keysharecore

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 9, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	JWTIssuerDefault    = "keyshare_server"
	JWTPinExpiryDefault = 5 * 60 // seconds
)

Variables

View Source
var (
	ErrInvalidPin       = errors.New("invalid pin")
	ErrPinTooLong       = errors.New("pin too long")
	ErrInvalidChallenge = errors.New("challenge out of bounds")
	ErrInvalidJWT       = errors.New("invalid jwt token")
	ErrKeyNotFound      = errors.New("public key not found")
	ErrUnknownCommit    = errors.New("unknown commit id")
)
View Source
var (
	ErrKeyshareSecretTooBig   = errors.New("Keyshare secret too big to store")
	ErrKeyshareSecretNegative = errors.New("Keyshare secret negative")
	ErrNoSuchKey              = errors.New("Key identifier unknown")
)

Functions

This section is empty.

Types

type AESKey

type AESKey [32]byte

func GenerateDecryptionKey

func GenerateDecryptionKey() (AESKey, error)

type Configuration

type Configuration struct {
	// Keys used for storage encryption/decryption
	DecryptionKey   AESKey
	DecryptionKeyID uint32

	// Key used to sign keyshare protocol messages
	JWTPrivateKey   *rsa.PrivateKey
	JWTPrivateKeyID uint32

	JWTIssuer    string
	JWTPinExpiry int // in seconds
}

type Core

type Core struct {
	// contains filtered or unexported fields
}

func NewKeyshareCore

func NewKeyshareCore(conf *Configuration) *Core

func (*Core) ChangePin

func (c *Core) ChangePin(secrets UserSecrets, oldpinRaw, newpinRaw string) (UserSecrets, error)

ChangePin changes the pin in an encrypted keyshare user secret to a new value, after validating that the old value is known by the caller.

func (*Core) DangerousAddDecryptionKey

func (c *Core) DangerousAddDecryptionKey(keyID uint32, key AESKey)

DangerousAddDecryptionKey adds an AES key for decryption, with identifier keyID. Calling this will cause all keyshare secrets generated with the key to be trusted.

func (*Core) DangerousAddTrustedPublicKey

func (c *Core) DangerousAddTrustedPublicKey(keyID irma.PublicKeyIdentifier, key *gabikeys.PublicKey)

DangerousAddTrustedPublicKey adds a public key as trusted by keysharecore. Calling this on incorrectly generated key material WILL compromise keyshare secrets!

func (*Core) GenerateCommitments

func (c *Core) GenerateCommitments(secrets UserSecrets, accessToken string, keyIDs []irma.PublicKeyIdentifier) ([]*gabi.ProofPCommitment, uint64, error)

GenerateCommitments generates keyshare commitments using the specified Idemix public key(s).

func (*Core) GenerateResponse

func (c *Core) GenerateResponse(secrets UserSecrets, accessToken string, commitID uint64, challenge *big.Int, keyID irma.PublicKeyIdentifier) (string, error)

GenerateResponse generates the response of a zero-knowledge proof of the keyshare secret, for a given previous commit and challenge.

func (*Core) NewUserSecrets

func (c *Core) NewUserSecrets(pinRaw string) (UserSecrets, error)

NewUserSecrets generates a new keyshare secret, secured with the given pin.

func (*Core) ValidateJWT

func (c *Core) ValidateJWT(secrets UserSecrets, jwt string) error

ValidateJWT checks whether the given JWT is currently valid as an access token for operations on the provided encrypted keyshare user secrets.

func (*Core) ValidatePin

func (c *Core) ValidatePin(secrets UserSecrets, pin string) (string, error)

ValidatePin checks pin for validity and generates JWT for future access.

type UserSecrets

type UserSecrets [64 + 64 + 32 + 12 + 16 + 4]byte

UserSecrets contains the encrypted data of a keyshare user. The size is that of unencryptedUserSecrets + 12 bytes for nonce + 16 bytes for tag + 4 bytes for key ID.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL