr

NewKeyTomeMgr creates a new KeyTomeMgr

func (*KeyTomeMgr) Clear 

func (mgr *KeyTomeMgr) Clear()

Clear resets this KeyHive as if NewKeyHive() was called instead, also zeroing out all private keys.

THREADSAFE

func (*KeyTomeMgr) ExportUsingGuide 

func (mgr *KeyTomeMgr) ExportUsingGuide(
	inGuide *KeyTome,
	inOpts ExportKeysOptions,
) ([]byte, error)

ExportUsingGuide -- see ski.KeyTome.ExportUsingGuide()

func (*KeyTomeMgr) FetchKey 

func (mgr *KeyTomeMgr) FetchKey(
	inKeyringName []byte,
	inPubKeyPrefix []byte,
) (*KeyEntry, error)

FetchKey returns the first KeyEntry in the specified key set with a matching pub key prefix.

If len(inPubKeyPrefix) == 0, then the newest key on the specified is returned.

THREADSAFE

func (*KeyTomeMgr) Marshal 

func (mgr *KeyTomeMgr) Marshal() ([]byte, error)

Marshal writes out entire state to a given buffer. Warning: the return buffer is not encrypted and contains private key data!

THREADSAFE

func (*KeyTomeMgr) MergeTome 

func (mgr *KeyTomeMgr) MergeTome(
	ioSrc *KeyTome,
)

MergeTome merges the given tome into this tome, moving entries from ioSrc. If there is a KeyEntry.PubKey collision, the incoming key will remain in ioSrc

THREADSAFE

func (*KeyTomeMgr) Unmarshal 

func (mgr *KeyTomeMgr) Unmarshal(dAtA []byte) error

Unmarshal first calls ZeroOut() on itself and then performs deserializaton.

THREADSAFE

type KeyType 

type KeyType int32

KeyType identifies how a key operates 

const (
	KeyType_Unspecified   KeyType = 0
	KeyType_SymmetricKey  KeyType = 1
	KeyType_AsymmetricKey KeyType = 2
	KeyType_SigningKey    KeyType = 3
)

func (KeyType) EnumDescriptor 

func (KeyType) EnumDescriptor() ([]byte, []int)

func (KeyType) String 

func (x KeyType) String() string

type Keyring 

type Keyring struct {
	// Any binary name for this Keyring (except a zero-length name).
	Name []byte `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Ordered list of KeyEntry (potentially sorted by KeyInfo.PubKey)
	Keys []*KeyEntry `protobuf:"bytes,2,rep,name=keys,proto3" json:"keys,omitempty"`
	// If set, []Keys is sorted by KeyInfo.PubKey via ski.CompareEntries()
	SortedByPubKey bool `protobuf:"varint,3,opt,name=sorted_by_pub_key,json=sortedByPubKey,proto3" json:"sorted_by_pub_key,omitempty"`
	// PubKey of the KeyEntry in this keyring that has the largest TimeCreated (or nil if not known/determined)
	NewestPubKey         []byte   `protobuf:"bytes,4,opt,name=newest_pub_key,json=newestPubKey,proto3" json:"newest_pub_key,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Keyring) Descriptor 

func (*Keyring) Descriptor() ([]byte, []int)

func (*Keyring) DropDupes 

func (kr *Keyring) DropDupes() int

DropDupes sorts this Keyring (if not already sorted) and drops all KeyEntries 

that are dupes (where all contents are identical).

Returns the number of dupes dropped

func (*Keyring) FetchKey 

func (kr *Keyring) FetchKey(
	inPubKey []byte,
) *KeyEntry

FetchKey returns the KeyEntry in this Keyring with a matching pub key.

O(log n) if SortedByPubKey is set, O(n) otherwise.

func (*Keyring) FetchKeyWithPrefix 

func (kr *Keyring) FetchKeyWithPrefix(
	inPubKeyPrefix []byte,
) *KeyEntry

FetchKeyWithPrefix returns the KeyEntry in this Keyring with a matching pub key prefix.

O(log n) if SortedByPubKey is set, O(n) otherwise.

func (*Keyring) FetchNewestKey 

func (kr *Keyring) FetchNewestKey() *KeyEntry

FetchNewestKey returns the KeyEntry with the largest TimeCreated

func (*Keyring) GetKeys 

func (m *Keyring) GetKeys() []*KeyEntry

func (*Keyring) GetName 

func (m *Keyring) GetName() []byte

func (*Keyring) GetNewestPubKey 

func (m *Keyring) GetNewestPubKey() []byte

func (*Keyring) GetSortedByPubKey 

func (m *Keyring) GetSortedByPubKey() bool

func (*Keyring) Marshal 

func (m *Keyring) Marshal() (dAtA []byte, err error)

func (*Keyring) MarshalTo 

func (m *Keyring) MarshalTo(dAtA []byte) (int, error)

func (*Keyring) MergeKeys 

func (kr *Keyring) MergeKeys(srcKeyring *Keyring)

MergeKeys is similar to MergeTome(), this consumes entries from srcKeyring and inserts them into this Keyring.

Dupe keys are ignored/dropped. If there is a pub key collision that is NOT an exact dupe (or there is a sketchy looking incoming KeyEntry), then the key will remain in srcKeyring. This should be considered an error condition since natural collions are impossibly rare and a bad KeyEntry should never be live.

Post: len(srcKeyring.Keys) == 0 if all the incoming keys were merged

func (*Keyring) Optimize 

func (kr *Keyring) Optimize()

Optimize resorts and resets this Keyring for optimized read access.

func (*Keyring) ProtoMessage 

func (*Keyring) ProtoMessage()

func (*Keyring) Reset 

func (m *Keyring) Reset()

func (*Keyring) Resort 

func (kr *Keyring) Resort()

Resort resorts this Keyring's keys for speedy searching

func (*Keyring) Size 

func (m *Keyring) Size() (n int)

func (*Keyring) String 

func (m *Keyring) String() string

func (*Keyring) Unmarshal 

func (m *Keyring) Unmarshal(dAtA []byte) error

func (*Keyring) XXX_DiscardUnknown 

func (m *Keyring) XXX_DiscardUnknown()

func (*Keyring) XXX_Marshal 

func (m *Keyring) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Keyring) XXX_Merge 

func (m *Keyring) XXX_Merge(src proto.Message)

func (*Keyring) XXX_Size 

func (m *Keyring) XXX_Size() int

func (*Keyring) XXX_Unmarshal 

func (m *Keyring) XXX_Unmarshal(b []byte) error

func (*Keyring) ZeroOut 

func (kr *Keyring) ZeroOut()

ZeroOut zeros out the private key field of each contained key and resets the length of Entries.

type PackingInfo 

type PackingInfo struct {
	SignedBuf []byte
	Hash      []byte
	Sig       []byte
	Extra     []byte
}

PackingInfo returns info from PackAndSign()

type PayloadPacker 

type PayloadPacker struct {
	// contains filtered or unexported fields
}

PayloadPacker signs and packs payload buffers IAW ski.SigHeader

func NewPacker 

func NewPacker(
	inMakeThreadsafe bool,
) PayloadPacker

NewPacker creates a new PayloadSigner

func (*PayloadPacker) PackAndSign 

func (P *PayloadPacker) PackAndSign(
	inHeaderCodec plan.Multicodec,
	inHeader []byte,
	inBody []byte,
	inExtraAlloc int,
	out *PackingInfo,
) error

PackAndSign signs a hash digest and packages it along with the payload and encodinginto into a single composite buffer intended to be decoded via PayloadUnpacker.UnpackAndVerify()

THREADSAFE

func (*PayloadPacker) ResetSession 

func (P *PayloadPacker) ResetSession(
	inSession Session,
	inSigningKey KeyRef,
	inHashKit HashKitID,
	outKeyInfo *KeyInfo,
) error

ResetSession prepares this packer for use.

type PayloadUnpacker 

type PayloadUnpacker struct {
	// contains filtered or unexported fields
}

PayloadUnpacker unpacks and decodes signed buffers IAW ski.SigHeader

func NewUnpacker 

func NewUnpacker(
	inMakeThreadsafe bool,
) PayloadUnpacker

NewUnpacker creates a new

func (*PayloadUnpacker) UnpackAndVerify 

func (U *PayloadUnpacker) UnpackAndVerify(
	inSignedBuf []byte,
	out *SignedPayload,
) error

UnpackAndVerify decodes the given buffer into its payload and signature components, and verifies the signature. This procedure assumes the signed buf was produced via Signer.SignAndPack() Note: the returned payload buffer is a slice of inSignedBuf.

type Session 

type Session interface {

	// Generates a new KeyEntry for each entry in srcTome (based on the entry's KeyType and CryptoKitID, ignoring the rest) and merges it
	//    with the host KeyTome. A copy of each newly generated entry (except for PrivKey) is placed into result KeyTome.
	// See "KeyGen mode" notes where KeyEntry is declared.
	GenerateKeys(srcTome *KeyTome) (*KeyTome, error)

	// Returns a info about a key for the referenced key
	// If len(inKeyRef.PubKey) == 0, then the newest KeyEntry in the implied Keyring is returned.
	FetchKeyInfo(inKeyRef *KeyRef) (*KeyInfo, error)

	// Performs signing, encryption, and decryption.
	DoCryptOp(inArgs *CryptOpArgs) (*CryptOpOut, error)

	// EndSession ends this SKI session, resulting in the host Provider to call its inOnSessionEnded() callback followed by inOnCompletion.
	// Following a call to EndSession(), no more references to this session should be made.
	EndSession(inReason string)
}

Session provides crypto services from an opaque service provider.

THREADSAFE

FUTURE: this will become a gRPC service.

type SessionTool 

type SessionTool struct {
	ctx.Logger

	UserID       string
	Session      Session
	CryptoKitID  CryptoKitID
	CommunityKey KeyRef
	P2PKey       KeyRef
}

SessionTool is a small set of util functions for creating a SKI session.

func NewSessionTool 

func NewSessionTool(
	inSession Session,
	inUserID string,
	inCommunityID []byte,
) (*SessionTool, error)

NewSessionTool creates a new tool for helping manage a SKI session.

func (*SessionTool) DoOp 

func (st *SessionTool) DoOp(inArgs CryptOpArgs) ([]byte, error)

DoOp performs the given op, blocking until completion

func (*SessionTool) EndSession 

func (st *SessionTool) EndSession(inReason string)

EndSession ends the current session

func (*SessionTool) GetLatestKey 

func (st *SessionTool) GetLatestKey(
	ioKeyRef *KeyRef,
	inAutoCreate KeyType,
) error

GetLatestKey updates the given KeyRef with the newest pub key on a given keyring (using ioKeyRef.KeyringName)

type SigHeader 

type SigHeader struct {
	// References a signing key -- who and what crypto kit signed the payload header.
	SignerCryptoKit CryptoKitID `` /* 130-byte string literal not displayed */
	SignerPubKey    []byte      `protobuf:"bytes,2,opt,name=signer_pub_key,json=signerPubKey,proto3" json:"signer_pub_key,omitempty"`
	// Specifies which hash kit to use to perform payload hashing
	HashKit HashKitID `protobuf:"varint,6,opt,name=hash_kit,json=hashKit,proto3,enum=ski.HashKitID" json:"hash_kit,omitempty"`
	// Size of the "header" payload (i.e. the payload that is also hashed and signed)
	HeaderSz uint32 `protobuf:"varint,7,opt,name=header_sz,json=headerSz,proto3" json:"header_sz,omitempty"`
	// This value specifies the encoding of the header and is a code conforming to https://github.com/plan-systems/multicodec
	HeaderCodec uint32 `protobuf:"varint,8,opt,name=header_codec,json=headerCodec,proto3" json:"header_codec,omitempty"`
	// Size of the "body" payload (i.e. the payload that is NOT hashed signed)
	BodySz               uint64   `protobuf:"varint,9,opt,name=body_sz,json=bodySz,proto3" json:"body_sz,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*SigHeader) Descriptor 

func (*SigHeader) Descriptor() ([]byte, []int)

func (*SigHeader) GetBodySz 

func (m *SigHeader) GetBodySz() uint64

func (*SigHeader) GetHashKit 

func (m *SigHeader) GetHashKit() HashKitID

func (*SigHeader) GetHeaderCodec 

func (m *SigHeader) GetHeaderCodec() uint32

func (*SigHeader) GetHeaderSz 

func (m *SigHeader) GetHeaderSz() uint32

func (*SigHeader) GetSignerCryptoKit 

func (m *SigHeader) GetSignerCryptoKit() CryptoKitID

func (*SigHeader) GetSignerPubKey 

func (m *SigHeader) GetSignerPubKey() []byte

func (*SigHeader) Marshal 

func (m *SigHeader) Marshal() (dAtA []byte, err error)

func (*SigHeader) MarshalTo 

func (m *SigHeader) MarshalTo(dAtA []byte) (int, error)

func (*SigHeader) ProtoMessage 

func (*SigHeader) ProtoMessage()

func (*SigHeader) Reset 

func (m *SigHeader) Reset()

func (*SigHeader) Size 

func (m *SigHeader) Size() (n int)

func (*SigHeader) String 

func (m *SigHeader) String() string

func (*SigHeader) Unmarshal 

func (m *SigHeader) Unmarshal(dAtA []byte) error

func (*SigHeader) XXX_DiscardUnknown 

func (m *SigHeader) XXX_DiscardUnknown()

func (*SigHeader) XXX_Marshal 

func (m *SigHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SigHeader) XXX_Merge 

func (m *SigHeader) XXX_Merge(src proto.Message)

func (*SigHeader) XXX_Size 

func (m *SigHeader) XXX_Size() int

func (*SigHeader) XXX_Unmarshal 

func (m *SigHeader) XXX_Unmarshal(b []byte) error

type SignedPayload 

type SignedPayload struct {
	HeaderCodec plan.Multicodec // Client-specified encoding
	Header      []byte          // Client payload (hashed into .HeaderSig)
	Body        []byte          // Client body (NOT hashed into sig)
	HashKit     HashKitID       // The ID of the hash kit that generated .Hash
	Hash        []byte          // A hash digest generated from .Header and .Body
	HashSig     []byte          // Signature of .Hash by .Signer
	Signer      KeyInfo         // The pub key that orginated .Sig
}

SignedPayload are the params associated with signing a payload buffer.

Source Files

View all Source files

Directories

Path Synopsis
CryptoKits
ed25519
Package ed25519 uses the Ed25519 to implement sig-related parts of ski.CryptoKit.
 Package ed25519 uses the Ed25519 to implement sig-related parts of ski.CryptoKit.
nacl
Package nacl uses (libSodium/NaCl) to implement ski.CryptoKit
 Package nacl uses (libSodium/NaCl) to implement ski.CryptoKit
Providers
hive
Package hive implements ski.Provider for keys stored on the local file system (via encrypted file)
 Package hive implements ski.Provider for keys stored on the local file system (via encrypted file)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.